search for: cperciva

...donations from people who are using Portsnap or FreeBSD Update. That said, if I don't reach my target for donations, I'll get as much work done within the time I have funds for before returning to other paying work (most likely at the university again). Donations can be sent by paypal to cperciva@freebsd.org; if you would prefer to send a cheque (which is probably only worthwhile for cheques in Canadian or US dollars), please contact me by email to obtain my mailing address. In either case, please let me know if you wish to remain anonymous. For more details, see http://people.freebsd.org...

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

...> > > Today's Topics: > > 1. Fundraising for FreeBSD security development (Colin Percival) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 30 Mar 2006 12:20:53 -0800 > From: Colin Percival <cperciva@freebsd.org> > Subject: Fundraising for FreeBSD security development > To: freebsd-hackers@freebsd.org, freebsd-security@freebsd.org > Message-ID: <442C3DA5.9010901@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > Dear FreeBSD users, > > Slightly mo...

Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given

The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect

Hi guys, Does anybody know if freebsd-update is going to be available for 6.1-RELEASE before the end of Colin's "summer of FreeBSD work"? I wouldn't like to bother Colin directly via e-mail, so if anyone already asked for this or something.... Thanx, regards -- Pietro Cerutti <pietro.cerutti@gmail.com>

...c > than "Re: Contents of freebsd-security digest..." > > Today's Topics: > > 1. HEADS UP: FreeBSD 5.5, 6.1, and 6.2 EoLs coming soon > (FreeBSD Security Officer) > > > ---------- Forwarded message ---------- > From: FreeBSD Security Officer <cperciva@freebsd.org> > To: freebsd security <freebsd-security@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org> > Date: Tue, 01 Apr 2008 12:47:06 -0400 > Subject: HEADS UP: FreeBSD 5.5, 6.1, and 6.2 EoLs coming soon > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 &g...

...r. I''m relaying this information because I know FreeBSD is an important platform for Rails and I hope those of you who do depend on FreeBSD will be willing to put some money forward for this valuable work to continue. You can read about the request here: http://people.freebsd.org/~cperciva/funding.html Thanks, Dominic

...will not be the final version which is provided when an advisory is sent out; it is even possible (although highly doubtful) that this patch does not fully fix the issue or introduces new issues -- in short, use at your own risk (even more than usual). The patch is at http://people.freebsd.org/~cperciva/rtld.patch and has SHA256 hash ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1 I expect a full security advisory concerning this issue will go out on Wednesday December 2nd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAksUbjcACgkQFdaIBMps37LP9ACgl...

Bill Moran wrote: > Can anyone define "exceptionally large" as noted in this statement?: > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > prohibiting the use of exceptionally large public keys. It is believed > that no existing applications legitimately use such key lengths as would > be affected by this change." > > It

...I had reached my target, please do so now. I know there were several people in this position, so I'm hoping I can reach my target in the next week. As before, details about the work I plan on doing, how to donate, and a list of the donations I have received, are at http://people.freebsd.org/~cperciva/funding.html Colin Percival

Am 24.04.2006 um 23:17 schrieb Colin Percival: > cperciva 2006-04-24 21:17:02 UTC > > FreeBSD src repository > > Modified files: > sys/amd64/amd64 mp_machdep.c > sys/i386/i386 mp_machdep.c > Log: > Adjust dangerous-shared-cache-detection logic from "all shared data > caches are dangerous&quo...

The mailing list detained my email because I posted from the wrong address... hoepfully it will get through this time. -------- Original Message -------- Subject: Re: Fwd: FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 05:35:32 -0800 From: Colin Percival <cperciva@freebsd.org> To: Devon H. O'Dell <dodell@sitetronics.com> CC: mike@sentex.net, freebsd-security@freebsd.org, security-officer@dragonflybsd.org References: <1109942895.3926.71.camel@localhost.localdomain> Devon H. O'Dell wrote: > Matt (Dillon) replied stating that the afo...

...nd `Extended' branches will be supported 24+ months. Mark RELENG_4_8 as an `Extended' support branch and extend its Estimated EoL accordingly. While here, also extend RELENG_5_2 through the end of 2004. (I was reminded that RELENG_4_8 had expired a few days ago by cperciva@.) Revision Changes Path 1.152 +38 -16 www/en/security/security.sgml ----- End forwarded message ----- You may also find an excerpt from the updated http://www.freebsd.org/security/ page below the signature of this message. Cheers, -- Jacques Vidrine / nectar@celabo.org / j...

I'm curious about the estimated EoL date on 6.2-RELEASE. Current estimate is listed as Jan 31 2008. That's just about 5 months away now. Suggestions for those who are about to be EoL'ed? Thanks.

Well, I *tried* to CC: freebsd-security... I'm forwarding this to get around the "posting from wrong address" filter. -------- Original Message -------- Subject: Re: FW:FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 04:42:48 -0800 From: Colin Percival <cperciva@freebsd.org> To: Jonathan Weiss <tomonage2@gmx.de> CC: freebsd-security@freebsd.org, FreeBSD-Hackers <hackers@freebsd.org> References: <BE4E0FDD.1A486%tomonage2@gmx.de> [I'm adding a CC: to freebsd-security, since I'm sure this thread will get reposted there if I don...

> Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival <cperciva@freebsd.org> > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero <mark@darklogik.org> > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote:...

Dear list, as described in http://www.freebsd.org/releases/6.3R/announce.html I tried a binary upgrade to 6.3R. But the command # sh freebsd-update.sh -f freebsd-update.conf -r 6.3-RELEASE upgrade failed with 10....2520....2530....2540....2550....2560....2570....2580....2590....2600....2610....2620....2630....2640... done. Applying patches... done. Fetching 1587 files... failed. Any ideas

Tobez: no disrespect intended, obviously you saw a problem with the master sites for perl 5.8.7 and did what you could to help, and with your position as a maintainer, I know that the trust we have in you and your patches is well earned, so don't take this question as anything but my well-earned paranoia rearing its ugly head: Yes, building perl5.8.7 did seem like it had a lot of problems

How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use