svn commit: r46117 - in head/share: security/advisories security/patches/EN-14:13 security/patches/SA-14:31 xml
Dag-Erling Smørgrav
des at FreeBSD.org
Tue Dec 23 23:28:33 UTC 2014
Author: des
Date: Tue Dec 23 23:28:30 2014
New Revision: 46117
URL: https://svnweb.freebsd.org/changeset/doc/46117
Log:
Add EN-14:13 and SA-13:31
Added:
head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc (contents, props changed)
head/share/security/patches/EN-14:13/
head/share/security/patches/EN-14:13/freebsd-update.patch (contents, props changed)
head/share/security/patches/EN-14:13/freebsd-update.patch.asc (contents, props changed)
head/share/security/patches/SA-14:31/
head/share/security/patches/SA-14:31/ntp.patch (contents, props changed)
head/share/security/patches/SA-14:31/ntp.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,187 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-14:13.freebsd-update Errata Notice
+ The FreeBSD Project
+
+Topic: freebsd-update attempts to remove the root directory
+
+Category: base
+Module: freebsd-update
+Announced: 2014-12-23
+Credits: Colin Percival
+Affects: All supported versions of FreeBSD.
+Corrected: 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
+ 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
+ 2014-12-22 22:11:39 UTC (stable/10, 10.0-STABLE)
+ 2014-12-22 22:11:50 UTC (stable/9, 9.3-STABLE)
+ 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
+ 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
+ 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
+ 2014-12-22 22:11:45 UTC (stable/8, 8.4-STABLE)
+ 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The freebsd-update(8) utility is used to apply binary patches to FreeBSD
+systems installed from official release images, as an alternative to
+rebuilding from source. A freebsd-update(8) build server generates the
+signed update packages, consisting of an index of files and directories
+with checksums before the update, a set of binary patches, and an
+index of files and directories with checksums after the update. The
+client downloades the indexes, verifies the signatures and checksums,
+then downloads and applies the required patches.
+
+The freebsd-update(8) utility views the system as a set of components:
+"world", "kernel" and "src". The "world" component is divided into
+four subcomponents: "base", "doc", "lib32" and "games". These
+components and subcomponents correspond to six of the seven system
+components offered during installation (the seventh being ports, which
+is handled by the portsnap utility).
+
+II. Problem Description
+
+1) The default configuration for freebsd-update(8) has all six
+ components enabled. Components which are not installed should be
+ disabled in the configuration file. Failing to do so is normally
+ harmless, as the freebsd-update(8) client will ignore instructions
+ to patch files that do not exist on the system. However, if an
+ update adds a file, it will be installed even if it belongs to
+ a component which was not previously installed.
+
+ Due to human error, the world/lib32 component, containing 32-bit
+ compatibility libraries for 64-bit systems, was left out of the
+ freebsd-update(8) server's baseline for FreeBSD 10.1-RELEASE. As a
+ result, the freebsd-update(8) client removed these libraries when
+ upgrading a system from an earlier release. The 32-bit libraries
+ were re-added as part of the first set of updates released after
+ the mistake was discovered.
+
+2) Under certain circumstances, it is possible for the freebsd-update(8)
+ build server to generate an update package requiring the client to
+ both remove and create the same directory. The client will normally
+ detect this situation and ignore the conflicting instructions.
+
+ Due to insufficient input normalization, if the directory being
+ both removed and created is the root directory, the freebsd-update(8)
+ client will fail to recognize that both instructions refer to the
+ same directory. It will then attempt and fail to 'rmdir /',
+ producing an error message.
+
+III. Impact
+
+The first issue will cause freebsd-update(8) to install 32-bit libraries
+on 10.1 systems where they were intentionally left out during installation
+but /etc/freebsd-update.conf was not edited to reflect this.
+
+The second issue, which is triggered by the addition of lib32, will
+result in a harmless but disconcerting error message when installing
+updates.
+
+IV. Workaround
+
+The first issue is strictly speaking a configuration error. To
+address it, update /etc/freebsd-update.conf to reflect the set of
+components that are installed on the system. Specifically, replace
+"world" on the Components line with "world/base", and add "world/doc"
+and / or "world/games" if those those components were selected during
+installation.
+
+The second issue is harmless and can safely be ignored. A workaround
+has been put in place on the freebsd-update(8) build server so the error
+will not occur while installing the update that corrects it.
+
+Systems which are updated from source rather than using freebsd-update(8)
+are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/freebsd-update.patch
+
+c) Rebuild and reinstall the freebsd-update(8) client:
+
+# cd /usr/src/usr.sbin/freebsd-update
+# make && make install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r276089
+releng/8.4/ r276154
+stable/9/ r276090
+releng/9.1/ r276155
+releng/9.2/ r276156
+releng/9.3/ r276157
+stable/10/ r276088
+releng/10.0/ r276158
+releng/10.1/ r276159
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-14:13.freebsd-update.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJUmfVpAAoJEO1n7NZdz2rnbgkP/1XSnED0ly1kjGuK5g+148YW
+gHsB0oiJ3E3qGMHl0Z3E8HSl3XA4f+rMkEM6Ez/cADlzLbWsQFo0HXaT/bEandq4
+OmmJF5cvWzOpk4Zc9svae5zfoCWqpMCderHoUyfF+GIjxOwES5Ga7Fj8kxiGuSlg
+WPWNoSJJnBcDLabNH4XiFo6S3OP21oJS1D9U0jlcIzknf5t+TDXwj4xM+fr1lqh2
+sRmkqSkRFNQga7RN323gocX9u7wP/ePsKiAPUFLAj/gYYJVTOtfz2gwgHNg9tC2O
+7T1VkbpTNvnbqz3J/bUza2jExyUuFsZpS1uFrbY0eKXRQpKSyMMUYV1sPz9g6fTV
+At1kYsnsOdXkSV47zMdXTVbunO/EGsM0JSwHBIFaLfXbq1edT/SNgh/QN6s4Zehz
+ZD3YUIjD062wVJW+ZRjIgTpPo9tG1vA70hmG5DKbjawF3dVg0W3ypgGRJYkjJmh2
+zwSyz6V5XwtP/f5A8tw0uo6KqbO8GPDL/c2dOww79Up/9jCiqep5uNdMhnsL3w17
+DRhuIluQlGMIkU7uizZWGqETW3Ok8/CVAznphJEvgXWknbr/trbAmyACdXdFwKkD
+Q+oH9U+H+qA5evbC4jGpwCWN2vYZnN+gqImv/ArYxhAOt+zWQqRedFaUZdJmbzwV
+fGqk6qlqwPs2F8V/VGg0
+=CMmV
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-14:31.ntp.asc Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-14:31.ntp Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in NTP suite
+
+Category: contrib
+Module: ntp
+Announced: 2014-12-23
+Affects: All supported versions of FreeBSD.
+Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)
+ 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
+ 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
+ 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)
+ 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
+ 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
+ 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
+ 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)
+ 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
+CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II. Problem Description
+
+When no authentication key is set in the configuration file, ntpd(8)
+would generate a random key that uses a non-linear additive feedback random
+number generator seeded with very few bits of entropy. [CVE-2014-9293]
+The ntp-keygen(8) utility is also affected by a similar issue.
+[CVE-2014-9294]
+
+When Autokey Authentication is enabled, for example if ntp.conf(5) contains
+a 'crypto pw' directive, a remote attacker can send a carefully
+crafted packet that can overflow a stack buffer. [CVE-2014-9295]
+
+In ntp_proto.c, the receive() function is missing a return statement in
+the case when an error is detected. [CVE-2014-9296]
+
+III. Impact
+
+The NTP protocol uses keys to implement authentication. The weak
+seeding of the pseudo-random number generator makes it easier for an
+attacker to brute-force keys, and thus may broadcast incorrect time stamps
+or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]
+
+An attacker may be able to utilize the buffer overflow to crash the ntpd(8)
+daemon or potentially run arbitrary code with the privileges of the ntpd(8)
+process, which is typically root. [CVE-2014-9295]
+
+IV. Workaround
+
+No workaround is available, but systems not running ntpd(8) are not
+affected. Because the issue may lead to remote root compromise, the
+FreeBSD Security Team recommends system administrators to firewall NTP
+ports, namely tcp/123 and udp/123 when it is not clear that all systems
+have been patched or have ntpd(8) stopped.
+
+V. Solution
+
+NOTE WELL: It is advisable to regenerate all keys used for NTP
+authentication, if configured.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
+# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
+# gpg --verify ntp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the ntpd(8) daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r276073
+releng/8.4/ r276154
+stable/9/ r276073
+releng/9.1/ r276155
+releng/9.2/ r276156
+releng/9.3/ r276157
+stable/10/ r276072
+releng/10.0/ r276158
+releng/10.1/ r276159
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296>
+
+<URL:https://www.kb.cert.org/vuls/id/852879>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-14:31.ntp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8
+OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t
+NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+
+rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq
+slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq
+zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh
+u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7
+uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0
+wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy
+90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn
+CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q
+IIw6TjJXQm8DTMuBIwf3
+=oSCq
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-14:13/freebsd-update.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-14:13/freebsd-update.patch Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,12 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -1395,6 +1395,7 @@
+ # matter, since we add a leading "/" when we use paths later.
+ cut -f 3- -d '|' $1 |
+ sed -e 's,/|d|,|d|,' |
++ sed -e 's,/|-|,|-|,' |
+ sort -u > $1.tmp
+
+ # Figure out which lines to ignore and remove them.
Added: head/share/security/patches/EN-14:13/freebsd-update.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-14:13/freebsd-update.patch.asc Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJUmSpoAAoJEO1n7NZdz2rnJPcQAOZUttLvFk9WS/NFaWLP4WDk
+OK0KCgqpHtxZjxzHSrwoJHQRKpfiHVPKjTiuqGOzGV68s5DFjd4pL++HEQmc5qP/
+fO5EqZ/8uArM1hqQtqqdbeff4rVlY7YqxBbuiG16tT+7/75y0eecPlt9OngG5NM7
+RAXYf9QU1czSnEVvKhoXvvsSSZI8LBheEIxhhQqeumJF0WWt24tiCq4fRZM6Cgxu
+2ISCT8+zhc8O6/4XuDmAF9wN4WeDFf/3QrMTdcH6TwJsXsHvoL0rl1ktMabSb10I
+fEdhkpQ0pBfLZFGGicj2rVZ8XHBlhZ0wUUgHv9kABQAil1zg1n95+Aw8IrWd4GVX
+mwGmNKr7RuWh6Oq/X7XtrvSlqD13W/s8VDLnJJ9gQggm3eWc2E8JGHVyAZgUgIAU
+4ciJTQbjww1FRHQJEFJDc4ykjFXF7/2l8FuIQSJuQF/Dp2dV0KwIaDl1my9jjbJG
+BmODKA+Do7AzsDjYgubLlF7bPWc54PaPKiW0XjBGmoD6HpUZjf11Jal21JDrOL7t
+LMF/YJsE0yo9ce7j9mgGVh4PZGZhNj14OwPrkzW2QP6apguhrn7GaCNTrooxGU2Z
+z0I3p6s3l/tJ++LCeh1eTKCfX+NQ5KrbhimXEe9iTZzDF24S2jQwp27cr8wjWvG9
+zpqe4Qli/4lDuWVv3S8q
+=p3c7
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-14:31/ntp.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:31/ntp.patch Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,145 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c.orig
++++ contrib/ntp/ntpd/ntp_config.c
+@@ -1887,7 +1887,7 @@
+
+ for (i = 0; i < 8; i++)
+ for (j = 1; j < 100; ++j) {
+- rankey[i] = (char) (ntp_random() & 0xff);
++ rankey[i] = (char) (arc4random() & 0xff);
+ if (rankey[i] != 0) break;
+ }
+ rankey[8] = 0;
+Index: contrib/ntp/ntpd/ntp_control.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_control.c.orig
++++ contrib/ntp/ntpd/ntp_control.c
+@@ -24,6 +24,10 @@
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+
++#ifndef MIN
++#define MIN(a, b) (((a) <= (b)) ? (a) : (b))
++#endif
++
+ /*
+ * Structure to hold request procedure information
+ */
+@@ -893,6 +897,7 @@
+ )
+ {
+ int overhead;
++ unsigned int currentlen;
+
+ overhead = 0;
+ if (!bin) {
+@@ -916,12 +921,22 @@
+ /*
+ * Save room for trailing junk
+ */
+- if (dlen + overhead + datapt > dataend) {
++ while (dlen + overhead + datapt > dataend) {
+ /*
+ * Not enough room in this one, flush it out.
+ */
++ currentlen = MIN(dlen, dataend - datapt);
++
++ memcpy(datapt, dp, currentlen);
++
++ datapt += currentlen;
++ dp += currentlen;
++ dlen -= currentlen;
++ datalinelen += currentlen;
++
+ ctl_flushpkt(CTL_MORE);
+ }
++
+ memmove((char *)datapt, dp, (unsigned)dlen);
+ datapt += dlen;
+ datalinelen += dlen;
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c.orig
++++ contrib/ntp/ntpd/ntp_crypto.c
+@@ -864,12 +864,24 @@
+ * errors.
+ */
+ if (vallen == (u_int) EVP_PKEY_size(host_pkey)) {
+- RSA_private_decrypt(vallen,
++ u_int32 *cookiebuf = malloc(
++ RSA_size(host_pkey->pkey.rsa));
++ if (cookiebuf == NULL) {
++ rval = XEVNT_CKY;
++ break;
++ }
++ if (RSA_private_decrypt(vallen,
+ (u_char *)ep->pkt,
+- (u_char *)&temp32,
++ (u_char *)cookiebuf,
+ host_pkey->pkey.rsa,
+- RSA_PKCS1_OAEP_PADDING);
+- cookie = ntohl(temp32);
++ RSA_PKCS1_OAEP_PADDING) != 4) {
++ rval = XEVNT_CKY;
++ free(cookiebuf);
++ break;
++ } else {
++ cookie = ntohl(*cookiebuf);
++ free(cookiebuf);
++ }
+ } else {
+ rval = XEVNT_CKY;
+ break;
+@@ -3914,7 +3926,7 @@
+ rand_file);
+ exit (-1);
+ }
+- get_systime(&seed);
++ arc4random_buf(&seed, sizeof(l_fp));
+ RAND_seed(&seed, sizeof(l_fp));
+ RAND_write_file(rand_file);
+ OpenSSL_add_all_algorithms();
+Index: contrib/ntp/ntpd/ntp_proto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_proto.c.orig
++++ contrib/ntp/ntpd/ntp_proto.c
+@@ -649,6 +649,7 @@
+ has_mac)) {
+ is_authentic = AUTH_ERROR;
+ sys_badauth++;
++ return;
+ } else {
+ is_authentic = AUTH_OK;
+ }
+Index: contrib/ntp/util/ntp-keygen.c
+===================================================================
+--- contrib/ntp/util/ntp-keygen.c.orig
++++ contrib/ntp/util/ntp-keygen.c
+@@ -642,7 +642,7 @@
+ for (i = 1; i <= MD5KEYS; i++) {
+ for (j = 0; j < 16; j++) {
+ while (1) {
+- temp = ntp_random() & 0xff;
++ temp = arc4random() & 0xff;
+ if (temp == '#')
+ continue;
+ if (temp > 0x20 && temp < 0x7f)
+@@ -675,7 +675,7 @@
+ FILE *str;
+
+ fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus);
+- rsa = RSA_generate_key(modulus, 3, cb, "RSA");
++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA");
+ fprintf(stderr, "\n");
+ if (rsa == NULL) {
+ fprintf(stderr, "RSA generate keys fails\n%s\n",
+@@ -954,7 +954,7 @@
+ */
+ fprintf(stderr,
+ "Generating GQ parameters (%d bits)...\n", modulus);
+- rsa = RSA_generate_key(modulus, 3, cb, "GQ");
++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ");
+ fprintf(stderr, "\n");
+ if (rsa == NULL) {
+ fprintf(stderr, "RSA generate keys fails\n%s\n",
Added: head/share/security/patches/SA-14:31/ntp.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:31/ntp.patch.asc Tue Dec 23 23:28:30 2014 (r46117)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJUmSpxAAoJEO1n7NZdz2rnhYgP/0/soeGCLPaz3+jVyn9hmy/C
+Qso0rjAdPFgRZfu6j0Nuh4d2pa8FZGQPrQZrLYPFn9JN729vVV26sldu5YNEwGGB
+GPczVP35KWHcbssB5ShZtVkUfVmV6bip12VJQnG4QMMWqo2hhetVgpZqXcBZnEKF
+zjftsNchre562NdNSTlq/gyqV4LiXxWXfR8Gbvo26kX246b7QCCTx2Su9qDvDrz4
+0MV8NFcr0CZbXKQiLWLfZefsQ57zStR0ME1YEaQvJOyLER8GgB7hJzSoGm1flnB5
+cI1B5z1H48wK5GC5YFEqD3El1UJql5Ni5cz0giOgEbYVpxuigk587f15B+70KMR/
+Mki3Yqm90uuhZdybZ5tGzgrPD6udqU/blpTShqsClM10pA9dCGa3K3UDWzjyy84t
+TZQHAZa4h9XIxVjaOD94MBJBUlcA+9PV93m/7xtanqqsbJG5SsRA0l/an46jL/Ww
+3rC7fVkEnaiKyCUU7SdzDAIo4uAuTahpSTQh/XaYcBdbpy5/PwGXKeroADpDt0JV
+755RyEqqUjd5uGO66ZCBcUCJ/H+lJjNxMlEoAVjq+BoVE9axf83g9WTj4LG+B1f2
+aKBV9TLeLz2vP5/h96WHhndrxEcwF5uf8zWk0pu5gFjnzUDfji0amwndzFHR3W81
+h4kO774DRRglESAmqkdN
+=Pt4e
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Tue Dec 23 23:03:06 2014 (r46116)
+++ head/share/xml/advisories.xml Tue Dec 23 23:28:30 2014 (r46117)
@@ -11,6 +11,14 @@
<name>12</name>
<day>
+ <name>23</name>
+
+ <advisory>
+ <name>FreeBSD-SA-14:31.ntp</name>
+ </advisory>
+ </day>
+
+ <day>
<name>17</name>
<advisory>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Tue Dec 23 23:03:06 2014 (r46116)
+++ head/share/xml/notices.xml Tue Dec 23 23:28:30 2014 (r46117)
@@ -8,6 +8,18 @@
<name>2014</name>
<month>
+ <name>12</name>
+
+ <day>
+ <name>23</name>
+
+ <notice>
+ <name>FreeBSD-EN-14:13.freebsd-update</name>
+ </notice>
+ </day>
+ </month>
+
+ <month>
<name>11</name>
<day>
More information about the svn-doc-head
mailing list