Issue 119
Published August 17, 2022

All the latest news and tutorials from the BSD world.

Releases

No releases.

BSDSec

FreeBSD Security Advisory FreeBSD-SA-22:09.elf: When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.

FreeBSD Errata Notice FreeBSD-EN-22:17.cam: CAM (Common Access Method) is a FreeBSD kernel subsystem which handles various aspects of storage device management. Among other responsibilities, it handles device error recovery and can automatically retransmit commands to peripheral devices when a transient error is encountered. When a CAM-managed device responds to a command with an error condition, CAM may automatically retry the command following some error recovery protocol. For instance, it may send a SCSI START UNIT command to the device before retrying the failed command. In this case, an in-memory copy of the original command is preserved for a later retry. However, a specific portion of the command state was not saved correctly, and upon a retry this could lead to memory corruption. The bug can cause kernel panics or other system-level misbehaviour.

FreeBSD Errata Notice FreeBSD-EN-22:16.kqueue: kevent(2) is a system call which provides a generic method of notifying the caller when a caller-specified event happens or a condition holds. One use for kevent(2) is to wait for a specified timeout to elapse. This is implemented by the EVFILT_TIMER filter type. In FreeBSD 13.1, periodic events of type EVFILT_TIMER will return at only half of the requested frequency, following the first event. The bug may cause misbehaviour in software that makes use of periodic kevent(2)-based timers.

FreeBSD Errata Notice FreeBSD-EN-22:18.wifi: FreeBSD’s net80211 kernel subsystem provides infrastructure and drivers for IEEE 802.11 wireless (Wi-Fi) communications. FreeBSD-SA-22:02.wifi included a number of improvements to net80211 data validation. Some of these changes were not included in the patch provided for FreeBSD 13.0 and via freebsd-update. The changes were included in the git repository. The interface affected by the missing change is only available to the superuser. The superuser may be able to cause kernel crash.

OpenBSD Errata: August 12, 2022 (zlib): Errata patches for zlib have been released for OpenBSD 7.0 and 7.1. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.

News

BSD Now 467: Minecraft on NetBSD: Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the yes Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more

/usr/games removed from the default $PATH : In -current, /usr/games has been removed from the default $PATH. So when you next sit down on a fresh snapshot install and want to do a quick rot13 or do a round of tetris, you may need to specify the full path.

FreeBSD 13.0 end-of-life: On August 31, 2022, FreeBSD 13.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 13.0 are strongly encouraged to upgrade to a newer release as soon as possible.

Tutorials

Emulating the Amstrad CPC on NetBSD: A small HOWTO which explains how to emulate the Amstrad CPC 464 and/or 6128 guest on a NetBSD host.

Jstats - a resource monitor script for FreeBSD Jails: Jstats is a tiny resource monitor for FreeBSD jails, created by Özgür Kazanççı, a small tool that lists RAM, CPU and disk space usage of the jails running in the host system.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.