login
Search
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:08.openssl Security Advisory
The FreeBSD Project
Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers()
Category: contrib
Module: openssl
Announced: 2007-10-03
Credits: Moritz Jodeit
Affects: All FreeBSD releases.
Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)
2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)
2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)
2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)
2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)
CVE Name: CVE-2007-5135
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured,
and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found
to be incorrectly fixed.
III. Impact
For applications using the SSL_get_shared_ciphers() function, the
buffer overflow could allow an attacker to crash or potentially
execute arbitrary code with the permissions of the user running the
application.
IV. Workaround
No workaround is available, but only applications using the
SSL_get_shared_ciphers() function are affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE, ...The FreeBSD Status Reports for the Second Quarter of 2008 are now available at: http://www.freebsd.org/news/status/report-2008-04-2008-06.html For convenience I have included them below as well. Regards, Brad Davis ------------------------------- FreeBSD Quarterly Status Report Introduction This Status Report covers FreeBSD related projects between April and June 2008. During this period The FreeBSD Foundation has released their July Newsletter. Thanks to all the reporters for the excellent work! We hope you enjoy reading. __________________________________________________________________ Google Summer of Code * Layer2 filtering * Porting BSD-licensed text-processing tools from OpenBSD Projects * Build cluster * finstall * FreeBSD Bugbusting Team * Graphics support for the boot loader * USB FreeBSD Architecture * ARM/Marvell port The Ports Collection * Ports Collection * Qt/KDE4 Status Report Documentation * FreeBSD FAQ Renovation * The FreeBSD Dutch Documentation Project * The FreeBSD Hungarian Documentation Project * The FreeBSD Spanish Documentation Project __________________________________________________________________ ARM/Marvell port URL: http://p4web.freebsd.org/@md=d&cd=//depot/projects/arm/src/sys/arm/orio n/&c=0h4@//depot/projects/arm/src/sys/arm/orion/?ac=83 Contact: Rafal Jaworowski <raj@semihalf.com> Contact: Bartlomiej Sieka <tur@semihalf.com> After the last couple of months of intensive development going on towards FreeBSD support for Marvell System-on-Chip devices, we have FreeBSD 8.0-CURRENT running on the following systems: * Orion (already available in Perforce): * 88F5281 * 88F5181 * 88F5182 Kirkwood - 88F6281 Discovery - MV78100 The above families of SOCs are built around CPU cores compliant with ARMv5TE instruction set ...
The FreeBSD Project is pleased to announce its participation in the Google Summer of Code program designed to introduce students to open source software development. We received over 120 high quality applications, amongst which 25 projects have been selected for funding. The full list of accepted student proposals is available here : http://www.FreeBSD.org/projects/summerofcode-2007.html Unfortunately, due to the limited number of spots available, we were unable to fund many first rate applications. However, we encourage students to work together with us all year round. The FreeBSD Project is always willing to help students learn more about operating system development through our normal community mailing lists and development forums. Contributing to an open source software project is a valuable component of a computer science education and great preparation for a career in software development. More information about the student projects will be available throughout the summer from the FreeBSD Summer of Code Wiki : http://wiki.FreeBSD.org/SummerOfCode2007 We'd like to close by thanking Google for their generosity and congratulating the 25 talented students below. - Murray & the FreeBSD Summer of Code Organizers and Mentors Accepted student projects : * Project: GNOME front-end to freebsd-update(8) Student: Andrew Turner Mentor: Joe Marcus Clarke * Project: Multicast DNS responder (BSD-licensed) Student: Fredrik Lindberg Mentor: Bruce M. Simpson * Project: Unified ports / package system database backend Student: Garrett Cooper Mentor: Kirill Ponomarew * Project: Super Tunnel Daemon Student: Matus Harvan Mentor: Max Laier * Project: Rewriting lockmgr(9) Student: Attilio Rao Mentor: Jeff Roberson * Project: Apple's MacBook on FreeBSD Student: Rui Paulo Mentor: Andre Oppermann * Project: ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:10.ipv6 Security Advisory
The FreeBSD Project
Topic: Missing permission check on SIOCSIFINFO_IN6 ioctl
Category: core
Module: netinet6
Announced: 2009-06-10
Credits: Hiroki Sato
Affects: All supported versions of FreeBSD.
Corrected: 2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE)
2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1)
2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6)
2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE)
2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5)
2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
IPv6 is a new Internet Protocol, designed to replace (and avoid many of
the problems with) the current Internet Protocol (version 4). Many
properties of the FreeBSD IPv6 network stack can be configured via the
ioctl(2) interface.
II. Problem Description
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check.
III. Impact
Local users, including non-root users and users inside jails, can set
some IPv6 interface properties. These include changing the link MTU
and disabling interfaces entirely. Note that this affects IPv6 only;
IPv4 functionality cannot be affected by exploiting this vulnerability.
IV. Workaround
No workaround is available, but systems without local untrusted users
are not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_2, ...-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:04.file Security Advisory
The FreeBSD Project
Topic: Heap overflow in file(1)
Category: contrib
Module: file
Announced: 2007-05-23
Affects: All FreeBSD releases.
Corrected: 2007-05-23 16:12:51 UTC (RELENG_6, 6.2-STABLE)
2007-05-23 16:13:07 UTC (RELENG_6_2, 6.2-RELEASE-p5)
2007-05-23 16:13:20 UTC (RELENG_6_1, 6.1-RELEASE-p17)
2007-05-23 16:12:10 UTC (RELENG_5, 5.5-STABLE)
2007-05-23 16:12:35 UTC (RELENG_5_5, 5.5-RELEASE-p13)
CVE Name: CVE-2007-1536
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The file(1) utility attempts to classify file system objects based on
filesystem, magic number and language tests.
The libmagic(3) library provides most of the functionality of file(1)
and may be used by other applications.
II. Problem Description
When writing data into a buffer in the file_printf function, the length
of the unused portion of the buffer is not correctly tracked, resulting
in a buffer overflow when processing certain files.
III. Impact
An attacker who can cause file(1) to be run on a maliciously constructed
input can cause file(1) to crash. It may be possible for such an attacker
to execute arbitrary code with the privileges of the user running file(1).
The above also applies to any other applications using the libmagic(3)
library.
IV. Workaround
No workaround is available, but systems where file(1) and other
libmagic(3)-using applications are never run on untrusted input are not
vulnerable.
V. Solution
Perform one of the ...The FreeBSD Project is happy to again participate in Google's Summer of Code program. This program provides $4500 in funding to allow students to spend the summer writing open source software. If you or someone you know would be interested in this program, please visit our website at : http://www.freebsd.org/projects/summerofcode.html There you will find a large list of interesting projects in diverse areas of modern Unix operating system development. Some example tasks involve writing a TCP/IP regression test suite, working on the USB and Firewire kernel support, improving the IPv6 support in userland utilities, and much more. You will also find a list of senior developers who have agreed to act as mentors to interested students. Once you have identified a project and a mentor, you should complete a proposal and submit it to Google before the March 24 deadline. Thanks, - Murray _______________________________________________ freebsd-announce@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Dear all:
I hope to welcome you to Cambridge, UK this September for EuroBSDCon 2009!
We have an exciting set of talks and tutorials, and will be announcing further
invited talks over the next few weeks. Early bird registration remains open
until 2 September. See you here!
Robert Watson
FreeBSD Project
EuroBSDcon 2009
Friday 18th - Sunday 20th September,
University of Cambridge, UK
A day of tutorials followed by 2 days of conference talks
covering a wide variety of BSD related topics. This is the
European BSD Community's annual event to meet, share and
interact across the projects and between friends.
Covering areas from networking to security, big systems
and complex environments, ports to LVM, geom and kqueue,
this year's line up also features:
* ISC and *BSD
* OpenBSD malloc
* Kirk McKusick's FreeBSD 8.0
* NetBSD's LVM
* faster packets in OpenBSD
* How FreeBSD finds oil
* Wireless Mesh networks
* and more,
The current talk list and draft schedule: http://2009.euroBSDcon.org
Final talks will be announced by early September.
The conference dinner takes place on Saturday evening and is
sponsored by iXsystems. Thanks to conference sponsors The
FreeBSD Foundation, iXsystems, Google, NetApp &, Exonetric.
Discounted Early Bird registration runs until 2nd
September. Book your place now at:
http://2009.euroBSDcon.org
Final programme may be subject to alteration. EuroBSDcon
is a not-for-profit event open to everyone so please help
spread the word online and offline. Thanks for reading!
If you're interested enough to read this far, you can sign up for
future announcements about EuroBSDcons by sending an email to
eurobsdcon-announce-subscribe@lists.ukuug.org . Your address
will only be used to contact you about European BSD events.
EuroBSDcon 2009 : September 18-20th, Cambridge, England.
Book ...-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:06.bind Security Advisory
The FreeBSD Project
Topic: DNS cache poisoning
Category: contrib
Module: bind
Announced: 2008-07-13
Credits: Dan Kaminsky
Affects: All supported FreeBSD versions.
Corrected: 2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE)
2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3)
2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE)
2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3)
CVE Name: CVE-2008-1447
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. DNS requests
contain a query id which is used to match a DNS request with the response
and to make it harder for anybody but the DNS server which received the
request to send a valid response.
II. Problem Description
The BIND DNS implementation does not randomize the UDP source port when
doing remote queries, and the query id alone does not provide adequate
randomization.
III. Impact
The lack of source port randomization reduces the amount of data the
attacker needs to guess in order to successfully execute a DNS cache
poisoning attack. This allows the attacker to influence or control
the results of DNS queries being returned to users from target systems.
IV. Workaround
Limiting the group of machines that can do recursive queries on the DNS
server will make it more difficult, but not impossible, for this
vulnerability to be exploited.
To limit the machines ...-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:04.ipsec Security Advisory
The FreeBSD Project
Topic: IPsec null pointer dereference panic
Category: core
Module: ipsec
Announced: 2008-02-14
Credits: Takashi Sogabe, Tatuya Jinmei
Affects: FreeBSD 5.5
Corrected: 2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE)
2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19)
CVE Name: CVE-2008-0177
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The IPsec suite of protocols provide network level security for IPv4
and IPv6 packets. FreeBSD includes software originally developed by
the KAME project which implements the various protocols that make up
IPsec.
II. Problem Description
There is an improper reference to a data structure in the processing of
IPsec packets, which can result in a NULL pointer being dereferenced.
III. Impact
A single specifically crafted IPv6 packet could cause the kernel to panic,
when the kernel had been configured to process IPsec and IPv6 traffic.
This requires IPSEC to be compiled into the kernel, it does not necessarily
have to be configured at that point.
IV. Workaround
No workaround is available, but kernels which does not include IPsec
support are not vulnerable. The GENERIC and SMP kernel configurations
distributed with FreeBSD releases do not include IPsec support.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to ...--------------------------------------- Call for Papers: 2006 USENIX Annual Technical Conference Tuesday, May 30-Saturday, June 3, 2006, Boston, MA http://www.usenix.org/usenix06/cfpspe/ --------------------------------------- Dear Colleague, The 2006 USENIX Annual Technical Conference is moving back to its usual June timeframe. It will be held May 30-June 3, 2006, in Boston, MA. Please note the schedule change: The Technical Program will run Thursday-Saturday. On behalf of the 2006 USENIX Annual Technical Conference program committee, we request your ideas, proposals, and papers for invited talks, tutorials, refereed papers, Guru Is In sessions, Poster Session, and Work-in-Progress reports. ----------------------------------------------------- Call for Papers 2006 USENIX Systems Practice & Experience Refereed Papers (formerly the Refereed Papers General Track) Technical Program, Thursday-Saturday, June 1-3, 2006 Submissions Deadline: January 17, 2006 http://www.usenix.org/usenix06/cfpspe/ ----------------------------------------------------- The Program Committee for the Systems Practice & Experience Track (formerly the the Refereed Papers General Track) is seeking your participation. Please note that the submissions deadline is January 17, 2006. Authors are invited to submit original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems. Possible topics include but are not limited to: -- Architectural interaction -- Benchmarking -- Deployment experience -- Distributed and parallel systems -- Embedded systems -- Energy/power management -- File and storage systems -- Networking and network services -- Operating systems -- Reliability, ...
The FreeBSD Project is happy to again participate in Google's Summer of Code program. This program provides $4500 in funding to allow students to spend the summer writing open source software. If you or someone you know would be interested in this program, please visit our website at : http://www.freebsd.org/projects/summerofcode.html There you will find a large list of interesting projects in diverse areas of modern Unix operating system development. Some example tasks involve writing kernel/networking regression test suites, working on peripheral device driver infrastructure, improving multibyte character support, improving the IPv6 support in userland utilities, and much more. You will also find a list of senior developers who have agreed to act as mentors to interested students. Once you have identified a project and a mentor, you should complete a proposal and submit it to Google before the March 31 deadline. Thanks, - Murray _______________________________________________ freebsd-announce@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
The FreeBSD Project is pleased to announce that we are participating in our sixth iterations of Google Summer of Code. After nearly 100 projects, we look forward to new successes this year. Students may now apply to participate at http://socghop.appspot.com/. Before applying you may wish to discuss your project ideas on the freebsd-hackers mailing list or on the #freebsd-soc IRC channel on EFNet. Project ideas can be found at: http://www.freebsd.org/projects/summerofcode.html -- Brooks P.S. We solicit project ideas year round. If you have ideas, please submit them to soc-admins@freebsd.org and we'll add the good ones.
BSDCan 2007 will be will be held on 18-19 May 2007 at University of Ottawa. Tutorials will be held on 16-17 May 2007. This is one week later than previously announced. http://lists.bsdcan.org/pipermail/bsdcan-announce/2006- October/000021.html -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php _______________________________________________ freebsd-announce@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced: 2007-01-11
Credits: Dirk Engling
Affects: All FreeBSD releases since 5.3
Corrected: 2007-01-11 18:16:58 UTC (RELENG_6, 6.2-STABLE)
2007-01-11 18:17:24 UTC (RELENG_6_2, 6.2-RELEASE)
2007-01-11 18:18:08 UTC (RELENG_6_1, 6.1-RELEASE-p12)
2007-01-11 18:18:35 UTC (RELENG_6_0, 6.0-RELEASE-p17)
2007-01-11 18:18:57 UTC (RELENG_5, 5.5-STABLE)
2007-01-11 18:19:33 UTC (RELENG_5_5, 5.5-RELEASE-p10)
CVE Name: CVE-2007-0166
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
The host's jail rc.d(8) script can be used to start and stop jails
automatically on system boot/shutdown.
II. Problem Description
In multiple situations the host's jail rc.d(8) script does not check if
a path inside the jail file system structure is a symbolic link before
using the path. In particular this is the case when writing the
output from the jail start-up to /var/log/console.log and when
mounting and unmounting file systems inside the jail directory
structure.
III. Impact
Due to the lack of ...--------------------------------------- 2008 USENIX Annual Technical Conference June 22-27, 2008, Boston, MA Early Bird Registration Deadline: June 6, 2008 http://www.usenix.org/usenix08/proga --------------------------------------- We're pleased to invite you to attend the 2008 USENIX Annual Technical Conference. This year we're offering 3 days of training followed by a 3-day conference program filled with the latest systems research, security breakthroughs, and practical approaches to the questions and problems you wrestle with. You'll also have many opportunities to chat with peers who share your concerns and interests. http://www.usenix.org/usenix08/proga Training: Sunday-Tuesday, June 22-24, 2008 The 3-day training program at USENIX '08 provides in-depth and immediately useful training on the latest techniques, effective tools, and best strategies, including: * Bruce Potter on Botnets: Understanding and Defense * Peter Baer Galvin on Solaris 10 Administration * Phil Cox and Brad Johnson on Securing Virtual Environments * Alan Robertson on Configuring and Deploying Linux-HA Find out more at http://www.usenix.org/events/usenix08/training/ Technical Sessions: Wednesday-Friday, June 25-27, 2008 The 3-day technical program begins with a keynote address by David Patterson, Director, U.C. Berkeley Parallel Computing Laboratory, on "The Parallel Revolution Has Started: Are You Part of the Solution or Part of the Problem?" and includes other noteworthy invited talks, such as: * Plenary Closing Session by Matthew Melis of the NASA Glenn Research Center on "The Columbia Accident Investigation and Returning NASA's Space Shuttle to Flight" * Drew Endy, Cabot Assistant Professor of Biological Engineering at MIT and a co-founder of the BioBricks Foundation (BBF), on "Programming DNA: A 2-bit Language for Engineering Biology" * Robert J. Lang on "From Flapping Birds to Space Telescopes: The Modern Science of Origami" The USENIX '08 Refereed Papers Track is the ...
Dear FreeBSD Community, The FreeBSD Foundation is pleased to announce one of the projects from the accepted project proposals! The project is to make FreeBSD tolerate the removal of active disk devices, such as when a USB flash device with a mounted filesystems is physically detached by a user. Currently the system may panic in this situation. The work involves adding proper reference counting to strategic portions of the kernel and modifying filesystems to properly handle "device lost" errors. Edward Tomasz Napierala is the developer working on this project. "We are very excited to be able to fund this project, which we know is of great interest to our users, especially in the desktop space," said Robert Watson, president of The FreeBSD Foundation. Robert also said, "The removable USB disk causing a crash turns out to be our #1 reported bug." "I am very happy to have the opportunity to work on this exciting project," said Edward Tomasz Napierala, FreeBSD developer. "It's just wrong when the system panics because you removed the pendrive!," he added. The project will be completed by February 2009. Sincerely, The FreeBSD Foundation _______________________________________________ freebsd-announce@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:14.devfs Security Advisory
The FreeBSD Project
Topic: Devfs / VFS NULL pointer race condition
Category: core
Module: kern
Announced: 2009-10-02
Credits: Przemyslaw Frasunek
Affects: FreeBSD 6.x and 7.x
Corrected: 2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE)
2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The device file system (devfs) provides access to system devices, such as
storage devices and serial ports, via the file system namespace.
VFS is the Virtual File System, which abstracts file system operations in
the kernel from the actual underlying file system.
II. Problem Description
Due to the interaction between devfs and VFS, a race condition exists
where the kernel might dereference a NULL pointer.
III. Impact
Successful exploitation of the race condition can lead to local kernel
privilege escalation, kernel data corruption and/or crash.
To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.
IV. Workaround
An errata note, FreeBSD-EN-09:05.null has been released simultaneously to
this advisory, and contains a kernel patch implementing a workaround for a
more broad class of vulnerabilities. However, prior ...As of June 1, 2008 00:00:00 UTC, FreeBSD 5.X support in the ports tree is End Of Life. This means that a ports tree checked out after this date is not guaranteed to produce usable packages on 5.X. Additionally, 5.X package builds on the cluster will cease. Users are encouraged to upgrade to 6.3 or 7.0 if they wish to continue to track the latest ports tree. A tag, RELEASE_5_EOL, has been laid down to mark the last point in the ports tree that officially supported FreeBSD 5.X. Port Manager asks that you not rush to remove 5.X support right away as we'd like a settling-down period, and we want secteam to have a chance to make their EOL announcements as well. Marcus on behalf of portmgr Bcc: ports, developers, portmgr --=20 Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome
