From owner-svn-src-all@freebsd.org  Thu Sep 29 08:28:57 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5057C02803
 for <svn-src-all@mailman.ysv.freebsd.org>;
 Thu, 29 Sep 2016 08:28:57 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com
 [IPv6:2607:f8b0:4002:c05::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 71E1F9A2
 for <svn-src-all@freebsd.org>; Thu, 29 Sep 2016 08:28:57 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-yw0-x234.google.com with SMTP id i129so44351508ywb.0
 for <svn-src-all@freebsd.org>; Thu, 29 Sep 2016 01:28:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=kDwLH2JN5v3xkbDK3SOxBV8FliBKF7Dl4A099UpyJ+M=;
 b=b4kGpVhT1RkNnExJtAaAPXzZsWUUd/cNYkVDtM5ZM0W3A2SN1URIb2JmDo4UchcERN
 SDPC+oGDjTcahFXRPM7Yg0EbVpQcIalvMER7j9QiO0dqQnS7/45ZVfRz/cTpYfqxdgax
 D46LEEpzTApkG0LfNFn05EEo82Dn7C2ACnoQWQoRo/oCkKfkw14X4DDCasRqHfK+lS94
 gHO4zpKsdv0nEMKY/WMRcIkccLf7rsgCw/oYzhob+5Q3xrggK3iL+aJxAaThOMg+LqvF
 ZMmmvARuRPZKzmCNIsA23w9/qbMSrCcIaGbWjcf+nrx0dNJTIOcp8pE9ayfMqVfQtZAp
 MzIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=kDwLH2JN5v3xkbDK3SOxBV8FliBKF7Dl4A099UpyJ+M=;
 b=O5Bewt9r43ob79U3lBgDGq2JCvYnFYwTZhFDYLfT87CexthiyclyQRLjkXjb4Bh6PM
 qEw+c77T8/mp+TTiQMVulnMKAYcg+1wwv23Rs1C3KQMnRZw8T5JMs4/QC/xh9WfKwhu/
 RCuN9MOI9MaPnE633YWSYnY/0MBAVHrPl33Lbd2HndQq1WlW+FN5FiB3jSFwnM4Kxi50
 1/dezfPprtnjW59Gr+WE7xXjbwHYedRbhgQu5BX/LtlHZKr8IxqIopRLXYQxu6dAtgg0
 Cqh0QGQ5M8jtHGhXbV5JVFnwDQ71FmH0ZuqSkzAAyNYykxI+ulDZ+zSZLtn9yFPEHXpb
 NjCA==
X-Gm-Message-State: AA6/9RlNLaTCoiYu0YygU7h4aSe85yVcIIbjRAC2yR4WNdXqY7ZF5ESDq/rTkd3pYpQQORhh
X-Received: by 10.13.210.134 with SMTP id u128mr96166ywd.213.1475137736649;
 Thu, 29 Sep 2016 01:28:56 -0700 (PDT)
Received: from mutt-hardenedbsd (pool-100-16-217-83.bltmmd.fios.verizon.net.
 [100.16.217.83])
 by smtp.gmail.com with ESMTPSA id i5sm5124681ywg.54.2016.09.29.01.28.54
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 29 Sep 2016 01:28:55 -0700 (PDT)
Date: Thu, 29 Sep 2016 04:28:53 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Ed Maste <emaste@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: Re: svn commit: r306417 - head/usr.sbin/portsnap/portsnap
Message-ID: <20160929082853.GA45358@mutt-hardenedbsd>
References: <201609282122.u8SLMprw047702@repo.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+"
Content-Disposition: inline
In-Reply-To: <201609282122.u8SLMprw047702@repo.freebsd.org>
X-Operating-System: FreeBSD mutt-hardenedbsd 12.0-CURRENT-HBSD FreeBSD
 12.0-CURRENT-HBSD 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: Mutt/1.6.1 (2016-04-27)
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 08:28:57 -0000


--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 28, 2016 at 09:22:51PM +0000, Ed Maste wrote:
> Author: emaste
> Date: Wed Sep 28 21:22:51 2016
> New Revision: 306417
> URL: https://svnweb.freebsd.org/changeset/base/306417
>=20
> Log:
>   portsnap: only move expected snapshot contents from snap/ to files/
>  =20
>   Previously it was possible to smuggle in addional files that would
>   be used by later portsnap runs. Now we only move those files expected
>   to be in the snapshot into files/ and require that there are no
>   unexpected files.
>  =20
>   This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
>   attacks against FreeBSD update components" anonymous gist.
>  =20
>   Reported by:	anonymous gist
>   Reviewed by:	allanjude, delphij
>   MFC after:	ASAP
>   Sponsored by:	The FreeBSD Foundation
>   Differential Revision:	https://reviews.freebsd.org/D8052

Hey Ed,

Any plans to release a security announcement?

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX7NDCAAoJEGqEZY9SRW7u1DkQAI98F0TAngluIreMRL8V/r5k
TdstrIvPVRs8zDa+8QTaHFS/TRrnFvaqhPNKV1vr4yyAcbZax+dDJzrDehLiA5nd
j3HnS4vjHcUeAIHwMKfPb12IroJA2jvEWDLfBgXONm80dn8WFzt4tTnvLtTiAncH
ZXdlNkzo5PO9VAcLDVKdCE0ijOxm5fkPuVjq22NFwqjn7ojtNzuzuIsthANmkug9
GAqaFUBV3RE2u1WdRjU+T2ywY/vgTMU6xdf0eGnTApFtXcjwZVT+k8jwBHmGKGfk
XFIwEWH2yBR5mzQSsdBtwFUQjiZ/cQhIWABOclVUvrDUUu6hMpjmdhS8wcGXlc5C
yPbd/Q6aViNE5rt0fCY6Lyi9LdeWnESQPeXq89WPuc/PuNdmTGg63jI0htJqHzZ9
dI6/mOdMrDewx0/YmnkrE+ruxCenEcr+ofHDuYRZahYr7N803k5/nsnLIr1B7hVn
Mz91A4mQmcSzGqTYjKANROISkjXXWCABDtHeTNox2T71XfqoF7yJcyGvWOO1sUCH
9Goj/g+kjTTxjBNIUagbh9zKddk5OqE5CDwqS/EjpD5OBsDWRvl/mesCx9C2FwqZ
bpetdzpPpuLAIiSnfuWq6OhCbH31ffjZfcF/De/LCmYYR3cF7+vBysDAZDrs3Kv8
RMbmmUDUD9JhPl5YWyH8
=nU1M
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--