Re: Bug#811315: getdns: FTBFS[kfreebsd]: needs getentropy implementation

[Steven Chamberlain]

Hi Guillem,

Guillem Jover wrote:
> Steven Chamberlain wrote:
> > getdns FTBFS on kfreebsd because it lacks a getentropy implementation
> > for the FreeBSD kernel.  But there is one already in LibreSSL Portable
> > we can use, and works fine here.
> 
> BTW, libbsd has also a getentropy(3) implementation (lifted too from
> LibreSSL), which is currently not exposed but if people want to use it
> I could make it public, instead of embedding this in all sorts of
> places. The difference being that libbsd is already in Debian, while
> LibreSSL is not.
> 
>   

I'm really glad you asked about this.  The number of projects embedding
arc4random implementations, copied from OpenBSD or OpenSSH/LibreSSL
Portable has me worried.  I wanted to raise this with the security team,
I may follow up on debian-devel shortly.

I think the only use case for getentropy is arc4random, so perhaps don't
export getentropy(3), but lets try to standardise on one implementation
of arc4random (in libbsd?) and try to get more people using that?

It would be nice to have the kernel-specific parts (getentropy) confined
to libbsd, and that may become even more important if applications start
sandboxing (e.g. can't read /dev/urandom any more, have to use sysctls).
Or if getrandom(2) becomes standard, we'd only need to implement it in
one place (as a supplement / eventual replacement to getentropy(3)).

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


signature.asc
Description: Digital signature

Re: Bug#811315: getdns: FTBFS[kfreebsd]: needs getentropy implementation

[Guillem Jover]

Hi!

On Sun, 2016-01-17 at 21:42:03 +, Steven Chamberlain wrote:
> Package: getdns
> Version: 0.9.0-1
> Severity: normal
> Tags: patch

> getdns FTBFS on kfreebsd because it lacks a getentropy implementation
> for the FreeBSD kernel.  But there is one already in LibreSSL Portable
> we can use, and works fine here.

BTW, libbsd has also a getentropy(3) implementation (lifted too from
LibreSSL), which is currently not exposed but if people want to use it
I could make it public, instead of embedding this in all sorts of
places. The difference being that libbsd is already in Debian, while
LibreSSL is not.

  

Thanks,
Guillem

Re: Bug#811063: gcc-6: FTBFS on kfreebsd-amd64 and kfreebsd-i386

[Matthias Klose]

On 18.01.2016 13:34, Svante Signell wrote:

This file is for GNU/Hurd, the kFreeBSD file to patch is src/gcc/ada/s-osinte-
kfreebsd-gnu.ads.


my bad. now applied.

Re: Bug#811063: gcc-6: FTBFS on kfreebsd-amd64 and kfreebsd-i386

[Svante Signell]

Hi Matthias, et al.

On Mon, 2016-01-18 at 12:56 +0100, Matthias Klose wrote:
> clone 811063 -1
> reopen -1
> retitle -1 gcc-6: FTBFS on kfreebsd-amd64 and kfreebsd-i386
> thanks
> 
> Steven, please could you have a look at upstreaming the kfreebsd patches?
> 
> On 17.01.2016 21:42, Steven Chamberlain wrote:
> > Hi,
> > 
> > Svante Signell wrote:
> > > I think the same patch applies to the kfreebsd-* builds as well. Adding
> > > the
> > > kfreebsd usertag to this bug.
> > 
> > Thank you very much, Svante!  The attached inter-diff against
> > ada-kfreebsd.diff fixes this for kfreebsd also.
> 
> I fixed that directly in the ada-s-osinte-gnu.ads.diff patch. However still 
> ftbfs with:

This file is for GNU/Hurd, the kFreeBSD file to patch is src/gcc/ada/s-osinte-
kfreebsd-gnu.ads.

HTH

Bug#811277: marked as done (kfreebsd-10: CVE-2016-1879: SCTP ICMPv6 error message vulnerability [SA-16:01])

[Debian Bug Tracking System]

Your message dated Tue, 19 Jan 2016 01:34:20 +
with message-id 
and subject line Bug#811277: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u2
has caused the Debian Bug report #811277,
regarding kfreebsd-10: CVE-2016-1879: SCTP ICMPv6 error message vulnerability 
[SA-16:01]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream 
  
Control: found -1 10.1~svn274115-10

Specially crafted SCTP packets via IPv6 can trigger remote denial of
service in kfreebsd-10, even if SCTP sockets are not used.

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:01.sctp.asc

SCTP is disabled in wheezy's latest kfreebsd-9 package, otherwise it
would have been affected by this too.
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain  (supplier of updated kfreebsd-10 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di 
sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all

Bug#811278: marked as done (kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:03])

[Debian Bug Tracking System]

Your message dated Tue, 19 Jan 2016 01:34:20 +
with message-id 
and subject line Bug#811278: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u2
has caused the Debian Bug report #811278,
regarding kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex 
handling [SA-16:03]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811278
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream 
  
Control: found -1 10.1~svn274115-10

kfreebsd's Linux binary compatibility layer (linux.ko module) may be
vulnerable to local privilege escalation.  This module is typically not
used by Debian GNU/kFreeBSD unless the system administrator has enabled
it.

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:03.linux.asc

This affects kfreebsd-10, and also kfreebsd-9 in wheezy.
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain  (supplier of updated kfreebsd-10 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di 
sound-modules-10.1-0-486-di
 

Processing of kfreebsd-10_10.1~svn274115-4+kbsd8u2_multi.changes

[Debian FTP Masters]

kfreebsd-10_10.1~svn274115-4+kbsd8u2_multi.changes uploaded successfully to 
localhost
along with the files:
  kfreebsd-10_10.1~svn274115-4+kbsd8u2.dsc
  kfreebsd-10_10.1~svn274115-4+kbsd8u2.debian.tar.xz
  kfreebsd-source-10.1_10.1~svn274115-4+kbsd8u2_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

kfreebsd-10_10.1~svn274115-4+kbsd8u2_multi.changes ACCEPTED into stable-kfreebsd-proposed-updates

[Debian FTP Masters]

Mapping jessie-kfreebsd to stable-kfreebsd.
Mapping stable-kfreebsd to stable-kfreebsd-proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di 
sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-4+kbsd8u2
Distribution: jessie-kfreebsd
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers 
Changed-By: Steven Chamberlain 
Description:
 acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
 acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
 cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
 cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
 crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
 crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
 crypto-modules-10.1-0-486-di - crypto modules (udeb)
 crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
 ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
 ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
 fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
 fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
 floppy-modules-10.1-0-486-di - Floppy driver (udeb)
 floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
 i2c-modules-10.1-0-486-di - i2c support modules (udeb)
 i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
 ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
 ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
 isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
 isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
 kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer 
(udeb)
 kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer 
(udeb)
 kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 
(meta-package)
 kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel 
of FreeBSD 1
 kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-amd64 - 

Processing of kfreebsd-10_10.1~svn274115-4+kbsd8u2_multi.changes

[Debian FTP Masters]

kfreebsd-10_10.1~svn274115-4+kbsd8u2_multi.changes uploaded successfully to 
ftp-master.debian.org
along with the files:
  kfreebsd-10_10.1~svn274115-4+kbsd8u2.dsc
  kfreebsd-10_10.1~svn274115-4+kbsd8u2.debian.tar.xz
  kfreebsd-source-10.1_10.1~svn274115-4+kbsd8u2_all.deb

Greetings,

Your Debian queue daemon (running on host coccia.debian.org)

Bug#811280: marked as done (kfreebsd-10: CVE-2016-1882: TCP MD5 signature denial of service [SA-16:05])

[Debian Bug Tracking System]

Your message dated Tue, 19 Jan 2016 01:34:20 +
with message-id 
and subject line Bug#811280: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u2
has caused the Debian Bug report #811280,
regarding kfreebsd-10: CVE-2016-1882: TCP MD5 signature denial of service 
[SA-16:05]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811280: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811280
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream 
  
Control: found -1 10.1~svn274115-10

kfreebsd's TCP stack is vulnerable to local (and possibly remote under
extreme conditions) denial of service (kernel panic).

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc

This affects kfreebsd-10, and also kfreebsd-9 in wheezy.
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain  (supplier of updated kfreebsd-10 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di 
sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-4+kbsd8u2
Distribution: 

Bug#811282: marked as done (kfreebsd-10: Invalid TCP checksums with pf(4) [EN-16:02])

[Debian Bug Tracking System]

Your message dated Tue, 19 Jan 2016 01:34:20 +
with message-id 
and subject line Bug#811282: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u2
has caused the Debian Bug report #811282,
regarding kfreebsd-10: Invalid TCP checksums with pf(4) [EN-16:02]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811282: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811282
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: important
Tags: upstream  
 
Control: found -1 10.1~svn274115-10

kfreebsd's implementation of PF packet filter can generate wrong
TCP checksum on outgoing packets, when used with certain NICs,
likely causing connection problems or reduced performance:

https://www.freebsd.org/security/advisories/FreeBSD-EN-16:02.pf.asc

This affects kfreebsd-10, and kfreebsd-9 in wheezy.
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain  (supplier of updated kfreebsd-10 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di 
sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all
Version: 

Bug#811279: marked as done (kfreebsd-10: CVE-2016-1881: Linux compatibility layer setgroups(2) system call vulnerability [SA-16:04])

[Debian Bug Tracking System]

Your message dated Tue, 19 Jan 2016 01:34:20 +
with message-id 
and subject line Bug#811279: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u2
has caused the Debian Bug report #811279,
regarding kfreebsd-10: CVE-2016-1881: Linux compatibility layer setgroups(2) 
system call vulnerability [SA-16:04]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811279: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream 
  
Control: found -1 10.1~svn274115-10

kfreebsd's Linux binary compatibility layer (linux.ko module) may
vulnerable to local privilege escalation or denial of service (kernel
panic).  This module is typically not used by Debian GNU/kFreeBSD unless
the system administrator has enabled it.

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:04.linux.asc

This affects kfreebsd-10, and also kfreebsd-9 in wheezy.
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 811...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain  (supplier of updated kfreebsd-10 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jan 2016 02:35:16 +
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 
kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 
kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di 
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di 
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di 
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di 
scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di 
scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di 
floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di 
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di 
ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di 
reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di 
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di 
nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di 
parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di 
i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di 
crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di 
mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di 
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen 
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di 
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di 
serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di 
ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di 
scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di 
scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di 
floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di 
nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di 
isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di 
fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di 
nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di 
parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di 
sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di 
crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di 
mmc-core-modules-10.1-0-486-di