From owner-freebsd-announce@FreeBSD.ORG Wed Feb 25 01:22:29 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C872316A4CE; Wed, 25 Feb 2004 01:22:29 -0800 (PST) Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id A156543D2D; Wed, 25 Feb 2004 01:22:29 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (0b4111465298e71b5d77b9594b2d7c0b@adsl-67-119-53-203.dsl.lsan03.pacbell.net [67.119.53.203])i1P9LVQ0025590; Wed, 25 Feb 2004 01:21:31 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 7224F66CAF; Wed, 25 Feb 2004 01:21:30 -0800 (PST) Date: Wed, 25 Feb 2004 01:21:30 -0800 From: Kris Kennaway To: announce@FreeBSD.org Message-ID: <20040225092130.GA69123@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Mailman-Approved-At: Wed, 25 Feb 2004 01:27:00 -0800 Subject: [FreeBSD-Announce] Ports scheduled for removal in March and April X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 09:22:30 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Dear FreeBSD users, The following ports are scheduled for removal in March and April 2004 if they are still broken at that time and no PRs have been submitted to fix them. If you are interested in saving these ports, please send your patches to the maintainer. If the maintainer is unresponsive or the maintainer is listed as ports@FreeBSD.org, then please submit your fixes via send-pr. If you have already submitted a PR containing a fix, please ignore this message as it will be taken care of shortly. As usual, the build error logs can be obtained from http://bento.freebsd.org Kris "Annoying reminder guy II" Kennaway #-*- mode: makefile; tab-width: 30; -*- # ex:ts=30 # databases/mysqlcc ferruccio.vitale@tin.it 2004-04-22 databases/postgresql-plruby knu@FreeBSD.org 2004-04-15 databases/ruby-search-namazu knu@FreeBSD.org 2004-04-21 devel/glg lo_gafet@users.sourceforge.net 2004-04-09 devel/imake ports@FreeBSD.org 2004-03-09 devel/py-orbit wjv@FreeBSD.org 2004-04-09 devel/qt-designer ports@FreeBSD.org 2004-04-21 devel/veepee ports@FreeBSD.org 2004-04-09 emulators/linux-ePSXe jylefort@brutele.be 2004-04-16 graphics/cybervrml97 ports@FreeBSD.org 2004-04-09 irc/dancer-services knu@FreeBSD.org 2004-04-21 japanese/vfxdvi300 mita@FreeBSD.org 2004-04-09 java/kaffe-devel xaa+ports@timewasters.nl 2004-04-21 lang/stackless_python perky@FreeBSD.org 2004-04-07 mail/gmail ports@FreeBSD.org 2004-04-21 mail/smunge midom@dammit.lt 2004-04-18 misc/libh anarcat@anarcat.ath.cx 2004-04-22 multimedia/netshow dburr@FreeBSD.org 2004-04-16 net/amsn yinjieh@csie.nctu.edu.tw 2004-04-21 net/eudc-emacs20 ports@FreeBSD.org 2004-04-18 net/gale peterh@sapros.com 2004-04-07 net/ginsu jason-fbsd-ports-ginsu@shalott.net 2004-04-19 net/hawk DougB@FreeBSD.org 2004-04-15 net/netsaint-plugins ports@FreeBSD.org 2004-03-20 net/nicotine ports@FreeBSD.org 2004-04-17 net/openldap20-server ports@FreeBSD.org 2004-05-01 net/openldap12 lodea@vet.com.au 2004-04-18 net/openreg seanc@FreeBSD.org 2004-04-21 net/papaya adam-ports@blacktabby.org 2004-04-17 net/py-ldap1 ports@FreeBSD.org 2004-04-18 net/ruby-jabber4r knu@FreeBSD.org 2004-04-15 print/lyx ports@FreeBSD.org 2004-04-16 security/inflex jus@security.za.net 2004-04-09 www/Mosaic ports@FreeBSD.org 2004-04-09 www/flashplugin-mozilla llwang@infor.org 2004-04-22 www/flashpluginwrapper nork@FreeBSD.org 2004-03-09 www/scoop patrick@ginx.com 2004-04-16 www/web500gw ports@FreeBSD.org 2004-04-18 x11-servers/XttXF86srv-common taguchi@tohoku.iij.ad.jp 2004-04-09 --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPGkaWry0BWjoQKURAtcbAKDi6KFFIQhV3o/usjih04k2A3GUSgCgqpDb qPqRN4OAHiSzmsrKcWU2+IY= =j9yn -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- From owner-freebsd-announce@FreeBSD.ORG Wed Feb 25 19:34:33 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED1F616A4CE for ; Wed, 25 Feb 2004 19:34:33 -0800 (PST) Received: from smtp.mho.com (smtp.mho.net [64.58.4.5]) by mx1.FreeBSD.org (Postfix) with SMTP id C28E543D1F for ; Wed, 25 Feb 2004 19:34:33 -0800 (PST) (envelope-from scottl@freebsd.org) Received: (qmail 90340 invoked by uid 1002); 26 Feb 2004 03:34:33 -0000 Received: from unknown (HELO freebsd.org) (64.58.1.252) by smtp.mho.net with SMTP; 26 Feb 2004 03:34:33 -0000 Message-ID: <403D6893.9020808@freebsd.org> Date: Wed, 25 Feb 2004 20:31:31 -0700 From: Scott Long User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031103 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-announce@freebsd.org Content-Type: text/plain; name="5.2.1-announce.txt.asc" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="5.2.1-announce.txt.asc" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: [FreeBSD-Announce] FreeBSD 5.2.1 Released! X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 03:34:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is once again my great privilege and pleasure to announce the availability of FreeBSD 5.2.1-RELEASE. This is a 'point release' and is indended to address several bugs and vulnerabilities discovered in the FreeBSD 5.2 release. These include: - Significantly improved ATA/IDE and SATA handling. Problems with timeouts, error recovery, and certain master/slave configurations have been largely addressed. - The kdeadmin3 package has been updated to fix the password database corruption issue found with the KUser tool. - Third-party NSS modules can now support groups with many users. - Mutlicast and promiscuous modes have been fixed in the 'sk' ethernet driver, allowing it to operate in a DHCP environment. - Latest updates to the XFree86 4.3 server to protect against several published security vulnerabilities. FreeBSD 5.2.1 also contains a number of other significant stability and security improvements over FreeBSD 5.2. However, it is still considered a 'New Technology' release and might not be suitable for all users. Those with more conservative needs may prefer to continue using FreeBSD 4.X. Information on the various trade-offs involved, as well as some notes on future plans for both FreeBSD 4.X and 5.X, can be found in the Early Adopter's Guide, available here: http://www.FreeBSD.org/releases/5.2.1R/early-adopter.html For a complete list of new features and known problems, please see the release notes and errata list, available here: http://www.FreeBSD.org/releases/5.2.1R/relnotes.html http://www.FreeBSD.org/releases/5.2.1R/errata.html For more information about FreeBSD release engineering activities, please see: http://www.FreeBSD.org/releng/ Availability - ------------- FreeBSD 5.2.1-RELEASE supports the i386, pc98, alpha, sparc64, amd64, and ia64 architectures and can be installed directly over the net using bootable media or copied to a local NFS/FTP server. Distributions for all architectures are available now. Please continue to support the FreeBSD Project by purchasing media from one of our supporting vendors. The following companies will be offering FreeBSD 5.2.1 based products: FreeBSD Mall, Inc. http://www.freebsdmall.com/ Daemonnews, Inc. http://www.bsdmall.com/freebsd1.html If you can't afford FreeBSD on media, are impatient, or just want to use it for evangelism purposes, then by all means download the ISO images. We can't promise that all the mirror sites will carry the larger ISO images, but they will at least be available from the following sites. MD5 checksums for the release images are included at the bottom of this message. ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.FreeBSD.org/pub/FreeBSD/ ftp://ftp4.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.FreeBSD.org/pub/FreeBSD/ ftp://ftp7.FreeBSD.org/pub/FreeBSD/ ftp://ftp14.FreeBSD.org/pub/FreeBSD/ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.de.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.de.FreeBSD.org/pub/FreeBSD/ ftp://ftp7.de.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.jp.freebsd.org/pub/FreeBSD/ ftp://ftp6.tw.freebsd.org/pub/FreeBSD/ ftp://ftp1.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp7.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp4.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp11.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp14.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp15.us.FreeBSD.org/pub/FreeBSD/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Austria, Brazil, Bulgaria, Canada, China, Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Japan, Korea, Lithuania, Amylonia, the Netherlands, New Zealand, Poland, Portugal, Romania, Russia, Saudi Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden, Taiwan, Thailand, Ukraine, and the United Kingdom. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html Acknowledgments - ---------------- Many companies donated equipment, network access, or man-hours to finance the release engineering activities for FreeBSD 5.2 including The FreeBSD Mall, Compaq, Yahoo!, Sentex Communications, and NTT/Verio. The release engineering team for 5.2-RELEASE includes: Scott Long Release Engineering, I386 and Alpha Release Building Bruce A. Mah Release Engineering, Documentation Robert Watson Release Engineering, Security John Baldwin Release Engineering Murray Stokely Release Engineering Ken Smith Sparc64 Release Building, Mirror Site Coordination Marcel Moolenaar IA64 Release Building David O'Brien AMD64 Release Building Takahashi Yoshihiro PC98 Release Building Kris Kennaway Package Building Joe Marcus Clarke (marcus@FreeBSD.org> Package Building Jacques A. Vidrine Security Officer CD Image Checksums - ------------------ MD5 (5.2.1-RELEASE-alpha-bootonly.iso) = 44136b68eb96d0b0776fcbca3648b020 MD5 (5.2.1-RELEASE-alpha-disc1.iso) = ff5a9ebff52dba2db2e5afdfc996cfe4 MD5 (5.2.1-RELEASE-alpha-disc2.iso) = bace8bceb3186b5bdeccccdc1c2b26cb MD5 (5.2.1-RELEASE-alpha-miniinst.iso) = 2a30597f5306a539963e826f1f29fb91 MD5 (5.2.1-RELEASE-amd64-bootonly.iso) = 60a590202b07b264d33e30a40f745ba6 MD5 (5.2.1-RELEASE-amd64-disc1.iso) = 7fdc18683561f58df0a2bc6327a6552b MD5 (5.2.1-RELEASE-amd64-disc2.iso) = fce7b8a76e85772c9d572b84ba1107af MD5 (5.2.1-RELEASE-amd64-miniinst.iso) = ff4d14fffaa8c4864e167f7df57189ee MD5 (5.2.1-RELEASE-i386-bootonly.iso) = 5035853dd92a0807645dc1674a2ee028 MD5 (5.2.1-RELEASE-i386-disc1.iso) = 9a1c764680504f5b7d2fb8c2d07de8e0 MD5 (5.2.1-RELEASE-i386-disc2.iso) = 86b96a834fdda87f7436373c53ff3662 MD5 (5.2.1-RELEASE-i386-miniinst.iso) = 6f035aef6598c0307cf53a896ccfa12f MD5 (5.2.1-RELEASE-ia64-bootonly.iso) = dcdb3bc8fc5ae29fa7deeb836debc0a7 MD5 (5.2.1-RELEASE-ia64-disc2.iso) = 59349f53622559263f77a6d599ebb74e MD5 (5.2.1-RELEASE-ia64-miniinst.iso) = 80148ffa7420828e28ce53ccfe3f1b8b MD5 (5.2.1-RELEASE-pc98-disc2.iso) = 06243edad4243fbdfa45f34965c13e5d MD5 (5.2.1-RELEASE-pc98-miniinst.iso) = 513c50b09da1cf1d8afda8df3599e754 MD5 (5.2.1-RELEASE-sparc64-bootonly.iso) = e9b3e29c6c78aeb5f9176f8c04b9de93 MD5 (5.2.1-RELEASE-sparc64-disc1.iso) = f9d463ccd832a3157603c68ddb9126ae MD5 (5.2.1-RELEASE-sparc64-disc2.iso) = 8a2c544ce9d9a6c632c8a5120ee99bc7 MD5 (5.2.1-RELEASE-sparc64-miniinst.iso) = 069784739bd4c2244077f8423d97fda6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAPWfnHTr20QF8Xr8RAoNTAJ48gzklAh37vlGkofc3hxxE5RmY6wCcDgyO nr0x0I1YFGs+0UANNDeSdro= =BaPi -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jan 14 12:10:26 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DB4A16A4CE for ; Wed, 14 Jan 2004 12:10:26 -0800 (PST) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC41E43D39 for ; Wed, 14 Jan 2004 12:10:23 -0800 (PST) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id D002E3D32 for ; Wed, 14 Jan 2004 15:10:22 -0500 (EST) From: "Dan Langille" To: freebsd-announce@freebsd.org MIME-Version: 1.0 Message-ID: <40055BCC.22092.1B359B5@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Mailman-Approved-At: Wed, 25 Feb 2004 23:45:39 -0800 Subject: [FreeBSD-Announce] BSDCan 2004 announcement X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 14 Jan 2004 20:10:26 -0000 X-Original-Date: Wed, 14 Jan 2004 15:10:04 -0500 X-List-Received-Date: Wed, 14 Jan 2004 20:10:26 -0000 BSDCan is pleased to announce the first Canadian BSD conference. It will be held May 13-16, 2004 in Ottawa, Canada. BSDCan would like to invite everyone interested in BSD to submit papers. For details, please see http://www.bsdcan.org/papers.php. We plan to keep costs to a minimum. As such, the conference will be held at University of Ottawa and accommodation is available within the University residences. Hotels are also within close walking distance of the conference venue. The conference venue is within walking distance of the Byward Market, a great section of town for bars and pubs. This will be a popular meeting area for the BOFs. Attendees should find Ottawa cheaper than most other conference venues with many things to do and see away from the conference. -- Dan Langille : http://www.langille.org/ From owner-freebsd-announce@FreeBSD.ORG Fri Feb 27 10:32:01 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 795BC16A9F7; Fri, 27 Feb 2004 10:32:01 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E7E643D31; Fri, 27 Feb 2004 10:32:01 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) i1RIW1bv024451; Fri, 27 Feb 2004 10:32:01 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1RIW1NF024450; Fri, 27 Feb 2004 10:32:01 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 27 Feb 2004 10:32:01 -0800 (PST) Message-Id: <200402271832.i1RIW1NF024450@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:03.jail X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 18:32:01 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:03.jail Security Advisory The FreeBSD Project Topic: Jailed processes can attach to other jails Category: core Module: kernel Announced: 2004-02-25 Credits: JAS Group (http://www.cs.mu.oz.au/jas/) Affects: FreeBSD 5.1-RELEASE FreeBSD 5.2-RELEASE Corrected: 2004-02-19 23:26:39 UTC (RELENG_5_2, 5.2.1-RC2) 2004-02-25 20:03:35 UTC (RELENG_5_1, 5.1-RELEASE-p14) CVE Name: CAN-2004-0126 FreeBSD only: YES For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The jail(2) system call allows a system administrator to lock up a process and all its descendants inside a closed environment with very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more stringent than, the traditional Unix chroot(2) system call. The jail_attach(2) system call, which was introduced in FreeBSD 5 before 5.1-RELEASE, allows a non-jailed process to permanently move into an existing jail. II. Problem Description A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory. III. Impact A process with superuser privileges inside a jail could change its root directory to that of a different jail, and thus gain full read and write access to files and directories within the target jail. IV. Workaround No workaround is available. V. Solution Do one of the following: 1) Upgrade your vulnerable system to 5.2.1-RELEASE, or to the RELENG_5_2 or RELENG_5_1 security branch dated after the correction date. OR 2) Patch your present system: The following patch has been verified to apply to FreeBSD 5.1 and 5.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5_2 src/sys/kern/kern_jail.c 1.34.2.1 RELENG_5_1 src/UPDATING 1.251.2.16 src/sys/conf/newvers.sh 1.50.2.16 src/sys/kern/kern_jail.c 1.33.2.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAP4xVFdaIBMps37IRArw1AJ9jNZIsJHYlKt+NEsOgp5cti/Cs+gCdFa0j 3cvPHMce6awUESculjC3Z/I= =LQo0 -----END PGP SIGNATURE-----