os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add SA-15:21.amd64, SA-15:22.openssh, EN-15:14.ixgbe and EN-15:15.pkg.

Browse source
This commit is contained in:
Xin LI 2015-08-25 21:09:45 +00:00
parent a34f8cc55c
commit 9c7cd2396b
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=47309
14 changed files with 826 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

121
share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc Normal file
View file

@ -0,0 +1,121 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:14.ixgbe Errata Notice
The FreeBSD Project
Topic: Disable ixgbe(4) flow-director support
Category: core
Module: ixgbe
Announced: 2015-08-25
Credits: Marc De La Gueronniere (Verisign, Inc.)
Affects: FreeBSD 10.1
Corrected: 2014-10-11 22:10:39 UTC (stable/10, 10.1-STABLE)
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
Flow director is an Intel technology to steer incoming packets in application
aware fashion.
II. Problem Description
Flow director support is not completely/correctly implemented in FreeBSD at
this time.
III. Impact
Enabling flow director support may cause traffic to land on a wrong RX queue
of the NIC, resulting in bad or sub-optimal performance on the receive side.
IV. Workaround
No workaround is available, but systems that do not have Intel(R) 82559
series 10Gb Ethernet Controllers are not affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch
# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch.asc
# gpg --verify ixgbe.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r272967
releng/10.1/ r287146
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:14.ixgbe.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnImEP/j4kfmZ2XqZ/zbQINCPfybyU
oSIgqyD6u4G/hy3gS4k7eLk6tQdUpnYzcoLLfeq0F2uY3DmWXJDBAKG0Bg7QaSzJ
3wWyZsN6XHkgNNCFGFsmep//8kAAXoAgJ2IoIPLe6eRHimESLtW2xlnow5PFL4Aw
JMj5B/RoxtQZ/phE1zJym7eSpjVUbBrqhj/KkJUZ0W6WOkaT0GPVctvHlc2buZh7
6u17LKgZaMMmmCvBNggkYGfiE51aJ9I0n5FdAHvlcaLCw+K58/Q6M2CRpMIorgh6
uaUHLZdT8VcZ8KVmDdBul0sZ9pkprHZ4J/htEL2mCOpmsRn/lduHAvf921mtX/64
Msg8bdXM48Q5WCv9sfcmMVgMA+6m+MekKc9wKYWw6Ldy0wcQ874jE+nuh3KBq+6X
Te4VbxrwuAnspqrnt4Q4NXnqxyElO0BGo6lCSEUGCRje+hlOWG2WhftEV894cRG+
JCS6YRvX5C7i8+XD+MhvTeAi7pbaZkq6ODxQAOZgbz4JMQFq8ldOgvLdhUndKGlH
xJ9/pK4u5kxXyVx4HPGm0MYlijjHDi/sSAJADutikpNOzlhyZqubA8LgLoBXtyfF
/Kk3GYOJvOMSK8QB7YxFRS+zPi1YxAFPEJb7ZV2ygf6RMZpIFoRLFt1kDszo+TeZ
iKXcFJvlwI49poLiz7Qs
=i/HZ
-----END PGP SIGNATURE-----

132
share/security/advisories/FreeBSD-EN-15:15.pkg.asc Normal file
View file

@ -0,0 +1,132 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:15.pkg Errata Notice
The FreeBSD Project
Topic: Insufficient check of unsupported pkg(7) signature methods
Category: core
Module: pkg
Announced: 2015-08-25
Credits: Fabian Keil
Affects: All supported versions of FreeBSD.
Corrected: 2015-08-19 18:32:36 UTC (stable/10, 10.2-STABLE)
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2)
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2)
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
2015-08-19 18:33:25 UTC (stable/9, 9.3-STABLE)
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
CVE Name: CVE-2015-5676
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The pkg(8) utility is the package management tool for FreeBSD. The base
system includes a pkg(7) bootstrap utility used to install the latest pkg(8)
utility.
II. Problem Description
When signature_type specified in pkg.conf(5) is set to an unsupported method,
the pkg(7) bootstrap utility would behave as if signature_type is set to
"none".
III. Impact
MITM attackers may be able to use this vulnerability and bypass validation,
installing their own version of pkg(8).
IV. Workaround
No workaround is available, but the default FreeBSD configuration is not
affected because it uses "fingerprint" method.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch
# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch.asc
# gpg --verify pkg.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r286936
releng/9.3/ r287147
stable/10/ r286935
releng/10.1/ r287146
releng/10.2/ r287145
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5676>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:15.pkg.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnzHwP/30xvOZqHSRYMykrkQKcIVH7
Vhp0lp1z7KaDBq7xD0m08i2WSr0/pSaBU+At141iSKwvCPS0Szx307kZBO9a8gxw
j7s6Z15qychKKGukJ5tJtKX4Q3mqAtjBoCC8wmwmJ/YNmr4HrZRL2vFp7nqAiyhl
ntTcSuwEElBoalufeMHWd46eguRO/r9D8uWw+O7a+lLeJO9ThjnNZXOPyMfUE3Yh
QoFpVcVdf+j6gIGUuPwNsfy4e6hBNvD0T47+PTBECTykiC1eoX+VXqf8PxKKWSOJ
50sKgXOtRy55dMtWbXhu5zjq4jzWFWtBPIRHM5SH/7V898S7zMerh81bsczBUqEA
aBu1XJS1fZHlXKlav6/m/G1Wo4QgscBUsV6PhsFNpFmvAdEW2qjnH887FBm7I/Fv
a3wvxMmQX1ABPbavFCUZmfS4khLFITYD77XLo8ciu/fyAz/X9n9p1F2EsbL8djis
TcTuyUVv3YXeq+gJ9OcOH4CFsYSNlKEYiAd86/9DBnsiVrQJqNzqx+roHjL7ZXg6
AA/pqHmOEBq01idYh7PadOf+B5cU5A1CFMhjfpF1qe1yeuFFM30U7ugxjgV4w85O
UFotAbyDlftUzeYYTQv2bK6oXzqtVagkhB/xXfQzPK9E3AnysfHA/bLysop7AMyZ
CHeFaGA84VB1k9Ky5nSv
=a+Ek
-----END PGP SIGNATURE-----

139
share/security/advisories/FreeBSD-SA-15:21.amd64.asc Normal file
View file

@ -0,0 +1,139 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:21.amd64 Security Advisory
The FreeBSD Project
Topic: Local privilege escalation in IRET handler
Category: core
Module: sys_amd64
Announced: 2015-08-25
Credits: Konstantin Belousov, Andrew Lutomirski
Affects: FreeBSD 9.3 and FreeBSD 10.1
Corrected: 2015-03-31 00:59:30 UTC (stable/10, 10.1-STABLE)
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
2015-03-31 01:08:51 UTC (stable/9, 9.3-STABLE)
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
CVE Name: CVE-2015-5675
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel
CPU's.
The GS segment CPU register is used by both user processes and the
kernel to conveniently access state data: 32-bit user processes use the
register to manage per-thread data, while the kernel uses it to access
per-processor data.
The return from interrupt (IRET) instruction returns program control
from an interrupt handler to the interrupted context.
II. Problem Description
If the kernel-mode IRET instruction generates an #SS or #NP exception,
but the exception handler does not properly ensure that the right GS
register base for kernel is reloaded, the userland GS segment may be
used in the context of the kernel exception handler.
III. Impact
By causing an IRET with #SS or #NP exceptions, a local attacker can
cause the kernel to use an arbitrary GS base, which may allow escalated
privileges or panic the system.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
And reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch
# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch.asc
# gpg --verify amd64.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r280877
releng/9.3/ r287147
stable/10/ r280875
releng/10.1/ r287146
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5675>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:21.amd64.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rn5ncQANs2pS8xCowX+BM9LmKTUb2Y
eqGCvDetXV51/ljAOS10ubc4U0Zn2D5ACyz/DfiLIXVK8vkvlnJXFh3jSK6KIqPH
ionXa8zMedBoytZL8xIEFSpk9+cYGkGupIYEGu6CCHVZGJ5fVgTlnnazuXd4evbt
U1/7KNWt2H1R1j0YiYZ0MvhrIF35KqFmLOGf2JmZulqruwq91tYeMlv+7IY6vtPD
L8n5kTM7pudB3qznXd1PBMj1Y6YVG1O3WL4Stfyj93qDuMbJ+wfnao1ZKMBG0az8
IJITHrnTI+Xd4i/bbEoSmSN9V80S8uo/6J6JaXjtbrJfEqAMKhLrrcoMA7MHpKJQ
L4dv2HGL1n7xfOIfj5Qo2io/LUSye5lO54LtEKZfjhzqsTtNQl57BDAYZgbQp2/A
RsngIq3VrNcIJQK8F1Ba7SNL2+NVd091Wb+Z52837R5/D47jD2BhDia5eH6R5Opv
6kfzTJujbLi6b9RSn0OT+wAQbQ80qSmD+IwMXwAAg0mukthjTiJpqabpMWvMmfGO
mhfZBGqmf1Hx4lTczSRMLlRCmjOBc+BKioHT2ciE8QMX0WrHhkRuSBqY3euVTCMB
9+iU7eJ23tARTbG5wMmBNRsWJzhOKieM0UEsXxso+z8tMMX1Vh/e9ls2qm+ks876
WYT9/yPSsyU1z/AkHJU7
=nHGY
-----END PGP SIGNATURE-----

161
share/security/advisories/FreeBSD-SA-15:22.openssh.asc Normal file
View file

@ -0,0 +1,161 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:22.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH multiple vulnerabilities
Category: contrib
Module: openssh
Announced: 2015-08-25
Affects: All supported versions of FreeBSD.
Corrected: 2015-08-25 20:48:44 UTC (stable/10, 10.2-STABLE)
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2)
2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2)
2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
2015-08-25 20:48:44 UTC (stable/9, 9.3-STABLE)
2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote shell access.
The PAM (Pluggable Authentication Modules) library provides a flexible
framework for user authentication and session setup / teardown.
The default FreeBSD OpenSSH configuration has PAM interactive
authentication enabled.
Privilege separation is a technique in which a program is divided into
multiple cooperating processes, each with a different task, where each
process is limited to the specific privileges required to perform that
specific task, while the privileged parent process acts as an arbiter.
II. Problem Description
A programming error in the privileged monitor process of the sshd(8)
service may allow the username of an already-authenticated user to be
overwritten by the unprivileged child process.
A use-after-free error in the privileged monitor process of he sshd(8)
service may be deterministically triggered by the actions of a
compromised unprivileged child process.
A use-after-free error in the session multiplexing code in the sshd(8)
service may result in unintended termination of the connection.
III. Impact
The first bug may allow a remote attacker who a) has already succeeded
by other means in compromising the unprivileged pre-authentication
child process and b) has valid credentials to one user on the target
system to impersonate a different user.
The second bug may allow a remote attacker who has already succeeded
by other means in compromising the unprivileged pre-authentication
child process to bypass PAM authentication entirely.
The third bug is not exploitable, but can cause premature termination
of a multiplexed ssh connection.
IV. Workaround
No workaround is available, but systems where ssh(1) and sshd(8) are
not used are not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The sshd(8) service has to be restarted after the update. A reboot
is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The sshd(8) service has to be restarted after the update. A reboot
is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch
# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch.asc
# gpg --verify openssh.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the sshd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r287144
releng/9.3/ r287147
stable/10/ r287144
releng/10.1/ r287146
releng/10.2/ r287145
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:22.openssh.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rnxq8P/jW05a6zT9n78wxBuHwRJ9gx
7+CN9AsezavW4HmZF4GmWt6SjnJqpLDMwnhceo7po6ZMIxjyWwxBWWfvUwVqezwa
kT+DS7oHKmeZAwCSFMj9K25NN+x7KAwXXiiANcj4U4iU+q0YrcEGVIBKVqCAn3ly
pJAkMxdTbwlWR7MaPaTMbMenVOs87b6Xx/4gfSBWolFWz9bKfdTYCxK/AnULVIZq
Q7lShezEvgyCb8b6QLvnrY4AwHtVduiYxnvNKv8ysbaatZCarkRS8nh68zGcdTBg
IyzG5OEtUFokVkroJaLWFXL1mUp7tgn9+UNd0/53wFN2DTZKw9oTAkKn8xrbbOSa
xQqYFhsmqsnKlBJMEMaoK9JgGZZ6xOGo3JZ6yrFfYxiZ9xFaR843rOUe0UVrxh+L
+2DmALTyLWSkeqlcg66oKqYKMQuvUyd6VpPL0yHpB0AqBTjKjUmG9RgG8AT5MpqW
P3weyD0n7rOCBfagofx8MIy15REwjcQSUptarWrMwhJPua95RJ/IAVIIThGrMzZ5
PxyWDFU7B/56FRlmX5+6mfi/NC60yIyR6lg0trBtuiiEfNV+HWz6QXOIUMYQvvo9
w8fXSy6MJ12jTFqm0+CXbx2wWEVxAZS/wtLDsa3nf2oGkO3upzFl0/fvsR1dZ/hl
plo/3SMPpFFbfvIhy2V/
=2w70
-----END PGP SIGNATURE-----

26
share/security/patches/EN-15:14/ixgbe.patch Normal file
View file

@ -0,0 +1,26 @@
Index: sys/conf/files
===================================================================
--- sys/conf/files (revision 286787)
+++ sys/conf/files (working copy)
@@ -1704,7 +1704,7 @@ dev/ixgb/if_ixgb.c optional ixgb
dev/ixgb/ixgb_ee.c optional ixgb
dev/ixgb/ixgb_hw.c optional ixgb
dev/ixgbe/ixgbe.c optional ixgbe inet \
- compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR"
+ compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP"
dev/ixgbe/ixv.c optional ixgbe inet \
compile-with "${NORMAL_C} -I$S/dev/ixgbe"
dev/ixgbe/ixgbe_phy.c optional ixgbe inet \
Index: sys/modules/ixgbe/Makefile
===================================================================
--- sys/modules/ixgbe/Makefile (revision 286787)
+++ sys/modules/ixgbe/Makefile (working copy)
@@ -12,7 +12,7 @@ SRCS += ixgbe.c ixv.c
SRCS += ixgbe_common.c ixgbe_api.c ixgbe_phy.c ixgbe_mbx.c ixgbe_vf.c
SRCS += ixgbe_dcb.c ixgbe_dcb_82598.c ixgbe_dcb_82599.c
SRCS += ixgbe_82599.c ixgbe_82598.c ixgbe_x540.c
-CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP -DIXGBE_FDIR
+CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP
.if !defined(KERNBUILDDIR)
.if ${MK_INET_SUPPORT} != "no"

17
share/security/patches/EN-15:14/ixgbe.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnwaoP/2b/ter6TOaSERlf0QxN8e9X
c+aSr9LLLVQG4MtzuYS6mFHp1uDgA4dwFVlSZjXp9ZJBtSt5HWZDzDKO1eaFz9YR
cY2zCC8Mo3H+KlXrDSBYaT9JCA7fEPTFQKvfDGushRDF6h6AoVoOl7W4IWOhZ+Nk
SbbvMOBAyVHrevyT8gLBv2+nPeEtv4vvYg5Rq/HqCUW0IkxCFuhvMj30kQBrQYM1
lOyXOGOC+SqPgeqN6+j9HPI3Fx7xDzPF/I1zThPI+Nvgn9BZRhTT1+Ev+g5MxGNy
Z3mv4aW2tSJQksDsYa2X0wDl8/yvFhliQwLVmkDp27sf5dVsRqrJZwMwY4r6I8Ej
JHFoJxyiCqQzfq5dWuBgVuyk1NYPF5GdZLEp7gP1i6Swbn+1kjYBh0HPkJK9VMcZ
uYlHzEoUoQAbTfxs5N/Am82lT6ljvNvdbU9960Hilb8ObkJNop7vxWc9oNFhud20
ECJF68Hw6CjjDFywEeY2c479Xs0Shf7sDXBId+RGNvjFXWWRGBV1YXk0w+gsUuUd
r1P8D7ixy/ZQOPauw61+SC2DS3icMuwmSQamD1pOxmSvK0x+lLNRDK52X93TTA24
4yvOvh7ePktvZLWWO0y375ZsEWfVnZRpf39rjaEpz/0jwREULkmz1HjipozDRhJn
4No3c9hi9rwcH/oU0/xd
=txUl
-----END PGP SIGNATURE-----

34
share/security/patches/EN-15:15/pkg.patch Normal file
View file

@ -0,0 +1,34 @@
Index: usr.sbin/pkg/pkg.c
===================================================================
--- usr.sbin/pkg/pkg.c (revision 286787)
+++ usr.sbin/pkg/pkg.c (working copy)
@@ -749,7 +749,13 @@ bootstrap_pkg(bool force)
goto fetchfail;
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@@ -834,7 +840,13 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
return (-1);
}
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(path, sizeof(path), "%s.sig", pkgpath);
if ((fd_sig = open(path, O_RDONLY)) == -1) {

17
share/security/patches/EN-15:15/pkg.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnghsP/3LVlVtT+vCVLMrVcy2gZ2q8
y9BICtPx2M2PRR9JOPBjD+DrcOZV9QrCX5FLvPmBDvFSMgGp+1EvZP9r/DFOngJ4
B1+enlcBl48FoK6UmWhvScvDywH7wRoBFIh9HeSP+z6HXhYhDXpyS9XGiBXcTYFA
QEAJOa+gdiA1trhgYZZpI3EQ/SzB/D2MiBZPGqtCgmL50lWRJS6Q79EYi11sPSoF
Lovjipxp3FYrlFODsB1iBFReXC8E1k8s+peXJFZfFAM+HUh2YAXFhYnJ1Bleq8Jb
zNox48EF7d4dXgFZVBAqgxpmuvVVpCsVWrZikLLcCzspIoKF1+F8+ZNyCDvfhSOm
tWFH1NjE14U4NvF1ratwfSFSOogVyUrYSr0s2n3EWhmp2V5I4Q8Zz43GPVk6z/Qm
LXInkYPVE6mI1l08MhW2EMJTNmp2euXgzorb/JVO01Zj5XGobB9C4XA5+3/AWu0P
xKRfYp52z4rwX8w3RnzTM5L7l1uLm9LPlSis3rsZJvgpE2UHLpgahAgNMlGzYzQT
M0cj0h/E2xfvrUYkrW9l35NOsZZ5Q0Ox4ft59ua3QZm8RxUKcWdaAf2fy0t1F53u
YdA1bMVWFInVYYGwS/qrNj9yjoJcAa8E2v06McWyCZ8J2Tx3Gj50oWcebmiJtLxO
RA9lcL+X6yPGHCROPmng
=6SMS
-----END PGP SIGNATURE-----

53
share/security/patches/SA-15:21/amd64.patch Normal file
View file

@ -0,0 +1,53 @@
Index: sys/amd64/amd64/exception.S
===================================================================
--- sys/amd64/amd64/exception.S (revision 286969)
+++ sys/amd64/amd64/exception.S (working copy)
@@ -154,9 +154,13 @@ IDTVEC(xmm)
IDTVEC(tss)
TRAP_ERR(T_TSSFLT)
IDTVEC(missing)
- TRAP_ERR(T_SEGNPFLT)
+ subq $TF_ERR,%rsp
+ movl $T_SEGNPFLT,TF_TRAPNO(%rsp)
+ jmp prot_addrf
IDTVEC(stk)
- TRAP_ERR(T_STKFLT)
+ subq $TF_ERR,%rsp
+ movl $T_STKFLT,TF_TRAPNO(%rsp)
+ jmp prot_addrf
IDTVEC(align)
TRAP_ERR(T_ALIGNFLT)
@@ -319,6 +323,7 @@ IDTVEC(page)
IDTVEC(prot)
subq $TF_ERR,%rsp
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+prot_addrf:
movq $0,TF_ADDR(%rsp)
movq %rdi,TF_RDI(%rsp) /* free up a GP register */
leaq doreti_iret(%rip),%rdi
Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c (revision 286969)
+++ sys/amd64/amd64/machdep.c (working copy)
@@ -428,6 +428,7 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *
regs->tf_rflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucodesel;
regs->tf_ds = _udatasel;
+ regs->tf_ss = _udatasel;
regs->tf_es = _udatasel;
regs->tf_fs = _ufssel;
regs->tf_gs = _ugssel;
Index: sys/amd64/amd64/trap.c
===================================================================
--- sys/amd64/amd64/trap.c (revision 286969)
+++ sys/amd64/amd64/trap.c (working copy)
@@ -473,8 +473,6 @@ trap(struct trapframe *frame)
goto out;
case T_STKFLT: /* stack fault */
- break;
-
case T_PROTFLT: /* general protection fault */
case T_SEGNPFLT: /* segment not present fault */
if (td->td_intr_nesting_level != 0)

17
share/security/patches/SA-15:21/amd64.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnwuYP/i6fWwcpTVRtC9Fi9IDv6crB
gTpiDC5oNLxBBk3INWkt03oBL5WenM48/fiIZ4/qICWZEaEGMWALsLhIjC1uE6z1
6cZHUA4zUr9Fnx7YhwGMXeLugTPbjHDTKheKdiebjZ3xU8LNp7h4TcanPBSB4rM1
6qhJLki9EIfHqLTJa0MXR7T0xOBUvd9337NgN99kYpE9R22h+Fl4UXLpJfkS5/zn
i9RsqFCTK4iD5f0BCGvPVK+m2mDAIuedgoYNQxAdeiZ8SjeObDeXX27Po0pcK2V7
mK7gaYrwFiHlVjgxenR+TKYoWGKl3OV6x9lmy2V11xuCIIXHU8umlNG2zBlEK8Da
b7Dk+9Wmsoz5LspQORYWMHjLs6H0Q18udhztzlzlJHE1XZ9O3idV5dBxh3WrYzU4
Yh3iWRTJiCp34dR98xSePhOq6FHw/jJcRH8M6MXus47Ssf32CvToLBFbfio6T2U5
lQ6yLWIBrnl5WyGBtwNSGEzEWMgfvjU7PL2LEt5xnLR8F7+nQvysAXlt9MfTAexT
+Jrn44Sc5dy/mK5d7Tmxpo1VQ9rqI1Msn+5TW0p4/aG7/XnQruwzN8QVwAOajgQt
cxZ0RmvV+8iLCAmvRuJszYqbo+VkRC2PtTWHmNjCwddYAawC+Rg9m2an/pJQaH/d
0YB0zGqhLzGJV9L2+uem
=7Eoy
-----END PGP SIGNATURE-----

68
share/security/patches/SA-15:22/openssh.patch Normal file
View file

@ -0,0 +1,68 @@
Index: crypto/openssh/monitor.c
===================================================================
--- crypto/openssh/monitor.c (revision 286787)
+++ crypto/openssh/monitor.c (working copy)
@@ -1027,9 +1027,7 @@ extern KbdintDevice sshpam_device;
int
mm_answer_pam_init_ctx(int sock, Buffer *m)
{
-
debug3("%s", __func__);
- authctxt->user = buffer_get_string(m, NULL);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
buffer_clear(m);
@@ -1111,14 +1109,16 @@ mm_answer_pam_respond(int sock, Buffer *m)
int
mm_answer_pam_free_ctx(int sock, Buffer *m)
{
+ int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
debug3("%s", __func__);
(sshpam_device.free_ctx)(sshpam_ctxt);
+ sshpam_ctxt = sshpam_authok = NULL;
buffer_clear(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
auth_method = "keyboard-interactive";
auth_submethod = "pam";
- return (sshpam_authok == sshpam_ctxt);
+ return r;
}
#endif
Index: crypto/openssh/monitor_wrap.c
===================================================================
--- crypto/openssh/monitor_wrap.c (revision 286787)
+++ crypto/openssh/monitor_wrap.c (working copy)
@@ -820,7 +820,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
debug3("%s", __func__);
buffer_init(&m);
- buffer_put_cstring(&m, authctxt->user);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
Index: crypto/openssh/mux.c
===================================================================
--- crypto/openssh/mux.c (revision 286787)
+++ crypto/openssh/mux.c (working copy)
@@ -635,7 +635,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer
u_int lport, cport;
int i, ret = 0, freefwd = 1;
- fwd.listen_host = fwd.connect_host = NULL;
+ memset(&fwd, 0, sizeof(fwd));
+
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&lport, m) != 0 ||
@@ -785,7 +786,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffe
int i, listen_port, ret = 0;
u_int lport, cport;
- fwd.listen_host = fwd.connect_host = NULL;
+ memset(&fwd, 0, sizeof(fwd));
+
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&lport, m) != 0 ||

17
share/security/patches/SA-15:22/openssh.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnaD4P/27Y0Bd6TwsCXR33YG8bmmpO
ASZxD1GyWFqZyTIrPw+gBN2SkfxROnjMSq5/RfbAgbTthQYEQ+vu7aX4rbpuGQ3E
5nK1IJlCS9abr84QWOxFXuDtBrLuYhb4WRmMNpGANfmA+ZtKap7fNkdLsU5XYnGf
wftLAWPtUF1GxPPFcc9NZdXyOePg4UcfTFqfPkHmdeEPSLlOhkCHv4ZtuWPg4VMB
++uEZCAS+U1Ky4NIKaGmE9lO5x9LWzQnXzluLXHPAAnMxi4uTLs4DFocGgLR9Xvv
NftlvAzJuQWzIAr5Tp/5YB24nqJB+qAMNwwmSMvsL2MFDI4Zepqq3o0Ss4xAPOjU
taBDNow1+S/tLPH2jtF3hu/DP2H8HkSm5UqNWrHP8vS4UXqlXIofjaA5mTddtGLK
FXc6C+NQ2G7bqgw+g5kiO+XH3gYBMxJtuRyBCIekeBAtIISoevz/V+ejFdTE0EFP
MuvC4HWhSttdTJkdC74+WdcNWqpQ14iHwdrlY8Gazv9wQz/iwonZO7pzE+lea+j3
f+e/2dyQLXxEIxrfGRRZljuekbvLnEn+DUSV9mExpNP60ZvRBKyVOBDcnteP3VhY
4LAMaSFzE7kgPuhaLBfzecEFDd06Eiz7LEd4HesXVqpKBP1fBOevfAxW8Izidg/1
/t/RV1/NkgKrKgNBkO97
=ZQpd
-----END PGP SIGNATURE-----

12
share/xml/advisories.xml
View file

@ -10,6 +10,18 @@
<month>
<name>8</name>
<day>
<name>25</name>
<advisory>
<name>FreeBSD-SA-15:22.openssh</name>
</advisory>
<advisory>
<name>FreeBSD-SA-15:21.amd64</name>
</advisory>
</day>
<day>
<name>18</name>

12
share/xml/notices.xml
View file

@ -10,6 +10,18 @@
<month>
<name>8</name>
<day>
<name>25</name>
<notice>
<name>FreeBSD-EN-15:15.pkg</name>
</notice>
<notice>
<name>FreeBSD-EN-15:14.ixgbe</name>
</notice>
</day>
<day>
<name>18</name>