Re: Bug#776346: libpcap: build udeb for use in debian-installer
Hi Romain, On Mon, Sep 7, 2015 at 6:52 AM, Romain Francoise wrote: > libpcap is special because it's very close to the kernel; once it gets > used in the d-i environment the burden of keeping it working there will > fall on me. It's fortunate that the udeb design is so simple then. Each effectively mirrors its equivalent deb package, so in almost all imaginable cases a bug in one will be present in the other, so d-i specific bugs have been surprisingly uncommon, although yes not totally unheard of. > In the past I've had very little help from the porters with > kfreebsd issues (like #750836, #626232) It is unfortunate that #750836 took 3 months, and didn't seem to get the respect that you thought it deserved. If I had to interpret that situation, it looks like there was an unintentional communication breakdown. Since the workaround in libpcap was implemented so quickly it appeared on the kfreebsd side that it was no longer a significant a problem, so it wasn't given the severity you thought it deserved. It looks like #626232 was fixed so rapidly (less than half a day) that the porters didn't even have enough time to be needed. It also looks like Jakub Wilk solved that one, so it looks like you aren't totally without help and interest from other developers. So in conclusion, at least for these specific bugs, help did come along, but not urgently enough to satisfy your expectations. > So yes, in itself adding the udeb is trivial. But I'm not sure I want a > udeb in the first place. > > Let me also state that NMUing a package without warning for a wishlist > bug, even to DELAYED, is considered rude in my book. Fortunately devref quite clearly disagrees with that sentiment [0],[1]. The NMU is now cancelled; a social stalemate. I would like to try to find an amicable way to get the change included. Do you have any suggestions that could make it more palatable from your perspective? Specifically can anything be improved based on technical merit, and what social changes do you need? Best wishes, Mike [0]https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#kind-to-porters [1]https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#nmu-maintainer
Re: Bug#776346: libpcap: build udeb for use in debian-installer
On Sun, Sep 6, 2015 at 3:01 PM, Romain Francoise wrote: > On Sun, Sep 06, 2015 at 09:04:58AM +0200, Michael Gilbert wrote: >> I've uploaded an nmu to delayed/10 applying these changes. See >> attached patch. Please let me know if I should delay longer. > > Please cancel this NMU. Building a udeb is a change that has non-trivial > consequences Building the udeb package itself is effectively trivial, so the possibility for non-trivial consequences seems somewhat unlikely. Is your concern about debian-boot's ability to block-udeb when preparing d-i updates, which could affect libpcap transitions? > I don't know yet if I want to commit to doing that in > libpcap, especially if the only upside of doing so is for the sake of > WPA support in kfreebsd. The current requirement for non-wpa initial setup in kfreebsd's d-i is a burden, so it would be quite nice to solve that. Thanks for the feedback! Best wishes, Mike
Bug#788173: rescue-mode: kfreebsd rescue fails with can't create /dev/md
package: rescue-mode version: 1.51 severity: important x-debbugs-cc: debian-bsd@lists.debian.org Adding the line set kFreeBSD.rescue/enable=true in a grub entry and booting the kfreebsd installer fails when executing rescue-mode. The error is: mkdir: can't create directory '/dev/md': Operation not supported /dev is mounted rw and also doing mkdir manually fails the same. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mngrvovmzq0vet+4o9u--o8iteriqhllcvxar9cz5j...@mail.gmail.com
Bug#788174: kfreebsd-10: installer rescue mode grub entry
package: src:kfreebsd-10 version: 10.1~svn274115-4 severity: wishlist It would be nice if the kfreebsd installer were to include a rescue mode grub boot option. In the meantime manually adding set kFreeBSD.rescue/enable=true according to the kfreebsd FAQ is possible: https://wiki.debian.org/Debian_GNU/kFreeBSD_FAQ#Q._How_to_use_the_rescue_mode_of_the_installer Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mpjyqxo88yvo8zrf9xrkhxfuvpxbwx88b2bgbixntp...@mail.gmail.com
Bug#787287: util-linux: fails to build on kfreebsd
package: src:util-linux version: 2.26.2-1 severity: important x-debbugs-cc: debian-bsd@lists.debian.org The recent util-linux uploads fail to build on kfreebsd archs: https://buildd.debian.org/status/logs.php?pkg=util-linuxarch=kfreebsd-amd64 This is having a ripple effect on a lot of reverse dependencies. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=MOS0Us3XAKpjztYtiXvnkgrvSdY6tzV0D=fatsf+eq...@mail.gmail.com
Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue
package: src:kfreebsd-10 severity: important tags: security Hi, the following vulnerability was published for kfreebsd-10. CVE-2014-7250[0]: | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly | 2.0, and OpenBSD possibly 3.6, does not properly implement the session | timer, which allows remote attackers to cause a denial of service | (resource consumption) via crafted packets. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-7250 Note that the versions mentioned in the advisory are really old (freebsd 5.4), but unfortunately there aren't enough details yet to actually check. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mnjfvdzt+xyxwt2ip4fk4tawnhpft0nmddorownfje...@mail.gmail.com
Bug#684072: CVE-2011-2393
control: reopen -1 This was closed with the removal of src:freebsd-9, but there hasn't been any actual upstream activity and no real details to be found anywhere, so it is still likely unfixed in kfreebsd-10. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mpbeuhofzmsn4+n6yg3i5qpk-4ryiznz8yyhr_w3ae...@mail.gmail.com
Bug#776332: kfreebsd-10: installer fails for 128 MB install
package: src:kfreebsd-10 version: 10.1~svn274115-1 severity: important The kfreebsd-amd64 installer currently fails for low memory systems. $ kvm -m 128 -cdrom debian-jessie-DI-rc1-kfreebsd-amd64-netinst.iso jessie.img [...] pid 32 (devd), uid 0, was killed: out of swap Killed Something wicked happened. Press enter for a rescue shell. $ kvm -m 192 -cdrom debian-jessie-DI-rc1-kfreebsd-amd64-netinst.iso jessie.img [...] OK According to the installation guide 128 MB should work: https://www.debian.org/releases/testing/kfreebsd-amd64/ch02s05.html.en Note also that installing with 192 MB and then using 128 MB after installation works, so it is only a problem during installation. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=MPp-UEbnTxy_CmBgLjwxrG7qst51z2+ezPE-=whngi...@mail.gmail.com
Re: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)
On Thu, Oct 2, 2014 at 11:05 PM, Cyril Brulebois wrote:
AFAICT isc-dhcp is only used on non-linux archs, through that part of
Depends:
isc-dhcp-client-udeb [kfreebsd-any hurd-any]
You definitely want to get porters involved in checking the resulting
udebs, and I've therefore added them in Cc.
Dear hurd and kfreebsd porters. I plan to upload the attached patch,
which along with the previous upload introduces a bind udeb, which
will be dynamically linked by the dhcp udeb. Please let me know if
this looks ok.
Have you checked possible impact on the installed size? At least
kfreebsd has been having regular size-related issues, so it might be
worth checking this point (even if the ramfs tweaks introduced in the
past few weeks should avoid further issues).
The install size for dhcp+bind linked isn't much different from the
existing size of dhcp+bind embed, which is about 1.8 MB uncompressed.
Best wishes,
Mike
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,13 @@
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Disable parallel build. Closes: #762766
+ * Set -fno-delete-null-pointer-checks. Closes: #750760
+ * Fix dependencies for libbind-export-udeb. Closes: #762762
+ * Don't install configuration files to /usr. Closes: #762948
+
+ -- Michael Gilbert mgilb...@debian.org Sun, 28 Sep 2014 02:56:44 +
+
bind9 (1:9.9.5.dfsg-4.1) unstable; urgency=low
* Non-maintainer upload.
diff -u bind9-9.9.5.dfsg/debian/control bind9-9.9.5.dfsg/debian/control
--- bind9-9.9.5.dfsg/debian/control
+++ bind9-9.9.5.dfsg/debian/control
@@ -187,9 +187,8 @@
Architecture: any
Priority: extra
Depends: ${shlibs:Depends}
-XC-Package-Type: udeb
+Package-Type: udeb
Description: Exported BIND libraries for debian-installer
- libbind-export-udeb is a minimal bind package used by the debian-installer.
Package: libdns-export100
Section: libs
diff -u bind9-9.9.5.dfsg/debian/rules bind9-9.9.5.dfsg/debian/rules
--- bind9-9.9.5.dfsg/debian/rules
+++ bind9-9.9.5.dfsg/debian/rules
@@ -23,12 +23,13 @@
OPT = -O2
endif
-ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-export MAKEFLAGS += -j$(NUMJOBS)
-endif
+# parallel build options disabled for #762766
+#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+#NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+#export MAKEFLAGS += -j$(NUMJOBS)
+#endif
-export CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE $(DEBUG) $(OPT)
+export CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE $(DEBUG) $(OPT)
ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
EXTRA_FEATURES=--disable-linux-caps --disable-threads
@@ -126,6 +127,7 @@
dh_installdirs
$(MAKE) -C export install DESTDIR=`pwd`/debian/bind9
$(MAKE) install DESTDIR=`pwd`/debian/bind9
+ rm -rf debian/bind9/usr/etc
rm -f debian/bind9/usr/lib/*.la
install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.0
install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.255
@@ -201,6 +203,7 @@
dh_fixperms -a
dh_makeshlibs -a
dh_installdeb -a
+ sed 's/[^ ]*/libbind-export-udeb/'3 debian/*-export*/DEBIAN/shlibs debian/libbind-export-udeb/DEBIAN/shlibs
dh_shlibdeps -a
for i in $$(sed -n '/^Package:/s/^.* //p' debian/control); do cat debian/vars.in debian/$$i.substvars; done
cat debian/vars.in debian/substvars
Re: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)
On Sun, Oct 5, 2014 at 7:02 PM, Cyril Brulebois wrote:
Michael Gilbert mgilb...@debian.org (2014-10-05):
Dear hurd and kfreebsd porters. I plan to upload the attached patch,
which along with the previous upload introduces a bind udeb, which
will be dynamically linked by the dhcp udeb. Please let me know if
this looks ok.
NAK.
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Disable parallel build. Closes: #762766
If parallel building worked before you changed things, you get to fix
the issues rather than working around them. bind9 is a pain to build,
so having to deal with a forced -j1 is a nasty regression.
It's a rarely used path through the build system (--enable-exportlib),
so it's sort of unsurprising that there was a lurking issue.
Anyway, in the meantime I fixed the problem. Thanks for the prodding.
+ * Set -fno-delete-null-pointer-checks. Closes: #750760
+ * Fix dependencies for libbind-export-udeb. Closes: #762762
This udeb doesn't make any sense to me.
$ cat ./debian/libbind-export-udeb/DEBIAN/shlibs
libdns-export 100 libbind-export-udeb
libirs-export 91 libbind-export-udeb
libisc-export 95 libbind-export-udeb
libisccfg-export 90 libbind-export-udeb
The udeb is unversioned. ABI is going to be broken as usual in later
uploads, meaning the udeb shipping these shared objects will break
reverse dependencies:
/usr/lib/libisccfg-export.so.90.1.0
/usr/lib/libdns-export.so.100.2.2
/usr/lib/libirs-export.so.91.0.0
/usr/lib/libisc-export.so.95.5.0
/usr/lib/libdns-export.so.100 - libdns-export.so.100.2.2
/usr/lib/libisccfg-export.so.90 - libisccfg-export.so.90.1.0
/usr/lib/libirs-export.so.91 - libirs-export.so.91.0.0
/usr/lib/libisc-export.so.95 - libisc-export.so.95.5.0
I really fail to see how you could possibly imagine anything could work.
I was trying to avoid an explosion in the number of udebs, but I get
your point now that won't work. I've split up the udebs now so things
can be properly versioned.
Since we're late in the D-I release cycle, since we're late in the
release cycle in general (window for transitions closed past month),
since there was no coordination whatsoever, and since there is
apparently no well thought through plan, I think I'll oppose isc-dhcp's
using such a udeb.
Maybe I've addressed your concerns, maybe not, but please consider the
revised changes attached.
Best wishes,
Mike
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,13 @@
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix intermittent parallel build failure. Closes: #762766
+ * Set -fno-delete-null-pointer-checks. Closes: #750760
+ * Use separate packages for the udebs. Closes: #762762
+ * Don't install configuration files to /usr. Closes: #762948
+
+ -- Michael Gilbert mgilb...@debian.org Mon, 06 Oct 2014 01:23:57 +
+
bind9 (1:9.9.5.dfsg-4.1) unstable; urgency=low
* Non-maintainer upload.
diff -u bind9-9.9.5.dfsg/debian/control bind9-9.9.5.dfsg/debian/control
--- bind9-9.9.5.dfsg/debian/control
+++ bind9-9.9.5.dfsg/debian/control
@@ -182,15 +182,6 @@
.
This package delivers development files for the exported BIND libraries.
-Package: libbind-export-udeb
-Section: debian-installer
-Architecture: any
-Priority: extra
-Depends: ${shlibs:Depends}
-XC-Package-Type: udeb
-Description: Exported BIND libraries for debian-installer
- libbind-export-udeb is a minimal bind package used by the debian-installer.
-
Package: libdns-export100
Section: libs
Architecture: any
@@ -200,6 +191,13 @@
.
This package delivers the exported libdns shared library.
+Package: libdns-export100-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported DNS library for debian-installer
+
Package: libisc-export95
Section: libs
Architecture: any
@@ -209,6 +207,13 @@
.
This package delivers the exported libisc shared library.
+Package: libisc-export95-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported ISC library for debian-installer
+
Package: libisccfg-export90
Section: libs
Architecture: any
@@ -218,6 +223,13 @@
.
This package delivers the exported libisccfg shared library.
+Package: libisccfg-export90-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported ISC CFG library for debian-installer
+
Package: libirs-export91
Section: libs
Architecture: any
@@ -228,0 +241,7 @@
+
+Package: libirs-export91-udeb
+Section: debian-installer
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+XC-Package-Type: udeb
+Description: Exported IRS library for debian-installer
diff -u bind9
Re: Bug#762762: Updating isc-dhcp udeb to dynamically link bind (was: Bug#762762: nmu fixing bind issues)
On Sun, Oct 5, 2014 at 9:59 PM, Cyril Brulebois wrote: I'm not going to go through building this on a kfreebsd porterbox to try and figure out how isc-dhcp would look if rebuilt against such packages, but that looks a saner base for porters to build upon. That doesn't make the timing issues I've mentioned disappear though. I'm OK with thinking about it again if porters endorse/welcome/successfully test the resulting packages and installation images. Thanks for the feedback. Would it be ok to stage the changes in unstable to make it somewhat easy for porters to test? Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mpb5cgpq1oe6d_vpsoggyk6o3y2bqrrxwba_ozlh6m...@mail.gmail.com
Bug#756464: upgrade-reports: [kfreebsd] dist-upgrade to jessie removes the kernel
On Fri, Sep 26, 2014 at 7:59 AM, Steven Chamberlain wrote: Perhaps kfreebsd-image-10 needs to 'Provide' a newer kfreebsd-image-9 version (and adjust the Breaks to that version), or something ugly like that? That seems like it would make since. That's how normal package transitions are done (provide the transitional package for a cycle), so I don't even think it's that ugly. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=momlp2cdeszz6ho8sbtp9kazfksytcz9e94bmq9vz7...@mail.gmail.com
Bug#756464: upgrade-reports: [kfreebsd] dist-upgrade to jessie removes the kernel
Wouldn't this be fixed somewhat simply if freebsd-net-tools had a depends: kfreebsd-image-10? So even though freebsd-image-9 gets removed due the breaks, the user will at least have the newer kernel and a bootable system. This does differ from linux dist-upgrades where it is expected that the current kernel not go away, but that's possible due to their avoidance of ABI breakage. Since freebsd doesn't have that goal, maybe forced kernel dist-upgrade will be simply unavoidable? Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mp4zojxr5ikwdpr8czq-mizwafevlx4t0sytmjhpkh...@mail.gmail.com
Re: Bug#757711: Bug#757988: kfreebsd: troubles with dhcp (configuration going away)
On Tue, Aug 19, 2014 at 8:10 PM, Cyril Brulebois wrote: Steven Chamberlain ste...@pyro.eu.org (2014-08-20): On 14/08/14 18:32, Cyril Brulebois wrote: Now, I think there are several questions to answer: 1. What were the reasons for having arch-dependent dhcp clients? I'd speculate because udhcpc from busybox is very small, and isc-dhcp-client-udeb was about 2 MiB. It targets (currently only builds on) Linux; there is a bug open somewhere about porting it to kfreebsd; it's infeasible before the jessie freeze, and IMHO I think I prefer to keep the ISC version (mostly from a security POV). 2MiB looks like a candidate for huge savings, which might make some sense since we're repeatedly hitting ENOSPC with kfreebsd-*, don't you think? Not trying to impose any decision, just a bit shocked while discovering its size. dhclient in the udeb is around 1.7 MiB because of embedded bind, which was introduced in isc-dhcp 4.2. I plan to spend some time to switch that to dynamically link, which will reduce size since only the parts of bind actually used will be needed rather than the whole thing. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=monxvufootejlzc2n0p16uvu8xy+lt1mi1sgnu-nqm...@mail.gmail.com
Re: Bug#731074: lighttpd: indeterminate test on kfreebsd buildds
On Tue, Dec 24, 2013 at 8:15 AM, Christoph Egger Are you both running stable kernels for the build? are you using chroots or not? I was using a chroot and the unstable 9.2 kernel. I can try a non-chroot build if that may be somehow helpful? Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMGN=Tj+A-NVdUE=s_m86z-obfau5eswb_irehwnzn...@mail.gmail.com
Bug#694096: kfreebsd-8: CVE-2012-4576
package: kfreebsd-8 severity: serious version: 8.1+dfsg-8 Hi, a security advisory was issued for freebsd, and kfreebsd-8 is affected: http://lists.freebsd.org/pipermail/freebsd-announce/2012-November/001440.html -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=mo2igmqnh3km3uwjmkuk2smgogjkswbzhszr6jrkc+...@mail.gmail.com
Bug#694097: kfreebsd-9: CVE-2012-4576
package: kfreebsd-8 severity: serious version: 9.0-8 Hi, a security advisory was issued for freebsd, and kfreebsd-9 is affected: http://lists.freebsd.org/pipermail/freebsd-announce/2012-November/001440.html -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=mmib976qerldxg9axedjpml8e5lyzbdkpis7rn6-du...@mail.gmail.com
Bug#677297: kfreebsd-8: cve-2012-0217
package: kfreebsd-8 version: 8.1+dfsg-8+squeeze2 severity: grave tag: security A security advisory for freebsd has been issued, cve-2012-0217. All of the debian kfreebsd packages are affected. Please see: http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=mpdbl1va9cpw14r5rmto3fxq-ap+shwtdkkak0kg-m...@mail.gmail.com
Bug#677298: kfreebsd-9: cve-2012-0217
package: kfreebsd-9 version: 9.0-3 severity: grave tag: security A security advisory for freebsd has been issued, cve-2012-0217. All of the debian kfreebsd packages are affected. Please see: http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMuyVmsEQyAXoxz+FZj1SbzbEhpo9XbJroXoTY3u1d=u...@mail.gmail.com
Bug#677299: kfreebsd-10: cve-2012-0217
package: kfreebsd-10 version: 10.0~svn234760-1 severity: grave tag: security A security advisory for freebsd has been issued, cve-2012-0217. All of the debian kfreebsd packages are affected. Please see: http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=mnc_qx33qr9fnm5qqmrfmfs7fym+kiyrs1stn5p_+t...@mail.gmail.com
Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
package: kfreebsd-8 version: 8.1 severity: serious tag: security , patch A buffer overflow issue in kfreebsd has been disclosed [0] along with a poc [1]. patch is available [2]. I've only checked the kfreebsd-8 source, but the description says -7 is affected, and 9- and higher may be as well; I haven't checked those. Best wishes, Mike [0] http://www.securityfocus.com/archive/1/519864/30/0/threaded [1] http://www.exploit-db.com/exploits/17908/ [2] http://security.freebsd.org/patches/SA-11:05/unix.patch -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111015001032.019d32c30b117e74e4e4f...@gmail.com
Bug#631161: kfreebsd-8: cve-2011-2480 info disclosure
package: kfreebsd-8 version: 8.1 severity: important tags: security a vulnerability has been disclosed for freebsd. the affected code is present in the kfreebsd-8 package: http://openwall.com/lists/oss-security/2011/06/16/1 -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110620174959.8bfe13ac.michael.s.gilb...@gmail.com
Bug#631161: kfreebsd-8: cve-2011-2480 info disclosure
Robert Millan wrote: 2011/6/20 Michael Gilbert michael.s.gilb...@gmail.com: http://openwall.com/lists/oss-security/2011/06/16/1 The issue only affects certain non-x86 architectures, such as SPARC. looking at the commit itself [0], i find Dan's conclusion rather surprising. the affected code is in the 802.11 stack, so it seems like it should be platform-independent. i doubt x86 is any better at handling signedness issues, but i suppose i could be missing something. best wishes, mike [0] http://svnweb.freebsd.org/base?view=revisionrevision=223145 -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110620192406.307d5e13.michael.s.gilb...@gmail.com
Bug#613311: kfreebsd: kernel leak
package: kfreebsd-8 version: 8.1+dfsg-7.1 severity: important tags: security an exploit has been posted for freebsd using a kernel leak and their ftpd [0]. it's against an ancient version of freebsd (5.3), so it may not affect newer versions. i don't have time to verify whether any of the claims actually affect the debian kfreebsd. i would suggest discussing this with upstream. best wishes, mike [0] http://www.exploit-db.com/exploits/16119/ -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213193019.5d149c13.michael.s.gilb...@gmail.com
Bug#613312: kfreebsd: denial-of-service
package: kfreebsd-8 version: 8.1+dfsg-7.1 severity: important tags: security a denial-of-service has been posted for freebsd [0]. i don't have time to verify whether any of the claims actually affect debian. please check the kfreebsd package. thanks, mike [0] http://www.exploit-db.com/exploits/16064/ -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213193254.98ecc3c5.michael.s.gilb...@gmail.com
Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
package: kfreebsd-7 version: 7.3-7 severity: serious tags: security another freebsd privilege escalation has been disclosed: http://www.exploit-db.com/exploits/15206/ this seems different than the recent CVE advisories. i haven't checked any of this, but they claim 7.0-7.2 are affected and don't mention 8, so who knows if its affected. all of this should be checked. thanks, mike -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimm7cq8jnwlrk3hjcxhex=aq2n0xxkp3jiyr...@mail.gmail.com
Bug#572811: kfreebsd: CVE-2009-2650 potential code execution
Package: kfreebsd-8 Version: 8.0-4 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for kfreebsd-8. CVE-2009-2650[0]: | Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 | Build 020124 allows remote attackers to cause a denial of service | (application crash) or possibly execute arbitrary code via a crafted | (1) .m3u or possibly (2) .pst file. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2650 http://security-tracker.debian.org/tracker/CVE-2009-2650 -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100306152340.b70aa194.michael.s.gilb...@gmail.com
Bug#572813: kfreebsd: null ptr dereference
Package: kfreebsd-8 Version: 8.0-4 Severity: important Tags: security Hi, a null ptr dereference was discovered in freebsd. It is questionable whether this is exploitable. See [0] for more info. [0] http://seclists.org/fulldisclosure/2010/Mar/117 -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100306152701.a98c13a5.michael.s.gilb...@gmail.com
