From owner-freebsd-security@freebsd.org  Mon May  2 06:35:49 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B422B2AD90
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon,  2 May 2016 06:35:49 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anubis.delphij.net",
 Issuer "StartCom Class 1 DV Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F21751321
 for <freebsd-security@freebsd.org>; Mon,  2 May 2016 06:35:48 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from Xins-MBP.home.us.delphij.net (unknown
 [IPv6:2601:646:8f00:8a91:11b2:e1ce:bdc8:f16])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by anubis.delphij.net (Postfix) with ESMTPSA id C102018A6F;
 Sun,  1 May 2016 23:35:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net;
 s=anubis; t=1462170947; x=1462185347;
 bh=q/kJCcX032pNYQczI+2sTNENqDKOcD25D8n2l/ci+IU=;
 h=Subject:To:References:Cc:From:Date:In-Reply-To;
 b=2GlA5kpKhVx7bcyLkPidDtxrFieV+j9jQj+zlc2e7b7wL3klzHhFlETfjGlUBjjtQ
 VeTIPhbpbkVCcjCdOaY7w4GIMUQ2WjC4uSg91bP/zHw8knCSnYqGg1AdxTK+K5ZtMH
 MqFA+payU6Vs2s+KnB2s8LliwWOdNH+VMD3BfuZk=
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
To: gabor@zahemszky.hu, freebsd-security@freebsd.org
References: <20160429082953.DB31D1769@freefall.freebsd.org>
 <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu>
Cc: d@delphij.net
From: Xin Li <delphij@delphij.net>
Message-ID: <2d3c18a6-5c14-5e85-aa57-3acd64097488@delphij.net>
Date: Sun, 1 May 2016 23:35:47 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="mHmfXlMnTBFFKcFLwC6hand5e85KHvpAQ"
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2016 06:35:49 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--mHmfXlMnTBFFKcFLwC6hand5e85KHvpAQ
Content-Type: multipart/mixed; boundary="Re1BuWqVe6qAVJLnJiG3Cff4d4R6mWqFt"
From: Xin Li <delphij@delphij.net>
To: gabor@zahemszky.hu, freebsd-security@freebsd.org
Cc: d@delphij.net
Message-ID: <2d3c18a6-5c14-5e85-aa57-3acd64097488@delphij.net>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
References: <20160429082953.DB31D1769@freefall.freebsd.org>
 <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu>
In-Reply-To: <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu>

--Re1BuWqVe6qAVJLnJiG3Cff4d4R6mWqFt
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable


On 4/29/16 04:13, gabor@zahemszky.hu wrote:
>> 2) To update your vulnerable system via a binary patch:
>>
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>>
>> # freebsd-update fetch
>> # freebsd-update install
>=20
> Both on an i386 and on an amd64 machine, I got:
>=20
> =3D=3D=3D=3D
> ....
> Fetching metadasa signature for 10.3-RELEASE from update5.freebsd.org..=
=2E
> done
> Fetching metadata index.... done
>=20
> The update metadata is correctly signed, but
> failed an integrity check.
> Cowardly refusing to proceed any further.
> =3D=3D=3D=3D
>=20
> Both machines are VM-s, upgraded from 10.2.
>=20
> (Got the same with -s update[23456].freebsd.org, and without -s option.=


There was a nit in the metadata, and this should have been addressed now.=


Cheers,


--Re1BuWqVe6qAVJLnJiG3Cff4d4R6mWqFt--

--mHmfXlMnTBFFKcFLwC6hand5e85KHvpAQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXJvVDAAoJEJW2GBstM+nssiUQAJCCt2A7s8Yl9XYogi06jbKD
d1L/kJiQmJbWI9oX2HVo4JuaKsrYILep7GojPGn+Pmw6ECCW00VCtXTzyWm1P1Q2
SE5+gzcF9LV8O/lteOSsRSiHL/Q4mZyTY7Q58/sWG4Bk6lbynwXFSIwfznqzkdoW
yc3GWJozTngw00apdxyVc0s8b+afU30YSyUbsL0kVJ2ViYxvkD36Yrel9rIPOMjy
5ubWERGblyqJKXL7WEJjM0EeskwNf2wlJaST//JM/Lv9f39C/dSNrtImu9/kTd1g
9RWhozuXEiP9Lg0uX2GA1VkQy6qFTxvTuYTPstkYo/zc8xcj+z6UksZ6vfjjTdVM
rZVkCdbkYFy+mUc3DYxEueEmOhIBkUBmEcvHZZ4B5PBWLGieyf1GBCNh09RV2lvt
HuWwL39uscUrs0nAIObxW7dNgBe7btcybDB7N00bTYgd1sliIkOH8yXRH1hHgDlP
/mbvc50vNzWNRkWNBDsG54LIdP3vwSzN7gIg6C2O5nplMiQeu5tOJNNGj+TRZGce
weuqFme9D0IrEAWWHZiG02tmr7qY7QHi7SqktIgz4uOVxCksyQiiae+Hgyvn/Zau
WvcqkTU60Pr7KaBI0C3Aqy5ttLcthBYH0CgfGl1hv/vqpPXruNZzLhFqTfckgksf
BVR77PT4KcBkxc3oyL7j
=6Ou4
-----END PGP SIGNATURE-----

--mHmfXlMnTBFFKcFLwC6hand5e85KHvpAQ--