Date: Thu, 23 Feb 2017 07:28:05 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r50004 - in head/share: security/advisories security/patches/EN-17:01 security/patches/EN-17:02 security/patches/EN-17:03 security/patches/EN-17:04 security/patches/SA-17:02 xml Message-ID: <201702230728.v1N7S50g025554@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Feb 23 07:28:05 2017 New Revision: 50004 URL: https://svnweb.freebsd.org/changeset/doc/50004 Log: Add EN-17:01-04, SA-17:02. Added: head/share/security/advisories/FreeBSD-EN-17:01.pcie.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-17:02.yp.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-17:03.hyperv.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-17:04.mandoc.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-17:02.openssl.asc (contents, props changed) head/share/security/patches/EN-17:01/ head/share/security/patches/EN-17:01/pcie.patch (contents, props changed) head/share/security/patches/EN-17:01/pcie.patch.asc (contents, props changed) head/share/security/patches/EN-17:02/ head/share/security/patches/EN-17:02/yp.patch (contents, props changed) head/share/security/patches/EN-17:02/yp.patch.asc (contents, props changed) head/share/security/patches/EN-17:03/ head/share/security/patches/EN-17:03/hyperv.patch (contents, props changed) head/share/security/patches/EN-17:03/hyperv.patch.asc (contents, props changed) head/share/security/patches/EN-17:04/ head/share/security/patches/EN-17:04/mandoc.patch (contents, props changed) head/share/security/patches/EN-17:04/mandoc.patch.asc (contents, props changed) head/share/security/patches/SA-17:02/ head/share/security/patches/SA-17:02/openssl-10.patch (contents, props changed) head/share/security/patches/SA-17:02/openssl-10.patch.asc (contents, props changed) head/share/security/patches/SA-17:02/openssl-11.patch (contents, props changed) head/share/security/patches/SA-17:02/openssl-11.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-17:01.pcie.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-17:01.pcie.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-17:01.pcie Errata Notice + The FreeBSD Project + +Topic: System hang when booting when PCI-express HotPlug is enabled + +Category: core +Module: kernel +Announced: 2017-02-23 +Credits: Alan Somers, Dave Baukus +Affects: FreeBSD 11.0 +Corrected: 2017-02-07 22:40:38 UTC (stable/11, 11.0-STABLE) + 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Native PCI-express HotPlug permits PCI-express devices to be added and +removed at runtime in slots that support HotPlug. + +II. Problem Description + +Some PCI-express slots indicate partial support for PCI-express HotPlug +in the capability registers associated with an individual slot. The +PCI-express HotPlug driver attempted to configure these slots for HotPlug +operation. However, since these slots do not fully support HotPlug, +enabling HotPlug results in unpredictable behavior. + +III. Impact + +On at least some systems, booting a kernel with PCI-express HotPlug +support can hang. + +IV. Workaround + +The hw.pci.enable_pcie_hp loader tunable can be set to 0 to disable +support for PCI-express HotPlug before booting an affected kernel. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Afterward, reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterward, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch +# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch.asc +# gpg --verify pcie.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r313408 +releng/11.0/ r314125 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211699>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:01.pcie.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNEACgkQ7Wfs1l3P +aucj/RAAsB/+cWKAaf5pLiP9Hh9Rjmry8ZMyiG6RVBB22N8UM34ioiPPSjTu1ogQ +ZCP31fUqCWDwwQgVu6/Nl4Ur/NjeOYMjHAzxyjlgrFPx2RliptZCakMSA7NDBm7h +vhFxlvBdLvYOL1sDTPwO1HuaIRl8f6BMa3p99Ubaur2Blw7Zn2gDaIEDdiG8K2LN +m+R+yJvDqJmpQJcTiqkxMrcfemcmpuVkH/PTaQhjcuZfslQW8eL82dfXsmkuv5tz +J1cXJHSZHhX1Bq+cuKpAVp7rV65iud5nElt1NJiG4GC61h289nSoqsUebWcjzx4j +0XVwCxitLVqgybdD+OtJejxBwgwWnB3K2xicu5WYOSo/jUhXGRLXZTSk1COvDwZZ +4ndeGv1RwwknQTNxfHlnOH9uZozvQq1fCyXZ2CBnsfKs5gxW2GAF1+xTGXD2tSAJ +ntyc9JhiV0EmixG/aiDk8D6HaUnvcqvtUHCewbNXKy2xqRbnNDal613vzhgbNWKi +RqFoPDDCaLsD9uoL/DSh8R8sHh8QuNq903JxPODM0MoioWYGj+xzz5RNY1EwlhcO +nRI3CwmQr/Oxow+ajEqT4MRaQtmHSudmvcF6Syyw6Rt0lWF4R6KxYk2fPdaW18N0 +LU9fqH2IWGSmzPMdnJKI6I49jtOiUaIfXCAGpX15jpVN/1ZUg1k= +=x/qY +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-17:02.yp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-17:02.yp.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-17:02.yp Errata Notice + The FreeBSD Project + +Topic: NIS master updates are not pushed to NIS slave + +Category: core +Module: yppush, ypxfr +Announced: 2017-02-23 +Credits: Mark Johnston +Affects: FreeBSD 11.0-RELEASE +Corrected: 2016-10-19 17:18:48 UTC (stable/11, 11.0-STABLE) + 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +yppush(8) and ypxfr(8) utilities are used to synchronize databases from +a master NIS server. + +II. Problem Description + +A bug present in FreeBSD 11.0 prevents these utilities from working +properly. In particular, an attempt to synchronize a non-empty map +causes yppush(8) to crash. + +III. Impact + +The problem prevents updates to a master NIS server from being propagated +to NIS slave servers. + +IV. Workaround + +No workaround is available, but NIS configurations which do not make +use of NIS slave servers are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is not required. However, the system administrator may need to +manually run yppush(8) after the update have been applied on slave systems. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch +# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch.asc +# gpg --verify yp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +A reboot is not required. However, the system administrator may need to +manually run yppush(8) after the update have been applied on slave systems. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r307642 +releng/11.0/ r314125 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213506>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:02.yp.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNcACgkQ7Wfs1l3P +aucX/Q/5AbGPtToi+NC4OB0sNJbCiJD5WOP7tmbNipDm5SGoItN+lXQSv+FN1wbF +9R4vhqBqDROE35PF9QUWdFb1qE4i37lD4DznK7r1urg3n7CWx5zcPYAz3PNA7FFX +IJixTM4fjhoWoKAWMLZhc+7+ez7HB83AZrExXDBFRnj7SvceJw6B//yCRB/he9l3 +trE5yvUyAiSPylG5qfA6upsJftXsluajq0uQ/yD4iGfqT8nqjOrsd4z64S6+3wTT +lnZHyjNEfIqVQ81Lp9EIsqaU7pyvPrjRQqxsHI+rZO/2YVA/RDokeIcq6s+8GN76 +/H7U8XoEuLFNq39s+fHOLTIPGjSM5PN1jqreoJTXnLFqpDtc2WI3W6cvMUY3lD2y +rW3jDrQOxKF8E9qD/wyi7Sa74cC4PduEe9F+fwNOf+gQUtd/NF+OcnSo0imUnmvU +VJy7FHSUQWZY7ZDW0L7CUT6IDBvIncUKlt1DX4b8M9GkX65FtXmd4risExxBlGDh +ikMD+qzCE8tlqzXKPzEmZNLgsAj0nJiZIcD6kMDORLNyzdI7AeqSazg6Pt70XstR +r+GjK1Hclp/lTqaEJLuBrkd2LJGI2Wcyp/nRZ6OifyduvRwk5vKPhQf792zqx+FK +0sZ1T7po0aop1sDFRDZKCHMRxxpKfd5BTxEyQ24v7GL02Dz/rVk= +=zlKa +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-17:03.hyperv.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-17:03.hyperv.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-17:03.hyperv Errata Notice + The FreeBSD Project + +Topic: Compatibility with Hyper-V/storage after KB3172614 or + KB3179574 + +Category: core +Module: hyperv/storvsc +Announced: 2017-02-23 +Credits: Microsoft OSTC +Affects: FreeBSD 11.0-RELEASE +Corrected: 2016-10-19 07:43:39 UTC (stable/11, 11.0-STABLE) + 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Hyper-V is a default hypervisor provided on Windows server by Microsoft. +ATA driver is the legacy storage driver for FreeBSD on Hyper-V, now they +are replaced by synthetic driver which has better performance. There are +issues when attaching synthetic storage driver for FreeBSD 11 on some of +Hyper-V hosts. + +II. Problem Description + +There are some compatibility issues with the FreeBSD Hyper-V driver, +which will cause the OS disk to be detached if August 2016 update rollup +is applied on Windows host (KB3172614 or KB3179574). + +III. Impact + +FreeBSD 11.0 can not be installed on a guest system on Hyper-V host. + +IV. Workaround + +On Hyper-V connection, when the installer boot prompt, select + + 3. Escape to the loader prompt + +Then: + + set hw.ata.disk_enable=1 + boot. + +Note: this workaround force FreeBSD to use legacy storage driver +which is much slower than synthetic driver. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Afterward, reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterward, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch +# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch.asc +# gpg --verify hyperv.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r307617 +releng/11.0/ r314125 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212721>; + +<URL:https://support.microsoft.com/en-au/help/24717/windows-8-1-and-windows-server-2012-r2-update-history>; + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNwACgkQ7Wfs1l3P +auea7BAAtYKNH1OVGWZ2frFoaVAuzLA0Gow599XCM5ycF39HTlavmoR1+KN9g8Gh +r2wEBvIM/Yzla16mmLEzt7QLeSFMP1mgVb1lUtvAp62b/lzb2ImIvL3qhury0nop +eczup/A/nFOOgOa/IEMsxqi5noB5e2ODkWEOayiLNd5fmD/BF+yACEKi0YI0krQY +Oonq4N9ah7z4rT8OYC2LNQPvc00ZAAq9eq/IDdtWDvLgpxOF1W+dJ0MAzLhQwNJn +9cdW13AcrdJHxzyjAGeOd1pedWFs0ueEXLI+J5pVOvpZd3WeAc9Fls8t7GNgYwvf +dpf9uaB765n5tZCa+gc8h2eSzY59aEAQOtHXTqlMGp3ACl7D7Gjmhh42Vp4fgySb +zeeKEqAnNay4NdBEGt/U9CjycNKMKi6/bqLpEq3rxu8QFPzeXuwIB3favj8MpIUI +ZMda4CQ1E9XLgG6YoupSpnVSbvNFZIEQ2RHzZesKlIoQIM4OPSBWPGjSR9UDMNKH +mxb/cWMwO9N4G7xzKSULuIAF33wZYkaKqTfzOKVtOEZ7hlBPlqzfXK2MNqlbc0PO +3bqPvrg8KXL8OyswEy0sZaptQs/jTUZjqI9/JNWY+IdRR1clVrRdpg/YWljwqqvb +hFIarahbNC1fvsMTeAFq8QBGXkoy6ovmjpKrhBfPNpaiL5ccuWU= +=nMwL +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-17:04.mandoc.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-17:04.mandoc.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-17:04.mandoc Errata Notice + The FreeBSD Project + +Topic: makewhatis output is not reproducible + +Category: contrib +Module: mandoc +Announced: 2017-02-23 +Credits: Ingo Schwarze, Ed Maste +Affects: FreeBSD 11.0-RELEASE +Corrected: 2016-11-26 03:39:02 UTC (stable/11, 11.0-STABLE) + 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The makewhatis utility extracts keywords from UNIX manuals and indexes +them in a database for fast retrieval by apropos(1), whatis(1), and +man(1)'s -k option. + +II. Problem Description + +The generation of makewhatis database is not reproducible. + +III. Impact + +The freebsd-update(8) build procedure may consider mandoc.db as changed when +built multiple times. + +IV. Workaround + +No workaround is available, but the impact is mostly cosmetic. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Reboot is not necessary. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot is not necessary. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch +# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch.asc +# gpg --verify mandoc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r309183 +releng/11.0/ r314125 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214545>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:04.mandoc.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOMACgkQ7Wfs1l3P +aucxsA//fsEp6miJAsXLBOFxI1hiRheHb6HlOaXYrMo59sKLgRGRipe34AxIq3Ca +cYvVRHOEpXlUZNMvModg/P42SkkQLDi+2tIenvQUG5T5r3xSRTAHOU0pSRlpfjaA +8OCIaZaWYDIcTOEfaQocIbjwuKfzw5qVxZY6Ot3NPz0QEpOSzFGkbRrM8JxkrVyg +ROtzY/rqaDbhfdKyTCS8PZCIW4ZwNiBjAV9kZysviN3RUSQvLaxEC+vTDjU9BBm5 +CKIU3y0aoSlO4W6A9ahqVb/4hX7A2WBoFpfhMVXsVOzi4SkJhaFKNdjwbq6Nrmxr +hePKGTSYVtcVIaiyf0rJwHDvGK6y4NKCTTqCwlQ7hrMGZHY2D5t5NAdd10uvIrv6 +PDQkJBap5hZTnSeJ+rZt1jSUR1qAJ+xb86Fe1dG30fs6AsKpbYJEpTLWgSXmOfp/ +GQT0SCxv5mxtxMzIom8MUQipYay1cUIiXAh/wlfxERNWHHt3UXoP4/wS9Df+26w9 +zQ/5fk3TbtxAcCpZWBeZr1+pKIomQ4+51wU7zgyjAHvGRDesoA54XS3BOTJPWKnY +G1iNBWECSQC26jwzmSv/MMXf4BqT6ezZXXZ22uMeYQCTD4p0tiC6/H4RUEVSgOSl +TnZ026b3FQRlE6FIOYPK9a4AipnLYu4NW6f9tsJquwRyElLSd/U= +=oyNi +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-17:02.openssl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-17:02.openssl.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,164 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-17:02.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2017-02-23 +Affects: All supported versions of FreeBSD. +Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) + 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) + 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) + 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16) +CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +If an SSL/TLS server or client is running on a 32-bit host, and a specific +cipher is being used, then a truncated packet can cause that server or +client to perform an out-of-bounds read, usually resulting in a crash. +[CVE-2017-3731] + +There is a carry propagating bug in the x86_64 Montgomery squaring procedure. +No EC algorithms are affected. Analysis suggests that attacks against RSA and +DSA as a result of this defect would be very difficult to perform and are not +believed likely. Attacks against DH are considered just feasible (although +very difficult) because most of the work necessary to deduce information +about a private key may be performed offline. The amount of resources +required for such an attack would be very significant and likely only +accessible to a limited number of attackers. An attacker would additionally +need online access to an unpatched system using the target private key in +a scenario with persistent DH parameters and a private key that is shared +between multiple clients. [CVE-2017-3732] + +Montgomery multiplication may produce incorrect results. [CVE-2016-7055] + +III. Impact + +A remote attacker may trigger a crash on servers or clients that supported +RC4-MD5. [CVE-2017-3731] + +A remote attacker may be able to deduce information about a private key, +but that would require enormous amount of resources. [CVE-2017-3732, +CVE-2016-7055] + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Restart all daemons that use the library, or reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all daemons that use the library, or reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.0] +# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch +# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc +# gpg --verify openssl-11.patch.asc + +[FreeBSD 10.3] +# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch +# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc +# gpg --verify openssl-10.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r312863 +releng/10.3/ r314125 +stable/11/ r312826 +releng/11.0/ r314126 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>; + +<URL:https://www.openssl.org/news/secadv/20170126.txt>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P +aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If +Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5 +cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG +US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V +UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG +CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY +KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI +P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq +I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l +9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB +Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4= +=8Jsr +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-17:01/pcie.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-17:01/pcie.patch Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,11 @@ +--- sys/dev/pci/pci_pci.c.orig ++++ sys/dev/pci/pci_pci.c +@@ -935,6 +935,8 @@ + + if ((sc->pcie_slot_cap & PCIEM_SLOT_CAP_HPC) == 0) + return; ++ if ((sc->pcie_link_cap & PCIEM_LINK_CAP_DL_ACTIVE) == 0) ++ return; + + /* + * Some devices report that they have an MRL when they actually Added: head/share/security/patches/EN-17:01/pcie.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-17:01/pcie.patch.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPUACgkQ7Wfs1l3P +aucnkRAAlrRIt4XdzSyuVFcuK3vIhbO2MEhlVmsduYElQ+S/A/QOyhgAVN83TveN +3JvQSozXA8OTw7cGDOD8SiL7Hyr79PsC+cWkbD/XhQGLwXtwcaywTTIOuc7ny0Cj +4m7tl3DzO8FN0rKGoOCC0UCiaTamKfh3Wl+mMHHPBOtYyk+DKzSw7TnTLaRrI90q +wWnQnF5Xr1pCbJBwyx3EvIQq9AL6d5nRm6af8cksWaChpH1w6elNl0Q0FbojKkdp +6aweLHYORRu8cVqDsOjuWoNq6BMyEF/cooqufmBb5JkpgwaFgVntp7aI0ql8Ts/v +mkvSqMTyzPiJGEBoDDqBosQdb66MeGIV9PZIjR8AQEIwagXo4KCNq3PwW8kPKlJ1 +8vrxRGQc8xSKRvv7h0Xvg5Ovhodu7UV1RtFVUqWMAdeLqTy6mtyRmjOKb4ouy7wC +V9/ZgG87zYHHpLmg6EmQfAB3fa8ksR30/rJEBxehxdbJTAwaxCfK2RWpRu4MVTH1 +uJrbEbiFHpSHM46LJ9JbkLfOfNMLuDz0K688D3eecWvpzyO7Zk7NqPV1fWOlcQLk +xtdOFzmSV8Cr1UBiUV7AaAap20nXWrqQ7Lp5Q9fj7y7l7xVznh95Tf6VlFergBMB +hR2MHvbCHExx9vokyWSYyz/yq7mnCJWNcSMDdRCfAjqqpSD9lGI= +=2ZA+ +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-17:02/yp.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-17:02/yp.patch Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,13 @@ +--- libexec/ypxfr/ypxfr_getmap.c.orig ++++ libexec/ypxfr/ypxfr_getmap.c +@@ -43,8 +43,8 @@ + + extern bool_t xdr_ypresp_all_seq(XDR *, unsigned long *); + +-static int (*ypresp_allfn)(); +-static void *ypresp_data; ++extern int (*ypresp_allfn)(); ++extern void *ypresp_data; + extern DB *specdbp; + extern enum ypstat yp_errno; + Added: head/share/security/patches/EN-17:02/yp.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-17:02/yp.patch.asc Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.18 (FreeBSD) + +iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPkACgkQ7Wfs1l3P +audR3A//Y0/IZ4iyUh3N0Twwc/ywoSV2ph+D2XF9PmI3HWTk4F+uEN+/02XNDhft +V9T25LuyuaROBrvDDgpN+9d8V82zxo8K4YiSi8YaarQq71q7lAUAJ0YIg+an9ije +4M6HNDRk0x99rueb2gmOSk/6EWyUzLSwlumzhG1SdKrgz0VN2ItoSdE9FDNfHqTG +UfCeXa5bgoQUU/yNfzQu4QfuTQzx/Oq2Kfjr5wIOK+bZxLk6tlInDxBhg5oJq/KZ +zXgL4mJmqF/glDNKxpa8yZxHmiXql9wwI/mnRmVODQ2CCHDcuSx6uOxpS8PNhect +31PpPR9wFtFOBGbXsuBHGUkGVjjReADXcBU0SdaFY02WlonQXnvc7RhzFu4TOo5Z +6LTOxyiCIc7ZJW1nW7HmXZl5VfzWL/wmK0QHlLSMJ24tPwrAizPlT0OEwsjOlhCq +LYfWRKBRPlu8x7Ow8J0ecYCouhPGy4dYA4o68fBvpk27HUREw0VgfpTPNgrcZinK +VEM+z5zx7fQXuNkwb3GYQzCGDKLbZTtxZ35APlIzhCYtUdJ1kA5Q/udvxNIbd1zD +apmj7h4+xgx5T+ncmPsyROm805LdXFGsMT9CcMrqECadGzRMC0Cq0tyOINnFHryp +hmSVl1mp7YQpafXKSMs/2CvxPcTrBjw9vgZBOdaJD1+j2/gLkSA= +=8C44 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-17:03/hyperv.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-17:03/hyperv.patch Thu Feb 23 07:28:05 2017 (r50004) @@ -0,0 +1,277 @@ +--- sys/cam/ata/ata_xpt.c.orig ++++ sys/cam/ata/ata_xpt.c +@@ -40,6 +40,7 @@ + #include <sys/interrupt.h> + #include <sys/sbuf.h> + ++#include <sys/eventhandler.h> + #include <sys/lock.h> + #include <sys/mutex.h> + #include <sys/sysctl.h> +@@ -824,6 +825,7 @@ + { + struct ccb_pathinq cpi; + int16_t *ptr; ++ int veto = 0; + + ident_buf = &softc->ident_data; + for (ptr = (int16_t *)ident_buf; +@@ -830,6 +832,17 @@ + ptr < (int16_t *)ident_buf + sizeof(struct ata_params)/2; ptr++) { + *ptr = le16toh(*ptr); + } ++ ++ /* ++ * Allow others to veto this ATA disk attachment. This ++ * is mainly used by VMs, whose disk controllers may ++ * share the disks with the simulated ATA controllers. ++ */ ++ EVENTHANDLER_INVOKE(ada_probe_veto, path, ident_buf, &veto); ++ if (veto) { ++ goto device_fail; ++ } ++ + if (strncmp(ident_buf->model, "FX", 2) && + strncmp(ident_buf->model, "NEC", 3) && + strncmp(ident_buf->model, "Pioneer", 7) && +--- sys/conf/files.amd64.orig ++++ sys/conf/files.amd64 +@@ -268,7 +268,6 @@ + dev/hyperv/netvsc/hv_net_vsc.c optional hyperv + dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv + dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv +-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv + dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv + dev/hyperv/utilities/hv_heartbeat.c optional hyperv + dev/hyperv/utilities/hv_kvp.c optional hyperv +--- sys/conf/files.i386.orig ++++ sys/conf/files.i386 +@@ -239,7 +239,6 @@ + dev/hyperv/netvsc/hv_net_vsc.c optional hyperv + dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv + dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv +-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv + dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv + dev/hyperv/utilities/hv_heartbeat.c optional hyperv + dev/hyperv/utilities/hv_kvp.c optional hyperv +--- sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c.orig ++++ sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c +@@ -58,6 +58,7 @@ + #include <sys/lock.h> + #include <sys/sema.h> + #include <sys/sglist.h> ++#include <sys/eventhandler.h> + #include <machine/bus.h> + #include <sys/bus_dma.h> + +@@ -139,6 +140,15 @@ + struct hv_storvsc_request hs_reset_req; + }; + ++static eventhandler_tag storvsc_handler_tag; ++/* ++ * The size of the vmscsi_request has changed in win8. The ++ * additional size is for the newly added elements in the ++ * structure. These elements are valid only when we are talking ++ * to a win8 host. ++ * Track the correct size we need to apply. ++ */ ++static int vmscsi_size_delta = sizeof(struct vmscsi_win8_extension); + + /** + * HyperV storvsc timeout testing cases: +@@ -954,21 +964,15 @@ + static int + storvsc_probe(device_t dev) + { +- int ata_disk_enable = 0; + int ret = ENXIO; + + switch (storvsc_get_storage_type(dev)) { + case DRIVER_BLKVSC: + if(bootverbose) +- device_printf(dev, "DRIVER_BLKVSC-Emulated ATA/IDE probe\n"); +- if (!getenv_int("hw.ata.disk_enable", &ata_disk_enable)) { +- if(bootverbose) +- device_printf(dev, +- "Enlightened ATA/IDE detected\n"); +- device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc); +- ret = BUS_PROBE_DEFAULT; +- } else if(bootverbose) +- device_printf(dev, "Emulated ATA/IDE set (hw.ata.disk_enable set)\n"); ++ device_printf(dev, ++ "Enlightened ATA/IDE detected\n"); ++ device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc); ++ ret = BUS_PROBE_DEFAULT; + break; + case DRIVER_STORVSC: + if(bootverbose) +@@ -2018,27 +2022,45 @@ + ccb->ccb_h.status &= ~CAM_STATUS_MASK; + if (vm_srb->scsi_status == SCSI_STATUS_OK) { + const struct scsi_generic *cmd; +- ++ cmd = (const struct scsi_generic *) ++ ((ccb->ccb_h.flags & CAM_CDB_POINTER) ? ++ csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes); + if (vm_srb->srb_status != SRB_STATUS_SUCCESS) { +- if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) { +- xpt_print(ccb->ccb_h.path, "invalid LUN %d\n", +- vm_srb->lun); +- } else { +- xpt_print(ccb->ccb_h.path, "Unknown SRB flag: %d\n", +- vm_srb->srb_status); +- } + /* + * If there are errors, for example, invalid LUN, + * host will inform VM through SRB status. + */ +- ccb->ccb_h.status |= CAM_SEL_TIMEOUT; ++ if (bootverbose) { ++ if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) { ++ xpt_print(ccb->ccb_h.path, ++ "invalid LUN %d for op: %s\n", ++ vm_srb->lun, ++ scsi_op_desc(cmd->opcode, NULL)); ++ } else { ++ xpt_print(ccb->ccb_h.path, ++ "Unknown SRB flag: %d for op: %s\n", ++ vm_srb->srb_status, ++ scsi_op_desc(cmd->opcode, NULL)); ++ } ++ } ++ ++ /* ++ * XXX For a selection timeout, all of the LUNs ++ * on the target will be gone. It works for SCSI ++ * disks, but does not work for IDE disks. ++ * ++ * For CAM_DEV_NOT_THERE, CAM will only get ++ * rid of the device(s) specified by the path. ++ */ ++ if (storvsc_get_storage_type(sc->hs_dev->device) == ++ DRIVER_STORVSC) ++ ccb->ccb_h.status |= CAM_SEL_TIMEOUT; ++ else ++ ccb->ccb_h.status |= CAM_DEV_NOT_THERE; + } else { + ccb->ccb_h.status |= CAM_REQ_CMP; + } + +- cmd = (const struct scsi_generic *) +- ((ccb->ccb_h.flags & CAM_CDB_POINTER) ? +- csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes); + if (cmd->opcode == INQUIRY) { + struct scsi_inquiry_data *inq_data = + (struct scsi_inquiry_data *)csio->data_ptr; +@@ -2059,7 +2081,7 @@ + resp_buf[3], resp_buf[4]); + } + if (vm_srb->srb_status == SRB_STATUS_SUCCESS && +- data_len > SHORT_INQUIRY_LENGTH) { ++ data_len >= SHORT_INQUIRY_LENGTH) { + char vendor[16]; + + cam_strvis(vendor, inq_data->vendor, +@@ -2152,3 +2174,57 @@ + return (DRIVER_UNKNOWN); + } + ++#define PCI_VENDOR_INTEL 0x8086 ++#define PCI_PRODUCT_PIIX4 0x7111 ++ ++static void ++storvsc_ada_probe_veto(void *arg __unused, struct cam_path *path, ++ struct ata_params *ident_buf __unused, int *veto) ++{ ++ ++ /* ++ * The ATA disks are shared with the controllers managed ++ * by this driver, so veto the ATA disks' attachment; the ++ * ATA disks will be attached as SCSI disks once this driver ++ * attached. ++ */ ++ if (path->device->protocol == PROTO_ATA) { ++ struct ccb_pathinq cpi; ++ ++ bzero(&cpi, sizeof(cpi)); ++ xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE); ++ cpi.ccb_h.func_code = XPT_PATH_INQ; ++ xpt_action((union ccb *)&cpi); ++ if (cpi.ccb_h.status == CAM_REQ_CMP && ++ cpi.hba_vendor == PCI_VENDOR_INTEL && ++ cpi.hba_device == PCI_PRODUCT_PIIX4) { ++ (*veto)++; ++ if (bootverbose) { ++ xpt_print(path, ++ "Disable ATA disks on " ++ "simulated ATA controller (0x%04x%04x)\n", ++ cpi.hba_device, cpi.hba_vendor); ++ } ++ } ++ } ++} ++ ++static void ++storvsc_sysinit(void *arg __unused) ++{ ++ if (vm_guest == VM_GUEST_HV) { ++ storvsc_handler_tag = EVENTHANDLER_REGISTER(ada_probe_veto, ++ storvsc_ada_probe_veto, NULL, EVENTHANDLER_PRI_ANY); ++ } ++} ++SYSINIT(storvsc_sys_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, storvsc_sysinit, ++ NULL); ++ ++static void ++storvsc_sysuninit(void *arg __unused) ++{ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702230728.v1N7S50g025554>