From owner-svn-doc-head@FreeBSD.ORG Fri Mar 20 07:25:31 2015 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 282F274D; Fri, 20 Mar 2015 07:25:31 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10BA2E93; Fri, 20 Mar 2015 07:25:31 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2K7PUsR067394; Fri, 20 Mar 2015 07:25:30 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2K7PT52067386; Fri, 20 Mar 2015 07:25:29 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201503200725.t2K7PT52067386@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Fri, 20 Mar 2015 07:25:29 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46361 - in head/share/security: advisories patches/SA-15:06 X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2015 07:25:31 -0000 Author: delphij Date: Fri Mar 20 07:25:28 2015 New Revision: 46361 URL: https://svnweb.freebsd.org/changeset/doc/46361 Log: Add patch errata and revised advisory. Added: head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch (contents, props changed) head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch.asc (contents, props changed) head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch (contents, props changed) head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-15:06.openssl.asc Modified: head/share/security/advisories/FreeBSD-SA-15:06.openssl.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-15:06.openssl.asc Thu Mar 19 20:01:45 2015 (r46360) +++ head/share/security/advisories/FreeBSD-SA-15:06.openssl.asc Fri Mar 20 07:25:28 2015 (r46361) @@ -9,14 +9,14 @@ Topic: Multiple OpenSSL vulnera Category: contrib Module: openssl -Announced: 2015-03-19 +Announced: 2015-03-19; Last revised on 2015-03-20. Affects: All supported versions of FreeBSD. -Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) - 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) - 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) - 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) - 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) - 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) +Corrected: 2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE) + 2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8) + 2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE) + 2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12) + 2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE) + 2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293 @@ -24,6 +24,14 @@ For general information regarding FreeBS including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history + +v1.0 2015-03-19 Initial release. +v1.1 2015-03-20 Reverted a portion of change that should not belong to the + advisory and did not end up in the final OpenSSL release. + The patch is also revised to include fixes for + CVE-2015-0209 and CVE-2015-0288. + I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is @@ -120,11 +128,19 @@ detached PGP signature using your PGP ut # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc # gpg --verify openssl-0.9.8.patch.asc +# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8-errata.patch +# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8-errata.patch.asc +# gpg --verify openssl-0.9.8-errata.patch.asc + [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc # gpg --verify openssl-1.0.1.patch.asc +# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1-errata.patch +# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1-errata.patch.asc +# gpg --verify openssl-1.0.1-errata.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -142,12 +158,12 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r280266 -releng/8.4/ r280268 -stable/9/ r280266 -releng/9.3/ r280268 -stable/10/ r280266 -releng/10.1/ r280268 +stable/8/ r280274 +releng/8.4/ r280275 +stable/9/ r280274 +releng/9.3/ r280275 +stable/10/ r280274 +releng/10.1/ r280275 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -181,17 +197,17 @@ The latest revision of this advisory is -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD) -iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns -hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp -jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy -R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C -3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln -rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H -t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs -x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu -5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH -sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq -CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd -UQg3YfrXHDlxCsqEzN7o -=wi0T +iQIcBAEBCgAGBQJVC8m8AAoJEO1n7NZdz2rn/lQP/1ZrUSnxaoaZxQbLrBZlg7Jr +dAgjo4JTSPwyJM3gQY+WD1WPChxIJvbndR/NQux9grrn6N06kD+q0DUHOXi6MAL0 +TqMEGxAqVlIUVdn18xZJaIwEzcx5HJKQz2UOMk3UGjy3WSh93p25oewF/cIcaryN +FKAmpXmmPm77Qv5Vr1st8OyjnP7XiMmerSEWVGqFLsJPye5lvHcPOZrzQkRQRQJf +1b896UaOezw4v8C2HJvJMrQLN4l/ahCV6NsuQnN1/yzo8cS75OxMsooo8VgA8k0G +ADuNFb1oZIygoin6ZOxlSHeeh+A6mdhitU4hNNy2rBNTC9IwijCg/dx/x1rutAxb +3MHUcCmF0sNewTkDwdzSvVCR4pYAAPI3yG0gUlXMTepQpH6Ozjf77OPW5KQPVGzf +ijqOS32hprqVklDu2yREUv1AY0srboES5b9XQyfkFCFyNF8VX3OaDL8jHdfQezSx +njF8UVUydmC7szDCW+MmQoNo4NaPCLd2m3l25RRD8SAdR9jB8WIox59E1k2O+LP/ +rgO6wial36CUiTc5SdbCzVom9K/KhKXeBWAlCnK9R9DCNaUaiBIvTBngtGdfjxxi +bJxoSqXSnfVwhGE565cwtODR/qMfRxY6Z8g4JEkSQN5SmzezmyLCdmXCpktHkC21 +XQG0M1dIh8m3m67rEyE6 +=C2Zp -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch Fri Mar 20 07:25:28 2015 (r46361) @@ -0,0 +1,75 @@ +Index: crypto/openssl/crypto/asn1/tasn_dec.c +=================================================================== +--- crypto/openssl/crypto/asn1/tasn_dec.c (revision 280272) ++++ crypto/openssl/crypto/asn1/tasn_dec.c (working copy) +@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag) + + ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_ITEM *it) +-{ ++ { + ASN1_TLC c; + ASN1_VALUE *ptmpval = NULL; ++ if (!pval) ++ pval = &ptmpval; + c.valid = 0; +- if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) +- ptmpval = *pval; +- +- if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { +- if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { +- if (*pval) +- ASN1_item_free(*pval, it); +- *pval = ptmpval; +- } +- return ptmpval; ++ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) ++ return *pval; ++ return NULL; + } +- return NULL; +-} + + int ASN1_template_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_TEMPLATE *tt) +Index: crypto/openssl/crypto/ec/ec_asn1.c +=================================================================== +--- crypto/openssl/crypto/ec/ec_asn1.c (revision 280272) ++++ crypto/openssl/crypto/ec/ec_asn1.c (working copy) +@@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne + ERR_R_MALLOC_FAILURE); + goto err; + } +- if (a) +- *a = ret; + } + else + ret = *a; +@@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne + } + } + ++ if (a) ++ *a = ret; + ok = 1; + err: + if (!ok) + { +- if (ret) ++ if (ret && (a == NULL || *a != ret)) + EC_KEY_free(ret); + ret = NULL; + } +Index: crypto/openssl/crypto/x509/x509_req.c +=================================================================== +--- crypto/openssl/crypto/x509/x509_req.c (revision 280272) ++++ crypto/openssl/crypto/x509/x509_req.c (working copy) +@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey + goto err; + + pktmp = X509_get_pubkey(x); ++ if (pktmp == NULL) ++ goto err; + i=X509_REQ_set_pubkey(ret,pktmp); + EVP_PKEY_free(pktmp); + if (!i) goto err; Added: head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:06/openssl-0.9.8-errata.patch.asc Fri Mar 20 07:25:28 2015 (r46361) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAABCgAGBQJVC8nLAAoJEO1n7NZdz2rntVsP/Am0uqGCczvjo7Osj/Arpqs2 +/qMFqlmp8YpUOqOP4Nw/4JNcODry6pJOzK8jff0aDhVQn3vPMnNWhsYDAipG8p3e +2vQHgOkgBEO4o4qXxk2cmJzi/vH3lQ/71D8SpiNnX9+RkXjEYOSTBgjFiM7n1Scq +nfsT4HRd3n6Pggo0Gicf02ToCV409oktExqt8CUBVtYwP22RUi4Jv/zoUiVjNTDW +XxdZemsGvEvt7xVKBVjddfbKR0GxZ4zR7KqEBdqoqvntVGZtyGaOpHa82XMd3EFL +2KVqVNVjChtkchU8f4elU9nvWFeiUuw7t2cPIRSFsd0iieGH3dMmiyBFhr4YXvSg +3uRR55vOP0PElI1sSSKqcLq8cpmXKaKNDh/xuAqllPz2IdSuzVVCdmqN+0ShC30X +bPgBxqYg3MIj8/zCgWqcqoOhX8ZPQ1GdvU7Sua6PxNKujRNf4QDVMlRNM/RNOWPs +rmO3wRiBcsejpxayV0L3SGaCHqECxP+UkwCMcSi70LtzMQImbrevQny+1xXcP5Rm +wB8Use66LbV4pFoXsVrIpENa4rXacI+4fLsey9Dm1z5vRFyQtZkeFcQAgucV5La7 +1RJR2aS7Q4kj8ERY/T+0z519ud5SEnV4m80K9xr4O0Y2nRuiIp06z4NxEzhDKOAW +hz9hMkj+pNrSBxvbZxUn +=htPX +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch Fri Mar 20 07:25:28 2015 (r46361) @@ -0,0 +1,74 @@ +Index: crypto/openssl/crypto/asn1/tasn_dec.c +=================================================================== +--- crypto/openssl/crypto/asn1/tasn_dec.c (revision 280272) ++++ crypto/openssl/crypto/asn1/tasn_dec.c (working copy) +@@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag) + + ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_ITEM *it) +-{ ++ { + ASN1_TLC c; + ASN1_VALUE *ptmpval = NULL; ++ if (!pval) ++ pval = &ptmpval; + asn1_tlc_clear_nc(&c); +- if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) +- ptmpval = *pval; +- if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { +- if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { +- if (*pval) +- ASN1_item_free(*pval, it); +- *pval = ptmpval; +- } +- return ptmpval; ++ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) ++ return *pval; ++ return NULL; + } +- return NULL; +-} + + int ASN1_template_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, const ASN1_TEMPLATE *tt) +Index: crypto/openssl/crypto/ec/ec_asn1.c +=================================================================== +--- crypto/openssl/crypto/ec/ec_asn1.c (revision 280272) ++++ crypto/openssl/crypto/ec/ec_asn1.c (working copy) +@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne + ERR_R_MALLOC_FAILURE); + goto err; + } +- if (a) +- *a = ret; + } + else + ret = *a; +@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne + ret->enc_flag |= EC_PKEY_NO_PUBKEY; + } + ++ if (a) ++ *a = ret; + ok = 1; + err: + if (!ok) + { +- if (ret) ++ if (ret && (a == NULL || *a != ret)) + EC_KEY_free(ret); + ret = NULL; + } +Index: crypto/openssl/crypto/x509/x509_req.c +=================================================================== +--- crypto/openssl/crypto/x509/x509_req.c (revision 280272) ++++ crypto/openssl/crypto/x509/x509_req.c (working copy) +@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey + goto err; + + pktmp = X509_get_pubkey(x); ++ if (pktmp == NULL) ++ goto err; + i=X509_REQ_set_pubkey(ret,pktmp); + EVP_PKEY_free(pktmp); + if (!i) goto err; Added: head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:06/openssl-1.0.1-errata.patch.asc Fri Mar 20 07:25:28 2015 (r46361) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAABCgAGBQJVC8nLAAoJEO1n7NZdz2rnRHQQANP4jK13uDS4M22jPpjeNTtj +GOk/zpZHCrRHDrWo2xTU/bHJB6vrAwehy7klVw0wGc5WmpDYaJtEkPkaf31QgjvT +fDso7bIy2nugcuaMQtmMaZfLwbD5f/k9xDYKxzGN/Zh6dkvTs8FxJQzdCjwb6P4w +i5iRFRmkJp2Wl5FBG+jt+7c8Oup4QSWD1Q/IpFVPtz3PKuNma1u+xMcW5W1l5QnI +On/f3p+mfQJkaQSz9SVMEI94tLIP9iCsqDzm5EmWhHIegVpDpzy4Pk2ipFD4Ec6I +eTRfctSmMSlJYHIYIt8idRvqaaUnely7nm5DIDAH0RLGOgVGtrNGKapFyyAlIn2c +sS9G51qZrSXoG+Fohsw6rycLYjMLJjoijZXbquns+q/IxCw9XZvj+3TX8s5tDjvk +V4D1SG4e8lBYq+WZpNE6ygV3nT0K8ilSYkqzX/iXDddsFk/0Q0tAzIwAk66rVadD +WHj+BBoTTXHkIsHKm8b+4lyMabSaI92H2c1Bbl0yWHVFiXyKBjBSGMCMCQW5GVPx +ys07B1BhT4Gp+ullR4mIyLMyevvOfun/J5BsPcdoJMzOMYgeM1ORO9JnK9jnI0I5 +3hU2ZFdnr8xVzHmVMY/uShC7YpU5BxDQVF48JDl7+oK12sPDDIqVL7D7Vq414Nuh +oDB6p7qRukpo2MBOMHe7 +=dKQ8 +-----END PGP SIGNATURE-----