svn commit: r46499 - in head/share: security/advisories security/patches/SA-15:04 security/patches/SA-15:07 security/patches/SA-15:08 security/patches/SA-15:09 xml
Xin LI
delphij at FreeBSD.org
Tue Apr 7 20:36:39 UTC 2015
Author: delphij
Date: Tue Apr 7 20:36:34 2015
New Revision: 46499
URL: https://svnweb.freebsd.org/changeset/doc/46499
Log:
Add 3 new advisories and patches.
Added:
head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc (contents, props changed)
head/share/security/patches/SA-15:04/igmp-errata.patch (contents, props changed)
head/share/security/patches/SA-15:04/igmp-errata.patch.asc (contents, props changed)
head/share/security/patches/SA-15:07/
head/share/security/patches/SA-15:07/ntp.patch (contents, props changed)
head/share/security/patches/SA-15:07/ntp.patch.asc (contents, props changed)
head/share/security/patches/SA-15:08/
head/share/security/patches/SA-15:08/bsdinstall.patch (contents, props changed)
head/share/security/patches/SA-15:08/bsdinstall.patch.asc (contents, props changed)
head/share/security/patches/SA-15:09/
head/share/security/patches/SA-15:09/ipv6.patch (contents, props changed)
head/share/security/patches/SA-15:09/ipv6.patch.asc (contents, props changed)
Modified:
head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc
head/share/xml/advisories.xml
Modified: head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc Tue Apr 7 17:18:50 2015 (r46498)
+++ head/share/security/advisories/FreeBSD-SA-15:04.igmp.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -9,23 +9,27 @@ Topic: Integer overflow in IGMP
Category: core
Module: igmp
-Announced: 2015-02-25
+Announced: 2015-02-25; Last revised on 2015-04-07
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects: All supported versions of FreeBSD.
-Corrected: 2015-02-25 05:43:02 UTC (stable/10, 10.1-STABLE)
- 2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
- 2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
- 2015-02-25 05:43:02 UTC (stable/9, 9.3-STABLE)
- 2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
- 2015-02-25 05:43:02 UTC (stable/8, 8.4-STABLE)
- 2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
+Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
+ 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
+ 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13)
+ 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27)
CVE Name: CVE-2015-1414
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history
+
+v1.0 2015-02-25 Initial release.
+v1.1 2015-04-07 Revised patch to address a potential overflow issue.
+
I. Background
IGMP is a control plane protocol used by IPv4 hosts and routers to propagate
@@ -73,6 +77,10 @@ detached PGP signature using your PGP ut
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc
# gpg --verify igmp.patch.asc
+# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch.asc
+# gpg --verify igmp-errata.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@@ -89,13 +97,12 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/8/ r279263
-releng/8.4/ r279265
-stable/9/ r279263
-releng/9.3/ r279265
-stable/10/ r279263
-releng/10.0/ r279264
-releng/10.1/ r279264
+stable/8/ r281231
+releng/8.4/ r281233
+stable/9/ r281231
+releng/9.3/ r281233
+stable/10/ r281230
+releng/10.1/ r281232
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@@ -115,19 +122,19 @@ VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:04.igmp.asc>
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.1.1 (FreeBSD)
+Version: GnuPG v2.1.2 (FreeBSD)
-iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnjr8QAL0J0+4lRtPXRyDRX2xFSnzw
-sc3OpfmlTiD3pCFkebTYy3/+EK86iAL1ZELqlJe5mm2+pzhCQB13C4/exc0l1U6b
-tyiGXxhVi2/4SBrs6n9lmB/YhXkgtqaOQAcNaOD6sVbS1e5cBtjnG86oOq8tQ2qG
-c7Dvh3HTp9M5fDJtsI40SIpqy3FcKORBfpjYd8jONfSqMnLM2kM8xzwHSv4/X23e
-GlDKHtIi+1ylD/Qu7Z3S7hqXDTSYjZb1QHc7axDFB6X6nj2Rz3aWS2hPPTypFd3T
-zTj5DZjgiP7U2LhR40sWW68RYi21yzNUwbe0w5LeDah6Ymc5CDO2ujdm3HDQbQGH
-pA9QIOjzpgR64nWLIJfZ7jMxL3rCCaCW3NCB/iRXni2Ib/wt3ZDkJyEk/SF4K82H
-72U2u2qVjAsnhmwWK8gksBi9bEXk3TnX778bkrwm4rt1xOjACq8k66LAernoE4tB
-DkE0pO4QR+6XwFb5sJMG/3L9CmrhTp2pkPDBQDbSD+ngBs5V5mJOqVf7gB+UptnN
-Fh8OACO/5KtDkqBDsCljHxHZNaboVF4Q613+iF5CUc6SYOTkLnBDUE4Pq38vlzVB
-GdZMEo/hvsCbR4c2TmdKuvEkEqayxCxcv0DXiyTlVCecxSkaYvMXPwCKK43QtS7S
-het83QCUxaVuxLiznuwR
-=lkYC
+iQIcBAEBCgAGBQJVJD39AAoJEO1n7NZdz2rnewwQAN9xI01nzOO71Q7qP7xDq+wu
+RW2C+2A4viIZIId1od6GiDY7Qpigy1CMwHsae6qJ62R+D5F2x9vANV4U6AS44oNy
+2jDwbrByM7QQ3qeCh8NzCUvOwPuXyKsAGKV73t3QPk0leKdbqUyjTooWJtZAv0dN
+VgQ4VCQh+2ZlxjMT0igUScmCVqOncRUm33xKBLeTif5LZHi/afkR6CToMlACOvl3
+syJNhEeM+zYU9XLzb90hAjvqn1xLDkoS4qJNbrekj0/dI0jkgZdk18QAualwWgeZ
+i39Da6IQ4wCn8Sx9o8pc8NdtzHn37rmOcdzBIodzxa1vALmNhDWuBpIIysffsZvf
+ewVdI83pabRdZZxO1YAPjJi34CTXmvwf8Hit/hh0n1AO21lhr0NhwQzEn7gmLqSh
+JZYg46k6tNGy6qUa1NU/ywja0kLCG0KdR1FO9IKaN6TCgB30bpndGq1Y0esX1Mo8
+5xq/P/KoNPE9BzifyhbDBt77eEmfpiKIuQXQVP3B1n3KEDDUlSSeiz3x0h9ZOjfm
+vLb1hinfp1RPC4S72a0Zts6r60aee9dMWd/DvC8RqWQqEE0PUamipL2ClzBmOpTK
+F9b2y9776hfPV/mvGUwS7H63mAMJkMOTDGZn3WWIT3Dmr6Eru0/t1XXqCPB4cNUl
+uf5sxNtEDjXadkeM20lu
+=y2yR
-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-15:07.ntp.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-15:07.ntp Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities of ntp
+
+Category: contrib
+Module: ntp
+Announced: 2015-04-07
+Credits: Network Time Foundation
+Affects: All supported versions of FreeBSD.
+Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
+ 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
+ 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13)
+ 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27)
+CVE Name: CVE-2014-9297, CVE-2015-1798, CVE-2015-1799
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II. Problem Description
+
+The vallen packet value is not validated in several code paths in
+ntp_crypto.c. [CVE-2014-9297]
+
+When ntpd(8) is configured to use a symmetric key to authenticate a remote
+NTP server/peer, it checks if the NTP message authentication code (MAC)
+in received packets is valid, but not that there actually is any MAC
+included, and packets without a MAC are accepted as if they had a valid
+MAC. [CVE-2015-1798]
+
+NTP state variables are updated prior to validating the received packets.
+[CVE-2015-1799]
+
+III. Impact
+
+A remote attacker who can send specifically crafted packets may be able
+to reveal memory contents of ntpd(8) or cause it to crash, when ntpd(8)
+is configured to use autokey. [CVE-2014-9297]
+
+A man-in-the-middle (MITM) attacker can send specially forged packets
+that would be accepted by the client/peer without having to know the
+symmetric key. [CVE-2015-1798]
+
+An attacker knowing that NTP hosts A and B are peering with each other
+(symmetric association) can periodically send a specially crafted or
+replayed packet which will break the synchronization between the two
+peers due to transmit timestamp mismatch, preventing the two nodes from
+synchronizing with each other, even when authentication is enabled.
+[CVE-2015-1799]
+
+IV. Workaround
+
+No workaround is available, but systems not running ntpd(8) are not
+affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch.asc
+# gpg --verify ntp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r281231
+releng/8.4/ r281233
+stable/9/ r281231
+releng/9.3/ r281233
+stable/10/ r281230
+releng/10.1/ r281232
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:07.ntp.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rn4doQAKwA67MgX6jiCS4dm1roREi+
+G1moTCtqO8LXzH3nOOOk6R/MqFGOs6Jq8D+K/YmdD+4l3c/qCNR0qtv0YcVL0kE+
++xfaIYoGxTzlPjEfpWtceCM0wcAThaF8085hi0IAzG7ozhKPt+Inv33ISgos5c7h
+zYcbTqBYgQqcJGWdftnYpZ1Nxvoa3wiOlxsOMa4qnNeUakeXcGLZ+1XB5pLjXMZF
+dHfKhMS6KxcUdHoPgOj468D3bQE05puLk13Kjy+Ti38GhcgMROAsMZVOzgno3J7g
+D7Hk4dR1dms+6xcSJ0BV4ej0ZfypGv0xiFmUiTk/p7AVbnqrChyjvGca+8reu+Gc
+Ks/67oZjP5rc0glvRFgjJBmQV/xK2rUK805e4eAm8qBecRjDv6M3mUmPdw5BlgcA
+7fcj4VdGkOzLB0Vj7uJFjf3p9cyT+x8yvMtknxehiYmrYnFDsM5d7lcv0+KnRzb2
+3bt6maO40wqWIcLErFthcT/nLP+wi35aykNIbGh7PXvqL92gWX+h/xB6YY9Ouo4N
+hb32W/F5O50MjL6BeY+k5J6usoFrk0EHWK+2Fxm2/AA/5K/JnryWN44F8PVPNzxE
+f+Vb6CzxBvmflpa/29tF/wSD0oU78AhuShtVrnEVT5ZWJj+/PHBZtcLk2Z+s5hgd
+hKFvV5Xqix0/U//+yGhj
+=1fHm
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,119 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-15:08.bsdinstall Security Advisory
+ The FreeBSD Project
+
+Topic: Insecure default GELI keyfile permissions
+
+Category: core
+Module: bsdinstall
+Announced: 2015-04-07
+Credits: Pierre Kim
+Affects: FreeBSD 10.1.
+Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
+ 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
+CVE Name: CVE-2015-1415
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The GEOM ELI class, or geli(8) implements encryption on GEOM providers which
+supports various cryptographic encryption and authentication methods as
+well as hardware acceleration. Each geli(8) provider has two key slots,
+and each slot holds a copy of its master key encrypted by a keyfile and/or
+a passphrase chosen by the system administrator.
+
+The bsdinstall(8) installer is the default system installer of FreeBSD since
+FreeBSD 10.0-RELEASE.
+
+II. Problem Description
+
+The default permission set by bsdinstall(8) installer when configuring full
+disk encrypted ZFS is too open.
+
+III. Impact
+
+A local attacker may be able to get a copy of the geli(8) provider's
+keyfile which is located at a fixed location.
+
+IV. Solution
+
+Note well: due to the nature of this issue, there is no way to fix this
+issue for already installed systems without human intervention. System
+administrators are advised to assume that the keyfile have already been
+leaked and a new keyfile is necessary.
+
+The system administrator can create a new keyfile with the correct
+permissions, and change the key slot that holds the master key encrypted
+with the old keyfile.
+
+For example, if the GELI provider is /dev/ada0, the system administrator
+can do the following:
+
+# umask 077
+# dd if=/dev/random of=/boot/encryption.key.new bs=4096 count=1
+# umask 022
+# geli setkey -K /boot/encryption.key.new /dev/ada0p3
+Enter new passphrase:
+Reenter new passphrase:
+
+(Repeat the geli setkey command if multiple providers are used)
+
+# mv /boot/encryption.key.new /boot/encryption.key
+# ls -l /boot/encryption.key
+
+Make sure that the new /boot/encryption.key can only be read by root.
+
+The FreeBSD stable and security branch (releng) and the changes are mainly
+intended for system integrators who build their own installation image for
+new installations.
+
+V. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r281230
+releng/10.1/ r281232
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VI. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:08.bsdinstall.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rntF0P/0vVZ6W5xpIAm5K7eS184GaJ
+TuQ0E5XdqH1i6smYxAwUHtINFmAJ11cv+KwAbwFwazdB9jy4def6kwBZ/PE1y1M9
+OGi/JD3RghL0RrrrIzADVz5Z4Hi401BmLN7aOW9REX75/o82XqGXTRlDmow5z22D
+/B4NRNQ0p6cwmwh179HHuJPgQsDmL3mBkgn4oMv1036q9VjP5V/b+i2Ja/I6oCa/
+ZJhdEg17P9ek6GBna/fV7yo1Cr+A7v9aSUFcN9E8VqoWGn06jO0sLjWCC9Lrc6sZ
+KAgFbxNuPW/eZOE447DIu9jrgE8xxBFn6skeW81jsPsT4FsF/7KWG+dxBOa9XxOH
+XQTzc9sx3tsRVUzEBUGHRpPh/ZbkqtqQ5MYrAYk66NJ1NFqbrhY08mqzOd4+Sr7a
+CUMV/1vD0pCRME8bgIVupKciIw9y6QYWo2Gm+BJIqAw7L8EaEhaN7nnBxDbRehlj
+PdRYxHO4aQLIxdaV4dtDx3SX+njRxyVP/0OOSVQz1laiKadsRO2YQe+IhVoFhU5v
+fLSoBI+8mX8Sc65UasqsuNXC3G2c6XXKkLBCYzmL90R2pwPtxbQRTDVGMmG9fyyc
+b4w+yindLcwKXxKJryQWswAbv6hBQunAoCaVsqiIdF2N9Psrlr3FhkU//JbvrxA1
+COcciZEksTS0JwEpOGi5
+=wg1b
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-15:09.ipv6.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-15:09.ipv6 Security Advisory
+ The FreeBSD Project
+
+Topic: Denial of Service with IPv6 Router Advertisements
+
+Category: core
+Module: ipv6
+Announced: 2015-04-07
+Credits: Dennis Ljungmark
+Affects: All supported versions of FreeBSD.
+Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
+ 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
+ 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13)
+ 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE)
+ 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27)
+CVE Name: CVE-2015-2923
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer
+address of other nodes, find routers, and maintain reachability information.
+Routers advertise their presence together with various link and Internet
+parameters either periodically, or in response to a Router Solicitation
+message, using Router Advertisement (ICMPv6 type 134).
+
+II. Problem Description
+
+The Neighbor Discover Protocol allows a local router to advertise a
+suggested Current Hop Limit value of a link, which will replace
+Current Hop Limit on an interface connected to the link on the FreeBSD
+system.
+
+III. Impact
+
+When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets
+may get dropped before they reached their destinations.
+
+By sending specifically crafted Router Advertisement packets, an attacker
+on the local network can cause the FreeBSD system to lose the ability to
+communicate with another IPv6 node on a different network.
+
+IV. Workaround
+
+Only systems that are manually configured to use "accept_rtadv"
+ifconfig(8) flag on an interface are affected.
+
+The system administrator may decide to disable acceptance of Router
+Advertisements from untrusted network in a per-interface basis, by
+removing accept_rtadv flag at run time using ifconfig(8):
+
+ ifconfig em0 inet6 -accept_rtadv
+
+Note that an interface does not accept Router Advertisement messages
+by default even if an IPv6 address is configured. One can know
+whether an interface is accepting Router Advertisement message or not
+from existence of ACCEPT_RTADV in "nd6 options" line in an output of
+ifconfig(8):
+
+ nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch.asc
+# gpg --verify ipv6.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r281231
+releng/8.4/ r281233
+stable/9/ r281231
+releng/9.3/ r281233
+stable/10/ r281230
+releng/10.1/ r281232
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2923>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:09.ipv6.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rn13cQANJCk2LXSX8GDHGzWnD+D5gN
+rNC4Q8n9CnN80ZO/0Pk0Xx2VAtr3CKxflBTXBKISKuY+dWOzNvuUuUUkrB9SlyTj
+MYpqAljnBT0JkosGGBKJwt39DjW34HWlaj9wEPr1SdIq5vQO0cXS2glVPI/CQuy3
+NwnpaAmftAG4eMSYojOeodXniha/ZasFap5Zj+1dgofFHEP87zxefP2IamG1Cq72
+d8YJSCD8yy51mZ7dVFM29R3FAFdMpponci31dXGb5p8pj0yzVfvI/HF1MRK+x8Nz
+R0/jFOHY4TR26BfKsc4Nc6Ze7jdZHUP1qWoL2O6HiLVqws0nQp3jma7FkMrUMuui
+H9kAQaIc27tJOkSK4Gdc/dwzHgb3xr2fNfOjvbUv3VNjzijTzbzKfRlVH77EAxAi
+sQfUcql/toGdC/QaOlhC8+v5jHdwkLdpfRc4QdsV1rKDAA8mj068sJQS/yAig8E8
+QUNmB3UK1QsX3tmy0JuDJk7tr/jjnhl2Jt9Skvm70xUiA7G05Z1qouErkIAjwikY
+zQSPpSQebi3am9TtK/GViOjEVpWLYzLFYo6laR8wMw9eJsj0xlF8Qqz+0HudqfSt
+lMOfpVfUmBSIxlFdiIzMBfbpLdD1gSo4oBLIYA/xw7UtDMiWi2Iji/mBY1Jg/i5V
+ZCTwZmnmaVuPcsGOzv5W
+=A2Am
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-15:04/igmp-errata.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-15:04/igmp-errata.patch Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,32 @@
+Index: sys/netinet/igmp.c
+===================================================================
+--- sys/netinet/igmp.c (revision 280920)
++++ sys/netinet/igmp.c (working copy)
+@@ -1534,7 +1534,6 @@ igmp_input(struct mbuf *m, int off)
+ struct igmpv3 *igmpv3;
+ uint16_t igmpv3len;
+ uint16_t nsrc;
+- int srclen;
+
+ IGMPSTAT_INC(igps_rcv_v3_queries);
+ igmpv3 = (struct igmpv3 *)igmp;
+@@ -1542,8 +1541,8 @@ igmp_input(struct mbuf *m, int off)
+ * Validate length based on source count.
+ */
+ nsrc = ntohs(igmpv3->igmp_numsrc);
+- srclen = sizeof(struct in_addr) * nsrc;
+- if (nsrc * sizeof(in_addr_t) > srclen) {
++ if (nsrc * sizeof(in_addr_t) >
++ UINT16_MAX - iphlen - IGMP_V3_QUERY_MINLEN) {
+ IGMPSTAT_INC(igps_rcv_tooshort);
+ return;
+ }
+@@ -1552,7 +1551,7 @@ igmp_input(struct mbuf *m, int off)
+ * this scope.
+ */
+ igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN +
+- srclen;
++ sizeof(struct in_addr) * nsrc;
+ if ((m->m_flags & M_EXT ||
+ m->m_len < igmpv3len) &&
+ (m = m_pullup(m, igmpv3len)) == NULL) {
Added: head/share/security/patches/SA-15:04/igmp-errata.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-15:04/igmp-errata.patch.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAABCgAGBQJVJD4RAAoJEO1n7NZdz2rnrYQQANA/aVjCvRZArJcQTrv6KZQx
+UA3GLXRG+gSlE3tVo7zx1qFvQGTET6lDNM8C8shj//biaevNxjRlagFDQWHUoh7U
+5HYfImnCAkIsO4OvAeJWHj+Xfskf22VRNGodou1PpVEco3XAFCQKMmsdMDUetiIw
+zgXEMcONQFgUBf0g8e2YS0UPtJDwaxTFkGs/4uQvOoKLqCNf5esUDGKNeKMp85wg
+pFt6TCIsXIoQidFCFz6TWSjXLin9QKhGxSngxKrM9LnkM4l3b7bsh1JoqIrsXQ/W
+lIFZnInVYsRrbq/RUaYeh/2FzYGFfks1nKH1Gyg9I/uy0hF1NMig7egUP5cnh7GU
+emXVUU6CYvkh4ndmPFKxlWgnf4PBJAebjzFrZtNK8OY6Uz8FrLZo1HuSFhNFdd6k
+MRncaZ4rY7AyYYgXZKu5563+ztQh1tAvrSbXAN9adk1QH6t5DmWvOopK7vVJ3fTD
+KLcXOQ2wmmr2rmQiSDLg9pUAi7ewu1sUzSbd2IML97ovtALDWU7VMWoQsBAlfHfP
+GaY3ncCxsiJW+87udH4kGfDXRkY85Io7VRGEblFaz+AsF4xisMTboXcYy+z+SZH4
+4QXsqoDoTLwZ4XZaIaNW8Z/PdB81j2WPvDbxdRD4DtZkx47KZw1a8SU3tRzlVyaS
+Cboc9S/wjp6xphvBNRJl
+=WOIN
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-15:07/ntp.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-15:07/ntp.patch Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,377 @@
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c (revision 280717)
++++ contrib/ntp/ntpd/ntp_crypto.c (working copy)
+@@ -93,6 +93,7 @@
+ #define TAI_1972 10 /* initial TAI offset (s) */
+ #define MAX_LEAP 100 /* max UTC leapseconds (s) */
+ #define VALUE_LEN (6 * 4) /* min response field length */
++#define MAX_VALLEN (65535 - VALUE_LEN)
+ #define YEAR (60 * 60 * 24 * 365) /* seconds in year */
+
+ /*
+@@ -137,8 +138,8 @@ static u_int ident_scheme = 0; /* server identity
+ */
+ static int crypto_verify P((struct exten *, struct value *,
+ struct peer *));
+-static int crypto_encrypt P((struct exten *, struct value *,
+- keyid_t *));
++static int crypto_encrypt P((const u_char *, u_int, keyid_t *,
++ struct value *));
+ static int crypto_alice P((struct peer *, struct value *));
+ static int crypto_alice2 P((struct peer *, struct value *));
+ static int crypto_alice3 P((struct peer *, struct value *));
+@@ -446,6 +447,12 @@ crypto_recv(
+ tstamp = ntohl(ep->tstamp);
+ fstamp = ntohl(ep->fstamp);
+ vallen = ntohl(ep->vallen);
++ /*
++ * Bug 2761: I hope this isn't too early...
++ */
++ if ( vallen == 0
++ || len - VALUE_LEN < vallen)
++ return XEVNT_LEN;
+ }
+ switch (code) {
+
+@@ -488,7 +495,7 @@ crypto_recv(
+ break;
+
+ if (vallen == 0 || vallen > MAXHOSTNAME ||
+- len < VALUE_LEN + vallen) {
++ len - VALUE_LEN < vallen) {
+ rval = XEVNT_LEN;
+ break;
+ }
+@@ -1250,7 +1257,8 @@ crypto_xmit(
+ vallen = ntohl(ep->vallen);
+ if (vallen == 8) {
+ strcpy(certname, sys_hostname);
+- } else if (vallen == 0 || vallen > MAXHOSTNAME) {
++ } else if (vallen == 0 || vallen > MAXHOSTNAME ||
++ len - VALUE_LEN < vallen) {
+ rval = XEVNT_LEN;
+ break;
+
+@@ -1407,7 +1415,10 @@ crypto_xmit(
+ * anything goes wrong.
+ */
+ case CRYPTO_COOK | CRYPTO_RESP:
+- if ((opcode & 0xffff) < VALUE_LEN) {
++ vallen = ntohl(ep->vallen); /* Must be <64k */
++ if ( vallen == 0
++ || (vallen >= MAX_VALLEN)
++ || (opcode & 0x0000ffff) < VALUE_LEN + vallen) {
+ rval = XEVNT_LEN;
+ break;
+ }
+@@ -1420,10 +1431,11 @@ crypto_xmit(
+ }
+ tcookie = peer->pcookie;
+ }
+- if ((rval = crypto_encrypt(ep, &vtemp, &tcookie)) ==
+- XEVNT_OK)
++ if ((rval = crypto_encrypt((const u_char *)ep->pkt, vallen, &tcookie, &vtemp))
++ == XEVNT_OK) {
+ len += crypto_send(fp, &vtemp);
+- value_free(&vtemp);
++ value_free(&vtemp);
++ }
+ break;
+
+ /*
+@@ -1558,10 +1570,15 @@ crypto_verify(
+ * are rounded up to the next word.
+ */
+ vallen = ntohl(ep->vallen);
++ if ( vallen == 0
++ || vallen > MAX_VALLEN)
++ return (XEVNT_LEN);
+ i = (vallen + 3) / 4;
+ siglen = ntohl(ep->pkt[i++]);
+- if (len < VALUE_LEN + ((vallen + 3) / 4) * 4 + ((siglen + 3) /
+- 4) * 4)
++ if ( siglen > MAX_VALLEN
++ || len - VALUE_LEN < ((vallen + 3) / 4) * 4
++ || len - VALUE_LEN - ((vallen + 3) / 4) * 4
++ < ((siglen + 3) / 4) * 4)
+ return (XEVNT_LEN);
+
+ /*
+@@ -1627,6 +1644,7 @@ crypto_verify(
+ * avoid doing the sign exchange.
+ */
+ EVP_VerifyInit(&ctx, peer->digest);
++ /* XXX: the "+ 12" needs to be at least documented... */
+ EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
+ if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0)
+ return (XEVNT_SIG);
+@@ -1641,10 +1659,10 @@ crypto_verify(
+
+
+ /*
+- * crypto_encrypt - construct encrypted cookie and signature from
+- * extension field and cookie
++ * crypto_encrypt - construct vp (encrypted cookie and signature) from
++ * the public key and cookie.
+ *
+- * Returns
++ * Returns:
+ * XEVNT_OK success
+ * XEVNT_PUB bad or missing public key
+ * XEVNT_CKY bad or missing cookie
+@@ -1652,9 +1670,10 @@ crypto_verify(
+ */
+ static int
+ crypto_encrypt(
+- struct exten *ep, /* extension pointer */
+- struct value *vp, /* value pointer */
+- keyid_t *cookie /* server cookie */
++ const u_char *ptr, /* Public Key */
++ u_int vallen, /* Length of Public Key */
++ keyid_t *cookie, /* server cookie */
++ struct value *vp /* value pointer */
+ )
+ {
+ EVP_PKEY *pkey; /* public key */
+@@ -1661,15 +1680,11 @@ crypto_encrypt(
+ EVP_MD_CTX ctx; /* signature context */
+ tstamp_t tstamp; /* NTP timestamp */
+ u_int32 temp32;
+- u_int len;
+- u_char *ptr;
+
+ /*
+ * Extract the public key from the request.
+ */
+- len = ntohl(ep->vallen);
+- ptr = (u_char *)ep->pkt;
+- pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, len);
++ pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, vallen);
+ if (pkey == NULL) {
+ msyslog(LOG_ERR, "crypto_encrypt %s\n",
+ ERR_error_string(ERR_get_error(), NULL));
+@@ -1683,9 +1698,9 @@ crypto_encrypt(
+ memset(vp, 0, sizeof(struct value));
+ vp->tstamp = htonl(tstamp);
+ vp->fstamp = hostval.tstamp;
+- len = EVP_PKEY_size(pkey);
+- vp->vallen = htonl(len);
+- vp->ptr = emalloc(len);
++ vallen = EVP_PKEY_size(pkey);
++ vp->vallen = htonl(vallen);
++ vp->ptr = emalloc(vallen);
+ temp32 = htonl(*cookie);
+ if (!RSA_public_encrypt(4, (u_char *)&temp32, vp->ptr,
+ pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING)) {
+@@ -1705,9 +1720,9 @@ crypto_encrypt(
+ vp->sig = emalloc(sign_siglen);
+ EVP_SignInit(&ctx, sign_digest);
+ EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
+- EVP_SignUpdate(&ctx, vp->ptr, len);
+- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+- vp->siglen = htonl(len);
++ EVP_SignUpdate(&ctx, vp->ptr, vallen);
++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
++ vp->siglen = htonl(sign_siglen);
+ return (XEVNT_OK);
+ }
+
+@@ -1794,6 +1809,9 @@ crypto_ident(
+ * call in the protocol module.
+ *
+ * Returns extension field pointer (no errors).
++ *
++ * XXX: opcode and len should really be 32-bit quantities and
++ * we should make sure that str is not too big.
+ */
+ struct exten *
+ crypto_args(
+@@ -1805,11 +1823,14 @@ crypto_args(
+ tstamp_t tstamp; /* NTP timestamp */
+ struct exten *ep; /* extension field pointer */
+ u_int len; /* extension field length */
++ size_t slen;
+
+ tstamp = crypto_time();
+ len = sizeof(struct exten);
+- if (str != NULL)
+- len += strlen(str);
++ if (str != NULL) {
++ slen = strlen(str);
++ len += slen;
++ }
+ ep = emalloc(len);
+ memset(ep, 0, len);
+ if (opcode == 0)
+@@ -1829,8 +1850,8 @@ crypto_args(
+ ep->fstamp = hostval.tstamp;
+ ep->vallen = 0;
+ if (str != NULL) {
+- ep->vallen = htonl(strlen(str));
+- memcpy((char *)ep->pkt, str, strlen(str));
++ ep->vallen = htonl(slen);
++ memcpy((char *)ep->pkt, str, slen);
+ } else {
+ ep->pkt[0] = peer->associd;
+ }
+@@ -1844,6 +1865,8 @@ crypto_args(
+ * Returns extension field length. Note: it is not polite to send a
+ * nonempty signature with zero timestamp or a nonzero timestamp with
+ * empty signature, but these rules are not enforced here.
++ *
++ * XXX This code won't work on a box with 16-bit ints.
+ */
+ u_int
+ crypto_send(
+@@ -2212,7 +2235,8 @@ crypto_bob(
+ tstamp_t tstamp; /* NTP timestamp */
+ BIGNUM *bn, *bk, *r;
+ u_char *ptr;
+- u_int len;
++ u_int len; /* extension field length */
++ u_int vallen = 0; /* value length */
+
+ /*
+ * If the IFF parameters are not valid, something awful
+@@ -2227,8 +2251,11 @@ crypto_bob(
+ /*
+ * Extract r from the challenge.
+ */
+- len = ntohl(ep->vallen);
+- if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
++ vallen = ntohl(ep->vallen);
++ len = ntohl(ep->opcode) & 0x0000ffff;
++ if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen)
++ return XEVNT_LEN;
++ if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) {
+ msyslog(LOG_ERR, "crypto_bob %s\n",
+ ERR_error_string(ERR_get_error(), NULL));
+ return (XEVNT_ERR);
+@@ -2240,7 +2267,7 @@ crypto_bob(
+ */
+ bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
+ sdsa = DSA_SIG_new();
+- BN_rand(bk, len * 8, -1, 1); /* k */
++ BN_rand(bk, vallen * 8, -1, 1); /* k */
+ BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
+ BN_add(bn, bn, bk);
+ BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
+@@ -2254,19 +2281,25 @@ crypto_bob(
+ /*
+ * Encode the values in ASN.1 and sign.
+ */
+- tstamp = crypto_time();
+- memset(vp, 0, sizeof(struct value));
+- vp->tstamp = htonl(tstamp);
+- vp->fstamp = htonl(if_fstamp);
+- len = i2d_DSA_SIG(sdsa, NULL);
+- if (len <= 0) {
++ vallen = i2d_DSA_SIG(sdsa, NULL);
++ if (vallen == 0) {
+ msyslog(LOG_ERR, "crypto_bob %s\n",
+ ERR_error_string(ERR_get_error(), NULL));
+ DSA_SIG_free(sdsa);
+ return (XEVNT_ERR);
+ }
+- vp->vallen = htonl(len);
+- ptr = emalloc(len);
++ if (vallen > MAX_VALLEN) {
++ msyslog(LOG_ERR, "crypto_bob: signature is too big: %d",
++ vallen);
++ DSA_SIG_free(sdsa);
++ return (XEVNT_LEN);
++ }
++ memset(vp, 0, sizeof(struct value));
++ tstamp = crypto_time();
++ vp->tstamp = htonl(tstamp);
++ vp->fstamp = htonl(if_fstamp);
++ vp->vallen = htonl(vallen);
++ ptr = emalloc(vallen);
+ vp->ptr = ptr;
+ i2d_DSA_SIG(sdsa, &ptr);
+ DSA_SIG_free(sdsa);
+@@ -2277,11 +2310,12 @@ crypto_bob(
+ if (tstamp < cinfo->first || tstamp > cinfo->last)
+ return (XEVNT_PER);
+
++ /* XXX: more validation to make sure the sign fits... */
+ vp->sig = emalloc(sign_siglen);
+ EVP_SignInit(&ctx, sign_digest);
+ EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
+- EVP_SignUpdate(&ctx, vp->ptr, len);
+- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
++ EVP_SignUpdate(&ctx, vp->ptr, vallen);
++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
+ vp->siglen = htonl(len);
+ return (XEVNT_OK);
+ }
+Index: contrib/ntp/ntpd/ntp_proto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_proto.c (revision 280717)
++++ contrib/ntp/ntpd/ntp_proto.c (working copy)
+@@ -459,7 +459,7 @@ receive(
+ while (has_mac > 0) {
+ int temp;
+
+- if (has_mac % 4 != 0 || has_mac < 0) {
++ if (has_mac % 4 != 0 || has_mac < MIN_MAC_LEN) {
+ sys_badlength++;
+ return; /* bad MAC length */
+ }
+@@ -483,6 +483,13 @@ receive(
+ return; /* bad MAC length */
+ }
+ }
++ /*
++ * If has_mac is < 0 we had a malformed packet.
++ */
++ if (has_mac < 0) {
++ sys_badlength++;
++ return; /* bad length */
++ }
+ #ifdef OPENSSL
+ pkeyid = tkeyid = 0;
+ #endif /* OPENSSL */
+@@ -942,12 +949,9 @@ receive(
+ }
+
+ /*
+- * Update the origin and destination timestamps. If
+- * unsynchronized or bogus abandon ship. If the crypto machine
++ * If unsynchronized or bogus abandon ship. If the crypto machine
+ * breaks, light the crypto bit and plaint the log.
+ */
+- peer->org = p_xmt;
+- peer->rec = rbufp->recv_time;
+ if (peer->flash & PKT_TEST_MASK) {
+ #ifdef OPENSSL
+ if (crypto_flags && (peer->flags & FLAG_SKEY)) {
+@@ -978,10 +982,11 @@ receive(
+ * versions. If symmetric modes, return a crypto-NAK. The peer
+ * should restart the protocol.
+ */
+- } else if (!AUTH(peer->keyid || (restrict_mask & RES_DONTTRUST),
+- is_authentic)) {
++ } else if (!AUTH(peer->keyid || has_mac ||
++ (restrict_mask & RES_DONTTRUST), is_authentic)) {
+ peer->flash |= TEST5;
+- if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
++ if (has_mac &&
++ (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
+ fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
+ return; /* bad auth */
+ }
+@@ -989,7 +994,12 @@ receive(
+ /*
+ * That was hard and I am sweaty, but the packet is squeaky
+ * clean. Get on with real work.
++ *
++ * Update the origin and destination timestamps.
+ */
++ peer->org = p_xmt;
++ peer->rec = rbufp->recv_time;
++
+ peer->received++;
+ peer->timereceived = current_time;
+ if (is_authentic == AUTH_OK)
Added: head/share/security/patches/SA-15:07/ntp.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-15:07/ntp.patch.asc Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAABCgAGBQJVJD4SAAoJEO1n7NZdz2rnXCUQAJAxDCUySWaZ/XvdHiIXfMfa
+fcB4oEVQBUuMjmE/hC5CzA/t98M4VM2TtV2oWp53CKhIGsBlte64y3t8a7r2nyBt
+17x7P6FtV1q6yRS5DPYl/JZV/mbO4cPGto3f8MXOYraNl7MPvZFJcXXEZPXOQDrz
+2Ek4wasnnuCruTjtwSWoXWgC5dqQch97dQG639EyhUtOQ1a/pS334lbBw8wDGAnA
+ITsQuEGGqwFBJ2NIVwxW0rHFfz4mSk67OHru0mrnza37TQM8HnYhxvL8nrZNhGcC
+FhDjWAWDs4VlqrBIuiRC/dTgA6H6PvF3LDAxQ+ODSB5RiGs9g4TvcxF0XJp0EIp4
+9Kh0rC9wY4nO/q+DBz4nOJXMwJi7rUH2Y7dPSoKsWtgXIuyuefrACD9C2WwZ8EKA
+GWSuF4YidBOadl2x6kJGiIrjFhdrgRENVL4Nj5oVy1JztSBdb+qJMn3GSgpC1C00
+7tsvOJmjQgzgRuMnUo/IA++6P8Gj4G3M99K7yN4NcYJOQm1h9opEx7XKZ9W4hnrK
+qK9rxeXNzGhXi7/sfHER6AQIRgUliqUyl30RBcy6XuNwX5+2e2SwenAUb5Uu1HkX
+oTWWjm47BeG+sjGzM1QXGcukQFH8YFYaZmhSTk3O1ZoKFpMvzhqZEg9CJqfSOCKC
+PbrCxYouiyHPXLAIV+OZ
+=1bd7
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-15:08/bsdinstall.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-15:08/bsdinstall.patch Tue Apr 7 20:36:34 2015 (r46499)
@@ -0,0 +1,14 @@
+Index: usr.sbin/bsdinstall/scripts/zfsboot
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list