Date: Mon, 26 Sep 2016 08:28:48 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49429 - in head/share/security: advisories patches/SA-16:26 Message-ID: <201609260828.u8Q8SmhA061853@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Sep 26 08:28:48 2016 New Revision: 49429 URL: https://svnweb.freebsd.org/changeset/doc/49429 Log: Revise SA-16:26 to fix a regression. Added: head/share/security/patches/SA-16:26/openssl-fix.patch (contents, props changed) head/share/security/patches/SA-16:26/openssl-fix.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc Modified: head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc Sun Sep 25 20:08:07 2016 (r49428) +++ head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc Mon Sep 26 08:28:48 2016 (r49429) @@ -9,17 +9,17 @@ Topic: Multiple OpenSSL vulnera Category: contrib Module: openssl -Announced: 2016-09-23 +Announced: 2016-09-23; revised on 2016-09-26 Credits: OpenSSL Project Affects: All supported versions of FreeBSD. Corrected: 2016-09-22 14:57:48 UTC (stable/11, 11.0-STABLE) 2016-09-22 15:55:27 UTC (releng/11.0, 11.0-RELEASE) 2016-09-22 15:05:38 UTC (stable/10, 10.3-STABLE) - 2016-09-23 07:48:34 UTC (releng/10.3, 10.3-RELEASE-p8) - 2016-09-23 07:48:34 UTC (releng/10.2, 10.2-RELEASE-p21) - 2016-09-23 07:48:34 UTC (releng/10.1, 10.1-RELEASE-p38) - 2016-09-23 07:44:10 UTC (stable/9, 9.3-STABLE) - 2016-09-23 07:48:34 UTC (releng/9.3, 9.3-RELEASE-p46) + 2016-09-26 08:21:29 UTC (releng/10.3, 10.3-RELEASE-p9) + 2016-09-26 08:21:29 UTC (releng/10.2, 10.2-RELEASE-p22) + 2016-09-26 08:21:29 UTC (releng/10.1, 10.1-RELEASE-p39) + 2016-09-26 08:19:33 UTC (stable/9, 9.3-STABLE) + 2016-09-26 08:21:29 UTC (releng/9.3, 9.3-RELEASE-p47) CVE Name: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306 @@ -28,6 +28,11 @@ For general information regarding FreeBS including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. +0. Revision history + +v1.0 2016-09-23 Initial release. +v1.1 2016-09-26 Revised patch to address a regression in CVE-2016-2182 fix. + I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is @@ -169,14 +174,19 @@ detached PGP signature using your PGP ut [FreeBSD 10.1 and 10.2] # fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch -# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch.as +# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch.asc # gpg --verify openssl-10.2.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch -# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch.as +# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc +For all releases, additionally, apply the openssl-fix.patch: +# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-fix.patch +# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-fix.patch.asc +# gpg --verify openssl-fix.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -194,12 +204,12 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/9/ r306229 -releng/9.3/ r206230 +stable/9/ r306335 +releng/9.3/ r306336 stable/10/ r306196 -releng/10.1/ r206230 -releng/10.2/ r206230 -releng/10.3/ r206230 +releng/10.1/ r306336 +releng/10.2/ r306336 +releng/10.3/ r306336 stable/11/ r306195 releng/11.0/ r306198 - ------------------------------------------------------------------------- @@ -243,17 +253,17 @@ The latest revision of this advisory is -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) -iQIcBAEBCgAGBQJX5N+CAAoJEO1n7NZdz2rnRZEP/2/fe1c3tLZZAPguwphI7NFK -DoGODy5Uj/pMdMv2ZvSJaNFKX5bo4ph2mCtA3rxFhFX4PEDaRoZc4BIlN470qdDe -soBV0mJEHC8r0z8cw6WYbh4wbd2yYy2x95LFi3g/04udctGQyxWmEzkzjzT8SqxU -EMoZYZuYQTvr8paQGiUizLu61AFDM2sZhU8yW4euxxiIREbFTO8rC7DMAk3mKfNk -Og1NN6uVK7+AgxZRJtfrKPftdwGPfKPQKgR731goAghQihThNNDvQ8OdDwj8Mlh1 -KI8u+GaVKUTfgS2Ra9a291nEqV0EHZkY3zSpp4LeCY93gpFQeEhS5M/32oFheP4+ -qNQZdvDzKVBKT1NTzgDbMN++56/h0FDa9NkIQbZI9TwkOTbLeGNMWtC46Ngza3tz -avlSxxckCwelvmZcjntU3MakdWQhIgMRFvOzVDgfL+erUi3kot0+kgiXq+cn0UEa -ZHOCJWIzAh/PJGPNOJl71Ji3qb6iUJx31HmVLxyoofbfKmNsg72/ROqUgBLCYO3s -kW77yMNYEBAzdxeep8oNwMat9bZbxnhvAbr2v934SIndLQ5FtDJ/OdiCq3oXMbyE -uLFTjqGaTur7z26bibT72l4OEy7Qkt5G1EqefxTGHpY0UQhjQQVFWjwbFYq9RT40 -60v4DC15ArshCN6tuyWt -=8wR6 +iQIcBAEBCgAGBQJX6NvHAAoJEO1n7NZdz2rncwEP/3E3/QSGoSuhh7nqj3mzpSEl +YYVB2B6HrxOa99b6rDT8lnnbdkE+Z409C8PP/gM/86WsMJXRrYbB2Dvnpt2hdMI6 +SK94iydp4/QEoahi3DqaiuvO0xfDonUVK/XM+HD2+OGnf5XhRJrXN72aYauK2TEw +3U58NWqdkHKyLMb9Xw6oOeoexOl7rbzvxB1M1Idsb5+mcs4/n9MHfLPPYDMZdGmc +XNuHzafINU4RD6ewZXmCjzZ2v4vlN6UJwoCdvm8NmG+2SGTqC+F/eldNFXuDuThz +DODYpyfg6LjkxeY+P4eG8BMM1grrf1K0/HAaDx3h+F/H/XrxP2gNQfXPxK9HSddL +eFWspWdRfJBydM4zrB8ndu/xmgfuCkgfrOgYU6z9eSLarmElM25Wic4+PiU0DXOq +tHoL3k6B8sEio19Jh2ggdrZJBDM+BzlDqXve3Z1t9lY9DVZbcNe1xWJ7SreBQfXl +n0r3LKLXxaFq014gb4/MV503XAn1P6Q87nL8wzkm9Z1qIHlJPt6Igrl+A5LcQ589 +nW35xpeco8vFG0C6AmUk1cY14nZdZ/OjIEM4zGTd7oXRZRK6VFHJssTl0qJ/KLb1 +rssl78ffhonLwFLLUzAGQlzYXYspz0ySwsrECcebOTzKzFUC9V0hcBuRMIwlAn5g +aqC0mYXivXqtV/cgdYL/ +=3i9P -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:26/openssl-fix.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:26/openssl-fix.patch Mon Sep 26 08:28:48 2016 (r49429) @@ -0,0 +1,19 @@ +--- crypto/openssl/crypto/bn/bn_print.c.orig ++++ crypto/openssl/crypto/bn/bn_print.c +@@ -141,14 +141,13 @@ + if (BN_is_negative(t)) + *p++ = '-'; + +- i = 0; + while (!BN_is_zero(t)) { ++ if (lp - bn_data >= bn_data_num) ++ goto err; + *lp = BN_div_word(t, BN_DEC_CONV); + if (*lp == (BN_ULONG)-1) + goto err; + lp++; +- if (lp - bn_data >= bn_data_num) +- goto err; + } + lp--; + /* Added: head/share/security/patches/SA-16:26/openssl-fix.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:26/openssl-fix.patch.asc Mon Sep 26 08:28:48 2016 (r49429) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.13 (FreeBSD) + +iQIcBAABCgAGBQJX6Nu7AAoJEO1n7NZdz2rnZo8QALAnB2tI1lhZLUayhrCd/HAU +MNxSsqcP55dYYE6b9a6k8HcN1MiLXbxUt/KBT1wtGOvs6SrpqOVvzjDaEqLtufjx +mAiRqKYulWbAdl8RJSESJY17LdyBN68crSQ1AH7t7jlyCjKOq3pBffVuEuiCLYph +OhLfz8/7HS2vZNxPtnEv2RJ+Vwwy9uc6pkqGwyMz4xipVrUOuorV84dJ+DIdLbOT +wk288iZcc519I1DAw61t+cMTG+7xYZW5pa4jTRUY9WMSSeGfW0RBaD/m795aK2FQ +L8226nawoB6Lp6r3L1EU6592/nd6p4Igvgj+s9dqy2kWzs/NZbyxOm4m7Ymz/7DH +r/j8RK0o8Asm9F2Mtg/PWynKgo3XInbEudwpMP2jGxMhx8KOlMc01lM4i5hAdwmm +iGKpcEzwTVTVCdwjbGhJV2YMhurBAjGJv4P6fn/xTpEpjd16MSirP47ryYYcIFL3 +NOguwS/5Hj86HMLx3bDfvp11D9mttlPU0FRYfpVUqFh9zn640BqxkD81ra1L6cKP +d5Lt60FAM2ro/xqEPDh12po/qBmk9cWP7NMNh+ASe0SVyraCwZAbLN4gKHH91EdL +GA5h1yDrse4iUm7lBRwv4dKgJYSNJXoWfyDRpSbBA3O3z4CV0IGNLFNxZoY3JCpd +VRvG2kKCBbiiyQ/PcFNZ +=SXHG +-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609260828.u8Q8SmhA061853>