similar to: FreeBSD Security Survey

In the next month or two I've got to upgrade a number of servers that are currently on an EOL'd version of 4-STABLE. I foresee that I'll have very limited time to do full OS upgrades on these systems in the coming several years, so I want to make sure I bring them onto an extended-life branch. Right now 4.11 has the furthest projected EOL date (Jan 31 2007), and the projected EOL

Does anyone know if support for the Intel 875P/ICH5 motherboard chipset has yet made it into the stable branch? (Is release 4.9 likely to have it?) I am mainly interested in the IDE and "native" serial ATA devices. There is also a new Intel ethernet controller chip, 82547EI, that is designed to interface directly with the 875P chip. The currently supported chip list only goes up to

Greetings, I haven't upgraded my tree(s) for awhile. My last attempt to rebuild after an updating src && ports, resulted in nearly installing the entire ports tree, which is why I've waited so long. Try as I might, I've had great difficulty finding something that will _only_ upgrade what I already have installed, _and_ respect the "options" used during the original

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering if/where I can get the server side component for freebsd-update. Presumably such a component would build and sign the binary patches and prepare them to be served via HTTP to the freebsd-update client. I need a system for distributing binary updates to a collection of customized FreeBSD machines, jails, and embedded systems.

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

Dear members, It may sound a silly question. I have curl installed: # pkg_info |grep curl curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared in files/, but the port version remained such that portaudit, and portupgrade still complain about curl's version. What is the recommended way to

In http://www.freebsd.org/releases/7.0R/announce.html says Updating Existing Systems > An upgrade of any existing system to FreeBSD 7.0-RELEASE constitutes > a major version upgrade, so no matter which method you use to update > an older system you should reinstall any ports you have installed on > the machine. This will avoid binaries becoming linked to inconsistent > sets

Hi all, I use FreeBSD for severals years and this Project now have a possibility the full security update (src) with freebsd-update, is really great for Release users but is break for Stable user. Ok !!! Exist a possibility for apply manual patch and compile issue, but for me problem existe in fix kernel issue in stable branch because is require a update for last stable and this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath(3) Category: core Module: libc Announced:

Has xdelta (in ports under misc/xdelta) ever been considered as a means of delivering binary patches for security updates? It seems to be a pretty neat. -- Regards, Michael Nottebrock -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url :

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:02.shmat Security Advisory The FreeBSD Project Topic: shmat reference counting bug Category: core Module: kernel Announced: 2004-02-05

Greetings, Apologies if this is not the appropriate list, but my questions are about best practices in maintaining production servers (so I believe I can justify a post in -stable, short of a -release list :) I maintain a modest installation of 6 FreeBSD servers. They're CVSUP'd to RELENG_4_8 (I make buildworld on each individually) and I portupgrade ports as necessary. In an attempt to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:12.jailroute Security Advisory The FreeBSD Project Topic: Jailed processes can manipulate host routing tables Category: core Module: kernel

Is it just me, or freebsd-update isn't yet shipping the openssl updates? I'm trying (on an SMP machine) to fetch them, but there seem to be none available. I'd like to confirm that sleep deprivation isn't the culprit here, so I've checked in /usr/local/freebsd-update/work/ and the subdirectory with the highest number contains the SA-06:21 files. Anyone seen that clue bat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There has been a lot of discussion on these two mailing lists about the upcoming EoL of FreeBSD 4.x which I mentioned in my email entitled "HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon". Now that everybody (hopefully) has had their say, I'd like to offer some background and explanation. The concept of "security branches"

In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries or tools under /bin or /sbin actually use that problem code? The recent XDR fixes the xdrmem_getlong_aligned(), xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() functions, but it is difficult to know what uses these (going backwards manually).

Saw your post on -stable about this, and decided to take a look since I'm about to get my hands on a similar (82801DB) motherboard. If it's the USB 2.0 controller that's isn't being detected, shouldn't ehci by patched instead of uhci...? You may want to give the attached, completely untested, patch a try. I.e. it compiles on my box, but I don't have any hardware to

Hi guys, Does anybody know if freebsd-update is going to be available for 6.1-RELEASE before the end of Colin's "summer of FreeBSD work"? I wouldn't like to bother Colin directly via e-mail, so if anyone already asked for this or something.... Thanx, regards -- Pietro Cerutti <pietro.cerutti@gmail.com>