FreeBSD Mail Archives

Date:      Thu, 30 Jul 2015 10:27:51 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r47130 - in head/share/security: advisories patches/SA-15:16
Message-ID:  <201507301027.t6UARpMj067459@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: delphij
Date: Thu Jul 30 10:27:50 2015
New Revision: 47130
URL: https://svnweb.freebsd.org/changeset/doc/47130

Log:
  Revise SA-15:16 for regression in FreeBSD 8.4.

Added:
  head/share/security/patches/SA-15:16/openssh-8-errata.patch   (contents, props changed)
  head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc   (contents, props changed)
Modified:
  head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc

Modified: head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc	Wed Jul 29 20:18:37 2015	(r47129)
+++ head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc	Thu Jul 30 10:27:50 2015	(r47130)
@@ -9,7 +9,7 @@ Topic:          OpenSSH multiple vulnera
 
 Category:       contrib
 Module:         openssh
-Announced:      2015-07-28
+Announced:      2015-07-28, revised on 2015-07-30
 Affects:        All supported versions of FreeBSD.
 Corrected:      2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE)
                 2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2)
@@ -17,14 +17,20 @@ Corrected:      2015-07-28 19:58:44 UTC 
                 2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16)
                 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)
                 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)
-                2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE)
-                2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35)
+                2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE)
+                2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36)
 CVE Name:       CVE-2014-2653, CVE-2015-5600
 
 For general information regarding FreeBSD Security Advisories,
 including descriptions of the fields above, security branches, and the
 following sections, please visit <URL:https://security.FreeBSD.org/>.
 
+0.   Revision history
+
+v1.0  2015-02-25 Initial release.
+v1.1  2015-07-30 Revised patch for FreeBSD 8.x to address regression when
+                 keyboard interactive authentication is used.
+
 I.   Background
 
 OpenSSH is an implementation of the SSH protocol suite, providing an
@@ -125,6 +131,10 @@ detached PGP signature using your PGP ut
 # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc
 # gpg --verify openssh-8.patch.asc
 
+# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patc
+# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc
+# gpg --verify openssh-8-errata.patch.asc
+
 b) Apply the patch.  Execute the following commands as root:
 
 # cd /usr/src
@@ -142,8 +152,8 @@ affected branch.
 
 Branch/path                                                      Revision
 - -------------------------------------------------------------------------
-stable/8/                                                         r285977
-releng/8.4/                                                       r285980
+stable/8/                                                         r286067
+releng/8.4/                                                       r286068
 stable/9/                                                         r285977
 releng/9.3/                                                       r285980
 stable/10/                                                        r285976
@@ -172,17 +182,17 @@ The latest revision of this advisory is 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.1.6 (FreeBSD)
 
-iQIcBAEBCgAGBQJVt+FdAAoJEO1n7NZdz2rnPxEQAIFMhBzUuAEEeG3GoO6o6DQn
-7ZVPdd+EdijDk0VAZbaa3NyeVGTNSEQhjpL/lSkIQUQT+yEAUUsUCVWu0T8OpCN0
-UT6JlYhV+AwQVyWujlTjspQ3Ba3Kn3o76MCzvdIQWPTzD1yCZqRmpZ1eSjonmySZ
-ts+kVDCV2ZJyWACOdG2GXHSmTraIErn0J1YaLg++c8nHUvb+TNo2/8viBGJINhdP
-bvA6fzYPpAzgaq5EEKevySLUnUfUE2Nx5LGD2CUx/hMu7K8y2h4SR2fKmpyBauNS
-4VHSssX6KjxZCYctCEsUgCokWYzt9fepyBsCiS9Vx4mTwat8Vuiz2zB1lCOwM97v
-iDbkcmR/ixElrXSBb5+wrhOpBLnYtHFTNPx8dRz39wdb1MxJQqyOOb8KtDSlFMmQ
-l5Lk1vTEcZQjWvmCV9XjVlPqcHnX4wNnV+IgUnQTnhQlbe0YgszdLAi5XZDGBmtA
-DHuLfBy1091KYBoP641GRuldsq6/r6DUzyZuQJ+p30BDUEfkUAptIEnQWA2l3Y8W
-/10eels29WJhV9N7WWo4pbADA54+DLvi0T/46R9WRbM9bA/dsqK9G5wmREaKCqmX
-ccQUFrruxJTn7TV4QbN69ABEkOFCyQjqecP2GqA2N/5AAUsV47WC/VtKgOPp4FZ6
-E0SkAoNzIighyNk54U9p
-=6PBw
+iQIcBAEBCgAGBQJVufuCAAoJEO1n7NZdz2rnHHAQALfjXH/WyrgpHxw1YFipwFSD
+bl+HLbdvMVbfBxLV7eVBK9RPQiyoxwocmU0uMdiNEIWt2llczTLEl/wtUjj6f4Ko
+K6E7AAOgOX4zdQxBd2502FvXC1oNbDEvK8X3M4MzPHAG4QRgXNffRGYvClmbayck
+2i+bjcHdKAEwFJjHk4wXOQ0yhdF6Q36bH0N3kPV9z7sAt3tuzSWhvtX6QQSyeuCJ
+ie2db9CdSUnFhYELJnVMpVTf3ppMqUT6QEe45LmsGA6F8yWdMaW2vtMdJq6xFVYP
+INCUVyOlDRu0TibjLUpXu4KugeDgyTXy9oz4SRdnpcUWz33fM6aSgOkpiM1h05ja
+BJrs0HZbkjCwtD+8a0buoyIKb9NBIsDKbrec5g8AEDkAHjRzraLGAXUYwkFeyqYJ
+j+ll5r5iu5fc4s8QM+ySlGCW8V9Ix8FX7Rr7FhAWLSKEldDsnCRjG4EfrAcd1HiC
+PleAnLv4uKwfSugIBIEs5ls7+TzWytW8nnEpMEerXUD894suFIycOT6eoUYF/CCT
+I1nHWSITw4HSj8+wBvrhxwZCRqIMOAZB+3jzrwRE+QZkghoWnPnqrCn9uLkdndq5
+ewgz6PiuYC8Zx0Z6trA72oV+XjTKu2d6eO5tRpe9aAmhPmfBWg3fXYltVzTzF9IE
+r0z98qmTEPiTDi8dr+K/
+=GsXJ
 -----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-15:16/openssh-8-errata.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-15:16/openssh-8-errata.patch	Thu Jul 30 10:27:50 2015	(r47130)
@@ -0,0 +1,12 @@
+Index: crypto/openssh/auth2-chall.c
+===================================================================
+--- crypto/openssh/auth2-chall.c	(revision 286066)
++++ crypto/openssh/auth2-chall.c	(working copy)
+@@ -131,6 +131,7 @@ kbdint_alloc(const char *devs)
+ 	kbdintctxt->ctxt = NULL;
+ 	kbdintctxt->device = NULL;
+ 	kbdintctxt->nreq = 0;
++	kbdintctxt->devices_done = 0;
+ 
+ 	return kbdintctxt;
+ }

Added: head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc	Thu Jul 30 10:27:50 2015	(r47130)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.6 (FreeBSD)
+
+iQIcBAABCgAGBQJVufuVAAoJEO1n7NZdz2rn0p8QALQy6oPsGF5V6XyAoyWtAYlq
++CUCQgJD1zbAzspyGdUBCHZZfy712Gi6Y/TMO2395Qs+KqnBmTWTqJ/sgV8pWtjT
+XmqZ4Da+e3g4RQoeoSIKea4rfeAh7pcxb1wH7iFtjJ0isutDZDMmbgJ9RW2KGdTK
+SxgPYRatvncPPeYBSffQ2xinkm0Wj6nrMcd13dJifzC+1BqEC1QZ8CYgyyP4mzkg
+K6p0e4QEeWS9HwKtcFFegD3URAM3I7acgwXWwxqEm+cZl8WRFNcWUExbSwnTYEEt
+mvtwiT3M3cbBYkjpVvCgybP4/9N/pz6bsgnQmicSgm8+5uvQazq09GKvp7DpkKRf
+22zcSbZ4Z0vExnYXS1wQyAO/mMq6JnThzX8BM+I86qOQdF4FjXL5gXLjCSqMfZzz
+VO6LpKFvzxqZZZJzWLMm73h6G1w3AfNNVL78iVtojyp8PcQzzmPg/X7vkEDO2C7z
+39dojWz+gLmNX2CGX/Adc159BoyUEZXdOl7bJAWJfNwnHPoKQxlJfdtFQl+IpaYv
+hAXYKVKd5ENWmkhY3hXy8+cLtoZh+irvAlRuo0B6IIpzyTtoCLOEwPgFd9mIwZRX
+XEak0QwZOyC/TsyQeorRJSRGmPGqCAtbqB5p4Oqjw4WH992T7ce1Oi4a7O7bSjan
+/pOoKf3PsALdbYmyHcTp
+=8Eu0
+-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507301027.t6UARpMj067459>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation