Bug#776415: kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption
Package: kfreebsd-10 Version: 10.1~svn274115-1 Severity: grave Tags: security patch Hi, A kernel memory disclosure/corruption vulnerability was announced, in the FreeBSD kernel's implementation of SCTP: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:02.kmem.asc This could affect the kfreebsd-10 package if SCTP is used. A patch from upstream should be uploaded soon fixing this. kfreebsd-9 in stable is not affected, since the last security upload 9.0-10+deb70.8 already disabled this protocol. kfreebsd-8 does not receive regular security updates, but we may decide to disable SCTP there too. kfreebsd-11 experimental will be affected until updated to a newer snapshot. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150127201756.88109.29712.report...@sid.kfreebsd-amd64.pyro.eu.org
Processed: Re: Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Processing control commands: severity -1 important Bug #775395 [partman-zfs] partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror Severity set to 'important' from 'grave' -- 775395: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775395 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b775395.142239357010256.transcr...@bugs.debian.org
Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Control: severity -1 important Michael Milligan wrote: Package: partman-zfs Version: 42 Severity: grave Tags: d-i Justification: renders package unusable for ZFS-based install (which is probably the reason someone is trying Debian/kFreeBSD .. to use ZFS) Since this is a kfreebsd-any package, and we're not part of the official stable release, I have to lower this to non-RC severity. We should still fix it for the GNU/kFreeBSD release though. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150127211921.gg3...@squeeze.pyro.eu.org
Bug#776416: kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability
Package: kfreebsd-10 Version: 10.1~svn274115-1 Severity: grave Tags: security patch Hi, A unprivileged local DoS was reported in the FreeBSD kernel implementation of SCTP: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc This only affects systems serving SCTP connections. A patch from upstream should be uploaded soon fixing this in kfreebsd-10. kfreebsd-9 in stable is not affected, since the last security upload 9.0-10+deb70.8 disabled this protocol. kfreebsd-8 does not receive regular security updates, but we may decide to disable SCTP there too. (It's expected nobody would be using SCTP in GNU/kFreeBSD squeeze or prior, because no userland tools had been ported yet). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150127202149.88348.26338.report...@sid.kfreebsd-amd64.pyro.eu.org
Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Hi, Michael Milligan wrote: But installing Grub failed with unknown filesystem. In troubleshooting the issue, it seems grub2 (version currently is 2.02~beta2-19) does not recognize the feature@lz4_compress option (and had been previously reported) of the ZFS pools that kFreeBSD kernel 10.1 creates. Thanks for the report. It is actually expected that grub2 since 2.02 should understand these feature flags, including LZ4 compression. I thought it was working for me when I last tested. Hopefully this can be figured out without having to default to using -d (disabling new features including LZ4 metadata compression). Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150127210217.ge3...@squeeze.pyro.eu.org
Processed: Re: Bug#776415: kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption
Processing commands for cont...@bugs.debian.org: tags 776415 + pending Bug #776415 [kfreebsd-10] kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption Added tag(s) pending. tags 776416 + pending Bug #776416 [kfreebsd-10] kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 776415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776415 776416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776416 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.142239206532004.transcr...@bugs.debian.org
Processing of kfreebsd-10_10.1~svn274115-2_source.changes
kfreebsd-10_10.1~svn274115-2_source.changes uploaded successfully to localhost along with the files: kfreebsd-10_10.1~svn274115-2.dsc kfreebsd-10_10.1~svn274115-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yghsm-0007wq...@franck.debian.org
Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
On 01/27/2015 02:02 PM, Steven Chamberlain wrote: Hi, Michael Milligan wrote: But installing Grub failed with unknown filesystem. In troubleshooting the issue, it seems grub2 (version currently is 2.02~beta2-19) does not recognize the feature@lz4_compress option (and had been previously reported) of the ZFS pools that kFreeBSD kernel 10.1 creates. Thanks for the report. It is actually expected that grub2 since 2.02 should understand these feature flags, including LZ4 compression. I thought it was working for me when I last tested. Hopefully this can be figured out without having to default to using -d (disabling new features including LZ4 metadata compression). Yeah, failed for me using 10.1 kfreebsd image... I did not have time to retry it with each individual feature flag turned on/off to find the exact combination it was choking on, but at least one of them is still not recognized by grub-probe, not necessarily lz4_compress. Regards, Mike -- Michael Milligan - mi...@acmeps.com Acme Professional Services LLC -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c80cf5.5020...@acmeps.com
kfreebsd-10_10.1~svn274115-2_source.changes REJECTED
kfreebsd-10_10.1~svn274115-2.dsc: Invalid size hash for kfreebsd-10_10.1~svn274115.orig.tar.xz: According to the control file the size hash should be 26805056, but kfreebsd-10_10.1~svn274115.orig.tar.xz has 26642632. If you did not include kfreebsd-10_10.1~svn274115.orig.tar.xz in you upload, a different version might already be known to the archive software. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1ygjdf-0002i6...@franck.debian.org
