os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

o Fix regressions related to SA-15:25 upgrade of NTP. [1]

Browse source 
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
  memory address. [3]

PR:		204046 [1]
PR:		204203 [1]
Errata Notice:	FreeBSD-EN-15:19.kqueue [2]
Errata Notice:	FreeBSD-EN-15:20.vm [3]
Approved by:	so
This commit is contained in:
Gleb Smirnoff 2015-11-04 11:52:12 +00:00
parent ac3ecdce0f
commit 3bdc44ff8a
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=47736
23 changed files with 669 additions and 165 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
share/security/advisories/FreeBSD-EN-15:19.kqueue.asc Normal file
View file

@ -0,0 +1,133 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:19.kqueue Errata Notice
The FreeBSD Project
Topic: kqueue write events for files greater 2GB would never fire
Category: core
Module: kern
Announced: 2015-11-04
Credits: Steven Hartland
Affects: All supported versions of FreeBSD.
Corrected: 2015-09-24 08:42:08 UTC (stable/10, 10.2-STABLE)
2015-11-04 11:27:13 UTC (releng/10.2, 10.2-RELEASE-p7)
2015-11-04 11:27:21 UTC (releng/10.1, 10.1-RELEASE-p24)
2015-09-24 09:35:35 UTC (stable/9, 9.3-STABLE)
2015-11-04 11:27:30 UTC (releng/9.3, 9.3-RELEASE-p30)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security branches,
and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The kqueue(2) system call provides a generic method of notifying the user
when an event happens or a condition holds, based on the results of small
pieces of kernel code termed filters.
II. Problem Description
Due to int usage for file offsets in the VOP_WRITE_(PRE|POST) macros,
kqueue(2) write events for files greater 2GB where never fired.
III. Impact
Any kqueue(2) consumer monitoring for file changes will fail to receive an
event if the monitored file is greater than 2GB.
This causes commands such as 'tail -f' to never see updates.
IV. Workaround
For the specific case of tail(1), using '-F' instead of '-f' avoids the
issue, however other consumers of kqueue(2) events to monitor files do not
have a workaround.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot the system.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
And reboot the system.
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:19/kqueue.patch
# fetch https://security.FreeBSD.org/patches/EN-15:19/kqueue.patch.asc
# gpg --verify kqueue.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r288168
releng/9.3/ r290363
stable/10/ r288167
releng/10.1/ r290362
releng/10.2/ r290361
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:19.kqueue.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWOe7vAAoJEO1n7NZdz2rneAkP/0FCRnyH6vkJFZBbfdIQY5u7
XPSbSD+2847aJRWw/xU+FWHsFjjcfKrvKqgRtdZXkTBe3FjTgiNbf6jQRCSy0f6u
odcPXt4ZprXmhn6BOsyF92NgDHE5VXIiO1h0Jz1Y/+PTi/52BjNbevGUox6VpbMc
t9XwxuARKG5bSNU+QdWdilP4H//+SAxuhK4Y96i6pccbT51DoO3ACCa8EpuOJYW9
elXTQbB4XC1n0EATr5gtTwKE+5/yPDEgl9pPNjsN8UTWCqzPwxPTwfplf3idN5Vq
Oe5YIiI5aaAE16fSYUkIZR0kZ/ScR6gbmc2ALKRtHPa4+9g9TpNINpfmreV2htfH
CrUW4qGZaoABpX1X2sFJ6su2NCgW3DliOuSAJUyK8Re2XEJZVfcVauyWaZxocJhu
NRoH8yBoLJKrPB0Z3Dr9eygmDNGEvaFUB/ZpbeCbyebwyFTmTMUshwfZwcfPftaB
bNd+R4J9UkY5wJWYUve7VpGDY2L6+j2MoPnlZJDfZZpYmFByD/GmdV5Pxxl4yEj3
2DBevZIGOGlH9E26JrPTcCYjkX15OS0KUkWQy7xv1jdxXCZ4AVbRq8CRiFdQ2JPU
uSsrwgrGPdYkku0k6xXbb5YDw4475lQPAy9gMSeEDCqcl4GjKf1AVbrN9Jq73C8o
c65YAK83vX3x9HDWCrss
=OODP
-----END PGP SIGNATURE-----

137
share/security/advisories/FreeBSD-EN-15:20.vm.asc Normal file
View file

@ -0,0 +1,137 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:20.vm Errata Notice
The FreeBSD Project
Topic: Applications exiting due to segmentation violation
on a correct memory address
Category: core
Module: kernel
Announced: 2015-11-04
Credits: Konstantin Belousov
Affects: All supported versions of FreeBSD.
Corrected: 2015-09-15 04:20:39 UTC (stable/10, 10.2-STABLE)
2015-11-04 11:27:13 UTC (releng/10.2, 10.2-RELEASE-p7)
2015-11-04 11:27:21 UTC (releng/10.1, 10.1-RELEASE-p24)
2015-10-30 13:05:39 UTC (stable/9, 9.3-STABLE)
2015-11-04 11:27:30 UTC (releng/9.3, 9.3-RELEASE-p30)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The FreeBSD virtual memory system provides processes with virtual
address space. Features of virtual address space include copy-on-write
pages and page wiring.
II. Problem Description
A race condition exists in the virtual memory implementation. When an
application writes to a valid address in its address space, and the
corresponding map entry is marked as copy-on-write, and right now
undergoes wiring process, and the corresponding page does not yet have
a page table entry installed, the application receives a segmentation
violation signal. A usual case for this scenario to happen is a write
into a never written map entry in a child process right after fork(2)
system call.
III. Impact
Under certain conditions, a correctly behaving application could be
terminated.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# reboot
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:20/vm.patch
# fetch https://security.FreeBSD.org/patches/EN-15:20/vm.patch.asc
# gpg --verify vm.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r290194
releng/9.3/ r290363
stable/10/ r287846
releng/10.1/ r290362
releng/10.2/ r290361
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://svnweb.freebsd.org/base?view=revision&revision=r287591>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204048>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-15:20.vm.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWOe8FAAoJEO1n7NZdz2rnqBcP/2XPJ87Fr1b7I1i0R8ClJj5G
Kk+pGD+OkZF9h7ix0b1NrSBjB2quCFUy+u8ImPXMkSZM0Id7hAIX0VourkqcoHSL
CrsYTUXyqq4KU3E7xvoU4Q54cnDAd3hHIm9Gsduv1UNY02YBI/mRYqiMVnXKHGk/
SLlmMtFCmLkXHJP5/Ynx1xILWC9c2xYLqfvlLbkTTbmtZn8gAQqgh1kfuEkzEvt4
sgXx8kewUnv9Z2Oo+Xcqqrh5UfeppDEc7x8Y7a4tiSkW034xMETzC0xjrbq+4lE1
2MU/j65ZN5Sq5EjrmHdnr5q0R7/V4CHjRcLAvw2UaVpNlfMNmVpe5uye/slUDRw0
gCcztomi1heU78octR71kD0irhRVa+bcftsuanDRF8hs0czJL5BhPYyIaEb7e4s5
tGQyyflncD4EONbI/rmfsQhLEaTTg240NtkZbQFY1f5FqoyFiKXX99Hwm1jHZsRR
OYGOAo3YZPx6biRdaIOPg0OTjqNw/mZgY3uQ/vCjWGAcgSzynDMkMJEOmyf+RBgZ
F4qWOxmmFMr9+X1+1c7/ApwjampmfCV/Z7UvJTaFkVuKPiFA4ubrJ3TmDLsQMzza
k9zumzxZAo+tsYD8ArbpPYlERe6JoF3axm/97JcFrn5iUcnaMM8vmawQo8xsrunx
GyLfwUPpXSI25C1iNJDx
=HTKc
-----END PGP SIGNATURE-----

275
share/security/advisories/FreeBSD-SA-15:25.ntp.asc
View file

@ -1,22 +1,22 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA512
=============================================================================
FreeBSD-SA-15:25.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Topic: Multiple vulnerabilities of ntp [REVISED]
Category: contrib
Module: ntp
Announced: 2015-10-26
Announced: 2015-10-26, revised on 2015-11-04
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)
2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)
2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)
2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)
2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)
2015-11-04 11:27:13 UTC (releng/10.2, 10.2-RELEASE-p7)
2015-11-04 11:27:21 UTC (releng/10.1, 10.1-RELEASE-p24)
2015-11-02 10:39:26 UTC (stable/9, 9.3-STABLE)
2015-11-04 11:27:30 UTC (releng/9.3, 9.3-RELEASE-p30)
CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,
CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,
CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,
@ -26,6 +26,12 @@ For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit https://security.FreeBSD.org/.
0. Revision history.
v1.0 2015-10-26 Initial release.
v1.1 2015-11-04 Revised patches to address regression in ntpq(8), ntpdc(8)
utilities and lack of RAWDCF reference clock support in ntpd(8).
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
@ -36,125 +42,120 @@ II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an
unauthenticated ephemeral symmetric peer by bypassing the authentication
required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and
10.1 are not affected.
required to mobilize peer associations. [CVE-2015-7871]
FreeBSD 9.3 and 10.1 are not affected.
If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual
If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusually
long data value where a network address is expected, the decodenetnum()
function will abort with an assertion failure instead of simply returning
a failure condition. [CVE-2015-7855]
a failure condition. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd(8) was configured to disable
authentication, then an attacker can send a set of packets to ntpd(8) that
may cause it to crash, with the hypothetical possibility of a small code
injection. [CVE-2015-7854]
If ntpd(8) is configured to allow remote configuration, and if the (possibly
spoofed) source IP address is allowed to send remote configuration requests,
and if the attacker knows the remote configuration password or if ntpd(8)
was configured to disable authentication, then an attacker can send a set
of packets to ntpd(8) that may cause it to crash, with the hypothetical
possibility of a small code injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer.
NTF's ntpd(8) driver implementations always set this value to 0 and are
therefore not vulnerable to this weakness. If you are running a custom
The NTF ntpd(8) driver implementation always sets this value to 0 and are
therefore not vulnerable to this weakness. If the system runs a custom
refclock driver in ntpd(8) and that driver supplies a negative value for
datalen (no custom driver of even minimal competence would do this)
then ntpd would overflow a data buffer. It is even hypothetically
possible in this case that instead of simply crashing ntpd the
attacker could effect a code injection attack. [CVE-2015-7853]
datalen (no custom driver of even minimal competence would do this), then
ntpd(8) would overflow the data buffer. It is even hypothetically possible
in this case that instead of simply crashing ntpd(8), the attacker could
effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening
for data and the port number it is listening on or if the attacker can
provide a malicious instance ntpd(8) that victims will connect to then an
attacker can send a set of crafted mode 6 response packets that, if
received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
for data and the port number on which it is listening, or if the attacker
can provide a malicious instance ntpd(8) that victims will connect to, then
an attacker can send a set of crafted mode 6 response packets that, if
received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) IP address is allowed to send remote configuration
requests, and if the attacker knows the remote configuration password
or if ntpd(8) was configured to disable authentication, then an attacker
can send a set of packets to ntpd that may cause ntpd(8) to overwrite
files. [CVE-2015-7851]. The default configuration of ntpd(8) within
FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly
spoofed) IP address is allowed to send remote configuration requests, and if
the attacker knows the remote configuration password or if ntpd(8) was
configured to disable authentication, then an attacker can send a set of
packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]
The default configuration of ntpd(8) within FreeBSD does not allow remote
configuration.
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd(8) was configured to disable
authentication, then an attacker can send a set of packets to ntpd
that will cause it to crash and/or create a potentially huge log
file. Specifically, the attacker could enable extended logging,
point the key file at the log file, and cause what amounts to an
infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)
within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly
spoofed) source IP address is allowed to send remote configuration
requests, and if the attacker knows the remote configuration password or if
ntpd(8) was configured to disable authentication, then an attacker can send
a set of packets to ntpd that will cause it to crash and/or create
a potentially huge log file. Specifically, the attacker could enable
extended logging, point the key file at the log file, and cause what amounts
to an infinite loop. [CVE-2015-7850]
The default configuration of ntpd(8) within FreeBSD does not allow remote
configuration.
If ntpd(8) is configured to allow remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote
configuration requests, and if the attacker knows the remote
configuration password or if ntpd was configured to disable
authentication, then an attacker can send a set of packets to
ntpd that may cause a crash or theoretically perform a code
injection attack. [CVE-2015-7849]. The default configuration of ntpd(8)
within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly
spoofed) source IP address is allowed to send remote configuration requests,
and if the attacker knows the remote configuration password or if ntpd(8) was
configured to disable authentication, then an attacker can send a set of
packets to ntpd(8) that may cause a crash or theoretically perform a code
injection attack. [CVE-2015-7849]
The default configuration of ntpd(8) within FreeBSD does not allow remote
configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use
of mode 7 packets is not properly protected thru the use of the
available mode 7 authentication and restriction mechanisms, and
if the (possibly spoofed) source IP address is allowed to send
mode 7 queries, then an attacker can send a crafted packet to
ntpd that will cause it to crash. [CVE-2015-7848]. The default
configuration of ntpd(8) within FreeBSD does not allow mode 7
If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7
packets is not properly protected through the use of the available mode 7
authentication and restriction mechanisms, and if the (possibly spoofed)
source IP address is allowed to send mode 7 queries, then an attacker can
send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]
The default configuration of ntpd(8) within FreeBSD does not allow mode 7
packets.
If ntpd(8) is configured to use autokey, then an attacker can send
packets to ntpd that will, after several days of ongoing attack,
cause it to run out of memory. [CVE-2015-7701]. The default
configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to use autokey, then an attacker can send packets to
ntpd that will, after several days of ongoing attack, cause it to run out of
memory. [CVE-2015-7701]
The default configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if
the (possibly spoofed) source IP address is allowed to send
remote configuration requests, and if the attacker knows the
remote configuration password, it's possible for an attacker
to use the "pidfile" or "driftfile" directives to potentially
overwrite other files. [CVE-2015-5196]. The default configuration
of ntpd(8) within FreeBSD does not allow remote configuration
If ntpd(8) is configured to allow for remote configuration, and if the
(possibly spoofed) source IP address is allowed to send remote configuration
requests, and if the attacker knows the remote configuration password, it is
possible for an attacker to use the "pidfile" or "driftfile" directives to
potentially overwrite other files. [CVE-2015-5196]
The default configuration of ntpd(8) within FreeBSD does not allow remote
configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor
KoD messages that have been forged by an attacker, causing it
to delay or stop querying its servers for time updates. Also,
an attacker can forge packets that claim to be from the target
and send them to servers often enough that a server that
implements KoD rate limiting will send the target machine a
KoD response to attempt to reduce the rate of incoming packets,
or it may also trigger a firewall block at the server for
packets from the target machine. For either of these attacks
to succeed, the attacker must know what servers the target
is communicating with. An attacker can be anywhere on the
Internet and can frequently learn the identity of the target's
time source by sending the target a time query. [CVE-2015-7704]
Kiss-of-Death messages that have been forged by an attacker, causing it to
delay or stop querying its servers for time updates. Also, an attacker can
forge packets that claim to be from the target and send them to servers
often enough that a server that implements Kiss-of-Death rate limiting will
send the target machine a Kiss-of-Death response to attempt to reduce the
rate of incoming packets, or it may also trigger a firewall block at the
server for packets from the target machine. For either of these attacks to
succeed, the attacker must know what servers the target is communicating
with. An attacker can be anywhere on the Internet and can frequently learn
the identity of the time source of a target by sending the target a time
query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were
certain code paths where a packet with particular autokey
operations that contained malicious data was not always being
completely validated. Receipt of these packets can cause ntpd
to crash. [CVE-2015-7702]. The default configuration of ntpd(8)
within FreeBSD does not use autokey.
The fix for CVE-2014-9750 was incomplete in that there were certain code
paths where a packet with particular autokey operations that contained
malicious data was not always being completely validated. Receipt of these
packets can cause ntpd to crash. [CVE-2015-7702].
The default configuration of ntpd(8) within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic
An attacker which can send NTP packets to ntpd(8) which uses cryptographic
authentication of NTP data, may be able to inject malicious time data
causing the system clock to be set incorrectly. [CVE-2015-7871]
causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the
communication of the daemon with time servers, causing the system
clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8) can block the communication
of the daemon with time servers, causing the system clock not being
synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash
the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]
An attacker which can send NTP packets to ntpd(8) can remotely crash the
daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]
[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely
trigger the daemon to overwrite its configuration files. [CVE-2015-7851]
[CVE-2015-5196]
An attacker which can send NTP packets to ntpd(8) can remotely trigger the
daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]
IV. Workaround
@ -191,28 +192,50 @@ FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.2]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
# bunzip2 ntp-102.patch.bz2
[*** v1.1 NOTE ***] If your sources are not yet patched using initial
advisory patches, then you need to apply full patches named ntp-NNN.patch,
where NNN stands for the release version. If your sources are already
updated, or patched with patches from initial advisory, then you need to
apply incremental patches, named ntp-NNN-inc.patch, where NNN stands for
the release version.
[FreeBSD 10.2-RELEASE-p5, not patched with initial SA-15:25 patch]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.xz
# unxz ntp-102.patch.xz
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
# gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
# bunzip2 ntp-101.patch.bz2
[FreeBSD 10.1-RELEASE-p22, not patched with initial SA-15:25 patch]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.xz
# unxz ntp-101.patch.xz
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
# gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
# bunzip2 ntp-93.patch.bz2
[FreeBSD 9.3-RELEASE-p28, not patched with initial SA-15:25 patch]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.xz
# unxz ntp-93.patch.xz
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
# gpg --verify ntp-93.patch.asc
[FreeBSD 10.2-RELEASE-p6, initial SA-15:25 patch applied]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102-inc.patch
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102-inc.patch.asc
# gpg --verify ntp-102-inc.patch.asc
[FreeBSD 10.1-RELEASE-p23, initial SA-15:25 patch applied]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101-inc.patch
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101-inc.patch.asc
# gpg --verify ntp-101-inc.patch.asc
[FreeBSD 9.3-RELEASE-p29, initial SA-15:25 patch applied]
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93-inc.patch
# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93-inc.patch.asc
# gpg --verify ntp-93-inc.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# patch -p0 < /path/to/patch
# find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as
@ -231,11 +254,11 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r289998
releng/9.3/ r290001
stable/9/ r290269
releng/9.3/ r290363
stable/10/ r289997
releng/10.1/ r290000
releng/10.2/ r289999
releng/10.1/ r290362
releng/10.2/ r290361
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@ -269,17 +292,17 @@ https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D
sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/
RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA
RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM
7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq
mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv
q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15
rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6
JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ
qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB
8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk
EUlBT3ViDhHNrI7PTaiI
=djPm
iQIcBAEBCgAGBQJWOe7GAAoJEO1n7NZdz2rnzLUQAOugJiyGHZFYllUnCF/EBFoo
UIKc3RjWAqreJ5Mg0upKqI7i2oHw4/VjxVjdvwdp7E5t6b+/LYA5jDCfO/RcuMMS
SZDyC2BWGq8kkSuwNZmo1js1WRUsdpTQPr3TLvoTh/o1w5D0ncLgqJz7IeuqlHer
2VG5yJP30OUyF1cdk4E9LJcDXx24u8iP0DN5e/0XJGST5/trp/+VYpMy7Vm8dv1l
IQks3wtU4tI574rQKjmAiQyRnvLq0TJ4v/eHHKP4PkMC6FNFUyJx0OhVqZdqWJXz
ynT28JY5d1SsiPlhUDfSRKGjdpi4kC4szv7ceCuAwmWiDlsNqinKadu9bz4Rwudt
qlgJZRmtoFcyeReHckZmEwcmW9hPT3i98kjWs83vZqGD9bw7Zt05HfZ/TPyTk3tg
ec1Dmvhx4s9jprypuThPgs3W7KlgnvdpYdc2aagiU/dqvTArzVuWeLP0ryo269CD
ZWbgVrfFZjhvi+/nUJD+eMoVLsJYBhNZoJEv7NvUSWizVE4bfD4oFkAxEHBpXxVo
VKt5V6edVR0rdmI3xFkiP8372UPbYN8KUfa1R5y4GWPbORv/Z5Wb/XAVmGlvkHNj
U0bmAWv5XOw3CtwFJnRaATl/H5+WqQOVthxvT9EHvt8fHczAq8HvDHS7bIrFDEdN
gVRXzv6oTlBVGq6sP17H
=Jtlu
-----END PGP SIGNATURE-----

21
share/security/patches/EN-15:19/kqueue.patch Normal file
View file

@ -0,0 +1,21 @@
--- sys/sys/vnode.h.orig
+++ sys/sys/vnode.h
@@ -787,7 +787,8 @@
#define VOP_WRITE_PRE(ap) \
struct vattr va; \
- int error, osize, ooffset, noffset; \
+ int error; \
+ off_t osize, ooffset, noffset; \
\
osize = ooffset = noffset = 0; \
if (!VN_KNLIST_EMPTY((ap)->a_vp)) { \
@@ -795,7 +796,7 @@
if (error) \
return (error); \
ooffset = (ap)->a_uio->uio_offset; \
- osize = va.va_size; \
+ osize = (off_t)va.va_size; \
}
#define VOP_WRITE_POST(ap, ret) \

17
share/security/patches/EN-15:19/kqueue.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJWNKbuAAoJEO1n7NZdz2rn6AEP/A4nar0hvaz5E+8/IcQW09dp
ZATjAhNbQTfjOsS4FrjEJN/PAsI8l8/ZpuD3BXeMTXQ/Gt2XzvUz9Pz0+eL8vbZM
4nh0saLNkIfac07sw1HadnT2xHvphFW2X4c6UpDjtqTG7o2WmzWaxGhG87n2JO4y
ShjA0YY+Zdre/akesl9hszbHNV81CYElSrLUarMtOn+3geX94PsZCue5anOTOWKS
fDiy1u541FPTyKkRu7t3bUxX0cWXUJaGftfF9pb38IVQA9yvxET1OuAiK8HKPe9Q
WXh10/ySEQC8P23jXgf1NezWJVgBh2cCXOvYdMCjYRWqYgVvJstl9Mbtcr7SgFt9
ESdchZjKF3MM143VpX96VAD/BjcWLXXKRtY5DXX7dd+jQxyz/JXMNLzFweyuIds1
nPcF52OZzGMdU6oPWDvP8NYhQDlfLIjhrd9ATvuLMmsTXL4ezBt71KM7HrlAHHmj
Z6Gr5ybozFFmOR5tMsJKzvjTvOyClrFZXlCplJnFyzAhQ8bCHcqm1Nhk6eqH3aUX
jRdSSu5sG9rIQ2Z6CwMp98RjKRorf6ecGTGoj3SfvBpawDvZYxlbQmKRlX2koEh7
ymCValHohUoKVjnoFoyu7kHJZDBRLAh+2KQ2iTRPE3PRecLqpyiGH14ORo6sABN8
fndpbc8G/dyDpBAjepLd
=pASj
-----END PGP SIGNATURE-----

30
share/security/patches/EN-15:20/vm.patch Normal file
View file

@ -0,0 +1,30 @@
--- sys/vm/vm_map.c.orig
+++ sys/vm/vm_map.c
@@ -3969,12 +3969,10 @@
vm_map_unlock_read(map);
return (KERN_PROTECTION_FAILURE);
}
- if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
- (entry->eflags & MAP_ENTRY_COW) &&
- (fault_type & VM_PROT_WRITE)) {
- vm_map_unlock_read(map);
- return (KERN_PROTECTION_FAILURE);
- }
+ KASSERT((prot & VM_PROT_WRITE) == 0 || (entry->eflags &
+ (MAP_ENTRY_USER_WIRED | MAP_ENTRY_NEEDS_COPY)) !=
+ (MAP_ENTRY_USER_WIRED | MAP_ENTRY_NEEDS_COPY),
+ ("entry %p flags %x", entry, entry->eflags));
if ((fault_typea & VM_PROT_COPY) != 0 &&
(entry->max_protection & VM_PROT_WRITE) == 0 &&
(entry->eflags & MAP_ENTRY_COW) == 0) {
@@ -4128,10 +4126,6 @@
fault_type &= VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE;
if ((fault_type & prot) != fault_type)
return (KERN_PROTECTION_FAILURE);
- if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
- (entry->eflags & MAP_ENTRY_COW) &&
- (fault_type & VM_PROT_WRITE))
- return (KERN_PROTECTION_FAILURE);
/*
* If this page is not pageable, we have to get it for all possible

17
share/security/patches/EN-15:20/vm.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJWM3v4AAoJEO1n7NZdz2rnWRUP/2v7AKkkz1aLhQpMx+orSt7i
1pNkWfMfaKrLjIIS2LTGWObUgWKqamuVZkn9VUp36R+JH7WDw8PSx9zbmgdf6yXZ
Ry4sW/BrxkGgPdnIcXLeM7TJp5Aa1ogl2eJIHxF1PqDnVC7y88Ixr5mAuB8GOOGR
GJ3pb0gy3DB0MlVwHPjhchkQ1Hn0qlj/tTB2KL4DgXCWbyFXJHt1ES9DmSabqgfD
IYU1F4gUfyyQZjtKEa1iRYsPJ0M3yWVpdKaP+Pv6GT8hKqctRgowVh3Q68y2kzw9
bAYAS/22DjMsEu9dvr3XNpE6Qg2JquxENfVFopWCQopWN0XGBh1vcSnIXzI1eTgv
bQnM5WSv4FT8tWRur9Cox9WBSayFUKzsYgqASb7EJw1LaqaAOxEBt+72wniERIpW
iD1vnvXGEbRlc1LduMv7aWjIhGPCHzm47m9XDYE7lcSNhMcu+/6hHJcS22uXHzbF
spoY+ouUTTcBaflA/acp7NGqp94O8a7FF9YtqyMIv4B6K2bvCNLR5dmtyshuIj6h
hZz5/EHda0MRdBdWUIy8tbnVS9VsJ2sOmmg3b53ZVmxVViD4llzAQ5oSrp3Jtn/N
9HrPhl62OJz7APZNCc0bb5z5PkMoj1ID/gqsCQTgbAWDalnkkTXLwwSYAK+0wgH+
Jh7B7RK+K3F3GAiqu8wf
=EMis
-----END PGP SIGNATURE-----

11
share/security/patches/SA-15:25/ntp-101-inc.patch Normal file
View file

@ -0,0 +1,11 @@
--- usr.sbin/ntp/config.h.orig
+++ usr.sbin/ntp/config.h
@@ -120,7 +120,7 @@
#define CLOCK_PST 1
/* DCF77 raw time code */
-/* #undef CLOCK_RAWDCF */
+#define CLOCK_RAWDCF 1
/* RCC 8000 clock */
/* #undef CLOCK_RCC8000 */

17
share/security/patches/SA-15:25/ntp-101-inc.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJWOeKMAAoJEO1n7NZdz2rnCk8QANNSo2GbXqBN89RtppfHYGZF
sOsAwHl6DzN4BnfqMg6XQMDdyo2wlFuOieeCDPwRR93PsOslHE+RY8aPN5qy8rnJ
FVuT0mV0ss26W3W02veS+jGUuBka/W79ANAUz1+X6HS6HyGsvaiajQPi+ltFi9ge
EBcJpX3nCJqg13otKWNGpYBvr7GtzG+WqQoSA3mgDyYRHldZRpAzV5Ups4U3Fq1/
5o0IYI2Ow0TgJ5KEsi4zKG4jvkWOdRkesyEXVb/LAxWfPUPdjiEMv97n0ZQCYytd
vRhTxn4TDlV/hTpptYNr918HSWnjH6dkOCnTA/OcA6j8jLrHuuRfmLHjqLbssL9U
IjpFqgNxT7hjKhUA3ZMPlL/vgLvJmhxCSE4fP/YCexSMSvkcUATU+Y4B2dOBf0c7
7nBolZQVqb3kgU1CGVBUlmQXnFIJR8AXVxWmSbd81fQkDrRysnSb3JzX35i6vWXD
eKpnYZ6ZRPlCNnmGKiuv5K+lmdmItKDmRnErdt964clZRYgnW0UudenT/owtdt3g
RSivkpUgOPpMcgHnee0P3QVyG1kHNxXpa4Om1s50FTo3ymDZ5nx/IX7Y+xkYKLal
7te6E9ns4CXfSozTv7/q3d6oisTRRRjeXnwpkLpCtLTDIGTaTe1+U3ws0cr7rSYD
WDGJj2pnLvJX7RDwZA4g
=ZlqA
-----END PGP SIGNATURE-----

26
share/security/patches/SA-15:25/ntp-101.patch.asc
View file

@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWLKJHAAoJEO1n7NZdz2rnGA4QAOboE0gJjnNuiZ1KGrjSLPFp
2VhBQjRmUtSyJ5vZ68Qqg5vtROUVSnwwV5Z+D8My2LWUjnQZp+TqE86EGEMWkfo0
ZLVp9nfoqgpstpyegDrP3KcfRdiE1W9xGy7wWp2kg8Uxw+I1QMm57W0Z+7VcQSxL
FKzzmGaSHoP+x3GZPvBH77MXI/xt2F4kkUfWx8w7cJdNGw1/Sd27Gn19SVXAmPjP
0I3yAJPkNPRQHdMgINWexidX7zRFqoERYz6wZuK7phE8f8LyxknNXV5+zmu4qIPf
dxZuNuh/IH+rdghkXzYiUcydx6XUH8Pmmi9jXwgoDEyQNrV8PG6RJHZqyPiXv91g
TDRREnYr/Dwk3Z5V+VJ3zGBNN9U/S7Ye5q4lAEUijH4vH/clo4A8IlKhIle2CIj+
pys5nCUFWYCKzujfkium9G4tiNZWVyz6gEBVlW73KvqFgrLZ1x2UmtyMVrLaENUr
UwO/PGv5XGcYQ5cUH6wRqQCDN5g4h0/zSV6eaDpF7uL1coBrRBfQQiwqK5yR/L4l
/0k20oonbHvTvFeB8EvHeCOJy2CVDZPOxWNRIrGxP7zTBP6fH+RmTLUssdZUYfFo
5FTfY0q8zJM00VYZ/bEe4ug5H7AnSqnnNbisHrLj9/kRmmRUk0d/mCr2krRBmb5B
ffjm7JmgLOhsj1OfwXeD
=3SYf
iQIcBAABCgAGBQJWOeKbAAoJEO1n7NZdz2rn/OYQAMhQhngby4nFUQ7Hiz26c8/5
Y7VVjHS8kgtzKLD2KrgDm04qCiYr9QGmV3j1yDMO+0uYfoSkJcULZLDsnXRbY/ng
7uT4lur2imKo739FeBk6WaFWxvaRXdYTB1OX5yQloZgn6PgCgQBlDVnD4QhHF6l1
VhOdQhm8tizG2gmuvi8yjBWguVAt+RCm3Uv8aGOdxDartrszWpiqXeIymITjNhyC
r8AwEq6pyFvcnvEAiV296bvVCxXYgRWceTzHQvPWE9ZE2WImsI7x0EWWu9HSzGEU
YUeWpf8nWgL6JaJd800Z4j324Fm/93vgP784sSRH+lRpx/kpAeog0Le2zjEXE5In
t3HqOBa7TxyuBpDIoJ0+Grjl3+kN/G7u8+R01kddw8p8vOGC99EfnlWNJi4tAuJw
llVT0l6V9cEOUTIIWBbmjWULVEbe8s5n2CL/8yG+2Z/Lh4gg/JQijXpknWPt5TIo
OUkzjGNW1iYnAwEgBT/vrw70ZwhhB6JyK5tAe02V9H4EMdhRbnlEG87zTVIDE1/e
SxiN3NGvA6ZBo1CtAmpzgY7RlQo/5i4HnceOTsTnf5zoOFlMdKo0Yt95+aJF1z/c
qaLdSpjsUE4+T0ntfcCn4tTyv+Z3+nR9IdmQHrMoSiWd/NeDPwVWTBxBQ+jvbpQ3
rUUZq9VYv9BTGqbnA3jL
=xLWk
-----END PGP SIGNATURE-----

BIN
share/security/patches/SA-15:25/ntp-101.patch.bz2
View file

Binary file not shown.

BIN
share/security/patches/SA-15:25/ntp-101.patch.xz Normal file
View file

Binary file not shown.

11
share/security/patches/SA-15:25/ntp-102-inc.patch Normal file
View file

@ -0,0 +1,11 @@
--- usr.sbin/ntp/config.h.orig
+++ usr.sbin/ntp/config.h
@@ -120,7 +120,7 @@
#define CLOCK_PST 1
/* DCF77 raw time code */
-/* #undef CLOCK_RAWDCF */
+#define CLOCK_RAWDCF 1
/* RCC 8000 clock */
/* #undef CLOCK_RCC8000 */

17
share/security/patches/SA-15:25/ntp-102-inc.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJWOeKcAAoJEO1n7NZdz2rnhCIQAMgAXKbgS2wf+v4ZDzqmsIo0
/WK3ubOL35wV7cY65QonITXcrM0/eFPOOIsPyU014+HBJDDC8yBmHOkgHcL/LZPx
Vj9t+OjEZrVmwOJOYTLLcfm1T+r5Mh8L1Uj7eUh3ysN038qQnremJPV1thCj7xp+
cSKzWI0SXvwqSoln8Y6AyXcVq3ZWV70n/X8ckDAsH/3OufjmwHxu5i7D3EEf1Yuy
bwCQn4NXw4H77FrO4LMl/5fN5kADQRJGLnsyot/wShmCFfkhCYIblf6OvYWJXeGO
Ar4cLiR6tcaUOJrzErHNuBV/yU9gAAmQ0RH3ZE7kGpTlfrDc9AvPCMYJh/OC2NEM
bpDDFyAQeSHd+WSmy+Nk7MwX1350R7taPGC7hvHRqDYgo9pGGrPy5UTyhrzXiml9
lT8canhZmLXqcnXSDpN6dSRDX7d1fVaQYzDpKr99kY6d3+QCXORRaIwjSiFTZxZs
oIlMmnSBqzHoEWH629e5bctaBPwUYH6JYVDoh+4Zy/Ua50XjXZixQwu86zOe6wSm
lGgU4p+MXpPfgOzvl5sVLOO+ktyI+APi36hv360gPjGEf0ddZj5AZHfHVysAwIol
BORO3KeCZ9EuFEEUAg8OaRIPTf86kx/DUu9WY3LsJvTWrD+bxfHaVkB5MXEhHQM5
JQXlMivEVI1DPZX6ipGI
=lUjI
-----END PGP SIGNATURE-----

26
share/security/patches/SA-15:25/ntp-102.patch.asc
View file

@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWLKJVAAoJEO1n7NZdz2rn0g8P/RUGnRuIDjU5BUt+0c62HF8s
P+7U4Gf6gfmsMER5hO9ddNXDlKxddKGfudo0UKZA3VvxpySxqsXehzwo5OqyfgxC
/Em2iEVkzIEECu5AU8IbBXz15UxxmhoWoyZR7KvtOsJCEi/izHDHZ2UK3X9L+GD9
ctKPbsWXRPnCLaeArqp8+hXoqp5qmkCjBmpNYLK9LHgMjB7bvy2Rks8LeetZxPgE
fzXHDozPsFdn0qcHH0M0n6zxoHZ1cmEp5bQWIFPnJ3o398+vHtfDgA0DkeIyxAVA
KmK3J2UDY0pNLypHzawT+Q+f9Gx3dY1JYt1yWI58VZPEVQ5nRoHxHdhH7KohFhZh
jRPR5EiSg0B2mwmIL9XNtOaN3PiLTcXIDgB1JFfvpZVKSdDBicYzM1ZBFhzgJdUe
sKS6z8Xx3t0I7LFPfW6E3yi25T2Kyua5jZvd5tIpyazs+8UN1vI/FRAPDjM/lOQa
Ax0PISZQqm+4xUJDhp02zI56Jfv2LTv0gp0USXRn+J9UYD8/zVszSWpCN6V9KV7h
CIO2r8wFje5qsbfgFYTHW4YU08rFmsb0SPsUcnXdOoJsz5ZNdo2tTDkuNmB9qCRZ
GeB1wyJfQ7pMLQ9RrndL5el/TphdPNthGzE+MumoPB/5ETujoytwZaEdGvBVPTP8
NIJCvDt4d3CvPQyPVVXp
=OOPS
iQIcBAABCgAGBQJWOeKdAAoJEO1n7NZdz2rnIMcP/3rvYlwovd3KhSPUZGH/8Mdv
MxeOYmxFDCistFrIa3Ih6JPINEdwwYfuiVY5WktIUTvoPy8xCkteuSrzeeyEV3Yu
OjwUmWSPDeGo+iVFA+x2dHbDVYo8VvM1/F+foSkw9egigDJxhOV9QZBa7kE3eAZB
2xCSBo5shDWtZlhj9T9F7iEp7ftocJlTi3+MbimMxWzwNSBSeyFQBS5M9HktCwTG
wPU2nU4yysLSzToCe1JA3XC3ubrV5zPw/PWwmgNQObm5wqus00oyJ2M3OgytuC0O
09uCUk2b/pqvCNTPTOliv4nSifZrX2TEk53xLbI/nLOy8WglS++guo054Mh5yKct
lZEUfWMVdctmeu6ZYbbvGjILP9vUCwULv6806Cdndk3wrZX7951lanw8/iEWcF4l
+SHN/M8+WOjnF5/ez23WztwKy+lDANYt884GFb7GNLi6HszpSxQugiXynrhCGfjt
4e95p+UaUOYkIrq44AC4Mz1w0wv7yBsRwAMdqWY7lNvGIHFRi0jdCNR5Ci+1Tkna
mK5vhfgJbDdbPuIHlQh0oYYLBJkWFvkxT25xINgLzZ9fFmflFIXoQnHfgrXZzylU
1OVKQooDhgZzlnxABGF/Mn5Qb6AyvebUHoeXPelYDhnjZnKpp6h2VXzcFUHlK4fr
B1Q6HNfckjEaTZQZLjG8
=b/r/
-----END PGP SIGNATURE-----

BIN
share/security/patches/SA-15:25/ntp-102.patch.bz2
View file

Binary file not shown.

BIN
share/security/patches/SA-15:25/ntp-102.patch.xz Normal file
View file

Binary file not shown.

37
share/security/patches/SA-15:25/ntp-93-inc.patch Normal file
View file

@ -0,0 +1,37 @@
--- usr.sbin/ntp/config.h.orig
+++ usr.sbin/ntp/config.h
@@ -120,7 +120,7 @@
#define CLOCK_PST 1
/* DCF77 raw time code */
-/* #undef CLOCK_RAWDCF */
+#define CLOCK_RAWDCF 1
/* RCC 8000 clock */
/* #undef CLOCK_RCC8000 */
--- usr.sbin/ntp/ntpdc/Makefile.orig
+++ usr.sbin/ntp/ntpdc/Makefile
@@ -17,8 +17,8 @@
-I${.CURDIR}/../../../lib/libc/${MACHINE_ARCH} \
-I${.CURDIR}/../ -I${.CURDIR}
-DPADD= ${LIBNTP} ${LIBM} ${LIBOPTS} ${LIBEDIT} ${LIBTERMCAP}
-LDADD= ${LIBNTP} -lm ${LIBOPTS} -ledit -ltermcap
+DPADD= ${LIBNTP} ${LIBM} ${LIBOPTS} ${LIBEDIT} ${LIBTERMCAP} ${LIBPTHREAD}
+LDADD= ${LIBNTP} -lm ${LIBOPTS} -ledit -ltermcap -lpthread
CFLAGS+= -DHAVE_LIBEDIT -DHAVE_READLINE_READLINE_H \
-I${DESTDIR}/${INCLUDEDIR}/edit
--- usr.sbin/ntp/ntpq/Makefile.orig
+++ usr.sbin/ntp/ntpq/Makefile
@@ -20,8 +20,8 @@
-I${.CURDIR}/../../../contrib/ntp/sntp/libopts \
-I${.CURDIR}/../
-DPADD= ${LIBEDIT} ${LIBNTP} ${LIBM} ${LIBOPTS}
-LDADD= -ledit ${LIBNTP} -lm ${LIBOPTS}
+DPADD= ${LIBEDIT} ${LIBNTP} ${LIBM} ${LIBOPTS} ${LIBPTHREAD}
+LDADD= -ledit ${LIBNTP} -lm ${LIBOPTS} -lpthread
.if ${MK_OPENSSL} != "no"
DPADD+= ${LIBCRYPTO}

17
share/security/patches/SA-15:25/ntp-93-inc.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJWOeKdAAoJEO1n7NZdz2rnv6QP/igBzVe+a2Gh59vZTL48zi0R
rVf1TLANx30MGIS/yQBLhgcem1WgRRAx8921rGkXId4VjghiQ+jiQ8g9huPajB9d
II2rWLVAIWP7aE/IoqVSxUFRhhmR4pNbTCekX2Gz0uOmU4rEXJMsuO+JNKkoQXxx
0jGPURnigET7tNuqIvEanYE6pAg6NW24YwiqjYhzEdDOy+f11bq1m2+6EX8iy56M
6FwEPzruoRGOXtqD9Pjp8S6YdMIrdV8uuC+43N0cYyGNikpSD5gLM7/BJgBEC5v9
dvcmLclio6fKyDqpksOn2H1jiQ6OLG+8aUUQ2mbRwL5bKY4LblsEFbZGZsOvhLFC
sy4yTJL8J9TZQ2AG6DdTC83n/W1IAezzx46pWUprZyED5YUrhwdgVJnWXsyVp7jK
OTJdoqbOjU7FwNUTeX5QwgQwfIXZ+l8sV0blMw5UN75XrMpzVlOx99m6knp/sudf
ySsMiMlmEfXjICXDz2LmN/anyg4bc3sfJcqfpgYqM3JDEKKTLJMT5Ffand9ydaXM
LaFDkOr5uZj7HBMDXmntkWYoxcRHPsaVArNEcoItyKNmrp6w/VKh7IYtMFyX6hJY
w3VjFU3UJMmFJdamQB1flwWFOxPvJGwj8c4+kwFw4y+UDjgbxrEKlM8iJJ+gCnBq
RDPB4MYwGDUk5kUrfcGI
=WNtI
-----END PGP SIGNATURE-----

26
share/security/patches/SA-15:25/ntp-93.patch.asc
View file

@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWLKIsAAoJEO1n7NZdz2rnL3IP/2gtYlYoj/n0OtxD2wJVNT1X
ETOAS6bFzEjRQnhpCZF7+fzb1YgLGZJvjz0PO7UueUtmR2YJe8Hm5OEUCAmmN+Z1
0tD/WLH1o1lOknVIKFHkJzL/AZF0RDf8Xi0BLdo2Qffr9YN5i0EUvUqO3Yjh+T60
ssgT2AfbPqoJz4t35weqvecLpDR8jxq1LoCT2HzQtVC2GZDKf/AMwVWvw7d7XYSG
wHmRuDpdSZT54L8qIj6gDT5g1D2mUueEVsv66ps+IwYNIWK+BXvz0/a/+Gvzt4bd
wy0zOW2UjO2+ibaoEXA2Q/pwdlPUHrVHAc1A1lMj0R22w9sh8KK2dR84anhcKvsG
1Ro4Xwze65hRwkoMftRLP+nspa0xHkiJXM+77dDHx+GSTFvPjrx46NZ4q0Mm3lek
midfkHn1OdQlr9ewUi3Lx4MvK0+P59TUU2sI2nQMKzvuMnN0mcn6uAF1un3Foz5j
uhqTpHoQjll+n3DKK/Br+ke80yU5GzPdfbEO0P7Iz8gAFtsdU5EMG67V+5Y8Ff+Z
NpTJOMPu+A5tNZETEv2UO9wrU6yUFphewHXmkuoeTf2xbsKvforrpkUcTP70kCl7
kAvrFNOaHCcDlahQrIHj+vIQ7q3T2r+lvu//pdhSEUsJWhuw8r53U5kYfWylArEm
EflB/+A7CANeHjZGzBgn
=opNL
iQIcBAABCgAGBQJWOeKeAAoJEO1n7NZdz2rnQswP/AudY7BquiyVPlUua0zfZbZl
Zp7WrvfZv0Jl7YoC0Eh0vi3ymx6O5DgTAxUfzB9CiV+EtBVkcb+I2jd5G8QnYT5S
QkvYztOzY46NrOUC8UUct/lgEBUvwh7Fkm6xuc44JKobDA/eL9jTIL61awPzAfDZ
QiCOhJ1vCbIHj+ukeoJW7no6QxGSdE4qrRxSmI5ZoMivnjq2ar6M83HLUNKRE14t
1ddps3eEKeSEFvL02IlAttHdYoGcazf8fMNDHJM1yCetqEtYJyqvobFdhZrEAALt
PktHSh8P66ygUwTSuXFvesP08Tr+Y66euGjIexypGJyPBchDkrv48CEVR3gv6U22
YY2YlQLDDKyAbhlQt5STlLpe+NKVF/I2j1aJl3Amy1B9Ig5B4a8OBn8ycb17vgW9
yXDFKF4bEEIFsPT4cUn3hPvKXof1wUK+kNPWZYIiLpNahtMKDEHheaN3iNb5Ab2B
GGzcPaN8KhSKvqOL1CYk//H4vZqVXLBfDbYGKR756IzTu+ZhLsVfCt5HG5X8fKdt
iLUYUjzcgE3l/CVETrhkM9LKgJ/6U0fch0e3GxhhE2XEGJyJiJw2BZGHWTmorn5X
FdMsK9C876BS7/G8i6ln4ZKDMyy+CFCpRp1a0cXzXdc97c1cExzqDDOLX9HqzQl6
lqd0a1bDEN0Y/x3IXDuv
=FXiz
-----END PGP SIGNATURE-----

BIN
share/security/patches/SA-15:25/ntp-93.patch.bz2
View file

Binary file not shown.

BIN
share/security/patches/SA-15:25/ntp-93.patch.xz Normal file
View file

Binary file not shown.

16
share/xml/notices.xml
View file

@ -7,6 +7,22 @@
<year>
<name>2015</name>
<month>
<name>11</name>
<day>
<name>4</name>
<notice>
<name>FreeBSD-EN-15:20.vm</name>
</notice>
<notice>
<name>FreeBSD-EN-15:19.kqueue</name>
</notice>
</day>
</month>
<month>
<name>9</name>