From owner-freebsd-announce@FreeBSD.ORG Sun Feb 25 06:01:25 2007 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D566116A402 for ; Sun, 25 Feb 2007 06:01:25 +0000 (UTC) (envelope-from kensmith@cse.Buffalo.EDU) Received: from opus.cse.buffalo.edu (opus.cse.Buffalo.EDU [128.205.32.4]) by mx1.freebsd.org (Postfix) with ESMTP id 949E813C494 for ; Sun, 25 Feb 2007 06:01:25 +0000 (UTC) (envelope-from kensmith@cse.Buffalo.EDU) Received: from [127.0.0.1] (localhost.cse.buffalo.edu [127.0.0.1]) by opus.cse.buffalo.edu (8.13.8/8.12.4) with ESMTP id l1P5Rv8u011090 for ; Sun, 25 Feb 2007 00:27:57 -0500 (EST) From: Ken Smith To: freebsd-announce@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-poABwq5RX+Pijg27fJP7" Organization: U. Buffalo CSE Department Date: Sun, 25 Feb 2007 00:27:57 -0500 Message-Id: <1172381277.10159.43.camel@opus.cse.buffalo.edu> Mime-Version: 1.0 X-Mailer: Evolution 2.8.3 FreeBSD GNOME Team Port X-Mailman-Approved-At: Sun, 25 Feb 2007 12:26:46 +0000 Subject: [FreeBSD-Announce] Upcoming change in Daylight Savings Time X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2007 06:01:25 -0000 --=-poABwq5RX+Pijg27fJP7 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable This message, hopfully, summarizes all the questions people may have about the change affecting when Daylight Savings Time begins and ends for various time zones which takes effect this year. NOTE: Before you decide this message does not effect you please bear in mind that the most critical file involved in all of this is /etc/localtime. That is the zoneinfo file your system will be using to convert the native system time to the format appropriate for your local time zone. Typically that file gets installed at the point you initially install your system and then never changed unless you change it manually (typically using tzsetup(8)). So if you have an older system that you have been updating using the normal mechanism of cvsup-ing to update /usr/src and then rebuilding the system from that you will still have the /etc/localtime file that was put in place during the initial install of the machine, not an updated one. If you are in a time zone that is effected by the new Daylight Savings Time rules and you did not do an initial install from a release that had the correct zoneinfo files in it you should probably re-run tzsetup(8) to update /etc/localtime. Of the branches that are currently being supported by the Security Team RELENG_6_2 and RELENG_5_5 both have the correct zoneinfo files so they are not effected. RELENG_6_1 has the correct zoneinfo files for time zones in the United States but incorrect zoneinfo files for some of the other countries effected (e.g. Canada). An Errata Notice to update the zoneinfo files in RELENG_6_1 will be coming shortly. The HEAD, RELENG_6, and RELENG_5 development branches all have the correct zoneinfo files. If you are running a system that is not among the supported branches you can still update your zoneinfo files by installing the misc/zoneinfo port, and then running tzsetup(8). This works just fine on, for example, FreeBSD 4.11 systems. Since it is such a frequently asked question... Using an NTP server will NOT automatically handle the change in Daylight Savings Time rules for you. You still need to worry about getting the zoneinfo files (in particular /etc/localtime) updated. NTP servers provide the exact same value (based on UTC) no matter what time zone they're in, and the FreeBSD kernel stores time internally based on UTC. The zoneinfo files get used to convert that internal format to what is appropriate for your local time zone. Incorrect (outdated) zoneinfo files will result in that conversion done incorrectly. --=20 Ken Smith - From there to here, from here to | kensmith@cse.buffalo.edu there, funny things are everywhere. | - Theodore Geisel | --=-poABwq5RX+Pijg27fJP7 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBF4R5d/G14VSmup/YRApAeAJ9uQv+tucvZVYllkYaOghYDbbW14QCePIqO Ys1/7YT2XdB59W8DcEybxSg= =Hrg2 -----END PGP SIGNATURE----- --=-poABwq5RX+Pijg27fJP7-- From owner-freebsd-announce@FreeBSD.ORG Wed Feb 28 18:49:25 2007 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D151D16A400; Wed, 28 Feb 2007 18:49:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id C091813C481; Wed, 28 Feb 2007 18:49:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1SInPr3038240; Wed, 28 Feb 2007 18:49:25 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1SInPcZ038238; Wed, 28 Feb 2007 18:49:25 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 28 Feb 2007 18:49:25 GMT Message-Id: <200702281849.l1SInPcZ038238@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-07:02.net X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 18:49:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-07:02.net Errata Notice The FreeBSD Project Topic: IPv6 over Point-to-Point gif(4) tunnels Category: core Module: sys_netinet6 Announced: 2007-02-28 Credits: Bruce A. Mah Affects: FreeBSD 6.2-RELEASE Corrected: 2007-02-08 22:52:56 UTC (RELENG_6, 6.2-STABLE) 2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The FreeBSD kernel provides basic networking services, including (among other protocols) the IPv6 network protocol stack. The gif(4) tunnel driver provides a generic tunnelling interface, which is commonly used to carry IPv6 packets across an IPv4 internetwork. II. Problem Description FreeBSD 6.2-RELEASE contains a regression in the behavior of IPv6 over gif(4) tunnels configured as point-to-point interfaces (in other words, gif(4) interfaces with an explicitly-configured destination address and a 128-bit prefix length). When such an interface is configured, a route to the destination address must be added implicitly by the kernel to allow packets to traverse the tunnel properly. FreeBSD 6.2-RELEASE does not do this. III. Impact In some cases, it may be impossible for a host to send IPv6 traffic over a gif(4) tunnel interface due to the lack of an appropriate routing table entry. IV. Workaround One workaround is to add a route to the destination address explicitly using the route(8) command, as in the following example: # route add -host -inet6 ADDRESS -interface GIF -nostatic -llinfo In the command line above, ADDRESS and GIF should be replaced by the destination IPv6 address and the interface name of the gif(4) tunnel, respectively. In some cases, the host route to the destination may be added implicitly as a side-effect of receiving inbound packets over the tunnel. V. Solution Perform one of the following: 1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch # fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ---------------------------------------------------------------------------- RELENG_6_2 src/UPDATING 1.416.2.29.2.5 src/sys/conf/newvers.sh 1.69.2.13.2.5 src/sys/netinet6/nd6.c 1.48.2.15.2.1 - ---------------------------------------------------------------------------- The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-07:02.net.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF5ct4FdaIBMps37IRAjN0AJ9llRTF/ccXBJDRqJeFDocSkIF5lQCdF2ww y+4KLUVBRVLLQz0AJuKygfc= =x04b -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Feb 28 18:49:31 2007 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C194416A402; Wed, 28 Feb 2007 18:49:31 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B04FC13C4A7; Wed, 28 Feb 2007 18:49:31 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1SInV1t038255; Wed, 28 Feb 2007 18:49:31 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1SInVOa038253; Wed, 28 Feb 2007 18:49:31 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 28 Feb 2007 18:49:31 GMT Message-Id: <200702281849.l1SInVOa038253@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-07:03.rc.d_jail X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 18:49:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-07:03.rc.d_jail Errata Notice The FreeBSD Project Topic: rc.d jail script interface IP alias removal Category: core Module: etc_rc.d Announced: 2007-02-28 Credits: Philipp Wuensche Affects: FreeBSD 6.2-RELEASE. Corrected: 2007-01-02 11:14:07 UTC (RELENG_6, 6.2-STABLE) 2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. The jail_interface rc.conf(5) variable can be used to automatically add and remove an IP address on a specific network interface when a jail starts and stops. II. Problem Description A cleanup of the rc.d jail script did not rename the variables used by the jail_interface feature when removing the IP address in the case where the jail startup fails. This may result in ifconfig(8) being run with incorrect arguments. III. Impact Since the wrong variable is used, in some cases, ifconfig(8) will remove an arbitrary IP address instead of the IP address of the jail if startup of a jail fails. It may be possible for a user with root access in a jail to provoke this situation by intentionally making jail startup fail. IV. Workaround Do not use the jail_interface feature; instead, manually configure IP addresses for the jails. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch # fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/etc/rc.d/jail 1.23.2.8 RELENG_6_2 src/UPDATING 1.416.2.29.2.5 src/sys/conf/newvers.sh 1.69.2.13.2.5 src/etc/rc.d/jail 1.23.2.7.2.2 - ------------------------------------------------------------------------- The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-07:03.rc.d_jail.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF5ct8FdaIBMps37IRAu3qAKCHNEFb/kqTVyFSllHyG6YOg+qccACfbmfI CiEeWDDU73GVG+T15VeGH2Q= =EQyo -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Feb 28 18:49:37 2007 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9A77D16A401; Wed, 28 Feb 2007 18:49:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 7D1F713C428; Wed, 28 Feb 2007 18:49:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1SInbuk038270; Wed, 28 Feb 2007 18:49:37 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1SInbLC038268; Wed, 28 Feb 2007 18:49:37 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 28 Feb 2007 18:49:37 GMT Message-Id: <200702281849.l1SInbLC038268@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-07:04.zoneinfo X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 18:49:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-07:04.zoneinfo Errata Notice The FreeBSD Project Topic: Zoneinfo file update Category: core Module: share_zoneinfo Announced: 2007-02-28 Affects: FreeBSD 6.1-RELEASE Corrected: 2007-02-28 18:23:09 UTC (RELENG_6_1, 6.1-RELEASE-p15) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The tzsetup(8) program allows the user to specify the default local timezone. Based on the user's choice, tzsetup(8) copies one of the files from /usr/share/zoneinfo to /etc/localtime. This file actually controls the conversion. II. Problem Description In 2005 several governments, among them the United States of America and Canada, decided to change when Daylight Savings Time begins and ends. The change takes effect in 2007. Because of that change the data in the zoneinfo files needs to be updated, and if the computer's local time zone is affected tzsetup(8) needs to be run so /etc/localtime gets updated. FreeBSD 6.1-RELEASE shipped with the correct zoneinfo files for the United States time zones affected by the change made in 2005, but the zoneinfo files for several other countries (e.g. Canada) do not contain current information. III. Impact If the /usr/share/zoneinfo files as well as /etc/localtime are not updated on a computer that has its time zone set to one of the regions affected by the change made in 2005 it will display the wrong time between March 15th and April 1st, then again between October 28th and November 4th. All things on that computer that rely on the system time (e.g. cron jobs, timestamps entered in log files, etc) will be affected. IV. Workaround At least in theory the system time could be manually adjusted by an hour on the affected dates. However the system will still incorrectly say whether or not Daylight Savings Time is in effect (e.g. it will still say the time is "EST" instead of "EDT" for the Eastern US). Doing this is NOT recommended because the kernel stores timestamp information in the filesystem and other places using its internal representation of time (based on UTC). Since the following is such a frequently asked question we will mention the answer here. Using an NTP server as the source of your system's time will NOT automatically take care of the change in Daylight Savings Time. This patch should still be applied if you are in a region that is affected. V. Solution Following the instructions in this Errata Notice will update all of the zoneinfo files to be the same as what was released with FreeBSD 6.2-RELEASE. Perform one of the following: 1) Upgrade your affected system to 6-STABLE or to the RELENG_6_1 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch # fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/share/misc # make obj && make depend && make && make install # cd /usr/src/share/zoneinfo # make obj && make depend && make && make install # tzsetup VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6_1 src/UPDATING 1.416.2.22.2.17 src/sys/conf/newvers.sh 1.69.2.11.2.17 src/share/misc/iso3166 1.13.12.1 src/share/zoneinfo/Makefile 1.20.6.1 src/share/zoneinfo/africa 1.14.14.2.2.1 src/share/zoneinfo/antarctica 1.1.2.10.12.2.2.1 src/share/zoneinfo/asia 1.25.2.2.2.1 src/share/zoneinfo/australasia 1.25.10.2.2.1 src/share/zoneinfo/backward 1.1.2.11.2.2.2.1 src/share/zoneinfo/etcetera 1.1.2.5.14.1.2.1 src/share/zoneinfo/europe 1.29.2.2.2.1 src/share/zoneinfo/factory 1.5.38.1 src/share/zoneinfo/leapseconds 1.13.2.1.2.1 src/share/zoneinfo/northamerica 1.25.2.2.2.1 src/share/zoneinfo/southamerica 1.24.2.2.2.1 src/share/zoneinfo/systemv 1.1.2.2.14.1.2.1 src/share/zoneinfo/yearistype.sh 1.1.2.5.14.1.2.1 src/share/zoneinfo/zone.tab 1.17.2.1.2.1 - ------------------------------------------------------------------------- The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-07:04.zoneinfo.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF5ct/FdaIBMps37IRAiXgAJ4ldnfI9FL27J9n4/nHM9D0K1Qf6gCghXiL 9VMtdP/Us5QtJ7n4psLVIlg= =AiEF -----END PGP SIGNATURE-----