diff --git a/share/security/advisories/FreeBSD-EN-13:01.fxp.asc b/share/security/advisories/FreeBSD-EN-13:01.fxp.asc new file mode 100644 index 0000000000..bfbc4e4318 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-13:01.fxp.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-13:01.fxp Errata Notice + The FreeBSD Project + +Topic: dhclient(8) utility issue on fxp(4) network interface + +Category: core +Modules: sys_dev +Announced: 2013-06-28 +Credits: Michael L. Squires and YongHyeon PYUN +Affects: FreeBSD 8.4 +Corrected: 2013-06-10 07:31:50 UTC (head, 10.0-CURRENT) + 2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE) + 2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE) + 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP) +client, which is used for configuring network interfaces. + +The fxp(4) network interface driver supports Intel EtherExpress +PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559, +i82550, i82551, and i82562 chips. + +II. Problem Description + +When the dhclient(8) utility is used on an fxp(4) network interface, +configuration of the interface could fail with the following warning +messages displayed: + + fxp0: link state changed to UP + fxp0: link state changed to DOWN + +The cause is that the fxp(4) network interface driver resets the controller +chip twice upon initialization, and the dhclient(8) utility falsely +recognizes the second reset as a link down and attempts reinitialize +the interface. As a result, the dhclient(8) utility keeps trying to +initialize the interface forever. + +III. Impact + +A machine which has an fxp(4) network interface does not work with +the dhclient(8) utility. + +IV. Workaround + +There is no workaround. Note that this issue occurs only when the +dhclient(8) utility is used with an fxp(4) interface. A static +configuration by using the ifconfig(8) utility works. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 8.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch +# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated +via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +head r251600 +stable/9/ r251829 +stable/8/ r251830 +releng/8.4/ r252334 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc +-----BEGIN PGP SIGNATURE----- + +iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb +Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey +=mArf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc b/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc new file mode 100644 index 0000000000..5e1a852ffa --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-13:02.vtnet Errata Notice + The FreeBSD Project + +Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later + +Category: core +Modules: sys_dev +Announced: 2013-06-28 +Credits: Julian Stecklina and Bryan Venteicher +Affects: FreeBSD 8.4 +Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT) + 2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE) + 2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE) + 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +VirtIO is a specification for para-virtualized I/O in a virtual +machine. The vtnet(4) network interface driver supports VirtIO +emulated Ethernet device. + +QEMU is a generic and open source machine emulator and virtualizer. +It is included as a third-party package in FreeBSD Ports Collection +(emulators/qemu). + +II. Problem Description + +The vtnet(4) network interface driver displays the following message +upon configuration when using QEMU 1.4.0 or later: + + vtnet0: error setting host MAC filter table + +The interface works normally when the interface has one MAC address. +However, if it has two or more MAC addresses configured, frames to +those additional MAC addresses are not forwarded to the vtnet(4) +interface. Thus, only the first MAC address works. + +III. Impact + +A vtnet(4) network interface with two or more MAC addresses configured +on it cannot receive frames to the addresses except for the first one +when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the +first MAC address, the vtnet(4) interface works without problem even +though the error message is displayed. + +The vtnet(4) driver is included in GENERIC kernel in FreeBSD +8.4-RELEASE. + +IV. Workaround + +The additional MAC addresses can work by setting the vtnet(4) network +interface in promiscuous mode. The following command sets vtnet0 in +promiscuous mode: + + # ifconfig vtnet0 promisc + +Note that this may lead to performance degradation. + +Or, the fixed version of the vtnet(4) driver can be installed as +kernel module by using the Ports Collection (emulators/virtio-kmod). +To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by +removing all of the virtio(4) drivers before installing +emulators/virtio-kmod. The following lines in kernel configuration +file disable the drivers: + + nodevice virtio + nodevice virtio_pci + nodevice vtnet + nodevice virtio_blk + nodevice virtio_scsi + nodevice virtio_balloon + +After recompilation and installing the new kernel and +emulators/virtio-kmod, add the following lines to /boot/loader.conf. +This enables the drivers by loading kernel modules which are installed +by emulators/virtio-kmod at boot time. + + virtio_load="YES" + virtio_pci_load="YES" + virtio_blk_load="YES" + if_vtnet_load="YES" + virtio_balloon_load="YES" + +V. Solution + +Perform one of the following: + +1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 8.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch +# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated +via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +head r251769 +stable/9/ r252193 +stable/8/ r252194 +releng/8.4/ r252334 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc +-----BEGIN PGP SIGNATURE----- + +iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw +O3kAn0R36RIBdh45I+g/BPzjTimKMPza +=8wlc +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-13:01/fxp_init.patch b/share/security/patches/EN-13:01/fxp_init.patch new file mode 100644 index 0000000000..a781eb25c1 --- /dev/null +++ b/share/security/patches/EN-13:01/fxp_init.patch @@ -0,0 +1,90 @@ +Index: sys/dev/fxp/if_fxp.c +=================================================================== +--- sys/dev/fxp/if_fxp.c (revision 251829) ++++ sys/dev/fxp/if_fxp.c (revision 251830) +@@ -1074,7 +1074,8 @@ fxp_suspend(device_t dev) + pmstat |= PCIM_PSTAT_PME | PCIM_PSTAT_PMEENABLE; + sc->flags |= FXP_FLAG_WOL; + /* Reconfigure hardware to accept magic frames. */ +- fxp_init_body(sc, 1); ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; ++ fxp_init_body(sc, 0); + } + pci_write_config(sc->dev, pmc + PCIR_POWER_STATUS, pmstat, 2); + } +@@ -2140,8 +2141,10 @@ fxp_tick(void *xsc) + */ + if (sc->rx_idle_secs > FXP_MAX_RX_IDLE) { + sc->rx_idle_secs = 0; +- if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) ++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) { ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 1); ++ } + return; + } + /* +@@ -2239,6 +2242,7 @@ fxp_watchdog(struct fxp_softc *sc) + device_printf(sc->dev, "device timeout\n"); + sc->ifp->if_oerrors++; + ++ sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 1); + } + +@@ -2273,6 +2277,10 @@ fxp_init_body(struct fxp_softc *sc, int setmedia) + int i, prm; + + FXP_LOCK_ASSERT(sc, MA_OWNED); ++ ++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) ++ return; ++ + /* + * Cancel any pending I/O + */ +@@ -2812,6 +2820,7 @@ fxp_miibus_statchg(device_t dev) + */ + if (sc->revision == FXP_REV_82557) + return; ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 0); + } + +@@ -2835,9 +2844,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr + if (ifp->if_flags & IFF_UP) { + if (((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) && + ((ifp->if_flags ^ sc->if_flags) & +- (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0) ++ (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0) { ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 0); +- else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) ++ } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) + fxp_init_body(sc, 1); + } else { + if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) +@@ -2850,8 +2860,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr + case SIOCADDMULTI: + case SIOCDELMULTI: + FXP_LOCK(sc); +- if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) ++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) { ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 0); ++ } + FXP_UNLOCK(sc); + break; + +@@ -2941,8 +2953,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr + ~(IFCAP_VLAN_HWTSO | IFCAP_VLAN_HWCSUM); + reinit++; + } +- if (reinit > 0 && ifp->if_flags & IFF_UP) ++ if (reinit > 0 && (ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) { ++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + fxp_init_body(sc, 0); ++ } + FXP_UNLOCK(sc); + VLAN_CAPABILITIES(ifp); + break; diff --git a/share/security/patches/EN-13:01/fxp_init.patch.asc b/share/security/patches/EN-13:01/fxp_init.patch.asc new file mode 100644 index 0000000000..9ca2170dc3 --- /dev/null +++ b/share/security/patches/EN-13:01/fxp_init.patch.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlHNIK0ACgkQFdaIBMps37LWlACgjE24YlxIPHVad66ryPEoKN9/ +t+gAn1B2wYnsKkU7BCgs4gDtOLSNSyFz +=S5aD +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-13:02/vtnet.patch b/share/security/patches/EN-13:02/vtnet.patch new file mode 100644 index 0000000000..a990c86bf8 --- /dev/null +++ b/share/security/patches/EN-13:02/vtnet.patch @@ -0,0 +1,16 @@ +Index: sys/dev/virtio/network/if_vtnet.c +=================================================================== +--- sys/dev/virtio/network/if_vtnet.c (revision 252193) ++++ sys/dev/virtio/network/if_vtnet.c (revision 252194) +@@ -2470,9 +2470,9 @@ vtnet_rx_filter_mac(struct vtnet_softc *sc) + sglist_init(&sg, 4, segs); + error |= sglist_append(&sg, &hdr, sizeof(struct virtio_net_ctrl_hdr)); + error |= sglist_append(&sg, &filter->vmf_unicast, +- sizeof(struct vtnet_mac_table)); ++ sizeof(uint32_t) + filter->vmf_unicast.nentries * ETHER_ADDR_LEN); + error |= sglist_append(&sg, &filter->vmf_multicast, +- sizeof(struct vtnet_mac_table)); ++ sizeof(uint32_t) + filter->vmf_multicast.nentries * ETHER_ADDR_LEN); + error |= sglist_append(&sg, &ack, sizeof(uint8_t)); + KASSERT(error == 0 && sg.sg_nseg == 4, + ("error adding MAC filtering message to sglist")); diff --git a/share/security/patches/EN-13:02/vtnet.patch.asc b/share/security/patches/EN-13:02/vtnet.patch.asc new file mode 100644 index 0000000000..db1ff92948 --- /dev/null +++ b/share/security/patches/EN-13:02/vtnet.patch.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlHNIKQACgkQFdaIBMps37LavgCglodGaYxXqVR5F6vBDK1IUkk2 +nQAAn3QKtIuK+/t7ggokGWRE8e/nLhaE +=pp9d +-----END PGP SIGNATURE----- diff --git a/share/xml/notices.xml b/share/xml/notices.xml index 64633c4ec0..b6fa79adb6 100644 --- a/share/xml/notices.xml +++ b/share/xml/notices.xml @@ -4,6 +4,27 @@ $FreeBSD$ + + 2013 + + + 6 + + + 28 + + + FreeBSD-EN-13:01.fxp + + + + FreeBSD-EN-13:02.vtnet + + + + + + 2012