From owner-freebsd-security@FreeBSD.ORG  Wed Jun 29 21:00:06 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6BC3616A41C
	for <freebsd-security@freebsd.org>;
	Wed, 29 Jun 2005 21:00:06 +0000 (GMT)
	(envelope-from rcoleman@criticalmagic.com)
Received: from saturn.criticalmagic.com (saturn.criticalmagic.com
	[69.61.68.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FDDE43D53
	for <freebsd-security@freebsd.org>;
	Wed, 29 Jun 2005 21:00:06 +0000 (GMT)
	(envelope-from rcoleman@criticalmagic.com)
Received: from [10.40.30.162] (delta.ciphertrust.com [216.235.158.34])
	by saturn.criticalmagic.com (Postfix) with ESMTP id 4B84F3BD2A;
	Wed, 29 Jun 2005 17:00:05 -0400 (EDT)
Message-ID: <42C30C13.8090302@criticalmagic.com>
Date: Wed, 29 Jun 2005 17:01:07 -0400
From: Richard Coleman <rcoleman@criticalmagic.com>
Organization: Critical Magic
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050502)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Uwe Doering <gemini@geminix.org>
References: <42BC5054.908@criticalmagic.com> <42BD3AB4.2030209@geminix.org>
In-Reply-To: <42BD3AB4.2030209@geminix.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
Subject: Re: Any status on timestamp vulnerability fix for 4.X?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2005 21:00:06 -0000

Uwe Doering wrote:
> Richard Coleman wrote:
> 
>> Any information on when (or if) the following timestamp vulnerability 
>> will be fixed for 4.X?  Any information would be appreciated.
>>
>> http://www.kb.cert.org/vuls/id/637934
> 
> 
> FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS 
> version header, of course):
> 
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u 
> 
> 
> After verifying its semantic correctness for RELENG_4 we've been running 
> the patch for a couple of weeks now with no ill effects.
> 
> I'm posting this also as an encouragement for committers to go ahead and 
> do the MFC.  It's low hanging fruit.
> 
>    Uwe

We tried applying that diff to 4.10, but compilation failed with

tcp_input.o: In function 'tcp_dooptions':
tcp_input.o(.text+0x21d8): undefined reference to 'TSTMP_GT'

Did you just define that macro?  Or was something else required?

Thanks for the help.

Richard Coleman
rcoleman@criticalmagic.com