Date: Wed, 27 Jan 2016 08:09:32 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48099 - in head/share: security/advisories security/patches/SA-16:08 security/patches/SA-16:09 security/patches/SA-16:10 xml Message-ID: <201601270809.u0R89Wff063380@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Jan 27 08:09:32 2016 New Revision: 48099 URL: https://svnweb.freebsd.org/changeset/doc/48099 Log: Add SA-16:08, SA-16:09 and SA-16:10. Added: head/share/security/advisories/FreeBSD-SA-16:08.bind.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:10.linux.asc (contents, props changed) head/share/security/patches/SA-16:08/ head/share/security/patches/SA-16:08/bind.patch (contents, props changed) head/share/security/patches/SA-16:08/bind.patch.asc (contents, props changed) head/share/security/patches/SA-16:09/ head/share/security/patches/SA-16:09/ntp.patch (contents, props changed) head/share/security/patches/SA-16:09/ntp.patch.asc (contents, props changed) head/share/security/patches/SA-16:10/ head/share/security/patches/SA-16:10/linux.patch (contents, props changed) head/share/security/patches/SA-16:10/linux.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-16:08.bind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:08.bind.asc Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:08.bind Security Advisory + The FreeBSD Project + +Topic: BIND remote denial of service vulnerability + +Category: contrib +Module: bind +Announced: 2016-01-27 +Credits: ISC +Affects: FreeBSD 9.x +Corrected: 2016-01-20 08:54:35 UTC (stable/9, 9.3-STABLE) + 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35) +CVE Name: CVE-2015-8704 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +Address Prefixes List (APL RR) is a type of DNS Resource Record defined in +RFC 3123. + +II. Problem Description + +There is an off-by-one error in a buffer size check when performing certain +string formatting operations. + +III. Impact + +Slaves using text-format db files could be vulnerable if receiving a +malformed record in a zone transfer from their master. + +Masters using text-format db files could be vulnerable if they accept +a malformed record in a DDNS update message. + +Recursive resolvers are potentially vulnerable when debug logging is +enabled and if they are fed a deliberately malformed record by a +malicious server. + +A server which has cached a specially constructed record could encounter +this condition while performing 'rndc dumpdb'. + +IV. Workaround + +No workaround is available, but hosts not running named(8) are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The named service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The named service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch +# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch.asc +# gpg --verify bind.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r294405 +releng/9.3/ r294905 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://kb.isc.org/article/AA-01335>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:08.bind.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.8 (FreeBSD) + +iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rngIkP/Ru1a5U14/iJKqGO2o+OQkk5 +j9G3rwEQROlPhtHdUE3vtA2fZcsayJaK1CjU3j91VWlTXHfBnju6gbJVPntNQqe5 +TxRFmRhRjcyreNdt6hKvFgDrXmWwrytRukJ/XafdYxoWFDTtrUScwrOH87U8ILcF +gkWgzCQ7EnYqr7sEW1makDHmIOLukJo5pJOnUTRkraDP2oaKSros3GC+Fnh6Wf+q +wYOkgl2gj96ubJW4SvdZCAKFtnMrhw0ZZyrVDuPojzWU+ZotzWvZz3xGvoSqXy5U +rqqtUQNHMU0Aqhe9zurW4B2ioff6XALZPgRYqQRI8ezXTgDDhJSwa12mjTJuQmaR +hQRJlW5u5/Ejj2NML6NkhvLuSApwZcAZ2G7cLGdR6nEKKVEb6mXgnL7T/CdhhTj8 +2owIz1iIdI2sUmhv6vuxPxB1k/O7b76LTZ2AL6jx4/mEtOVeofpNej5w7qnvCSqV +RcZsOYRXrMZ0YWuhBkKqnMGGIU0TBMDvjJL5gxf5RR14iLExcC1fKhkhbvRMag4Y +ck7Ja45Ltpwtd0t7/AfzbeI4OVmos4NB36HK5pYJchmOUavm6im5V6781mYGZgQn +HtOQEyi7tSeft+Fz21dmK6Z1GV6lRmrt52wAKyJ71nA/WESgma50WE49RX+cH1MH +nmon5PYKLuMuzFVNYZWs +=HYpu +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,225 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:09.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities of ntp + +Category: contrib +Module: ntp +Announced: 2016-01-27 +Credits: Cisco ASIG / Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-22 15:55:21 UTC (stable/10, 10.2-STABLE) + 2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11) + 2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28) + 2016-01-22 15:56:35 UTC (stable/9, 9.3-STABLE) + 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35) +CVE Name: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, + CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, + CVE-2015-8139, CVE-2015-8140, CVE-2015-8158 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +Multiple vulnerabilities have been discovered in ntp 4.2.8p5: + +Potential Infinite Loop in ntpq. [CVE-2015-8158] + +A logic error would allow packets with an origin timestamp of zero +to bypass this check whenever there is not an outstanding request +to the server. [CVE-2015-8138] + +Off-path Denial of Service (DoS) attack on authenticated broadcast mode. +[CVE-2015-7979] + +Stack exhaustion in recursive traversal of restriction list. [CVE-2015-7978] + +reslist NULL pointer dereference. [CVE-2015-7977] + +ntpq saveconfig command allows dangerous characters in filenames. +[CVE-2015-7976] + +nextvar() missing length check. [CVE-2015-7975] + +Skeleton Key: Missing key check allows impersonation between authenticated +peers. [CVE-2015-7974] + +Deja Vu: Replay attack on authenticated broadcast mode. [CVE-2015-7973] + +ntpq vulnerable to replay attacks. [CVE-2015-8140] + +Origin Leak: ntpq and ntpdc, disclose origin. [CVE-2015-8139] + +III. Impact + +A malicious NTP server, or an attacker who can conduct MITM attack by +intercepting NTP query traffic, may be able to cause a ntpq client to +infinitely loop. [CVE-2015-8158] + +A malicious NTP server, or an attacker who can conduct MITM attack by +intercepting NTP query traffic, may be able to prevent a ntpd(8) daemon +to distinguish between legitimate peer responses from forgeries. This +can partially be mitigated by configuring multiple time sources. +[CVE-2015-8138] + +An off-path attacker who can send broadcast packets with bad +authentication (wrong key, mismatched key, incorrect MAC, etc) to +broadcast clients can cause these clients to tear down associations. +[CVE-2015-7979] + +An attacker who can send unauthenticated 'reslist' command to a NTP +server may cause it to crash, resulting in a denial of service +condition due to stack exhaustion [CVE-2015-7978] or a NULL pointer +dereference [CVE-2015-7977]. + +An attacker who can send 'modify' requests to a NTP server may be +able to create file that contain dangerous characters in their name, +which could cause dangerous behavior in a later shell invocation. +[CVE-2015-7976] + +A remote attacker may be able to crash a ntpq client. [CVE-2015-7975] + +A malicious server which holds a trusted key may be able to +impersonate other trusted servers in an authenticated configuration. +[CVE-2015-7974] + +A man-in-the-middle attacker or a malicious participant that has the +same trusted keys as the victim can replay time packets if the NTP +network is configured for broadcast operations. [CVE-2015-7973] + +The ntpq protocol is vulnerable to replay attacks which may be used +to e.g. re-establish an association to malicious server. [CVE-2015-8140] + +An attacker who can intercept NTP traffic can easily forge live server +responses. [CVE-2015-8139] + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) are not +affected. Network administrators are advised to implement BCP-38, +which helps to reduce risk associated with the attacks. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch +# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch.asc +# gpg --verify ntp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r294570 +releng/9.3/ r294905 +stable/10/ r294569 +releng/10.1/ r294904 +releng/10.2/ r294904 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7973>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7974>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7975>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7976>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7977>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7978>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7979>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8138>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8139>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8140>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8158>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.8 (FreeBSD) + +iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnt9cP/2EtdEPX/oBJXKFWqQv5cwvY +C4gmlK5MZok2an330XMPl0RO2RplsIw4Lo4BuUh7HPKhVa5loYasabKrULQ+4Pgv +z9INxDTDO8iooHeTeNe/VAb5YcKFrD7sqajdc0cY11rLEw1o53IuULz9wZnczAe/ +KnHDNUyYaSU2Ep+c3+ADSJqOk3ffhsGDS+0byoOBcUN+66MnBg19/rKomiN5a7Nt +XSseoQgYISU8aaJDvPlGoaN/Xm5fnFZaKFlJ4y7h51sYYep0qgjQx+Gdakk0vNbh +CwsjpBKqDpFpBcSgdEC/bYHnNpYUTJB/tPmG3YDO5jMWQISKGrrnuMYeh+7PjTDS +vCrneztpVBscLG4ZKSlfmhpZ/Jfy31YPXm5P/w8NuA05i13K06P4gG5PKNyUMgsk +AZQ4Vg8YlyS0Ci4ufdc+AIQI35QMrKvfecJVu49+sNhUA4PpTe7coEU9dks3Dtaw +g2QbfnsEWzJ6RBJcw7aQDSgRoqrVQgMB8IIota+aMzeVurgyFxPm9LASk2RYjhmC +Ep283cc+HPUnihKBZTwwkw5iznbmpyRYlPghEc7slgOZCbk9pefnsCMOZAqRW9fZ +DUpt+HvZD5BKB4kCAUMIvKGS91cyBFaNcdJhlB8uUx2aP2UJmuzldk+x9K74wWGK +lnP0IazzXnWFobfwr+qT +=0ZhD +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:10.linux.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:10.linux.asc Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:10.linux Security Advisory + The FreeBSD Project + +Topic: Linux compatibility layer issetugid(2) system call + vulnerability + +Category: core +Module: kernel +Announced: 2016-01-27 +Credits: Isaac Dunham, Brent Cook, Warner Losh +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-27 07:28:55 UTC (stable/10, 10.2-STABLE) + 2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11) + 2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28) + 2016-01-27 07:34:23 UTC (stable/9, 9.3-STABLE) + 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35) +CVE Name: CVE-2016-1883 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. The support is +provided on amd64 and i386 machines. + +II. Problem Description + +A programming error in the Linux compatibility layer could cause the +issetugid(2) system call to return incorrect information. + +III. Impact + +If an application relies on output of the issetugid(2) system call +and that information is incorrect, this could lead to a privilege +escalation. + +IV. Workaround + +No workaround is available, but systems not using the Linux binary +compatibility layer are not vulnerable. + +The following command can be used to test if the Linux binary +compatibility layer is loaded: + +# kldstat -m linuxelf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the linux.ko kernel module. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch +# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch.asc +# gpg --verify linux.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r294903 +releng/9.3/ r294905 +stable/10/ r294901 +releng/10.1/ r294904 +releng/10.2/ r294904 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:10.linux.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.8 (FreeBSD) + +iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnsr0QAJtM4C+IgRcRHdNGL7vXp1NP +u3sFyktcRGCR0p+lMOaFYPp/Vmu09NglhcaxYFbk4WONVSnZKOuiWsjOL9by/eof +77i8bXINlB/8Pp+34KpxDtz5wR3jVAApaL8xvS+/DaKj3RdQ63RrHgtQRTAk+VSO +ISAXxF2U/XAcRlmBQ3oOtqeHads6M1LNG/D/I0FgpU2G17QoUpfa+AvOkS1wBw7d +mdcnC4NDKKx3QnyD0FTrh4z444PwvE3IQ7OSm7VX4/oOZdH+CC9coLCV1BXALrfA +WVmaUMDy8bWiv7JMsda2xl4KhcEx2Y0UN2hGYdMZJubqYcnUknMimW3b2fhsfgl1 +UaQDD6xv9I4xZqo1NHh4/WiH33PvOmM+U0E6IMb5hTUbfSd0mXOn4yzTP5gJxe4h +fPk5ZUj/HTKx6C8ERMknTDdn+ZrLLlQJAoDbipPZkRBMcsgvRYGjKquBnrW9N0z2 +BUtuLODg/GxMmkQXYV7mT08xw7YLvIbfSwGvlOd/k5hB/0KMTRLBFGd6vc2lZ+CL +dseeK59vUK50Arua8qbg6AlOYc9Dga/XeQ753za0zEm7LOXzjr7jlBex/04ZxvE/ +N4OTxNYlASk1cwBcoytZ8da3D7Vqh7vw7QmUR8lAb/x5ijR1QjCApji+yRupCEG+ +PGHIMcxSGeBx7Drd1eBE +=PyM5 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:08/bind.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:08/bind.patch Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,22 @@ +Index: contrib/bind9/lib/dns/rdata/in_1/apl_42.c +=================================================================== +--- contrib/bind9/lib/dns/rdata/in_1/apl_42.c (revision 294299) ++++ contrib/bind9/lib/dns/rdata/in_1/apl_42.c (working copy) +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; + +@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_region_consume(&sr, 1); + INSIST(len <= sr.length); + n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, +- neg ? "!": "", afi); ++ neg ? "!" : "", afi); + INSIST(n < (int)sizeof(txt)); + RETERR(str_totext(txt, target)); + switch (afi) { Added: head/share/security/patches/SA-16:08/bind.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:08/bind.patch.asc Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.8 (FreeBSD) + +iQIcBAABCgAGBQJWqHnkAAoJEO1n7NZdz2rnSzoQALduvw7DCOsGiKYoQgU17nyo +iiacv5vRmDx7+43BMsND1SM9kwid9RPZWbAj5lb80g7ZOnluBxAoilmqVWgzs9gb +1IkATsf5TTbQcGxYG1wQqx2ahfih0FUIb3Qg1KFMDO3XCPvIMucSAQMtPgq3FdFl +A/FGH1+Yls4Aum53ulgR6IuotzaYnxiznxqi5IGhfTrPSZIuVnH4SDubwTrE+0kJ +N3SzYc3ilguqOtxwSyBtIMSaqPiXZCBGYKGnR8RzysxhfdP56dBSJHzkNoniexjU +4jYD5X+fY6ze04yjgdh/Fat3IgoqjnJ3UJ//lxMWGBrj4xI9JHUAS/jLJpLPnMuI +WBL7G2jJXGrBsGwq5imDPuobfQoT8wuXYGfMi14XRc5/cKbQn+JqTGf9zB562NSW +ADe26s05zgvYS10+nhbxT7v3gYcB/0U2M6HGbN5t/KCTBGteJJsSo3o2ZEZBdkbe +jKnNP8RR2OTAjeCCXYqp8BVO9d+tecOzX/LM5Lj+97iwKKkPkHnOGA9zkyeQdGvt +8KxBsub1LRYPR/87WZDZWtdGALaxqgQDj7G1ib0mLCbj2CzOSRa34bS/kvTQ7BtD +ca7fhrebvhBVP6MqnYAmmuU+ojqMftx7mTZs+fWWFVLcTiPp9WqP2w0r6A/MlkSq +ys1rAAXCj/WvMFopSMzu +=kVrg +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:09/ntp.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:09/ntp.patch Wed Jan 27 08:09:32 2016 (r48099) @@ -0,0 +1,17352 @@ +Index: contrib/ntp/ChangeLog +=================================================================== +--- contrib/ntp/ChangeLog (revision 294707) ++++ contrib/ntp/ChangeLog (working copy) +@@ -1,4 +1,38 @@ + --- ++(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> ++ ++* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. ++* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org ++* [Sec 2938] ntpq saveconfig command allows dangerous characters ++ in filenames. perlinger@ntp.org ++* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org ++* [Sec 2940] Stack exhaustion in recursive traversal of restriction ++ list. perlinger@ntp.org ++* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org ++* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org ++* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org ++* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org ++* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org ++* [Bug 2892] Several test cases assume IPv6 capabilities even when ++ IPv6 is disabled in the build. perlinger@ntp.org ++ - Found this already fixed, but validation led to cleanup actions. ++* [Bug 2905] DNS lookups broken. perlinger@ntp.org ++ - added limits to stack consumption, fixed some return code handling ++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - changed stacked/nested handling of CTRL-C. perlinger@ntp.org ++ - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org ++* [Bug 2980] reduce number of warnings. perlinger@ntp.org ++ - integrated several patches from Havard Eidnes (he@uninett.no) ++* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++* Make leapsec_query debug messages less verbose. Harlan Stenn. ++* Disable incomplete t-ntp_signd.c test. Harlan Stenn. ++ ++--- + (4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org> + + * [Sec 2956] small-step/big-step. Close the panic gate earlier. HStenn. +@@ -47,6 +81,7 @@ + lots of clients. perlinger@ntp.org + * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call + - changed stacked/nested handling of CTRL-C. perlinger@ntp.org ++ - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org + * Unity cleanup for FreeBSD-6.4. Harlan Stenn. + * Unity test cleanup. Harlan Stenn. + * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. +@@ -55,9 +90,8 @@ + * Quiet a warning from clang. Harlan Stenn. + * Update the NEWS file. Harlan Stenn. + * Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. ++ + --- +-(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org> +-(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org> + + * [Sec 2899] CVE-2014-9297 perlinger@ntp.org + * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's. +Index: contrib/ntp/CommitLog +=================================================================== +--- contrib/ntp/CommitLog (revision 294707) ++++ contrib/ntp/CommitLog (working copy) +@@ -1,8 +1,633 @@ +-ChangeSet@1.3623, 2016-01-07 23:33:11+00:00, stenn@deacon.udel.edu ++ChangeSet@1.3628, 2016-01-20 04:20:12-05:00, stenn@deacon.udel.edu ++ NTP_4_2_8P6 ++ TAG: NTP_4_2_8P6 ++ ++ ChangeLog@1.1793 +1 -0 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntp.conf.texi@1.196 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntp.keys.texi@1.188 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntpd.texi@1.504 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.5man@1.230 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.5mdoc@1.230 +2 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.html@1.183 +60 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.man.in@1.230 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.mdoc.in@1.230 +2 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.5man@1.222 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.5mdoc@1.222 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.html@1.184 +21 -33 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.man.in@1.222 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.mdoc.in@1.222 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd-opts.c@1.526 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd-opts.h@1.525 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.1ntpdman@1.333 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.1ntpdmdoc@1.333 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.html@1.177 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.man.in@1.333 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.mdoc.in@1.333 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpdc/invoke-ntpdc.texi@1.501 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc-opts.c@1.519 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc-opts.h@1.518 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.1ntpdcman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.html@1.345 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpq/invoke-ntpq.texi@1.508 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq-opts.c@1.525 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq-opts.h@1.523 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.1ntpqman@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.1ntpqmdoc@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.html@1.174 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.man.in@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.mdoc.in@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.503 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.521 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.520 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.html@1.172 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ packageinfo.sh@1.524 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.93 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.94 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.95 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.92 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.94 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.97 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/invoke-plot_summary.texi@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/invoke-summary.texi@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.324 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.60 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.321 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.322 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.html@1.341 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.321 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.322 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.100 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.html@1.113 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.101 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.113 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.101 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.html@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.man.in@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.102 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.1plot_summaryman@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.html@1.115 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.man.in@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.mdoc.in@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.1summaryman@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/summary.1summarymdoc@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.html@1.115 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.man.in@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/summary.mdoc.in@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.13 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap-opts@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.13 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.html@1.13 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.man.in@1.13 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/invoke-sntp.texi@1.501 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/sntp-opts.c@1.520 +10 -10 ++ NTP_4_2_8P6 ++ ++ sntp/sntp-opts.h@1.518 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.1sntpman@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.1sntpmdoc@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.html@1.516 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.man.in@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.mdoc.in@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ util/invoke-ntp-keygen.texi@1.504 +2 -2 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen-opts.c@1.522 +10 -10 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen-opts.h@1.520 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.1ntp-keygenman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.html@1.178 +2 -2 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ChangeSet@1.3627, 2016-01-20 04:14:51-05:00, stenn@deacon.udel.edu ++ solaris hack ++ ++ libntp/work_thread.c@1.20 +2 -0 ++ solaris hack ++ ++ChangeSet@1.3626, 2016-01-20 01:50:09-05:00, stenn@deacon.udel.edu ++ 4.2.8p6 ++ ++ packageinfo.sh@1.523 +1 -1 ++ 4.2.8p6 ++ ++ChangeSet@1.3625, 2016-01-20 00:34:15+00:00, stenn@psp-deb1.ntp.org ++ updates ++ ++ NEWS@1.160 +24 -24 ++ updates ++ ++ChangeSet@1.3624, 2016-01-19 22:28:41+00:00, stenn@psp-deb1.ntp.org ++ typo ++ ++ NEWS@1.159 +1 -1 ++ typo ++ ++ChangeSet@1.3623, 2016-01-18 11:55:56+00:00, stenn@psp-deb1.ntp.org ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ChangeLog@1.1792 +1 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ NEWS@1.158 +40 -0 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601270809.u0R89Wff063380>