svn commit: r200054 - head/crypto/openssl/ssl head/etc/mtree
head/usr.sbin/freebsd-update releng/6.3
releng/6.3/crypto/openssl/ssl releng/6.3/etc/mtree
releng/6.3/usr.sbin/freebsd-update releng/6.4...
Colin Percival
cperciva at FreeBSD.org
Thu Dec 3 09:18:41 UTC 2009
Author: cperciva
Date: Thu Dec 3 09:18:40 2009
New Revision: 200054
URL: http://svn.freebsd.org/changeset/base/200054
Log:
Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
Modified:
releng/6.3/UPDATING
releng/6.3/crypto/openssl/ssl/s3_lib.c
releng/6.3/crypto/openssl/ssl/s3_pkt.c
releng/6.3/crypto/openssl/ssl/s3_srvr.c
releng/6.3/etc/mtree/BSD.var.dist
releng/6.3/usr.sbin/freebsd-update/freebsd-update.sh
releng/6.4/UPDATING
releng/6.4/crypto/openssl/ssl/s3_lib.c
releng/6.4/crypto/openssl/ssl/s3_pkt.c
releng/6.4/crypto/openssl/ssl/s3_srvr.c
releng/6.4/etc/mtree/BSD.var.dist
releng/6.4/usr.sbin/freebsd-update/freebsd-update.sh
releng/7.1/UPDATING
releng/7.1/crypto/openssl/ssl/s3_lib.c
releng/7.1/crypto/openssl/ssl/s3_pkt.c
releng/7.1/crypto/openssl/ssl/s3_srvr.c
releng/7.1/etc/mtree/BSD.var.dist
releng/7.1/libexec/rtld-elf/rtld.c
releng/7.1/usr.sbin/freebsd-update/freebsd-update.sh
releng/7.2/UPDATING
releng/7.2/crypto/openssl/ssl/s3_lib.c
releng/7.2/crypto/openssl/ssl/s3_pkt.c
releng/7.2/crypto/openssl/ssl/s3_srvr.c
releng/7.2/etc/mtree/BSD.var.dist
releng/7.2/libexec/rtld-elf/rtld.c
releng/7.2/usr.sbin/freebsd-update/freebsd-update.sh
releng/8.0/UPDATING
releng/8.0/crypto/openssl/ssl/s3_lib.c
releng/8.0/crypto/openssl/ssl/s3_pkt.c
releng/8.0/crypto/openssl/ssl/s3_srvr.c
releng/8.0/etc/mtree/BSD.var.dist
releng/8.0/libexec/rtld-elf/rtld.c
releng/8.0/usr.sbin/freebsd-update/freebsd-update.sh
Changes in other areas also in this revision:
Modified:
head/crypto/openssl/ssl/s3_lib.c
head/crypto/openssl/ssl/s3_pkt.c
head/crypto/openssl/ssl/s3_srvr.c
head/etc/mtree/BSD.var.dist
head/usr.sbin/freebsd-update/freebsd-update.sh
stable/6/crypto/openssl/ssl/s3_lib.c
stable/6/crypto/openssl/ssl/s3_pkt.c
stable/6/crypto/openssl/ssl/s3_srvr.c
stable/6/etc/mtree/BSD.var.dist
stable/6/usr.sbin/freebsd-update/freebsd-update.sh
stable/7/crypto/openssl/ssl/s3_lib.c
stable/7/crypto/openssl/ssl/s3_pkt.c
stable/7/crypto/openssl/ssl/s3_srvr.c
stable/7/etc/mtree/BSD.var.dist
stable/7/usr.sbin/freebsd-update/freebsd-update.sh
stable/8/crypto/openssl/ssl/s3_lib.c
stable/8/crypto/openssl/ssl/s3_pkt.c
stable/8/crypto/openssl/ssl/s3_srvr.c
stable/8/etc/mtree/BSD.var.dist
stable/8/usr.sbin/freebsd-update/freebsd-update.sh
Modified: releng/6.3/UPDATING
==============================================================================
--- releng/6.3/UPDATING Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/UPDATING Thu Dec 3 09:18:40 2009 (r200054)
@@ -8,6 +8,13 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20091203: p14 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:17.freebsd-update
+ Disable SSL renegotiation in order to protect against a serious
+ protocol flaw. [09:15]
+
+ Fix permissions in freebsd-update in order to prevent leakage of
+ sensitive files. [09:17]
+
20091002: p13 FreeBSD-SA-09:13.pipe, FreeBSD-SA-09:14.devfs,
FreeBSD-EN-09:05.null
Fix kqueue pipe race conditions. [SA-09:13]
Modified: releng/6.3/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- releng/6.3/crypto/openssl/ssl/s3_lib.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/crypto/openssl/ssl/s3_lib.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -1768,6 +1768,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: releng/6.3/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/6.3/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -975,9 +975,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1108,8 +1106,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: releng/6.3/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- releng/6.3/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -654,6 +654,13 @@ static int ssl3_get_client_hello(SSL *s)
SSL_COMP *comp=NULL;
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: releng/6.3/etc/mtree/BSD.var.dist
==============================================================================
--- releng/6.3/etc/mtree/BSD.var.dist Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/etc/mtree/BSD.var.dist Thu Dec 3 09:18:40 2009 (r200054)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: releng/6.3/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- releng/6.3/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.3/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 09:18:40 2009 (r200054)
@@ -524,6 +524,7 @@ fetch_check_params () {
echo ${WORKDIR}
exit 1
fi
+ chmod 700 ${WORKDIR}
cd ${WORKDIR} || exit 1
# Generate release number. The s/SECURITY/RELEASE/ bit exists
Modified: releng/6.4/UPDATING
==============================================================================
--- releng/6.4/UPDATING Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/UPDATING Thu Dec 3 09:18:40 2009 (r200054)
@@ -8,6 +8,13 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20091203: p8 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:17.freebsd-update
+ Disable SSL renegotiation in order to protect against a serious
+ protocol flaw. [09:15]
+
+ Fix permissions in freebsd-update in order to prevent leakage of
+ sensitive files. [09:17]
+
20091002: p7 FreeBSD-SA-09:13.pipe, FreeBSD-SA-09:14.devfs,
FreeBSD-EN-09:05.null
Fix kqueue pipe race conditions. [SA-09:13]
Modified: releng/6.4/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- releng/6.4/crypto/openssl/ssl/s3_lib.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/crypto/openssl/ssl/s3_lib.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -1768,6 +1768,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: releng/6.4/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/6.4/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -975,9 +975,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1108,8 +1106,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: releng/6.4/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- releng/6.4/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -654,6 +654,13 @@ static int ssl3_get_client_hello(SSL *s)
SSL_COMP *comp=NULL;
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: releng/6.4/etc/mtree/BSD.var.dist
==============================================================================
--- releng/6.4/etc/mtree/BSD.var.dist Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/etc/mtree/BSD.var.dist Thu Dec 3 09:18:40 2009 (r200054)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: releng/6.4/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- releng/6.4/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/6.4/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 09:18:40 2009 (r200054)
@@ -533,6 +533,7 @@ fetch_check_params () {
echo ${WORKDIR}
exit 1
fi
+ chmod 700 ${WORKDIR}
cd ${WORKDIR} || exit 1
# Generate release number. The s/SECURITY/RELEASE/ bit exists
Modified: releng/7.1/UPDATING
==============================================================================
--- releng/7.1/UPDATING Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/UPDATING Thu Dec 3 09:18:40 2009 (r200054)
@@ -8,6 +8,17 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20091203: p9 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
+ FreeBSD-SA-09:17.freebsd-update
+ Disable SSL renegotiation in order to protect against a serious
+ protocol flaw. [09:15]
+
+ Correctly handle failures from unsetenv resulting from a corrupt
+ environment in rtld-elf. [09:16]
+
+ Fix permissions in freebsd-update in order to prevent leakage of
+ sensitive files. [09:17]
+
20091002: p8 FreeBSD-SA-09:14.devfs, FreeBSD-EN-09:05.null
Fix devfs / VFS NULL pointer race condition. [SA-09:14]
Modified: releng/7.1/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- releng/7.1/crypto/openssl/ssl/s3_lib.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/crypto/openssl/ssl/s3_lib.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -2375,6 +2375,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: releng/7.1/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/7.1/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -976,9 +976,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1109,8 +1107,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: releng/7.1/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- releng/7.1/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -672,6 +672,13 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: releng/7.1/etc/mtree/BSD.var.dist
==============================================================================
--- releng/7.1/etc/mtree/BSD.var.dist Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/etc/mtree/BSD.var.dist Thu Dec 3 09:18:40 2009 (r200054)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: releng/7.1/libexec/rtld-elf/rtld.c
==============================================================================
--- releng/7.1/libexec/rtld-elf/rtld.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/libexec/rtld-elf/rtld.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -358,11 +358,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
Modified: releng/7.1/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- releng/7.1/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.1/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 09:18:40 2009 (r200054)
@@ -533,6 +533,7 @@ fetch_check_params () {
echo ${WORKDIR}
exit 1
fi
+ chmod 700 ${WORKDIR}
cd ${WORKDIR} || exit 1
# Generate release number. The s/SECURITY/RELEASE/ bit exists
Modified: releng/7.2/UPDATING
==============================================================================
--- releng/7.2/UPDATING Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/UPDATING Thu Dec 3 09:18:40 2009 (r200054)
@@ -8,6 +8,17 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20091203: p5 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
+ FreeBSD-SA-09:17.freebsd-update
+ Disable SSL renegotiation in order to protect against a serious
+ protocol flaw. [09:15]
+
+ Correctly handle failures from unsetenv resulting from a corrupt
+ environment in rtld-elf. [09:16]
+
+ Fix permissions in freebsd-update in order to prevent leakage of
+ sensitive files. [09:17]
+
20091002: p4 FreeBSD-SA-09:14.devfs FreeBSD-EN-09:05.null
Fix devfs / VFS NULL pointer race condition. [SA-09:14]
Modified: releng/7.2/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- releng/7.2/crypto/openssl/ssl/s3_lib.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/crypto/openssl/ssl/s3_lib.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -2375,6 +2375,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: releng/7.2/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/7.2/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -976,9 +976,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1109,8 +1107,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: releng/7.2/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- releng/7.2/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -672,6 +672,13 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: releng/7.2/etc/mtree/BSD.var.dist
==============================================================================
--- releng/7.2/etc/mtree/BSD.var.dist Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/etc/mtree/BSD.var.dist Thu Dec 3 09:18:40 2009 (r200054)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: releng/7.2/libexec/rtld-elf/rtld.c
==============================================================================
--- releng/7.2/libexec/rtld-elf/rtld.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/libexec/rtld-elf/rtld.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -360,11 +360,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
Modified: releng/7.2/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- releng/7.2/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/7.2/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 09:18:40 2009 (r200054)
@@ -533,6 +533,7 @@ fetch_check_params () {
echo ${WORKDIR}
exit 1
fi
+ chmod 700 ${WORKDIR}
cd ${WORKDIR} || exit 1
# Generate release number. The s/SECURITY/RELEASE/ bit exists
Modified: releng/8.0/UPDATING
==============================================================================
--- releng/8.0/UPDATING Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/UPDATING Thu Dec 3 09:18:40 2009 (r200054)
@@ -15,6 +15,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20091203: p1 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
+ FreeBSD-SA-09:17.freebsd-update
+ Disable SSL renegotiation in order to protect against a serious
+ protocol flaw. [09:15]
+
+ Correctly handle failures from unsetenv resulting from a corrupt
+ environment in rtld-elf. [09:16]
+
+ Fix permissions in freebsd-update in order to prevent leakage of
+ sensitive files. [09:17]
+
20091125:
8.0-RELEASE.
Modified: releng/8.0/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- releng/8.0/crypto/openssl/ssl/s3_lib.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/crypto/openssl/ssl/s3_lib.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: releng/8.0/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/8.0/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/crypto/openssl/ssl/s3_pkt.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -983,9 +983,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1116,8 +1114,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: releng/8.0/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- releng/8.0/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/crypto/openssl/ssl/s3_srvr.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -718,6 +718,13 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: releng/8.0/etc/mtree/BSD.var.dist
==============================================================================
--- releng/8.0/etc/mtree/BSD.var.dist Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/etc/mtree/BSD.var.dist Thu Dec 3 09:18:40 2009 (r200054)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: releng/8.0/libexec/rtld-elf/rtld.c
==============================================================================
--- releng/8.0/libexec/rtld-elf/rtld.c Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/libexec/rtld-elf/rtld.c Thu Dec 3 09:18:40 2009 (r200054)
@@ -366,12 +366,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
- unsetenv(LD_ "ELF_HINTS_PATH");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
Modified: releng/8.0/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- releng/8.0/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 08:11:20 2009 (r200053)
+++ releng/8.0/usr.sbin/freebsd-update/freebsd-update.sh Thu Dec 3 09:18:40 2009 (r200054)
@@ -600,6 +600,7 @@ fetch_check_params () {
echo ${WORKDIR}
exit 1
fi
+ chmod 700 ${WORKDIR}
cd ${WORKDIR} || exit 1
# Generate release number. The s/SECURITY/RELEASE/ bit exists
More information about the svn-src-all
mailing list