Re: /etc/periodic/weekly/320.whatis: /usr/libexec/makewhatis.local: not found
On 2/15/2016 8:12 AM, Eric van Gyzen wrote: > I just set up a workstation running head. The weekly 320.whatis script always > reports: > > /usr/libexec/makewhatis.local: not found > > Indeed, it doesn't exist. Does the 320.whatis script need to be updated for > r283777? > makewhatis.local is an optimization wrapper. Rather than blow it away I will move it out of usr.bin/makewhatis (to avoid accidentally removing it later and a more proper place) and fix the installation of it. -- Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
Re: Open Sound System - OSS "soundon" command causes KERNEL PANIC FreeBSD-11
The Creative Labs Xfi cards use OSS as the driver. Other cards based on the same chipset would also be dependent upon OSS. On Sun, Feb 14, 2016 at 9:33 PM, Greg Quinlanwrote: > Thanks. > > I am not going to use OSS anymore... > > I am going to stick to stick with a custom kernel > > device sounddevice snd_hda From: Hans Petter Selasky > To: Greg Quinlan ; "freebsd-current@freebsd.org" < > freebsd-current@freebsd.org> > Sent: Saturday, 13 February 2016, 18:55 > Subject: Re: Open Sound System - OSS "soundon" command causes KERNEL > PANIC FreeBSD-11 > > On 02/12/16 01:04, Greg Quinlan wrote: > > Spoke too soon... > > > > I applied the patch (kern_module.diff - which was successful) > > > > # cd /usr/src# patch to me... > > The text leading up to this was: > > -- > > |Index: sys/kern/kern_module.c > > |=== > > |--- sys/kern/kern_module.c(revision 295464) > > |+++ sys/kern/kern_module.c(working copy) > > -- > > Patching file sys/kern/kern_module.c using Plan A... > > Hunk #1 succeeded at 214. > > done > > # make buildkernel: > > # make installkernel: > > # shutdown -r now > > Logged in and ran# soundon > > No panic!! > > > > Thought the problem was fixed ... unfortunately, I assumed that the > contents of /usr/local/lib/oss/etc/installed_drivers still contained > > oss_hdaudio #Intel High Definition Audio (CPT) > > but somehow the file was empty > > I ran > > # ossdetect# soundon > > > > Another KERNEL PANIC... this time it scrolled off the screen. I tried > setting this (below) in /etc/rc.conf but there is nothing in /var/crash > > > > [entries in /etc/rc.conf] > > dumpdev="AUTO" > > dumpdir="/var/crash" > > I need help to recover the backtrace, please? > > > > Thanks > > > >From: Greg Quinlan > > To: Hans Petter Selasky ; "freebsd-current@freebsd.org" > > > Sent: Thursday, 11 February 2016, 22:19 > > Subject: Re: Open Sound System - OSS "soundon" command causes KERNEL > PANIC FreeBSD-11 > > > > Well done!! > > Fixed. Thanks! > > > > > > > >From: Hans Petter Selasky > > To: Greg Quinlan ; "freebsd-current@freebsd.org" < > freebsd-current@freebsd.org> > > Sent: Thursday, 11 February 2016, 17:54 > > Subject: Re: Open Sound System - OSS "soundon" command causes KERNEL > PANIC FreeBSD-11 > > > > On 02/11/16 03:02, Greg Quinlan wrote: > >> Hi HPS, > >> Note: Does not happen on FreeBSD 10.1-Stable! > >> > > > > Yes, that's because WITNESS is off in 10.x by default. > > > > Does the attached patch solve your problem? > > > > --HPS > > Hi, > > It might be that audio/oss is not compatible with 11-current if it > crashes like that. > > --HPS > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > > > > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On 18/02/2016 4:23 AM, Warren Block wrote: > On Thu, 18 Feb 2016, Kubilay Kocak wrote: > >> On 18/02/2016 3:51 AM, Warren Block wrote: >>> On Wed, 17 Feb 2016, Eric van Gyzen wrote: >>> On 02/17/2016 08:19, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > >> A short note on the www.freebsd.org website would probably be >> helpful, >> as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html > > > Articles are permanent, which makes sense for the recurring issue of leap seconds. This vulnerability is transient, so I would suggest a news item. >>> >>> Yes, but news items are usually just links. For the amount of >>> information we have so far, an article seems like the easiest way to do >>> this. Or maybe an addition to the security part of the web site? >>> >>> For now, I'll collect the information as just text. >> >> Don't we also want our sec teams to investigate/confirm it anyway, >> independent of how it's communicated? > > Absolutely. > >> If so, doesn't a security advisory (with secteam and/or ports-secteam as >> appropriate) make the most sense here, given the scope of vulnerability >> for base/linux emulation/ports is yet to be completely established and >> is still to be investigated properly? > > Have there been security advisories for unconfirmed or > not-actually-a-problem events before? My impression was that they have > only been announced when a problem exists and action needs to be taken. This "No SA, no problem" pattern is reasonable for default case, and the vast majority of issues. This glibc issue, like heartbleed and others may be sufficiently high-profile to warrant special treatment, even if not in "SA" form. > However, a real problem *does* exist for Linux VMs and applications on > FreeBSD, so it could be addressed that way. A "we are investigating" > advisory right now could do some good, if the protocols allow it. > >> Finally, would users expect a news item, an article or a heads up from >> our security teams for something like this, even in the case where it's >> only a "confirmed we're not affected" ? > > A news item linking to a "it's not us!" advisory would be no problem. > People have to go looking for that. > > Those who are subscribed to the security mailing list will receive those > notices directly, and because those are expected to be problems that > need to be addressed immediately, it might cause some initial > palpitations as if it were an actual problem with FreeBSD. Yup, and let me make clear an out-there-in-the-world distinction between 'an advisory by freebsd security people ' and a FreeBSD "SA" the implementation format. ./koobs ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Thu, 18 Feb 2016, Kubilay Kocak wrote: On 18/02/2016 3:51 AM, Warren Block wrote: On Wed, 17 Feb 2016, Eric van Gyzen wrote: On 02/17/2016 08:19, Warren Block wrote: On Wed, 17 Feb 2016, Kurt Jaeger wrote: A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. Maybe a short article like we did for leap seconds? https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html Articles are permanent, which makes sense for the recurring issue of leap seconds. This vulnerability is transient, so I would suggest a news item. Yes, but news items are usually just links. For the amount of information we have so far, an article seems like the easiest way to do this. Or maybe an addition to the security part of the web site? For now, I'll collect the information as just text. Don't we also want our sec teams to investigate/confirm it anyway, independent of how it's communicated? Absolutely. If so, doesn't a security advisory (with secteam and/or ports-secteam as appropriate) make the most sense here, given the scope of vulnerability for base/linux emulation/ports is yet to be completely established and is still to be investigated properly? Have there been security advisories for unconfirmed or not-actually-a-problem events before? My impression was that they have only been announced when a problem exists and action needs to be taken. However, a real problem *does* exist for Linux VMs and applications on FreeBSD, so it could be addressed that way. A "we are investigating" advisory right now could do some good, if the protocols allow it. Finally, would users expect a news item, an article or a heads up from our security teams for something like this, even in the case where it's only a "confirmed we're not affected" ? A news item linking to a "it's not us!" advisory would be no problem. People have to go looking for that. Those who are subscribed to the security mailing list will receive those notices directly, and because those are expected to be problems that need to be addressed immediately, it might cause some initial palpitations as if it were an actual problem with FreeBSD. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On 18/02/2016 3:51 AM, Warren Block wrote: > On Wed, 17 Feb 2016, Eric van Gyzen wrote: > >> On 02/17/2016 08:19, Warren Block wrote: >>> On Wed, 17 Feb 2016, Kurt Jaeger wrote: >>> A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. >>> >>> Maybe a short article like we did for leap seconds? >>> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html >>> >>> >> >> Articles are permanent, which makes sense for the recurring issue of >> leap seconds. This vulnerability is transient, so I would suggest a >> news item. > > Yes, but news items are usually just links. For the amount of > information we have so far, an article seems like the easiest way to do > this. Or maybe an addition to the security part of the web site? > > For now, I'll collect the information as just text. Don't we also want our sec teams to investigate/confirm it anyway, independent of how it's communicated? If so, doesn't a security advisory (with secteam and/or ports-secteam as appropriate) make the most sense here, given the scope of vulnerability for base/linux emulation/ports is yet to be completely established and is still to be investigated properly? Finally, would users expect a news item, an article or a heads up from our security teams for something like this, even in the case where it's only a "confirmed we're not affected" ? ./koobs ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Wed, 17 Feb 2016, Eric van Gyzen wrote: On 02/17/2016 08:19, Warren Block wrote: On Wed, 17 Feb 2016, Kurt Jaeger wrote: A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. Maybe a short article like we did for leap seconds? https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html Articles are permanent, which makes sense for the recurring issue of leap seconds. This vulnerability is transient, so I would suggest a news item. Yes, but news items are usually just links. For the amount of information we have so far, an article seems like the easiest way to do this. Or maybe an addition to the security part of the web site? For now, I'll collect the information as just text. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On 02/17/2016 08:19, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > >> A short note on the www.freebsd.org website would probably be helpful, >> as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html > Articles are permanent, which makes sense for the recurring issue of leap seconds. This vulnerability is transient, so I would suggest a news item. Eric ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Wed, Feb 17, 2016 at 07:19:07AM -0700, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > > > Hi! > > > >> The project that's vulnerable is called "glibc", not "libc". The BSDs > >> don't use glibc, so the phrase "nothing to see here" applies. glibc > >> isn't even available in FreeBSD's ports tree. > >> > >> TL;DR: FreeBSD is not affected by CVE-2015-7547. > > What about software that uses emulators/linux_base? > see PR/207272 > > A short note on the www.freebsd.org website would probably be helpful, > > as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html > > I can help with that. > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
> On 17.02.2016 г., at 15:40, Shawn Webbwrote: > > TL;DR: FreeBSD is not affected by CVE-2015-7547. Unless you use Linux applications under emulation. Daniel signature.asc Description: Message signed with OpenPGP using GPGMail
Re: CVE-2015-7547: critical bug in libc
Hi! > >> TL;DR: FreeBSD is not affected by CVE-2015-7547. > > What about software that uses emulators/linux_base? > > > A short note on the www.freebsd.org website would probably be helpful, > > as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html > > I can help with that. Just write the piece, there's no-one else doin' it 8-} -- p...@opsec.eu+49 171 3101372 4 years to go ! ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Wed, 17 Feb 2016, Kurt Jaeger wrote: Hi! The project that's vulnerable is called "glibc", not "libc". The BSDs don't use glibc, so the phrase "nothing to see here" applies. glibc isn't even available in FreeBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. What about software that uses emulators/linux_base? A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. Maybe a short article like we did for leap seconds? https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html I can help with that. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Wed, Feb 17, 2016 at 04:07:25PM +0200, Daniel Kalchev wrote: > > > On 17.02.2016 ??., at 15:40, Shawn Webbwrote: > > > > TL;DR: FreeBSD is not affected by CVE-2015-7547. > > > Unless you use Linux applications under emulation. True. I didn't think of that since I don't use the linuxulator and am not a big fan of it. Good catch. -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature
Re: CVE-2015-7547: critical bug in libc
Hi! > The project that's vulnerable is called "glibc", not "libc". The BSDs > don't use glibc, so the phrase "nothing to see here" applies. glibc > isn't even available in FreeBSD's ports tree. > > TL;DR: FreeBSD is not affected by CVE-2015-7547. A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. -- p...@opsec.eu+49 171 3101372 4 years to go ! ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
Hi, as Shawn types faster then me... the libc issue has been found from glibc which is not used in the BSD family. This is the affected libc https://en.wikipedia.org/wiki/GNU_C_Library What FreeBSD uses: https://en.wikipedia.org/wiki/BSD_libc -Tommi On Wed, Feb 17, 2016 at 3:24 PM, O. Hartmannwrote: > It is around now in the media also for non-OS developers: CVE-2015-7547 > describes a bug in libc which is supposed to affects all Linux versions. > > big price question: is FreeBSD > 9.3 also affected? > > Some reporters tell us that Linux/UNIX is affected, so sometimes this > terminus > is used to prevent the "Linux-nailed" view, but sometimes it also referes > to > everything else those people can not imagine but consider them Linux-like. > So > I'm a bit puzzled, since there is no report about *BSD is affected, too. > > Thanks in advance for shedding light onto CVE-2015-7547. > > Regards, > > oh > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: CVE-2015-7547: critical bug in libc
On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > It is around now in the media also for non-OS developers: CVE-2015-7547 > describes a bug in libc which is supposed to affects all Linux versions. > > big price question: is FreeBSD > 9.3 also affected? > > Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus > is used to prevent the "Linux-nailed" view, but sometimes it also referes to > everything else those people can not imagine but consider them Linux-like. So > I'm a bit puzzled, since there is no report about *BSD is affected, too. > > Thanks in advance for shedding light onto CVE-2015-7547. The project that's vulnerable is called "glibc", not "libc". The BSDs don't use glibc, so the phrase "nothing to see here" applies. glibc isn't even available in FreeBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature
CVE-2015-7547: critical bug in libc
It is around now in the media also for non-OS developers: CVE-2015-7547 describes a bug in libc which is supposed to affects all Linux versions. big price question: is FreeBSD > 9.3 also affected? Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus is used to prevent the "Linux-nailed" view, but sometimes it also referes to everything else those people can not imagine but consider them Linux-like. So I'm a bit puzzled, since there is no report about *BSD is affected, too. Thanks in advance for shedding light onto CVE-2015-7547. Regards, oh ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"