Re: Wedges sysinst (Was: Wedges enabled on -current)
On Sep 8, 12:47pm, a...@absd.org (David Brownlee) wrote: -- Subject: Re: Wedges sysinst (Was: Wedges enabled on -current) | Its been three weeks since wedges mbr and disklabels was enabled in | current, breaking sysinst installs. | | If people do not have time to look at updating sysinst right now, could I | suggest switching it back off for at least disklabels (maybe leaving | enabled for mbrlabel and others), so we are at least building usable | current images? | | Or is there a plan/timeline for updating sysinst? There is no plan for fixing sysinst, switch it back. We learned what we needed to learn. christos
Re: NetBSD/amd64-current crashes during shutdown
Tom Ivar Helbekkmo t...@hamartun.priv.no wrote: After upgrading to an August 29th snapshot of 7.99.1, my amd64 system crashes during shutdown, always on the same assertion: ... FYI: Fixed in the latest netbsd-7. -- Mindaugas
Re: problem with external scsi storage
In article pine.neb.4.64.1409081844230.5...@6bone.informatik.uni-leipzig.de, 6b...@6bone.informatik.uni-leipzig.de wrote: hello, some time ago I reported about a problem with a lsi1030 controller and a eurostor scsi storage. Now I orderd an adaptec controller. But the same problem occurs. With linux the storage works fine but netbsd reports a hba error. So I think it is a general problem between netbsd and the eurostor storage. I tried out some adjustments at the quirk list, but without any success. linux reports for the adaptec controller: [ 39.860038] scsi6 : Adaptec AIC79XX PCI-X SCSI HBA DRIVER, Rev 3.0 [ 39.860038] Adaptec 29320LPE PCIe Ultra320 SCSI adapter [ 39.860038] aic7901: Ultra320 Wide Channel A, SCSI Id=7, PCI-X 101-133MHz, 512 SCBs [ 39.860691] scsi 6:0:0:0: Direct-Access ES-6600 12 Bay Volume R001 PQ : 0 ANSI: 5 [ 39.860700] scsi target6:0:0: asynchronous [ 39.860703] scsi6:A:0:0: Tagged Queuing enabled. Depth 32 [ 39.860714] scsi target6:0:0: Beginning Domain Validation [ 39.862644] scsi target6:0:0: wide asynchronous [ 39.864205] scsi target6:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRF LOW PCOMP (6.25 ns, offset 127) [ 39.871592] scsi target6:0:0: Ending Domain Validation [ 39.871821] sd 6:0:0:0: Attached scsi generic sg5 type 0 [ 39.872107] sd 6:0:0:0: [sdc] 1953121280 512-byte logical blocks: (999 GB/931 GiB) [ 40.644106] sd 6:0:0:0: [sdc] Write Protect is off [ 40.644111] sd 6:0:0:0: [sdc] Mode Sense: cb 00 00 08 [ 41.158148] sd 6:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA Any ideas what I can try to get the storage workable? What is that storage exactly? What does NetBSD report? christos
NetBSD Security Advisory 2014-009: Multiple vulnerabilities in the execve system call
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NetBSD Security Advisory 2014-009 = Topic: Multiple vulnerabilities in the execve system call Version:NetBSD-current: source prior to Fri, Feb 14th 2014 NetBSD 6.1 - 6.1.4: affected NetBSD 6.0 - 6.0.4: affected NetBSD 6.0.5: not affected NetBSD 5.1 - 5.1.4: not affected NetBSD 5.2 - 5.2.2: not affected Severity: Local DoS Fixed: NetBSD-current: Fri, Feb 14th 2014 NetBSD-6-0 branch: Fri, Feb 14th 2014 NetBSD-6-1 branch: Fri, Feb 14th 2014 NetBSD-6 branch:Fri, Feb 14th 2014 Teeny versions released later than the fix date will contain the fix. Please note that NetBSD releases prior to 5.1 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract The execve system call is affected by two vulnerabilities: 1) A memory leak in the kernel could cause a local (un)privileged user to use up kernel memory via a bogus ELF binary, and thus to freeze - or eventually panic - the system. 2) A bug in the kernel could lead to a use-after-free condition when loading a binary or a script, which would allow a local (un)privileged user to crash the system. Technical Details = 1) When trying to execute an ELF binary, the kernel looks up the corresponding interpreter (in case of native dynamic ELF binaries: the dynamic linker ld.elf_so). If this interpreter cannot be accessed appropriately, or if it is bogus, a structure allocated to hold special information on this interpreter was not freed. If a standard toolchain is installed, a local user can easily create such broken binaries by passing the -dynamic-linker switch to the linker. 2) When executing a binary via execve(), the kernel computes the new user stack size, and returns an error if this size exceeds the maximum architecture-defined stack size or the maximum stack size allowed by the calling process through rlimit. However, the variable in charge of hold- ing the error code returned was not properly initialised, causing the kernel to keep setting up the new process environment and use data that was already freed. Both the new stack size and the rlimit stack size are approximately user-controllable, which makes it easy to trigger from a local user. Solutions and Workarounds = For all NetBSD versions, you need to obtain fixed kernel sources, rebuild and install the new kernel, and reboot the system. The fixed source may be obtained from the NetBSD CVS repository. The following instructions briefly summarise how to upgrade your kernel. In these instructions, replace: ARCH with your architecture (from uname -m), KERNCONF with the name of your kernel configuration file and VERSION with the file version below File versions containing the fixes: FILEHEADnetbsd-6netbsd-6-1 netbsd-6-0 -- -- sys/kern/exec_elf.c 1.551.37.2.21.37.2.1.6.11.37.2.1.4.1 sys/kern/kern_exec.c 1.403 1.339.2.9 1.339.2.6.2.2 1.339.2.5.4.3 To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P -r VERSION sys/kern/exec_elf.c # cvs update -d -P -r VERSION sys/kern/kern_exec.c # ./build.sh kernel=KERNCONF # mv /netbsd /netbsd.old # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd # shutdown -r now For more information on how to do this, see: http://www.NetBSD.org/guide/en/chap-kernel.html Thanks To = Thanks to Maxime Villard, who found the issues and provided fixes. Revision History 2014-08-27 Initial release 2014-09-08 Updated affected versions More Information Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2014, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2014-009.txt,v 1.4 2014/09/02 14:26:27 spz Exp $ -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUDhAXAAoJEAZJc6xMSnBuD/kP/RJjOcVNjN9wNSDWZCz5sZ63 WxzysstN2R9OCheAYJeNOYrgQYx2f26mR1pJJQ1nR254PHnqultYMptYbF/dh9SQ SFg+PemHj6Qnjp9BZ9PuXNvU4g16qfaYhgWfUE3u+Iz/2MsNtJC3pcMfmol/dtnG vafgb5zngFb6Ea03jbdsTPRFSAloPDVkxtMQ+Ib+vkP8NLHGQZsSnrEdQv3CLl0Y
NetBSD Security Advisory 2014-011: User-controlled memory allocation in the modctl system call
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NetBSD Security Advisory 2014-011 = Topic: User-controlled memory allocation in the modctl system call Version:NetBSD-current: source prior to Thu, Jul 10th 2014 NetBSD 6.1 - 6.1.4: affected NetBSD 6.0 - 6.0.5: affected NetBSD 5.1 - 5.1.4: affected NetBSD 5.2 - 5.2.2: affected Severity: Local DoS Fixed: NetBSD-current: Thu, Jul 10th 2014 NetBSD-6-1 branch: Mon, Jul 14th 2014 NetBSD-6-0 branch: Mon, Jul 14th 2014 NetBSD-6 branch:Mon, Jul 14th 2014 NetBSD-5.2 branch: Mon, Jul 14th 2014 NetBSD-5.1 branch: Mon, Jul 14th 2014 NetBSD-5 branch:Mon, Jul 14th 2014 Teeny versions released later than the fix date will contain the fix. Please note that NetBSD releases prior to 5.1 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract Due to missing input validation checks, a local (un)privileged user could cause the kernel to perform a zero-sized or unbounded memory allocation, resulting in a crash. Technical Details = The modctl system call takes as second argument a buffer which is represented as a structure when loading a kernel module. This structure indicates special information on how to load a module, including a string pointer and the length of the string pointed to. A kernel buffer of the same size is allocated, but no check was performed to ensure the size is neither too low nor too high, thus allowing a local user to crash the system. Solutions and Workarounds = For all NetBSD versions, you need to obtain fixed kernel sources, rebuild and install the new kernel, and reboot the system. The fixed source may be obtained from the NetBSD CVS repository. The following instructions briefly summarise how to upgrade your kernel. In these instructions, replace: ARCH with your architecture (from uname -m), KERNCONF with the name of your kernel configuration file and VERSION with the file version below File versions containing the fixes: FILE HEAD netbsd-6 netbsd-6-1 netbsd-6-0 netbsd-5 netbsd-5-2 netbsd-5-1 -- -- -- -- sys/kern/sys_module.c 1.15 1.13.8.1 1.13.14.1 1.13.12.1 1.8.4.2 1.8.4.1.6.1 1.8.4.1.2.1 To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P -r VERSION sys/kern/sys_module.c # ./build.sh kernel=KERNCONF # mv /netbsd /netbsd.old # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd # shutdown -r now For more information on how to do this, see: http://www.NetBSD.org/guide/en/chap-kernel.html Thanks To = Thanks to Maxime Villard, who found the issue and provided a fix. Revision History 2014-08-27 Initial release More Information Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-011.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2014, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2014-011.txt,v 1.3 2014/08/30 07:00:29 maxv Exp $ -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUDhArAAoJEAZJc6xMSnBuHygP/juhVWWrWtPQQzGbCE9Jksqn SEvyoNvSNtjUdp+1gSqsZe8x7xYg2DNaGqvVORYVm9fpP7Kn5//7ub1GaI1PNbVP +7Vn4jtNs+jeMrhLo5yAhSilb3DorRTIzvhkyNmU1P9zwAaHuV1PNIjBDkmXN3mL JbxSf6/X5xcSl3gCmE6UE+sQ45bvLVMnKEv0cuNO6CLxf0YKuJCTyp6Wh55bzjPq Vw64j2WLB1mU/EVhF7GHHQ1QhnpoGnZ1UwYxVlqeH1dR+9RPYj1Kjh784kDOVN6K j2yulxDLrz07we1IEqmWW7slLK3qWRARLJgEDd6NEiB677GImuYDRYtEdUFI/wSV NcoDXCAoFeFuvZUqjFCbKmcC0bBrfoBbRLvuLyogAZ51iAbUpJpUwn6BamftcRo/ 2qKwdNDbaqXvXTGeaF98DKR+RsiG69Z1P9l2OmzSV29Jn2WC9Tz5Dbh2Dd5fsHQV t0tCCApbI2UiLu4OFi9DhxhraiO0gBlPaTjtnc1fnyLapjw4lZFo2q6xnHmrtj4l CYTQuVghHly4yeDHPMISpipmgzx9Z/lQadUejbv65j1Id4PLMPSezNKzSZJRy+D2 I7cv0rn0nT2PVDNRbmsVpZCiJjILKI4GXcwpXfKEma/dEeqJjuClwe5P/zZffYOx 4y8sbEeOXHwBqmF76e+d =wcom -END PGP SIGNATURE-
NetBSD Security Advisory 2014-012: Memory leak in the setsockopt system call
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NetBSD Security Advisory 2014-012 = Topic: Memory leak in the setsockopt system call Version:NetBSD-current: source prior to Sat, Aug 16th 2014 NetBSD 6.1 - 6.1.4: affected NetBSD 6.0 - 6.0.5: affected NetBSD 5.1 - 5.1.4: affected NetBSD 5.2 - 5.2.2: affected Severity: Local DoS Fixed: NetBSD-current: Sat, Aug 16th 2014 NetBSD-7 branch:Sun, Aug 24th 2014 NetBSD-6-0 branch: Wed, Aug 27th 2014 NetBSD-6-1 branch: Wed, Aug 27th 2014 NetBSD-6 branch:Wed, Aug 27th 2014 NetBSD-5.2 branch: Wed, Aug 27th 2014 NetBSD-5.1 branch: Wed, Aug 27th 2014 NetBSD-5 branch:Wed, Aug 27th 2014 Teeny versions released later than the fix date will contain the fix. Please note that NetBSD releases prior to 5.1 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract A memory leak in the kernel could allow a local user to use up kernel memory via repeated calls to the setsockopt system call, and thus to freeze - or eventually panic - the system. Technical Details = When calling the setsockopt system call on an ipv6 socket with specific arguments, a kernel buffer allocated to temporarily hold the socket option data was not freed. Performing such a call in a loop would cause the kernel to run out of memory and eventually panic. Solutions and Workarounds = For all NetBSD versions, you need to obtain fixed kernel sources, rebuild and install the new kernel, and reboot the system. The fixed source may be obtained from the NetBSD CVS repository. The following instructions briefly summarise how to upgrade your kernel. In these instructions, replace: ARCH with your architecture (from uname -m), KERNCONF with the name of your kernel configuration file and VERSION with the file version below File versions containing the fixes: FILE HEAD netbsd-7 netbsd-6 netbsd-6-1 netbsd-6-0 -- -- sys/netinet6/ip6_output.c 1.158 1.157.2.1 1.145.2.1 1.145.8.1 1.145.6.1 FILE netbsd-5 netbsd-5-2 netbsd-5-1 -- -- sys/netinet6/ip6_output.c 1.135.2.21.135.2.1.10.1 1.135.2.1.6.1 To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P -r VERSION sys/netinet6/ip6_output.c # ./build.sh kernel=KERNCONF # mv /netbsd /netbsd.old # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd # shutdown -r now For more information on how to do this, see: http://www.NetBSD.org/guide/en/chap-kernel.html Thanks To = Thanks to Maxime Villard for developing a code scanner which detected the issue, and Ryota Ozaki for helping in developing a fix. Revision History 2014-09-08 Initial release More Information Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2014, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2014-012.txt,v 1.1 2014/09/08 21:18:53 tonnerre Exp $ -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUDh1JAAoJEAZJc6xMSnBuHwUP/3OPLYDozc7WuD+zFjhQaSzr 82ClbsCHvjTz+DdJ/jOXsQLK9GQI61jfqWxdB8uwUl5S+bel/Tcz/DUgtFdhOxT0 +xQ2AwgNnkMz4fnfobdVnUT6GSa+U4UJPjVytTqstTMdJLik8EawJookLL7hAFdc l7usjjWkM0Gemzu6js1RGPFynvyFkSYBTXJGr5pJQbnpZkC0HtKqe/svquJYFe3a TxddHAOMkxfNSrf0Wn8vBWeaTQ7Vc70ZJ/ZuxiczZsE/5Voq+ois73u0uAknCCu+ 6lk2Tm3OmkK0mE25Q4iXRtPw0ogOmRa5RfyzYSWLvQ5cD5S0GrqQYrYAFAdHxaGV LUSP4FmWTKYi/JOjTlgUKjFpysQANbY6o6NTCJeKnNfkcZBQZpe3xIC74mQaSGgv fAhZ7s//ZY+jeusl/GAbA00rQLG3BPFXjSFyfL8NW//sWsZqd6YXV51YLJMTIVVm Up2j7EUCszWKQWqIQjRtnl09ZaWBdr3i+3tpOa78elg5v1zuCFohQK0uB3v+klEU xSsuvgwqzVnVjBniG3NNk+RSnaaTE8JGwgtAo8wGdjpLNkye6xQEzZW/3F7S9fXW qX+Rm4aXspf9hINChCjOSzs/576ffmpsypE8PvDYPgbV6EjRC2pO4wq3IbuZGI4R C7h9rpPfO6GxW3oKjMOb =RKxi -END PGP SIGNATURE-
New teenies for recent security bulletins?
With the recent flurry of security bugs announced, are there any plans to release new teeny versions of 6.0 and 6.1? - | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com| | Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net | | Kernel Developer | | pgoyette at netbsd.org | -
Re: NetBSD/amd64-current crashes during shutdown
Mindaugas Rasiukevicius rm...@netbsd.org writes: FYI: Fixed in the latest netbsd-7. Great! Thanks! :) -tih -- It doesn't matter how beautiful your theory is, it doesn't matter how smart you are. If it doesn't agree with experiment, it's wrong. -Richard Feynman
daily CVS update output
Updating src tree: P src/doc/CHANGES P src/lib/libc/gen/vis.c P src/sys/arch/arm/allwinner/awin_gige.c P src/sys/arch/arm/allwinner/awin_mmc.c P src/sys/arch/arm/allwinner/awin_reg.h P src/sys/arch/arm/allwinner/files.awin P src/sys/arch/arm/arm32/bus_dma.c P src/sys/arch/evbarm/awin/awin_machdep.c P src/sys/arch/evbarm/conf/BPI P src/sys/arch/evbarm/conf/CUBIEBOARD P src/sys/arch/sh3/dev/rtc.c P src/sys/conf/files U src/sys/dev/ic/dwc_gmac.c U src/sys/dev/ic/dwc_gmac_reg.h U src/sys/dev/ic/dwc_gmac_var.h P src/sys/fs/tmpfs/tmpfs_subr.c P src/sys/fs/tmpfs/tmpfs_vnops.c P src/sys/kern/vfs_bio.c P src/sys/lib/libkern/arch/m68k/Makefile.inc P src/sys/netinet/portalgo.c P src/sys/ufs/chfs/chfs_gc.c P src/sys/ufs/ffs/ffs_alloc.c P src/tests/lib/libc/gen/t_vis.c Updating xsrc tree: Killing core files: Running the SUP scanner: SUP Scan for current starting at Tue Sep 9 03:09:57 2014 SUP Scan for current completed at Tue Sep 9 03:10:21 2014 SUP Scan for mirror starting at Tue Sep 9 03:10:21 2014 SUP Scan for mirror completed at Tue Sep 9 03:35:20 2014 Updating file list: -rw-rw-r-- 1 srcmastr netbsd 43064588 Sep 9 03:45 ls-lRA.gz