From owner-svn-doc-head@FreeBSD.ORG Tue Dec 23 23:28:33 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 52326BFC; Tue, 23 Dec 2014 23:28:33 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3BCFD64D77; Tue, 23 Dec 2014 23:28:33 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBNNSXbx013386; Tue, 23 Dec 2014 23:28:33 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBNNSVxb013371; Tue, 23 Dec 2014 23:28:31 GMT (envelope-from des@FreeBSD.org) Message-Id: <201412232328.sBNNSVxb013371@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Tue, 23 Dec 2014 23:28:31 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46117 - in head/share: security/advisories security/patches/EN-14:13 security/patches/SA-14:31 xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 23:28:33 -0000 Author: des Date: Tue Dec 23 23:28:30 2014 New Revision: 46117 URL: https://svnweb.freebsd.org/changeset/doc/46117 Log: Add EN-14:13 and SA-13:31 Added: head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc (contents, props changed) head/share/security/patches/EN-14:13/ head/share/security/patches/EN-14:13/freebsd-update.patch (contents, props changed) head/share/security/patches/EN-14:13/freebsd-update.patch.asc (contents, props changed) head/share/security/patches/SA-14:31/ head/share/security/patches/SA-14:31/ntp.patch (contents, props changed) head/share/security/patches/SA-14:31/ntp.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,187 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-14:13.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update attempts to remove the root directory + +Category: base +Module: freebsd-update +Announced: 2014-12-23 +Credits: Colin Percival +Affects: All supported versions of FreeBSD. +Corrected: 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) + 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) + 2014-12-22 22:11:39 UTC (stable/10, 10.0-STABLE) + 2014-12-22 22:11:50 UTC (stable/9, 9.3-STABLE) + 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) + 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) + 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) + 2014-12-22 22:11:45 UTC (stable/8, 8.4-STABLE) + 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The freebsd-update(8) utility is used to apply binary patches to FreeBSD +systems installed from official release images, as an alternative to +rebuilding from source. A freebsd-update(8) build server generates the +signed update packages, consisting of an index of files and directories +with checksums before the update, a set of binary patches, and an +index of files and directories with checksums after the update. The +client downloades the indexes, verifies the signatures and checksums, +then downloads and applies the required patches. + +The freebsd-update(8) utility views the system as a set of components: +"world", "kernel" and "src". The "world" component is divided into +four subcomponents: "base", "doc", "lib32" and "games". These +components and subcomponents correspond to six of the seven system +components offered during installation (the seventh being ports, which +is handled by the portsnap utility). + +II. Problem Description + +1) The default configuration for freebsd-update(8) has all six + components enabled. Components which are not installed should be + disabled in the configuration file. Failing to do so is normally + harmless, as the freebsd-update(8) client will ignore instructions + to patch files that do not exist on the system. However, if an + update adds a file, it will be installed even if it belongs to + a component which was not previously installed. + + Due to human error, the world/lib32 component, containing 32-bit + compatibility libraries for 64-bit systems, was left out of the + freebsd-update(8) server's baseline for FreeBSD 10.1-RELEASE. As a + result, the freebsd-update(8) client removed these libraries when + upgrading a system from an earlier release. The 32-bit libraries + were re-added as part of the first set of updates released after + the mistake was discovered. + +2) Under certain circumstances, it is possible for the freebsd-update(8) + build server to generate an update package requiring the client to + both remove and create the same directory. The client will normally + detect this situation and ignore the conflicting instructions. + + Due to insufficient input normalization, if the directory being + both removed and created is the root directory, the freebsd-update(8) + client will fail to recognize that both instructions refer to the + same directory. It will then attempt and fail to 'rmdir /', + producing an error message. + +III. Impact + +The first issue will cause freebsd-update(8) to install 32-bit libraries +on 10.1 systems where they were intentionally left out during installation +but /etc/freebsd-update.conf was not edited to reflect this. + +The second issue, which is triggered by the addition of lib32, will +result in a harmless but disconcerting error message when installing +updates. + +IV. Workaround + +The first issue is strictly speaking a configuration error. To +address it, update /etc/freebsd-update.conf to reflect the set of +components that are installed on the system. Specifically, replace +"world" on the Components line with "world/base", and add "world/doc" +and / or "world/games" if those those components were selected during +installation. + +The second issue is harmless and can safely be ignored. A workaround +has been put in place on the freebsd-update(8) build server so the error +will not occur while installing the update that corrects it. + +Systems which are updated from source rather than using freebsd-update(8) +are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/freebsd-update.patch + +c) Rebuild and reinstall the freebsd-update(8) client: + +# cd /usr/src/usr.sbin/freebsd-update +# make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r276089 +releng/8.4/ r276154 +stable/9/ r276090 +releng/9.1/ r276155 +releng/9.2/ r276156 +releng/9.3/ r276157 +stable/10/ r276088 +releng/10.0/ r276158 +releng/10.1/ r276159 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this Errata Notice is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJUmfVpAAoJEO1n7NZdz2rnbgkP/1XSnED0ly1kjGuK5g+148YW +gHsB0oiJ3E3qGMHl0Z3E8HSl3XA4f+rMkEM6Ez/cADlzLbWsQFo0HXaT/bEandq4 +OmmJF5cvWzOpk4Zc9svae5zfoCWqpMCderHoUyfF+GIjxOwES5Ga7Fj8kxiGuSlg +WPWNoSJJnBcDLabNH4XiFo6S3OP21oJS1D9U0jlcIzknf5t+TDXwj4xM+fr1lqh2 +sRmkqSkRFNQga7RN323gocX9u7wP/ePsKiAPUFLAj/gYYJVTOtfz2gwgHNg9tC2O +7T1VkbpTNvnbqz3J/bUza2jExyUuFsZpS1uFrbY0eKXRQpKSyMMUYV1sPz9g6fTV +At1kYsnsOdXkSV47zMdXTVbunO/EGsM0JSwHBIFaLfXbq1edT/SNgh/QN6s4Zehz +ZD3YUIjD062wVJW+ZRjIgTpPo9tG1vA70hmG5DKbjawF3dVg0W3ypgGRJYkjJmh2 +zwSyz6V5XwtP/f5A8tw0uo6KqbO8GPDL/c2dOww79Up/9jCiqep5uNdMhnsL3w17 +DRhuIluQlGMIkU7uizZWGqETW3Ok8/CVAznphJEvgXWknbr/trbAmyACdXdFwKkD +Q+oH9U+H+qA5evbC4jGpwCWN2vYZnN+gqImv/ArYxhAOt+zWQqRedFaUZdJmbzwV +fGqk6qlqwPs2F8V/VGg0 +=CMmV +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,166 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-14:31.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in NTP suite + +Category: contrib +Module: ntp +Announced: 2014-12-23 +Affects: All supported versions of FreeBSD. +Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) + 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) + 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) + 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) + 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) + 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) + 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) + 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) + 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) +CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +When no authentication key is set in the configuration file, ntpd(8) +would generate a random key that uses a non-linear additive feedback random +number generator seeded with very few bits of entropy. [CVE-2014-9293] +The ntp-keygen(8) utility is also affected by a similar issue. +[CVE-2014-9294] + +When Autokey Authentication is enabled, for example if ntp.conf(5) contains +a 'crypto pw' directive, a remote attacker can send a carefully +crafted packet that can overflow a stack buffer. [CVE-2014-9295] + +In ntp_proto.c, the receive() function is missing a return statement in +the case when an error is detected. [CVE-2014-9296] + +III. Impact + +The NTP protocol uses keys to implement authentication. The weak +seeding of the pseudo-random number generator makes it easier for an +attacker to brute-force keys, and thus may broadcast incorrect time stamps +or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294] + +An attacker may be able to utilize the buffer overflow to crash the ntpd(8) +daemon or potentially run arbitrary code with the privileges of the ntpd(8) +process, which is typically root. [CVE-2014-9295] + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) are not +affected. Because the issue may lead to remote root compromise, the +FreeBSD Security Team recommends system administrators to firewall NTP +ports, namely tcp/123 and udp/123 when it is not clear that all systems +have been patched or have ntpd(8) stopped. + +V. Solution + +NOTE WELL: It is advisable to regenerate all keys used for NTP +authentication, if configured. + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch +# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc +# gpg --verify ntp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the ntpd(8) daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r276073 +releng/8.4/ r276154 +stable/9/ r276073 +releng/9.1/ r276155 +releng/9.2/ r276156 +releng/9.3/ r276157 +stable/10/ r276072 +releng/10.0/ r276158 +releng/10.1/ r276159 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + + + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8 +OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t +NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+ +rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq +slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq +zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh +u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7 +uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0 +wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy +90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn +CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q +IIw6TjJXQm8DTMuBIwf3 +=oSCq +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-14:13/freebsd-update.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:13/freebsd-update.patch Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: head/share/security/patches/EN-14:13/freebsd-update.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:13/freebsd-update.patch.asc Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJUmSpoAAoJEO1n7NZdz2rnJPcQAOZUttLvFk9WS/NFaWLP4WDk +OK0KCgqpHtxZjxzHSrwoJHQRKpfiHVPKjTiuqGOzGV68s5DFjd4pL++HEQmc5qP/ +fO5EqZ/8uArM1hqQtqqdbeff4rVlY7YqxBbuiG16tT+7/75y0eecPlt9OngG5NM7 +RAXYf9QU1czSnEVvKhoXvvsSSZI8LBheEIxhhQqeumJF0WWt24tiCq4fRZM6Cgxu +2ISCT8+zhc8O6/4XuDmAF9wN4WeDFf/3QrMTdcH6TwJsXsHvoL0rl1ktMabSb10I +fEdhkpQ0pBfLZFGGicj2rVZ8XHBlhZ0wUUgHv9kABQAil1zg1n95+Aw8IrWd4GVX +mwGmNKr7RuWh6Oq/X7XtrvSlqD13W/s8VDLnJJ9gQggm3eWc2E8JGHVyAZgUgIAU +4ciJTQbjww1FRHQJEFJDc4ykjFXF7/2l8FuIQSJuQF/Dp2dV0KwIaDl1my9jjbJG +BmODKA+Do7AzsDjYgubLlF7bPWc54PaPKiW0XjBGmoD6HpUZjf11Jal21JDrOL7t +LMF/YJsE0yo9ce7j9mgGVh4PZGZhNj14OwPrkzW2QP6apguhrn7GaCNTrooxGU2Z +z0I3p6s3l/tJ++LCeh1eTKCfX+NQ5KrbhimXEe9iTZzDF24S2jQwp27cr8wjWvG9 +zpqe4Qli/4lDuWVv3S8q +=p3c7 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-14:31/ntp.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-14:31/ntp.patch Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: head/share/security/patches/SA-14:31/ntp.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-14:31/ntp.patch.asc Tue Dec 23 23:28:30 2014 (r46117) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJUmSpxAAoJEO1n7NZdz2rnhYgP/0/soeGCLPaz3+jVyn9hmy/C +Qso0rjAdPFgRZfu6j0Nuh4d2pa8FZGQPrQZrLYPFn9JN729vVV26sldu5YNEwGGB +GPczVP35KWHcbssB5ShZtVkUfVmV6bip12VJQnG4QMMWqo2hhetVgpZqXcBZnEKF +zjftsNchre562NdNSTlq/gyqV4LiXxWXfR8Gbvo26kX246b7QCCTx2Su9qDvDrz4 +0MV8NFcr0CZbXKQiLWLfZefsQ57zStR0ME1YEaQvJOyLER8GgB7hJzSoGm1flnB5 +cI1B5z1H48wK5GC5YFEqD3El1UJql5Ni5cz0giOgEbYVpxuigk587f15B+70KMR/ +Mki3Yqm90uuhZdybZ5tGzgrPD6udqU/blpTShqsClM10pA9dCGa3K3UDWzjyy84t +TZQHAZa4h9XIxVjaOD94MBJBUlcA+9PV93m/7xtanqqsbJG5SsRA0l/an46jL/Ww +3rC7fVkEnaiKyCUU7SdzDAIo4uAuTahpSTQh/XaYcBdbpy5/PwGXKeroADpDt0JV +755RyEqqUjd5uGO66ZCBcUCJ/H+lJjNxMlEoAVjq+BoVE9axf83g9WTj4LG+B1f2 +aKBV9TLeLz2vP5/h96WHhndrxEcwF5uf8zWk0pu5gFjnzUDfji0amwndzFHR3W81 +h4kO774DRRglESAmqkdN +=Pt4e +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Dec 23 23:03:06 2014 (r46116) +++ head/share/xml/advisories.xml Tue Dec 23 23:28:30 2014 (r46117) @@ -11,6 +11,14 @@ 12 + 23 + + + FreeBSD-SA-14:31.ntp + + + + 17 Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Dec 23 23:03:06 2014 (r46116) +++ head/share/xml/notices.xml Tue Dec 23 23:28:30 2014 (r46117) @@ -8,6 +8,18 @@ 2014 + 12 + + + 23 + + + FreeBSD-EN-14:13.freebsd-update + + + + + 11