svn commit: r48099 - in head/share: security/advisories security/patches/SA-16:08 security/patches/SA-16:09 security/patches/SA-16:10 xml
Xin LI
delphij at FreeBSD.org
Wed Jan 27 08:09:34 UTC 2016
Author: delphij
Date: Wed Jan 27 08:09:32 2016
New Revision: 48099
URL: https://svnweb.freebsd.org/changeset/doc/48099
Log:
Add SA-16:08, SA-16:09 and SA-16:10.
Added:
head/share/security/advisories/FreeBSD-SA-16:08.bind.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-16:10.linux.asc (contents, props changed)
head/share/security/patches/SA-16:08/
head/share/security/patches/SA-16:08/bind.patch (contents, props changed)
head/share/security/patches/SA-16:08/bind.patch.asc (contents, props changed)
head/share/security/patches/SA-16:09/
head/share/security/patches/SA-16:09/ntp.patch (contents, props changed)
head/share/security/patches/SA-16:09/ntp.patch.asc (contents, props changed)
head/share/security/patches/SA-16:10/
head/share/security/patches/SA-16:10/linux.patch (contents, props changed)
head/share/security/patches/SA-16:10/linux.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
Added: head/share/security/advisories/FreeBSD-SA-16:08.bind.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:08.bind.asc Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:08.bind Security Advisory
+ The FreeBSD Project
+
+Topic: BIND remote denial of service vulnerability
+
+Category: contrib
+Module: bind
+Announced: 2016-01-27
+Credits: ISC
+Affects: FreeBSD 9.x
+Corrected: 2016-01-20 08:54:35 UTC (stable/9, 9.3-STABLE)
+ 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
+CVE Name: CVE-2015-8704
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+Address Prefixes List (APL RR) is a type of DNS Resource Record defined in
+RFC 3123.
+
+II. Problem Description
+
+There is an off-by-one error in a buffer size check when performing certain
+string formatting operations.
+
+III. Impact
+
+Slaves using text-format db files could be vulnerable if receiving a
+malformed record in a zone transfer from their master.
+
+Masters using text-format db files could be vulnerable if they accept
+a malformed record in a DDNS update message.
+
+Recursive resolvers are potentially vulnerable when debug logging is
+enabled and if they are fed a deliberately malformed record by a
+malicious server.
+
+A server which has cached a specially constructed record could encounter
+this condition while performing 'rndc dumpdb'.
+
+IV. Workaround
+
+No workaround is available, but hosts not running named(8) are not
+vulnerable.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The named service has to be restarted after the update. A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The named service has to be restarted after the update. A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:08/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r294405
+releng/9.3/ r294905
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://kb.isc.org/article/AA-01335>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:08.bind.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rngIkP/Ru1a5U14/iJKqGO2o+OQkk5
+j9G3rwEQROlPhtHdUE3vtA2fZcsayJaK1CjU3j91VWlTXHfBnju6gbJVPntNQqe5
+TxRFmRhRjcyreNdt6hKvFgDrXmWwrytRukJ/XafdYxoWFDTtrUScwrOH87U8ILcF
+gkWgzCQ7EnYqr7sEW1makDHmIOLukJo5pJOnUTRkraDP2oaKSros3GC+Fnh6Wf+q
+wYOkgl2gj96ubJW4SvdZCAKFtnMrhw0ZZyrVDuPojzWU+ZotzWvZz3xGvoSqXy5U
+rqqtUQNHMU0Aqhe9zurW4B2ioff6XALZPgRYqQRI8ezXTgDDhJSwa12mjTJuQmaR
+hQRJlW5u5/Ejj2NML6NkhvLuSApwZcAZ2G7cLGdR6nEKKVEb6mXgnL7T/CdhhTj8
+2owIz1iIdI2sUmhv6vuxPxB1k/O7b76LTZ2AL6jx4/mEtOVeofpNej5w7qnvCSqV
+RcZsOYRXrMZ0YWuhBkKqnMGGIU0TBMDvjJL5gxf5RR14iLExcC1fKhkhbvRMag4Y
+ck7Ja45Ltpwtd0t7/AfzbeI4OVmos4NB36HK5pYJchmOUavm6im5V6781mYGZgQn
+HtOQEyi7tSeft+Fz21dmK6Z1GV6lRmrt52wAKyJ71nA/WESgma50WE49RX+cH1MH
+nmon5PYKLuMuzFVNYZWs
+=HYpu
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:09.ntp.asc Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,225 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:09.ntp Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities of ntp
+
+Category: contrib
+Module: ntp
+Announced: 2016-01-27
+Credits: Cisco ASIG / Network Time Foundation
+Affects: All supported versions of FreeBSD.
+Corrected: 2016-01-22 15:55:21 UTC (stable/10, 10.2-STABLE)
+ 2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
+ 2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
+ 2016-01-22 15:56:35 UTC (stable/9, 9.3-STABLE)
+ 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
+CVE Name: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976,
+ CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138,
+ CVE-2015-8139, CVE-2015-8140, CVE-2015-8158
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II. Problem Description
+
+Multiple vulnerabilities have been discovered in ntp 4.2.8p5:
+
+Potential Infinite Loop in ntpq. [CVE-2015-8158]
+
+A logic error would allow packets with an origin timestamp of zero
+to bypass this check whenever there is not an outstanding request
+to the server. [CVE-2015-8138]
+
+Off-path Denial of Service (DoS) attack on authenticated broadcast mode.
+[CVE-2015-7979]
+
+Stack exhaustion in recursive traversal of restriction list. [CVE-2015-7978]
+
+reslist NULL pointer dereference. [CVE-2015-7977]
+
+ntpq saveconfig command allows dangerous characters in filenames.
+[CVE-2015-7976]
+
+nextvar() missing length check. [CVE-2015-7975]
+
+Skeleton Key: Missing key check allows impersonation between authenticated
+peers. [CVE-2015-7974]
+
+Deja Vu: Replay attack on authenticated broadcast mode. [CVE-2015-7973]
+
+ntpq vulnerable to replay attacks. [CVE-2015-8140]
+
+Origin Leak: ntpq and ntpdc, disclose origin. [CVE-2015-8139]
+
+III. Impact
+
+A malicious NTP server, or an attacker who can conduct MITM attack by
+intercepting NTP query traffic, may be able to cause a ntpq client to
+infinitely loop. [CVE-2015-8158]
+
+A malicious NTP server, or an attacker who can conduct MITM attack by
+intercepting NTP query traffic, may be able to prevent a ntpd(8) daemon
+to distinguish between legitimate peer responses from forgeries. This
+can partially be mitigated by configuring multiple time sources.
+[CVE-2015-8138]
+
+An off-path attacker who can send broadcast packets with bad
+authentication (wrong key, mismatched key, incorrect MAC, etc) to
+broadcast clients can cause these clients to tear down associations.
+[CVE-2015-7979]
+
+An attacker who can send unauthenticated 'reslist' command to a NTP
+server may cause it to crash, resulting in a denial of service
+condition due to stack exhaustion [CVE-2015-7978] or a NULL pointer
+dereference [CVE-2015-7977].
+
+An attacker who can send 'modify' requests to a NTP server may be
+able to create file that contain dangerous characters in their name,
+which could cause dangerous behavior in a later shell invocation.
+[CVE-2015-7976]
+
+A remote attacker may be able to crash a ntpq client. [CVE-2015-7975]
+
+A malicious server which holds a trusted key may be able to
+impersonate other trusted servers in an authenticated configuration.
+[CVE-2015-7974]
+
+A man-in-the-middle attacker or a malicious participant that has the
+same trusted keys as the victim can replay time packets if the NTP
+network is configured for broadcast operations. [CVE-2015-7973]
+
+The ntpq protocol is vulnerable to replay attacks which may be used
+to e.g. re-establish an association to malicious server. [CVE-2015-8140]
+
+An attacker who can intercept NTP traffic can easily forge live server
+responses. [CVE-2015-8139]
+
+IV. Workaround
+
+No workaround is available, but systems not running ntpd(8) are not
+affected. Network administrators are advised to implement BCP-38,
+which helps to reduce risk associated with the attacks.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The ntpd service has to be restarted after the update. A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The ntpd service has to be restarted after the update. A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch.asc
+# gpg --verify ntp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r294570
+releng/9.3/ r294905
+stable/10/ r294569
+releng/10.1/ r294904
+releng/10.2/ r294904
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7973>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7974>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7975>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7976>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7977>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7978>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-7979>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8138>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8139>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8140>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2015-8158>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnt9cP/2EtdEPX/oBJXKFWqQv5cwvY
+C4gmlK5MZok2an330XMPl0RO2RplsIw4Lo4BuUh7HPKhVa5loYasabKrULQ+4Pgv
+z9INxDTDO8iooHeTeNe/VAb5YcKFrD7sqajdc0cY11rLEw1o53IuULz9wZnczAe/
+KnHDNUyYaSU2Ep+c3+ADSJqOk3ffhsGDS+0byoOBcUN+66MnBg19/rKomiN5a7Nt
+XSseoQgYISU8aaJDvPlGoaN/Xm5fnFZaKFlJ4y7h51sYYep0qgjQx+Gdakk0vNbh
+CwsjpBKqDpFpBcSgdEC/bYHnNpYUTJB/tPmG3YDO5jMWQISKGrrnuMYeh+7PjTDS
+vCrneztpVBscLG4ZKSlfmhpZ/Jfy31YPXm5P/w8NuA05i13K06P4gG5PKNyUMgsk
+AZQ4Vg8YlyS0Ci4ufdc+AIQI35QMrKvfecJVu49+sNhUA4PpTe7coEU9dks3Dtaw
+g2QbfnsEWzJ6RBJcw7aQDSgRoqrVQgMB8IIota+aMzeVurgyFxPm9LASk2RYjhmC
+Ep283cc+HPUnihKBZTwwkw5iznbmpyRYlPghEc7slgOZCbk9pefnsCMOZAqRW9fZ
+DUpt+HvZD5BKB4kCAUMIvKGS91cyBFaNcdJhlB8uUx2aP2UJmuzldk+x9K74wWGK
+lnP0IazzXnWFobfwr+qT
+=0ZhD
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:10.linux.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:10.linux.asc Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:10.linux Security Advisory
+ The FreeBSD Project
+
+Topic: Linux compatibility layer issetugid(2) system call
+ vulnerability
+
+Category: core
+Module: kernel
+Announced: 2016-01-27
+Credits: Isaac Dunham, Brent Cook, Warner Losh
+Affects: All supported versions of FreeBSD.
+Corrected: 2016-01-27 07:28:55 UTC (stable/10, 10.2-STABLE)
+ 2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11)
+ 2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28)
+ 2016-01-27 07:34:23 UTC (stable/9, 9.3-STABLE)
+ 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35)
+CVE Name: CVE-2016-1883
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD is binary-compatible with the Linux operating system through a
+loadable kernel module/optional kernel component. The support is
+provided on amd64 and i386 machines.
+
+II. Problem Description
+
+A programming error in the Linux compatibility layer could cause the
+issetugid(2) system call to return incorrect information.
+
+III. Impact
+
+If an application relies on output of the issetugid(2) system call
+and that information is incorrect, this could lead to a privilege
+escalation.
+
+IV. Workaround
+
+No workaround is available, but systems not using the Linux binary
+compatibility layer are not vulnerable.
+
+The following command can be used to test if the Linux binary
+compatibility layer is loaded:
+
+# kldstat -m linuxelf
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:10/linux.patch.asc
+# gpg --verify linux.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r294903
+releng/9.3/ r294905
+stable/10/ r294901
+releng/10.1/ r294904
+releng/10.2/ r294904
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:10.linux.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJWqHmfAAoJEO1n7NZdz2rnsr0QAJtM4C+IgRcRHdNGL7vXp1NP
+u3sFyktcRGCR0p+lMOaFYPp/Vmu09NglhcaxYFbk4WONVSnZKOuiWsjOL9by/eof
+77i8bXINlB/8Pp+34KpxDtz5wR3jVAApaL8xvS+/DaKj3RdQ63RrHgtQRTAk+VSO
+ISAXxF2U/XAcRlmBQ3oOtqeHads6M1LNG/D/I0FgpU2G17QoUpfa+AvOkS1wBw7d
+mdcnC4NDKKx3QnyD0FTrh4z444PwvE3IQ7OSm7VX4/oOZdH+CC9coLCV1BXALrfA
+WVmaUMDy8bWiv7JMsda2xl4KhcEx2Y0UN2hGYdMZJubqYcnUknMimW3b2fhsfgl1
+UaQDD6xv9I4xZqo1NHh4/WiH33PvOmM+U0E6IMb5hTUbfSd0mXOn4yzTP5gJxe4h
+fPk5ZUj/HTKx6C8ERMknTDdn+ZrLLlQJAoDbipPZkRBMcsgvRYGjKquBnrW9N0z2
+BUtuLODg/GxMmkQXYV7mT08xw7YLvIbfSwGvlOd/k5hB/0KMTRLBFGd6vc2lZ+CL
+dseeK59vUK50Arua8qbg6AlOYc9Dga/XeQ753za0zEm7LOXzjr7jlBex/04ZxvE/
+N4OTxNYlASk1cwBcoytZ8da3D7Vqh7vw7QmUR8lAb/x5ijR1QjCApji+yRupCEG+
+PGHIMcxSGeBx7Drd1eBE
+=PyM5
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:08/bind.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:08/bind.patch Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,22 @@
+Index: contrib/bind9/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- contrib/bind9/lib/dns/rdata/in_1/apl_42.c (revision 294299)
++++ contrib/bind9/lib/dns/rdata/in_1/apl_42.c (working copy)
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_uint8_t len;
+ isc_boolean_t neg;
+ unsigned char buf[16];
+- char txt[sizeof(" !64000")];
++ char txt[sizeof(" !64000:")];
+ const char *sep = "";
+ int n;
+
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_region_consume(&sr, 1);
+ INSIST(len <= sr.length);
+ n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+- neg ? "!": "", afi);
++ neg ? "!" : "", afi);
+ INSIST(n < (int)sizeof(txt));
+ RETERR(str_totext(txt, target));
+ switch (afi) {
Added: head/share/security/patches/SA-16:08/bind.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:08/bind.patch.asc Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJWqHnkAAoJEO1n7NZdz2rnSzoQALduvw7DCOsGiKYoQgU17nyo
+iiacv5vRmDx7+43BMsND1SM9kwid9RPZWbAj5lb80g7ZOnluBxAoilmqVWgzs9gb
+1IkATsf5TTbQcGxYG1wQqx2ahfih0FUIb3Qg1KFMDO3XCPvIMucSAQMtPgq3FdFl
+A/FGH1+Yls4Aum53ulgR6IuotzaYnxiznxqi5IGhfTrPSZIuVnH4SDubwTrE+0kJ
+N3SzYc3ilguqOtxwSyBtIMSaqPiXZCBGYKGnR8RzysxhfdP56dBSJHzkNoniexjU
+4jYD5X+fY6ze04yjgdh/Fat3IgoqjnJ3UJ//lxMWGBrj4xI9JHUAS/jLJpLPnMuI
+WBL7G2jJXGrBsGwq5imDPuobfQoT8wuXYGfMi14XRc5/cKbQn+JqTGf9zB562NSW
+ADe26s05zgvYS10+nhbxT7v3gYcB/0U2M6HGbN5t/KCTBGteJJsSo3o2ZEZBdkbe
+jKnNP8RR2OTAjeCCXYqp8BVO9d+tecOzX/LM5Lj+97iwKKkPkHnOGA9zkyeQdGvt
+8KxBsub1LRYPR/87WZDZWtdGALaxqgQDj7G1ib0mLCbj2CzOSRa34bS/kvTQ7BtD
+ca7fhrebvhBVP6MqnYAmmuU+ojqMftx7mTZs+fWWFVLcTiPp9WqP2w0r6A/MlkSq
+ys1rAAXCj/WvMFopSMzu
+=kVrg
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:09/ntp.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:09/ntp.patch Wed Jan 27 08:09:32 2016 (r48099)
@@ -0,0 +1,17352 @@
+Index: contrib/ntp/ChangeLog
+===================================================================
+--- contrib/ntp/ChangeLog (revision 294707)
++++ contrib/ntp/ChangeLog (working copy)
+@@ -1,4 +1,38 @@
+ ---
++(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn at ntp.org>
++
++* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
++* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
++* [Sec 2937] ntpq: nextvar() missing length check. perlinger at ntp.org
++* [Sec 2938] ntpq saveconfig command allows dangerous characters
++ in filenames. perlinger at ntp.org
++* [Sec 2939] reslist NULL pointer dereference. perlinger at ntp.org
++* [Sec 2940] Stack exhaustion in recursive traversal of restriction
++ list. perlinger at ntp.org
++* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
++* [Sec 2945] Zero Origin Timestamp Bypass. perlinger at ntp.org
++* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger at ntp.org
++* [Bug 2772] adj_systime overflows tv_usec. perlinger at ntp.org
++* [Bug 2814] msyslog deadlock when signaled. perlinger at ntp.org
++ - applied patch by shenpeng11 at huawei.com with minor adjustments
++* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger at ntp.org
++* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger at ntp.org
++* [Bug 2892] Several test cases assume IPv6 capabilities even when
++ IPv6 is disabled in the build. perlinger at ntp.org
++ - Found this already fixed, but validation led to cleanup actions.
++* [Bug 2905] DNS lookups broken. perlinger at ntp.org
++ - added limits to stack consumption, fixed some return code handling
++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
++ - changed stacked/nested handling of CTRL-C. perlinger at ntp.org
++ - make CTRL-C work for retrieval and printing od MRU list. perlinger at ntp.org
++* [Bug 2980] reduce number of warnings. perlinger at ntp.org
++ - integrated several patches from Havard Eidnes (he at uninett.no)
++* [Bug 2985] bogus calculation in authkeys.c perlinger at ntp.org
++ - implement 'auth_log2()' using integer bithack instead of float calculation
++* Make leapsec_query debug messages less verbose. Harlan Stenn.
++* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
++
++---
+ (4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn at ntp.org>
+
+ * [Sec 2956] small-step/big-step. Close the panic gate earlier. HStenn.
+@@ -47,6 +81,7 @@
+ lots of clients. perlinger at ntp.org
+ * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
+ - changed stacked/nested handling of CTRL-C. perlinger at ntp.org
++ - make CTRL-C work for retrieval and printing od MRU list. perlinger at ntp.org
+ * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
+ * Unity test cleanup. Harlan Stenn.
+ * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
+@@ -55,9 +90,8 @@
+ * Quiet a warning from clang. Harlan Stenn.
+ * Update the NEWS file. Harlan Stenn.
+ * Update scripts/calc_tickadj/Makefile.am. Harlan Stenn.
++
+ ---
+-(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn at ntp.org>
+-(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn at ntp.org>
+
+ * [Sec 2899] CVE-2014-9297 perlinger at ntp.org
+ * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
+Index: contrib/ntp/CommitLog
+===================================================================
+--- contrib/ntp/CommitLog (revision 294707)
++++ contrib/ntp/CommitLog (working copy)
+@@ -1,8 +1,633 @@
+-ChangeSet at 1.3623, 2016-01-07 23:33:11+00:00, stenn at deacon.udel.edu
++ChangeSet at 1.3628, 2016-01-20 04:20:12-05:00, stenn at deacon.udel.edu
++ NTP_4_2_8P6
++ TAG: NTP_4_2_8P6
++
++ ChangeLog at 1.1793 +1 -0
++ NTP_4_2_8P6
++
++ ntpd/invoke-ntp.conf.texi at 1.196 +1 -1
++ NTP_4_2_8P6
++
++ ntpd/invoke-ntp.keys.texi at 1.188 +1 -1
++ NTP_4_2_8P6
++
++ ntpd/invoke-ntpd.texi at 1.504 +2 -2
++ NTP_4_2_8P6
++
++ ntpd/ntp.conf.5man at 1.230 +3 -3
++ NTP_4_2_8P6
++
++ ntpd/ntp.conf.5mdoc at 1.230 +2 -3
++ NTP_4_2_8P6
++
++ ntpd/ntp.conf.html at 1.183 +60 -2
++ NTP_4_2_8P6
++
++ ntpd/ntp.conf.man.in at 1.230 +3 -3
++ NTP_4_2_8P6
++
++ ntpd/ntp.conf.mdoc.in at 1.230 +2 -3
++ NTP_4_2_8P6
++
++ ntpd/ntp.keys.5man at 1.222 +2 -2
++ NTP_4_2_8P6
++
++ ntpd/ntp.keys.5mdoc at 1.222 +3 -3
++ NTP_4_2_8P6
++
++ ntpd/ntp.keys.html at 1.184 +21 -33
++ NTP_4_2_8P6
++
++ ntpd/ntp.keys.man.in at 1.222 +2 -2
++ NTP_4_2_8P6
++
++ ntpd/ntp.keys.mdoc.in at 1.222 +3 -3
++ NTP_4_2_8P6
++
++ ntpd/ntpd-opts.c at 1.526 +10 -10
++ NTP_4_2_8P6
++
++ ntpd/ntpd-opts.h at 1.525 +4 -4
++ NTP_4_2_8P6
++
++ ntpd/ntpd.1ntpdman at 1.333 +4 -4
++ NTP_4_2_8P6
++
++ ntpd/ntpd.1ntpdmdoc at 1.333 +3 -3
++ NTP_4_2_8P6
++
++ ntpd/ntpd.html at 1.177 +2 -2
++ NTP_4_2_8P6
++
++ ntpd/ntpd.man.in at 1.333 +4 -4
++ NTP_4_2_8P6
++
++ ntpd/ntpd.mdoc.in at 1.333 +3 -3
++ NTP_4_2_8P6
++
++ ntpdc/invoke-ntpdc.texi at 1.501 +2 -2
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc-opts.c at 1.519 +10 -10
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc-opts.h at 1.518 +4 -4
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc.1ntpdcman at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc.1ntpdcmdoc at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc.html at 1.345 +2 -2
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc.man.in at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ ntpdc/ntpdc.mdoc.in at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ ntpq/invoke-ntpq.texi at 1.508 +2 -2
++ NTP_4_2_8P6
++
++ ntpq/ntpq-opts.c at 1.525 +10 -10
++ NTP_4_2_8P6
++
++ ntpq/ntpq-opts.h at 1.523 +4 -4
++ NTP_4_2_8P6
++
++ ntpq/ntpq.1ntpqman at 1.336 +4 -4
++ NTP_4_2_8P6
++
++ ntpq/ntpq.1ntpqmdoc at 1.336 +3 -3
++ NTP_4_2_8P6
++
++ ntpq/ntpq.html at 1.174 +2 -2
++ NTP_4_2_8P6
++
++ ntpq/ntpq.man.in at 1.336 +4 -4
++ NTP_4_2_8P6
++
++ ntpq/ntpq.mdoc.in at 1.336 +3 -3
++ NTP_4_2_8P6
++
++ ntpsnmpd/invoke-ntpsnmpd.texi at 1.503 +2 -2
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd-opts.c at 1.521 +10 -10
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd-opts.h at 1.520 +4 -4
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd.html at 1.172 +1 -1
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd.man.in at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ ntpsnmpd/ntpsnmpd.mdoc.in at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ packageinfo.sh at 1.524 +2 -2
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman at 1.93 +3 -3
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc at 1.94 +2 -2
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/calc_tickadj.html at 1.95 +1 -1
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/calc_tickadj.man.in at 1.92 +3 -3
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/calc_tickadj.mdoc.in at 1.94 +2 -2
++ NTP_4_2_8P6
++
++ scripts/calc_tickadj/invoke-calc_tickadj.texi at 1.97 +1 -1
++ NTP_4_2_8P6
++
++ scripts/invoke-plot_summary.texi at 1.114 +2 -2
++ NTP_4_2_8P6
++
++ scripts/invoke-summary.texi at 1.114 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/invoke-ntp-wait.texi at 1.324 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait-opts at 1.60 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait.1ntp-waitman at 1.321 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc at 1.322 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait.html at 1.341 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait.man.in at 1.321 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntp-wait/ntp-wait.mdoc.in at 1.322 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/invoke-ntpsweep.texi at 1.112 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep-opts at 1.62 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep.1ntpsweepman at 1.100 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc at 1.100 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep.html at 1.113 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep.man.in at 1.100 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntpsweep/ntpsweep.mdoc.in at 1.101 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntptrace/invoke-ntptrace.texi at 1.113 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace-opts at 1.62 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace.1ntptraceman at 1.100 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace.1ntptracemdoc at 1.101 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace.html at 1.114 +2 -2
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace.man.in at 1.100 +3 -3
++ NTP_4_2_8P6
++
++ scripts/ntptrace/ntptrace.mdoc.in at 1.102 +2 -2
++ NTP_4_2_8P6
++
++ scripts/plot_summary-opts at 1.62 +2 -2
++ NTP_4_2_8P6
++
++ scripts/plot_summary.1plot_summaryman at 1.112 +3 -3
++ NTP_4_2_8P6
++
++ scripts/plot_summary.1plot_summarymdoc at 1.112 +2 -2
++ NTP_4_2_8P6
++
++ scripts/plot_summary.html at 1.115 +2 -2
++ NTP_4_2_8P6
++
++ scripts/plot_summary.man.in at 1.112 +3 -3
++ NTP_4_2_8P6
++
++ scripts/plot_summary.mdoc.in at 1.112 +2 -2
++ NTP_4_2_8P6
++
++ scripts/summary-opts at 1.62 +2 -2
++ NTP_4_2_8P6
++
++ scripts/summary.1summaryman at 1.112 +3 -3
++ NTP_4_2_8P6
++
++ scripts/summary.1summarymdoc at 1.112 +2 -2
++ NTP_4_2_8P6
++
++ scripts/summary.html at 1.115 +2 -2
++ NTP_4_2_8P6
++
++ scripts/summary.man.in at 1.112 +3 -3
++ NTP_4_2_8P6
++
++ scripts/summary.mdoc.in at 1.112 +2 -2
++ NTP_4_2_8P6
++
++ scripts/update-leap/invoke-update-leap.texi at 1.13 +1 -1
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap-opts at 1.13 +2 -2
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap.1update-leapman at 1.13 +3 -3
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap.1update-leapmdoc at 1.13 +2 -2
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap.html at 1.13 +1 -1
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap.man.in at 1.13 +3 -3
++ NTP_4_2_8P6
++
++ scripts/update-leap/update-leap.mdoc.in at 1.13 +2 -2
++ NTP_4_2_8P6
++
++ sntp/invoke-sntp.texi at 1.501 +2 -2
++ NTP_4_2_8P6
++
++ sntp/sntp-opts.c at 1.520 +10 -10
++ NTP_4_2_8P6
++
++ sntp/sntp-opts.h at 1.518 +4 -4
++ NTP_4_2_8P6
++
++ sntp/sntp.1sntpman at 1.336 +4 -4
++ NTP_4_2_8P6
++
++ sntp/sntp.1sntpmdoc at 1.336 +3 -3
++ NTP_4_2_8P6
++
++ sntp/sntp.html at 1.516 +2 -2
++ NTP_4_2_8P6
++
++ sntp/sntp.man.in at 1.336 +4 -4
++ NTP_4_2_8P6
++
++ sntp/sntp.mdoc.in at 1.336 +3 -3
++ NTP_4_2_8P6
++
++ util/invoke-ntp-keygen.texi at 1.504 +2 -2
++ NTP_4_2_8P6
++
++ util/ntp-keygen-opts.c at 1.522 +10 -10
++ NTP_4_2_8P6
++
++ util/ntp-keygen-opts.h at 1.520 +4 -4
++ NTP_4_2_8P6
++
++ util/ntp-keygen.1ntp-keygenman at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ util/ntp-keygen.1ntp-keygenmdoc at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ util/ntp-keygen.html at 1.178 +2 -2
++ NTP_4_2_8P6
++
++ util/ntp-keygen.man.in at 1.332 +4 -4
++ NTP_4_2_8P6
++
++ util/ntp-keygen.mdoc.in at 1.332 +3 -3
++ NTP_4_2_8P6
++
++ChangeSet at 1.3627, 2016-01-20 04:14:51-05:00, stenn at deacon.udel.edu
++ solaris hack
++
++ libntp/work_thread.c at 1.20 +2 -0
++ solaris hack
++
++ChangeSet at 1.3626, 2016-01-20 01:50:09-05:00, stenn at deacon.udel.edu
++ 4.2.8p6
++
++ packageinfo.sh at 1.523 +1 -1
++ 4.2.8p6
++
++ChangeSet at 1.3625, 2016-01-20 00:34:15+00:00, stenn at psp-deb1.ntp.org
++ updates
++
++ NEWS at 1.160 +24 -24
++ updates
++
++ChangeSet at 1.3624, 2016-01-19 22:28:41+00:00, stenn at psp-deb1.ntp.org
++ typo
++
++ NEWS at 1.159 +1 -1
++ typo
++
++ChangeSet at 1.3623, 2016-01-18 11:55:56+00:00, stenn at psp-deb1.ntp.org
++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
++
++ ChangeLog at 1.1792 +1 -0
++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
++
++ NEWS at 1.158 +40 -0
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list