From owner-svn-doc-head@freebsd.org Tue Aug 25 21:09:50 2015 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1804799AED6; Tue, 25 Aug 2015 21:09:50 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05ADBE54; Tue, 25 Aug 2015 21:09:50 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7PL9ngY059693; Tue, 25 Aug 2015 21:09:49 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7PL9kqY059679; Tue, 25 Aug 2015 21:09:46 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201508252109.t7PL9kqY059679@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 25 Aug 2015 21:09:46 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47309 - in head/share: security/advisories security/patches/EN-15:14 security/patches/EN-15:15 security/patches/SA-15:21 security/patches/SA-15:22 xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 21:09:50 -0000 Author: delphij Date: Tue Aug 25 21:09:45 2015 New Revision: 47309 URL: https://svnweb.freebsd.org/changeset/doc/47309 Log: Add SA-15:21.amd64, SA-15:22.openssh, EN-15:14.ixgbe and EN-15:15.pkg. Added: head/share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-15:15.pkg.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-15:21.amd64.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-15:22.openssh.asc (contents, props changed) head/share/security/patches/EN-15:14/ head/share/security/patches/EN-15:14/ixgbe.patch (contents, props changed) head/share/security/patches/EN-15:14/ixgbe.patch.asc (contents, props changed) head/share/security/patches/EN-15:15/ head/share/security/patches/EN-15:15/pkg.patch (contents, props changed) head/share/security/patches/EN-15:15/pkg.patch.asc (contents, props changed) head/share/security/patches/SA-15:21/ head/share/security/patches/SA-15:21/amd64.patch (contents, props changed) head/share/security/patches/SA-15:21/amd64.patch.asc (contents, props changed) head/share/security/patches/SA-15:22/ head/share/security/patches/SA-15:22/openssh.patch (contents, props changed) head/share/security/patches/SA-15:22/openssh.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:14.ixgbe.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,121 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:14.ixgbe Errata Notice + The FreeBSD Project + +Topic: Disable ixgbe(4) flow-director support + +Category: core +Module: ixgbe +Announced: 2015-08-25 +Credits: Marc De La Gueronniere (Verisign, Inc.) +Affects: FreeBSD 10.1 +Corrected: 2014-10-11 22:10:39 UTC (stable/10, 10.1-STABLE) + 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Flow director is an Intel technology to steer incoming packets in application +aware fashion. + +II. Problem Description + +Flow director support is not completely/correctly implemented in FreeBSD at +this time. + +III. Impact + +Enabling flow director support may cause traffic to land on a wrong RX queue +of the NIC, resulting in bad or sub-optimal performance on the receive side. + +IV. Workaround + +No workaround is available, but systems that do not have Intel(R) 82559 +series 10Gb Ethernet Controllers are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch +# fetch https://security.FreeBSD.org/patches/EN-15:14/ixgbe.patch.asc +# gpg --verify ixgbe.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r272967 +releng/10.1/ r287146 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:14.ixgbe.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnImEP/j4kfmZ2XqZ/zbQINCPfybyU +oSIgqyD6u4G/hy3gS4k7eLk6tQdUpnYzcoLLfeq0F2uY3DmWXJDBAKG0Bg7QaSzJ +3wWyZsN6XHkgNNCFGFsmep//8kAAXoAgJ2IoIPLe6eRHimESLtW2xlnow5PFL4Aw +JMj5B/RoxtQZ/phE1zJym7eSpjVUbBrqhj/KkJUZ0W6WOkaT0GPVctvHlc2buZh7 +6u17LKgZaMMmmCvBNggkYGfiE51aJ9I0n5FdAHvlcaLCw+K58/Q6M2CRpMIorgh6 +uaUHLZdT8VcZ8KVmDdBul0sZ9pkprHZ4J/htEL2mCOpmsRn/lduHAvf921mtX/64 +Msg8bdXM48Q5WCv9sfcmMVgMA+6m+MekKc9wKYWw6Ldy0wcQ874jE+nuh3KBq+6X +Te4VbxrwuAnspqrnt4Q4NXnqxyElO0BGo6lCSEUGCRje+hlOWG2WhftEV894cRG+ +JCS6YRvX5C7i8+XD+MhvTeAi7pbaZkq6ODxQAOZgbz4JMQFq8ldOgvLdhUndKGlH +xJ9/pK4u5kxXyVx4HPGm0MYlijjHDi/sSAJADutikpNOzlhyZqubA8LgLoBXtyfF +/Kk3GYOJvOMSK8QB7YxFRS+zPi1YxAFPEJb7ZV2ygf6RMZpIFoRLFt1kDszo+TeZ +iKXcFJvlwI49poLiz7Qs +=i/HZ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-15:15.pkg.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:15.pkg.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:15.pkg Errata Notice + The FreeBSD Project + +Topic: Insufficient check of unsupported pkg(7) signature methods + +Category: core +Module: pkg +Announced: 2015-08-25 +Credits: Fabian Keil +Affects: All supported versions of FreeBSD. +Corrected: 2015-08-19 18:32:36 UTC (stable/10, 10.2-STABLE) + 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2) + 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2) + 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) + 2015-08-19 18:33:25 UTC (stable/9, 9.3-STABLE) + 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) +CVE Name: CVE-2015-5676 + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The pkg(8) utility is the package management tool for FreeBSD. The base +system includes a pkg(7) bootstrap utility used to install the latest pkg(8) +utility. + +II. Problem Description + +When signature_type specified in pkg.conf(5) is set to an unsupported method, +the pkg(7) bootstrap utility would behave as if signature_type is set to +"none". + +III. Impact + +MITM attackers may be able to use this vulnerability and bypass validation, +installing their own version of pkg(8). + +IV. Workaround + +No workaround is available, but the default FreeBSD configuration is not +affected because it uses "fingerprint" method. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch +# fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch.asc +# gpg --verify pkg.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r286936 +releng/9.3/ r287147 +stable/10/ r286935 +releng/10.1/ r287146 +releng/10.2/ r287145 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:15.pkg.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnzHwP/30xvOZqHSRYMykrkQKcIVH7 +Vhp0lp1z7KaDBq7xD0m08i2WSr0/pSaBU+At141iSKwvCPS0Szx307kZBO9a8gxw +j7s6Z15qychKKGukJ5tJtKX4Q3mqAtjBoCC8wmwmJ/YNmr4HrZRL2vFp7nqAiyhl +ntTcSuwEElBoalufeMHWd46eguRO/r9D8uWw+O7a+lLeJO9ThjnNZXOPyMfUE3Yh +QoFpVcVdf+j6gIGUuPwNsfy4e6hBNvD0T47+PTBECTykiC1eoX+VXqf8PxKKWSOJ +50sKgXOtRy55dMtWbXhu5zjq4jzWFWtBPIRHM5SH/7V898S7zMerh81bsczBUqEA +aBu1XJS1fZHlXKlav6/m/G1Wo4QgscBUsV6PhsFNpFmvAdEW2qjnH887FBm7I/Fv +a3wvxMmQX1ABPbavFCUZmfS4khLFITYD77XLo8ciu/fyAz/X9n9p1F2EsbL8djis +TcTuyUVv3YXeq+gJ9OcOH4CFsYSNlKEYiAd86/9DBnsiVrQJqNzqx+roHjL7ZXg6 +AA/pqHmOEBq01idYh7PadOf+B5cU5A1CFMhjfpF1qe1yeuFFM30U7ugxjgV4w85O +UFotAbyDlftUzeYYTQv2bK6oXzqtVagkhB/xXfQzPK9E3AnysfHA/bLysop7AMyZ +CHeFaGA84VB1k9Ky5nSv +=a+Ek +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:21.amd64.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:21.amd64.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:21.amd64 Security Advisory + The FreeBSD Project + +Topic: Local privilege escalation in IRET handler + +Category: core +Module: sys_amd64 +Announced: 2015-08-25 +Credits: Konstantin Belousov, Andrew Lutomirski +Affects: FreeBSD 9.3 and FreeBSD 10.1 +Corrected: 2015-03-31 00:59:30 UTC (stable/10, 10.1-STABLE) + 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) + 2015-03-31 01:08:51 UTC (stable/9, 9.3-STABLE) + 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) +CVE Name: CVE-2015-5675 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel +CPU's. + +The GS segment CPU register is used by both user processes and the +kernel to conveniently access state data: 32-bit user processes use the +register to manage per-thread data, while the kernel uses it to access +per-processor data. + +The return from interrupt (IRET) instruction returns program control +from an interrupt handler to the interrupted context. + +II. Problem Description + +If the kernel-mode IRET instruction generates an #SS or #NP exception, +but the exception handler does not properly ensure that the right GS +register base for kernel is reloaded, the userland GS segment may be +used in the context of the kernel exception handler. + +III. Impact + +By causing an IRET with #SS or #NP exceptions, a local attacker can +cause the kernel to use an arbitrary GS base, which may allow escalated +privileges or panic the system. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +And reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch +# fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch.asc +# gpg --verify amd64.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r280877 +releng/9.3/ r287147 +stable/10/ r280875 +releng/10.1/ r287146 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rn5ncQANs2pS8xCowX+BM9LmKTUb2Y +eqGCvDetXV51/ljAOS10ubc4U0Zn2D5ACyz/DfiLIXVK8vkvlnJXFh3jSK6KIqPH +ionXa8zMedBoytZL8xIEFSpk9+cYGkGupIYEGu6CCHVZGJ5fVgTlnnazuXd4evbt +U1/7KNWt2H1R1j0YiYZ0MvhrIF35KqFmLOGf2JmZulqruwq91tYeMlv+7IY6vtPD +L8n5kTM7pudB3qznXd1PBMj1Y6YVG1O3WL4Stfyj93qDuMbJ+wfnao1ZKMBG0az8 +IJITHrnTI+Xd4i/bbEoSmSN9V80S8uo/6J6JaXjtbrJfEqAMKhLrrcoMA7MHpKJQ +L4dv2HGL1n7xfOIfj5Qo2io/LUSye5lO54LtEKZfjhzqsTtNQl57BDAYZgbQp2/A +RsngIq3VrNcIJQK8F1Ba7SNL2+NVd091Wb+Z52837R5/D47jD2BhDia5eH6R5Opv +6kfzTJujbLi6b9RSn0OT+wAQbQ80qSmD+IwMXwAAg0mukthjTiJpqabpMWvMmfGO +mhfZBGqmf1Hx4lTczSRMLlRCmjOBc+BKioHT2ciE8QMX0WrHhkRuSBqY3euVTCMB +9+iU7eJ23tARTbG5wMmBNRsWJzhOKieM0UEsXxso+z8tMMX1Vh/e9ls2qm+ks876 +WYT9/yPSsyU1z/AkHJU7 +=nHGY +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:22.openssh.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:22.openssh.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,161 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:22.openssh Security Advisory + The FreeBSD Project + +Topic: OpenSSH multiple vulnerabilities + +Category: contrib +Module: openssh +Announced: 2015-08-25 +Affects: All supported versions of FreeBSD. +Corrected: 2015-08-25 20:48:44 UTC (stable/10, 10.2-STABLE) + 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2) + 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2) + 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) + 2015-08-25 20:48:44 UTC (stable/9, 9.3-STABLE) + 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, +including remote shell access. + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. + +The default FreeBSD OpenSSH configuration has PAM interactive +authentication enabled. + +Privilege separation is a technique in which a program is divided into +multiple cooperating processes, each with a different task, where each +process is limited to the specific privileges required to perform that +specific task, while the privileged parent process acts as an arbiter. + +II. Problem Description + +A programming error in the privileged monitor process of the sshd(8) +service may allow the username of an already-authenticated user to be +overwritten by the unprivileged child process. + +A use-after-free error in the privileged monitor process of he sshd(8) +service may be deterministically triggered by the actions of a +compromised unprivileged child process. + +A use-after-free error in the session multiplexing code in the sshd(8) +service may result in unintended termination of the connection. + +III. Impact + +The first bug may allow a remote attacker who a) has already succeeded +by other means in compromising the unprivileged pre-authentication +child process and b) has valid credentials to one user on the target +system to impersonate a different user. + +The second bug may allow a remote attacker who has already succeeded +by other means in compromising the unprivileged pre-authentication +child process to bypass PAM authentication entirely. + +The third bug is not exploitable, but can cause premature termination +of a multiplexed ssh connection. + +IV. Workaround + +No workaround is available, but systems where ssh(1) and sshd(8) are +not used are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The sshd(8) service has to be restarted after the update. A reboot +is recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The sshd(8) service has to be restarted after the update. A reboot +is recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch +# fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch.asc +# gpg --verify openssh.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the sshd(8) daemon, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r287144 +releng/9.3/ r287147 +stable/10/ r287144 +releng/10.1/ r287146 +releng/10.2/ r287145 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rnxq8P/jW05a6zT9n78wxBuHwRJ9gx +7+CN9AsezavW4HmZF4GmWt6SjnJqpLDMwnhceo7po6ZMIxjyWwxBWWfvUwVqezwa +kT+DS7oHKmeZAwCSFMj9K25NN+x7KAwXXiiANcj4U4iU+q0YrcEGVIBKVqCAn3ly +pJAkMxdTbwlWR7MaPaTMbMenVOs87b6Xx/4gfSBWolFWz9bKfdTYCxK/AnULVIZq +Q7lShezEvgyCb8b6QLvnrY4AwHtVduiYxnvNKv8ysbaatZCarkRS8nh68zGcdTBg +IyzG5OEtUFokVkroJaLWFXL1mUp7tgn9+UNd0/53wFN2DTZKw9oTAkKn8xrbbOSa +xQqYFhsmqsnKlBJMEMaoK9JgGZZ6xOGo3JZ6yrFfYxiZ9xFaR843rOUe0UVrxh+L ++2DmALTyLWSkeqlcg66oKqYKMQuvUyd6VpPL0yHpB0AqBTjKjUmG9RgG8AT5MpqW +P3weyD0n7rOCBfagofx8MIy15REwjcQSUptarWrMwhJPua95RJ/IAVIIThGrMzZ5 +PxyWDFU7B/56FRlmX5+6mfi/NC60yIyR6lg0trBtuiiEfNV+HWz6QXOIUMYQvvo9 +w8fXSy6MJ12jTFqm0+CXbx2wWEVxAZS/wtLDsa3nf2oGkO3upzFl0/fvsR1dZ/hl +plo/3SMPpFFbfvIhy2V/ +=2w70 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:14/ixgbe.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:14/ixgbe.patch Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,26 @@ +Index: sys/conf/files +=================================================================== +--- sys/conf/files (revision 286787) ++++ sys/conf/files (working copy) +@@ -1704,7 +1704,7 @@ dev/ixgb/if_ixgb.c optional ixgb + dev/ixgb/ixgb_ee.c optional ixgb + dev/ixgb/ixgb_hw.c optional ixgb + dev/ixgbe/ixgbe.c optional ixgbe inet \ +- compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR" ++ compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP" + dev/ixgbe/ixv.c optional ixgbe inet \ + compile-with "${NORMAL_C} -I$S/dev/ixgbe" + dev/ixgbe/ixgbe_phy.c optional ixgbe inet \ +Index: sys/modules/ixgbe/Makefile +=================================================================== +--- sys/modules/ixgbe/Makefile (revision 286787) ++++ sys/modules/ixgbe/Makefile (working copy) +@@ -12,7 +12,7 @@ SRCS += ixgbe.c ixv.c + SRCS += ixgbe_common.c ixgbe_api.c ixgbe_phy.c ixgbe_mbx.c ixgbe_vf.c + SRCS += ixgbe_dcb.c ixgbe_dcb_82598.c ixgbe_dcb_82599.c + SRCS += ixgbe_82599.c ixgbe_82598.c ixgbe_x540.c +-CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP -DIXGBE_FDIR ++CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP + + .if !defined(KERNBUILDDIR) + .if ${MK_INET_SUPPORT} != "no" Added: head/share/security/patches/EN-15:14/ixgbe.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:14/ixgbe.patch.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnwaoP/2b/ter6TOaSERlf0QxN8e9X +c+aSr9LLLVQG4MtzuYS6mFHp1uDgA4dwFVlSZjXp9ZJBtSt5HWZDzDKO1eaFz9YR +cY2zCC8Mo3H+KlXrDSBYaT9JCA7fEPTFQKvfDGushRDF6h6AoVoOl7W4IWOhZ+Nk +SbbvMOBAyVHrevyT8gLBv2+nPeEtv4vvYg5Rq/HqCUW0IkxCFuhvMj30kQBrQYM1 +lOyXOGOC+SqPgeqN6+j9HPI3Fx7xDzPF/I1zThPI+Nvgn9BZRhTT1+Ev+g5MxGNy +Z3mv4aW2tSJQksDsYa2X0wDl8/yvFhliQwLVmkDp27sf5dVsRqrJZwMwY4r6I8Ej +JHFoJxyiCqQzfq5dWuBgVuyk1NYPF5GdZLEp7gP1i6Swbn+1kjYBh0HPkJK9VMcZ +uYlHzEoUoQAbTfxs5N/Am82lT6ljvNvdbU9960Hilb8ObkJNop7vxWc9oNFhud20 +ECJF68Hw6CjjDFywEeY2c479Xs0Shf7sDXBId+RGNvjFXWWRGBV1YXk0w+gsUuUd +r1P8D7ixy/ZQOPauw61+SC2DS3icMuwmSQamD1pOxmSvK0x+lLNRDK52X93TTA24 +4yvOvh7ePktvZLWWO0y375ZsEWfVnZRpf39rjaEpz/0jwREULkmz1HjipozDRhJn +4No3c9hi9rwcH/oU0/xd +=txUl +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:15/pkg.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:15/pkg.patch Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,34 @@ +Index: usr.sbin/pkg/pkg.c +=================================================================== +--- usr.sbin/pkg/pkg.c (revision 286787) ++++ usr.sbin/pkg/pkg.c (working copy) +@@ -749,7 +749,13 @@ bootstrap_pkg(bool force) + goto fetchfail; + + if (signature_type != NULL && +- strcasecmp(signature_type, "FINGERPRINTS") == 0) { ++ strcasecmp(signature_type, "NONE") != 0) { ++ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { ++ warnx("Signature type %s is not supported for " ++ "bootstrapping.", signature_type); ++ goto cleanup; ++ } ++ + snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX", + getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP); + snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig", +@@ -834,7 +840,13 @@ bootstrap_pkg_local(const char *pkgpath, bool forc + return (-1); + } + if (signature_type != NULL && +- strcasecmp(signature_type, "FINGERPRINTS") == 0) { ++ strcasecmp(signature_type, "NONE") != 0) { ++ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { ++ warnx("Signature type %s is not supported for " ++ "bootstrapping.", signature_type); ++ goto cleanup; ++ } ++ + snprintf(path, sizeof(path), "%s.sig", pkgpath); + + if ((fd_sig = open(path, O_RDONLY)) == -1) { Added: head/share/security/patches/EN-15:15/pkg.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:15/pkg.patch.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV3NfSAAoJEO1n7NZdz2rnghsP/3LVlVtT+vCVLMrVcy2gZ2q8 +y9BICtPx2M2PRR9JOPBjD+DrcOZV9QrCX5FLvPmBDvFSMgGp+1EvZP9r/DFOngJ4 +B1+enlcBl48FoK6UmWhvScvDywH7wRoBFIh9HeSP+z6HXhYhDXpyS9XGiBXcTYFA +QEAJOa+gdiA1trhgYZZpI3EQ/SzB/D2MiBZPGqtCgmL50lWRJS6Q79EYi11sPSoF +Lovjipxp3FYrlFODsB1iBFReXC8E1k8s+peXJFZfFAM+HUh2YAXFhYnJ1Bleq8Jb +zNox48EF7d4dXgFZVBAqgxpmuvVVpCsVWrZikLLcCzspIoKF1+F8+ZNyCDvfhSOm +tWFH1NjE14U4NvF1ratwfSFSOogVyUrYSr0s2n3EWhmp2V5I4Q8Zz43GPVk6z/Qm +LXInkYPVE6mI1l08MhW2EMJTNmp2euXgzorb/JVO01Zj5XGobB9C4XA5+3/AWu0P +xKRfYp52z4rwX8w3RnzTM5L7l1uLm9LPlSis3rsZJvgpE2UHLpgahAgNMlGzYzQT +M0cj0h/E2xfvrUYkrW9l35NOsZZ5Q0Ox4ft59ua3QZm8RxUKcWdaAf2fy0t1F53u +YdA1bMVWFInVYYGwS/qrNj9yjoJcAa8E2v06McWyCZ8J2Tx3Gj50oWcebmiJtLxO +RA9lcL+X6yPGHCROPmng +=6SMS +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:21/amd64.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:21/amd64.patch Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,53 @@ +Index: sys/amd64/amd64/exception.S +=================================================================== +--- sys/amd64/amd64/exception.S (revision 286969) ++++ sys/amd64/amd64/exception.S (working copy) +@@ -154,9 +154,13 @@ IDTVEC(xmm) + IDTVEC(tss) + TRAP_ERR(T_TSSFLT) + IDTVEC(missing) +- TRAP_ERR(T_SEGNPFLT) ++ subq $TF_ERR,%rsp ++ movl $T_SEGNPFLT,TF_TRAPNO(%rsp) ++ jmp prot_addrf + IDTVEC(stk) +- TRAP_ERR(T_STKFLT) ++ subq $TF_ERR,%rsp ++ movl $T_STKFLT,TF_TRAPNO(%rsp) ++ jmp prot_addrf + IDTVEC(align) + TRAP_ERR(T_ALIGNFLT) + +@@ -319,6 +323,7 @@ IDTVEC(page) + IDTVEC(prot) + subq $TF_ERR,%rsp + movl $T_PROTFLT,TF_TRAPNO(%rsp) ++prot_addrf: + movq $0,TF_ADDR(%rsp) + movq %rdi,TF_RDI(%rsp) /* free up a GP register */ + leaq doreti_iret(%rip),%rdi +Index: sys/amd64/amd64/machdep.c +=================================================================== +--- sys/amd64/amd64/machdep.c (revision 286969) ++++ sys/amd64/amd64/machdep.c (working copy) +@@ -428,6 +428,7 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t * + regs->tf_rflags &= ~(PSL_T | PSL_D); + regs->tf_cs = _ucodesel; + regs->tf_ds = _udatasel; ++ regs->tf_ss = _udatasel; + regs->tf_es = _udatasel; + regs->tf_fs = _ufssel; + regs->tf_gs = _ugssel; +Index: sys/amd64/amd64/trap.c +=================================================================== +--- sys/amd64/amd64/trap.c (revision 286969) ++++ sys/amd64/amd64/trap.c (working copy) +@@ -473,8 +473,6 @@ trap(struct trapframe *frame) + goto out; + + case T_STKFLT: /* stack fault */ +- break; +- + case T_PROTFLT: /* general protection fault */ + case T_SEGNPFLT: /* segment not present fault */ + if (td->td_intr_nesting_level != 0) Added: head/share/security/patches/SA-15:21/amd64.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:21/amd64.patch.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnwuYP/i6fWwcpTVRtC9Fi9IDv6crB +gTpiDC5oNLxBBk3INWkt03oBL5WenM48/fiIZ4/qICWZEaEGMWALsLhIjC1uE6z1 +6cZHUA4zUr9Fnx7YhwGMXeLugTPbjHDTKheKdiebjZ3xU8LNp7h4TcanPBSB4rM1 +6qhJLki9EIfHqLTJa0MXR7T0xOBUvd9337NgN99kYpE9R22h+Fl4UXLpJfkS5/zn +i9RsqFCTK4iD5f0BCGvPVK+m2mDAIuedgoYNQxAdeiZ8SjeObDeXX27Po0pcK2V7 +mK7gaYrwFiHlVjgxenR+TKYoWGKl3OV6x9lmy2V11xuCIIXHU8umlNG2zBlEK8Da +b7Dk+9Wmsoz5LspQORYWMHjLs6H0Q18udhztzlzlJHE1XZ9O3idV5dBxh3WrYzU4 +Yh3iWRTJiCp34dR98xSePhOq6FHw/jJcRH8M6MXus47Ssf32CvToLBFbfio6T2U5 +lQ6yLWIBrnl5WyGBtwNSGEzEWMgfvjU7PL2LEt5xnLR8F7+nQvysAXlt9MfTAexT ++Jrn44Sc5dy/mK5d7Tmxpo1VQ9rqI1Msn+5TW0p4/aG7/XnQruwzN8QVwAOajgQt +cxZ0RmvV+8iLCAmvRuJszYqbo+VkRC2PtTWHmNjCwddYAawC+Rg9m2an/pJQaH/d +0YB0zGqhLzGJV9L2+uem +=7Eoy +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:22/openssh.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:22/openssh.patch Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,68 @@ +Index: crypto/openssh/monitor.c +=================================================================== +--- crypto/openssh/monitor.c (revision 286787) ++++ crypto/openssh/monitor.c (working copy) +@@ -1027,9 +1027,7 @@ extern KbdintDevice sshpam_device; + int + mm_answer_pam_init_ctx(int sock, Buffer *m) + { +- + debug3("%s", __func__); +- authctxt->user = buffer_get_string(m, NULL); + sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); + sshpam_authok = NULL; + buffer_clear(m); +@@ -1111,14 +1109,16 @@ mm_answer_pam_respond(int sock, Buffer *m) + int + mm_answer_pam_free_ctx(int sock, Buffer *m) + { ++ int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; + + debug3("%s", __func__); + (sshpam_device.free_ctx)(sshpam_ctxt); ++ sshpam_ctxt = sshpam_authok = NULL; + buffer_clear(m); + mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; +- return (sshpam_authok == sshpam_ctxt); ++ return r; + } + #endif + +Index: crypto/openssh/monitor_wrap.c +=================================================================== +--- crypto/openssh/monitor_wrap.c (revision 286787) ++++ crypto/openssh/monitor_wrap.c (working copy) +@@ -820,7 +820,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt) + + debug3("%s", __func__); + buffer_init(&m); +- buffer_put_cstring(&m, authctxt->user); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); +Index: crypto/openssh/mux.c +=================================================================== +--- crypto/openssh/mux.c (revision 286787) ++++ crypto/openssh/mux.c (working copy) +@@ -635,7 +635,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer + u_int lport, cport; + int i, ret = 0, freefwd = 1; + +- fwd.listen_host = fwd.connect_host = NULL; ++ memset(&fwd, 0, sizeof(fwd)); ++ + if (buffer_get_int_ret(&ftype, m) != 0 || + (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&lport, m) != 0 || +@@ -785,7 +786,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffe + int i, listen_port, ret = 0; + u_int lport, cport; + +- fwd.listen_host = fwd.connect_host = NULL; ++ memset(&fwd, 0, sizeof(fwd)); ++ + if (buffer_get_int_ret(&ftype, m) != 0 || + (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || + buffer_get_int_ret(&lport, m) != 0 || Added: head/share/security/patches/SA-15:22/openssh.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:22/openssh.patch.asc Tue Aug 25 21:09:45 2015 (r47309) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV3Ne1AAoJEO1n7NZdz2rnaD4P/27Y0Bd6TwsCXR33YG8bmmpO +ASZxD1GyWFqZyTIrPw+gBN2SkfxROnjMSq5/RfbAgbTthQYEQ+vu7aX4rbpuGQ3E +5nK1IJlCS9abr84QWOxFXuDtBrLuYhb4WRmMNpGANfmA+ZtKap7fNkdLsU5XYnGf +wftLAWPtUF1GxPPFcc9NZdXyOePg4UcfTFqfPkHmdeEPSLlOhkCHv4ZtuWPg4VMB +++uEZCAS+U1Ky4NIKaGmE9lO5x9LWzQnXzluLXHPAAnMxi4uTLs4DFocGgLR9Xvv +NftlvAzJuQWzIAr5Tp/5YB24nqJB+qAMNwwmSMvsL2MFDI4Zepqq3o0Ss4xAPOjU +taBDNow1+S/tLPH2jtF3hu/DP2H8HkSm5UqNWrHP8vS4UXqlXIofjaA5mTddtGLK +FXc6C+NQ2G7bqgw+g5kiO+XH3gYBMxJtuRyBCIekeBAtIISoevz/V+ejFdTE0EFP +MuvC4HWhSttdTJkdC74+WdcNWqpQ14iHwdrlY8Gazv9wQz/iwonZO7pzE+lea+j3 +f+e/2dyQLXxEIxrfGRRZljuekbvLnEn+DUSV9mExpNP60ZvRBKyVOBDcnteP3VhY +4LAMaSFzE7kgPuhaLBfzecEFDd06Eiz7LEd4HesXVqpKBP1fBOevfAxW8Izidg/1 +/t/RV1/NkgKrKgNBkO97 +=ZQpd +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Aug 25 17:23:15 2015 (r47308) +++ head/share/xml/advisories.xml Tue Aug 25 21:09:45 2015 (r47309) @@ -11,6 +11,18 @@ 8 + 25 + + + FreeBSD-SA-15:22.openssh + + + + FreeBSD-SA-15:21.amd64 + + + + 18 Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Aug 25 17:23:15 2015 (r47308) +++ head/share/xml/notices.xml Tue Aug 25 21:09:45 2015 (r47309) @@ -11,6 +11,18 @@ 8 + 25 + + + FreeBSD-EN-15:15.pkg + + + + FreeBSD-EN-15:14.ixgbe + + + + 18