[USN-2095-1] Linux kernel (Saucy HWE) vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6zTiAAoJEAUvNnAY1cPYAwcP/1ALSvu0owvrXo2Dy56BMbHc
DBRhO4RZg69slLTZ868/0urqKRveIBdRh55v4OuklbnQlj/7+wdpLnurqLL/y/4o
msYIT4b6tVU+fHwDTKVbyHOQdUjEvzXkziaN2WTm12JcSvYYbAvyORPc16sMcgKO
989GSxYEhZPZoRoP86vN2Xc2z28VxrshEf2neYgIZQ4Cn9oQzvNPYiGmjEVfYrSl
stYoUlW9JTRAeM2yCTtL/0k48M2xjGqscr0J335gjr5EMvCpp+BH3VlVHN2qjxj6
0UPk0p1raHCaYwl+kMM0aHrJeFRkKaPsXVcO1Ux8FKRB5aWFhTmUcqgrOmb13EP6
OKA2kk9bKfw4gkvUf23axwn8nt36aBZGzPDiXoZk6cJWqQxlAcomEdUycOb0RNJE
OEPvkPLmwNZz5Cp68qJ9XpY8F89FfrIQ0LmZ2iynlUwWSXNwWXBGHUh0kzuAH7Eq
SnCx1bm/CWJMzzxLCXGabObf8g/k4A57dP0MNxWKQQ5AzcWlojpSsygeVDgm/xOO
aaOL045JwYL33BAmT7iVnkN6/u/DSAsYipuo7U2rxtvahkNr+5fqt14ZWSxH+xS6
0iKsAtOyKbbaJtUur4sk5NKxSAzFD+Fj/zQyAgFF/6nWbi4a3/tkfXbkyDiTlkH0
FqZ8QZLuldcSmciapKBq
=it+d
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2095-1
January 31, 2014

linux-lts-saucy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux-lts-saucy: Linux hardware enablement kernel from Saucy

Details:

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.11.0-15-generic 3.11.0-15.25~precise1
linux-image-3.11.0-15-generic-lpae 3.11.0-15.25~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2095-1
CVE-2014-0038

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-15.25~precise1

[USN-2096-1] Linux kernel vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6zUAAAoJEAUvNnAY1cPYc9gP/0x/s0tZUHYlttZoH5nX8T1r
OgyXXIO6VyVxmJuojzJRjK1bZXG7Sqt+GLzcMMFvRuwg8aKpN5bnfDFgGL26KqWE
MUFpNugwPmwfFCYETJ4LsAV/Km/vZMpHdkP+zJTKWcu4+BZxAc7ub3+GVezHD4Kj
yZZLxbvEmtThpEcy8ZEDCCew2DDI21Ai3WGkvW+42ckZzmWVAneSL7P1TravQD40
lw4tavLE5aitETuMrJkAuByrPc7yZseKTtczhQzW7HRkMTk7kXC60L/4poqs7jv/
DR6AdHQxULYPijVcqEEhmHGIC50FIV5qCrTDha/+z1cJwUso/tw/FjMrTqD2Urkc
7AvfRqWxF8chPX0d5iFhKo8G4BhuYppy6SYjxhI/oQaY53tUuEiMTBX/ACuv6Lyo
wHH1jvK7ZcenvXSEG/2LZ+Gtj4tuuKXCz6eDu+wyn2T14chaVQbUNzt1x43kn859
aVvZ+8LtGrL0yu0V31VdWmcsp590AsmKTEUfim2lmJUueg8Rc3M7gVM1yTSw6eSd
u/+8M/N7FHgI5KEtk9ssLBSNccDYjNYylE/Rs2O5Cq8rLUxZ/wQuXlKZnYLxf7SD
WIh76ZprSPNKWanpG9tOLSOR0Y549wZfC97TSnINnfPgyiNaRymqsXTETMOjstxK
S1Qkhy0RXK7DKuWjDajJ
=35nd
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2096-1
January 31, 2014

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel

Details:

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
linux-image-3.11.0-15-generic 3.11.0-15.25
linux-image-3.11.0-15-generic-lpae 3.11.0-15.25

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2096-1
CVE-2014-0038

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.11.0-15.25

[USN-2094-1] Linux kernel (Raring HWE) vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6zS/AAoJEAUvNnAY1cPYBDUP/ivxUjFwmM6qXEgevy3hoTAA
/FjRppDfxtYhZuCBYVDzg8AEq1UxCWcYuT1yPbTvU2j+F27g0Rz7zLTY4SRWHLPq
VDMZ0L546smvJhvYP3710xJlRBVh1PMQT4dH6UzxJjAcuowyGC0iqBxjfLjb3j97
8lE4AnPj1mcXXUklFBgeDyHhOy5kBsKW4AX2HWsSd/zJgrHhBORQv+MPOZCYkl0K
N9pUSqLhRlA/7ElqCpfk6MslmFWeOSyn+GICzvVzTFQYam8WSGFYodXpkpBOqxkT
igcrBfym9xzZzx7dBlVJIM+Qka0QJ/bLinkMsKrxlQx1fj2tcNt6mTHpb40EwF46
UqP/duds0Jy3fWuKvOqHOlpoUWG1rD4/Zo9NVks8T/PDTVpDRt4m5Q+F0ETs/dP0
9oH+HeTPPU9y79nfuQQyBJrog5p4x1p9X+Y/n64XyCHJsdQGnmpbs6GRjytnPlXo
rOlJ976ZiBOPP21v3WvWZRpaQfFG8lAyyZqOdGhxEh9QOP/7T8ezEv2K23O1CctE
gAL1r/nVr5DPXCrOaslzZB2nx4KabHc3RNW84H5CS7Pu1ScDeHX9vkYQ7LxAuiFR
6Y/ptgidy/WObM5kqpFuKpi3K2gZwr1fv+OdBEeiXKu4gsTe7LfIKZi7aW6DGXDJ
JWJzDaTCpoouVje0q5HJ
=OYBH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2094-1
January 31, 2014

linux-lts-raring vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux-lts-raring: Linux hardware enablement kernel from Raring

Details:

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.8.0-35-generic 3.8.0-35.52~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2094-1
CVE-2014-0038

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-raring/3.8.0-35.52~precise1

[FreeBSD-Announce] HEADS UP: FreeBSD 8.3 EoL coming soon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello Everyone,

On April 30, 2014, FreeBSD 8.3 will reach its End of Life and will no
longer be supported by the FreeBSD Security Team.

Users of FreeBSD 8.3 are strongly encouraged to upgrade to one of the
newer releases before the that date.

The current supported branches and expected EoL dates are:

+----------------------------------------------------------------------------+
| Branch | Release | Type | Release Date | Estimated EoL |
+-----------+------------+--------+------------------+-----------------------+
|stable/8 |n/a |n/a |n/a |June 30, 2015 |
+-----------+------------+--------+------------------+-----------------------+
|releng/8.3 |8.3-RELEASE |Extended|April 18, 2012 |April 30, 2014 |
+-----------+------------+--------+------------------+-----------------------+
|releng/8.4 |8.4-RELEASE |Extended|June 9, 2013 |June 30, 2015 |
+-----------+------------+--------+------------------+-----------------------+
|stable/9 |n/a |n/a |n/a |last release + 2 years |
+-----------+------------+--------+------------------+-----------------------+
|releng/9.1 |9.1-RELEASE |Extended|December 30, 2012 |December 31, 2014 |
+-----------+------------+--------+------------------+-----------------------+
|releng/9.2 |9.2-RELEASE |Normal |September 30, 2013|September 30, 2014 |
+-----------+------------+--------+------------------+-----------------------+
|stable/10 |n/a |n/a |n/a |last release + 2 years |
+-----------+------------+--------+------------------+-----------------------+
|releng/10.0|10.0-RELEASE|Normal |January 20, 2014 |January 31, 2015 |
+----------------------------------------------------------------------------+

- --
Xin Li
FreeBSD Deputy Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJS6wL9AAoJEO1n7NZdz2rnU7kQALjQ+r/l18XGegbr4Gh3JImP
bkr4RB2TfNh//k11y3yFgPGeGu2ctbduomBfDecuPHA+ig+M064D6aDdVy3A8On2
o4RuxzbFTfSBD9+TMXfUI5uFoVubSpSspcDRedZBO76FQpM9WJqLvo1qqDnG4Xe/
dvsl6P45w6cHiKWGMsuE6LSM9ECnQIipDT/KI3QxYQ1NJQTIDuYBGPM0juhkFwLX
UgBWiMKgQ72XUaUV/AvF7phCzXT2DQRaCguvzJ3kXbpQL25PvyaTecY/p7wB5RXf
lcmlgnf6/hTUQxyHD8tkCGsBBdWNRRld+IOZsoC/dR/1cwJxXoCY7mvdUzOfdLXz
DsQZgPa987nD5OCdgQ+I9EoH02nGb5ori2xDjwd4r4yePIwcCBGiC/J/ZnyC+ikB
WzhO1JSUelVEO12OU5IKr7VFrO1S4ohoDscjqIUazIcLH8evVYkDJ6XQwND+2K/b
MfPoAzCGUH3nrbZucy60fsat5MHbA/SQS5w2LvXeaORR10tgQKNotuhQ/4LM/vwg
0Oi9uTKeUVeD6nwa2fBs1C3j0w04+29dK0EPuYgDdS4SyxeWZLDGej7R+6h5RRZ9
/bRJGnCJ124X07B7Gw52IeCMAIaUaAAtqnaC5YXA7q8VARppMDqmEdhW0dpxICoE
PmjtSnxzRjVxGkJ1EDVa
=n479
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

[CentOS-announce] CESA-2014:0108 Moderate CentOS 5 kernel Update

CentOS Errata and Security Advisory 2014:0108 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0108.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
d74238e3602c13a3207c146c28b69012bdfb7a2f9788a1d89376ef06a26983d9 kernel-2.6.18-371.4.1.el5.i686.rpm
11b3cf3eea6732f2f08dedb7baea22070776f7bebb78b6b4ce3b106b9ba19776 kernel-debug-2.6.18-371.4.1.el5.i686.rpm
35d460a7b875c28fdef48feb36bce6ab1f2e7fbbc4291389080122baf0176a12 kernel-debug-devel-2.6.18-371.4.1.el5.i686.rpm
0d423d996dc8591571371f42190ac60bda099885d8a45f8202f6c35fe8d7979a kernel-devel-2.6.18-371.4.1.el5.i686.rpm
80fcbdf9cc96c558bf3ff16a4e91f2208080ded230d0202d27b2f56235940a20 kernel-doc-2.6.18-371.4.1.el5.noarch.rpm
d465d0af5afb9763be6903777d8cf1c7e78dfcd1ddf14ed353e56cfe3461fed1 kernel-headers-2.6.18-371.4.1.el5.i386.rpm
e8abb4f5e64ab5deb8dd46836c078fac411d4503cb0eeac71070d39f7bd46b31 kernel-PAE-2.6.18-371.4.1.el5.i686.rpm
c4ad7c0768cbc108d968c1f2ea40794fb31ca9c15c06d4a2afe3a911ff130f9c kernel-PAE-devel-2.6.18-371.4.1.el5.i686.rpm
6722c19f53526ddfc4b9534fd614c5573a85aedfd646e248f6f8b1e0be23f812 kernel-xen-2.6.18-371.4.1.el5.i686.rpm
4199617157b203bf104cbd4c9bdf0e62630aa56ac3899806ad6dc2336da72460 kernel-xen-devel-2.6.18-371.4.1.el5.i686.rpm

x86_64:
28db579af6dd4accedfc11118cf212e040e41c3ffa4b65192ec4b043f622ac9e kernel-2.6.18-371.4.1.el5.x86_64.rpm
77bc6d8ddd451273f025e6b5fd1c7d08ba6f054c67d43a411b5e46f0d3f12525 kernel-debug-2.6.18-371.4.1.el5.x86_64.rpm
cfe41cfe5cc81e304ed22cf5c448ff64709d6d8e67d4dbb1054413c6b69c7fd9 kernel-debug-devel-2.6.18-371.4.1.el5.x86_64.rpm
aa4d52e0fcd19ba1169593e426654d9e58c642f9cecba426852b2b6076d5a7df kernel-devel-2.6.18-371.4.1.el5.x86_64.rpm
80fcbdf9cc96c558bf3ff16a4e91f2208080ded230d0202d27b2f56235940a20 kernel-doc-2.6.18-371.4.1.el5.noarch.rpm
0f033ef397b688c1f470eb7d83fabb639d3a99b59672f3fee8faa3982428d27c kernel-headers-2.6.18-371.4.1.el5.x86_64.rpm
353acecacaf577c4e06cec22941a2fa4389b09b379017d719f38b78c4f7084b4 kernel-xen-2.6.18-371.4.1.el5.x86_64.rpm
453c78b1611cb8725b99fc481266ccba4a8035624fa939a4f05cd654ca7b9e28 kernel-xen-devel-2.6.18-371.4.1.el5.x86_64.rpm

Source:
fca0fcf245ce34e872dba0319a3ce11f302f51dcf3228662bb33c167794440bd kernel-2.6.18-371.4.1.el5.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2014:0116 CentOS 5 java-1.6.0-openjdk Update

CentOS Errata and Enhancement Advisory 2014:0116

Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0116.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
762e64fcc24500f6f403800b97427e86b6b930aa03d0d0ef33b8978382b4f508 java-1.6.0-openjdk-1.6.0.0-4.1.13.1.el5_10.i386.rpm
bfc8dad84d360467c7bc49a06fd3bb236ccee19e1b1eec1e6b06d4ee831385e7 java-1.6.0-openjdk-demo-1.6.0.0-4.1.13.1.el5_10.i386.rpm
686487cff278b948e3831674471407f2a9488476826415685c3e93668a7f070a java-1.6.0-openjdk-devel-1.6.0.0-4.1.13.1.el5_10.i386.rpm
85ba811f5b351431d71042569970501c1de1cc39c06a63465db7cf8c810b84b0 java-1.6.0-openjdk-javadoc-1.6.0.0-4.1.13.1.el5_10.i386.rpm
bb4b5ce7ef3369070e6ca587b0cba38754e8f35c9ce0c6c577b3f4f96296087f java-1.6.0-openjdk-src-1.6.0.0-4.1.13.1.el5_10.i386.rpm

x86_64:
b0819f2452fb32a10c2c9f28a23ef45e00cca4768f3d6e45a16b189148ea6512 java-1.6.0-openjdk-1.6.0.0-4.1.13.1.el5_10.x86_64.rpm
b5db22d78df02eb8d0a6a1fcc74fb12914132d24fd524d26f378ceceacf68a86 java-1.6.0-openjdk-demo-1.6.0.0-4.1.13.1.el5_10.x86_64.rpm
2b51d324d30c3a059dc92079d568dce656d9531d8599ac96c5b06e84f4fc8a6c java-1.6.0-openjdk-devel-1.6.0.0-4.1.13.1.el5_10.x86_64.rpm
de06ff91f6ca1c44beb098242b9fa19a2e52aeae9bcc056104dd58bfc280df6c java-1.6.0-openjdk-javadoc-1.6.0.0-4.1.13.1.el5_10.x86_64.rpm
03dc8e9b81bf6148222775a368279916c05e5b5ed07a50f38a1f755825acd8f8 java-1.6.0-openjdk-src-1.6.0.0-4.1.13.1.el5_10.x86_64.rpm

Source:
9f70b671a41dc2e51f8530c4016a319859dcfc5b4df8f76224641c1d90852c0a java-1.6.0-openjdk-1.6.0.0-4.1.13.1.el5_10.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2014:0115 CentOS 5 java-1.7.0-openjdk Update

CentOS Errata and Enhancement Advisory 2014:0115

Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0115.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
4dcbffbec6c8b418ba0707e3adf3ba51432253324d2d29011b76f847f4a4e259 java-1.7.0-openjdk-1.7.0.51-2.4.4.2.el5_10.i386.rpm
0643eb015493bc407fb970919ce094b38e9ee98729384fee9b4493cb6bea73f4 java-1.7.0-openjdk-demo-1.7.0.51-2.4.4.2.el5_10.i386.rpm
ecf069fb964cdecf60c8470e455443abb3685a668798a059a180597b90db525a java-1.7.0-openjdk-devel-1.7.0.51-2.4.4.2.el5_10.i386.rpm
151e1a5835c68a8ceaae413856dd7c6c98f4d50900456d3c9029118501be3042 java-1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.2.el5_10.i386.rpm
7a59e6bd0d051e2a629e873f52d72798d4229cf2046982d18eaec5c946390a10 java-1.7.0-openjdk-src-1.7.0.51-2.4.4.2.el5_10.i386.rpm

x86_64:
8527c44fc595ed44940a72b6f77c9d1d2034ff9a24e261432839706efff5d932 java-1.7.0-openjdk-1.7.0.51-2.4.4.2.el5_10.x86_64.rpm
3823f88f3485b7b584505cea467da90b2c43be8729fe9c5a383805740558beeb java-1.7.0-openjdk-demo-1.7.0.51-2.4.4.2.el5_10.x86_64.rpm
5f12454f2b926d6dc4cfceeb02a2ff8bccf13a4ccc13be03aa029647927713c8 java-1.7.0-openjdk-devel-1.7.0.51-2.4.4.2.el5_10.x86_64.rpm
b9045468cd6f3c871e0c668f8a5c9f38e76c346414f0e4156734f5715d91055c java-1.7.0-openjdk-javadoc-1.7.0.51-2.4.4.2.el5_10.x86_64.rpm
ec8926f22aeab828099bd4c0c9aa3aef452408b2bee6202fcb3dbde235c04c5d java-1.7.0-openjdk-src-1.7.0.51-2.4.4.2.el5_10.x86_64.rpm

Source:
b432e26b56e871d1a37c2e7dd1eefc736ea924fd93dcc292539b16ea79759519 java-1.7.0-openjdk-1.7.0.51-2.4.4.2.el5_10.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-2093-1] libvirt vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6r5iAAoJEGVp2FWnRL6TVYYP/j5+Ttl/DycEaz3+FH3ytD3Z
R/BcBWQsF3aglAvGgECk7skwRH30tQq9Cw74UUdM/CrGBlpbKMePJ05NLmC9atdL
ZozgdK+IOtu2ZsXQXXIL9fujs+ApVU5aZtfGKCXwG7XLL3Zi/MwHrEYH1pr2YX8W
m3zzlqq7f5oqrXc4Vn3Zlq/S/FR3elOoeUf0f9OJnoI/afz0dy9DL26ZUOz7hhCm
da3I/FlEcxWVkYyABMT7U8NFVX/KrWTBistBZM70HCz69/s9rBLeSglarxEFOSwV
unfNqfxhR0Obc4EDzLh7Eil2GT/1mZRgthpJq1/YIwcjPrb9YNaVueNyiYYV5Rip
GQ7fYaRtnipe7qkOT0HCpLkx0Dz12TKmu2dL4YPdpixr5QhW2YzekekQtdEZWym6
Fql4fi7JN5GbA+nPb09lFoFqCwIA8Cq4ikekLaJb7see1Ohzv86bbB+0hAzxZKHh
I2yphT0BLKTsbaWiRrmhdTYN4kXazH23DWhBkneb96Do1Af3HbPkCLsJP29iVyPh
vUWsQtemed74dgxof2t81nDbZsB1AM5z8QqEr/6b3Jg8Wl9KlpfKVkz4iToYgKgS
1LR5hZDpxlQVcX6BQDGhFnmisZAf9mMqqVsfmVqaEkF0mb8FSEe7zjpqGBxbz+Z/
EMeG9yq/BIRg5qpgLrg+
=B1Pv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2093-1
January 30, 2014

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

Martin Kletzander discovered that libvirt incorrectly handled reading
memory tunables from LXC guests. A local user could possibly use this flaw
to cause libvirtd to crash, resulting in a denial of service. This issue
only affected Ubuntu 13.10. (CVE-2013-6436)

Dario Faggioli discovered that libvirt incorrectly handled the libxl
driver. A local user could possibly use this flaw to cause libvirtd to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 13.10. (CVE-2013-6457)

It was discovered that libvirt contained multiple race conditions in block
device handling. A remote read-only user could use this flaw to cause
libvirtd to crash, resulting in a denial of service. (CVE-2013-6458)

Eric Blake discovered that libvirt incorrectly handled certain ACLs. An
attacker could use this flaw to possibly obtain certain sensitive
information. This issue only affected Ubuntu 13.10. (CVE-2014-0028)

Jiri Denemark discovered that libvirt incorrectly handled keepalives. A
remote attacker could possibly use this flaw to cause libvirtd to crash,
resulting in a denial of service. (CVE-2014-1447)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libvirt-bin 1.1.1-0ubuntu8.5
libvirt0 1.1.1-0ubuntu8.5

Ubuntu 12.10:
libvirt-bin 0.9.13-0ubuntu12.6
libvirt0 0.9.13-0ubuntu12.6

Ubuntu 12.04 LTS:
libvirt-bin 0.9.8-2ubuntu17.17
libvirt0 0.9.8-2ubuntu17.17

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2093-1
CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028,
CVE-2014-1447

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.1.1-0ubuntu8.5
https://launchpad.net/ubuntu/+source/libvirt/0.9.13-0ubuntu12.6
https://launchpad.net/ubuntu/+source/libvirt/0.9.8-2ubuntu17.17

[USN-2092-1] QEMU vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6r5GAAoJEGVp2FWnRL6TevIP/1a0hrusgs4cRvd9or3IDlCs
T97CAsVsMlcZQOFv4543pgCmC4tpe5EjXjwgeS/4FhypCk8P1WZDoAqbqz0ghBX4
paSHUEvZfpFpwuJFPPMl4oPBbWtLpQbY8WDPKmnaCjZghmyHFDyR1Y2IZv0QGIhS
39I/YErx2HylCvXrDgg6vwF9mydJDh94rjw0gn7ijqCFP4zuJHkgcF8EiPSP5xNb
Q9qSmYCNLKg+5RRr0Q80ulH9ezuGiM7K9CE+6TqSyr6LRpJuPSWDNCWE8AkxA4d7
J6v63U5ZWd45tzPb0dhWDbEU72pwHUS3TYoRMnl5SG+p6uaUo7E1Kw0yeAfzyPea
5U9AghENQ7Oq6jzGkPsaB8/HGao9cR5wF38EkggIgZsqY/M2Xp+Y0KzUzVkUuTo7
ZWf8vygNqACHE+kbcyIiXF6ef92uCg2GElrJcNm4G5dHwfxuNGKIbM37tb4mkSTs
n8KH4rYO/scAROeVZkydfCP8jaWn1osa+2DMiOGFpKCSKJGn1etFRmZX/bGXkFhH
0niZwyuJuRabvk1ZoFmCamL/7IushnfmfvmuV1Ec4H8UuGxZduiD3tvOd+zQbbyW
fAH7ipw1X0HMPbLPQc/3zs//w6pA80Yc6s1MJkcex16PRPYFryWgBSjroylR9fHd
88IOZs7GtzbepHHAmW9w
=0XnO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2092-1
January 30, 2014

qemu, qemu-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer

Details:

Asias He discovered that QEMU incorrectly handled SCSI controllers with
more than 256 attached devices. A local user could possibly use this flaw
to elevate privileges. (CVE-2013-4344)

It was discovered that QEMU incorrectly handled Xen disks. A local guest
could possibly use this flaw to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4375)

Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging.
A local user could possibly use this flaw to cause a denial of service.
This issue only affected Ubuntu 13.10. (CVE-2013-4377)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
qemu-system 1.5.0+dfsg-3ubuntu5.3
qemu-system-arm 1.5.0+dfsg-3ubuntu5.3
qemu-system-mips 1.5.0+dfsg-3ubuntu5.3
qemu-system-misc 1.5.0+dfsg-3ubuntu5.3
qemu-system-ppc 1.5.0+dfsg-3ubuntu5.3
qemu-system-sparc 1.5.0+dfsg-3ubuntu5.3
qemu-system-x86 1.5.0+dfsg-3ubuntu5.3

Ubuntu 12.10:
qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.6

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2092-1
CVE-2013-4344, CVE-2013-4375, CVE-2013-4377

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3
https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13

[USN-2091-1] OTR vulnerabilities

==========================================================================
Ubuntu Security Notice USN-2091-1
January 29, 2014

libotr vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Applications using the OTR secure chat protocol could be made to expose
sensitive information over the network.

Software Description:
- libotr: Off-the-Record Messaging library

Details:

This update disables the OTR v1 protocol to prevent protocol downgrade
attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libotr2 3.2.0-4ubuntu0.2

After a standard system update you need to restart OTR applications to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2091-1
https://launchpad.net/bugs/1266016

Package Information:
https://launchpad.net/ubuntu/+source/libotr/3.2.0-4ubuntu0.2

Fedora Community Conduct Reminder

The Board was recently notified of a serious violation of our Code of
Conduct made on the development list last week. Physical threats of
violence are an egregious offense and may result in further censure or
disciplinary action. While we look into the matter further, we would
like to remind everyone that threats of any nature are not appropriate
and will not be tolerated in our community. Fedora is a welcoming
project and while debates may be heated, they should never be hostile.

The Board
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

Re: Planned Outage: Fedocal outage for update - 2014-01-30 10:30 UTC

On Wed, Jan 29, 2014 at 05:10:39PM +0100, Pierre-Yves Chibon wrote:
> Planned Outage: Fedocal outage for update - 2014-01-30 10:30 UTC
>
> There will be an outage starting at 2014-01-30 10:30 UTC, which will last approximately 1 hours, possibly less.
>
> To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:
>
> date -d '2014-01-30 10:30 UTC'
>
> Reason for outage: Update fedocal to 0.4.0 and use this opportunity to rebuild its database.


Outage is over and fedocal is now to its latest version, it even got bump to
0.4.2 due to some last minutes bugs that were discovered.

The new release brings quite a number of changes among them:

* New UI, closer to pkgdb2, nuancier and koji
* Add location to meeting, so that #fedora-meeting should no longer be a
calendar but a location
* Improved list view
* Improved window to add a meeting
* Improved calendar view where the full day meetings are
separated from the other meetings
* Store the meeting in the specified timezone instead of UTC (allows to have a
meeting at 2pm/14:00 Paris time all year long, despite of DST)
* Enable viewing the agenda in another timezone
* Enable browsing the dates without using the small monthly calendar
* Possibility to upload ics files

This means despite the heavy testing from Kamil Páral there might still be some
glitches, if you find any, please report it to https://fedorahosted.org/fedocal/

This 0.4.x release owe a big thanks to Kamil Páral and Jaroslav Reznik who have
reported a large number of bugs and RFE and Ralph Bean who has pretty much
single-handedly reviewed all the changes code-wise.


Hoping it's helpful,

Pierre

[CentOS-announce] CEEA-2014:0104 CentOS 5 openssl Update

CentOS Errata and Enhancement Advisory 2014:0104

Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0104.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
71ee69f3f290a713d07600a89b2b187ef139024abf79f44172298009b3297e98 openssl-0.9.8e-27.el5_10.1.i386.rpm
c36702964e1d982d826444f1c947fdc2232790a85471db2847a088e8b22c008c openssl-0.9.8e-27.el5_10.1.i686.rpm
a0cfe5dc28c8708dce99a83c903ca5de196558f9ef0d9dee1e2fd767e4000256 openssl-devel-0.9.8e-27.el5_10.1.i386.rpm
717a04e6efc267652e1ded8ffc2f6dfe36318a73db980862f61c567d689ccef3 openssl-perl-0.9.8e-27.el5_10.1.i386.rpm

x86_64:
c36702964e1d982d826444f1c947fdc2232790a85471db2847a088e8b22c008c openssl-0.9.8e-27.el5_10.1.i686.rpm
cea3ed2859783e5544cd95b0f339afcd7c6b90758108406008fd33dc591d9c0d openssl-0.9.8e-27.el5_10.1.x86_64.rpm
a0cfe5dc28c8708dce99a83c903ca5de196558f9ef0d9dee1e2fd767e4000256 openssl-devel-0.9.8e-27.el5_10.1.i386.rpm
db8a825bd70cf3de7f4aca5a2c0e393f81ac015a5c02ec05834b98891a3d8f88 openssl-devel-0.9.8e-27.el5_10.1.x86_64.rpm
17c7c4bb019106fb0241e153bafc0482457dbac7b354d93c16f47c22804870c8 openssl-perl-0.9.8e-27.el5_10.1.x86_64.rpm

Source:
bcb60fdca97702e9a2c938f01c1830f235361982681d9855a4f938465bdda264 openssl-0.9.8e-27.el5_10.1.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Announce: OpenSSH 6.5 released

OpenSSH 6.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Changes since OpenSSH 6.4
=========================

This is a feature-focused release.

New features:

* ssh(1), sshd(8): Add support for key exchange using elliptic-curve
Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange
method is the default when both the client and server support it.

* ssh(1), sshd(8): Add support for Ed25519 as a public key type.
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.

* Add a new private key format that uses a bcrypt KDF to better
protect keys at rest. This format is used unconditionally for
Ed25519 keys, but may be requested when generating or saving
existing keys of other types via the -o ssh-keygen(1) option.
We intend to make the new format the default in the near future.
Details of the new format are in the PROTOCOL.key file.

* ssh(1), sshd(8): Add a new transport cipher
"chacha20-poly1305@openssh.com" that combines Daniel Bernstein's
ChaCha20 stream cipher and Poly1305 MAC to build an authenticated
encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.

* ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and
servers that use the obsolete RSA+MD5 signature scheme. It will
still be possible to connect with these clients/servers but only
DSA keys will be accepted, and OpenSSH will refuse connection
entirely in a future release.

* ssh(1), sshd(8): Refuse old proprietary clients and servers that
use a weaker key exchange hash calculation.

* ssh(1): Increase the size of the Diffie-Hellman groups requested
for each symmetric key size. New values from NIST Special
Publication 800-57 with the upper limit specified by RFC4419.

* ssh(1), ssh-agent(1): Support pkcs#11 tokes that only provide
X.509 certs instead of raw public keys (requested as bz#1908).

* ssh(1): Add a ssh_config(5) "Match" keyword that allows
conditional configuration to be applied by matching on hostname,
user and result of arbitrary commands.

* ssh(1): Add support for client-side hostname canonicalisation
using a set of DNS suffixes and rules in ssh_config(5). This
allows unqualified names to be canonicalised to fully-qualified
domain names to eliminate ambiguity when looking up keys in
known_hosts or checking host certificate names.

* sftp-server(8): Add the ability to whitelist and/or blacklist sftp
protocol requests by name.

* sftp-server(8): Add a sftp "fsync@openssh.com" to support calling
fsync(2) on an open file handle.

* sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation,
mirroring the longstanding no-pty authorized_keys option.

* ssh(1): Add a ssh_config ProxyUseFDPass option that supports the
use of ProxyCommands that establish a connection and then pass a
connected file descriptor back to ssh(1). This allows the
ProxyCommand to exit rather than staying around to transfer data.

Bugfixes:

* ssh(1), sshd(8): Fix potential stack exhaustion caused by nested
certificates.

* ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.

* sftp(1): bz#2137: fix the progress meter for resumed transfer.

* ssh-add(1): bz#2187: do not request smartcard PIN when removing
keys from ssh-agent.

* sshd(8): bz#2139: fix re-exec fallback when original sshd binary
cannot be executed.

* ssh-keygen(1): Make relative-specified certificate expiry times
relative to current time and not the validity start time.

* sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block.

* sftp(1): bz#2129: symlinking a file would incorrectly canonicalise
the target path.

* ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent
helper executable.

* sshd(8): Improve logging of sessions to include the user name,
remote host and port, the session type (shell, command, etc.) and
allocated TTY (if any).

* sshd(8): bz#1297: tell the client (via a debug message) when
their preferred listen address has been overridden by the
server's GatewayPorts setting.

* sshd(8): bz#2162: include report port in bad protocol banner
message.

* sftp(1): bz#2163: fix memory leak in error path in do_readdir().

* sftp(1): bz#2171: don't leak file descriptor on error.

* sshd(8): Include the local address and port in "Connection from
..." message (only shown at loglevel>=verbose).

Portable OpenSSH:

* Please note that this is the last version of Portable OpenSSH that
will support versions of OpenSSL prior to 0.9.6. Support (i.e.
SSH_OLD_EVP) will be removed following the 6.5p1 release.

* Portable OpenSSH will attempt compile and link as a Position
Independent Executable on Linux, OS X and OpenBSD on recent gcc-
like compilers. Other platforms and older/other compilers may
request this using the --with-pie configure flag.

* A number of other toolchain-related hardening options are used
automatically if available, including -ftrapv to abort on signed
integer overflow and options to write-protect dynamic linking
information. The use of these options may be disabled using the
--without-hardening configure flag.

* If the toolchain supports it, one of the -fstack-protector-strong,
-fstack-protector-all or -fstack-protector compilation flag are
used to add guards to mitigate attacks based on stack overflows.
The use of these options may be disabled using the
--without-stackprotect configure option.

* sshd(8): Add support for pre-authentication sandboxing using the
Capsicum API introduced in FreeBSD 10.

* Switch to a ChaCha20-based arc4random() PRNG for platforms that do
not provide their own.

* sshd(8): bz#2156: restore Linux oom_adj setting when handling
SIGHUP to maintain behaviour over retart.

* sshd(8): bz#2032: use local username in krb5_kuserok check rather
than full client name which may be of form user@REALM.

* ssh(1), sshd(8): Test for both the presence of ECC NID numbers in
OpenSSL and that they actually work. Fedora (at least) has
NID_secp521r1 that doesn't work.

* bz#2173: use pkg-config --libs to include correct -L location for
libedit.

Checksums:
==========

- SHA1 (openssh-6.5.tar.gz) = 0a375e20d895670489a9241f8faa57670214fbed
- SHA256 (openssh-6.5.tar.gz) = sK5q2rB0o5JCbEmbeE/6N9DtJkT81dwmeuhogT4i900=

- SHA1 (openssh-6.5p1.tar.gz) = 3363a72b4fee91b29cf2024ff633c17f6cd2f86d
- SHA256 (openssh-6.5p1.tar.gz) = oRle1V25RSUtWhcw1KKipcHJpqoB7y5a91CpYmI9kCc=

Please note that the PGP key used to sign releases has been rotated.
The new key has been signed by the old key to provide continuity. It
is available from the mirror sites as RELEASE_KEY.asc.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

F21 Election Town Hall Schedule

Please join the candidates and other members of the Fedora community
on freenode this Friday and Saturday. You may ask questions in
#fedora-townhall-public and the moderator will share them with the
candidates in #fedora-townhall. Each town hall is scheduled for one
hour.

== FESCo (Engineering) Town Hall ==
When: Friday, January 31 at 18:00 UTC
Where: #fedora-townhall and #fedora-townhall-public on freenode

== FAmSCo (Ambassadors) Town Hall ==
When: Saturday, February 01 at 17:00 UTC
Where: #fedora-townhall and #fedora-townhall-public on freenode

Some questions for the candidates were collected in advance of the
town halls and the answers provided by the candidates to those
questions will be posted on the questionnaire link on the wiki prior
to the town halls if at all possible.

https://fedoraproject.org/wiki/Elections/Questionnaire

More information about the schedule and details of this election may
be found on the Elections page.

https://fedoraproject.org/wiki/Elections

John
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce

NYCBSDCon list correction

The link is:

http://www.nycbug.org/mailman/listinfo/nycbsdcon
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce

NYCBSDCon tix: last chance

The last chance to purchase conference tickets at $25 cash is tonight:

Ear Inn, January 29, 6:30-8:30 PM (www.earinn.com at 326 Spring St,
Manhattan)

Look for the man in the "EFF" hat.

After that, you can only buy tickets online for $50 with Paypal until
February 7th, or walk-in for $60. Valid, full-time students can do
walk-in for $15.

*****

Also, for those not aware, there is a conference discussion list.

http://www.nycbug.org/mailman/admin/nycbsdcon
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce

Planned Outage: Fedocal outage for update - 2014-01-30 10:30 UTC

Planned Outage: Fedocal outage for update - 2014-01-30 10:30 UTC

There will be an outage starting at 2014-01-30 10:30 UTC, which will last approximately 1 hours, possibly less.

To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:

date -d '2014-01-30 10:30 UTC'

Reason for outage: Update fedocal to 0.4.0 and use this opportunity to rebuild its database.

No data should be loss


Affected Services:

Fedora Calendar - https://apps.fedoraproject.org/calendar/


Unaffected Services:

Ask Fedora - http://ask.fedoraproject.org/

Badges - https://badges.fedoraproject.org/

BFO - http://boot.fedoraproject.org/

Blockerbugs - https://qa.fedoraproject.org/blockerbugs/

Bodhi - https://admin.fedoraproject.org/updates/

Buildsystem - http://koji.fedoraproject.org/

GIT / Source Control - pkgs.fedoraproject.org

Darkserver - https://darkserver.fedoraproject.org/

DNS - ns-sb01.fedoraproject.org, ns02.fedoraproject.org, ns04.fedoraproject.org, ns05.fedoraproject.org

Docs - http://docs.fedoraproject.org/

Elections - https://admin.fedoraproject.org/voting

Email system

Fedmsg busmon - http://apps.fedoraproject.org/busmon

Fedora Account System - https://admin.fedoraproject.org/accounts/

Fedora Community - https://admin.fedoraproject.org/community/

Fedora Hosted - https://fedorahosted.org/

Fedora OpenID - https://id.fedoraproject.org/

Fedora People - http://fedorapeople.org/

Main Website - http://fedoraproject.org/

Mirror List - https://mirrors.fedoraproject.org/

Mirror Manager - https://admin.fedoraproject.org/mirrormanager/

Package Database - https://admin.fedoraproject.org/pkgdb/

QA Services

Secondary Architectures

Spins - http://spins.fedoraproject.org/

Start - http://start.fedoraproject.org/

Torrent - http://torrent.fedoraproject.org/

Wiki - http://fedoraproject.org/wiki/

Contact Information:

Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/4204

Please join #fedora-admin or #fedora-noc on irc.freenode.net or add comments to the ticket for this outage above.

[CentOS-announce] CEBA-2014:0107 CentOS 6 ksh Update

CentOS Errata and Bugfix Advisory 2014:0107

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0107.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
b1f298dfd6790ccab059e9e6f8c2ac81f5babf98b6654654caf65455bce6a90b ksh-20120801-10.el6_5.3.i686.rpm

x86_64:
560d0aeaa6ccec9d2e9fe82c0d36e4d62373660bcaf94f1d1f1cfa2c14bcb58b ksh-20120801-10.el6_5.3.x86_64.rpm

Source:
30b5ec70cc16449c3ec241cb4682f5693cd44a3de1f6c74a171746ebd9211ee2 ksh-20120801-10.el6_5.3.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2014:0103 Moderate CentOS 6 libvirt Update

CentOS Errata and Security Advisory 2014:0103 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0103.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5bf6a8ba0f6496a1be5a618ce2e1ccad277e7a9c6a5cb1d26ac5bcdd5978dbfc libvirt-0.10.2-29.el6_5.3.i686.rpm
4a2815149d1d69213c97072d1917662b1d0689f4569e9cc2dc4f3ac1ae183128 libvirt-client-0.10.2-29.el6_5.3.i686.rpm
2ee2303a54704d00cb4e190164e0556519c493b6d3439ba50300972d843ec02f libvirt-devel-0.10.2-29.el6_5.3.i686.rpm
57dab069ee6f1a260e092eebb64ac80b03fb9942044b4f55d065ad791a680f79 libvirt-python-0.10.2-29.el6_5.3.i686.rpm

x86_64:
e0d851c122bbb3234dde91943616e01e7e519d60031979cc4c69f9ef15618dc5 libvirt-0.10.2-29.el6_5.3.x86_64.rpm
4a2815149d1d69213c97072d1917662b1d0689f4569e9cc2dc4f3ac1ae183128 libvirt-client-0.10.2-29.el6_5.3.i686.rpm
0c516516fc223df351168c6a2e512f2b14ca638beeaaf956d8f9e198268d6384 libvirt-client-0.10.2-29.el6_5.3.x86_64.rpm
2ee2303a54704d00cb4e190164e0556519c493b6d3439ba50300972d843ec02f libvirt-devel-0.10.2-29.el6_5.3.i686.rpm
51aa6e75aa2e292d03a72c1295fb76aa649ce102ea84f57d8cd890e26ca209f9 libvirt-devel-0.10.2-29.el6_5.3.x86_64.rpm
a6aa34d530fb75e57ecc3ae5a57501a94bde6545d0b51ab3f30d89df55cc796b libvirt-lock-sanlock-0.10.2-29.el6_5.3.x86_64.rpm
5c5a128e0796c534793ff64113acd0d019e5bbaf34e327582b76a6ce7aeced71 libvirt-python-0.10.2-29.el6_5.3.x86_64.rpm

Source:
7532c439112a05dc84fea37387a3809aabc04bc0c76db00e702a80ed119c7f5d libvirt-0.10.2-29.el6_5.3.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2014:0101 CentOS 5 tzdata Update

CentOS Errata and Bugfix Advisory 2014:0101

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0101.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
09690f610045d1ebdbf758e64c3f830e0de7bb497c06f4457b48e955c235e856 tzdata-2013i-2.el5.i386.rpm
db29b0ce1800637cccc7f2d04e57e261ed932825d5d72b96cf47a5a4cabe2af8 tzdata-java-2013i-2.el5.i386.rpm

x86_64:
f32436e544ef826fc18a7bb394b22f04ff499c94d04f09f86f2a6cbdb236b9f5 tzdata-2013i-2.el5.x86_64.rpm
30dcd31b1b0a65b09739321b028f61253883322ca53dc338c585bafae02109ad tzdata-java-2013i-2.el5.x86_64.rpm

Source:
0225a65afb8bdfac38e6f7dade72a58888e0c7087c2c675f31f6c068e3f1ea94 tzdata-2013i-2.el5.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2014:0101 CentOS 6 tzdata Update

CentOS Errata and Bugfix Advisory 2014:0101

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0101.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
8d3ecfc0c4ce1af2785550586aeddc1b38cc9fb50c28d645a779b355269aeda7 tzdata-2013i-2.el6.noarch.rpm
e95040088250c2c51ef6322e71b4ec57a4604a2959271472be270704ac05aa03 tzdata-java-2013i-2.el6.noarch.rpm

x86_64:
8d3ecfc0c4ce1af2785550586aeddc1b38cc9fb50c28d645a779b355269aeda7 tzdata-2013i-2.el6.noarch.rpm
e95040088250c2c51ef6322e71b4ec57a4604a2959271472be270704ac05aa03 tzdata-java-2013i-2.el6.noarch.rpm

Source:
8b8baa7d71bf297ad4306a06265d5366989e4d596bf032db7f9f14b1829c6e0b tzdata-2013i-2.el6.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2014:0098 CentOS 6 p11-kit Update

CentOS Errata and Bugfix Advisory 2014:0098

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0098.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
8a59b170119544ddc81c548e78b56fb77d610eb2156a72954fa356b027fd8ecf p11-kit-0.18.5-2.el6_5.2.i686.rpm
151a790f04cae78dc85aead851d70b8633ed38c20f08f76588be330889c05775 p11-kit-devel-0.18.5-2.el6_5.2.i686.rpm
14a9fcb6d4fd540640c404c45b7a53e2514c21a6552b0b1d79b53518e9444512 p11-kit-trust-0.18.5-2.el6_5.2.i686.rpm

x86_64:
8a59b170119544ddc81c548e78b56fb77d610eb2156a72954fa356b027fd8ecf p11-kit-0.18.5-2.el6_5.2.i686.rpm
72c0d0603374442745817291b41eff329e97557aa89d6d8b112f5c033d16ee15 p11-kit-0.18.5-2.el6_5.2.x86_64.rpm
151a790f04cae78dc85aead851d70b8633ed38c20f08f76588be330889c05775 p11-kit-devel-0.18.5-2.el6_5.2.i686.rpm
fd9fad6a32e38e127019f6923665ded642358ff61cdf223c7d72bbf39fee898c p11-kit-devel-0.18.5-2.el6_5.2.x86_64.rpm
14a9fcb6d4fd540640c404c45b7a53e2514c21a6552b0b1d79b53518e9444512 p11-kit-trust-0.18.5-2.el6_5.2.i686.rpm
567f2ae1f27f625358041e52dfaea7fb9a4ddbc989452077660e03bdfbcd98a5 p11-kit-trust-0.18.5-2.el6_5.2.x86_64.rpm

Source:
9c7066369fc43b94e1ca95a1cef3f603476e98e56296a1c7c08cb71f46203532 p11-kit-0.18.5-2.el6_5.2.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Ubuntu 13.04 (Raring Ringtail) End of Life reached on January 27 2014

This is a follow-up to the End of Life warning sent last month to
confirm that as of today (Jan 27, 2014), Ubuntu 13.04 is no longer
supported. No more package updates will be accepted to 13.04, and
it will be archived to old-releases.ubuntu.com in the coming weeks.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 13.04 (Raring Ringtail) release almost 9 months
ago, on April 25, 2013. This was the first release with our new 9
month support cycle and, as such, the support period is now nearing
its end and Ubuntu 13.04 will reach end of life on Monday, January
27th. At that time, Ubuntu Security Notices will no longer include
information or updated packages for Ubuntu 13.04.

The supported upgrade path from Ubuntu 13.04 is via Ubuntu 13.10.
Instructions and caveats for the upgrade may be found at:

https://help.ubuntu.com/community/SaucyUpgrades

Ubuntu 13.10 continues to be actively supported with security updates
and select high-impact bug fixes. Announcements of security updates
for Ubuntu releases are sent to the ubuntu-security-announce mailing
list, information about which may be found at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

[CentOS-announce] CESA-2014:0097 Important CentOS 5 java-1.6.0-openjdk Update

CentOS Errata and Security Advisory 2014:0097 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0097.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
6caed4bdd26f1dc127296529e81bb4f6470f10ca125909b3620fee8dcd8e351e java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el5_10.i386.rpm
9b095ceafe6a394dbbadd8fa7707353d5aa10a3d370692c718df1d0b98eb489c java-1.6.0-openjdk-demo-1.6.0.0-3.1.13.1.el5_10.i386.rpm
8e72ba64d0c261890b97cc21f83dd339c42ef37023eb29c4e30b0cb9f8d1093d java-1.6.0-openjdk-devel-1.6.0.0-3.1.13.1.el5_10.i386.rpm
8e6038d8c02f67e71d1322c08f19d2ad1aead9bfd00a9e3789aba8d5e672c6e9 java-1.6.0-openjdk-javadoc-1.6.0.0-3.1.13.1.el5_10.i386.rpm
755f1dd7a902cc91a67a0d8a921240543a6c2eb6675d8481d2631a1f2a39496f java-1.6.0-openjdk-src-1.6.0.0-3.1.13.1.el5_10.i386.rpm

x86_64:
5c706895a3daed73a7ad9212c21828617688e6c20bd1cad21d621f4728ffc95c java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el5_10.x86_64.rpm
d0fe5649b1752e4f6c0db66ab5ce07b6a8f5184edae409bfa44629dfde95e144 java-1.6.0-openjdk-demo-1.6.0.0-3.1.13.1.el5_10.x86_64.rpm
d40c8eae6d0de3bd40c61bc8af101ecb0ab2d2c714aa8a84bd2850c84f59dcf6 java-1.6.0-openjdk-devel-1.6.0.0-3.1.13.1.el5_10.x86_64.rpm
d98cf8cad90ceeef44c151f3169fc7a669b52b6c8b7bf2027c2cdc5821212bb8 java-1.6.0-openjdk-javadoc-1.6.0.0-3.1.13.1.el5_10.x86_64.rpm
0dad07e04eac26f868d6804c24c9610607d1a52cbf1a0f724a22d503102809b3 java-1.6.0-openjdk-src-1.6.0.0-3.1.13.1.el5_10.x86_64.rpm

Source:
661ba6de7667a517409f55687c370310df7ed695033aedade553722dd38ce023 java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el5_10.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2014:0097 Important CentOS 6 java-1.6.0-openjdk Update

CentOS Errata and Security Advisory 2014:0097 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0097.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
dc32d3b3fdc3734ff5e0fc70008a780b4d4cc8d907c6f07cd3e4fa74ddd4fc95 java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.i686.rpm
08f516cb1cc1643dccbc49dbed2c12ed703f1b6766945bd532a6146d3c6b0e2a java-1.6.0-openjdk-demo-1.6.0.0-3.1.13.1.el6_5.i686.rpm
b475d25fb096dd34046f2234250941b7a6422f9a069f35f9396de76bdfbf712f java-1.6.0-openjdk-devel-1.6.0.0-3.1.13.1.el6_5.i686.rpm
5159ccd0867679d63e3b31b40d01cfc08c14dffe013ca470b312c6b0032e2a31 java-1.6.0-openjdk-javadoc-1.6.0.0-3.1.13.1.el6_5.i686.rpm
c7d1e460bda169bcde58806fa1c76802215c81f9699d43708f2eb1ccda0d2072 java-1.6.0-openjdk-src-1.6.0.0-3.1.13.1.el6_5.i686.rpm

x86_64:
e61e32a873399b4983042e81e5a571cc9b9cc1bbc613de12b3922d0951460758 java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.x86_64.rpm
78d64978b6d18d6b8876f2388d2529283acd75aad3a74c24076b3a3c422a3524 java-1.6.0-openjdk-demo-1.6.0.0-3.1.13.1.el6_5.x86_64.rpm
8f694c6e4aa03789087883ff41625786b703efce227c78e12cf6778380b8b794 java-1.6.0-openjdk-devel-1.6.0.0-3.1.13.1.el6_5.x86_64.rpm
597ef0a1beccebcd12d2dc82dbac94c90439f0a550d4665fa50a19125e35664a java-1.6.0-openjdk-javadoc-1.6.0.0-3.1.13.1.el6_5.x86_64.rpm
5203f5a2b35b2c04c93076beeedc7f9ebb9732850501c1cb03d111e48a6a123e java-1.6.0-openjdk-src-1.6.0.0-3.1.13.1.el6_5.x86_64.rpm

Source:
2cbbd73fca3e09694b91c5c15d85fe36d40b958c4a16ef508ca6fdfffd6efbb3 java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2014:0096 CentOS 6 irqbalance Update

CentOS Errata and Bugfix Advisory 2014:0096

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0096.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
c9d21f1ccbda1fd26b75f29aeb8632a8027d588ff13b28618d61f46467a8bf3b irqbalance-1.0.4-8.el6_5.i686.rpm

x86_64:
315af9937797f16da07c7b4e5192c4916c39de8d602359c8326aa37888c687d3 irqbalance-1.0.4-8.el6_5.x86_64.rpm

Source:
346664c7a960437e503b86f1b9bb379010392eee978f76f1764a1acde8faa029 irqbalance-1.0.4-8.el6_5.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-2090-1] Munin vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS5p+aAAoJEGVp2FWnRL6Tf0QQAL3z8cQbkdwwaD2TeC/kro//
WyuKFZtjXdUmyJcNj4Wkxs8HH6uEZ6upAlmwrWi+NBAaxXLBtknE6juojzQlWA5+
8SGwRStMmYsAwaiikF+8yMAARzLRL66/NYpaQ099N1Ed77gNxOhgDLMOShAyRkZh
/nGW4mwvr1xZDRNG/7QJhIMH7aqs08dwQ+Mdvep0k99kqSE2c25OnRLBN407kMz1
2ya44KN0o7M7bCCu3zKm1jhSfvyixmmdCnbuepJ/ZxL2U+L0rNtiy/6sgcC8Mj3G
GZ9ZTnxncttntVJnGuCE58PFcj8QQjfWgDYoBqfDCDKo+mUTvnsNH6F21U/yWTsi
F2ektc9OPY3SY5VACGAjHkwnuGmcE6BnMq59RLPo+uRYYRvRbyC3LUXNvIw7dtw4
fMMfMTuSgcpqwNAzezBKlZF/pxOyunvKuPzcSr7sLTv5YPh+3Gi9to7uNc3PmR+C
0DengrH5rv7MqnyAgHwA3qJ4+0ez0UNUVu8RyBZgbrycCLGO7DcSoa4GTQo1ykgG
l1qrRg2AGBBiuzWmy5i/AXCPuLZy3z6XOqFNeyw9wzSVoLvoSTgsxgAme8qECNnp
n3wiIgqIc5O1IsJn9g5LCTmGIQbQy6ZzJObyzdyB+9kF+mrH6MmNyK9L4kaInYwB
doeel3qVXxYf6y25i/Po
=kwVh
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2090-1
January 27, 2014

munin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Munin.

Software Description:
- munin: Network-wide graphing framework

Details:

Christoph Biedl discovered that Munin incorrectly handled certain
multigraph data. A remote attacker could use this issue to cause Munin to
consume resources, resulting in a denial of service. (CVE-2013-6048)

Christoph Biedl discovered that Munin incorrectly handled certain
multigraph service names. A remote attacker could use this issue to cause
Munin to stop data collection, resulting in a denial of service.
(CVE-2013-6359)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
munin 2.0.17-2ubuntu1.1

Ubuntu 12.10:
munin 2.0.2-1ubuntu2.3

Ubuntu 12.04 LTS:
munin 1.4.6-3ubuntu3.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2090-1
CVE-2013-6048, CVE-2013-6359

Package Information:
https://launchpad.net/ubuntu/+source/munin/2.0.17-2ubuntu1.1
https://launchpad.net/ubuntu/+source/munin/2.0.2-1ubuntu2.3
https://launchpad.net/ubuntu/+source/munin/1.4.6-3ubuntu3.4

[opensuse-announce] openSUSE 12.2 has reached end of SUSE support

Hi all,

with the release of the gnumeric on January 27th, 2014 the SUSE sponsored
maintenance of openSUSE 12.2 has ended.

openSUSE 12.2 is now officially discontinued and out of support by SUSE.

openSUSE 12.2 was released on September 5th 2012, making it ca. 17 months of
security and bugfix support.

Here are some statistics of our released updates (compared to 12.1):

Total updates: 748 (-41)
Security: 352 (-37)
Recommended: 395 (-3)
Optional: 1 (-1)

Fixed CVE-entries: 1032 (-256)
Fixed Bugs (overall): 1260 (-560)

A special thanks to the KDE-team, which made it possible to release the first full kde-stack bugfix-update to KDE 4.8.5
for a openSUSE-distribution without any bigger issues.
Also thanks at this point to our awesome packagers, community and the OpenBuildService-Team for a really stable and
strong release!


Your maintenance- and security-team



--
Benjamin Brunner <bbrunner@suse.com>,
SUSE LINUX, Maintenance
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284
(AG Nürnberg)






--
To unsubscribe, e-mail: opensuse-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-announce+help@opensuse.org

NYCBSDCon Tickets

NYCBSDCon is only 12 days away. The schedule and full presentation
descriptions are posted.

There are two remaining chances to purchase tickets at $25 cash:

- Suspenders BSD Laptop Installfest, January 27, 6:30-7:45 PM (111
Broadway, Manhattan)
- Ear Inn with "the man in the EFF hat", January 29, 6:30-8:30 PM
(www.earinn.com at 326 Spring St, Manhattan)

After that, only online tickets (at $50) and at the door (at $60) are
available. Valid full-time students can pay $15 at any of those times.

There will be no February meeting on the first Wednesday of the month,
but we have meetings lined up for both March and April. Stay tuned for
details.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://www.nycbug.org/mailman/listinfo/announce

[FreeBSD-Announce] FreeBSD Quarterly Status Report, October-December 2013

FreeBSD Quarterly Status Report, October-December 2013

Introduction

This report covers FreeBSD-related projects between October and
December 2013. This is the last of four reports planned for 2013.

The last quarter of 2013 was very active for the FreeBSD community,
much like the preceding quarters. Many advances were made in getting
FreeBSD to run on ARM-based System-on-Chip boards like Cubieboard,
Rockchip, Snapdragon, S4, Freescale i.MX6 and Vybrid VF6xx. FreeBSD is
also becoming a better platform for Xen and the Amazon Elastic Compute
Cloud. There are plans for FreeBSD to become a fully supported compute
host for OpenStack. The I/O stack has again received some performance
boosts on multi-processor systems through work touching the CAM and
GEOM subsystems, and through better adaptation of UMA caches to system
memory constraints for ZFS. The FreeBSD Foundation did an excellent job
in this quarter, and many of their sponsored projects like VT-d and
UEFI support, iSCSI stack, Capsicum, and auditdistd are about to
complete. At the same time, new projects like Automounter and Intel GPU
updates have just been launched. The Newcons project has been merged
into -CURRENT, which will make it possible to finally move to the
latest version of X.Org in the Ports Collection. Efforts are also under
way to improve testing with Jenkins and Kyua. It is an exciting time
for users and developers of FreeBSD!

Thanks to all the reporters for the excellent work! This report
contains 37 entries and we hope you enjoy reading it.

The deadline for submissions covering between January and March 2014 is
April 7th, 2014.
__________________________________________________________________

FreeBSD Team Reports

* FreeBSD Cluster Administration Team
* FreeBSD Core Team
* FreeBSD Port Management Team
* FreeBSD Postmaster Team
* FreeBSD Release Engineering Team

Projects

* CBSD
* Jenkins Continuous Integration for FreeBSD

Kernel

* GEOM Direct Dispatch and Fine-Grained CAM Locking
* Intel 802.11n NIC (iwn(4)) Work
* Intel GPU Driver Update
* Native iSCSI Stack
* New Automounter
* UEFI Boot
* UMA/ZFS and RPC/NFS Performance Improvements
* Updated vt(9) System Console

Architectures

* FreeBSD Host Support for OpenStack and OpenContrail
* FreeBSD on Cubieboard{1,2}
* FreeBSD on Freescale i.MX6 processors
* FreeBSD on Freescale Vybrid VF6xx
* FreeBSD on Newer ARM Boards
* FreeBSD/EC2
* FreeBSD/Xen
* Intel IOMMU (VT-d, DMAR) Support

Userland Programs

* auditdistd(8)
* Base GCC Updates
* BSDInstall ZFSBoot
* Capsicum and Casper
* Centralized Panic Reporting
* FreeBSD Test Suite
* The LLDB Debugger

Ports

* FreeBSD Python Ports
* GNOME/FreeBSD
* KDE/FreeBSD
* Wine/FreeBSD
* X.Org on FreeBSD
* Xfce/FreeBSD

Miscellaneous

* The FreeBSD Foundation
__________________________________________________________________

FreeBSD Cluster Administration Team

Contact: FreeBSD Cluster Administration Team <admins@>

The FreeBSD Cluster Administration Team consists of the people
responsible for administering the machines that the project relies on
for its distributed work and communications to be synchronised. In the
last quarter of 2013, they continued general maintenance of the FreeBSD
cluster across all sites.

In addition to general upkeep tasks, additional cluster-related items
were addressed. Some of these items include:

* Added several machines for the Kyua testing framework.
* Replaced failed hardware hosting various web services.
* Coordinated with the FreeBSD Security Officer and Ports Management
Teams to implement signed binary packages.
* Added the redports.org machines to the list of machines managed by
the Cluster Administration Team.
* Began discussion with contacts at Yandex regarding the addition of
a mirror site for binary packages and Subversion repositories.
__________________________________________________________________

FreeBSD Core Team

Contact: FreeBSD Core Team <core@FreeBSD.org>

The FreeBSD Core Team constitutes the project's "Board of Directors",
responsible for deciding the project's overall goals and direction as
well as managing specific areas of the FreeBSD project landscape.

In the fourth quarter of 2013, the Core Team finally reached its
previous goal of launching the official repositories for pkg(8)-based
binary packages. The Core Team also unified the commit bit expiration
policies for all Project repositories, allowing committers to idle for
18 months before their commit bits are automatically taken into
safekeeping. This was then followed by an extension to suspension of
cluster accounts for the committers who lost all of their commit bits.
This helps to improve the security of the Project server cluster by
temporarily disabling inactive accounts. In addition to the above
efforts, Thomas Abthorpe resurrected the "Grim Reaper" service which
helps to enforce the aforementioned policy.

With the work of John Baldwin, Hiroki Sato, and others, many licenses
in the base system source code have been revisited and cleaned up.
Furthermore, the Core Team is hoping that the situation can be improved
by introducing periodic automated checks of the license agreements, and
by providing developers guidelines on questions of licensing. John
Baldwin and David Chisnall have been guiding the work of the FreeBSD
Graphics Team on moving to the newer version of X.Org and related
software in the Ports Collection, in coordination with the switch to
Newcons on FreeBSD 10.x.

It was a busy quarter for the src repository as well. The Core Team was
happy to welcome Jordan K. Hubbard (jkh) back who has recently returned
to the FreeBSD business, and joined iXsystems as project manager and
release engineer of FreeNAS. In addition to this, there were 3 commit
bits offered for new developers, 2 committers were upgraded, 1 commit
bit was taken for safekeeping, and 1 src bit was reactivated.
__________________________________________________________________

FreeBSD Port Management Team

URL: http://www.FreeBSD.org/ports/
URL: http://www.freebsd.org/doc/en/articles/contributing-ports/
URL: http://portsmon.freebsd.org/index.html
URL: http://www.freebsd.org/portmgr/index.html
URL: http://blogs.freebsdish.org/portmgr/
URL: http://www.twitter.com/freebsd_portmgr/
URL: http://www.facebook.com/portmgr
URL: http://plus.google.com/communities/108335846196454338383

Contact: FreeBSD Port Management Team <portmgr@FreeBSD.org>

The FreeBSD Ports collection is a package management system for the
FreeBSD operating system, providing an easy and consistent way of
installing software packages. The FreeBSD Ports Collection now contains
approximately 24,500 ports, while the PR count exceeds 1,900.

The FreeBSD Port Management Team ensures that the FreeBSD ports
developer community provides a Ports Collection that is functional,
stable, up-to-date and full-featured. Its secondary responsibility is
to coordinate among the committers and developers who work on it. As
part of these efforts, we added 3 new committers, took in 3 commit bits
for safe keeping, and reinstated 1 commit bit in the fourth quarter of
2013.

Ongoing effort went into testing larger changes, as many as 8 a week,
including sweeping changes to the tree, moderization of the
infrastructure, and basic quality assurance (QA) runs. Many iterations
of tests against 10.0-RELEASE were run to ensure that the maximum
number of packages would be available for the release.

We now have pkg(8) packages for the releases 8.3, 8.4, 9.1, 9.2, 10.0
and -CURRENT on pkg.FreeBSD.org. During this same time, further
enhancements were put into pkg(8), including secure package signing.

Commencing November 1, the Port Management Team undertook a
"portmgr-lurkers" pilot project in which ports committers could
volunteer to assist the Port Management Team for a four-month duration.
The first two candiates are Mathieu Arnold (mat) and Antoine Brodin
(antoine).

Ongoing maintenance goes into redports.org, including QAT runs, ports
and security updates.

Open tasks:

1. As previously noted, many PRs continue to languish; we would like
to see some committers dedicate themselves to closing as many as
possible!
__________________________________________________________________

FreeBSD Postmaster Team

URL: http://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
URL: http://lists.freebsd.org/mailman/listinfo/ctm-src-10
URL: http://lists.freebsd.org/mailman/listinfo/ctm-src-10-fast
URL: http://www.freebsd.org/doc/en/articles/committers-guide/pgpkeys.html

Contact: FreeBSD Postmaster Team <postmaster@FreeBSD.org>

In the fourth quarter of 2013, the FreeBSD Postmaster Team has
implemented the following items that may be interest of the general
public:

* Retired the freebsd-aic7xxx mailing list.
* Created a graphics-team alias, requested by Niclas Zeising.
* Worked with the FreeBSD Port Management Team to set up
portmgr-lurkers so port managers can move addresses between those
two aliases at their discretion.
* Created the lists associated with the new stable/10 branch:
svn-src-stable-10, ctm-src-10, and ctm-src-10-fast.
* Redirected the vbox alias to the emulation list, requested by
Bernhard Fröhlich.
* Continued a discussion on current and possible future mail and spam
filtering.
* Disbanded lua and transferred it to Baptiste Daroussin, requested
by Matthias Andree and Baptiste Daroussin.
* Modified the list moderators/administrators for ports-secteam,
requested by Dag-Erling Smørgrav.
* Assisted Warren Block with an update to the "OpenPGP Keys for
FreeBSD" section of the Committer's Guide.
__________________________________________________________________

FreeBSD Release Engineering Team

URL: http://www.FreeBSD.org/releases/10.0R/schedule.html
URL: http://ftp.FreeBSD.org/pub/FreeBSD/snapshots/VM-IMAGES/
URL: http://ftp.FreeBSD.org/pub/FreeBSD/snapshots/ISO-IMAGES/

Contact: FreeBSD Release Engineering Team <re@FreeBSD.org>

The FreeBSD Release Engineering Team is finishing the 10.0-RELEASE
cycle. The release cycle changed with two last-minute release candidate
builds, each addressing fixes critical to include in the final release.

The FreeBSD 10.0-RELEASE cycle is expected to be completed by
mid-January, approximately eight weeks behind the original schedule.
__________________________________________________________________

CBSD

URL: http://www.bsdstore.ru/
URL: https://github.com/olevole/cbsd

Contact: Oleg Ginzburg <olevole@olevole.ru>

CBSD is another FreeBSD jail management solution, aimed at combining
various features, such as racct(8), vnet, zfs(8), carp(4), and
hastd(8), into a single tool. This provides a more comprehensive way to
build application servers using pre-installed jails with a typical set
of software, and requires minimal effort to configure.

Open tasks:

1. Proper English translation of the website and the documentation.
__________________________________________________________________

Jenkins Continuous Integration for FreeBSD

URL: http://www.ixsystems.com/whats-new/jenkins-bhyve-and-webdriver-continuous-integration-testing-on-freenas/

Contact: Craig Rodrigues <rodrigc@FreeBSD.org>

At the November 2013 FreeBSD Vendor Summit, some of the work was
presented that Craig Rodrigues has been doing with Continuous
Integration and Testing at iXsystems. Craig's presentation described
how iXsystems is using modern best practices for building and testing
the FreeNAS code. Jenkins is a framework for doing continuous builds
and integration that is used by hundreds of companies. BHyve (BSD
Hypvervisor) is the new virtual machine system which will be part of
FreeBSD 10. Webdriver is a Python toolkit for testing web applications.
By combining these technologies, iXsystems is developing a modern and
sophisticated workflow for testing and improving the quality of
FreeNAS.

Ed Maste from The FreeBSD Foundation was interested in this work, and
based on this interest, it is now being ported to FreeBSD. Currently, a
machine in the FreeBSD cluster has been allocated for this purpose,
where a bhyve(4)-based virtual machine was set up and Jenkins was
installed. The remainder is still in progress.

Open tasks:

1. Finish setting up Jenkins.
2. Add more builds to Jenkins.
3. Integrate testing with Jenkins.
__________________________________________________________________

GEOM Direct Dispatch and Fine-Grained CAM Locking

URL: http://people.freebsd.org/~mav/disk.pdf
URL: http://svnweb.freebsd.org/changeset/base/260387
URL: http://svnweb.freebsd.org/changeset/base/260385

Contact: Alexander Motin <mav@FreeBSD.org>

The CAM and GEOM multi-processor scalability improvement project has
completed. The corresponding code has been committed to FreeBSD head
and recently merged to the stable/10 branch; it shall appear in
10.1-RELEASE.

As part of this project, cam(4) (the ATA/SCSI subsystem) has received
more fine-grained locking for better utilization of multi-core systems.
In addition, the locking in geom(4) (the block storage subsystem) has
also been polished, and a new direct dispatch functionality was
implemented to spread the load between multiple threads and processors,
and reduce the number of context switches.

Thanks to these cam(4) and geom(4) changes, the peak I/O rate has
doubled on comptemporary hardware, reaching up to 1,000,000 IOPS!

This project is sponsored by iXsystems, Inc.

Open tasks:

1. Some CAM controller drivers (SIMs) could also be optimized to get
more benefits from this project, utilizing the new locking models
and direct command completions from multiple interrupt threads.
__________________________________________________________________

Intel 802.11n NIC (iwn(4)) Work

Contact: Adrian Chadd <adrian@freebsd.org>

There has been a large amount of work on iwn(4) over the last six
months:

* New hardware support: 2xxx, 6xxx, 1xx series hardware.
* Many bugs were fixed, including scanning, association, EAPOL
related fixes.
* iwn(4) now natively works with 802.11n rates from the net80211 rate
control code, rather than mapping non-11n rates to 11n rates.

Open tasks:

1. There are still some scan hangs, due to how net80211 scans a single
channel at a time. This needs to be resolved.
2. The transmit, receive, scan and calibration code needs to be
refactored out of if_iwn.c and into separate source files.
3. There still seem to be some issues surrounding 2 GHz versus 5 GHz
association attempts leading to firmware assertions, especially on
the Intel 4965 NIC.
__________________________________________________________________

Intel GPU Driver Update

Contact: Konstantin Belousov <kib@FreeBSD.org>

This project will update the Intel graphics chipset driver, i915kms, to
a recent snapshot of the Linux upstream code. The update will provide
at least 1.5 years of bugfixes from the Intel team, and introduce
support for the newest hardware -- in particular Haswell and
ValleyView. The IvyBridge code will also be updated. The addition of
several features, which are required in order to update X.Org and Mesa,
is also planned.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

Native iSCSI Stack

URL: https://wiki.freebsd.org/Native%20iSCSI%20target

Contact: Edward Tomasz Napierała <trasz@FreeBSD.org>

iSCSI is a popular block storage protocol. Under this project, a new,
fast, and reliable kernel-based iSCSI initiator (client) and target
(server) have been implemented.

During October to December, the work focused on performance and
scalability. The target and the initiator now spread the load over
multiple kernel threads, and the locking is optimized to reduce
contention. This makes better use of multiple processor cores.

Work to finish iSER support is ongoing. All those optimizations will be
gradually merged to head in February, and are expected to merged back
to stable/10 and finally arrive in 10.1-RELEASE.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

New Automounter

Contact: Edward Tomasz Napierała <trasz@FreeBSD.org>

Research and prototyping has begun on a new project to implement
autofs(4) -- an automounter filesystem -- and its userland counterpart,
automountd(8). The idea is to provide a very similar user experience to
the automounters available on Linux, MacOS X, and Solaris, including
using the same map format. The automounter will also integrate with
directory services, such as LDAP.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

UEFI Boot

URL: https://wiki.freebsd.org/UEFI
URL: http://svnweb.freebsd.org/base/projects/uefi/

Contact: Ed Maste <emaste@FreeBSD.org>

The Unified Extensible Firmware Interface (UEFI) provides boot- and
run-time services for x86 computers, and is a replacement for the
legacy BIOS. This project will adapt the FreeBSD loader and kernel boot
process for compatibility with UEFI firmware, found on contemporary
servers, desktops, and laptops.

In 2013, The FreeBSD Foundation sponsored Benno Rice for a short
project to improve the UEFI bootloader. This resulted in a working
proof-of-concept in the UEFI project branch, but it was not ready to be
merged to FreeBSD head.

Ed Maste has taken that original work and, with review feedback from
Konstantin Belousov, been preparing it for integration into FreeBSD
head. Some changes have been merged to head already. The rest will be
merged as they are refined.

Intel provided a motherboard and CPU for the project, which proved
invaluable for addressing bugs that did not appear while testing with
the QEMU emulator.

This project is sponsored by The FreeBSD Foundation.

Open tasks:

1. Resolve a 32- versus 64-bit libstand(3) build issue.
2. Merge kernel parsing of EFI memory map metadata.
3. Integrate the EFI framebuffer with vt(9) (also known as Newcons).
4. Connect efiloader to the build.
5. Document manual installation for dual-boot configurations.
6. Integrate UEFI configuration with the FreeBSD installer.
7. Support secure boot.
__________________________________________________________________

UMA/ZFS and RPC/NFS Performance Improvements

URL: http://docs.freebsd.org/cgi/mid.cgi?52894C92.60905

Contact: Alexander Motin <mav@FreeBSD.org>

The performance of ZFS and NFS was suboptimal in FreeBSD, so we have
recently investigated some possible improvement paths. The uma(9)
memory allocator caching code was improved to adapt better to system
memory constraints. Combined with other virtual memory subsystem
improvements done in the previous years, it should be safe to actively
use uma(9) caches now. Their use in ZFS for ZIO/ARC may be enabled via
the vfs.zfs.zio.use_uma loader(8) tunable, which is now the default for
amd64, where it is recommended. Use of uma(9) caches for LZ4
compression buffers is unconditionally enabled on all architectures as
it is has no serious drawbacks. On systems with many CPUs, these
changes doubled the performance in the benchmarks.

Several areas of the NFS server stack (RPC, FHA, DRC) got a number of
fixes and performance optimizations that significantly improve
performance and reduce the CPU usage in a number of tests. Together
with the ZFS memory allocator changes mentioned above, it was possible
to reach 200K NFS block read IOPS and 55K SPEC NFS IOPS.

The code was committed to head. The uma(9) ZFS commits have been
already merged to stable/10, and the remainder will be done soon as
well.

This project is sponsored by iXsystems, Inc.

Open tasks:

1. The SPEC NFS test hits lock congestion on several global locks in
the file system layer when a quite intensive READDIRPLUS NFS
request is received. Fixing this problem could improve performance
on large systems even further.
__________________________________________________________________

Updated vt(9) System Console

URL: https://wiki.freebsd.org/Newcons

Contact: Aleksandr Rybalko <ray@FreeBSD.org>
Contact: Ed Maste <emaste@FreeBSD.org>
Contact: Ed Schouten <ed@FreeBSD.org>

Colloquially known as Newcons, vt(9) is a modern replacement for the
existing, quite old, virtual terminal emulator called syscons(4).
Initially motivated by the lack of Unicode support in syscons(4), the
project was later expanded to cover the new requirement to support
Kernel Mode Switching (KMS).

The project is now approaching completion and is ready for wider
testing as the related code was already merged to FreeBSD head. Hence,
vt(9) can be tested easily by replacing the following two lines in the
kernel config file:

device sc
device vga

with the following ones:

device vt
device vt_vga

Major highlights:

* Unicode support.
* Double-width character support for CJK characters.
* xterm(1)-like terminal emulation.
* Support for Kernel Mode Setting (KMS) drivers (i915kms, radeonkms).
* Support for different fonts per terminal window.
* Simplified drivers.

Brief status of supported architectures and hardware:

* amd64 (VGA/i915kms/radeonkms) -- works.
* ARM framebuffer -- works.
* i386 (VGA/i915kms/radeonkms) -- works.
* IA64 -- untested.
* MIPS -- untested.
* PPC and PPC64 -- Works, but without X.Org yet.
* SPARC -- works on certain hardware (e.g., Ultra 5).
* vesa(4) -- in progress.
* i386/amd64 nVidia driver -- need testing.
* Xbox framebuffer driver -- need testing.

Known Issues:

* Switching to vty0 from X.Org on Fatal events will not work.
* Certain hardware (e.g., Lenovo X220) get a black screen when
i915kms is preloaded.
* Scrolling can be slow;
* Screen borders are not cleared when changing fonts.
* vt(9) locks up with the gallant12x22 font in VirtualBox.

This project is sponsored by The FreeBSD Foundation.

Open tasks:

1. Create sub-directories for vt(9) under /usr/share/ to store key
maps and fonts.
2. Implement remaining features supported by vidcontrol(1).
3. Write the vt(9) manual page.
4. Support keyboard handled directly by device kbd (without
kbdmux(4)).
5. CJK fonts (in progress).
__________________________________________________________________

FreeBSD Host Support for OpenStack and OpenContrail

URL: http://www.openstack.org/
URL: http://www.opencontrail.org/
URL: https://github.com/Semihalf/openstack-devstack
URL: https://github.com/Semihalf/openstack-nova
URL: https://github.com/Semihalf/contrail-vrouter
URL: https://blueprints.launchpad.net/nova/+spec/freebsd-compute-node

Contact: Grzegorz Bernacki <gjb@semihalf.com>
Contact: Michał Dubiel <md@semihalf.com>
Contact: Rafał Jaworowski <raj@semihalf.com>

OpenStack is a cloud operating system that controls large pools of
compute, storage, and networking resources in a data center.
OpenContrail is a network virtualization (SDN) solution comprising a
network controller, a virtual router, and an analytics engine, which
can be integrated with cloud orchestration systems like OpenStack or
CloudStack.

The goal of this work is to enable FreeBSD as a fully supported compute
host for OpenStack, using OpenContrail virtualized networking. The main
areas of development are the following:

* OpenStack compute driver (nova-compute) for the FreeBSD bhyve(4)
hypervisor.
* OpenContrail vRouter (forwarding-plane kernel module) port to
FreeBSD.
* Integration and performance optimizations.

The current state of development features a working demo of OpenStack
with compute node components running on a FreeBSD host:

* The native bhyve(4) hypervisor is driven by a nova-compute
component for spawning guest instances and a nova-network component
for providing simple networking between those guests.
* The nova-network approach (based on local host bridging) is
becoming an obsolete technology in OpenStack and was used here only
for demonstration and proof-of-concept purposes, without exploring
all the possible features.
* The main objective is to move to OpenContrail-based networking,
therefore becoming compliant with the modern OpenStack networking
API ("neutron").

This project is sponsored by Juniper Networks, Inc.

Open tasks:

1. Decide how to integrate bhyve(4) with nova-compute, either natively
or via the libvirt management layer.
__________________________________________________________________

FreeBSD on Cubieboard{1,2}

URL: https://github.com/tsgan/allwinner_a10/blob/master/if_emac.c

Contact: Ganbold Tsagaankhuu <ganbold@FreeBSD.org>

Cubieboard is a single-board computer based on the AllWinner A10 SoC,
popular on cheap tablets, phones and media PCs. The second version
enhances the board mainly by replacing the AllWinner A10 SoC with an
AllWinner A20 which contains 2 ARM Cortex-A7 MPCore CPUs and 2 Mali-400
GPUs (Mali-400MP2). In the last few months, work has continued on their
FreeBSD port, and some work was done on the EMAC 10/100 Ethernet driver
(see link). The driver is now in a good shape, however the RX side is
very slow and there is need to have an external DMA driver that can be
used in this case.
__________________________________________________________________

FreeBSD on Freescale i.MX6 processors

URL: http://lists.freebsd.org/pipermail/freebsd-arm/2013-November/006877.html

Contact: Ian Lepore <ian@freebsd.org>

The i.MX range is a family of Freescale Semiconductor proprietary
microprocessors for multimedia applications based on the ARM
architecture and focused on low-power consumption. The i.MX6x series is
based on the ARM Cortex A9 solo, dual or quad cores. Initial support
for them has been committed to head, and merged to stable/10. All
members of the i.MX6 family (Solo, Dual, and Quad core) are supported,
but SMP support on the multi-core SoCs has not yet been enabled.

Initial driver support includes:

* USB (EHCI)
* Ethernet (Gigabit)
* SD Card
* UART

The initial hardware bringup was done on Wandboard hardware, see the
announcement on freebsd-arm in the links section for more information.

Open tasks:

1. Write drivers for additional on-chip hardware, including I2C, SPI,
AHCI, audio, and video.
2. Add support to FreeBSD-crochet script to generate Wandboard images
__________________________________________________________________

FreeBSD on Freescale Vybrid VF6xx

URL: http://svnweb.freebsd.org/changeset/base/258057

Contact: Ruslan Bukin <br@freebsd.org>

Basic support for the Freescale Vybrid Family VF6xx heterogeneous ARM
Cortex-A5/M4 System-on-Chip (SoC) was added to FreeBSD head. The Vybrid
VF6xx family is an implementation of the new modern Cortex-A5-based
low-power ARM SoC boards. Vybrid devices are ideal for applications
including simple HMI in appliances and industrial machines, secure
control of infrastructure and manufacturing equipment, energy
conversion applications such as motor drives and power inverters,
ruggedized wired and wireless connectivity, and control of mobile
battery-operated systems such as robots and industrial vehicles.

Supported device drivers:

* NAND Flash Controller (NFC)
* USB Enhanced Host Controller Interface (EHCI)
* General-Purpose Input/Output (GPIO)
* Universal Asynchronous Receiver/Transmitter (UART)

Also supported:

* Generic Interrupt Controller (GIC)
* MPCore timer
* ffec Ethernet driver

Open tasks:

1. Add support for a number of different VF5xx- and VF6xx-based
development boards.
2. Expand device driver support, including framebuffer and other
devices.
__________________________________________________________________

FreeBSD on Newer ARM Boards

URL: https://wiki.freebsd.org/FreeBSD/arm/Radxa%20Rock
URL: http://svnweb.freebsd.org/changeset/base/256949
URL: https://github.com/tsgan/qualcomm

Contact: Ganbold Tsagaankhuu <ganbold@FreeBSD.org>

Rockchip is a series of SoC (System on Chip) integrated circuits that
are mainly for embedded systems applications in mobile entertainment
devices such as smartphones, tablets, e-books, set-top boxes, media
players, personal video, and MP3 players. Due to their evolution from
the MP3/MP4 player market, most Rockchip ICs feature advanced media
decoding logic but lack integrated cellular radio basebands. Initial
support for the Rockchip RK3188 (Quad core Cortex A9) SoC is committed
to head. Now FreeBSD runs on Radxa Rock and it supports the following
peripherals:

* Existing DWC OTG driver in host mode
* GPIO

Some work was also done on initial support for the Qualcomm Snapdragon
S4 SoC, featuring the Krait CPU, which is considered a "platform" for
use in smartphones, tablets, and smartbook devices. Krait has many
similarities with the ARM Cortex-A15 CPU and is also based on the ARMv7
instruction set. A minimal console driver was written, and FreeBSD's
early boot messages can be now seen on the serial console. The timer
driver works too, and the boot now stops at the mountroot prompt.
__________________________________________________________________

FreeBSD/EC2

URL: http://www.daemonology.net/freebsd-on-ec2/
URL: http://www.daemonology.net/blog/2013-12-09-FreeBSD-EC2-configinit.html

Contact: Colin Percival <cperciva@freebsd.org>

An Amazon Machine Image (AMI) is a special type of virtual appliance
that is used to create a virtual machine within the Amazon Elastic
Compute Cloud ("EC2"). It serves as the basic unit of deployment for
services delivered using EC2. Such AMIs are available for 8.3-RELEASE
and later FreeBSD releases, and every ALPHA, BETA, and RC of
FreeBSD 10.0. Starting from FreeBSD 10.0-BETA1, FreeBSD/EC2 images are
running "fully supported" FreeBSD binaries, and starting from
FreeBSD 10.0-RC1, FreeBSD/EC2 images include a "configinit" system for
autoconfiguration using EC2 user-data.

Due to limitations of old (m1, m2, c1, t1) instance types,
"Windows"-labelled images are required for those instance types;
however all of the recent instances types -- m3 (general purpose), c3
(high-CPU), and i2 (high-I/O) -- support FreeBSD at the "unix" pricing
rates.

The maintainer of this platform considers it to be ready for production
use.

Open tasks:

1. Hand over the task of building FreeBSD AMIs to the Release
Engineering Team.
2. Get Amazon to add "FreeBSD" to the list of platforms supported by
EC2, so that it can stop showing up as "Other Linux".
__________________________________________________________________

FreeBSD/Xen

URL: http://wiki.xen.org/wiki/FreeBSD_PVH

Contact: Roger Pau Monné <royger@FreeBSD.org>
Contact: Justin T. Gibbs <gibbs@FreeBSD.org>

Xen is a native (bare-metal) hypervisor providing services that allow
multiple computer operating systems to execute on the same computer
hardware concurrently. Xen 4.4 will bring a virtualization mode called
PVH -- PV (paravirtualization) in an HVM (fully-virtual) container.
This is essentially a paravirtualized guest using paravirtualized
drivers for boot and I/O. Otherwise it uses hardware virtualization
extensions, without the need for emulation.

After merging the changes in order to improve Xen PVHVM support, work
has shifted on getting PVH DomU support on FreeBSD. Patches have been
posted, and after a couple of rounds of review the series looks almost
ready for merging into head. Also, very initial patches for FreeBSD PVH
Dom0 support has been posted. So far the posted series only focuses on
getting FreeBSD booting as a Dom0 and being able to interact with the
hardware.

This project is sponsored by Citrix Systems R&D, and Spectra Logic
Corporation.

Open tasks:

1. Finish reviewing and commit the PVH DomU support.
2. Work on PVH Dom0 support.
__________________________________________________________________

Intel IOMMU (VT-d, DMAR) Support

URL: http://svnweb.freebsd.org/changeset/base/257251
URL: http://svnweb.freebsd.org/changeset/base/259512

Contact: Konstantin Belousov <kib@FreeBSD.org>

An Input/Output Memory Management Unit (IOMMU) is a Memory Management
Unit (MMU) that connects a Direct Memory Access-capable (DMA-capable)
I/O bus to main memory; therefore, I/O virtualization is performed by
the chipset. An example IOMMU is the graphics address remapping table
(GART) used by AGP and PCI Express graphics cards. Intel has published
a specification for IOMMU technology as Virtualization Technology for
Directed I/O, abbreviated VT-d.

A VT-d driver was committed to head and stable/10, so busdma(9) is now
able to utilize VT-d. The feature is disabled by default, but it may be
enabled via the hw.dmar.enable loader(8) tunable -- see the links for
more information. The immediate plans include increasing the support
for this kind of hardware by testing and providing workarounds for
specific issues, and by adding features of the next generation of Intel
IOMMU. Hopefully, the existing and new consumers of VT-d will start to
use the driver soon.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

auditdistd(8)

Contact: Pawel Jakub Dawidek <pjd@FreeBSD.org>

The auditdistd(8) daemon is responsible for distributing audit trail
files over TCP/IP network securely and reliably. Currently, the daemon
uses Transport Layer Security (TLS) for communication, but only
server-side certificates are verified, based on the certificate's
fingerprint. The ongoing work will make it possible to use client-side
certificates and will support more complete public-key infastructure,
which includes validation of the entire certificate chain, including
revocation checking against Certification Revocation Lists at every
level. From now on, auditdistd(8) will support TLSv1.2 and PFS modes
only. In addition, it will be possible to send audit trail files to
multiple receivers.

The work will be completed at the beginning of February 2014.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

Base GCC Updates

Contact: Pedro Giffuni <pfg@FreeBSD.org>

The GCC compiler in the FreeBSD base system is on its way to
deprecation and is only used by some Tier-2 platforms at this time.
While Clang is much better in many aspects, we still cannot use in the
base system all the new features that it brings until we can drop GCC
completely. As a stop-gap solution, several bug fixes and features from
Apple GCC and other sources have been ported to our version of
GCC 4.2.1 to make it more compatible with Clang. FreeBSD's GCC has
added more warnings and some enhancements like -Wmost and
-Wnewline-eof. An implementation for Apple's blocks extension is now
available, too, and it will be very useful to enhance FreeBSD's support
for Apple's Grand Central Dispatch (GCD).

Open tasks:

1. A merge from head to stable/9 is being considered but it disables
nested functions by default, so the impact on the Ports Collection
needs to be evaluated.
2. No further development of GCC 4.2 in the base system is planned.
__________________________________________________________________

BSDInstall ZFSBoot

URL: http://lists.freebsd.org/mailman/listinfo/freebsd-sysinstall
URL: https://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/9.0-RELEASE

Contact: Allan Jude <freebsd@allanjude.com>
Contact: Devin Teske <dteske@FreeBSD.org>
Contact: Warren Block <wblock@FreeBSD.org>

BSDInstall has been the default installation program since
FreeBSD 9.0-RELEASE. However, it could not utilize one of the best
features of FreeBSD, ZFS.

The ZFSBoot project started at EuroBSDCon 2013 and reached stable
status in December, just in time for FreeBSD 10.0-RELEASE. Currently,
ZFSBoot implements root-on-ZFS with 4k partition alignment, optional
forced 4k sectors, optional geli(8) full disk encryption, and support
for boot environments.

As part of ZFSBoot, BSDInstall itself also received a number of
updates, including enhanced debugging, more scriptability, a new keymap
selection menu, and a number of other small changes to streamline the
installation process. The new keymap menu allows the user to test the
selected keymap before continuing, to ensure it is the desired keymap.
Minor changes were made to the network configuration dialogues to make
the identification of wireless interfaces easier.

A number of additional features are also planned. The user should be
able to create additional datasets and adjust the properties on all
datasets in an interactive menu. There should also be integration with
BSDConfig to allow users to install packages and the various other
functionality that was previously provided by sysinstall.

Open tasks:

1. Interactive dataset editor.
2. Dataset property editor.
3. Consider using shell geom(4) parser.
4. BSDConfig integration.
5. UFS as a file system option, to allow users to create encrypted UFS
installs.
6. Optionally make the boot pool UFS or reside on USB device(s).
7. Further streamline the installation process.
__________________________________________________________________

Capsicum and Casper

URL: http://freebsdfoundation.blogspot.com/2013/12/freebsd-foundation-announces-capsicum.html

Contact: Pawel Jakub Dawidek <pjd@FreeBSD.org>

Capsicum is a lightweight OS capability and sandbox framework
implementing a hybrid capability system model. The Casper daemon
enables sandboxed application to use functionality normally unavailable
in capability-mode sandboxes.

The Casper daemon, libcasper, libcapsicum(3), libnv(3) and Casper
services (system.dns, system.grp, system.pwd, system.random and
system.sysctl) have been committed to FreeBSD head. The tcpdump(8)
utility in head now uses the system.dns service to do DNS lookups. The
kdump(1) utility in head now uses the system.pwd and system.grp
services to convert user and group identifiers to user and group names.

There is ongoing work to sandbox more applications. If you are
interested in helping to make FreeBSD more secure and would like to
learn about Capsicum and Casper, do not hesitate to contact Pawel -- he
can provide candidate programs that could use sandboxing.

This project is sponsored by The FreeBSD Foundation.
__________________________________________________________________

Centralized Panic Reporting

URL: http://www.daemonology.net/blog/2013-11-06-automated-freebsd-panic-reporting.html

Contact: Colin Percival <cperciva@freebsd.org>

With the sysutils/panicmail port, a mechanism is now in place for
automated submission of kernel panic reports to a central location. It
is hoped that this will prove useful, as similar systems have for other
operating systems, in identifying common panics so that developers can
be alerted and they can be fixed faster.

In the first two months that this mechanism has been in place, 28
kernel panics have been reported. This is nowhere near enough to be
useful, so readers are strongly encouraged to install the
sysutils/panicmail port and follow the instructions to enable it.

Open tasks:

1. Get more systems set up to automatically submit panic reports!
__________________________________________________________________

FreeBSD Test Suite

URL: http://wiki.FreeBSD.org/TestSuite
URL: http://kyua1.nyi.FreeBSD.org/
URL: http://lists.freebsd.org/pipermail/freebsd-testing/2013-December/000109.html
URL: http://julipedia.meroh.net/2013/12/introducing-freebsd-test-suite.html

Contact: Julio Merino <jmmv@FreeBSD.org>

The FreeBSD Test Suite project aims to equip FreeBSD with a
comprehensive test suite that is easy to run out of the box and during
the development of the system. The test suite is installed into
/usr/tests/ and the kyua(1) command-line tool (devel/kyua in the Ports
Collection) is used to run them.

The benefits of having a test suite that is easy to use and
continuously run are obvious: regressions can be caught sooner rather
than later and the Release Engineering Team can better assess the
quality of the tree before deciding to cut a release. Additionally,
because we choose to install the tests, we allow any end user to
perform sanity checks on new installations of the system on their
particular hardware configuration -- a very attractive thing to do when
deploying production servers.

During the last few months, we have added the necessary pieces to the
build system to support building and installing test programs of
various kinds. To demonstrate the functionality of these, some test
programs were added and others were migrated from the old testing tree
in tools/regression/ to the new layout for tests.

The current test suite should be seen as a proof of concept at this
point: it is only composed of a small set of test programs and the goal
is to get the infrastructure in place before mass-migrating existing
test code and/or importing external tests.

As part of this work, two new releases of Kyua were published. Of
special interest is the addition of a TAP-compliant backend so that
existing tests from tools/regression/ can be plugged into the test
suite with minimum effort.

As of December 31st, the basic continuous testing infrastructure is up
and running, see the links section for the home page. For further
information, please see the related announcement and blog post on the
subject (also in the links section).

Open tasks:

1. We have three machines for the test cluster. At the moment, only
one of them is in use to continuously test amd64 on both head and
stable/10. We need to figure out the right level of parallelization
to put other machines to use -- but a first easy cut may be to just
test different architectures (with the help of QEMU).
2. Related to the above, the Kyua reporting engine needs significant
tuning to make the reports nice and clean. Ideally, Kyua should be
able to coalesce results from different runs into a single location
and generate cohesive reports out of them. Fixing this is a high
priority.
3. A tutorial on writing tests for FreeBSD has been proposed for
AsiaBSDCon 2014. The outcome of the proposal is still unknown, but
stay tuned!
4. Port, port, and port more tests to the new test suite. A test suite
is worthless if it does not validate stuff. Stay tuned for a
request for help once we have put all basic pieces in place and
have streamlined the migration process.
__________________________________________________________________

The LLDB Debugger

URL: https://wiki.freebsd.org/lldb

Contact: Ed Maste <emaste@FreeBSD.org>

LLDB is the debugger in the LLVM family of projects. It supports Mac OS
X, Linux, and FreeBSD, with ongoing work to support Windows.

In the last quarter of 2013, LLDB gained support for live
(ptrace(2)-based) debugging of multithreaded processes on FreeBSD.
Initial FreeBSD MIPS target support has also been committed, along with
a number of endianness fixes in the general LLDB infrastructure.

The LLDB snapshot in the FreeBSD tree was updated to r196322. Currently
disabled by default, it will be enabled for amd64 after the import of
Clang 3.4. In the interim, it may be enabled by adding WITH_LLDB= to
src.conf(5).

This project is sponsored by DARPA/AFRL, SRI International, and
University of Cambridge.

Open tasks:

1. Update the in-tree snapshot to build after the Clang 3.4 import.
2. Fix amd64 watchpoints.
3. Test and fix the i386 port.
4. Implement FreeBSD ARM support.
5. Add support for kernel debugging (live local and remote debugging,
and core files).
6. Fix the remaining test suite failures.
7. Enable by default on the amd64 architecture.
__________________________________________________________________

FreeBSD Python Ports

URL: https://wiki.FreeBSD.org/Python
URL: irc://freebsd-python@irc.freenode.net

Contact: FreeBSD Python Team <python@FreeBSD.org>

Python is a widely used general-purpose, high-level programming
language. For many operating systems, Python is a standard component;
it ships with FreeBSD as well. A lot of progress has been made around
the FreeBSD Python ports in the last quarter.

The devel/py-distribute port has been replaced by the refreshed
devel/py-setuptools port, which comes with a lot of features that
simplify the ways of installing Python packages. The change also led us
to install everything through Setuptools now, which resembles a PyIP a
bit and allows us to perform some major cleanup on the distutils
installation behaviour.

The implicit lang/python build and run-time dependency was removed from
the ports infrastructure. Every port now depends on a specific Python
version or on the lang/python metaport. This prevents compatibility
issues for ports that depend on Python 2.x OR Python 3.x exclusively,
but use the python command, which might point to a version of
incompatible user choice.

The lang/python27 port was updated to version 2.7.6, and the
lang/python33 port was updated to version 3.3.3, and the lang/pypy port
was updated to version 2.2.1.

We are currently working on the necessary infrastructure quirks to
support different Python versions for the same port. Most of the work
has been done and needs to be tested before it can be integrated.

Open tasks:

1. Develop a high-level and lightweight Python Ports Policy.
2. Add support for granular dependencies (for example >=1.0 or <2.0).
3. Look at what adding pip support looks like.
4. Convert all USE_PYDISTUTILS=easy_install entries to yes and remove
the use of easy_install from the ports infrastructure.
5. More tasks can be found on the team's wiki page (see links).
__________________________________________________________________

GNOME/FreeBSD

URL: http://www.FreeBSD.org/gnome/
URL: http://svnweb.freebsd.org/changeset/ports/334661

Contact: FreeBSD GNOME Team <gnome@FreeBSD.org>

GNOME is a desktop environment and graphical user interface that runs
on top of a computer operating system. GNOME is part of the GNU Project
and can be used with various Unix-like operating systems, including
FreeBSD.

In this quarter, MATE 1.6 was finally imported into the Ports
Collection, thanks to the efforts of Jeremy Messenger. MATE is a
desktop environment forked from the now-unmaintained code base of
GNOME 2, therefore it is basically a replacement for GNOME 2. It
recommended for users wanting to keep GNOME 2 as their desktop to
switch since GNOME 2 will be replaced by GNOME 3 in the near future.
This switch will be announced in advance, so people will have time to
move to MATE if they have not already. The complete MATE-based desktop
environment can be installed via the x11/mate port, or, for a minimal
install, x11/mate-base.

Our home page is quite out of date. An update for it for GNOME 3.6 is
underway. Part of this update is rewriting and updating the old GNOME
porting guide as a chapter of the Porter's Handbook.

Another major task required for getting a bleeding-edge GNOME to build
on FreeBSD mostly out-of-the box is moving to JHbuild with some custom
rules. This is done to find and fix compile issues on other BSDs more
quickly.

Open tasks:

1. GNOME 2 ports still need to be sorted out to evaluate which GNOME 2
components will be gone or be replaced with their newer GNOME 3
versions. This task is current halted until we can get the
documentation into a shape good enough to gather the issues and
document the migration, including how to avoid the migration if the
upgrade is not preferred. (This does not mean we do not want to
know about issues with upgrading, though).
2. Help the X11 Team with Cairo 1.12, since the next version of
GNOME 3 (3.12) will need an up-to-date version of Pango and GTK 3.
__________________________________________________________________

KDE/FreeBSD

URL: http://FreeBSD.kde.org
URL: http://FreeBSD.kde.org/area51.php
URL: http://portscout.freebsd.org/kde@freebsd.org.html

Contact: KDE FreeBSD Team <kde@FreeBSD.org>

KDE is an international free software community producing an integrated
set of cross-platform applications designed to run on Linux, FreeBSD,
Solaris, Microsoft Windows, and OS X systems. The KDE/FreeBSD Team have
continued to improve the experience of KDE software and Qt under
FreeBSD.

During last quarter, the team has kept most of the KDE and Qt ports
up-to-date, working on the following releases:

* KDE SC (area51): 4.11.2, 4.11.3, 4.11.4
* Qt: 4.8.5 and 5.2 (area51)
* PyQt: 4.10.3; SIP: 4.15.2; QScintilla2: 2.8
* Qt Creator 2.8.0
* KDevelop: 4.5.2
* Calligra: 2.7.5
* CMake: 2.8.12, 2.8.12.1

As a result, according to PortScout, our team has 464 ports (down from
473), of which 88.15% are up-to-date (down from 98.73%). iXsystems Inc.
continues to provide a machine for the team to build packages and to
test updates. iXsystems Inc. has been providing the KDE/FreeBSD Team
with support for quite a long time and we are very grateful for that.

As usual, the team is always looking for more testers and porters so
please contact us or visit our home page (see links). It would be
especially useful to have more helping hands on tasks such as getting
rid of the dependency on the defunct HAL project and providing
integration with KDE's Bluedevil Bluetooth interface.

Open tasks:

1. Update out-of-date ports, see links for a list.
2. Worke on KDE 4.12 and Qt 5.
3. Make sure the whole KDE stack (including Qt) builds and works
correctly with Clang and libc++.
4. Remove the dependency on HAL.
__________________________________________________________________

Wine/FreeBSD

URL: http://wiki.FreeBSD.org/Wine
URL: http://wiki.FreeBSD.org/i386-Wine
URL: http://www.winehq.org/

Contact: Gerald Pfeiffer <gerald@FreeBSD.org>
Contact: David Naylor <dbn@FreeBSD.org>

Wine is a free and open source software application that aims to allow
applications designed for Microsoft Windows to run on Unix-like
operating systems, such as FreeBSD. The Wine/FreeBSD Team have
continued to improve the experience of Wine under FreeBSD.

During the fourth quarter of 2013, the team has kept Wine updated by
porting:

* Stable releases: 1.6 and 1.6.1
* Development releases: 1.7.4 through 1.7.8

The ports have included packages built for amd64 (available through the
Ports Collection).

The Wine ports have been kept up-to-date with the changes in the Ports
Collection, including some improvements:

* Building with Clang by default (via USES=compiler:c11).
* Conditional X11 support (on by default; allowing for headless
instances of Wine).
* Staging support and other ports best practices.

Support in improving the experience of Wine on FreeBSD is needed. Key
areas including fixing regressions, adding copy protection scheme
support and fixing regressions when using Wine under FreeBSD/amd64.

Open tasks:

1. Open Tasks and Known Problems (see links for the wiki page).
2. FreeBSD/amd64 integration (see links for the i386-Wine wiki page).
3. Porting WoW64 and Wine64.
__________________________________________________________________

X.Org on FreeBSD

URL: https://wiki.freebsd.org/Graphics
URL: http://trillian.chruetertee.ch/ports/browser/trunk
URL: http://lists.freebsd.org/pipermail/freebsd-x11/2014-January/014003.html

Contact: FreeBSD X11 Team <x11@FreeBSD.org>

The newer graphics stack (WITH_NEW_XORG) is now built by default on
head and is provided as binary packages from the official FreeBSD
pkg(8) repository for 11-CURRENT. The major updates are:

* X.Org server 1.12.
* Mesa 9.1.
* Recent Intel and Radeon X.Org drivers, using exclusively the KMS
kernel drivers available in FreeBSD 9.x (Intel) and FreeBSD 10.x
(Radeon).

This change makes X.Org on FreeBSD head work out-of-the-box on
workstations and laptops based on recent Intel and Radeon GPUs.
FreeBSD 10.x will follow in a few weeks or months.

Some software has started to require Cairo 1.12, for example GTK+ 3.10
and Pango. Unfortunately, this version of Cairo triggers a bug in the
old Intel driver (2.7.1, installed when WITH_NEW_XORG is not set),
which causes display artifacts. A "Call For Testers" mail was posted on
the freebsd-x11 mailing-list (see the links above) to gather
information about the behavior on other configurations (new Intel
driver and non-Intel drivers). As of this writing, the reports received
talk about improvements or, at least, no change noticed.

To better manage changes such as the WITH_NEW_XORG and Cairo 1.12
changes mentioned above, we asked on the freebsd-x11 mailing-list if
people are using FreeBSD 8.x on their desktop computers and why they do
not upgrade to FreeBSD 9.x or 10.x. So far, we received very few
answers to this.

The Radeon KMS driver in FreeBSD 10.x is now considered stable,
especially that integrated GPUs are now properly initialized. One of
the next steps will be to merge this to stable/9.

A "Graphics" wiki article (see links) was created to centralize and
coordinate the work being done on both the ports and the kernel. It
contains the following important information:

* A roadmap of the team.
* A matrix of supported hardware.
* Instructions on upgrading to KMS.
* Project status and results.

This starting page then points to project- and topic-specific articles
where more detailed information is available.

Open tasks:

1. Report why FreeBSD 8.x is still used on your desktop and why moving
to FreeBSD 9.x or 10.x is not an option.
2. Report about the Cairo 1.12 update on your system.
3. See the "Graphics" wiki page for up-to-date information.
__________________________________________________________________

Xfce/FreeBSD

URL: https://wiki.freebsd.org/Xfce
URL: https://people.freebsd.org/~olivierd/xfce-core-unstable.html
URL: https://people.freebsd.org/~olivierd/parole-unstable.html

Contact: FreeBSD Xfce Team <xfce@FreeBSD.org>

Xfce is a free software desktop environment for Unix and Unix-like
platforms, such as FreeBSD. It aims to be fast and lightweight, while
still being visually appealing and easy to use. The FreeBSD Xfce Team
has kept most of the Xfce ports up-to-date, while fixing many issues
along the way in this quarter.

Currently, the following components with the following versions are
available:

Applications:

* Orage (4.10.0)
* Midori (0.5.6)
* xfce4-terminal (0.6.3)
* xfce4-parole (0.5.3, 0.5.4)

Panel plugins:

* xfce4-whiskermenu-plugin (1.2.0, 1.2.1, 1.2.2, 1.3.0)
* xfce4-mailwatch-plugin (1.2.0)
* xfce4-wmdock-plugin (0.6.0)

We helped Midori's upstream switch from Waf (Python script) to CMake.
Xfce now also supports Gtk2, Gtk3, and the new WebKitGtk API, available
from the 2.x branch, not present in our ports tree at the moment,
though. Most of the ports now use stage directories, with only some
plugins left to convert.

We also removed obsolete ports:

* x11-themes/lila-xfwm4 (Xfwm4 theme)
* multimedia/xfce4-media (multimedia player)
* net-im/xfce4-messenger-plugin

Besides, we followed the development of the Xfce core components and
Parole closely. See the links for documentation on how to upgrade those
libraries.

Open tasks:

1. Fix Midori's build on DragonFly, through DPorts.
2. Fix build of the Granite framework (it is an extension to Gtk and
Midori uses it) on FreeBSD 10 and head. Those are mostly LLVM
failures.
3. Add support for Berkeley DB 5 and higher to Orage.
__________________________________________________________________

The FreeBSD Foundation

URL: http://www.FreeBSDFoundation.org/
URL: http://www.freebsdfoundation.org/press/2013Dec-newsletter
URL: http://freebsdjournal.com/

Contact: Deb Goodkin <deb@FreeBSDFoundation.org>

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated
to supporting and promoting the FreeBSD Project and community
worldwide. Most of the funding is used to support FreeBSD development
projects, conferences and developer summits, purchase equipment to grow
and improve the FreeBSD infrastructure, and provide legal support for
the Project.

We held our year-end fundraising campaign. We are still processing
donations and will post the final numbers by mid-January. We are
extremely grateful to all the individuals and organizations that
supported us and the Project by making a donation in 2013. We have
already started our fundraising efforts for 2014.

Some of the highlights from this past quarter include:

* We sponsored or are sponsoring the following projects:

+ Projects completed last quarter: Capsicum, Casper daemon, and
Intel I/O Memory Management Unit driver.
+ Projects in progress: Native in-kernel iSCSI stack, network
stack layer 2 modernization, UEFI boot, updated vt(9) system
console.
+ Projects started last quarter: Automounter, Intel graphics
driver update.

* Continued work on the FreeBSD Journal, our new online FreeBSD
magazine, which debuts on January 27th (see links).
* Sponsored, organized, and ran the Bay Area Developer Summit.
* Sponsored and attended the first ever vBSDCon, which had an
impressive attendance.
* Sponsored and attended the OpenZFS developer summit.
* Represented the foundation at the following conferences: All Things
Open in Raleigh, NC and LISA in Washington, DC.
* Sponsored the FreeBSD 20th Birthday Party, held in San Francisco.
* Attended the ICANN meeting in Buenos Aires in November and gave a
short presentation on the change from BIND to unbound in
FreeBSD 10.0 during the ccNSO Tech Day.
* Met with a few companies to discuss their FreeBSD use, what they
would like to see supported in FreeBSD, and assist with
collaboration between them and the Project.
* Purchased an 80-core server to reside at Sentex for the Project to
use for stability, scalability, and performance improvements. It is
a big step forwards for the Foundation in providing this kind of
hardware to the Project's developers. It will let us test our
scaling to 80 simultaneous cores and 1 TB of RAM. It will also be
used to do performance analysis on large workloads, such as large
databases etc.
* Acquired a second rack to use at Sentex.
* We received a commitment from VMware, Inc. for BSD-licensed
drivers. They also committed to a yearly silver level donation.
* Signed up as a Google Compute trusted tester for the Project.
* Funded a project to produce a white paper titled "Managed Services
Using FreeBSD at NYI".
* Finally, we published our semi-annual newsletter (see links)
highlighting what we did to support the FreeBSD Project and
Community in 2013.
__________________________________________________________________

Love FreeBSD? Support the development with a donation to the FreeBSD
Foundation! https://www.freebsdfoundation.org/donate/
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"