Author: delphij
Date: Tue Aug 25 20:48:51 2015
New Revision: 287145
URL: https://svnweb.freebsd.org/changeset/base/287145
Log:
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
Modified:
releng/10.2/UPDATING
releng/10.2/crypto/openssh/monitor.c
releng/10.2/crypto/openssh/monitor_wrap.c
releng/10.2/crypto/openssh/mux.c
releng/10.2/sys/conf/newvers.sh
releng/10.2/usr.sbin/pkg/pkg.c
Modified: releng/10.2/UPDATING
==============================================================================
--- releng/10.2/UPDATING Tue Aug 25 20:48:44 2015 (r287144)
+++ releng/10.2/UPDATING Tue Aug 25 20:48:51 2015 (r287145)
@@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20150825: p2 FreeBSD-SA-15:22.openssh
+ FreeBSD-EN-15:15.pkg
+ Fix OpenSSH multiple vulnerabilities. [SA-15:22]
+
+ Fix insufficient check of unsupported pkg(7) signature methods.
+ [EN-15:15]
+
20150818: p1 FreeBSD-SA-15:20.expat
FreeBSD-EN-15:11.toolchain
FreeBSD-EN-15:12.netstat
Modified: releng/10.2/crypto/openssh/monitor.c
==============================================================================
--- releng/10.2/crypto/openssh/monitor.c Tue Aug 25 20:48:44 2015
(r287144)
+++ releng/10.2/crypto/openssh/monitor.c Tue Aug 25 20:48:51 2015
(r287145)
@@ -1027,9 +1027,7 @@ extern KbdintDevice sshpam_device;
int
mm_answer_pam_init_ctx(int sock, Buffer *m)
{
-
debug3("%s", __func__);
- authctxt->user = buffer_get_string(m, NULL);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
buffer_clear(m);
@@ -1111,14 +1109,16 @@ mm_answer_pam_respond(int sock, Buffer *
int
mm_answer_pam_free_ctx(int sock, Buffer *m)
{
+ int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
debug3("%s", __func__);
(sshpam_device.free_ctx)(sshpam_ctxt);
+ sshpam_ctxt = sshpam_authok = NULL;
buffer_clear(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
auth_method = "keyboard-interactive";
auth_submethod = "pam";
- return (sshpam_authok == sshpam_ctxt);
+ return r;
}
#endif
Modified: releng/10.2/crypto/openssh/monitor_wrap.c
==============================================================================
--- releng/10.2/crypto/openssh/monitor_wrap.c Tue Aug 25 20:48:44 2015
(r287144)
+++ releng/10.2/crypto/openssh/monitor_wrap.c Tue Aug 25 20:48:51 2015
(r287145)
@@ -820,7 +820,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
debug3("%s", __func__);
buffer_init(&m);
- buffer_put_cstring(&m, authctxt->user);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX,
&m);
Modified: releng/10.2/crypto/openssh/mux.c
==============================================================================
--- releng/10.2/crypto/openssh/mux.c Tue Aug 25 20:48:44 2015
(r287144)
+++ releng/10.2/crypto/openssh/mux.c Tue Aug 25 20:48:51 2015
(r287145)
@@ -633,7 +633,8 @@ process_mux_open_fwd(u_int rid, Channel
u_int lport, cport;
int i, ret = 0, freefwd = 1;
- fwd.listen_host = fwd.connect_host = NULL;
+ memset(&fwd, 0, sizeof(fwd));
+
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&lport, m) != 0 ||
@@ -783,7 +784,8 @@ process_mux_close_fwd(u_int rid, Channel
int i, listen_port, ret = 0;
u_int lport, cport;
- fwd.listen_host = fwd.connect_host = NULL;
+ memset(&fwd, 0, sizeof(fwd));
+
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&lport, m) != 0 ||
Modified: releng/10.2/sys/conf/newvers.sh
==============================================================================
--- releng/10.2/sys/conf/newvers.sh Tue Aug 25 20:48:44 2015
(r287144)
+++ releng/10.2/sys/conf/newvers.sh Tue Aug 25 20:48:51 2015
(r287145)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.2"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.2/usr.sbin/pkg/pkg.c
==============================================================================
--- releng/10.2/usr.sbin/pkg/pkg.c Tue Aug 25 20:48:44 2015
(r287144)
+++ releng/10.2/usr.sbin/pkg/pkg.c Tue Aug 25 20:48:51 2015
(r287145)
@@ -767,7 +767,13 @@ bootstrap_pkg(bool force)
goto fetchfail;
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@@ -855,7 +861,13 @@ bootstrap_pkg_local(const char *pkgpath,
goto cleanup;
}
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(path, sizeof(path), "%s.sig", pkgpath);
if ((fd_sig = open(path, O_RDONLY)) == -1) {
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
