Add the latest advisory and 3 new errata notices:
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09] Add pkg bootstrapping, configuration and public keys. [EN-14:03] Improve build repeatability for kldxref(8). [EN-14:04] Fix data corruption with ciss(4). [EN-14:05]
This commit is contained in:
parent
1acb4e9347
commit
6705d61482
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=44822
18 changed files with 1511 additions and 0 deletions
share
security
advisories
FreeBSD-EN-14:03.pkg.ascFreeBSD-EN-14:04.kldxref.ascFreeBSD-EN-14:05.ciss.ascFreeBSD-SA-14:10.openssl.asc
patches
xml
180
share/security/advisories/FreeBSD-EN-14:03.pkg.asc
Normal file
180
share/security/advisories/FreeBSD-EN-14:03.pkg.asc
Normal file
|
@ -0,0 +1,180 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-14:03.pkg Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: pkg bootstrapping, configuration and public keys
|
||||
|
||||
Category: core, packages
|
||||
Module: pkg
|
||||
Announced: 2014-05-13
|
||||
Credits: Baptiste Daroussin, Bryan Drewery
|
||||
Affects: All versions of FreeBSD prior to 10.0-RELEASE
|
||||
Corrected: 2014-04-15 23:40:47 UTC (stable/8, 8.4-STABLE)
|
||||
2014-05-13 23:24:32 UTC (releng/8.4, 8.4-RELEASE-p10)
|
||||
2014-03-11 14:48:44 UTC (stable/9, 9.2-STABLE)
|
||||
2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6)
|
||||
2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:http://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The pkg(7) utility is the new package management tool for FreeBSD. The
|
||||
FreeBSD project has provided official pkg(7) packages since October 2013
|
||||
and signed packages since the pkg-1.2 release in November 2013. The
|
||||
signature checking requires known public keys to be installed locally.
|
||||
The repository configuration must be installed as well.
|
||||
|
||||
The base system also includes a pkg(7) bootstrap tool that installs the
|
||||
latest real pkg(7) package. The bootstrap tool knows where to find the
|
||||
official pkg(7) package but once that is installed the real pkg(7) will
|
||||
not know where to find official packages, nor have the known public key
|
||||
for signature checking.
|
||||
|
||||
The bootstrap tool was also improved in 10.0-RELEASE to check the
|
||||
signature on the pkg(7) package it is installing.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Only FreeBSD 10.0 has been released with the official repository
|
||||
configuration, known public keys, and a bootstrap tool that checks the
|
||||
signature of the pkg(7) package it is installing.
|
||||
|
||||
To allow packages to be used on a system, the configuration must be
|
||||
manually setup and keys securely fetched and installed to the proper
|
||||
location.
|
||||
|
||||
III. Impact
|
||||
|
||||
Releases before 10.0 require manual configuration. Manually configuring the
|
||||
pkg(7) signatures could result in insecurely installing the keys or leaving
|
||||
the signature checking disabled.
|
||||
|
||||
The bootstrap tool is not secure on releases prior to 10.0 due to not checking
|
||||
the signature and could result in having an unofficial pkg(7) installed due to
|
||||
MITM attacks.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
To securely install pkg(7) on releases prior to 10.0, install it from ports
|
||||
obtained from a secure portsnap checkout:
|
||||
|
||||
# portsnap fetch extract
|
||||
# echo "WITH_PKGNG=yes" >> /etc/make.conf
|
||||
# make -C /usr/ports/ports-mgmt/pkg install clean
|
||||
|
||||
If this is an existing system it may be converted to pkg(7) as well by running:
|
||||
|
||||
# pkg2ng
|
||||
|
||||
After this is done /usr/ports may be removed if no longer required.
|
||||
|
||||
To workaround the configuration and keys being missed, apply the solution in
|
||||
this Errata.
|
||||
|
||||
V. Solution
|
||||
|
||||
No solution is provided for pkg(7) bootstrap signature checking on releases prior
|
||||
to 10.0. Upgrading to 10.0 or stable/9 after r263038 will suffice.
|
||||
|
||||
To install the configuration and public key in a secure means, perform one of
|
||||
the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
[FreeBSD 9.2]
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-9.2.patch
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:10/pkg-en-releng-9.2.patch.asc
|
||||
# gpg --verify pkg-en-releng-9.2.patch.asc
|
||||
|
||||
[FreeBSD 9.1]
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-9.1.patch
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:10/pkg-en-releng-9.1.patch.asc
|
||||
# gpg --verify pkg-en-releng-9.1.patch.asc
|
||||
|
||||
[FreeBSD 8.4]
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-8.4.patch
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:03/pkg-en-releng-8.4.patch.asc
|
||||
# gpg --verify pkg-en-releng-8.4.patch.asc
|
||||
|
||||
b) Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
# cd /usr/src/etc/pkg
|
||||
# mkdir -p /etc/pkg /usr/share/keys/pkg/trusted /usr/share/keys/pkg/revoked
|
||||
# make install
|
||||
# cd /usr/src/share/keys/pkg
|
||||
# make install
|
||||
|
||||
3) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the revision numbers of each file that was
|
||||
corrected in FreeBSD.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/8/ r264519
|
||||
releng/8.4/ r265989
|
||||
stable/9/ r263937 (*)
|
||||
releng/9.1/ r265988
|
||||
releng/9.2/ r265988
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
(*) The actual required changeset consists a series of changes, including
|
||||
r263023,r258550,r263050,r263053 and r263937.
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:03.pkg.asc
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnPgsP/i1EV9g4qXg9v6HvakiFFKrv
|
||||
51810uJe/Eo9iujDT1TpwuYJuFQPzkW+h4JRvapaSLAMxeLsYqxj8WDuKz0eU6sW
|
||||
WjaPv6LZWUG91jHbFr3uEAgLLvkc86kMI/hfSmzq5FY7gsisEKoyfdraR2E63jtp
|
||||
BFARxAq9hnddck5zZiX7wCOMtvCVrvrSsozft1p885AUra+Tg9F1RuUloS0CYddD
|
||||
FtUb1dPMshkHlqHqC1wGzRfBVFgX7NnXfnxIi2St1ft0tEDKIL+HQgnjU2CwKbK7
|
||||
S9ioLYbbUhyo6edpS/4+y5gJ1kVLvlelY4myBHUkSOMJrsxoIBCTuXjdnO9PL5gr
|
||||
qpS9R6TQEMF5auEG5aIOwfu5t8wqczAfC4zVzbm4UPakRYPFS0NfvkDGW2Gno7Yh
|
||||
iOur/JFLUOqbV9i8UwssS8OzG0cr8EzbZ3iLkVPqt1Cxuxxpx8+NYiYV3F0PMxB8
|
||||
iImoOD1BY0lS3x0gqgeZb5ssBk988aVq1cmbrUuriHuKLK/uvSaFHlGXprQyQmTn
|
||||
4FEFmMNTCSMbYy3J2daEajUroiZVcBEjORPFR8QYtncRgbzB6u/AjVIo+3Uk/0hj
|
||||
paC8dvBikmT7ity3b7YoOvJIJn62XVqrq9srkYowkDuLJ1E8zQqmR2eZUOmf5vG1
|
||||
u3zAXa3xup1ginA9Wi6O
|
||||
=UI84
|
||||
-----END PGP SIGNATURE-----
|
127
share/security/advisories/FreeBSD-EN-14:04.kldxref.asc
Normal file
127
share/security/advisories/FreeBSD-EN-14:04.kldxref.asc
Normal file
|
@ -0,0 +1,127 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-14:04.kldxref Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Build repeatability for kldxref(8)
|
||||
|
||||
Category: core
|
||||
Module: kldxref
|
||||
Announced: 2014-05-13
|
||||
Credits: Jilles Tjoelker
|
||||
Affects: All versions of FreeBSD prior to 10.0-RELEASE.
|
||||
Corrected: 2014-05-13 23:35:29 UTC (stable/8, 8.4-STABLE)
|
||||
2014-05-13 23:24:32 UTC (releng/8.4, 8.4-RELEASE-p10)
|
||||
2013-12-23 22:38:41 UTC (stable/9, 9.2-STABLE)
|
||||
2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6)
|
||||
2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:http://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The kldxref utility is used to generate hint files which list modules, their
|
||||
version numbers, and the files that contain them. These hints are used by
|
||||
the kernel loader to determine where to find a particular KLD module.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Previous versions of kldxref(8) do not use an ordered list of files when
|
||||
generating the hints file. The result of kldxref(8) is equivalent but not
|
||||
the same if file system layout have been changed.
|
||||
|
||||
III. Impact
|
||||
|
||||
The generated hint files can be different across different builds, making
|
||||
unnecessary downloads for binary patch files.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch.asc
|
||||
# gpg --verify kldxref.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
3) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the revision numbers of each file that was
|
||||
corrected in FreeBSD.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/8/ r265990
|
||||
releng/8.4/ r265989
|
||||
stable/9/ r259799
|
||||
releng/9.1/ r265988
|
||||
releng/9.2/ r265988
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:04.kldxref.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnmPgP/iPAKX2lIGwRXkrYFbNPEBSz
|
||||
+Tehkgw/ReNG0iaAJql/p0LrxyGUoCwE2rpTJxxC8KB9X8Eq74DhjSNpdYaE12E2
|
||||
YFMyIyAb1b6wqU34Q7DsR9oPhqIcb9yET2dEg+s5NVSWfC7AMWdvvaJjjxtLgG4L
|
||||
M9yksDAKs3AJOHEVEtluy7Do8A5W/6b5SHXENbG+AUUBtwnDBKcs9riXic/TQ1WB
|
||||
vJzHwAJVznQ03bnxqjuG+gZoej6xUHusX+ih87ioKiJrcZ/5szq2C6LIUnRnAA66
|
||||
6b/szBJ3gRBweOKeopESIcZfwaLCd53EX9/r9vqAfXK6+3uqoIXzkZCyzo+cgSwa
|
||||
+88SmZ3/4dao24JPoLbVupIyU0CJjmoLsV9jVCrC/fbkUFTxq7Cgbxeai3rmrpXC
|
||||
p11FXPJd4cOgwuQYUw3rowtoq8z8Wn3PI073SzwT2OZg4SgXRUn+FzGpMWwqbWoa
|
||||
1idQ9KSM/pFkoa7bdK5S7mYtp7jU9HQeiTXZYYF1S3URr2XpE1vyUFVOuDJpGkkW
|
||||
KIT/hdy02wGzPPGjQoFkSR2KpUmJr2zHhVSUdt7a8vvYhbZBR21sBIUNKSoWkYtC
|
||||
2CQXF4pFBHO/i79RiEU+2E1CKWpsqoHnvnKNRq3Bp54aaU9xa4YcRwRJ7lj9RALm
|
||||
+igNrZJMo3yw3gs89uGp
|
||||
=W4to
|
||||
-----END PGP SIGNATURE-----
|
127
share/security/advisories/FreeBSD-EN-14:05.ciss.asc
Normal file
127
share/security/advisories/FreeBSD-EN-14:05.ciss.asc
Normal file
|
@ -0,0 +1,127 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-14:05.ciss Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: data corruption with ciss(4)
|
||||
|
||||
Category: core
|
||||
Module: ciss
|
||||
Announced: 2014-05-13
|
||||
Credits: Sean Bruno
|
||||
Affects: FreeBSD 10.x and FreeBSD 9.x
|
||||
Corrected: 2014-04-15 17:52:22 UTC (stable/9, 9.2-STABLE)
|
||||
2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6)
|
||||
2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13)
|
||||
2014-04-15 17:49:47 UTC (stable/10, 10.0-STABLE)
|
||||
2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:http://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The ciss driver supports HP Smart Array line of hardware RAID controllers.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
There is a programming error discovered in the ciss(4) driver, where a missing
|
||||
lock can trigger a failed assertion when the volume state changes, such as
|
||||
disk failure or a disk rebuild.
|
||||
|
||||
III. Impact
|
||||
|
||||
Systems using the ciss(4) driver may experience system crashes or data
|
||||
corruption when the volume state change.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems that do not use ciss(4) devices are
|
||||
not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch
|
||||
# fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch.asc
|
||||
# gpg --verify ciss-10.patch.asc
|
||||
|
||||
b) Apply the patch.
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
3) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the revision numbers of each file that was
|
||||
corrected in FreeBSD.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r264511
|
||||
releng/9.1/ r265988
|
||||
releng/9.2/ r265988
|
||||
stable/10/ r264510
|
||||
releng/10.0/ r265987
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:05.ciss.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNqAQAJCfdCBubWSDRO/dsSaqK6yT
|
||||
bnPY4Xly523ABRCQySe0vajSIK1qqfE0bAmhYa/7BTMqyJKz0BRhx819D8SiWNS9
|
||||
Hdy4yU/hOjBkbT6KAtpBaSUNXX4ODWaNbd78c+uDSvj9UeQgrunAQC7OJR6iYWuq
|
||||
25fBUXgovSr4g9puNyBs8sH+c7IzbG4HvhoPrjRDwdasEyCBzx6RggpnxusfVsd9
|
||||
91Eg/WPG3hIJW6kaHOWWeVwz4vCRZjv0u7myeJBcAa7gcwDX/J2DHeDrG60O3BNY
|
||||
/fZT2UcfDxE0rEVuVnV3Vc0XkIQjuNk7G9SkGjH4Zdx+I34UT05cxU5ZrdpKNiGL
|
||||
fjbo4H/KBML4agRGAPzeo3KU3rxOUmss+mh7Mu+CVoZP5uQUr1sEUkfQ+FkJjjbv
|
||||
es47Ij6ZmfGyUPuVKVCW34bXm6Ieyc0QZ10kRv8paOmPsWBA+WYWGibEhvwp5v0p
|
||||
AHdlGGO/FpOac4h/YEqOh6ryN8QldjCI+SCqkfs38DjeTX5IWecgax586oH7BpJm
|
||||
RGc/fgx3YSO8tmMaTwKZm5VVlujsld6t95XrA2dGWOhiWcRsoWGs+SaUTNf5Y0Te
|
||||
k2vD7tMsk37PG4jbp7pk4FH2Mfb9KRHe82ebdOnkOj4C5kWIB8FwYJyMIjDl3C4r
|
||||
OdXZDrbyKh/swjJZJIuP
|
||||
=orSF
|
||||
-----END PGP SIGNATURE-----
|
140
share/security/advisories/FreeBSD-SA-14:10.openssl.asc
Normal file
140
share/security/advisories/FreeBSD-SA-14:10.openssl.asc
Normal file
|
@ -0,0 +1,140 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-14:10.openssl Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: OpenSSL NULL pointer deference vulnerability
|
||||
|
||||
Category: contrib
|
||||
Module: openssl
|
||||
Announced: 2014-05-13
|
||||
Affects: FreeBSD 10.x.
|
||||
Corrected: 2014-05-13 23:19:16 UTC (stable/10, 10.0-STABLE)
|
||||
2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3)
|
||||
CVE Name: CVE-2014-0198
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
|
||||
a collaborative effort to develop a robust, commercial-grade, full-featured
|
||||
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
|
||||
and Transport Layer Security (TLS v1) protocols as well as a full-strength
|
||||
general purpose cryptography library.
|
||||
|
||||
The TLS protocol supports an alert protocol which can be used to signal the
|
||||
other party with certain failures in the protocol context that may require
|
||||
immediate termination of the connection.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
An attacker can trigger generation of an SSL alert which could cause a null
|
||||
pointer deference.
|
||||
|
||||
III. Impact
|
||||
|
||||
An attacker may be able to cause a service process that uses OpenSSL to crash,
|
||||
which can be used in a denial-of-service attack.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems that do not use OpenSSL to implement
|
||||
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
|
||||
protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process
|
||||
to handle multiple SSL connections, are not vulnerable.
|
||||
|
||||
The FreeBSD base system service daemons and utilities do not use the
|
||||
SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this
|
||||
mode to reduce their memory footprint and may therefore be affected by this
|
||||
issue.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch
|
||||
# fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch.asc
|
||||
# gpg --verify openssl.patch.asc
|
||||
|
||||
b) Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Restart all deamons using the library, or reboot the system.
|
||||
|
||||
3) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r265986
|
||||
releng/10.0/ r265987
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig>
|
||||
|
||||
<URL:https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321>
|
||||
|
||||
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:10.openssl.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNb4QAODp1Pxk3GlTwlptWQkC+DJb
|
||||
bwd2RRtkvkz677JIbdtyM7b5POgUih/NtAF9Yyy/pg8IJcSRiv0f7F5L+maV9nee
|
||||
KGb27zizWOgIqor6HhRAv2OniVN271OfoyCkt0xRmigBR6dQ80iBVuCk6McvxvjL
|
||||
5Yfw8wtfF8zAo5p1d4V3EEPOIVPwgJ31YnB/sVv+SyV6Ldl5DS0Gp1Cm9KjvaJUI
|
||||
CUIljIaH6AFuzs671V4DpuFPtFPIsvGUhEdpf6+ypVJN1J/D+BNRvoIX1zxou4Kf
|
||||
34qB6cs/LlyBKCPctK/qLU7UScNsuUItpWrw5ESHFHdgsTr8XA9POxU72wlCRCoQ
|
||||
T2A6zIqPQRgCWfrPnmJNwLN9riMQGc2oFBXd19iITyc8/7OcXAFnzIy+zu++jZp6
|
||||
rMwGIUCg5UKkSGVWnoYyS/1SQRYqi4MzUqC/AwpQHKoE5CqUzVCJ7zGTFcsie0o4
|
||||
wfWoFlkgbNl0Attn4HLuXncjvGVCMeWqUERKBU7xIxC1D5PKXF5QmCUqlZrddBaw
|
||||
ATIFsPEopu2bX/+sbgcGKSF5WAWwdT92vIgarjW3UkKDYihRNKusrOwp3sue7Iw+
|
||||
QIweOaJLqpSnfQ3me62I3fWYjRwceeASeTx7dYdxrK1Dx5DnlN8gGwwhl/7cvoWe
|
||||
Xm6DqYXeQRsIxZ7Ng/PO
|
||||
=4EYM
|
||||
-----END PGP SIGNATURE-----
|
232
share/security/patches/EN-14:03/pkg-en-releng-8.4.patch
Normal file
232
share/security/patches/EN-14:03/pkg-en-releng-8.4.patch
Normal file
|
@ -0,0 +1,232 @@
|
|||
Index: etc/Makefile
|
||||
===================================================================
|
||||
--- etc/Makefile (revision 265457)
|
||||
+++ etc/Makefile (working copy)
|
||||
@@ -172,6 +172,7 @@ distribution:
|
||||
${_+_}cd ${.CURDIR}/devd; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/gss; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
|
||||
+ ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
|
||||
${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
|
||||
Index: etc/mtree/BSD.root.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.root.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.root.dist (working copy)
|
||||
@@ -52,6 +52,8 @@
|
||||
weekly
|
||||
..
|
||||
..
|
||||
+ pkg
|
||||
+ ..
|
||||
ppp
|
||||
..
|
||||
rc.d
|
||||
Index: etc/mtree/BSD.usr.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.usr.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.usr.dist (working copy)
|
||||
@@ -340,6 +340,14 @@
|
||||
..
|
||||
info
|
||||
..
|
||||
+ keys
|
||||
+ pkg
|
||||
+ revoked
|
||||
+ ..
|
||||
+ trusted
|
||||
+ ..
|
||||
+ ..
|
||||
+ ..
|
||||
locale
|
||||
UTF-8
|
||||
..
|
||||
Index: etc/pkg/FreeBSD.conf
|
||||
===================================================================
|
||||
--- etc/pkg/FreeBSD.conf (revision 0)
|
||||
+++ etc/pkg/FreeBSD.conf (working copy)
|
||||
@@ -0,0 +1,16 @@
|
||||
+# $FreeBSD$
|
||||
+#
|
||||
+# To disable this repository, instead of modifying or removing this file,
|
||||
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
|
||||
+#
|
||||
+# mkdir -p /usr/local/etc/pkg/repos
|
||||
+# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||
+#
|
||||
+
|
||||
+FreeBSD: {
|
||||
+ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||
+ mirror_type: "srv",
|
||||
+ signature_type: "fingerprints",
|
||||
+ fingerprints: "/usr/share/keys/pkg",
|
||||
+ enabled: yes
|
||||
+}
|
||||
Index: etc/pkg/Makefile
|
||||
===================================================================
|
||||
--- etc/pkg/Makefile (revision 0)
|
||||
+++ etc/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= FreeBSD.conf
|
||||
+
|
||||
+FILESDIR= /etc/pkg
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/Makefile
|
||||
===================================================================
|
||||
--- share/Makefile (revision 265457)
|
||||
+++ share/Makefile (working copy)
|
||||
@@ -9,6 +9,7 @@ SUBDIR= ${_colldef} \
|
||||
${_dict} \
|
||||
${_doc} \
|
||||
${_examples} \
|
||||
+ keys \
|
||||
${_man} \
|
||||
${_me} \
|
||||
misc \
|
||||
Index: share/keys/Makefile
|
||||
===================================================================
|
||||
--- share/keys/Makefile (revision 0)
|
||||
+++ share/keys/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= pkg
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/Makefile (revision 0)
|
||||
+++ share/keys/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= trusted
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/trusted/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/Makefile (revision 0)
|
||||
+++ share/keys/pkg/trusted/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= pkg.freebsd.org.2013102301
|
||||
+
|
||||
+FILESDIR= /usr/share/keys/pkg/trusted
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/keys/pkg/trusted/pkg.freebsd.org.2013102301
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (revision 0)
|
||||
+++ share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (working copy)
|
||||
@@ -0,0 +1,4 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+function: "sha256"
|
||||
+fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
|
||||
Index: share/man/man7/hier.7
|
||||
===================================================================
|
||||
--- share/man/man7/hier.7 (revision 265457)
|
||||
+++ share/man/man7/hier.7 (working copy)
|
||||
@@ -32,7 +32,7 @@
|
||||
.\" @(#)hier.7 8.1 (Berkeley) 6/5/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
-.Dd May 25, 2008
|
||||
+.Dd October 29, 2013
|
||||
.Dt HIER 7
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -546,6 +546,16 @@ ASCII text files used by various games
|
||||
device description file for device name
|
||||
.It Pa info/
|
||||
GNU Info hypertext system
|
||||
+.It Pa keys/
|
||||
+known trusted and revoked keys.
|
||||
+.Bl -tag -width ".Pa keys/pkg/" -compact
|
||||
+.It Pa keys/pkg/
|
||||
+fingerprints for
|
||||
+.Xr pkg 7
|
||||
+and
|
||||
+.Xr pkg 8
|
||||
+.El
|
||||
+.Pp
|
||||
.It Pa locale/
|
||||
localization files;
|
||||
see
|
||||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 265457)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -284,13 +284,10 @@ bootstrap_pkg(void)
|
||||
{
|
||||
struct url *u;
|
||||
FILE *remote;
|
||||
- FILE *config;
|
||||
- char *site;
|
||||
struct dns_srvinfo *mirrors, *current;
|
||||
/* To store _https._tcp. + hostname + \0 */
|
||||
char zone[MAXHOSTNAMELEN + 13];
|
||||
char url[MAXPATHLEN];
|
||||
- char conf[MAXPATHLEN];
|
||||
char abi[BUFSIZ];
|
||||
char tmppkg[MAXPATHLEN];
|
||||
char buf[10240];
|
||||
@@ -306,7 +303,6 @@ bootstrap_pkg(void)
|
||||
max_retry = 3;
|
||||
ret = -1;
|
||||
remote = NULL;
|
||||
- config = NULL;
|
||||
current = mirrors = NULL;
|
||||
|
||||
printf("Bootstrapping pkg please wait\n");
|
||||
@@ -387,26 +383,6 @@ bootstrap_pkg(void)
|
||||
if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
|
||||
ret = install_pkg_static(pkgstatic, tmppkg);
|
||||
|
||||
- snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
|
||||
- getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
|
||||
-
|
||||
- if (access(conf, R_OK) == -1) {
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
-
|
||||
- config = fopen(conf, "w+");
|
||||
- if (config == NULL)
|
||||
- goto cleanup;
|
||||
- fprintf(config, "packagesite: %s\n", url);
|
||||
- fclose(config);
|
||||
- }
|
||||
-
|
||||
goto cleanup;
|
||||
|
||||
fetchfail:
|
||||
@@ -423,7 +399,11 @@ cleanup:
|
||||
|
||||
static const char confirmation_message[] =
|
||||
"The package management tool is not yet installed on your system.\n"
|
||||
-"Do you want to fetch and install it now? [y/N]: ";
|
||||
+"The mechanism for doing this is not secure on FreeBSD 8. To securely install\n"
|
||||
+"pkg(8), use ports from a portsnap checkout:\n"
|
||||
+" # portsnap fetch extract\n"
|
||||
+" # make -C /usr/ports/ports-mgmt/pkg install clean\n"
|
||||
+"Do you still want to fetch and install it now? [y/N]: ";
|
||||
|
||||
static int
|
||||
pkg_query_yes_no(void)
|
17
share/security/patches/EN-14:03/pkg-en-releng-8.4.patch.asc
Normal file
17
share/security/patches/EN-14:03/pkg-en-releng-8.4.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq56AAoJEO1n7NZdz2rn7uAP/Aj/qkmd/B1E5OcnVndzFdVV
|
||||
wk7qiDIfo3SckWu0Mz3j45qKgZLYvPgnY4ensL8IuOT2RzLVj9PP9Bqy3aEZquPf
|
||||
6kYCOGDI8B2wZm8o6aRYPlRAY97OvrEucGFWk6kQCCpak4HmntqvIBmaTqeZ7tKV
|
||||
lohRBdVNBvYdO89IK3K4hbVReVP2D2qg6U6lZuj0RNLKjVTD8NtUqJMkwQQJTYK9
|
||||
3BAsiqZM7QFo/E85aP11/Ox14SYov4VQ5zONl2OhshbL4dANrVUGZxh2/ecaN2pv
|
||||
k+TGCHzd/o6fdopTawZTUqBLRt+Pbj5VCCVWqxszoA5xfIsLmFt9hNTGtzNnevVZ
|
||||
WjKDba4nyzQoEwig58jbMIKV0eKjvOOmvOAK80EBd9gAOftcsNiFMIuDBkAy0z6j
|
||||
1mHlQZJXcg4PjOgmzGgZjQrTOiwfGpsisbBnmOhMuBPhrglv7n5QCg5k91i8EBqQ
|
||||
AWpTY+UcxuFKn2CkEjubppwxf9kqBvK7ClO8gpsJxERjCVPkop8hJfiw9EG+Jzkp
|
||||
fp4pIeajT+Dj6pAS+Y64tjkClPVTDKEK0H2Ut3d44DO8RUrAgXSWwgqRWNeQQvcM
|
||||
U4HIuY8+Qt4Ue8NECGYlpJ/RvsoKROiM0hcQH7auGOqsUkdr9k9kA4ICABy43SK6
|
||||
KO7yxSd7x7hFFuUVMpV3
|
||||
=pIs3
|
||||
-----END PGP SIGNATURE-----
|
229
share/security/patches/EN-14:03/pkg-en-releng-9.1.patch
Normal file
229
share/security/patches/EN-14:03/pkg-en-releng-9.1.patch
Normal file
|
@ -0,0 +1,229 @@
|
|||
Index: etc/Makefile
|
||||
===================================================================
|
||||
--- etc/Makefile (revision 265457)
|
||||
+++ etc/Makefile (working copy)
|
||||
@@ -205,6 +205,7 @@ distribution:
|
||||
${_+_}cd ${.CURDIR}/devd; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/gss; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
|
||||
+ ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
|
||||
${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
|
||||
Index: etc/mtree/BSD.root.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.root.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.root.dist (working copy)
|
||||
@@ -52,6 +52,8 @@
|
||||
weekly
|
||||
..
|
||||
..
|
||||
+ pkg
|
||||
+ ..
|
||||
ppp
|
||||
..
|
||||
rc.d
|
||||
Index: etc/mtree/BSD.usr.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.usr.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.usr.dist (working copy)
|
||||
@@ -398,6 +398,14 @@
|
||||
..
|
||||
..
|
||||
..
|
||||
+ keys
|
||||
+ pkg
|
||||
+ revoked
|
||||
+ ..
|
||||
+ trusted
|
||||
+ ..
|
||||
+ ..
|
||||
+ ..
|
||||
locale
|
||||
UTF-8
|
||||
..
|
||||
Index: etc/pkg/FreeBSD.conf
|
||||
===================================================================
|
||||
--- etc/pkg/FreeBSD.conf (revision 0)
|
||||
+++ etc/pkg/FreeBSD.conf (working copy)
|
||||
@@ -0,0 +1,16 @@
|
||||
+# $FreeBSD$
|
||||
+#
|
||||
+# To disable this repository, instead of modifying or removing this file,
|
||||
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
|
||||
+#
|
||||
+# mkdir -p /usr/local/etc/pkg/repos
|
||||
+# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||
+#
|
||||
+
|
||||
+FreeBSD: {
|
||||
+ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||
+ mirror_type: "srv",
|
||||
+ signature_type: "fingerprints",
|
||||
+ fingerprints: "/usr/share/keys/pkg",
|
||||
+ enabled: yes
|
||||
+}
|
||||
Index: etc/pkg/Makefile
|
||||
===================================================================
|
||||
--- etc/pkg/Makefile (revision 0)
|
||||
+++ etc/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= FreeBSD.conf
|
||||
+
|
||||
+FILESDIR= /etc/pkg
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/Makefile
|
||||
===================================================================
|
||||
--- share/Makefile (revision 265457)
|
||||
+++ share/Makefile (working copy)
|
||||
@@ -10,6 +10,7 @@ SUBDIR= ${_colldef} \
|
||||
${_doc} \
|
||||
${_examples} \
|
||||
${_i18n} \
|
||||
+ keys \
|
||||
${_man} \
|
||||
${_me} \
|
||||
misc \
|
||||
Index: share/keys/Makefile
|
||||
===================================================================
|
||||
--- share/keys/Makefile (revision 0)
|
||||
+++ share/keys/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= pkg
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/Makefile (revision 0)
|
||||
+++ share/keys/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= trusted
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/trusted/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/Makefile (revision 0)
|
||||
+++ share/keys/pkg/trusted/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= pkg.freebsd.org.2013102301
|
||||
+
|
||||
+FILESDIR= /usr/share/keys/pkg/trusted
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/keys/pkg/trusted/pkg.freebsd.org.2013102301
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (revision 0)
|
||||
+++ share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (working copy)
|
||||
@@ -0,0 +1,4 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+function: "sha256"
|
||||
+fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
|
||||
Index: share/man/man7/hier.7
|
||||
===================================================================
|
||||
--- share/man/man7/hier.7 (revision 265457)
|
||||
+++ share/man/man7/hier.7 (working copy)
|
||||
@@ -32,7 +32,7 @@
|
||||
.\" @(#)hier.7 8.1 (Berkeley) 6/5/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
-.Dd May 25, 2008
|
||||
+.Dd October 29, 2013
|
||||
.Dt HIER 7
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -546,6 +546,16 @@ ASCII text files used by various games
|
||||
device description file for device name
|
||||
.It Pa info/
|
||||
GNU Info hypertext system
|
||||
+.It Pa keys/
|
||||
+known trusted and revoked keys.
|
||||
+.Bl -tag -width ".Pa keys/pkg/" -compact
|
||||
+.It Pa keys/pkg/
|
||||
+fingerprints for
|
||||
+.Xr pkg 7
|
||||
+and
|
||||
+.Xr pkg 8
|
||||
+.El
|
||||
+.Pp
|
||||
.It Pa locale/
|
||||
localization files;
|
||||
see
|
||||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 265457)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -282,10 +282,7 @@ static int
|
||||
bootstrap_pkg(void)
|
||||
{
|
||||
FILE *remote;
|
||||
- FILE *config;
|
||||
- char *site;
|
||||
char url[MAXPATHLEN];
|
||||
- char conf[MAXPATHLEN];
|
||||
char abi[BUFSIZ];
|
||||
char tmppkg[MAXPATHLEN];
|
||||
char buf[10240];
|
||||
@@ -300,7 +297,6 @@ bootstrap_pkg(void)
|
||||
last = 0;
|
||||
ret = -1;
|
||||
remote = NULL;
|
||||
- config = NULL;
|
||||
|
||||
printf("Bootstrapping pkg please wait\n");
|
||||
|
||||
@@ -355,26 +351,6 @@ bootstrap_pkg(void)
|
||||
if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
|
||||
ret = install_pkg_static(pkgstatic, tmppkg);
|
||||
|
||||
- snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
|
||||
- getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
|
||||
-
|
||||
- if (access(conf, R_OK) == -1) {
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
-
|
||||
- config = fopen(conf, "w+");
|
||||
- if (config == NULL)
|
||||
- goto cleanup;
|
||||
- fprintf(config, "packagesite: %s\n", url);
|
||||
- fclose(config);
|
||||
- }
|
||||
-
|
||||
goto cleanup;
|
||||
|
||||
fetchfail:
|
||||
@@ -391,7 +367,11 @@ cleanup:
|
||||
|
||||
static const char confirmation_message[] =
|
||||
"The package management tool is not yet installed on your system.\n"
|
||||
-"Do you want to fetch and install it now? [y/N]: ";
|
||||
+"The mechanism for doing this is not secure on FreeBSD 9.1. To securely install\n"
|
||||
+"pkg(8), use ports from a portsnap checkout:\n"
|
||||
+" # portsnap fetch extract\n"
|
||||
+" # make -C /usr/ports/ports-mgmt/pkg install clean\n"
|
||||
+"Do you still want to fetch and install it now? [y/N]: ";
|
||||
|
||||
static int
|
||||
pkg_query_yes_no(void)
|
17
share/security/patches/EN-14:03/pkg-en-releng-9.1.patch.asc
Normal file
17
share/security/patches/EN-14:03/pkg-en-releng-9.1.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq56AAoJEO1n7NZdz2rnpMoP/0YInCSO2ibhMFgcpDF1fcWU
|
||||
35grsxS6e/r5f1R51rWbYpATp3ha5IcFUkqw8BE0J5SG5AeVGBNQKLaTZojn1UII
|
||||
PF/+oFJ+l8dwBHB1W+3BKyxKXABTB5/kuMsXdFCcTu0gY4nCqBuwRSC34WhA+5k6
|
||||
wsED+2U/Nwye/nudJ/jIkC8r9pInCiNcc0JGTI4s6mbEeJUOoAutAFCSpXbOiwN7
|
||||
CgdtlmKW8flLmjaB+rzg5FervM4y0zXUXPeuILHoWrC6Blq/EygVMxnFg29V4G/+
|
||||
wo2tqKuYOQFpHI5sZOe4Ozo/sWEELwxZYC8SxWkvFT/3JGF64ZtjL0ETRq8yQcYX
|
||||
HnlbMtD/oFmQdOHMzfvRNSH6ZrbmdJioTRZt1l35ifr56ivGqpoegAwKeZJu238g
|
||||
KufmU6C3qsFY6lEnTewu3pv6+x9jUdNXCVzPq/LN7FrraPxkc++nV+0pXayAMMdl
|
||||
EHgIbi2U4YCOueKvcAO8CiH7sJFqe1w5EUD2/SU7Pnl0uINxyyhlmEN10DJ7b3gJ
|
||||
OJHfp40fJAntxPR847fwslRUxpSFPIURksgro4Izhycd8UDRcjBi4ETVyYlGSMCO
|
||||
rXbSB9cnVtcClCCA5HFsLRHoqgNlvEozpSODm+9DS1t2ePNyJ8CCTobdiiwWcrVA
|
||||
/itoWkjBq7mezniYtCMh
|
||||
=fE9a
|
||||
-----END PGP SIGNATURE-----
|
232
share/security/patches/EN-14:03/pkg-en-releng-9.2.patch
Normal file
232
share/security/patches/EN-14:03/pkg-en-releng-9.2.patch
Normal file
|
@ -0,0 +1,232 @@
|
|||
Index: etc/Makefile
|
||||
===================================================================
|
||||
--- etc/Makefile (revision 265457)
|
||||
+++ etc/Makefile (working copy)
|
||||
@@ -224,6 +224,7 @@ distribution:
|
||||
${_+_}cd ${.CURDIR}/devd; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/gss; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
|
||||
+ ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
|
||||
${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
|
||||
${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
|
||||
Index: etc/mtree/BSD.root.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.root.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.root.dist (working copy)
|
||||
@@ -52,6 +52,8 @@
|
||||
weekly
|
||||
..
|
||||
..
|
||||
+ pkg
|
||||
+ ..
|
||||
ppp
|
||||
..
|
||||
rc.d
|
||||
Index: etc/mtree/BSD.usr.dist
|
||||
===================================================================
|
||||
--- etc/mtree/BSD.usr.dist (revision 265457)
|
||||
+++ etc/mtree/BSD.usr.dist (working copy)
|
||||
@@ -402,6 +402,14 @@
|
||||
..
|
||||
..
|
||||
..
|
||||
+ keys
|
||||
+ pkg
|
||||
+ revoked
|
||||
+ ..
|
||||
+ trusted
|
||||
+ ..
|
||||
+ ..
|
||||
+ ..
|
||||
locale
|
||||
UTF-8
|
||||
..
|
||||
Index: etc/pkg/FreeBSD.conf
|
||||
===================================================================
|
||||
--- etc/pkg/FreeBSD.conf (revision 0)
|
||||
+++ etc/pkg/FreeBSD.conf (working copy)
|
||||
@@ -0,0 +1,16 @@
|
||||
+# $FreeBSD$
|
||||
+#
|
||||
+# To disable this repository, instead of modifying or removing this file,
|
||||
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
|
||||
+#
|
||||
+# mkdir -p /usr/local/etc/pkg/repos
|
||||
+# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||
+#
|
||||
+
|
||||
+FreeBSD: {
|
||||
+ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||
+ mirror_type: "srv",
|
||||
+ signature_type: "fingerprints",
|
||||
+ fingerprints: "/usr/share/keys/pkg",
|
||||
+ enabled: yes
|
||||
+}
|
||||
Index: etc/pkg/Makefile
|
||||
===================================================================
|
||||
--- etc/pkg/Makefile (revision 0)
|
||||
+++ etc/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= FreeBSD.conf
|
||||
+
|
||||
+FILESDIR= /etc/pkg
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/Makefile
|
||||
===================================================================
|
||||
--- share/Makefile (revision 265457)
|
||||
+++ share/Makefile (working copy)
|
||||
@@ -11,6 +11,7 @@ SUBDIR= ${_colldef} \
|
||||
dtrace \
|
||||
${_examples} \
|
||||
${_i18n} \
|
||||
+ keys \
|
||||
${_man} \
|
||||
${_me} \
|
||||
misc \
|
||||
Index: share/keys/Makefile
|
||||
===================================================================
|
||||
--- share/keys/Makefile (revision 0)
|
||||
+++ share/keys/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= pkg
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/Makefile (revision 0)
|
||||
+++ share/keys/pkg/Makefile (working copy)
|
||||
@@ -0,0 +1,5 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+SUBDIR= trusted
|
||||
+
|
||||
+.include <bsd.subdir.mk>
|
||||
Index: share/keys/pkg/trusted/Makefile
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/Makefile (revision 0)
|
||||
+++ share/keys/pkg/trusted/Makefile (working copy)
|
||||
@@ -0,0 +1,10 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+NO_OBJ=
|
||||
+
|
||||
+FILES= pkg.freebsd.org.2013102301
|
||||
+
|
||||
+FILESDIR= /usr/share/keys/pkg/trusted
|
||||
+FILESMODE= 644
|
||||
+
|
||||
+.include <bsd.prog.mk>
|
||||
Index: share/keys/pkg/trusted/pkg.freebsd.org.2013102301
|
||||
===================================================================
|
||||
--- share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (revision 0)
|
||||
+++ share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (working copy)
|
||||
@@ -0,0 +1,4 @@
|
||||
+# $FreeBSD$
|
||||
+
|
||||
+function: "sha256"
|
||||
+fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
|
||||
Index: share/man/man7/hier.7
|
||||
===================================================================
|
||||
--- share/man/man7/hier.7 (revision 265457)
|
||||
+++ share/man/man7/hier.7 (working copy)
|
||||
@@ -32,7 +32,7 @@
|
||||
.\" @(#)hier.7 8.1 (Berkeley) 6/5/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
-.Dd January 21, 2010
|
||||
+.Dd October 29, 2013
|
||||
.Dt HIER 7
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -546,6 +546,16 @@ ASCII text files used by various games
|
||||
device description file for device name
|
||||
.It Pa info/
|
||||
GNU Info hypertext system
|
||||
+.It Pa keys/
|
||||
+known trusted and revoked keys.
|
||||
+.Bl -tag -width ".Pa keys/pkg/" -compact
|
||||
+.It Pa keys/pkg/
|
||||
+fingerprints for
|
||||
+.Xr pkg 7
|
||||
+and
|
||||
+.Xr pkg 8
|
||||
+.El
|
||||
+.Pp
|
||||
.It Pa locale/
|
||||
localization files;
|
||||
see
|
||||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 265457)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -284,13 +284,10 @@ bootstrap_pkg(void)
|
||||
{
|
||||
struct url *u;
|
||||
FILE *remote;
|
||||
- FILE *config;
|
||||
- char *site;
|
||||
struct dns_srvinfo *mirrors, *current;
|
||||
/* To store _https._tcp. + hostname + \0 */
|
||||
char zone[MAXHOSTNAMELEN + 13];
|
||||
char url[MAXPATHLEN];
|
||||
- char conf[MAXPATHLEN];
|
||||
char abi[BUFSIZ];
|
||||
char tmppkg[MAXPATHLEN];
|
||||
char buf[10240];
|
||||
@@ -306,7 +303,6 @@ bootstrap_pkg(void)
|
||||
max_retry = 3;
|
||||
ret = -1;
|
||||
remote = NULL;
|
||||
- config = NULL;
|
||||
current = mirrors = NULL;
|
||||
|
||||
printf("Bootstrapping pkg please wait\n");
|
||||
@@ -387,26 +383,6 @@ bootstrap_pkg(void)
|
||||
if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
|
||||
ret = install_pkg_static(pkgstatic, tmppkg);
|
||||
|
||||
- snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
|
||||
- getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
|
||||
-
|
||||
- if (access(conf, R_OK) == -1) {
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
- site = strrchr(url, '/');
|
||||
- if (site == NULL)
|
||||
- goto cleanup;
|
||||
- site[0] = '\0';
|
||||
-
|
||||
- config = fopen(conf, "w+");
|
||||
- if (config == NULL)
|
||||
- goto cleanup;
|
||||
- fprintf(config, "packagesite: %s\n", url);
|
||||
- fclose(config);
|
||||
- }
|
||||
-
|
||||
goto cleanup;
|
||||
|
||||
fetchfail:
|
||||
@@ -423,7 +399,11 @@ cleanup:
|
||||
|
||||
static const char confirmation_message[] =
|
||||
"The package management tool is not yet installed on your system.\n"
|
||||
-"Do you want to fetch and install it now? [y/N]: ";
|
||||
+"The mechanism for doing this is not secure on FreeBSD 9.2. To securely install\n"
|
||||
+"pkg(8), use ports from a portsnap checkout:\n"
|
||||
+" # portsnap fetch extract\n"
|
||||
+" # make -C /usr/ports/ports-mgmt/pkg install clean\n"
|
||||
+"Do you still want to fetch and install it now? [y/N]: ";
|
||||
|
||||
static int
|
||||
pkg_query_yes_no(void)
|
17
share/security/patches/EN-14:03/pkg-en-releng-9.2.patch.asc
Normal file
17
share/security/patches/EN-14:03/pkg-en-releng-9.2.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq56AAoJEO1n7NZdz2rnr5YP/37fG1wkIUyrDvn3fZTMtx6W
|
||||
G7Qroe8EqW+0eUgaOm2eIyBhdw9xpn7rT0I53gp7LRPn1hnBIjuP8FPhadyIrbUd
|
||||
C3e4cwOZ0EOU0A91b2UuIeWrwN2qcwtkLEhlzbmn+v23+N9SgSWD9jNCnfRQhkhT
|
||||
neJY7Yk2+C/+yQpcauKe1rwBUKAV/EPiIvbDZEW45zLsZ6lm9H4V6Hu2z0XkaT3w
|
||||
EwYklJsaJjE0JI/PN8BVW4ChSHnGsiJJLdLqavHhMXau7sOlOQhkwJmsXpmv0HPL
|
||||
GBKG9S05v0y+hH0RHrQnzt6iRXYa9EreW4SBp8OK+x0yC0GpKZYLLs9Gt/xOyjMi
|
||||
a+Luul/LWshfnUfN0k74POcFddhZz1sKWx6nRv9+AOFn/I9dBaYJ2Ux4WExQs1JN
|
||||
E17aRkQadbo/Z2Y//rt+URW9x9jvVx86karDk/CnwNPjgKvkGPFz64EQNciFvbUL
|
||||
BkV6PLTBjigtP4DdaP00eF4qzC4QVrzUQs9d4+aJHpZZ24ZwtC5h/Y1pkPvJRBdx
|
||||
CCxhR/JjFtjpF2owvIuYB9delHcfWaBlkKLGbLncBg0VkAhYK4Qjwmj2iEpCikcG
|
||||
uglbHXs8yyqQAzPnYZF/2IoR2PqO2G1e32OFH18UyGPdD+JQlGNOBym63xKZcv3W
|
||||
x0WIT9Ox4/plEyu+LU/H
|
||||
=aYZ5
|
||||
-----END PGP SIGNATURE-----
|
30
share/security/patches/EN-14:04/kldxref.patch
Normal file
30
share/security/patches/EN-14:04/kldxref.patch
Normal file
|
@ -0,0 +1,30 @@
|
|||
Index: usr.sbin/kldxref/kldxref.c
|
||||
===================================================================
|
||||
--- usr.sbin/kldxref/kldxref.c (revision 265111)
|
||||
+++ usr.sbin/kldxref/kldxref.c (working copy)
|
||||
@@ -274,6 +274,16 @@ usage(void)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+static int
|
||||
+compare(const FTSENT *const *a, const FTSENT *const *b)
|
||||
+{
|
||||
+ if ((*a)->fts_info == FTS_D && (*b)->fts_info != FTS_D)
|
||||
+ return 1;
|
||||
+ if ((*a)->fts_info != FTS_D && (*b)->fts_info == FTS_D)
|
||||
+ return -1;
|
||||
+ return strcmp((*a)->fts_name, (*b)->fts_name);
|
||||
+}
|
||||
+
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
@@ -315,7 +325,7 @@ main(int argc, char *argv[])
|
||||
err(1, "%s", argv[0]);
|
||||
}
|
||||
|
||||
- ftsp = fts_open(argv, fts_options, 0);
|
||||
+ ftsp = fts_open(argv, fts_options, compare);
|
||||
if (ftsp == NULL)
|
||||
exit(1);
|
||||
|
17
share/security/patches/EN-14:04/kldxref.patch.asc
Normal file
17
share/security/patches/EN-14:04/kldxref.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq56AAoJEO1n7NZdz2rnpNEP/0xBdG0G1LxUZFG+pZ7z95RG
|
||||
Fgr2hg7m5iRoHd9x3LJ9PLfP6nZjRHUeLIxbPF5cUO1lQWHiHsInm6qZ+A7ufMPa
|
||||
meGgkFtwH5rKTmvrHmmiajJObYq1cJzxwNZOZh2UHTH+mL+npj30F5JyUAUTVNpp
|
||||
jTfAFGDjpI1nrl7SUZ0JAUE7SBNgSRHlWwx3BTrPbD0mYdKaob5RnVYxNoCZneEX
|
||||
IePhmq+59yYlQfTvsuEUKPsfJH/IrPGrVpwH1jRSYQCQnoGj4voFsQJkZSPPqKyN
|
||||
+/EeAPuAFEQgsNbQBVQA3wY7Jb0cY/07mqYiBODC/AT8c5jTyNv1U8mRyAllVUrQ
|
||||
sofakJSA/G5a6NYY0OB6w2simRRwRdy/Z4lGrwchFYlOeVAMf5+9983cDT3Nl7HE
|
||||
DVNJM8MVrMcb2yZ3lQA3DoLPw+NL5U7I1uQjll1VMeGd7I1JoeVRV5/sdmda/HXt
|
||||
o5gUmvxg5WyO7+Da5ZMkbsWOkBtVhYQVUPL/3BOkHjRj3OHPns7tZcluOjluJpJA
|
||||
ItKEqQ46955zVjb5k/BrNV4Vn1IABtEDzHYmf5VWbCaRbnmHLRbicIJkVcOqk8Ox
|
||||
KGq3EbuK5z4+ngGm2XK5iMqel9Fxq5MTlGEBfxWDCZyblPwjr5I2Zmqy59c05cd8
|
||||
eQI6u8f1Dda+tO/jQ9qT
|
||||
=XTgH
|
||||
-----END PGP SIGNATURE-----
|
65
share/security/patches/EN-14:05/ciss.patch
Normal file
65
share/security/patches/EN-14:05/ciss.patch
Normal file
|
@ -0,0 +1,65 @@
|
|||
Index: sys/dev/ciss/ciss.c
|
||||
===================================================================
|
||||
--- sys/dev/ciss/ciss.c (revision 264510)
|
||||
+++ sys/dev/ciss/ciss.c (revision 264511)
|
||||
@@ -180,8 +180,6 @@
|
||||
static void ciss_cam_poll(struct cam_sim *sim);
|
||||
static void ciss_cam_complete(struct ciss_request *cr);
|
||||
static void ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio);
|
||||
-static struct cam_periph *ciss_find_periph(struct ciss_softc *sc,
|
||||
- int bus, int target);
|
||||
static int ciss_name_device(struct ciss_softc *sc, int bus, int target);
|
||||
|
||||
/* periodic status monitoring */
|
||||
@@ -3398,27 +3396,6 @@
|
||||
|
||||
|
||||
/********************************************************************************
|
||||
- * Find a peripheral attached at (target)
|
||||
- */
|
||||
-static struct cam_periph *
|
||||
-ciss_find_periph(struct ciss_softc *sc, int bus, int target)
|
||||
-{
|
||||
- struct cam_periph *periph;
|
||||
- struct cam_path *path;
|
||||
- int status;
|
||||
-
|
||||
- status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
|
||||
- target, 0);
|
||||
- if (status == CAM_REQ_CMP) {
|
||||
- periph = cam_periph_find(path, NULL);
|
||||
- xpt_free_path(path);
|
||||
- } else {
|
||||
- periph = NULL;
|
||||
- }
|
||||
- return(periph);
|
||||
-}
|
||||
-
|
||||
-/********************************************************************************
|
||||
* Name the device at (target)
|
||||
*
|
||||
* XXX is this strictly correct?
|
||||
@@ -3427,12 +3404,22 @@
|
||||
ciss_name_device(struct ciss_softc *sc, int bus, int target)
|
||||
{
|
||||
struct cam_periph *periph;
|
||||
+ struct cam_path *path;
|
||||
+ int status;
|
||||
|
||||
if (CISS_IS_PHYSICAL(bus))
|
||||
return (0);
|
||||
- if ((periph = ciss_find_periph(sc, bus, target)) != NULL) {
|
||||
+
|
||||
+ status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
|
||||
+ target, 0);
|
||||
+
|
||||
+ if (status == CAM_REQ_CMP) {
|
||||
+ mtx_lock(&sc->ciss_mtx);
|
||||
+ periph = cam_periph_find(path, NULL);
|
||||
sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d",
|
||||
periph->periph_name, periph->unit_number);
|
||||
+ mtx_unlock(&sc->ciss_mtx);
|
||||
+ xpt_free_path(path);
|
||||
return(0);
|
||||
}
|
||||
sc->ciss_logical[bus][target].cl_name[0] = 0;
|
17
share/security/patches/EN-14:05/ciss.patch.asc
Normal file
17
share/security/patches/EN-14:05/ciss.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq57AAoJEO1n7NZdz2rn6DgP/itRaA98D+sfQCMYuK3u5XiT
|
||||
uDw1iKT3bio1f8/OrfwljpO0afDoJwEFpL89quG0BhIU89GcArqMk6cGa63N2/DI
|
||||
PiTPss4g0MG4pVdEJEkO1JsqvK07ePTYH/7MaVFdJSQc6Q3N1EtmABFP0+xk3QPS
|
||||
Gg9wRK0Bfl0ewawMsC0Bj2RQ6ltQaURFKogcCmDVDYRkn3j11b3CUcNrHlAlaM/3
|
||||
5LMCExizLlKHzFYpQhahHxWHjEXEn0eDDbAFD9xU+d+GUCFiw+G09Lp56if0HgMy
|
||||
RmVMVd7uP5slxpAbbRiTqhoa/qwAWx9rj8By6PudBxqxACVc81di6ADuqRhUrpTt
|
||||
xZY/vVdDT8r8zX2kKDx8e/uWDo9nUQIZznYDvDSBzLjbIn0DLXajmiXKMz9pPzBx
|
||||
+rl2LIwwmcdi75r03qugd+PQKWtdnOI7u3B5qKtS3Rxf3dAyIRwT35KHg4SwImjg
|
||||
3GmRByHEOtdgV6huYoTAIvurYlzDLK/leZgnw7f1neIhLRhz3rpKE2kzMUEj6jom
|
||||
/LzUqJVIOHOkrLztc314f4PdTn7L1rVIQuwIErybwOO6c1Xu3aSRuAF9K2tfD4VE
|
||||
PAoLmD6PpqT1dc/7kmwY5wE4nrNU4ubqW8opFLPBCLH1Xk5pvniSUglxWJBDxK84
|
||||
tDIyHPvRjdQ0mROo0cSZ
|
||||
=lTSe
|
||||
-----END PGP SIGNATURE-----
|
15
share/security/patches/SA-14:10/openssl.patch
Normal file
15
share/security/patches/SA-14:10/openssl.patch
Normal file
|
@ -0,0 +1,15 @@
|
|||
Index: crypto/openssl/ssl/s3_pkt.c
|
||||
===================================================================
|
||||
--- crypto/openssl/ssl/s3_pkt.c (revision 265111)
|
||||
+++ crypto/openssl/ssl/s3_pkt.c (working copy)
|
||||
@@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int type, const u
|
||||
if (i <= 0)
|
||||
return(i);
|
||||
/* if it went, fall through and send more stuff */
|
||||
+ /* we may have released our buffer, so get it again */
|
||||
+ if (wb->buf == NULL)
|
||||
+ if (!ssl3_setup_write_buffer(s))
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
if (len == 0 && !create_empty_fragment)
|
17
share/security/patches/SA-14:10/openssl.patch.asc
Normal file
17
share/security/patches/SA-14:10/openssl.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJTcq6MAAoJEO1n7NZdz2rnDAYP/3jlC66FjgMihCUB3tVByZjO
|
||||
7aa2ChUYO0V5fiwOWdUxwz15iFH+PbIiRBCBsHADtIV63z6KMF56irEqGdKQJNRb
|
||||
YCr/5ErcHH1xd/SXEqJLGVWl6ydYaUC++20PjhqTZvy3/T6y8/CVjCHa1+u37cQB
|
||||
B8pPjs+umq/XXqdG3WSJabCGRrEdJVTgydhOpUHvg38mtz29y3odALdwJp4CK5Ml
|
||||
JEocIIfpPwUTrsGITbF9ql4XcF/hFTqVZOcLJTt3VWfsYMR8Rd+EuQO1Cmzrfo6R
|
||||
U50FXYibYtXUqM3N2ByH2JbTBXjI4uyPE5//Y4dnFYTQD1Vy+rKH6h9pXV2wKSlk
|
||||
sMx0ibHrpBXJvrebVBB3lDJgmmUCxxUX87bpGafTFsk3BphhpV/Vq7Pgvtfz6hFa
|
||||
ifzc7Iy2oNR05DRekG+fMa0UwBaZand4IVY6jqpBikW4OMaSOEjrV+uqV+MkfXLw
|
||||
IRJEvVUbSfvwsSkBEhMvjTp/DUx6wNUGyXJ1931u7fTZlpQRp3sn2Zi+76U3B31l
|
||||
6oEPmoYWbwytScwcrIL82rdBRziF0kuuf9f5dG11zTuMqlT+7HuF4iYkENfMwiuu
|
||||
W69OfochdyqIPA2Nw5iIvg73Ozs/fyJOAIh5pIC5oL83O/Ea3FVFJeFAzkPWd2fA
|
||||
SiGNEd12hER2Xx4Hkvi7
|
||||
=qOXh
|
||||
-----END PGP SIGNATURE-----
|
|
@ -7,6 +7,18 @@
|
|||
<year>
|
||||
<name>2014</name>
|
||||
|
||||
<month>
|
||||
<name>5</name>
|
||||
|
||||
<day>
|
||||
<name>13</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-14:09.openssl</name>
|
||||
</advisory>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>4</name>
|
||||
|
||||
|
|
|
@ -7,6 +7,26 @@
|
|||
<year>
|
||||
<name>2014</name>
|
||||
|
||||
<month>
|
||||
<name>5</name>
|
||||
|
||||
<day>
|
||||
<name>13</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-14:03.pkg</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-14:04.kldxref</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-14:05.ciss</name>
|
||||
</notice>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>1</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue