Jeff Epler | 1 Mar 01:21 2015
Picon

Bug#779467: dpkg: start-stop-daemon sometimes exits with "_cpu_tick_frequency: no such symbol" on kFreeBSD

Package: dpkg
Version: 1.17.23+local1
Severity: important
Tags: patch

On a Debian Jessie kFreeBSD system, start-stop-daemon sometimes exits with
an odd error:

$ sudo service nfsd restart
start-stop-daemon: _cpu_tick_frequency: no such symbol

The specific command invocation which was reliably printing the error
for me was:
# start-stop-daemon --stop --quiet --retry=USR1/30/KILL/5 --name nfsd
start-stop-daemon: _cpu_tick_frequency: no such symbol

This turns out to be due to file descriptor exhaustion due to calls to
kvm_openfiles without balancing calls to kvm_close, which is fixed by the
attached patch.

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
(Continue reading)

Debian FTP Masters | 26 Feb 19:03 2015
Picon

Bug#779174: Removed package(s) from unstable

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

kfreebsd-image-486 |       10+1 | i386
kfreebsd-image-686 |       10+1 | i386
kfreebsd-image-amd64 |       10+1 | amd64
kfreebsd-image-xen |       10+1 | i386

------------------- Reason -------------------
ANAIS; restrict to kfreebsd-any
----------------------------------------------

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.
(Continue reading)

Debian FTP Masters | 25 Feb 22:38 2015
Picon

kfreebsd-9_9.0-10+deb70.9_kfreebsd-amd64.changes ACCEPTED into proposed-updates-≥stable-new

Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 Feb 2015 14:08:57 +0100
Source: kfreebsd-9
Binary: kfreebsd-source-9.0 kfreebsd-headers-9.0-2 kfreebsd-image-9.0-2-686-smp
kfreebsd-image-9-686-smp kfreebsd-headers-9.0-2-686-smp kfreebsd-headers-9-686-smp
kfreebsd-image-9.0-2-amd64 kfreebsd-image-9-amd64 kfreebsd-headers-9.0-2-amd64
kfreebsd-headers-9-amd64 kernel-image-9.0-2-amd64-di nic-modules-9.0-2-amd64-di
nic-wireless-modules-9.0-2-amd64-di nic-shared-modules-9.0-2-amd64-di
serial-modules-9.0-2-amd64-di ppp-modules-9.0-2-amd64-di cdrom-modules-9.0-2-amd64-di
scsi-core-modules-9.0-2-amd64-di scsi-modules-9.0-2-amd64-di
scsi-extra-modules-9.0-2-amd64-di plip-modules-9.0-2-amd64-di floppy-modules-9.0-2-amd64-di
loop-modules-9.0-2-amd64-di ipv6-modules-9.0-2-amd64-di nls-core-modules-9.0-2-amd64-di
ext2-modules-9.0-2-amd64-di isofs-modules-9.0-2-amd64-di ntfs-modules-9.0-2-amd64-di
reiserfs-modules-9.0-2-amd64-di xfs-modules-9.0-2-amd64-di fat-modules-9.0-2-amd64-di
zfs-modules-9.0-2-amd64-di nfs-modules-9.0-2-amd64-di nullfs-modules-9.0-2-amd64-di
 md-modules-9.0-2-amd64-di parport-modules-9.0-2-amd64-di sata-modules-9.0-2-amd64-di
acpi-modules-9.0-2-amd64-di i2c-modules-9.0-2-amd64-di crypto-modules-9.0-2-amd64-di
crypto-dm-modules-9.0-2-amd64-di mmc-core-modules-9.0-2-amd64-di mmc-modules-9.0-2-amd64-di
sound-modules-9.0-2-amd64-di zlib-modules-9.0-2-amd64-di kfreebsd-image-9.0-2-486
kfreebsd-image-9-486 kfreebsd-headers-9.0-2-486 kfreebsd-headers-9-486
kfreebsd-image-9.0-2-686 kfreebsd-image-9-686 kfreebsd-headers-9.0-2-686
kfreebsd-headers-9-686 kfreebsd-image-9.0-2-xen kfreebsd-image-9-xen
kfreebsd-headers-9.0-2-xen kfreebsd-headers-9-xen kernel-image-9.0-2-486-di
(Continue reading)

Debian FTP Masters | 25 Feb 22:38 2015
Picon

kfreebsd-10_10.1~svn274115-3_kfreebsd-amd64.changes ACCEPTED into unstable


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 Feb 2015 12:39:32 +0000
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64
kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64
kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di
nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di
serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di
ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di
scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di
plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di
ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di
isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di
zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di
md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di
crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di
mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di
zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486
kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686
kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686
kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen
kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di
nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di
(Continue reading)

Debian FTP Masters | 25 Feb 22:24 2015
Picon

Processing of kfreebsd-9_9.0-10+deb70.9_kfreebsd-amd64.changes

kfreebsd-9_9.0-10+deb70.9_kfreebsd-amd64.changes uploaded successfully to localhost
along with the files:
  kfreebsd-9_9.0-10+deb70.9.dsc
  kfreebsd-9_9.0-10+deb70.9.debian.tar.gz
  kfreebsd-source-9.0_9.0-10+deb70.9_all.deb
  kfreebsd-headers-9.0-2_9.0-10+deb70.9_kfreebsd-amd64.deb
  kfreebsd-image-9.0-2-amd64_9.0-10+deb70.9_kfreebsd-amd64.deb
  kfreebsd-image-9-amd64_9.0-10+deb70.9_kfreebsd-amd64.deb
  kfreebsd-headers-9.0-2-amd64_9.0-10+deb70.9_kfreebsd-amd64.deb
  kfreebsd-headers-9-amd64_9.0-10+deb70.9_kfreebsd-amd64.deb
  kernel-image-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  nic-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  nic-wireless-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  nic-shared-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  serial-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  ppp-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  cdrom-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  scsi-core-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  scsi-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  scsi-extra-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  plip-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  floppy-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  loop-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  ipv6-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  nls-core-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  ext2-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  isofs-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  ntfs-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  reiserfs-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
  xfs-modules-9.0-2-amd64-di_9.0-10+deb70.9_kfreebsd-amd64.udeb
(Continue reading)

Debian FTP Masters | 25 Feb 21:24 2015
Picon

Processing of kfreebsd-10_10.1~svn274115-3_kfreebsd-amd64.changes

kfreebsd-10_10.1~svn274115-3_kfreebsd-amd64.changes uploaded successfully to localhost
along with the files:
  kfreebsd-10_10.1~svn274115-3.dsc
  kfreebsd-10_10.1~svn274115-3.debian.tar.xz
  kfreebsd-source-10.1_10.1~svn274115-3_all.deb

Greetings,

	Your Debian queue daemon (running on host franck.debian.org)

Debian FTP Masters | 25 Feb 21:19 2015
Picon

Processing of kfreebsd-10_10.1~svn274115-3_kfreebsd-amd64.changes

kfreebsd-10_10.1~svn274115-3_kfreebsd-amd64.changes uploaded successfully to ftp-master.debian.org
along with the files:
  kfreebsd-10_10.1~svn274115-3.dsc
  kfreebsd-10_10.1~svn274115-3.debian.tar.xz
  kfreebsd-source-10.1_10.1~svn274115-3_all.deb

Greetings,

	Your Debian queue daemon (running on host coccia.debian.org)

Steven Chamberlain | 25 Feb 12:37 2015

Bug#779195: kfreebsd-10: CVE-2015-1414: DoS via IGMP packet

Package: src:kfreebsd-10
Version: 10.1~svn274115-2
Severity: grave
Tags: security upstream patch

Hi,

A remote DoS was reported in FreeBSD's IGMP packet handling:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc

This affects all our kfreebsd-8, -9, -10 and -11 packages.

I don't know yet if this can be exploited over the public Internet
or only on a local network segment.

As a mitigation, the PF firewall can probably be configured to block
'proto igmp' packets before the kernel processes them.  

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Steven Chamberlain | 25 Feb 12:27 2015

Bug#779194: kfreebsd-10: CVE-2014-0998: vt crash via ioctl

Package: src:kfreebsd-10
Version: 10.1~svn274115-2
Severity: grave
Tags: security upstream patch
Control: found -1 kfreebsd-10/10.0-3

Hi,

An unprivileged local user can trigger an out-of-bounds memory
access in the kernel via an ioctl to vt(4) (aka. newcons).
https://security.FreeBSD.org/patches/EN-15:01/vt.patch

Upstream's advisory only describes potential impact as a kernel panic.
The original researcher's advisory mentioned privilege escalation, but
it's ambiguous if that referred to this bug, and unclear if it could be
exploitable for that.

Debian GNU/kFreeBSD introduced newcons into 10.0-3 as a backport.
kfreebsd-10 in jessie/sid enables it by default.  So does
kfreebsd-11 in experimental.

kfreebsd-8 and -9 in wheezy are unaffected as they do not have newcons.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
(Continue reading)

Debian FTP Masters | 24 Feb 23:48 2015
Picon

kfreebsd-defaults_10+2_source.changes ACCEPTED into unstable


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Feb 2015 23:35:21 +0100
Source: kfreebsd-defaults
Binary: kfreebsd-image-amd64 kfreebsd-headers-amd64 kfreebsd-image-486 kfreebsd-headers-486
kfreebsd-image-686 kfreebsd-headers-686 kfreebsd-image-xen kfreebsd-headers-xen
Architecture: source
Version: 10+2
Distribution: unstable
Urgency: medium
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd <at> lists.debian.org>
Changed-By: Christoph Egger <christoph <at> debian.org>
Description:
 kfreebsd-headers-486 - header files for kernel of FreeBSD (meta-package)
 kfreebsd-headers-686 - header files for kernel of FreeBSD (meta-package)
 kfreebsd-headers-amd64 - header files for kernel of FreeBSD (meta-package)
 kfreebsd-headers-xen - header files for kernel of FreeBSD (meta-package)
 kfreebsd-image-486 - kernel of FreeBSD (meta-package)
 kfreebsd-image-686 - kernel of FreeBSD (meta-package)
 kfreebsd-image-amd64 - kernel of FreeBSD (meta-package)
 kfreebsd-image-xen - kernel of FreeBSD (meta-package)
Closes: 779074
Changes:
 kfreebsd-defaults (10+2) unstable; urgency=medium
 .
(Continue reading)

Debian FTP Masters | 24 Feb 23:46 2015
Picon

Processing of kfreebsd-defaults_10+2_source.changes

kfreebsd-defaults_10+2_source.changes uploaded successfully to localhost
along with the files:
  kfreebsd-defaults_10+2.dsc
  kfreebsd-defaults_10+2.tar.xz

Greetings,

	Your Debian queue daemon (running on host franck.debian.org)


Gmane