svn commit: r49429 - in head/share/security: advisories patches/SA-16:26
Xin LI
delphij at FreeBSD.org
Mon Sep 26 08:28:49 UTC 2016
Author: delphij
Date: Mon Sep 26 08:28:48 2016
New Revision: 49429
URL: https://svnweb.freebsd.org/changeset/doc/49429
Log:
Revise SA-16:26 to fix a regression.
Added:
head/share/security/patches/SA-16:26/openssl-fix.patch (contents, props changed)
head/share/security/patches/SA-16:26/openssl-fix.patch.asc (contents, props changed)
Modified:
head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc
Modified: head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc Sun Sep 25 20:08:07 2016 (r49428)
+++ head/share/security/advisories/FreeBSD-SA-16:26.openssl.asc Mon Sep 26 08:28:48 2016 (r49429)
@@ -9,17 +9,17 @@ Topic: Multiple OpenSSL vulnera
Category: contrib
Module: openssl
-Announced: 2016-09-23
+Announced: 2016-09-23; revised on 2016-09-26
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-09-22 14:57:48 UTC (stable/11, 11.0-STABLE)
2016-09-22 15:55:27 UTC (releng/11.0, 11.0-RELEASE)
2016-09-22 15:05:38 UTC (stable/10, 10.3-STABLE)
- 2016-09-23 07:48:34 UTC (releng/10.3, 10.3-RELEASE-p8)
- 2016-09-23 07:48:34 UTC (releng/10.2, 10.2-RELEASE-p21)
- 2016-09-23 07:48:34 UTC (releng/10.1, 10.1-RELEASE-p38)
- 2016-09-23 07:44:10 UTC (stable/9, 9.3-STABLE)
- 2016-09-23 07:48:34 UTC (releng/9.3, 9.3-RELEASE-p46)
+ 2016-09-26 08:21:29 UTC (releng/10.3, 10.3-RELEASE-p9)
+ 2016-09-26 08:21:29 UTC (releng/10.2, 10.2-RELEASE-p22)
+ 2016-09-26 08:21:29 UTC (releng/10.1, 10.1-RELEASE-p39)
+ 2016-09-26 08:19:33 UTC (stable/9, 9.3-STABLE)
+ 2016-09-26 08:21:29 UTC (releng/9.3, 9.3-RELEASE-p47)
CVE Name: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180,
CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303,
CVE-2016-6304, CVE-2016-6306
@@ -28,6 +28,11 @@ For general information regarding FreeBS
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history
+
+v1.0 2016-09-23 Initial release.
+v1.1 2016-09-26 Revised patch to address a regression in CVE-2016-2182 fix.
+
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
@@ -169,14 +174,19 @@ detached PGP signature using your PGP ut
[FreeBSD 10.1 and 10.2]
# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch
-# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch.as
+# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-10.2.patch.asc
# gpg --verify openssl-10.2.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch
-# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch.as
+# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
+For all releases, additionally, apply the openssl-fix.patch:
+# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-fix.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:26/openssl-fix.patch.asc
+# gpg --verify openssl-fix.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@@ -194,12 +204,12 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/9/ r306229
-releng/9.3/ r206230
+stable/9/ r306335
+releng/9.3/ r306336
stable/10/ r306196
-releng/10.1/ r206230
-releng/10.2/ r206230
-releng/10.3/ r206230
+releng/10.1/ r306336
+releng/10.2/ r306336
+releng/10.3/ r306336
stable/11/ r306195
releng/11.0/ r306198
- -------------------------------------------------------------------------
@@ -243,17 +253,17 @@ The latest revision of this advisory is
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.13 (FreeBSD)
-iQIcBAEBCgAGBQJX5N+CAAoJEO1n7NZdz2rnRZEP/2/fe1c3tLZZAPguwphI7NFK
-DoGODy5Uj/pMdMv2ZvSJaNFKX5bo4ph2mCtA3rxFhFX4PEDaRoZc4BIlN470qdDe
-soBV0mJEHC8r0z8cw6WYbh4wbd2yYy2x95LFi3g/04udctGQyxWmEzkzjzT8SqxU
-EMoZYZuYQTvr8paQGiUizLu61AFDM2sZhU8yW4euxxiIREbFTO8rC7DMAk3mKfNk
-Og1NN6uVK7+AgxZRJtfrKPftdwGPfKPQKgR731goAghQihThNNDvQ8OdDwj8Mlh1
-KI8u+GaVKUTfgS2Ra9a291nEqV0EHZkY3zSpp4LeCY93gpFQeEhS5M/32oFheP4+
-qNQZdvDzKVBKT1NTzgDbMN++56/h0FDa9NkIQbZI9TwkOTbLeGNMWtC46Ngza3tz
-avlSxxckCwelvmZcjntU3MakdWQhIgMRFvOzVDgfL+erUi3kot0+kgiXq+cn0UEa
-ZHOCJWIzAh/PJGPNOJl71Ji3qb6iUJx31HmVLxyoofbfKmNsg72/ROqUgBLCYO3s
-kW77yMNYEBAzdxeep8oNwMat9bZbxnhvAbr2v934SIndLQ5FtDJ/OdiCq3oXMbyE
-uLFTjqGaTur7z26bibT72l4OEy7Qkt5G1EqefxTGHpY0UQhjQQVFWjwbFYq9RT40
-60v4DC15ArshCN6tuyWt
-=8wR6
+iQIcBAEBCgAGBQJX6NvHAAoJEO1n7NZdz2rncwEP/3E3/QSGoSuhh7nqj3mzpSEl
+YYVB2B6HrxOa99b6rDT8lnnbdkE+Z409C8PP/gM/86WsMJXRrYbB2Dvnpt2hdMI6
+SK94iydp4/QEoahi3DqaiuvO0xfDonUVK/XM+HD2+OGnf5XhRJrXN72aYauK2TEw
+3U58NWqdkHKyLMb9Xw6oOeoexOl7rbzvxB1M1Idsb5+mcs4/n9MHfLPPYDMZdGmc
+XNuHzafINU4RD6ewZXmCjzZ2v4vlN6UJwoCdvm8NmG+2SGTqC+F/eldNFXuDuThz
+DODYpyfg6LjkxeY+P4eG8BMM1grrf1K0/HAaDx3h+F/H/XrxP2gNQfXPxK9HSddL
+eFWspWdRfJBydM4zrB8ndu/xmgfuCkgfrOgYU6z9eSLarmElM25Wic4+PiU0DXOq
+tHoL3k6B8sEio19Jh2ggdrZJBDM+BzlDqXve3Z1t9lY9DVZbcNe1xWJ7SreBQfXl
+n0r3LKLXxaFq014gb4/MV503XAn1P6Q87nL8wzkm9Z1qIHlJPt6Igrl+A5LcQ589
+nW35xpeco8vFG0C6AmUk1cY14nZdZ/OjIEM4zGTd7oXRZRK6VFHJssTl0qJ/KLb1
+rssl78ffhonLwFLLUzAGQlzYXYspz0ySwsrECcebOTzKzFUC9V0hcBuRMIwlAn5g
+aqC0mYXivXqtV/cgdYL/
+=3i9P
-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:26/openssl-fix.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:26/openssl-fix.patch Mon Sep 26 08:28:48 2016 (r49429)
@@ -0,0 +1,19 @@
+--- crypto/openssl/crypto/bn/bn_print.c.orig
++++ crypto/openssl/crypto/bn/bn_print.c
+@@ -141,14 +141,13 @@
+ if (BN_is_negative(t))
+ *p++ = '-';
+
+- i = 0;
+ while (!BN_is_zero(t)) {
++ if (lp - bn_data >= bn_data_num)
++ goto err;
+ *lp = BN_div_word(t, BN_DEC_CONV);
+ if (*lp == (BN_ULONG)-1)
+ goto err;
+ lp++;
+- if (lp - bn_data >= bn_data_num)
+- goto err;
+ }
+ lp--;
+ /*
Added: head/share/security/patches/SA-16:26/openssl-fix.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:26/openssl-fix.patch.asc Mon Sep 26 08:28:48 2016 (r49429)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX6Nu7AAoJEO1n7NZdz2rnZo8QALAnB2tI1lhZLUayhrCd/HAU
+MNxSsqcP55dYYE6b9a6k8HcN1MiLXbxUt/KBT1wtGOvs6SrpqOVvzjDaEqLtufjx
+mAiRqKYulWbAdl8RJSESJY17LdyBN68crSQ1AH7t7jlyCjKOq3pBffVuEuiCLYph
+OhLfz8/7HS2vZNxPtnEv2RJ+Vwwy9uc6pkqGwyMz4xipVrUOuorV84dJ+DIdLbOT
+wk288iZcc519I1DAw61t+cMTG+7xYZW5pa4jTRUY9WMSSeGfW0RBaD/m795aK2FQ
+L8226nawoB6Lp6r3L1EU6592/nd6p4Igvgj+s9dqy2kWzs/NZbyxOm4m7Ymz/7DH
+r/j8RK0o8Asm9F2Mtg/PWynKgo3XInbEudwpMP2jGxMhx8KOlMc01lM4i5hAdwmm
+iGKpcEzwTVTVCdwjbGhJV2YMhurBAjGJv4P6fn/xTpEpjd16MSirP47ryYYcIFL3
+NOguwS/5Hj86HMLx3bDfvp11D9mttlPU0FRYfpVUqFh9zn640BqxkD81ra1L6cKP
+d5Lt60FAM2ro/xqEPDh12po/qBmk9cWP7NMNh+ASe0SVyraCwZAbLN4gKHH91EdL
+GA5h1yDrse4iUm7lBRwv4dKgJYSNJXoWfyDRpSbBA3O3z4CV0IGNLFNxZoY3JCpd
+VRvG2kKCBbiiyQ/PcFNZ
+=SXHG
+-----END PGP SIGNATURE-----
More information about the svn-doc-all
mailing list