Date: Tue, 7 Apr 2015 20:36:35 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46499 - in head/share: security/advisories security/patches/SA-15:04 security/patches/SA-15:07 security/patches/SA-15:08 security/patches/SA-15:09 xml Message-ID: <201504072036.t37KaZ9V038606@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Apr 7 20:36:34 2015 New Revision: 46499 URL: https://svnweb.freebsd.org/changeset/doc/46499 Log: Add 3 new advisories and patches. Added: head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc (contents, props changed) head/share/security/patches/SA-15:04/igmp-errata.patch (contents, props changed) head/share/security/patches/SA-15:04/igmp-errata.patch.asc (contents, props changed) head/share/security/patches/SA-15:07/ head/share/security/patches/SA-15:07/ntp.patch (contents, props changed) head/share/security/patches/SA-15:07/ntp.patch.asc (contents, props changed) head/share/security/patches/SA-15:08/ head/share/security/patches/SA-15:08/bsdinstall.patch (contents, props changed) head/share/security/patches/SA-15:08/bsdinstall.patch.asc (contents, props changed) head/share/security/patches/SA-15:09/ head/share/security/patches/SA-15:09/ipv6.patch (contents, props changed) head/share/security/patches/SA-15:09/ipv6.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc head/share/xml/advisories.xml Modified: head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc Tue Apr 7 17:18:50 2015 (r46498) +++ head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -9,23 +9,27 @@ Topic: Integer overflow in IGMP Category: core Module: igmp -Announced: 2015-02-25 +Announced: 2015-02-25; Last revised on 2015-04-07 Credits: Mateusz Kocielski, Logicaltrust, Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 Affects: All supported versions of FreeBSD. -Corrected: 2015-02-25 05:43:02 UTC (stable/10, 10.1-STABLE) - 2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6) - 2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18) - 2015-02-25 05:43:02 UTC (stable/9, 9.3-STABLE) - 2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10) - 2015-02-25 05:43:02 UTC (stable/8, 8.4-STABLE) - 2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24) +Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE) + 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9) + 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE) + 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13) + 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE) + 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27) CVE Name: CVE-2015-1414 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. +0. Revision history + +v1.0 2015-02-25 Initial release. +v1.1 2015-04-07 Revised patch to address a potential overflow issue. + I. Background IGMP is a control plane protocol used by IPv4 hosts and routers to propagate @@ -73,6 +77,10 @@ detached PGP signature using your PGP ut # fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc # gpg --verify igmp.patch.asc +# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch +# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch.asc +# gpg --verify igmp-errata.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -89,13 +97,12 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r279263 -releng/8.4/ r279265 -stable/9/ r279263 -releng/9.3/ r279265 -stable/10/ r279263 -releng/10.0/ r279264 -releng/10.1/ r279264 +stable/8/ r281231 +releng/8.4/ r281233 +stable/9/ r281231 +releng/9.3/ r281233 +stable/10/ r281230 +releng/10.1/ r281232 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -115,19 +122,19 @@ VII. References The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:04.igmp.asc>; -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.1.1 (FreeBSD) +Version: GnuPG v2.1.2 (FreeBSD) -iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnjr8QAL0J0+4lRtPXRyDRX2xFSnzw -sc3OpfmlTiD3pCFkebTYy3/+EK86iAL1ZELqlJe5mm2+pzhCQB13C4/exc0l1U6b -tyiGXxhVi2/4SBrs6n9lmB/YhXkgtqaOQAcNaOD6sVbS1e5cBtjnG86oOq8tQ2qG -c7Dvh3HTp9M5fDJtsI40SIpqy3FcKORBfpjYd8jONfSqMnLM2kM8xzwHSv4/X23e -GlDKHtIi+1ylD/Qu7Z3S7hqXDTSYjZb1QHc7axDFB6X6nj2Rz3aWS2hPPTypFd3T -zTj5DZjgiP7U2LhR40sWW68RYi21yzNUwbe0w5LeDah6Ymc5CDO2ujdm3HDQbQGH -pA9QIOjzpgR64nWLIJfZ7jMxL3rCCaCW3NCB/iRXni2Ib/wt3ZDkJyEk/SF4K82H -72U2u2qVjAsnhmwWK8gksBi9bEXk3TnX778bkrwm4rt1xOjACq8k66LAernoE4tB -DkE0pO4QR+6XwFb5sJMG/3L9CmrhTp2pkPDBQDbSD+ngBs5V5mJOqVf7gB+UptnN -Fh8OACO/5KtDkqBDsCljHxHZNaboVF4Q613+iF5CUc6SYOTkLnBDUE4Pq38vlzVB -GdZMEo/hvsCbR4c2TmdKuvEkEqayxCxcv0DXiyTlVCecxSkaYvMXPwCKK43QtS7S -het83QCUxaVuxLiznuwR -=lkYC +iQIcBAEBCgAGBQJVJD39AAoJEO1n7NZdz2rnewwQAN9xI01nzOO71Q7qP7xDq+wu +RW2C+2A4viIZIId1od6GiDY7Qpigy1CMwHsae6qJ62R+D5F2x9vANV4U6AS44oNy +2jDwbrByM7QQ3qeCh8NzCUvOwPuXyKsAGKV73t3QPk0leKdbqUyjTooWJtZAv0dN +VgQ4VCQh+2ZlxjMT0igUScmCVqOncRUm33xKBLeTif5LZHi/afkR6CToMlACOvl3 +syJNhEeM+zYU9XLzb90hAjvqn1xLDkoS4qJNbrekj0/dI0jkgZdk18QAualwWgeZ +i39Da6IQ4wCn8Sx9o8pc8NdtzHn37rmOcdzBIodzxa1vALmNhDWuBpIIysffsZvf +ewVdI83pabRdZZxO1YAPjJi34CTXmvwf8Hit/hh0n1AO21lhr0NhwQzEn7gmLqSh +JZYg46k6tNGy6qUa1NU/ywja0kLCG0KdR1FO9IKaN6TCgB30bpndGq1Y0esX1Mo8 +5xq/P/KoNPE9BzifyhbDBt77eEmfpiKIuQXQVP3B1n3KEDDUlSSeiz3x0h9ZOjfm +vLb1hinfp1RPC4S72a0Zts6r60aee9dMWd/DvC8RqWQqEE0PUamipL2ClzBmOpTK +F9b2y9776hfPV/mvGUwS7H63mAMJkMOTDGZn3WWIT3Dmr6Eru0/t1XXqCPB4cNUl +uf5sxNtEDjXadkeM20lu +=y2yR -----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:07.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities of ntp + +Category: contrib +Module: ntp +Announced: 2015-04-07 +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE) + 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9) + 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE) + 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13) + 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE) + 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27) +CVE Name: CVE-2014-9297, CVE-2015-1798, CVE-2015-1799 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +The vallen packet value is not validated in several code paths in +ntp_crypto.c. [CVE-2014-9297] + +When ntpd(8) is configured to use a symmetric key to authenticate a remote +NTP server/peer, it checks if the NTP message authentication code (MAC) +in received packets is valid, but not that there actually is any MAC +included, and packets without a MAC are accepted as if they had a valid +MAC. [CVE-2015-1798] + +NTP state variables are updated prior to validating the received packets. +[CVE-2015-1799] + +III. Impact + +A remote attacker who can send specifically crafted packets may be able +to reveal memory contents of ntpd(8) or cause it to crash, when ntpd(8) +is configured to use autokey. [CVE-2014-9297] + +A man-in-the-middle (MITM) attacker can send specially forged packets +that would be accepted by the client/peer without having to know the +symmetric key. [CVE-2015-1798] + +An attacker knowing that NTP hosts A and B are peering with each other +(symmetric association) can periodically send a specially crafted or +replayed packet which will break the synchronization between the two +peers due to transmit timestamp mismatch, preventing the two nodes from +synchronizing with each other, even when authentication is enabled. +[CVE-2015-1799] + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) are not +affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch +# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch.asc +# gpg --verify ntp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r281231 +releng/8.4/ r281233 +stable/9/ r281231 +releng/9.3/ r281233 +stable/10/ r281230 +releng/10.1/ r281232 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:07.ntp.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rn4doQAKwA67MgX6jiCS4dm1roREi+ +G1moTCtqO8LXzH3nOOOk6R/MqFGOs6Jq8D+K/YmdD+4l3c/qCNR0qtv0YcVL0kE+ ++xfaIYoGxTzlPjEfpWtceCM0wcAThaF8085hi0IAzG7ozhKPt+Inv33ISgos5c7h +zYcbTqBYgQqcJGWdftnYpZ1Nxvoa3wiOlxsOMa4qnNeUakeXcGLZ+1XB5pLjXMZF +dHfKhMS6KxcUdHoPgOj468D3bQE05puLk13Kjy+Ti38GhcgMROAsMZVOzgno3J7g +D7Hk4dR1dms+6xcSJ0BV4ej0ZfypGv0xiFmUiTk/p7AVbnqrChyjvGca+8reu+Gc +Ks/67oZjP5rc0glvRFgjJBmQV/xK2rUK805e4eAm8qBecRjDv6M3mUmPdw5BlgcA +7fcj4VdGkOzLB0Vj7uJFjf3p9cyT+x8yvMtknxehiYmrYnFDsM5d7lcv0+KnRzb2 +3bt6maO40wqWIcLErFthcT/nLP+wi35aykNIbGh7PXvqL92gWX+h/xB6YY9Ouo4N +hb32W/F5O50MjL6BeY+k5J6usoFrk0EHWK+2Fxm2/AA/5K/JnryWN44F8PVPNzxE +f+Vb6CzxBvmflpa/29tF/wSD0oU78AhuShtVrnEVT5ZWJj+/PHBZtcLk2Z+s5hgd +hKFvV5Xqix0/U//+yGhj +=1fHm +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,119 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:08.bsdinstall Security Advisory + The FreeBSD Project + +Topic: Insecure default GELI keyfile permissions + +Category: core +Module: bsdinstall +Announced: 2015-04-07 +Credits: Pierre Kim +Affects: FreeBSD 10.1. +Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE) + 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9) +CVE Name: CVE-2015-1415 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The GEOM ELI class, or geli(8) implements encryption on GEOM providers which +supports various cryptographic encryption and authentication methods as +well as hardware acceleration. Each geli(8) provider has two key slots, +and each slot holds a copy of its master key encrypted by a keyfile and/or +a passphrase chosen by the system administrator. + +The bsdinstall(8) installer is the default system installer of FreeBSD since +FreeBSD 10.0-RELEASE. + +II. Problem Description + +The default permission set by bsdinstall(8) installer when configuring full +disk encrypted ZFS is too open. + +III. Impact + +A local attacker may be able to get a copy of the geli(8) provider's +keyfile which is located at a fixed location. + +IV. Solution + +Note well: due to the nature of this issue, there is no way to fix this +issue for already installed systems without human intervention. System +administrators are advised to assume that the keyfile have already been +leaked and a new keyfile is necessary. + +The system administrator can create a new keyfile with the correct +permissions, and change the key slot that holds the master key encrypted +with the old keyfile. + +For example, if the GELI provider is /dev/ada0, the system administrator +can do the following: + +# umask 077 +# dd if=/dev/random of=/boot/encryption.key.new bs=4096 count=1 +# umask 022 +# geli setkey -K /boot/encryption.key.new /dev/ada0p3 +Enter new passphrase: +Reenter new passphrase: + +(Repeat the geli setkey command if multiple providers are used) + +# mv /boot/encryption.key.new /boot/encryption.key +# ls -l /boot/encryption.key + +Make sure that the new /boot/encryption.key can only be read by root. + +The FreeBSD stable and security branch (releng) and the changes are mainly +intended for system integrators who build their own installation image for +new installations. + +V. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r281230 +releng/10.1/ r281232 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VI. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:08.bsdinstall.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rntF0P/0vVZ6W5xpIAm5K7eS184GaJ +TuQ0E5XdqH1i6smYxAwUHtINFmAJ11cv+KwAbwFwazdB9jy4def6kwBZ/PE1y1M9 +OGi/JD3RghL0RrrrIzADVz5Z4Hi401BmLN7aOW9REX75/o82XqGXTRlDmow5z22D +/B4NRNQ0p6cwmwh179HHuJPgQsDmL3mBkgn4oMv1036q9VjP5V/b+i2Ja/I6oCa/ +ZJhdEg17P9ek6GBna/fV7yo1Cr+A7v9aSUFcN9E8VqoWGn06jO0sLjWCC9Lrc6sZ +KAgFbxNuPW/eZOE447DIu9jrgE8xxBFn6skeW81jsPsT4FsF/7KWG+dxBOa9XxOH +XQTzc9sx3tsRVUzEBUGHRpPh/ZbkqtqQ5MYrAYk66NJ1NFqbrhY08mqzOd4+Sr7a +CUMV/1vD0pCRME8bgIVupKciIw9y6QYWo2Gm+BJIqAw7L8EaEhaN7nnBxDbRehlj +PdRYxHO4aQLIxdaV4dtDx3SX+njRxyVP/0OOSVQz1laiKadsRO2YQe+IhVoFhU5v +fLSoBI+8mX8Sc65UasqsuNXC3G2c6XXKkLBCYzmL90R2pwPtxbQRTDVGMmG9fyyc +b4w+yindLcwKXxKJryQWswAbv6hBQunAoCaVsqiIdF2N9Psrlr3FhkU//JbvrxA1 +COcciZEksTS0JwEpOGi5 +=wg1b +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:09.ipv6 Security Advisory + The FreeBSD Project + +Topic: Denial of Service with IPv6 Router Advertisements + +Category: core +Module: ipv6 +Announced: 2015-04-07 +Credits: Dennis Ljungmark +Affects: All supported versions of FreeBSD. +Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE) + 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9) + 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE) + 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13) + 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE) + 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27) +CVE Name: CVE-2015-2923 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer +address of other nodes, find routers, and maintain reachability information. +Routers advertise their presence together with various link and Internet +parameters either periodically, or in response to a Router Solicitation +message, using Router Advertisement (ICMPv6 type 134). + +II. Problem Description + +The Neighbor Discover Protocol allows a local router to advertise a +suggested Current Hop Limit value of a link, which will replace +Current Hop Limit on an interface connected to the link on the FreeBSD +system. + +III. Impact + +When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets +may get dropped before they reached their destinations. + +By sending specifically crafted Router Advertisement packets, an attacker +on the local network can cause the FreeBSD system to lose the ability to +communicate with another IPv6 node on a different network. + +IV. Workaround + +Only systems that are manually configured to use "accept_rtadv" +ifconfig(8) flag on an interface are affected. + +The system administrator may decide to disable acceptance of Router +Advertisements from untrusted network in a per-interface basis, by +removing accept_rtadv flag at run time using ifconfig(8): + + ifconfig em0 inet6 -accept_rtadv + +Note that an interface does not accept Router Advertisement messages +by default even if an IPv6 address is configured. One can know +whether an interface is accepting Router Advertisement message or not +from existence of ACCEPT_RTADV in "nd6 options" line in an output of +ifconfig(8): + + nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch +# fetch https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch.asc +# gpg --verify ipv6.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r281231 +releng/8.4/ r281233 +stable/9/ r281231 +releng/9.3/ r281233 +stable/10/ r281230 +releng/10.1/ r281232 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2923>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:09.ipv6.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rn13cQANJCk2LXSX8GDHGzWnD+D5gN +rNC4Q8n9CnN80ZO/0Pk0Xx2VAtr3CKxflBTXBKISKuY+dWOzNvuUuUUkrB9SlyTj +MYpqAljnBT0JkosGGBKJwt39DjW34HWlaj9wEPr1SdIq5vQO0cXS2glVPI/CQuy3 +NwnpaAmftAG4eMSYojOeodXniha/ZasFap5Zj+1dgofFHEP87zxefP2IamG1Cq72 +d8YJSCD8yy51mZ7dVFM29R3FAFdMpponci31dXGb5p8pj0yzVfvI/HF1MRK+x8Nz +R0/jFOHY4TR26BfKsc4Nc6Ze7jdZHUP1qWoL2O6HiLVqws0nQp3jma7FkMrUMuui +H9kAQaIc27tJOkSK4Gdc/dwzHgb3xr2fNfOjvbUv3VNjzijTzbzKfRlVH77EAxAi +sQfUcql/toGdC/QaOlhC8+v5jHdwkLdpfRc4QdsV1rKDAA8mj068sJQS/yAig8E8 +QUNmB3UK1QsX3tmy0JuDJk7tr/jjnhl2Jt9Skvm70xUiA7G05Z1qouErkIAjwikY +zQSPpSQebi3am9TtK/GViOjEVpWLYzLFYo6laR8wMw9eJsj0xlF8Qqz+0HudqfSt +lMOfpVfUmBSIxlFdiIzMBfbpLdD1gSo4oBLIYA/xw7UtDMiWi2Iji/mBY1Jg/i5V +ZCTwZmnmaVuPcsGOzv5W +=A2Am +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:04/igmp-errata.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:04/igmp-errata.patch Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,32 @@ +Index: sys/netinet/igmp.c +=================================================================== +--- sys/netinet/igmp.c (revision 280920) ++++ sys/netinet/igmp.c (working copy) +@@ -1534,7 +1534,6 @@ igmp_input(struct mbuf *m, int off) + struct igmpv3 *igmpv3; + uint16_t igmpv3len; + uint16_t nsrc; +- int srclen; + + IGMPSTAT_INC(igps_rcv_v3_queries); + igmpv3 = (struct igmpv3 *)igmp; +@@ -1542,8 +1541,8 @@ igmp_input(struct mbuf *m, int off) + * Validate length based on source count. + */ + nsrc = ntohs(igmpv3->igmp_numsrc); +- srclen = sizeof(struct in_addr) * nsrc; +- if (nsrc * sizeof(in_addr_t) > srclen) { ++ if (nsrc * sizeof(in_addr_t) > ++ UINT16_MAX - iphlen - IGMP_V3_QUERY_MINLEN) { + IGMPSTAT_INC(igps_rcv_tooshort); + return; + } +@@ -1552,7 +1551,7 @@ igmp_input(struct mbuf *m, int off) + * this scope. + */ + igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN + +- srclen; ++ sizeof(struct in_addr) * nsrc; + if ((m->m_flags & M_EXT || + m->m_len < igmpv3len) && + (m = m_pullup(m, igmpv3len)) == NULL) { Added: head/share/security/patches/SA-15:04/igmp-errata.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:04/igmp-errata.patch.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAABCgAGBQJVJD4RAAoJEO1n7NZdz2rnrYQQANA/aVjCvRZArJcQTrv6KZQx +UA3GLXRG+gSlE3tVo7zx1qFvQGTET6lDNM8C8shj//biaevNxjRlagFDQWHUoh7U +5HYfImnCAkIsO4OvAeJWHj+Xfskf22VRNGodou1PpVEco3XAFCQKMmsdMDUetiIw +zgXEMcONQFgUBf0g8e2YS0UPtJDwaxTFkGs/4uQvOoKLqCNf5esUDGKNeKMp85wg +pFt6TCIsXIoQidFCFz6TWSjXLin9QKhGxSngxKrM9LnkM4l3b7bsh1JoqIrsXQ/W +lIFZnInVYsRrbq/RUaYeh/2FzYGFfks1nKH1Gyg9I/uy0hF1NMig7egUP5cnh7GU +emXVUU6CYvkh4ndmPFKxlWgnf4PBJAebjzFrZtNK8OY6Uz8FrLZo1HuSFhNFdd6k +MRncaZ4rY7AyYYgXZKu5563+ztQh1tAvrSbXAN9adk1QH6t5DmWvOopK7vVJ3fTD +KLcXOQ2wmmr2rmQiSDLg9pUAi7ewu1sUzSbd2IML97ovtALDWU7VMWoQsBAlfHfP +GaY3ncCxsiJW+87udH4kGfDXRkY85Io7VRGEblFaz+AsF4xisMTboXcYy+z+SZH4 +4QXsqoDoTLwZ4XZaIaNW8Z/PdB81j2WPvDbxdRD4DtZkx47KZw1a8SU3tRzlVyaS +Cboc9S/wjp6xphvBNRJl +=WOIN +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:07/ntp.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:07/ntp.patch Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,377 @@ +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c (revision 280717) ++++ contrib/ntp/ntpd/ntp_crypto.c (working copy) +@@ -93,6 +93,7 @@ + #define TAI_1972 10 /* initial TAI offset (s) */ + #define MAX_LEAP 100 /* max UTC leapseconds (s) */ + #define VALUE_LEN (6 * 4) /* min response field length */ ++#define MAX_VALLEN (65535 - VALUE_LEN) + #define YEAR (60 * 60 * 24 * 365) /* seconds in year */ + + /* +@@ -137,8 +138,8 @@ static u_int ident_scheme = 0; /* server identity + */ + static int crypto_verify P((struct exten *, struct value *, + struct peer *)); +-static int crypto_encrypt P((struct exten *, struct value *, +- keyid_t *)); ++static int crypto_encrypt P((const u_char *, u_int, keyid_t *, ++ struct value *)); + static int crypto_alice P((struct peer *, struct value *)); + static int crypto_alice2 P((struct peer *, struct value *)); + static int crypto_alice3 P((struct peer *, struct value *)); +@@ -446,6 +447,12 @@ crypto_recv( + tstamp = ntohl(ep->tstamp); + fstamp = ntohl(ep->fstamp); + vallen = ntohl(ep->vallen); ++ /* ++ * Bug 2761: I hope this isn't too early... ++ */ ++ if ( vallen == 0 ++ || len - VALUE_LEN < vallen) ++ return XEVNT_LEN; + } + switch (code) { + +@@ -488,7 +495,7 @@ crypto_recv( + break; + + if (vallen == 0 || vallen > MAXHOSTNAME || +- len < VALUE_LEN + vallen) { ++ len - VALUE_LEN < vallen) { + rval = XEVNT_LEN; + break; + } +@@ -1250,7 +1257,8 @@ crypto_xmit( + vallen = ntohl(ep->vallen); + if (vallen == 8) { + strcpy(certname, sys_hostname); +- } else if (vallen == 0 || vallen > MAXHOSTNAME) { ++ } else if (vallen == 0 || vallen > MAXHOSTNAME || ++ len - VALUE_LEN < vallen) { + rval = XEVNT_LEN; + break; + +@@ -1407,7 +1415,10 @@ crypto_xmit( + * anything goes wrong. + */ + case CRYPTO_COOK | CRYPTO_RESP: +- if ((opcode & 0xffff) < VALUE_LEN) { ++ vallen = ntohl(ep->vallen); /* Must be <64k */ ++ if ( vallen == 0 ++ || (vallen >= MAX_VALLEN) ++ || (opcode & 0x0000ffff) < VALUE_LEN + vallen) { + rval = XEVNT_LEN; + break; + } +@@ -1420,10 +1431,11 @@ crypto_xmit( + } + tcookie = peer->pcookie; + } +- if ((rval = crypto_encrypt(ep, &vtemp, &tcookie)) == +- XEVNT_OK) ++ if ((rval = crypto_encrypt((const u_char *)ep->pkt, vallen, &tcookie, &vtemp)) ++ == XEVNT_OK) { + len += crypto_send(fp, &vtemp); +- value_free(&vtemp); ++ value_free(&vtemp); ++ } + break; + + /* +@@ -1558,10 +1570,15 @@ crypto_verify( + * are rounded up to the next word. + */ + vallen = ntohl(ep->vallen); ++ if ( vallen == 0 ++ || vallen > MAX_VALLEN) ++ return (XEVNT_LEN); + i = (vallen + 3) / 4; + siglen = ntohl(ep->pkt[i++]); +- if (len < VALUE_LEN + ((vallen + 3) / 4) * 4 + ((siglen + 3) / +- 4) * 4) ++ if ( siglen > MAX_VALLEN ++ || len - VALUE_LEN < ((vallen + 3) / 4) * 4 ++ || len - VALUE_LEN - ((vallen + 3) / 4) * 4 ++ < ((siglen + 3) / 4) * 4) + return (XEVNT_LEN); + + /* +@@ -1627,6 +1644,7 @@ crypto_verify( + * avoid doing the sign exchange. + */ + EVP_VerifyInit(&ctx, peer->digest); ++ /* XXX: the "+ 12" needs to be at least documented... */ + EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12); + if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0) + return (XEVNT_SIG); +@@ -1641,10 +1659,10 @@ crypto_verify( + + + /* +- * crypto_encrypt - construct encrypted cookie and signature from +- * extension field and cookie ++ * crypto_encrypt - construct vp (encrypted cookie and signature) from ++ * the public key and cookie. + * +- * Returns ++ * Returns: + * XEVNT_OK success + * XEVNT_PUB bad or missing public key + * XEVNT_CKY bad or missing cookie +@@ -1652,9 +1670,10 @@ crypto_verify( + */ + static int + crypto_encrypt( +- struct exten *ep, /* extension pointer */ +- struct value *vp, /* value pointer */ +- keyid_t *cookie /* server cookie */ ++ const u_char *ptr, /* Public Key */ ++ u_int vallen, /* Length of Public Key */ ++ keyid_t *cookie, /* server cookie */ ++ struct value *vp /* value pointer */ + ) + { + EVP_PKEY *pkey; /* public key */ +@@ -1661,15 +1680,11 @@ crypto_encrypt( + EVP_MD_CTX ctx; /* signature context */ + tstamp_t tstamp; /* NTP timestamp */ + u_int32 temp32; +- u_int len; +- u_char *ptr; + + /* + * Extract the public key from the request. + */ +- len = ntohl(ep->vallen); +- ptr = (u_char *)ep->pkt; +- pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, len); ++ pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, vallen); + if (pkey == NULL) { + msyslog(LOG_ERR, "crypto_encrypt %s\n", + ERR_error_string(ERR_get_error(), NULL)); +@@ -1683,9 +1698,9 @@ crypto_encrypt( + memset(vp, 0, sizeof(struct value)); + vp->tstamp = htonl(tstamp); + vp->fstamp = hostval.tstamp; +- len = EVP_PKEY_size(pkey); +- vp->vallen = htonl(len); +- vp->ptr = emalloc(len); ++ vallen = EVP_PKEY_size(pkey); ++ vp->vallen = htonl(vallen); ++ vp->ptr = emalloc(vallen); + temp32 = htonl(*cookie); + if (!RSA_public_encrypt(4, (u_char *)&temp32, vp->ptr, + pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING)) { +@@ -1705,9 +1720,9 @@ crypto_encrypt( + vp->sig = emalloc(sign_siglen); + EVP_SignInit(&ctx, sign_digest); + EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12); +- EVP_SignUpdate(&ctx, vp->ptr, len); +- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) +- vp->siglen = htonl(len); ++ EVP_SignUpdate(&ctx, vp->ptr, vallen); ++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) ++ vp->siglen = htonl(sign_siglen); + return (XEVNT_OK); + } + +@@ -1794,6 +1809,9 @@ crypto_ident( + * call in the protocol module. + * + * Returns extension field pointer (no errors). ++ * ++ * XXX: opcode and len should really be 32-bit quantities and ++ * we should make sure that str is not too big. + */ + struct exten * + crypto_args( +@@ -1805,11 +1823,14 @@ crypto_args( + tstamp_t tstamp; /* NTP timestamp */ + struct exten *ep; /* extension field pointer */ + u_int len; /* extension field length */ ++ size_t slen; + + tstamp = crypto_time(); + len = sizeof(struct exten); +- if (str != NULL) +- len += strlen(str); ++ if (str != NULL) { ++ slen = strlen(str); ++ len += slen; ++ } + ep = emalloc(len); + memset(ep, 0, len); + if (opcode == 0) +@@ -1829,8 +1850,8 @@ crypto_args( + ep->fstamp = hostval.tstamp; + ep->vallen = 0; + if (str != NULL) { +- ep->vallen = htonl(strlen(str)); +- memcpy((char *)ep->pkt, str, strlen(str)); ++ ep->vallen = htonl(slen); ++ memcpy((char *)ep->pkt, str, slen); + } else { + ep->pkt[0] = peer->associd; + } +@@ -1844,6 +1865,8 @@ crypto_args( + * Returns extension field length. Note: it is not polite to send a + * nonempty signature with zero timestamp or a nonzero timestamp with + * empty signature, but these rules are not enforced here. ++ * ++ * XXX This code won't work on a box with 16-bit ints. + */ + u_int + crypto_send( +@@ -2212,7 +2235,8 @@ crypto_bob( + tstamp_t tstamp; /* NTP timestamp */ + BIGNUM *bn, *bk, *r; + u_char *ptr; +- u_int len; ++ u_int len; /* extension field length */ ++ u_int vallen = 0; /* value length */ + + /* + * If the IFF parameters are not valid, something awful +@@ -2227,8 +2251,11 @@ crypto_bob( + /* + * Extract r from the challenge. + */ +- len = ntohl(ep->vallen); +- if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) { ++ vallen = ntohl(ep->vallen); ++ len = ntohl(ep->opcode) & 0x0000ffff; ++ if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen) ++ return XEVNT_LEN; ++ if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) { + msyslog(LOG_ERR, "crypto_bob %s\n", + ERR_error_string(ERR_get_error(), NULL)); + return (XEVNT_ERR); +@@ -2240,7 +2267,7 @@ crypto_bob( + */ + bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new(); + sdsa = DSA_SIG_new(); +- BN_rand(bk, len * 8, -1, 1); /* k */ ++ BN_rand(bk, vallen * 8, -1, 1); /* k */ + BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */ + BN_add(bn, bn, bk); + BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */ +@@ -2254,19 +2281,25 @@ crypto_bob( + /* + * Encode the values in ASN.1 and sign. + */ +- tstamp = crypto_time(); +- memset(vp, 0, sizeof(struct value)); +- vp->tstamp = htonl(tstamp); +- vp->fstamp = htonl(if_fstamp); +- len = i2d_DSA_SIG(sdsa, NULL); +- if (len <= 0) { ++ vallen = i2d_DSA_SIG(sdsa, NULL); ++ if (vallen == 0) { + msyslog(LOG_ERR, "crypto_bob %s\n", + ERR_error_string(ERR_get_error(), NULL)); + DSA_SIG_free(sdsa); + return (XEVNT_ERR); + } +- vp->vallen = htonl(len); +- ptr = emalloc(len); ++ if (vallen > MAX_VALLEN) { ++ msyslog(LOG_ERR, "crypto_bob: signature is too big: %d", ++ vallen); ++ DSA_SIG_free(sdsa); ++ return (XEVNT_LEN); ++ } ++ memset(vp, 0, sizeof(struct value)); ++ tstamp = crypto_time(); ++ vp->tstamp = htonl(tstamp); ++ vp->fstamp = htonl(if_fstamp); ++ vp->vallen = htonl(vallen); ++ ptr = emalloc(vallen); + vp->ptr = ptr; + i2d_DSA_SIG(sdsa, &ptr); + DSA_SIG_free(sdsa); +@@ -2277,11 +2310,12 @@ crypto_bob( + if (tstamp < cinfo->first || tstamp > cinfo->last) + return (XEVNT_PER); + ++ /* XXX: more validation to make sure the sign fits... */ + vp->sig = emalloc(sign_siglen); + EVP_SignInit(&ctx, sign_digest); + EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12); +- EVP_SignUpdate(&ctx, vp->ptr, len); +- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) ++ EVP_SignUpdate(&ctx, vp->ptr, vallen); ++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) + vp->siglen = htonl(len); + return (XEVNT_OK); + } +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c (revision 280717) ++++ contrib/ntp/ntpd/ntp_proto.c (working copy) +@@ -459,7 +459,7 @@ receive( + while (has_mac > 0) { + int temp; + +- if (has_mac % 4 != 0 || has_mac < 0) { ++ if (has_mac % 4 != 0 || has_mac < MIN_MAC_LEN) { + sys_badlength++; + return; /* bad MAC length */ + } +@@ -483,6 +483,13 @@ receive( + return; /* bad MAC length */ + } + } ++ /* ++ * If has_mac is < 0 we had a malformed packet. ++ */ ++ if (has_mac < 0) { ++ sys_badlength++; ++ return; /* bad length */ ++ } + #ifdef OPENSSL + pkeyid = tkeyid = 0; + #endif /* OPENSSL */ +@@ -942,12 +949,9 @@ receive( + } + + /* +- * Update the origin and destination timestamps. If +- * unsynchronized or bogus abandon ship. If the crypto machine ++ * If unsynchronized or bogus abandon ship. If the crypto machine + * breaks, light the crypto bit and plaint the log. + */ +- peer->org = p_xmt; +- peer->rec = rbufp->recv_time; + if (peer->flash & PKT_TEST_MASK) { + #ifdef OPENSSL + if (crypto_flags && (peer->flags & FLAG_SKEY)) { +@@ -978,10 +982,11 @@ receive( + * versions. If symmetric modes, return a crypto-NAK. The peer + * should restart the protocol. + */ +- } else if (!AUTH(peer->keyid || (restrict_mask & RES_DONTTRUST), +- is_authentic)) { ++ } else if (!AUTH(peer->keyid || has_mac || ++ (restrict_mask & RES_DONTTRUST), is_authentic)) { + peer->flash |= TEST5; +- if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE) ++ if (has_mac && ++ (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)) + fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); + return; /* bad auth */ + } +@@ -989,7 +994,12 @@ receive( + /* + * That was hard and I am sweaty, but the packet is squeaky + * clean. Get on with real work. ++ * ++ * Update the origin and destination timestamps. + */ ++ peer->org = p_xmt; ++ peer->rec = rbufp->recv_time; ++ + peer->received++; + peer->timereceived = current_time; + if (is_authentic == AUTH_OK) Added: head/share/security/patches/SA-15:07/ntp.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:07/ntp.patch.asc Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.2 (FreeBSD) + +iQIcBAABCgAGBQJVJD4SAAoJEO1n7NZdz2rnXCUQAJAxDCUySWaZ/XvdHiIXfMfa +fcB4oEVQBUuMjmE/hC5CzA/t98M4VM2TtV2oWp53CKhIGsBlte64y3t8a7r2nyBt +17x7P6FtV1q6yRS5DPYl/JZV/mbO4cPGto3f8MXOYraNl7MPvZFJcXXEZPXOQDrz +2Ek4wasnnuCruTjtwSWoXWgC5dqQch97dQG639EyhUtOQ1a/pS334lbBw8wDGAnA +ITsQuEGGqwFBJ2NIVwxW0rHFfz4mSk67OHru0mrnza37TQM8HnYhxvL8nrZNhGcC +FhDjWAWDs4VlqrBIuiRC/dTgA6H6PvF3LDAxQ+ODSB5RiGs9g4TvcxF0XJp0EIp4 +9Kh0rC9wY4nO/q+DBz4nOJXMwJi7rUH2Y7dPSoKsWtgXIuyuefrACD9C2WwZ8EKA +GWSuF4YidBOadl2x6kJGiIrjFhdrgRENVL4Nj5oVy1JztSBdb+qJMn3GSgpC1C00 +7tsvOJmjQgzgRuMnUo/IA++6P8Gj4G3M99K7yN4NcYJOQm1h9opEx7XKZ9W4hnrK +qK9rxeXNzGhXi7/sfHER6AQIRgUliqUyl30RBcy6XuNwX5+2e2SwenAUb5Uu1HkX +oTWWjm47BeG+sjGzM1QXGcukQFH8YFYaZmhSTk3O1ZoKFpMvzhqZEg9CJqfSOCKC +PbrCxYouiyHPXLAIV+OZ +=1bd7 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:08/bsdinstall.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:08/bsdinstall.patch Tue Apr 7 20:36:34 2015 (r46499) @@ -0,0 +1,14 @@ +Index: usr.sbin/bsdinstall/scripts/zfsboot *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504072036.t37KaZ9V038606>