FreeBSD Security Advisory (bzip2)

The FreeBSD Security Team have identified a little bug in FreeBSD with the integer overflow in bzip2 decompression:

I. Background

“The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually
provide a greater compression ratio.

II. Problem Description

When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

III. Impact

An attacker who can cause maliciously chosen inputs to be decompressed can cause the decompressor to crash. It is suspected that such an attacker can cause arbitrary code to be executed, but this is not known for certain.

Note that some utilities, including the tar archiver and the bspatch binary patching utility (used in portsnap and freebsd-update) decompress bzip2-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2-compressed data even if they never explicitly invoke the bunzip2 utility.”

To avoid potential problems, you need to upgrade.

How is FreeBSD 9.0 shaping up?

In the pas few years, Ivan Voras kept the world up-to-date as to what was brewing for the ‘next’ major FreeBSD release (FreeBSD 7FreeBSD 8). He’s doing the same for FreeBSD 9.0: What’s cooking for FreeBSD 9

It’s still early to talk about FreeBSD 9.0 release but so far there have been some interesting developments in the systems and a nice core featureset is shaping up. I’m still maintaining the “What’s cooking” page and this post is basically an (incomplete) summary of it at this point in time.

Of course, in addition to these features, there are non-stop modifications to all parts of the system, from drivers for new hardware to overall performance enhancements. (source)

Other ways (though with more technical discussions) to stay up-to-date with FreeBSD’s development are:

Miscelaneous FreeBSD news and links

Below some links to news articles and blogposts relating to FreeBSD, it’s development and future:

1. NeoRouter 1.1.2 released for FreeBSD (via)

NeoRouter is a cross-platform remote access and VPN solution, that helps you manage and connect to all your computers from anywhere. It gracefully integrates Remote Access, File Sharing, Virtual Private Network, User and Access Management.

Advantages:

  • cross-platform and zero-config
  • peer-to-peer (P2P) connection
  • Roaming user profile
  • built-in ACL and firewall
  • free

2. HOWTO: FreeBSD Binary Upgrade (base system + packages)

FreeBSD power user Vermaden has created an easy to follow howto enabling you to easily upgrade your FreeBSD base system and packages: FreeBSD Binary Upgrade

3. OpenJDK6 IcedTea Java plugin for FreeBSD

Request for help and testing:

Due to a lot of user request I’ve started working on a port for the OpenJDK6 IcedTea Java plugin which works with Firefox 3.6. As I never used the Java plugin and I’m not very experienced in the Java world I need some help.

Some parts of the port are taken from java/openjdk6 and pkgsrc

Source: OpenJDK6 IcedTea Java plugin for FreeBSD

4. Debian GNU/kFreeBSD Becomes More Interesting

Phoronix looks at Debian GNU/kFreeBSD again:

Since last year we have been talking about Debian GNU/kFreeBSD, one of the official ports for Debian 6.0 “Squeeze” that will bring a 32-bit and 64-bit FreeBSD kernel as an option to using the Linux kernel. Debain GNU/kFreeBSD still has the Debian user-land complete with its massive package repository and apt-get support, but the FreeBSD kernel is running underneath instead of Linux. Debian GNU/kFreeBSD has matured a lot over the past year and most recently it has switched to using the FreeBSD 8.1 kernel by default and also now supports ZFS file-systems.

In January of this year was our first time benchmarking Debian GNU/kFreeBSD when it was using the FreeBSD 7.2 kernel. With that initial testing, in 18 of our 27 benchmarks Debian GNU/Linux was still faster than Debian GNU/kFreeBSD. We delivered a much larger comparison a week later when comparing the Debian variant to Fedora, FreeBSD 7.2/8.0, OpenBSD, and OpenSolaris. Debian GNU/kFreeBSD performed about average.

[...]

Debian GNU/kFreeBSD though has continued advancing since that point. When trying out the latest daily installer image of Debian GNU/kFreeBSD this week, there is not only the FreeBSD 8.1 kernel available, but it’s now used by default. This Debian port is no longer using a Debian 7.x kernel by default but it’s moved up to match the latest upstream FreeBSD stable release that’s available.

[...]

Not only is Debian GNU/kFreeBSD more exciting for its new default kernel, but now it has ZFS file-system support too. Added to the kFreeBSD repository recently was a zfsutils package that provides the support for using and setting up ZFS file-systems.

Source: Debian GNU/kFreeBSD Becomes More Interesting

5. Glibc finally free software

Glibc is now free under the BSD license:

Fedora Engineering Manager Tom ‘spot’ Callaway has announced that glibc , the GNU C Library, is finally free software after working with Oracle to get Sun code from 1985 placed under an unrestricted licence. Glibc is typically included with most programs that are compiled with the GNU C compiler…. more

6. FreeBSD Nvidia driver 256.53 available

You can download the latest Nvidia graphics card drivers from FreeBSD direct from the NVidia website

7. Microsoft Patents Operating System Shutdown

How rediculous is this:

“Microsoft just received confirmation of a patent that hands the company the intellectual property of shutting an operating system down.” (continues)

What do you think. Will this have any implications for FreeBSD?

8. NetApp and Oracle lift ZFS patent cloud
A long running legal battle between NetApp and Sun Microsystems, which centered on the open source ZFS filesystem, has come to an end. NetApp has announced that it has agreed with Oracle to dismiss patent litigation.

More

9. Latest Version of BSD Certification DVD Available (via)

The latest version of the BSD Certification Study DVD is now available. Besides being a handy study reference, the DVD is a useful tool as it contains the latest versions of the 4 BSDs plus their documentation.

Full Announcement

FreeBSD’s Summer 2010 Highlights

Murray Stokely who was involved in the FreeBSD Google Summer of Code 2010 mentoring program has put an update on his blog:

FreeBSD is a modern open source operating system for servers, desktops, and embedded systems, based on over 30 years of continuous development. The FreeBSD Project has participated as a mentoring organization in Google Summer of Code each year since the program’s inception in 2005. This year, FreeBSD mentored 18 students with a final success rate of 89%. The cumulative total over 6 years has been 117 students improving FreeBSD.”

Continues (google-opensource.blogspot.com)

It’s nice to see FreeBSD ‘promoted’ on one of the Google Blogs ;-)

FreeBSD Events Update (Ohio LinuxFest, EuroBSDCon, MeetBSD)

Ohio LinuxFest

Ohio LinuxFest will be taking place from today (10-12 Sep in Ohio). I’m aware of the following FreeBSD related companies and projects that will be respresented: the FreeBSD Foundation, iXsystems, PC-BSD and BSD Certification. If you know of any other ones, please leave a comment below.

The eighth annual Ohio LinuxFest will be held on September 10-12, 2010 at the Greater Columbus Convention Center in downtown Columbus, Ohio. Hosting authoritative speakers and a large expo, the Ohio LinuxFest welcomes all Free and Open Source Software professionals, enthusiasts, and everyone interested in learning more about Free and Open Source Software.

Dru Lavigne will be doing a presentation titled PC-BSD: An Easy to Use BSD Desktop (slideshare available)

EuroBSDCon 2010 (Accepted Talks)

The following talks will be taking place at EuroBSDCon 2010 (8-10 October, Karlsruhe (Germany)):

MeetBSD 2010 (California)

This conference will be held  5-6 November 2010 Mountain View, California, USA)

MeetBSD 2010 features a community-driven discussion format that gives great minds from the BSD and open source communities the opportunity to share ideas. Discussions in the form of breakout sessions will provide a forum for a variety of open source development topics. Lightning talks will allow attendees to share the status of their BSD projects quickly with other community members, while stimulating conversation. A handful of selected speakers will also take part in the event, delivering information on a number of BSD platforms (source).

FreeBSD 6.4 and 8.0 End of Life

On November 30th, FreeBSD 6.4 and FreeBSD 8.0 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Since FreeBSD 6.4 is the last remaining supported release from the FreeBSD 6.x stable branch, support for the FreeBSD 6.x stable branch will also cease at the same point. Users of either of these FreeBSD releases are strongly encouraged to upgrade to either FreeBSD 7.3 or FreeBSD 8.1 before that date.

The FreeBSD Ports Management Team wishes to remind users that November 30 is also the end of support for the Ports Collection for both FreeBSD 6.4 RELEASE and the FreeBSD 6.x STABLE branch. Neither the infrastructure nor individual ports are guaranteed to work on these FreeBSD versions after that date. A CVS tag will be created for users who cannot upgrade for some reason, at which time these users are advised to stop tracking the latest ports CVS repository and use the RELEASE_6_EOL tag instead (source)

Capsicum Presentation at Usenix Security 2010

Robert Watson’s Capsicum presentation at Usenix Security is available as MP4.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

FreeBSD Events and Conference Calendar

These and other dates can be found in my FreeBSD Events and Conferences Calender (gcal).

FreeBSD quick news and links (week 35)

Some FreeBSD related links and updates below:

New NVidia FreeBSD drivers 256.53

NVidia has updated its graphics drivers for FreeBSD. Some of the changes are:

  • Fixed a bug that prevented XvMC from initializing in most cases.
  • Added support for xorg-server video driver ABI version 8, which will be included in the upcoming xorg-server-1.9 series of releases.
  • Fixed a bug that caused extremely slow rendering of OpenGL applications on X screens other than screen 0 when using a compositing manager.
  • Fixed a regression introduced after 256.35 that caused stability problems on GPUs such as GeForce GT 240.
  • Fixed a slow kernel virtual address space leak observed whenstarting and stopping OpenGL, CUDA, or VDPAU applications.
  • Fixed a bug that left the system susceptible to hangs when running two or more VDPAU applications simultaneously.

BSD License Generator

One shouldn’t have to change too much text when adapting the BSD license, but for the lazy there a BSD License Generator.

Benchmarking HAProxy – Ubuntu vs FreeBSD

“HAProxy on Ubuntu, or HAProxy on FreeBSD? I couldn’t find any real benchmarks comparing the two out in the wild, so I decided to do my own.”

More: Benchmarking HAProxy – Ubuntu vs FreeBSD

Installing pfSense on a Nokia IP120 firewall

“I was recently toying with an old Nokia IP120 firewall and discovered that pfSense would run quite well on this old hardware.”

Here’s how to do it: Installing pfSense on a Nokia IP120 firewall

FreeBSD Stable Release Install Guide

There’s already the excellent FreeBSD Handbook, but here and there you can find other useful guides, for instance the FreeBSD Stable Release Install Guide.

Up to date, Step by Step, How-To, Instructional Guide to Installing FreeBSD from scratch, Specifically written with background information covering the why and how the different components are used together to create a home or small enterprise network for the new-be and inexperienced FreeBSD computer hobbyist. Not a General reference type of document, but a true learning aid containing details unique to the stable version of FreeBSD your installing: a1poweruser.com

The history of Unix on the PC: Exploring lesser-known variants

“When someone discusses the Unix operating system on a PC, many modern computer users think of Linux, a Unix work-alike first released by Linus Torvalds in 1991. Linux is a relative newcomer to the field; Unix and Unix-like operating systems have been released for Intel x86-based systems as far back as 1979. This article covers some lesser-known Unix variants for IBM PC-compatible systems, both those that survive today and the ones that were not long-lived or commercially successful:

The history of Unix on the PC: Exploring lesser-known variants

FreeBSD will continue supporting ZFS

OpenSolaris may be dead now; its advanced techologies such as the ZFS file system continue to live on in FreeBSD.

FreeBSD Developer Pawel Jakub Dawidek confirmed that he is preparing a port of the OpenSolaris ZFS v28 file-system.

Some of the new features included in v28 are:

  • Data deduplication
  • Triple parity RAIDZ (RAIDZ3)
  • zfs diff
  • zpool split
  • Snapshot holds
  • zpool import -F
  • continue to work on ZFS

Instructions on how to test the latest patch can be found on the mailinglist.

Martin Matuska has issued two calls for testers to try out his improvements to the ZFS code.

Pawel confirmed the commitment of the FreeBSD Project to ZFS:

… a message we, as the FreeBSD project, would like to send to our users: Eventhough OpenSolaris is dead, the ZFS file system is going to stay in FreeBSD. At this point we have quite a few developers involved in ZFS on FreeBSD as well as serveral companies.