From owner-freebsd-announce@freebsd.org Tue Aug 25 21:27:50 2015 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED3199C24E3 for ; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id C7EEE7EC; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id C767616CC; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20150825212749.C767616CC@freefall.freebsd.org> Date: Tue, 25 Aug 2015 21:27:49 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:14.ixgbe X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 21:27:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:14.ixgbe Errata Notice The FreeBSD Project Topic: Disable ixgbe(4) flow-director support Category: core Module: ixgbe Announced: 2015-08-25 Credits: Marc De La Gueronniere (Verisign, Inc.) Affects: FreeBSD 10.1 Corrected: 2014-10-11 22:10:39 UTC (stable/10, 10.1-STABLE) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Flow director is an Intel technology to steer incoming packets in application aware fashion. II. Problem Description Flow director support is not completely/correctly implemented in FreeBSD at this time. III. Impact Enabling flow director support may cause traffic to land on a wrong RX queue of the NIC, resulting in bad or sub-optimal performance on the receive side. IV. Workaround No workaround is available, but systems that do not have Intel(R) 82559 series 10Gb Ethernet Controllers are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch # fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch.asc # gpg --verify ixgbe.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r272967 releng/10.1/ r287146 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:14.ixgbe.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.7 (FreeBSD) iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnImEP/j4kfmZ2XqZ/zbQINCPfybyU oSIgqyD6u4G/hy3gS4k7eLk6tQdUpnYzcoLLfeq0F2uY3DmWXJDBAKG0Bg7QaSzJ 3wWyZsN6XHkgNNCFGFsmep//8kAAXoAgJ2IoIPLe6eRHimESLtW2xlnow5PFL4Aw JMj5B/RoxtQZ/phE1zJym7eSpjVUbBrqhj/KkJUZ0W6WOkaT0GPVctvHlc2buZh7 6u17LKgZaMMmmCvBNggkYGfiE51aJ9I0n5FdAHvlcaLCw+K58/Q6M2CRpMIorgh6 uaUHLZdT8VcZ8KVmDdBul0sZ9pkprHZ4J/htEL2mCOpmsRn/lduHAvf921mtX/64 Msg8bdXM48Q5WCv9sfcmMVgMA+6m+MekKc9wKYWw6Ldy0wcQ874jE+nuh3KBq+6X Te4VbxrwuAnspqrnt4Q4NXnqxyElO0BGo6lCSEUGCRje+hlOWG2WhftEV894cRG+ JCS6YRvX5C7i8+XD+MhvTeAi7pbaZkq6ODxQAOZgbz4JMQFq8ldOgvLdhUndKGlH xJ9/pK4u5kxXyVx4HPGm0MYlijjHDi/sSAJADutikpNOzlhyZqubA8LgLoBXtyfF /Kk3GYOJvOMSK8QB7YxFRS+zPi1YxAFPEJb7ZV2ygf6RMZpIFoRLFt1kDszo+TeZ iKXcFJvlwI49poLiz7Qs =i/HZ -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 25 21:27:49 2015 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B09E89C24D9 for ; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id A68EE7E5; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id A54A516BA; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20150825212749.A54A516BA@freefall.freebsd.org> Date: Tue, 25 Aug 2015 21:27:49 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:21.amd64 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 21:27:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:21.amd64 Security Advisory The FreeBSD Project Topic: Local privilege escalation in IRET handler Category: core Module: sys_amd64 Announced: 2015-08-25 Credits: Konstantin Belousov, Andrew Lutomirski Affects: FreeBSD 9.3 and FreeBSD 10.1 Corrected: 2015-03-31 00:59:30 UTC (stable/10, 10.1-STABLE) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) 2015-03-31 01:08:51 UTC (stable/9, 9.3-STABLE) 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) CVE Name: CVE-2015-5675 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel CPU's. The GS segment CPU register is used by both user processes and the kernel to conveniently access state data: 32-bit user processes use the register to manage per-thread data, while the kernel uses it to access per-processor data. The return from interrupt (IRET) instruction returns program control from an interrupt handler to the interrupted context. II. Problem Description If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. III. Impact By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install And reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch # fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch.asc # gpg --verify amd64.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r280877 releng/9.3/ r287147 stable/10/ r280875 releng/10.1/ r287146 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.7 (FreeBSD) iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rn5ncQANs2pS8xCowX+BM9LmKTUb2Y eqGCvDetXV51/ljAOS10ubc4U0Zn2D5ACyz/DfiLIXVK8vkvlnJXFh3jSK6KIqPH ionXa8zMedBoytZL8xIEFSpk9+cYGkGupIYEGu6CCHVZGJ5fVgTlnnazuXd4evbt U1/7KNWt2H1R1j0YiYZ0MvhrIF35KqFmLOGf2JmZulqruwq91tYeMlv+7IY6vtPD L8n5kTM7pudB3qznXd1PBMj1Y6YVG1O3WL4Stfyj93qDuMbJ+wfnao1ZKMBG0az8 IJITHrnTI+Xd4i/bbEoSmSN9V80S8uo/6J6JaXjtbrJfEqAMKhLrrcoMA7MHpKJQ L4dv2HGL1n7xfOIfj5Qo2io/LUSye5lO54LtEKZfjhzqsTtNQl57BDAYZgbQp2/A RsngIq3VrNcIJQK8F1Ba7SNL2+NVd091Wb+Z52837R5/D47jD2BhDia5eH6R5Opv 6kfzTJujbLi6b9RSn0OT+wAQbQ80qSmD+IwMXwAAg0mukthjTiJpqabpMWvMmfGO mhfZBGqmf1Hx4lTczSRMLlRCmjOBc+BKioHT2ciE8QMX0WrHhkRuSBqY3euVTCMB 9+iU7eJ23tARTbG5wMmBNRsWJzhOKieM0UEsXxso+z8tMMX1Vh/e9ls2qm+ks876 WYT9/yPSsyU1z/AkHJU7 =nHGY -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 25 21:27:49 2015 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC7A79C24E2 for ; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id CC2F67ED; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id CBD0B16CE; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20150825212749.CBD0B16CE@freefall.freebsd.org> Date: Tue, 25 Aug 2015 21:27:49 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:15.pkg X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 21:27:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:15.pkg Errata Notice The FreeBSD Project Topic: Insufficient check of unsupported pkg(7) signature methods Category: core Module: pkg Announced: 2015-08-25 Credits: Fabian Keil Affects: All supported versions of FreeBSD. Corrected: 2015-08-19 18:32:36 UTC (stable/10, 10.2-STABLE) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) 2015-08-19 18:33:25 UTC (stable/9, 9.3-STABLE) 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) CVE Name: CVE-2015-5676 For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The pkg(8) utility is the package management tool for FreeBSD. The base system includes a pkg(7) bootstrap utility used to install the latest pkg(8) utility. II. Problem Description When signature_type specified in pkg.conf(5) is set to an unsupported method, the pkg(7) bootstrap utility would behave as if signature_type is set to "none". III. Impact MITM attackers may be able to use this vulnerability and bypass validation, installing their own version of pkg(8). IV. Workaround No workaround is available, but the default FreeBSD configuration is not affected because it uses "fingerprint" method. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch # fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch.asc # gpg --verify pkg.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r286936 releng/9.3/ r287147 stable/10/ r286935 releng/10.1/ r287146 releng/10.2/ r287145 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:15.pkg.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.7 (FreeBSD) iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnzHwP/30xvOZqHSRYMykrkQKcIVH7 Vhp0lp1z7KaDBq7xD0m08i2WSr0/pSaBU+At141iSKwvCPS0Szx307kZBO9a8gxw j7s6Z15qychKKGukJ5tJtKX4Q3mqAtjBoCC8wmwmJ/YNmr4HrZRL2vFp7nqAiyhl ntTcSuwEElBoalufeMHWd46eguRO/r9D8uWw+O7a+lLeJO9ThjnNZXOPyMfUE3Yh QoFpVcVdf+j6gIGUuPwNsfy4e6hBNvD0T47+PTBECTykiC1eoX+VXqf8PxKKWSOJ 50sKgXOtRy55dMtWbXhu5zjq4jzWFWtBPIRHM5SH/7V898S7zMerh81bsczBUqEA aBu1XJS1fZHlXKlav6/m/G1Wo4QgscBUsV6PhsFNpFmvAdEW2qjnH887FBm7I/Fv a3wvxMmQX1ABPbavFCUZmfS4khLFITYD77XLo8ciu/fyAz/X9n9p1F2EsbL8djis TcTuyUVv3YXeq+gJ9OcOH4CFsYSNlKEYiAd86/9DBnsiVrQJqNzqx+roHjL7ZXg6 AA/pqHmOEBq01idYh7PadOf+B5cU5A1CFMhjfpF1qe1yeuFFM30U7ugxjgV4w85O UFotAbyDlftUzeYYTQv2bK6oXzqtVagkhB/xXfQzPK9E3AnysfHA/bLysop7AMyZ CHeFaGA84VB1k9Ky5nSv =a+Ek -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 25 21:27:49 2015 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C37F29C24DC for ; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id B986C7E9; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id B8A4B16C4; Tue, 25 Aug 2015 21:27:49 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20150825212749.B8A4B16C4@freefall.freebsd.org> Date: Tue, 25 Aug 2015 21:27:49 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:22.openssh X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 21:27:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:22.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-08-25 Affects: All supported versions of FreeBSD. Corrected: 2015-08-25 20:48:44 UTC (stable/10, 10.2-STABLE) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) 2015-08-25 20:48:44 UTC (stable/9, 9.3-STABLE) 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. The default FreeBSD OpenSSH configuration has PAM interactive authentication enabled. Privilege separation is a technique in which a program is divided into multiple cooperating processes, each with a different task, where each process is limited to the specific privileges required to perform that specific task, while the privileged parent process acts as an arbiter. II. Problem Description A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection. III. Impact The first bug may allow a remote attacker who a) has already succeeded by other means in compromising the unprivileged pre-authentication child process and b) has valid credentials to one user on the target system to impersonate a different user. The second bug may allow a remote attacker who has already succeeded by other means in compromising the unprivileged pre-authentication child process to bypass PAM authentication entirely. The third bug is not exploitable, but can cause premature termination of a multiplexed ssh connection. IV. Workaround No workaround is available, but systems where ssh(1) and sshd(8) are not used are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The sshd(8) service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The sshd(8) service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the sshd(8) daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r287144 releng/9.3/ r287147 stable/10/ r287144 releng/10.1/ r287146 releng/10.2/ r287145 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.7 (FreeBSD) iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rnxq8P/jW05a6zT9n78wxBuHwRJ9gx 7+CN9AsezavW4HmZF4GmWt6SjnJqpLDMwnhceo7po6ZMIxjyWwxBWWfvUwVqezwa kT+DS7oHKmeZAwCSFMj9K25NN+x7KAwXXiiANcj4U4iU+q0YrcEGVIBKVqCAn3ly pJAkMxdTbwlWR7MaPaTMbMenVOs87b6Xx/4gfSBWolFWz9bKfdTYCxK/AnULVIZq Q7lShezEvgyCb8b6QLvnrY4AwHtVduiYxnvNKv8ysbaatZCarkRS8nh68zGcdTBg IyzG5OEtUFokVkroJaLWFXL1mUp7tgn9+UNd0/53wFN2DTZKw9oTAkKn8xrbbOSa xQqYFhsmqsnKlBJMEMaoK9JgGZZ6xOGo3JZ6yrFfYxiZ9xFaR843rOUe0UVrxh+L +2DmALTyLWSkeqlcg66oKqYKMQuvUyd6VpPL0yHpB0AqBTjKjUmG9RgG8AT5MpqW P3weyD0n7rOCBfagofx8MIy15REwjcQSUptarWrMwhJPua95RJ/IAVIIThGrMzZ5 PxyWDFU7B/56FRlmX5+6mfi/NC60yIyR6lg0trBtuiiEfNV+HWz6QXOIUMYQvvo9 w8fXSy6MJ12jTFqm0+CXbx2wWEVxAZS/wtLDsa3nf2oGkO3upzFl0/fvsR1dZ/hl plo/3SMPpFFbfvIhy2V/ =2w70 -----END PGP SIGNATURE-----