os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add EN-14:13 and SA-13:31

Browse source
This commit is contained in:
Dag-Erling Smørgrav 2014-12-23 23:28:30 +00:00
parent c4e5c36153
commit adcd3fee12
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=46117
8 changed files with 562 additions and 0 deletions

187
share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc Normal file
View file

@ -0,0 +1,187 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:13.freebsd-update Errata Notice
The FreeBSD Project
Topic: freebsd-update attempts to remove the root directory
Category: base
Module: freebsd-update
Announced: 2014-12-23
Credits: Colin Percival
Affects: All supported versions of FreeBSD.
Corrected: 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-12-22 22:11:39 UTC (stable/10, 10.0-STABLE)
2014-12-22 22:11:50 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-12-22 22:11:45 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source. A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update. The
client downloades the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.
The freebsd-update(8) utility views the system as a set of components:
"world", "kernel" and "src". The "world" component is divided into
four subcomponents: "base", "doc", "lib32" and "games". These
components and subcomponents correspond to six of the seven system
components offered during installation (the seventh being ports, which
is handled by the portsnap utility).
II. Problem Description
1) The default configuration for freebsd-update(8) has all six
components enabled. Components which are not installed should be
disabled in the configuration file. Failing to do so is normally
harmless, as the freebsd-update(8) client will ignore instructions
to patch files that do not exist on the system. However, if an
update adds a file, it will be installed even if it belongs to
a component which was not previously installed.
Due to human error, the world/lib32 component, containing 32-bit
compatibility libraries for 64-bit systems, was left out of the
freebsd-update(8) server's baseline for FreeBSD 10.1-RELEASE. As a
result, the freebsd-update(8) client removed these libraries when
upgrading a system from an earlier release. The 32-bit libraries
were re-added as part of the first set of updates released after
the mistake was discovered.
2) Under certain circumstances, it is possible for the freebsd-update(8)
build server to generate an update package requiring the client to
both remove and create the same directory. The client will normally
detect this situation and ignore the conflicting instructions.
Due to insufficient input normalization, if the directory being
both removed and created is the root directory, the freebsd-update(8)
client will fail to recognize that both instructions refer to the
same directory. It will then attempt and fail to 'rmdir /',
producing an error message.
III. Impact
The first issue will cause freebsd-update(8) to install 32-bit libraries
on 10.1 systems where they were intentionally left out during installation
but /etc/freebsd-update.conf was not edited to reflect this.
The second issue, which is triggered by the addition of lib32, will
result in a harmless but disconcerting error message when installing
updates.
IV. Workaround
The first issue is strictly speaking a configuration error. To
address it, update /etc/freebsd-update.conf to reflect the set of
components that are installed on the system. Specifically, replace
"world" on the Components line with "world/base", and add "world/doc"
and / or "world/games" if those those components were selected during
installation.
The second issue is harmless and can safely be ignored. A workaround
has been put in place on the freebsd-update(8) build server so the error
will not occur while installing the update that corrects it.
Systems which are updated from source rather than using freebsd-update(8)
are not affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/freebsd-update.patch
c) Rebuild and reinstall the freebsd-update(8) client:
# cd /usr/src/usr.sbin/freebsd-update
# make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276089
releng/8.4/ r276154
stable/9/ r276090
releng/9.1/ r276155
releng/9.2/ r276156
releng/9.3/ r276157
stable/10/ r276088
releng/10.0/ r276158
releng/10.1/ r276159
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-14:13.freebsd-update.asc>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUmfVpAAoJEO1n7NZdz2rnbgkP/1XSnED0ly1kjGuK5g+148YW
gHsB0oiJ3E3qGMHl0Z3E8HSl3XA4f+rMkEM6Ez/cADlzLbWsQFo0HXaT/bEandq4
OmmJF5cvWzOpk4Zc9svae5zfoCWqpMCderHoUyfF+GIjxOwES5Ga7Fj8kxiGuSlg
WPWNoSJJnBcDLabNH4XiFo6S3OP21oJS1D9U0jlcIzknf5t+TDXwj4xM+fr1lqh2
sRmkqSkRFNQga7RN323gocX9u7wP/ePsKiAPUFLAj/gYYJVTOtfz2gwgHNg9tC2O
7T1VkbpTNvnbqz3J/bUza2jExyUuFsZpS1uFrbY0eKXRQpKSyMMUYV1sPz9g6fTV
At1kYsnsOdXkSV47zMdXTVbunO/EGsM0JSwHBIFaLfXbq1edT/SNgh/QN6s4Zehz
ZD3YUIjD062wVJW+ZRjIgTpPo9tG1vA70hmG5DKbjawF3dVg0W3ypgGRJYkjJmh2
zwSyz6V5XwtP/f5A8tw0uo6KqbO8GPDL/c2dOww79Up/9jCiqep5uNdMhnsL3w17
DRhuIluQlGMIkU7uizZWGqETW3Ok8/CVAznphJEvgXWknbr/trbAmyACdXdFwKkD
Q+oH9U+H+qA5evbC4jGpwCWN2vYZnN+gqImv/ArYxhAOt+zWQqRedFaUZdJmbzwV
fGqk6qlqwPs2F8V/VGg0
=CMmV
-----END PGP SIGNATURE-----

166
share/security/advisories/FreeBSD-SA-14:31.ntp.asc Normal file
View file

@ -0,0 +1,166 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in NTP suite
Category: contrib
Module: ntp
Announced: 2014-12-23
Affects: All supported versions of FreeBSD.
Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)
2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.
II. Problem Description
When no authentication key is set in the configuration file, ntpd(8)
would generate a random key that uses a non-linear additive feedback random
number generator seeded with very few bits of entropy. [CVE-2014-9293]
The ntp-keygen(8) utility is also affected by a similar issue.
[CVE-2014-9294]
When Autokey Authentication is enabled, for example if ntp.conf(5) contains
a 'crypto pw' directive, a remote attacker can send a carefully
crafted packet that can overflow a stack buffer. [CVE-2014-9295]
In ntp_proto.c, the receive() function is missing a return statement in
the case when an error is detected. [CVE-2014-9296]
III. Impact
The NTP protocol uses keys to implement authentication. The weak
seeding of the pseudo-random number generator makes it easier for an
attacker to brute-force keys, and thus may broadcast incorrect time stamps
or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]
An attacker may be able to utilize the buffer overflow to crash the ntpd(8)
daemon or potentially run arbitrary code with the privileges of the ntpd(8)
process, which is typically root. [CVE-2014-9295]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Because the issue may lead to remote root compromise, the
FreeBSD Security Team recommends system administrators to firewall NTP
ports, namely tcp/123 and udp/123 when it is not clear that all systems
have been patched or have ntpd(8) stopped.
V. Solution
NOTE WELL: It is advisable to regenerate all keys used for NTP
authentication, if configured.
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
# gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the ntpd(8) daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276073
releng/8.4/ r276154
stable/9/ r276073
releng/9.1/ r276155
releng/9.2/ r276156
releng/9.3/ r276157
stable/10/ r276072
releng/10.0/ r276158
releng/10.1/ r276159
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296>
<URL:https://www.kb.cert.org/vuls/id/852879>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-14:31.ntp.asc>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8
OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t
NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+
rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq
slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq
zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh
u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7
uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0
wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy
90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn
CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q
IIw6TjJXQm8DTMuBIwf3
=oSCq
-----END PGP SIGNATURE-----

12
share/security/patches/EN-14:13/freebsd-update.patch Normal file
View file

@ -0,0 +1,12 @@
Index: usr.sbin/freebsd-update/freebsd-update.sh
===================================================================
--- usr.sbin/freebsd-update/freebsd-update.sh.orig
+++ usr.sbin/freebsd-update/freebsd-update.sh
@@ -1395,6 +1395,7 @@
# matter, since we add a leading "/" when we use paths later.
cut -f 3- -d '|' $1 |
sed -e 's,/|d|,|d|,' |
+ sed -e 's,/|-|,|-|,' |
sort -u > $1.tmp
# Figure out which lines to ignore and remove them.

16
share/security/patches/EN-14:13/freebsd-update.patch.asc Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUmSpoAAoJEO1n7NZdz2rnJPcQAOZUttLvFk9WS/NFaWLP4WDk
OK0KCgqpHtxZjxzHSrwoJHQRKpfiHVPKjTiuqGOzGV68s5DFjd4pL++HEQmc5qP/
fO5EqZ/8uArM1hqQtqqdbeff4rVlY7YqxBbuiG16tT+7/75y0eecPlt9OngG5NM7
RAXYf9QU1czSnEVvKhoXvvsSSZI8LBheEIxhhQqeumJF0WWt24tiCq4fRZM6Cgxu
2ISCT8+zhc8O6/4XuDmAF9wN4WeDFf/3QrMTdcH6TwJsXsHvoL0rl1ktMabSb10I
fEdhkpQ0pBfLZFGGicj2rVZ8XHBlhZ0wUUgHv9kABQAil1zg1n95+Aw8IrWd4GVX
mwGmNKr7RuWh6Oq/X7XtrvSlqD13W/s8VDLnJJ9gQggm3eWc2E8JGHVyAZgUgIAU
4ciJTQbjww1FRHQJEFJDc4ykjFXF7/2l8FuIQSJuQF/Dp2dV0KwIaDl1my9jjbJG
BmODKA+Do7AzsDjYgubLlF7bPWc54PaPKiW0XjBGmoD6HpUZjf11Jal21JDrOL7t
LMF/YJsE0yo9ce7j9mgGVh4PZGZhNj14OwPrkzW2QP6apguhrn7GaCNTrooxGU2Z
z0I3p6s3l/tJ++LCeh1eTKCfX+NQ5KrbhimXEe9iTZzDF24S2jQwp27cr8wjWvG9
zpqe4Qli/4lDuWVv3S8q
=p3c7
-----END PGP SIGNATURE-----

145
share/security/patches/SA-14:31/ntp.patch Normal file
View file

@ -0,0 +1,145 @@
Index: contrib/ntp/ntpd/ntp_config.c
===================================================================
--- contrib/ntp/ntpd/ntp_config.c.orig
+++ contrib/ntp/ntpd/ntp_config.c
@@ -1887,7 +1887,7 @@
for (i = 0; i < 8; i++)
for (j = 1; j < 100; ++j) {
- rankey[i] = (char) (ntp_random() & 0xff);
+ rankey[i] = (char) (arc4random() & 0xff);
if (rankey[i] != 0) break;
}
rankey[8] = 0;
Index: contrib/ntp/ntpd/ntp_control.c
===================================================================
--- contrib/ntp/ntpd/ntp_control.c.orig
+++ contrib/ntp/ntpd/ntp_control.c
@@ -24,6 +24,10 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#ifndef MIN
+#define MIN(a, b) (((a) <= (b)) ? (a) : (b))
+#endif
+
/*
* Structure to hold request procedure information
*/
@@ -893,6 +897,7 @@
)
{
int overhead;
+ unsigned int currentlen;
overhead = 0;
if (!bin) {
@@ -916,12 +921,22 @@
/*
* Save room for trailing junk
*/
- if (dlen + overhead + datapt > dataend) {
+ while (dlen + overhead + datapt > dataend) {
/*
* Not enough room in this one, flush it out.
*/
+ currentlen = MIN(dlen, dataend - datapt);
+
+ memcpy(datapt, dp, currentlen);
+
+ datapt += currentlen;
+ dp += currentlen;
+ dlen -= currentlen;
+ datalinelen += currentlen;
+
ctl_flushpkt(CTL_MORE);
}
+
memmove((char *)datapt, dp, (unsigned)dlen);
datapt += dlen;
datalinelen += dlen;
Index: contrib/ntp/ntpd/ntp_crypto.c
===================================================================
--- contrib/ntp/ntpd/ntp_crypto.c.orig
+++ contrib/ntp/ntpd/ntp_crypto.c
@@ -864,12 +864,24 @@
* errors.
*/
if (vallen == (u_int) EVP_PKEY_size(host_pkey)) {
- RSA_private_decrypt(vallen,
+ u_int32 *cookiebuf = malloc(
+ RSA_size(host_pkey->pkey.rsa));
+ if (cookiebuf == NULL) {
+ rval = XEVNT_CKY;
+ break;
+ }
+ if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
- (u_char *)&temp32,
+ (u_char *)cookiebuf,
host_pkey->pkey.rsa,
- RSA_PKCS1_OAEP_PADDING);
- cookie = ntohl(temp32);
+ RSA_PKCS1_OAEP_PADDING) != 4) {
+ rval = XEVNT_CKY;
+ free(cookiebuf);
+ break;
+ } else {
+ cookie = ntohl(*cookiebuf);
+ free(cookiebuf);
+ }
} else {
rval = XEVNT_CKY;
break;
@@ -3914,7 +3926,7 @@
rand_file);
exit (-1);
}
- get_systime(&seed);
+ arc4random_buf(&seed, sizeof(l_fp));
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(rand_file);
OpenSSL_add_all_algorithms();
Index: contrib/ntp/ntpd/ntp_proto.c
===================================================================
--- contrib/ntp/ntpd/ntp_proto.c.orig
+++ contrib/ntp/ntpd/ntp_proto.c
@@ -649,6 +649,7 @@
has_mac)) {
is_authentic = AUTH_ERROR;
sys_badauth++;
+ return;
} else {
is_authentic = AUTH_OK;
}
Index: contrib/ntp/util/ntp-keygen.c
===================================================================
--- contrib/ntp/util/ntp-keygen.c.orig
+++ contrib/ntp/util/ntp-keygen.c
@@ -642,7 +642,7 @@
for (i = 1; i <= MD5KEYS; i++) {
for (j = 0; j < 16; j++) {
while (1) {
- temp = ntp_random() & 0xff;
+ temp = arc4random() & 0xff;
if (temp == '#')
continue;
if (temp > 0x20 && temp < 0x7f)
@@ -675,7 +675,7 @@
FILE *str;
fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus);
- rsa = RSA_generate_key(modulus, 3, cb, "RSA");
+ rsa = RSA_generate_key(modulus, 65537, cb, "RSA");
fprintf(stderr, "\n");
if (rsa == NULL) {
fprintf(stderr, "RSA generate keys fails\n%s\n",
@@ -954,7 +954,7 @@
*/
fprintf(stderr,
"Generating GQ parameters (%d bits)...\n", modulus);
- rsa = RSA_generate_key(modulus, 3, cb, "GQ");
+ rsa = RSA_generate_key(modulus, 65537, cb, "GQ");
fprintf(stderr, "\n");
if (rsa == NULL) {
fprintf(stderr, "RSA generate keys fails\n%s\n",

16
share/security/patches/SA-14:31/ntp.patch.asc Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUmSpxAAoJEO1n7NZdz2rnhYgP/0/soeGCLPaz3+jVyn9hmy/C
Qso0rjAdPFgRZfu6j0Nuh4d2pa8FZGQPrQZrLYPFn9JN729vVV26sldu5YNEwGGB
GPczVP35KWHcbssB5ShZtVkUfVmV6bip12VJQnG4QMMWqo2hhetVgpZqXcBZnEKF
zjftsNchre562NdNSTlq/gyqV4LiXxWXfR8Gbvo26kX246b7QCCTx2Su9qDvDrz4
0MV8NFcr0CZbXKQiLWLfZefsQ57zStR0ME1YEaQvJOyLER8GgB7hJzSoGm1flnB5
cI1B5z1H48wK5GC5YFEqD3El1UJql5Ni5cz0giOgEbYVpxuigk587f15B+70KMR/
Mki3Yqm90uuhZdybZ5tGzgrPD6udqU/blpTShqsClM10pA9dCGa3K3UDWzjyy84t
TZQHAZa4h9XIxVjaOD94MBJBUlcA+9PV93m/7xtanqqsbJG5SsRA0l/an46jL/Ww
3rC7fVkEnaiKyCUU7SdzDAIo4uAuTahpSTQh/XaYcBdbpy5/PwGXKeroADpDt0JV
755RyEqqUjd5uGO66ZCBcUCJ/H+lJjNxMlEoAVjq+BoVE9axf83g9WTj4LG+B1f2
aKBV9TLeLz2vP5/h96WHhndrxEcwF5uf8zWk0pu5gFjnzUDfji0amwndzFHR3W81
h4kO774DRRglESAmqkdN
=Pt4e
-----END PGP SIGNATURE-----

8
share/xml/advisories.xml
View file

@ -10,6 +10,14 @@
<month>
<name>12</name>
<day>
<name>23</name>
<advisory>
<name>FreeBSD-SA-14:31.ntp</name>
</advisory>
</day>
<day>
<name>17</name>

12
share/xml/notices.xml
View file

@ -7,6 +7,18 @@
<year>
<name>2014</name>
<month>
<name>12</name>
<day>
<name>23</name>
<notice>
<name>FreeBSD-EN-14:13.freebsd-update</name>
</notice>
</day>
</month>
<month>
<name>11</name>