os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add EN-15:11, EN-15:12, EN-15:13 and SA-15:20.

Browse source
This commit is contained in:
Xin LI 2015-08-18 20:11:44 +00:00
parent 5653203ecb
commit 1ce4c8455f
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=47263
14 changed files with 735 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
share/security/advisories/FreeBSD-EN-15:11.toolchain.asc Normal file
View file

@ -0,0 +1,122 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:11.toolchain Errata Notice
The FreeBSD Project
Topic: make(1) syntax errors when upgrading from 9.x and earlier
Category: core
Module: toolchain
Announced: 2015-08-18
Credits: John Hein
Affects: FreeBSD 10.2-RELEASE
Corrected: 2015-08-13 22:29:26 UTC (stable/10, 10.2-STABLE)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The FreeBSD userland and kernel build system ensures a seamless upgrade path
from the previous major FreeBSD version. During source-based upgrades, the
build system must utilize several utilities on the running system in order to
bootstrap the build toolchain, after which the bootstrapped utilities are used
to produce the build output for the system upgrade.
The make(1) utility was replaced with the NetBSD bmake(1) utility as of
FreeBSD 10.0-RELEASE, which has several syntactical differences compared to
the fmake(1) utility found in earlier FreeBSD releases.
II. Problem Description
A hard-coded make(1) invocation in the FreeBSD 10.2 sources produce warnings
on FreeBSD versions earlier than 10.x due to a syntactical difference between
the FreeBSD and NetBSD versions of make(1).
The warnings may persist on FreeBSD 10.2-RELEASE or 10.2-STABLE if the system
is configured to use fmake(1), by defining WITHOUT_BMAKE in src.conf(5).
III. Impact
The warnings produced have no known functional impact. Additionally, the
warnings will not recur after the system is upgraded to 10.2-RELEASE or
10.2-STABLE, unless WITHOUT_BMAKE is defined in src.conf(5) as noted above.
IV. Workaround
No workaround is available, but systems using binary upgrades such as
freebsd-update(8) are not affected.
V. Solution
Perform one of the following:
1) Update the system sources to stable/10 or releng/10.2 dated after the
correction date prior to upgrading from FreeBSD 9.x or earlier. No addtional
action is required.
2) To update your present system via a source code patch:
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch
# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch.asc
# gpg --verify toolchain.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r286746
releng/10.2/ r286901
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202277>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:11.toolchain.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnSJEP/A1452UILdiWXytwy75nCktq
a4vCmQ73gK1raY1SyFDzRppemiIeiDlsE3NTldNvMjw+itPkW/d/VJYIsUQimLxL
dQvuAaWLKDK2MKjCUkl7isxBJPdcnnB12QLIZ5TS9ZzqPo7awFq91tL3TmAhwdmw
mAikqUoOZilTC6j3wZp+2w4IjSrecN6dGdTutd9E8ahjy8BmNBax+hyPnbFTXGp4
s8Tpx3LhmPicvXh4ou3uHm0IbKFJF2B5Y8THTDF2SAZ5pyaltjg+o4JvW1lvaOFM
XXp1XkGhfdkFj19FKeFUsT4BWLorqAnu9BqNJFlrxbotaPMMBJLbMEI2HqBVMa8a
fu+loj9tlAMprWjKnl+GLcYrpIEmIPQzGHHO0k8ke1efQmsfLeBo1cdKyQV1M88u
uwRBDkN08krEyun5QDeZwn35Kc//jeK14v465HRXt0gxztX+frt31UKNu7cTEuo9
ZqZbX5RUS85u/Z8WKhIBp9LWSgVdaB1v10mSb9kHMqZvckEqlozxr3h+/lOezpep
rGCdnHPDEHaA5jvwX2WY3+Rb7hOvpzRw5UmBuGVfGp16HQALIwwMC0LM9hA2NnZf
re3Rx4asssbyoLmp8akZjDsr3j/500/XM7enNvQcEc1ZQhK9k5W9SDg6cbEthEle
Eiaq3eGZnWVBKiYftGcT
=ryS+
-----END PGP SIGNATURE-----

122
share/security/advisories/FreeBSD-EN-15:12.netstat.asc Normal file
View file

@ -0,0 +1,122 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:12.netstat Errata Notice
The FreeBSD Project
Topic: Incorrect netstat(1) data handling on 32-bit systems
Category: core
Module: netstat
Announced: 2015-08-18
Credits: Mark Johnston
Affects: FreeBSD 10.2-RELEASE
Corrected: 2015-07-31 00:21:41 UTC (stable/10, 10.2-STABLE)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The netstat(1) utility displays the contents of various network related data
structures.
II. Problem Description
The netstat(1) utility incorrectly handles reported values on 32-bit systems.
III. Impact
Due to how netstat(1) processes IPSEC counters, the utility may produce
incorrect output on 32-bit systems.
IV. Workaround
No workaround is available, however systems without IPSEC compiled into the
kernel are not affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch
# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch.asc
# gpg --verify netstat.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r286099
releng/10.2/ r286901
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201700>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:12.netstat.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnAzIQANyLdOOQhe9dHyAV4N5YKM3B
Z/86dY/KIIViVb1uzkBASBNnkHlG+mCMOQpzX2x8yCPF4i7bIEfPa4r2Bzw9pvCF
RWRKvZXERESh/RndQFhxcmJMAyYPq7MdK0IZzG53vinlMoSz2WTKj2vSR7t2jfo+
ObTfgdkqN/PZs/W+AQY8a4DMdxCLg1KCZiSpQRO7ea+4AxsI8qNgoytvG6HRno/z
uGe6Ad82ZfysKgqe9JO4gvRTR77ebQAVSSr3qylQcOGHohy9tFHcI2FEAAqLJrQY
b5DDLOawLRsQm0hwkLCTOZX2QvIFgz0gGRpvPcN9ZKValMc5DKQv36z3hOByK+3i
dDHFG/Diy2JNP0tsKtW8IyyLvW2DAUoTs1nVaWMvLKkMUr+loOYvoaLdGT0xQP2d
M6UT40mRMznfH/Gq/0DJFArsYcyB9YRl7rD0dy1HhqApogHQrTjsT+1vtBtpaTmv
LHA77tHyzI0TxOvmx3hglj/z4BLZDPU6ydXr3zeOYBpLz5p02GKxHUc+JrmWBfOV
Jep0+Fr2fYST5bGVtExNQV6cTlBZPnGR4JxJEUQA6a+FdyJcDuzOTNcs0YzwjuSC
dIk5pdxI3nkc+zf9GZLXUdLcxXfo6jBUy0fSWkzirGzBfo0wxseE6cbxxTH7vumx
CLGGmHiqxVuF/nP4ScHi
=3aK1
-----END PGP SIGNATURE-----

127
share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc Normal file
View file

@ -0,0 +1,127 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:13.vidcontrol Errata Notice
The FreeBSD Project
Topic: Allow size argument to vidcontrol(1) for syscons(4)
Category: core
Module: vidcontrol
Announced: 2015-08-18
Credits: Ed Maste
Affects: FreeBSD 10.2-RELEASE
Corrected: 2015-08-04 15:15:06 UTC (stable/10, 10.2-STABLE)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The vidcontrol(1) utility is used to set various options for the syscons(4) or
vt(4) console driver, such as video mode, colors, cursor shape, screen output
map, font, and screen saver timeout.
The vidcontrol(1) utility allows specifying a font size and font file as
arguments to the '-f' flag. When no size or file are specified, vidcontrol(1)
the default font will be used.
II. Problem Description
The vidcontrol(1) does not properly allow specifying the font size when
invoked from the command line.
III. Impact
The vidcontrol(1) utility will use the default font size, regardless of the
size specified as an argument to the '-f' flag.
IV. Workaround
No workaround is available, but systems not using the vt(4) driver are not
affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch
# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch.asc
# gpg --verify vidcontrol.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r286291
releng/10.2/ r286901
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:13.vidcontrol.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV05A2AAoJEO1n7NZdz2rnUc0QAMiNBzG5yPZYN5yDzbKSzWAX
/bHJNOhM2SBTHIHuUd/s1UjW2OW57IYyVLaF8BPjs8pXlQT6op3R2r/ZItfe/5xz
dja6oBH74czaLRMigrxIT1SaJdSzlpnRbtJR4HMjGnA2f9Rbttl5S4j0vf6sy/6G
fqgbKrston6WbTQudNkpwekaYbUStA4iVarIBfntbNmg7TvFZLl+yKbPvoQ3/Lxz
pU1U55JNTQOYn+h1KaLm+p7pvEPM7g6q49ZsIaX3dXBIMB00GT9wwvZZPpvUNn+Q
v+EUSvuIspaIhFb0Jng5gULQkJ5pRg/xDWZ71PcNW/F7hKf4Gt8NUdpmMO+k180X
EQAS37q9hdSiYmktFx7O6tX//3vr/Zpvm0fZviBjqJwkNTqzRfa+NPojbDaDqolX
/b/af9FZ0dBET4VrlNRp/XpJq9d5MCrRZKd2zmcdUwiOh06ZpQzh0tYjJCdM8d5P
Ytdl36EIsCSBWm1vcXA9lHafMe+Ihuh3mOLPkWR+RL47jfHe7iuoyxKJGLBsK9T5
Pzq7Le9uSdrIIqZce7zCsZ59MpwizMOBO8/XejynTQXmmLuzc/DI+L6lWINGbFc7
pNYPSbcYB3iikdKe8LyQm2+Joiuu4EJJkiOiUSYYNT0o4yJYBTRntEwqnUJb8sO2
kMp/1tcmaQbOdW6t8iqw
=/VcW
-----END PGP SIGNATURE-----

149
share/security/advisories/FreeBSD-SA-15:20.expat.asc Normal file
View file

@ -0,0 +1,149 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:20.expat Security Advisory
The FreeBSD Project
Topic: Multiple integer overflows in expat (libbsdxml) XML parser
Category: contrib
Module: libbsdxml
Announced: 2015-08-18
Affects: All supported versions of FreeBSD.
Corrected: 2015-08-18 19:30:05 UTC (stable/10, 10.2-STABLE)
2015-08-18 19:30:35 UTC (releng/10.1, 10.1-RELEASE-p18)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
2015-08-18 19:30:05 UTC (stable/9, 9.3-STABLE)
2015-08-18 19:30:35 UTC (releng/9.3, 9.3-RELEASE-p23)
CVE Name: CVE-2015-1283
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the parser
might find in the XML document (like start tags).
The FreeBSD base system ships libexpat as libbsdxml for components that
need to parse XML data. Some of these applications use the XML parser
on trusted data from the kernel, for instance the geom(8) configuration
utilities, while other applications, like tar(1), cpio(1), svnlite(1)
and unbound-anchor(8), may use the XML parser on input from network or
the user.
II. Problem Description
Multiple integer overflows have been discovered in the XML_GetBuffer()
function in the expat library.
III. Impact
The integer overflows may be exploited by using specifically crafted XML
data and lead to infinite loop, or a heap buffer overflow, which results
in a Denial of Service condition, or enables remote attackers to execute
arbitrary code.
IV. Workaround
No workaround is available, but the problem is only exploitable when the
affected system needs to process data from an untrusted source.
Because the library is used by many third party applications, we advise
system administrators to check and make sure that they have the latest
expat version as well, and restart all third party services, or reboot
the system.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
A reboot is not required after updating the base system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
A reboot is not required after updating the base system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch
# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch.asc
# gpg --verify expat.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
The FreeBSD base system do not install daemons that uses the library,
therefore, a reboot is not required after updating the base system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r286900
releng/9.3/ r286902
stable/10/ r286900
releng/10.1/ r286902
releng/10.2/ r286901
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:20.expat.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAEBCgAGBQJV05AOAAoJEO1n7NZdz2rnRPUP/2L0kectacl6IWOOeGFt6QgG
eRjZ6F53GqOYG3eW6tM71y+Vbeld+HkcMMgsckO4PM1vJg9AbKEJ56DmvGvFQepC
TBBcbg++VHOB2jilKh/meOiF0sUqwcpSTwOdRREfWTAMXNS5te7kcpuykZoi4R1x
LupCmRxQtM3taztw0AA/5AVRurmy+i6P9xuUnhGULyCcoi56VI1WvrpTk2KHbi7V
T5f/Xwf2hPfznJVoxvPjY9YoOlD2Fql0Dc51clJOQ82l9VVD+lP4ISoJmwLqFPKA
K4ZpiutMkoLda1er4lNaxsH4Ec7Oey4Dx2xpq1/JmQ9tP98Mtq4oaXNZAGminlET
rNoLOWR72Gg+NEh7Y+Yuu0K3zFmzLLm1pMjYfuIUaseT2qY7CE+qwm58kG6NvC53
fF+BwofOSaVNX/uzQnbP0iMJbewKXpqNO21CkdaapZVG+sXn8BZF3S1QDAWPaNwV
cJT9agijNG6pNUESNZcgY0ow/n4B8J+wWwA1KWzBgbedzj0yG8rsmulkCZEpt1hU
4uHR62Ktvd2IecoRn2gptA6SkpxHHJhzG8uKvDFq9vvzZko31rc3ttLI/Bb5P1QZ
wqn1hp1sy9hEpoGxFQlYJj4msahR4P7vTt+0cN4dSVwwg08Xbq1TL4b077BR1ZbR
ymv8Cnwn7Kg5NRBS2GBD
=4h4f
-----END PGP SIGNATURE-----

15
share/security/patches/EN-15:11/toolchain.patch Normal file
View file

@ -0,0 +1,15 @@
Index: Makefile.inc1
===================================================================
--- Makefile.inc1 (revision 286847)
+++ Makefile.inc1 (working copy)
@@ -133,8 +133,8 @@ OSRELDATE= 0
.endif
.if !defined(VERSION)
-REVISION!= make -C ${SRCDIR}/release -V REVISION
-BRANCH!= make -C ${SRCDIR}/release -V BRANCH
+REVISION!= ${MAKE} -C ${SRCDIR}/release -V REVISION
+BRANCH!= ${MAKE} -C ${SRCDIR}/release -V BRANCH
SRCRELDATE!= awk '/^\#define[[:space:]]*__FreeBSD_version/ { print $$3 }' \
${SRCDIR}/sys/sys/param.h
VERSION= FreeBSD ${REVISION}-${BRANCH:C/-p[0-9]+$//} ${TARGET_ARCH} ${SRCRELDATE}

17
share/security/patches/EN-15:11/toolchain.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn23IP/1S3dK2FSC1EI7DyOXF+gc7d
/OSBm2Y+mR1NFSJEOjIui3TPRxjRUG3aLYaK+HEnmGrgiXhksgCiWAgxAxLw4odq
dHbYP0lEnsQNZ8k4IJH5AyV+EshDJPmLyrvvKAJozZ9vSS0FlBxV4vJZDy4X65fh
JR28SWihiEp6uNSPU45I7ELPLIhaKo0fWDDThVRIfW3g8azl2kwXES1G8LbFTZhl
hEvKQoDHXrRArRo1aeLJ+v/OJ5OPTNY9sCJm3mozXibUIOpUPcg57dGqVx1QWWHU
pUhlqi3kYkL6niphRSkIEvlshUYwJHQfNZUJTVS5Yj2cXvcsv8BumjEXHdwlJBId
D4ZxLb+A+Nu9aZmKlzYGmdbguzUHjXEA9WrcIxktpgVpSpnpNzDbIywuofm5g8Q4
U63sdB6PJsDxvEg9D6ocVfbg5LqMQE5TMFYRNXLUBJlTEU75OuTuNDoIct3vLOWI
tP+xMVEJrD8kbBlJYT/ywqr9q5I23bF7axLNpZ/QcEa8R/Ea1iePBGUiFiJrYxWF
AKXPQ/lfI+5Aaenw54yFA4tWLcD/6YUh8y+vbX1PA9yLs6mjZvcP+hBXnMmCQ0IS
g/ZRSmX/c+RgUtAWlBqOoejRco5i5AznrkPl8KUi4qNMsmT2NYu91pHat5IwIh1p
dus3VPkw1zZ+oHjuKaXw
=JkV1
-----END PGP SIGNATURE-----

42
share/security/patches/EN-15:12/netstat.patch Normal file
View file

@ -0,0 +1,42 @@
Index: usr.bin/netstat/main.c
===================================================================
--- usr.bin/netstat/main.c (revision 286847)
+++ usr.bin/netstat/main.c (working copy)
@@ -785,19 +785,31 @@ kread_counter(u_long addr)
int
kread_counters(u_long addr, void *buf, size_t size)
{
- uint64_t *c = buf;
+ uint64_t *c;
+ u_long *counters;
+ size_t i, n;
if (kvmd_init() < 0)
return (-1);
- if (kread(addr, buf, size) < 0)
+ if (size % sizeof(uint64_t) != 0) {
+ warnx("kread_counters: invalid counter set size");
return (-1);
+ }
- while (size != 0) {
- *c = kvm_counter_u64_fetch(kvmd, *c);
- size -= sizeof(*c);
- c++;
+ n = size / sizeof(uint64_t);
+ if ((counters = malloc(n * sizeof(u_long))) == NULL)
+ err(-1, "malloc");
+ if (kread(addr, counters, n * sizeof(u_long)) < 0) {
+ free(counters);
+ return (-1);
}
+
+ c = buf;
+ for (i = 0; i < n; i++)
+ c[i] = kvm_counter_u64_fetch(kvmd, counters[i]);
+
+ free(counters);
return (0);
}

17
share/security/patches/EN-15:12/netstat.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn5eEP/R4ofVcJW8kEubscqSVvvg5A
GYggED+J0CjwJQcEW5tpUxhm0/Tw/jqzQMjgyOv/eFzgMVpNz4Yp5UYMJW/05ZM6
Jh1yh8b/v8F+zsKN/iFm/z0D0DOOtWACZwe7a3C8cPbycukwTkNhPrucumGZsEUL
9BJCpyaZUS31bsR6jprnQlIX3uG3uUehvLVJFooyhLWdQ2smehx4iyqzYeqbOvmz
R3kFv+qBmuTOmQb4q683+ARs6dfW/2xfVrYzQfOqWNNXqStlqEZ/MWlpga4diwKV
cfYyWsCuzZQcSTY+35ifT8x/zU/tDKfoYFpVs0O8z4zsPEQfb+Av5dNwpHM8nKW/
KvvImlrgwMTsRzcyDqf8filSq5TpMScBjLeHqDBUwU7CTj4FV7j6sWesQq4nWjgo
rFPpA0FgxFVDgN3bCPj4pdwvJE8OIy50IDF+zAEUI6k0z66zoCf2MeMd4AxgdNxk
DHsk5/N29W0oilXuImg3jj3QYaThWVIhcX3NO029mW33c84+YFKNAox3ZHlJ0/n/
7f654dFe1SGujtAOgaf4EMeYm7wwwqeT303YJXFuNQgy8tTaO8eKmdsXzbfNz2kv
Aq8I55mlUtTmU6UVGJp77ZQqcONUoMCn/D/flFh/5LY9HEDVGc/924tTq4JTQFyg
Yj5oJIiY5nRCWMcaOnAu
=LO9c
-----END PGP SIGNATURE-----

13
share/security/patches/EN-15:13/vidcontrol.patch Normal file
View file

@ -0,0 +1,13 @@
Index: usr.sbin/vidcontrol/vidcontrol.c
===================================================================
--- usr.sbin/vidcontrol/vidcontrol.c (revision 286847)
+++ usr.sbin/vidcontrol/vidcontrol.c (working copy)
@@ -1343,7 +1343,7 @@ main(int argc, char **argv)
if (vt4_mode)
opts = "b:Cc:fg:h:Hi:M:m:pPr:S:s:T:t:x";
else
- opts = "b:Cc:df:g:h:Hi:l:LM:m:pPr:S:s:T:t:x";
+ opts = "b:Cc:dfg:h:Hi:l:LM:m:pPr:S:s:T:t:x";
while ((opt = getopt(argc, argv, opts)) != -1)
switch(opt) {

17
share/security/patches/EN-15:13/vidcontrol.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rnToIP/30+OLVjPtkT8k3DUFTL8Mk3
wWiPfBdueZ1BlYxC+/tDxyLWkDGGRUALljwOz9V4CobiT1FEcEW24VDMDJCk/Qiq
zveKkRMhY3hjna6rbqvfBWa2qCYmELXR0onJc69+mC7LXI6Jg4x3bTwQ1BjZQf2f
T3fwO6CWfHuHYzNxLkT726hs6xAP9B8drlUB328t6VGw8LPYsXEQ2aJLSIuRzE9T
Ds5jvaIvyKtGrDJE88ZZhKaZUncXPMiG22MKtkT1g4dljaIjCV31N7ZZVZg+yaO9
L/5+5bT6p6dkbKJYvRsh+KqktfL1UeACGL/TzJdoZ6ZpVPcHfqVK3BPBQLnNGHPB
PbXnQXkgdLYJVeWVd8g275se/Dz1q3fryFwG5PzTl/aw1+lImR/Dgf9FDjkYEHXh
0NQcoE/8R1vMyAxeUSqMRkf95DX54NKpHeEadRHiGq8Lxj0HzmoNKn/hlARXrxCu
zRLvzxF/VXVysurq9V4kyQJk9yQDy+h/fn0Y70OYLTgVR5zYnq9oMK+Fw+7hqmiG
RaBQGwj+/8rByTQ7atgDj/W3wTARK0Y76aHoyl76fEzd/SFuvbMmJz+NKjWZv0mo
Cjxu+6Tb7rS1mAxDX0SEqlzbKlVPCaYV808jG2bl7F9r6x9N6zgXcD5HOC5jdGT3
7zUqHo8l6/n3Xt27lvKF
=eCcb
-----END PGP SIGNATURE-----

49
share/security/patches/SA-15:20/expat.patch Normal file
View file

@ -0,0 +1,49 @@
Index: contrib/expat/lib/xmlparse.c
===================================================================
--- contrib/expat/lib/xmlparse.c (revision 286868)
+++ contrib/expat/lib/xmlparse.c (working copy)
@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int is
void * XMLCALL
XML_GetBuffer(XML_Parser parser, int len)
{
+/* BEGIN MOZILLA CHANGE (sanity check len) */
+ if (len < 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
switch (ps_parsing) {
case XML_SUSPENDED:
errorCode = XML_ERROR_SUSPENDED;
@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len)
}
if (len > bufferLim - bufferEnd) {
- /* FIXME avoid integer overflow */
int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
+ if (neededSize < 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
#ifdef XML_CONTEXT_BYTES
int keep = (int)(bufferPtr - buffer);
@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len)
bufferSize = INIT_BUFFER_SIZE;
do {
bufferSize *= 2;
- } while (bufferSize < neededSize);
+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
+ } while (bufferSize < neededSize && bufferSize > 0);
+/* END MOZILLA CHANGE */
+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
+ if (bufferSize <= 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
newBuf = (char *)MALLOC(bufferSize);
if (newBuf == 0) {
errorCode = XML_ERROR_NO_MEMORY;

17
share/security/patches/SA-15:20/expat.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.7 (FreeBSD)
iQIcBAABCgAGBQJV05AbAAoJEO1n7NZdz2rnrksP/3jxGcKHjoTJLwf4k4Mgwrlw
rxROcgN1v78gvmKO8RvMSh+/xVIbkV0gDANwoKRilRkA4Pyf5s7adv2QzyrpqXIv
lz/gGOU6RZuA9jBtml/fRot4m7o2jXOlmVtnFFcg7rLHwKlH1x0lzWm4ynHH0cW7
a8ia6JOvaeTTvnclUIe69OEhucqgDh0+/mtDEfHTUvqBQ6P/JYt5vLYJ8uLdz+rs
mwHJDnoDq6Si0zprd75oqWY+k/pw70mYjhuPInm/skHgJNLVrmG4qqUk0krTNiHJ
tiXw1omNhcU6RKlUWSm33RvVZAoXUtVuezrN+49XufwpcggY0N38lFVVf3Qifqv7
GblmmQLgG4kpnwfJQTyRSHUbx8nB6US8c521gdEVJzaOiegBITtjT/oFP+tB5oXc
6lXDTqYFODSYnPObObWOxO26ZCsbEnDeDuG4DzAVzmznTyGcBmCUMga1PKDiEKpP
zmz5J/r+NqpQLBNxIkIrzgw9glH3mIYMci7Scx7GS7i5BsI9JXhxjybWlzofNh1/
1b3IbJFDFHyGYCkMXko0XSC8lVkmz4ycFxvRka06+T8veGqACjiDfmS5s9G2+mXt
rbzUgchdMXSKb264MU4Z9UPoRLwp9G0uYWaipmlohEZ21uA9rVv93USrXVnKnOB0
s+eP4ITZ2Q/lIej858xV
=cOv7
-----END PGP SIGNATURE-----

8
share/xml/advisories.xml
View file

@ -10,6 +10,14 @@
<month>
<name>8</name>
<day>
<name>18</name>
<advisory>
<name>FreeBSD-SA-15:20.expat</name>
</advisory>
</day>
<day>
<name>5</name>

20
share/xml/notices.xml
View file

@ -7,6 +7,26 @@
<year>
<name>2015</name>
<month>
<name>8</name>
<day>
<name>30</name>
<notice>
<name>FreeBSD-EN-15:13.vidcontrol</name>
</notice>
<notice>
<name>FreeBSD-EN-15:12.netstat</name>
</notice>
<notice>
<name>FreeBSD-EN-15:11.toolchain</name>
</notice>
</day>
</month>
<month>
<name>6</name>