From owner-svn-doc-head@freebsd.org Thu Jul 30 10:27:52 2015 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88CF49AB660; Thu, 30 Jul 2015 10:27:52 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 77FDA1FC2; Thu, 30 Jul 2015 10:27:52 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6UARqNE067462; Thu, 30 Jul 2015 10:27:52 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6UARpMj067459; Thu, 30 Jul 2015 10:27:51 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201507301027.t6UARpMj067459@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Thu, 30 Jul 2015 10:27:51 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47130 - in head/share/security: advisories patches/SA-15:16 X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2015 10:27:52 -0000 Author: delphij Date: Thu Jul 30 10:27:50 2015 New Revision: 47130 URL: https://svnweb.freebsd.org/changeset/doc/47130 Log: Revise SA-15:16 for regression in FreeBSD 8.4. Added: head/share/security/patches/SA-15:16/openssh-8-errata.patch (contents, props changed) head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc Modified: head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc Wed Jul 29 20:18:37 2015 (r47129) +++ head/share/security/advisories/FreeBSD-SA-15:16.openssh.asc Thu Jul 30 10:27:50 2015 (r47130) @@ -9,7 +9,7 @@ Topic: OpenSSH multiple vulnera Category: contrib Module: openssh -Announced: 2015-07-28 +Announced: 2015-07-28, revised on 2015-07-30 Affects: All supported versions of FreeBSD. Corrected: 2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE) 2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2) @@ -17,14 +17,20 @@ Corrected: 2015-07-28 19:58:44 UTC 2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16) 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE) 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21) - 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE) - 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35) + 2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE) + 2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36) CVE Name: CVE-2014-2653, CVE-2015-5600 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history + +v1.0 2015-02-25 Initial release. +v1.1 2015-07-30 Revised patch for FreeBSD 8.x to address regression when + keyboard interactive authentication is used. + I. Background OpenSSH is an implementation of the SSH protocol suite, providing an @@ -125,6 +131,10 @@ detached PGP signature using your PGP ut # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc # gpg --verify openssh-8.patch.asc +# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patc +# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc +# gpg --verify openssh-8-errata.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -142,8 +152,8 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r285977 -releng/8.4/ r285980 +stable/8/ r286067 +releng/8.4/ r286068 stable/9/ r285977 releng/9.3/ r285980 stable/10/ r285976 @@ -172,17 +182,17 @@ The latest revision of this advisory is -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) -iQIcBAEBCgAGBQJVt+FdAAoJEO1n7NZdz2rnPxEQAIFMhBzUuAEEeG3GoO6o6DQn -7ZVPdd+EdijDk0VAZbaa3NyeVGTNSEQhjpL/lSkIQUQT+yEAUUsUCVWu0T8OpCN0 -UT6JlYhV+AwQVyWujlTjspQ3Ba3Kn3o76MCzvdIQWPTzD1yCZqRmpZ1eSjonmySZ -ts+kVDCV2ZJyWACOdG2GXHSmTraIErn0J1YaLg++c8nHUvb+TNo2/8viBGJINhdP -bvA6fzYPpAzgaq5EEKevySLUnUfUE2Nx5LGD2CUx/hMu7K8y2h4SR2fKmpyBauNS -4VHSssX6KjxZCYctCEsUgCokWYzt9fepyBsCiS9Vx4mTwat8Vuiz2zB1lCOwM97v -iDbkcmR/ixElrXSBb5+wrhOpBLnYtHFTNPx8dRz39wdb1MxJQqyOOb8KtDSlFMmQ -l5Lk1vTEcZQjWvmCV9XjVlPqcHnX4wNnV+IgUnQTnhQlbe0YgszdLAi5XZDGBmtA -DHuLfBy1091KYBoP641GRuldsq6/r6DUzyZuQJ+p30BDUEfkUAptIEnQWA2l3Y8W -/10eels29WJhV9N7WWo4pbADA54+DLvi0T/46R9WRbM9bA/dsqK9G5wmREaKCqmX -ccQUFrruxJTn7TV4QbN69ABEkOFCyQjqecP2GqA2N/5AAUsV47WC/VtKgOPp4FZ6 -E0SkAoNzIighyNk54U9p -=6PBw +iQIcBAEBCgAGBQJVufuCAAoJEO1n7NZdz2rnHHAQALfjXH/WyrgpHxw1YFipwFSD +bl+HLbdvMVbfBxLV7eVBK9RPQiyoxwocmU0uMdiNEIWt2llczTLEl/wtUjj6f4Ko +K6E7AAOgOX4zdQxBd2502FvXC1oNbDEvK8X3M4MzPHAG4QRgXNffRGYvClmbayck +2i+bjcHdKAEwFJjHk4wXOQ0yhdF6Q36bH0N3kPV9z7sAt3tuzSWhvtX6QQSyeuCJ +ie2db9CdSUnFhYELJnVMpVTf3ppMqUT6QEe45LmsGA6F8yWdMaW2vtMdJq6xFVYP +INCUVyOlDRu0TibjLUpXu4KugeDgyTXy9oz4SRdnpcUWz33fM6aSgOkpiM1h05ja +BJrs0HZbkjCwtD+8a0buoyIKb9NBIsDKbrec5g8AEDkAHjRzraLGAXUYwkFeyqYJ +j+ll5r5iu5fc4s8QM+ySlGCW8V9Ix8FX7Rr7FhAWLSKEldDsnCRjG4EfrAcd1HiC +PleAnLv4uKwfSugIBIEs5ls7+TzWytW8nnEpMEerXUD894suFIycOT6eoUYF/CCT +I1nHWSITw4HSj8+wBvrhxwZCRqIMOAZB+3jzrwRE+QZkghoWnPnqrCn9uLkdndq5 +ewgz6PiuYC8Zx0Z6trA72oV+XjTKu2d6eO5tRpe9aAmhPmfBWg3fXYltVzTzF9IE +r0z98qmTEPiTDi8dr+K/ +=GsXJ -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:16/openssh-8-errata.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:16/openssh-8-errata.patch Thu Jul 30 10:27:50 2015 (r47130) @@ -0,0 +1,12 @@ +Index: crypto/openssh/auth2-chall.c +=================================================================== +--- crypto/openssh/auth2-chall.c (revision 286066) ++++ crypto/openssh/auth2-chall.c (working copy) +@@ -131,6 +131,7 @@ kbdint_alloc(const char *devs) + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; + kbdintctxt->nreq = 0; ++ kbdintctxt->devices_done = 0; + + return kbdintctxt; + } Added: head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:16/openssh-8-errata.patch.asc Thu Jul 30 10:27:50 2015 (r47130) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.6 (FreeBSD) + +iQIcBAABCgAGBQJVufuVAAoJEO1n7NZdz2rn0p8QALQy6oPsGF5V6XyAoyWtAYlq ++CUCQgJD1zbAzspyGdUBCHZZfy712Gi6Y/TMO2395Qs+KqnBmTWTqJ/sgV8pWtjT +XmqZ4Da+e3g4RQoeoSIKea4rfeAh7pcxb1wH7iFtjJ0isutDZDMmbgJ9RW2KGdTK +SxgPYRatvncPPeYBSffQ2xinkm0Wj6nrMcd13dJifzC+1BqEC1QZ8CYgyyP4mzkg +K6p0e4QEeWS9HwKtcFFegD3URAM3I7acgwXWwxqEm+cZl8WRFNcWUExbSwnTYEEt +mvtwiT3M3cbBYkjpVvCgybP4/9N/pz6bsgnQmicSgm8+5uvQazq09GKvp7DpkKRf +22zcSbZ4Z0vExnYXS1wQyAO/mMq6JnThzX8BM+I86qOQdF4FjXL5gXLjCSqMfZzz +VO6LpKFvzxqZZZJzWLMm73h6G1w3AfNNVL78iVtojyp8PcQzzmPg/X7vkEDO2C7z +39dojWz+gLmNX2CGX/Adc159BoyUEZXdOl7bJAWJfNwnHPoKQxlJfdtFQl+IpaYv +hAXYKVKd5ENWmkhY3hXy8+cLtoZh+irvAlRuo0B6IIpzyTtoCLOEwPgFd9mIwZRX +XEak0QwZOyC/TsyQeorRJSRGmPGqCAtbqB5p4Oqjw4WH992T7ce1Oi4a7O7bSjan +/pOoKf3PsALdbYmyHcTp +=8Eu0 +-----END PGP SIGNATURE-----