From owner-freebsd-announce@FreeBSD.ORG Fri Jun 28 06:03:07 2013 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id A3B721F0; Fri, 28 Jun 2013 06:03:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 94C2F1471; Fri, 28 Jun 2013 06:03:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r5S637C5025134; Fri, 28 Jun 2013 06:03:07 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r5S637jM025132; Fri, 28 Jun 2013 06:03:07 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 28 Jun 2013 06:03:07 GMT Message-Id: <201306280603.r5S637jM025132@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:01.fxp X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jun 2013 06:03:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-13:01.fxp Errata Notice The FreeBSD Project Topic: dhclient(8) utility issue on fxp(4) network interface Category: core Modules: sys_dev Announced: 2013-06-28 Credits: Michael L. Squires and YongHyeon PYUN Affects: FreeBSD 8.4 Corrected: 2013-06-10 07:31:50 UTC (head, 10.0-CURRENT) 2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE) 2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE) 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP) client, which is used for configuring network interfaces. The fxp(4) network interface driver supports Intel EtherExpress PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559, i82550, i82551, and i82562 chips. II. Problem Description When the dhclient(8) utility is used on an fxp(4) network interface, configuration of the interface could fail with the following warning messages displayed: fxp0: link state changed to UP fxp0: link state changed to DOWN The cause is that the fxp(4) network interface driver resets the controller chip twice upon initialization, and the dhclient(8) utility falsely recognizes the second reset as a link down and attempts reinitialize the interface. As a result, the dhclient(8) utility keeps trying to initialize the interface forever. III. Impact A machine which has an fxp(4) network interface does not work with the dhclient(8) utility. IV. Workaround There is no workaround. Note that this issue occurs only when the dhclient(8) utility is used with an fxp(4) interface. A static configuration by using the ifconfig(8) utility works. V. Solution Perform one of the following: 1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 8.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch # fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- head r251600 stable/9/ r251829 stable/8/ r251830 releng/8.4/ r252334 - ------------------------------------------------------------------------- VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey =mArf -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Fri Jun 28 06:03:17 2013 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8D0F81F3; Fri, 28 Jun 2013 06:03:17 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 6F7F31473; Fri, 28 Jun 2013 06:03:17 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r5S63H3a025168; Fri, 28 Jun 2013 06:03:17 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r5S63Hhq025166; Fri, 28 Jun 2013 06:03:17 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 28 Jun 2013 06:03:17 GMT Message-Id: <201306280603.r5S63Hhq025166@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:02.vtnet X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jun 2013 06:03:17 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-13:02.vtnet Errata Notice The FreeBSD Project Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later Category: core Modules: sys_dev Announced: 2013-06-28 Credits: Julian Stecklina and Bryan Venteicher Affects: FreeBSD 8.4 Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT) 2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE) 2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE) 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background VirtIO is a specification for para-virtualized I/O in a virtual machine. The vtnet(4) network interface driver supports VirtIO emulated Ethernet device. QEMU is a generic and open source machine emulator and virtualizer. It is included as a third-party package in FreeBSD Ports Collection (emulators/qemu). II. Problem Description The vtnet(4) network interface driver displays the following message upon configuration when using QEMU 1.4.0 or later: vtnet0: error setting host MAC filter table The interface works normally when the interface has one MAC address. However, if it has two or more MAC addresses configured, frames to those additional MAC addresses are not forwarded to the vtnet(4) interface. Thus, only the first MAC address works. III. Impact A vtnet(4) network interface with two or more MAC addresses configured on it cannot receive frames to the addresses except for the first one when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the first MAC address, the vtnet(4) interface works without problem even though the error message is displayed. The vtnet(4) driver is included in GENERIC kernel in FreeBSD 8.4-RELEASE. IV. Workaround The additional MAC addresses can work by setting the vtnet(4) network interface in promiscuous mode. The following command sets vtnet0 in promiscuous mode: # ifconfig vtnet0 promisc Note that this may lead to performance degradation. Or, the fixed version of the vtnet(4) driver can be installed as kernel module by using the Ports Collection (emulators/virtio-kmod). To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by removing all of the virtio(4) drivers before installing emulators/virtio-kmod. The following lines in kernel configuration file disable the drivers: nodevice virtio nodevice virtio_pci nodevice vtnet nodevice virtio_blk nodevice virtio_scsi nodevice virtio_balloon After recompilation and installing the new kernel and emulators/virtio-kmod, add the following lines to /boot/loader.conf. This enables the drivers by loading kernel modules which are installed by emulators/virtio-kmod at boot time. virtio_load="YES" virtio_pci_load="YES" virtio_blk_load="YES" if_vtnet_load="YES" virtio_balloon_load="YES" V. Solution Perform one of the following: 1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 8.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch # fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- head r251769 stable/9/ r252193 stable/8/ r252194 releng/8.4/ r252334 - ------------------------------------------------------------------------- VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw O3kAn0R36RIBdh45I+g/BPzjTimKMPza =8wlc -----END PGP SIGNATURE-----