Add EN-15:16 - EN-15:18.
This commit is contained in:
parent
f129700d05
commit
27146c98df
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=47415
12 changed files with 1947 additions and 0 deletions
share
security
advisories
patches
xml
125
share/security/advisories/FreeBSD-EN-15:16.pw.asc
Normal file
125
share/security/advisories/FreeBSD-EN-15:16.pw.asc
Normal file
|
@ -0,0 +1,125 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:16.pw Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Regression in pw(8) when creating numeric users or groups
|
||||
|
||||
Category: core
|
||||
Module: pw
|
||||
Announced: 2015-09-16
|
||||
Credits: Thierry Caillet, Baptiste Daroussin
|
||||
Affects: 10.2-RELEASE
|
||||
Corrected: 2015-08-23 21:42:27 UTC (stable/10, 10.2-STABLE)
|
||||
2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The pw(8) utility is used to create, remove, modify, and display system
|
||||
users and groups.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
The pw(8) utility will fail to create users and groups that only contain
|
||||
numeric values [0-9].
|
||||
|
||||
III. Impact
|
||||
|
||||
An attempt to create a user or group containing only numeric values will
|
||||
fail.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems configured to create users or groups
|
||||
that do not contain numeric-only names are not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch.asc
|
||||
# gpg --verify pw.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
A reboot of the running system is not necessary after installing the updated
|
||||
pw(8) utility.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r287084
|
||||
releng/10.2/ r287872
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<other info on vulnerability>
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:26.pw.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV+dpkAAoJEO1n7NZdz2rndhEQAKKeeQnj+Woggr6L1x8R3uTt
|
||||
q7ljwpAq2v3bMRQwMg/F3DOivcFAw9fn63u/siZLnZj0oqCCns0UT8ResHL6wMlD
|
||||
dVYav/npB/XeJTpqF6kuLKelqrzL+/YnU2lVe7SBQQibdszrn3sZSdeyF/XQrSOg
|
||||
Fqpa+xAP4/ZrSQviuyLe1AM1UI4RXVGssxmHO16zQTO+fp3cPmwP/wZ/Dlk/jnwa
|
||||
GugIuf/Vc7lzyDCtbOifRLLmiRo3IVoR7temMHEaBsTPClVzb+OHOdiD3aVYL6Vy
|
||||
Mp4oFBC7txmfIjDfmZ11EX4OBnCLpx3JEOAMTya0Mvo5PMLoymhu0RoWUyNXX4s7
|
||||
ThEjCaUWfEOYIDbP54ZCOrIooCvnjQFcs5MWys6tYO6iOOW96FUu4cV0ez8u+ukS
|
||||
Zz1b/TGEgks+/74mMgDO3z1FhGbJeRVFmQUUd+/ZboLIYhTOmop/puHLMpnSV0hY
|
||||
C0GSwhUtMD/E3a9AmyMoo9Wj1TySlxAmjb0kHPh0IpY0xPHmfXSJ17+LpGPeEHEj
|
||||
LLFRTHBiA/Qs/WJCSMy6XhztRJ2WPomqefhUtrh1mzzeJgQPX2yWRizvTboD0zAA
|
||||
yb4U22iuu1gkA7vEaOAW5RFGEKg3cGmHSqB/r0gZ20zazv0//l0Q8Sm0slP53kDs
|
||||
K+wCT8FF22Fgy0ZPw831
|
||||
=m4lo
|
||||
-----END PGP SIGNATURE-----
|
129
share/security/advisories/FreeBSD-EN-15:17.libc.asc
Normal file
129
share/security/advisories/FreeBSD-EN-15:17.libc.asc
Normal file
|
@ -0,0 +1,129 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:17.libc Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: libc incorrectly handles signals for multi-threaded processes
|
||||
|
||||
Category: core
|
||||
Module: libc
|
||||
Announced: 2015-09-16
|
||||
Credits: Konstantin Belousov
|
||||
Affects: FreeBSD 10.2
|
||||
Corrected: 2015-09-05 08:55:51 UTC (stable/10, 10.2-STABLE)
|
||||
2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The FreeBSD libc library is the core C runtime library which implements
|
||||
the ANSI C, POSIX APIs and BSD extensions for applications on top of the
|
||||
FreeBSD kernel. The internal operations of libc change when the threading
|
||||
library is loaded, ensuring service implementations are operational in
|
||||
multi-threaded environments, while avoiding unnecessary overhead for
|
||||
applications not utilizing threads. The implementation of some services
|
||||
is delegated to the threading library, for instance, the signal management.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Signal-related services, such as signal(3), sigprocmask(2), and sigwait(2)
|
||||
are not properly redirected to the threading library implementation when
|
||||
used by libc directly.
|
||||
|
||||
III. Impact
|
||||
|
||||
The full impact of the bug is difficult to enumerate precisely based on the
|
||||
nature of the problem, though some visible effects include runtime linker
|
||||
hang during signal delivery, and delivery of a signal to the application
|
||||
at an unexpected time.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:17/libc.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:17/libc.patch.asc
|
||||
# gpg --verify libc.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Reboot the system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r287480
|
||||
releng/10.2/ r287872
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:17.libc.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV+dppAAoJEO1n7NZdz2rnKb8P/1D1VyY3WoenCbDAx/diaqpf
|
||||
yFV5ncQBF2yQ+ADJ9WcGVmVqx4AjP56a2PGZ0YaEG/wUbqrfdzABfA+phr+tIm65
|
||||
7QaNcPFSnvtGUH28hXkGT4sf4tpb2H/dD3eGTz4a8Fp8KbDcnYyg0kvOlBo1m7l7
|
||||
kfPt0fBH9yn5nf36mI6hD7SsajLnh92pvHG0tIlojDDU34zgrqA408BV7nWM8tvf
|
||||
jZxS7dLm0ZXUnlwXohwuESqT+GTsANjIv8pldWLxBAN+0qJ6+ZMvhgknkN9pu42D
|
||||
Zi/Hb/C/g6HmeglXbHvAbFzdLLfcduY3B469CuPPYwm7qVmkJvsbsyj+Tq/OtswX
|
||||
r50fFALF3LcRVzuRwRXDUciXufw0AdBNMCykl0kfai2r2R1CHvtfGC2bLyZoRk21
|
||||
1Kr/uh/eMqBs6OyW14ASfB6jOtjInYnVMYyjNeo75qUYOj7z5ybieNfM5X1kNfs1
|
||||
7Qckinr0bW9o2MMAj4bewJ6KkLlN1YAQqa3lx4JipFz/jut/9L1XWzsJMYNT7N7J
|
||||
G/qOBGjoH1lF56VvtngOVYTOdsxdZfu0s8KweH8SyzZHsnf7jHeHinp/ECo36hR6
|
||||
+xQQO01w97xQLlKx5P0uODQb3aXMpfS3SjmSbGuAu60bXw74oMBeLlkSXR3t5DT+
|
||||
nw53+Y2BwV4yWz//iacR
|
||||
=lA5q
|
||||
-----END PGP SIGNATURE-----
|
137
share/security/advisories/FreeBSD-EN-15:18.pkg.asc
Normal file
137
share/security/advisories/FreeBSD-EN-15:18.pkg.asc
Normal file
|
@ -0,0 +1,137 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:18.pkg Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Implement pubkey support for pkg(7) bootstrap
|
||||
|
||||
Category: core
|
||||
Module: pkg
|
||||
Announced: 2015-09-16
|
||||
Credits: Baptiste Daroussin
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2015-09-15 05:56:16 UTC (stable/10, 10.2-STABLE)
|
||||
2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
|
||||
2015-09-16 21:00:21 UTC (releng/10.1, 10.1-RELEASE-p20)
|
||||
2015-09-15 08:34:32 UTC (stable/9, 9.3-STABLE)
|
||||
2015-09-16 21:00:21 UTC (releng/9.3, 9.3-RELEASE-p26)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The pkg(8) utility is the package management tool for FreeBSD. The base
|
||||
system includes a pkg(7) bootstrap utility used to install the latest
|
||||
pkg(8) utility.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
The pubkey method is not supported by the pkg(7) bootstrap utility.
|
||||
Previously, before EN-15:15.pkg, if the system administrator requested
|
||||
this method, it is silently ignored and no check is performed.
|
||||
|
||||
In EN-15:15.pkg, pkg(7) have been modified to issue warning and refuse
|
||||
to proceed any further.
|
||||
|
||||
III. Impact
|
||||
|
||||
There is no way to use the pubkey method to bootstrap pkg(8) on the
|
||||
system.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but the default FreeBSD configuration is not
|
||||
affected because it uses "fingerprint" method.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
[FreeBSD 10.x]
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-10.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-10.patch.asc
|
||||
# gpg --verify pkg-10.patch.asc
|
||||
|
||||
[FreeBSD 9.3]
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-9.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-9.patch.asc
|
||||
# gpg --verify pkg-9.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r287814
|
||||
releng/9.3/ r287873
|
||||
stable/10/ r287810
|
||||
releng/10.1/ r287873
|
||||
releng/10.2/ r287872
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:18.pkg.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV+dppAAoJEO1n7NZdz2rn9cUP/0CWVv/p9UJb53HzTjFJTmm3
|
||||
WS0eDqvGS9DS9G/QWsYUWqDQY+Sf9kIFpSQFjIxNbhGlxxRyYaU7hrn2fqbxdJvk
|
||||
wOlr+7Enui5d9dFLSYKuMfxY5dlyX+Y9WshdH5WI1I4jYrsEPrLc+YeJ7aaQ2QmP
|
||||
GbXHl21SenB32GxLh1/THuWPYRaMuOujbpO3DCbbTsxFfdgytUO3cbefvuKn4gfe
|
||||
Ol8yDUS9emD5mmD55uSuIvbOgywWFqpYGBcnAIwB5oRRKgJitbeZbXjOjyxCTVvT
|
||||
B3lBdPP6RIWnrMpBiQ9NPVWpYvk5jHnhUOfVDmVFIpG6UzRqqbLQVn4m2QoHmaxe
|
||||
eHNMuRT/Zpf5QIPZBpdVITz647V1M/gEb5GRnQ1B2JA0KXAxCsnt6qHPoG8JsrRW
|
||||
6G90QHjHqGLFtssGIILeCTRHJHYzjCxlRVWF8LgUgshQBbxpUmde6VedahdwKFel
|
||||
JG34M4Qxr9PIQ9u7UN4+bolxXtRSsUiKDtakYQs/NrnF48OZJSY98e4QG4tRsxvy
|
||||
cWcSsjkFbqzn/Z14KFb8zfygJCGdvOEOjl0Is44w+y9R8dddcwoFW3ufvsJi9KMc
|
||||
jQ622C+jZHa+fdUED4qJU9HDMEMDcMFH6Ule4JYwegBSq463keFX/gRoDvQK/eTS
|
||||
9KWvZ0KR3azq26fp7Ni4
|
||||
=ru1t
|
||||
-----END PGP SIGNATURE-----
|
20
share/security/patches/EN-15:16/pw.patch
Normal file
20
share/security/patches/EN-15:16/pw.patch
Normal file
|
@ -0,0 +1,20 @@
|
|||
Index: usr.sbin/pw/pw.c
|
||||
===================================================================
|
||||
--- usr.sbin/pw/pw.c (revision 287410)
|
||||
+++ usr.sbin/pw/pw.c (working copy)
|
||||
@@ -272,14 +272,7 @@
|
||||
errstr);
|
||||
break;
|
||||
case 'n':
|
||||
- if (strspn(optarg, "0123456789") != strlen(optarg)) {
|
||||
- name = optarg;
|
||||
- break;
|
||||
- }
|
||||
- id = strtonum(optarg, 0, LONG_MAX, &errstr);
|
||||
- if (errstr != NULL)
|
||||
- errx(EX_USAGE, "Bad id '%s': %s", optarg,
|
||||
- errstr);
|
||||
+ name = optarg;
|
||||
break;
|
||||
case 'o':
|
||||
conf.checkduplicate = false;
|
17
share/security/patches/EN-15:16/pw.patch.asc
Normal file
17
share/security/patches/EN-15:16/pw.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnarwQAOPy1lZk3bioNnSmfjgmofDK
|
||||
6GH/macYjrW96GYeeojKtMybdMS2WXjljBrcsF07vZrpGOy10N0keEja79V6UeLa
|
||||
XJXVZ627z2iDHlSYK8jnhf5LWG3oGBLElKr+toIPCY45w+gA2hPgnZg0NBpw/Qwv
|
||||
I3ktLoMMr7Ie9k9xLJ3g1ySHqALX1fPYowUUqBNSgazCiBNCPTH5kh1fj2sdPA6S
|
||||
COtgXMOPjS/f+7Q7ixGvsruJj66tOs73gzhaVLjoi52SYL0G71gxhPEJzA2dDnRi
|
||||
j+V4U/GXJrCp0UKP89TBksNoYm2dd/nIy1TOyqCV+SozFvwjmP/zx9fcBbCQGPaH
|
||||
5fdcqMGvfXGEYn7kcybslPX1dVhtBsVPc20us/jx1KjwOla0yGScqhwfzii+NHTF
|
||||
0hKNvzExDazJZf/EIAj2Nnrd4kcj3kCm/kNPy+ypF2WxoeDyJwFertCZfsGrXSIU
|
||||
ValKtb+AzXZ+SxTj3B5Rl3wY9OG+i8V4nR9PG7SHWP9s3GEa5GrQVWUcr8qbFEED
|
||||
stiJhUtxyHU8E20oGnyrQrGOUyjvq8gWvNtov7bln9tvnG91LLVMBnQNGsHIshzE
|
||||
/OP6hgAaaNL+6zQ0XgUMO+RpyKg4Zvj7jHpcHonuwQqUno1zcqGPU/m3GMlyWb/9
|
||||
Aydc6sgQYRTF5pvuYeba
|
||||
=4C+I
|
||||
-----END PGP SIGNATURE-----
|
771
share/security/patches/EN-15:17/libc.patch
Normal file
771
share/security/patches/EN-15:17/libc.patch
Normal file
|
@ -0,0 +1,771 @@
|
|||
Index: lib/libc/amd64/gen/setjmp.S
|
||||
===================================================================
|
||||
--- lib/libc/amd64/gen/setjmp.S (revision 287549)
|
||||
+++ lib/libc/amd64/gen/setjmp.S (working copy)
|
||||
@@ -55,7 +55,7 @@ ENTRY(setjmp)
|
||||
movq $0,%rsi /* (sigset_t*)set */
|
||||
leaq 72(%rcx),%rdx /* 9,10; (sigset_t*)oset */
|
||||
/* stack is 16-byte aligned */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
+ call __libc_sigprocmask
|
||||
popq %rdi
|
||||
movq %rdi,%rcx
|
||||
movq 0(%rsp),%rdx /* retval */
|
||||
@@ -83,7 +83,7 @@ ENTRY(__longjmp)
|
||||
leaq 72(%rdx),%rsi /* (sigset_t*)set */
|
||||
movq $0,%rdx /* (sigset_t*)oset */
|
||||
subq $0x8,%rsp /* make the stack 16-byte aligned */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
+ call __libc_sigprocmask
|
||||
addq $0x8,%rsp
|
||||
popq %rsi
|
||||
popq %rdi /* jmpbuf */
|
||||
Index: lib/libc/amd64/gen/sigsetjmp.S
|
||||
===================================================================
|
||||
--- lib/libc/amd64/gen/sigsetjmp.S (revision 287549)
|
||||
+++ lib/libc/amd64/gen/sigsetjmp.S (working copy)
|
||||
@@ -63,7 +63,7 @@ ENTRY(sigsetjmp)
|
||||
movq $0,%rsi /* (sigset_t*)set */
|
||||
leaq 72(%rcx),%rdx /* 9,10 (sigset_t*)oset */
|
||||
/* stack is 16-byte aligned */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
+ call __libc_sigprocmask
|
||||
popq %rdi
|
||||
2: movq %rdi,%rcx
|
||||
movq 0(%rsp),%rdx /* retval */
|
||||
@@ -92,7 +92,7 @@ ENTRY(__siglongjmp)
|
||||
leaq 72(%rdx),%rsi /* (sigset_t*)set */
|
||||
movq $0,%rdx /* (sigset_t*)oset */
|
||||
subq $0x8,%rsp /* make the stack 16-byte aligned */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
+ call __libc_sigprocmask
|
||||
addq $0x8,%rsp
|
||||
popq %rsi
|
||||
popq %rdi /* jmpbuf */
|
||||
Index: lib/libc/compat-43/sigcompat.c
|
||||
===================================================================
|
||||
--- lib/libc/compat-43/sigcompat.c (revision 287549)
|
||||
+++ lib/libc/compat-43/sigcompat.c (working copy)
|
||||
@@ -59,7 +59,7 @@ sigvec(signo, sv, osv)
|
||||
} else
|
||||
sap = NULL;
|
||||
osap = osv != NULL ? &osa : NULL;
|
||||
- ret = _sigaction(signo, sap, osap);
|
||||
+ ret = __libc_sigaction(signo, sap, osap);
|
||||
if (ret == 0 && osv != NULL) {
|
||||
osv->sv_handler = osa.sa_handler;
|
||||
osv->sv_flags = osa.sa_flags ^ SV_INTERRUPT;
|
||||
@@ -77,7 +77,7 @@ sigsetmask(mask)
|
||||
|
||||
sigemptyset(&set);
|
||||
set.__bits[0] = mask;
|
||||
- n = _sigprocmask(SIG_SETMASK, &set, &oset);
|
||||
+ n = __libc_sigprocmask(SIG_SETMASK, &set, &oset);
|
||||
if (n)
|
||||
return (n);
|
||||
return (oset.__bits[0]);
|
||||
@@ -92,7 +92,7 @@ sigblock(mask)
|
||||
|
||||
sigemptyset(&set);
|
||||
set.__bits[0] = mask;
|
||||
- n = _sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
+ n = __libc_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
if (n)
|
||||
return (n);
|
||||
return (oset.__bits[0]);
|
||||
@@ -105,7 +105,7 @@ sigpause(int mask)
|
||||
|
||||
sigemptyset(&set);
|
||||
set.__bits[0] = mask;
|
||||
- return (_sigsuspend(&set));
|
||||
+ return (__libc_sigsuspend(&set));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -113,11 +113,11 @@ xsi_sigpause(int sig)
|
||||
{
|
||||
sigset_t set;
|
||||
|
||||
- if (_sigprocmask(SIG_BLOCK, NULL, &set) == -1)
|
||||
+ if (__libc_sigprocmask(SIG_BLOCK, NULL, &set) == -1)
|
||||
return (-1);
|
||||
if (sigdelset(&set, sig) == -1)
|
||||
return (-1);
|
||||
- return (_sigsuspend(&set));
|
||||
+ return (__libc_sigsuspend(&set));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -128,7 +128,7 @@ sighold(int sig)
|
||||
sigemptyset(&set);
|
||||
if (sigaddset(&set, sig) == -1)
|
||||
return (-1);
|
||||
- return (_sigprocmask(SIG_BLOCK, &set, NULL));
|
||||
+ return (__libc_sigprocmask(SIG_BLOCK, &set, NULL));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -138,7 +138,7 @@ sigignore(int sig)
|
||||
|
||||
bzero(&sa, sizeof(sa));
|
||||
sa.sa_handler = SIG_IGN;
|
||||
- return (_sigaction(sig, &sa, NULL));
|
||||
+ return (__libc_sigaction(sig, &sa, NULL));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -149,7 +149,7 @@ sigrelse(int sig)
|
||||
sigemptyset(&set);
|
||||
if (sigaddset(&set, sig) == -1)
|
||||
return (-1);
|
||||
- return (_sigprocmask(SIG_UNBLOCK, &set, NULL));
|
||||
+ return (__libc_sigprocmask(SIG_UNBLOCK, &set, NULL));
|
||||
}
|
||||
|
||||
void
|
||||
@@ -161,26 +161,26 @@ void
|
||||
sigemptyset(&set);
|
||||
if (sigaddset(&set, sig) == -1)
|
||||
return (SIG_ERR);
|
||||
- if (_sigprocmask(SIG_BLOCK, NULL, &pset) == -1)
|
||||
+ if (__libc_sigprocmask(SIG_BLOCK, NULL, &pset) == -1)
|
||||
return (SIG_ERR);
|
||||
if ((__sighandler_t *)disp == SIG_HOLD) {
|
||||
- if (_sigprocmask(SIG_BLOCK, &set, &pset) == -1)
|
||||
+ if (__libc_sigprocmask(SIG_BLOCK, &set, &pset) == -1)
|
||||
return (SIG_ERR);
|
||||
if (sigismember(&pset, sig))
|
||||
return (SIG_HOLD);
|
||||
else {
|
||||
- if (_sigaction(sig, NULL, &psa) == -1)
|
||||
+ if (__libc_sigaction(sig, NULL, &psa) == -1)
|
||||
return (SIG_ERR);
|
||||
return (psa.sa_handler);
|
||||
}
|
||||
} else {
|
||||
- if (_sigprocmask(SIG_UNBLOCK, &set, &pset) == -1)
|
||||
+ if (__libc_sigprocmask(SIG_UNBLOCK, &set, &pset) == -1)
|
||||
return (SIG_ERR);
|
||||
}
|
||||
|
||||
bzero(&sa, sizeof(sa));
|
||||
sa.sa_handler = disp;
|
||||
- if (_sigaction(sig, &sa, &psa) == -1)
|
||||
+ if (__libc_sigaction(sig, &sa, &psa) == -1)
|
||||
return (SIG_ERR);
|
||||
if (sigismember(&pset, sig))
|
||||
return (SIG_HOLD);
|
||||
Index: lib/libc/db/btree/bt_open.c
|
||||
===================================================================
|
||||
--- lib/libc/db/btree/bt_open.c (revision 287549)
|
||||
+++ lib/libc/db/btree/bt_open.c (working copy)
|
||||
@@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
#include <db.h>
|
||||
#include "btree.h"
|
||||
@@ -401,10 +402,10 @@ tmp(void)
|
||||
}
|
||||
|
||||
(void)sigfillset(&set);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
if ((fd = mkostemp(path, O_CLOEXEC)) != -1)
|
||||
(void)unlink(path);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
return(fd);
|
||||
}
|
||||
|
||||
Index: lib/libc/db/hash/hash_page.c
|
||||
===================================================================
|
||||
--- lib/libc/db/hash/hash_page.c (revision 287549)
|
||||
+++ lib/libc/db/hash/hash_page.c (working copy)
|
||||
@@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <assert.h>
|
||||
#endif
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
#include <db.h>
|
||||
#include "hash.h"
|
||||
@@ -861,10 +862,10 @@ open_temp(HTAB *hashp)
|
||||
|
||||
/* Block signals; make sure file goes away at process exit. */
|
||||
(void)sigfillset(&set);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
if ((hashp->fp = mkostemp(path, O_CLOEXEC)) != -1)
|
||||
(void)unlink(path);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);
|
||||
return (hashp->fp != -1 ? 0 : -1);
|
||||
}
|
||||
|
||||
Index: lib/libc/gen/daemon.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/daemon.c (revision 287549)
|
||||
+++ lib/libc/gen/daemon.c (working copy)
|
||||
@@ -41,10 +41,10 @@ __FBSDID("$FreeBSD$");
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
int
|
||||
-daemon(nochdir, noclose)
|
||||
- int nochdir, noclose;
|
||||
+daemon(int nochdir, int noclose)
|
||||
{
|
||||
struct sigaction osa, sa;
|
||||
int fd;
|
||||
@@ -56,7 +56,7 @@ int
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sa.sa_handler = SIG_IGN;
|
||||
sa.sa_flags = 0;
|
||||
- osa_ok = _sigaction(SIGHUP, &sa, &osa);
|
||||
+ osa_ok = __libc_sigaction(SIGHUP, &sa, &osa);
|
||||
|
||||
switch (fork()) {
|
||||
case -1:
|
||||
@@ -74,7 +74,7 @@ int
|
||||
newgrp = setsid();
|
||||
oerrno = errno;
|
||||
if (osa_ok != -1)
|
||||
- _sigaction(SIGHUP, &osa, NULL);
|
||||
+ __libc_sigaction(SIGHUP, &osa, NULL);
|
||||
|
||||
if (newgrp == -1) {
|
||||
errno = oerrno;
|
||||
Index: lib/libc/gen/posix_spawn.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/posix_spawn.c (revision 287549)
|
||||
+++ lib/libc/gen/posix_spawn.c (working copy)
|
||||
@@ -118,15 +118,18 @@ process_spawnattr(const posix_spawnattr_t sa)
|
||||
return (errno);
|
||||
}
|
||||
|
||||
- /* Set signal masks/defaults */
|
||||
+ /*
|
||||
+ * Set signal masks/defaults.
|
||||
+ * Use unwrapped syscall, libthr is in undefined state after vfork().
|
||||
+ */
|
||||
if (sa->sa_flags & POSIX_SPAWN_SETSIGMASK) {
|
||||
- _sigprocmask(SIG_SETMASK, &sa->sa_sigmask, NULL);
|
||||
+ __sys_sigprocmask(SIG_SETMASK, &sa->sa_sigmask, NULL);
|
||||
}
|
||||
|
||||
if (sa->sa_flags & POSIX_SPAWN_SETSIGDEF) {
|
||||
for (i = 1; i <= _SIG_MAXSIG; i++) {
|
||||
if (sigismember(&sa->sa_sigdefault, i))
|
||||
- if (_sigaction(i, &sigact, NULL) != 0)
|
||||
+ if (__sys_sigaction(i, &sigact, NULL) != 0)
|
||||
return (errno);
|
||||
}
|
||||
}
|
||||
Index: lib/libc/gen/readpassphrase.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/readpassphrase.c (revision 287549)
|
||||
+++ lib/libc/gen/readpassphrase.c (working copy)
|
||||
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <unistd.h>
|
||||
#include <readpassphrase.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
static volatile sig_atomic_t signo[NSIG];
|
||||
|
||||
@@ -104,15 +105,15 @@ restart:
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sa.sa_flags = 0; /* don't restart system calls */
|
||||
sa.sa_handler = handler;
|
||||
- (void)_sigaction(SIGALRM, &sa, &savealrm);
|
||||
- (void)_sigaction(SIGHUP, &sa, &savehup);
|
||||
- (void)_sigaction(SIGINT, &sa, &saveint);
|
||||
- (void)_sigaction(SIGPIPE, &sa, &savepipe);
|
||||
- (void)_sigaction(SIGQUIT, &sa, &savequit);
|
||||
- (void)_sigaction(SIGTERM, &sa, &saveterm);
|
||||
- (void)_sigaction(SIGTSTP, &sa, &savetstp);
|
||||
- (void)_sigaction(SIGTTIN, &sa, &savettin);
|
||||
- (void)_sigaction(SIGTTOU, &sa, &savettou);
|
||||
+ (void)__libc_sigaction(SIGALRM, &sa, &savealrm);
|
||||
+ (void)__libc_sigaction(SIGHUP, &sa, &savehup);
|
||||
+ (void)__libc_sigaction(SIGINT, &sa, &saveint);
|
||||
+ (void)__libc_sigaction(SIGPIPE, &sa, &savepipe);
|
||||
+ (void)__libc_sigaction(SIGQUIT, &sa, &savequit);
|
||||
+ (void)__libc_sigaction(SIGTERM, &sa, &saveterm);
|
||||
+ (void)__libc_sigaction(SIGTSTP, &sa, &savetstp);
|
||||
+ (void)__libc_sigaction(SIGTTIN, &sa, &savettin);
|
||||
+ (void)__libc_sigaction(SIGTTOU, &sa, &savettou);
|
||||
|
||||
if (!(flags & RPP_STDIN))
|
||||
(void)_write(output, prompt, strlen(prompt));
|
||||
@@ -142,15 +143,15 @@ restart:
|
||||
errno == EINTR && !signo[SIGTTOU])
|
||||
continue;
|
||||
}
|
||||
- (void)_sigaction(SIGALRM, &savealrm, NULL);
|
||||
- (void)_sigaction(SIGHUP, &savehup, NULL);
|
||||
- (void)_sigaction(SIGINT, &saveint, NULL);
|
||||
- (void)_sigaction(SIGQUIT, &savequit, NULL);
|
||||
- (void)_sigaction(SIGPIPE, &savepipe, NULL);
|
||||
- (void)_sigaction(SIGTERM, &saveterm, NULL);
|
||||
- (void)_sigaction(SIGTSTP, &savetstp, NULL);
|
||||
- (void)_sigaction(SIGTTIN, &savettin, NULL);
|
||||
- (void)_sigaction(SIGTTOU, &savettou, NULL);
|
||||
+ (void)__libc_sigaction(SIGALRM, &savealrm, NULL);
|
||||
+ (void)__libc_sigaction(SIGHUP, &savehup, NULL);
|
||||
+ (void)__libc_sigaction(SIGINT, &saveint, NULL);
|
||||
+ (void)__libc_sigaction(SIGQUIT, &savequit, NULL);
|
||||
+ (void)__libc_sigaction(SIGPIPE, &savepipe, NULL);
|
||||
+ (void)__libc_sigaction(SIGTERM, &saveterm, NULL);
|
||||
+ (void)__libc_sigaction(SIGTSTP, &savetstp, NULL);
|
||||
+ (void)__libc_sigaction(SIGTTIN, &savettin, NULL);
|
||||
+ (void)__libc_sigaction(SIGTTOU, &savettou, NULL);
|
||||
if (input != STDIN_FILENO)
|
||||
(void)_close(input);
|
||||
|
||||
Index: lib/libc/gen/setmode.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/setmode.c (revision 287549)
|
||||
+++ lib/libc/gen/setmode.c (working copy)
|
||||
@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
#define SET_LEN 6 /* initial # of bitcmd struct to malloc */
|
||||
#define SET_LEN_INCR 4 /* # of bitcmd structs to add as needed */
|
||||
@@ -187,10 +188,10 @@ setmode(const char *p)
|
||||
* as best we can.
|
||||
*/
|
||||
sigfillset(&sigset);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &sigset, &sigoset);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &sigset, &sigoset);
|
||||
(void)umask(mask = umask(0));
|
||||
mask = ~mask;
|
||||
- (void)_sigprocmask(SIG_SETMASK, &sigoset, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &sigoset, NULL);
|
||||
|
||||
setlen = SET_LEN + 2;
|
||||
|
||||
Index: lib/libc/gen/siginterrupt.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/siginterrupt.c (revision 287549)
|
||||
+++ lib/libc/gen/siginterrupt.c (working copy)
|
||||
@@ -43,14 +43,13 @@ __FBSDID("$FreeBSD$");
|
||||
* after an instance of the indicated signal.
|
||||
*/
|
||||
int
|
||||
-siginterrupt(sig, flag)
|
||||
- int sig, flag;
|
||||
+siginterrupt(int sig, int flag)
|
||||
{
|
||||
extern sigset_t _sigintr __hidden;
|
||||
struct sigaction sa;
|
||||
int ret;
|
||||
|
||||
- if ((ret = _sigaction(sig, (struct sigaction *)0, &sa)) < 0)
|
||||
+ if ((ret = __libc_sigaction(sig, (struct sigaction *)0, &sa)) < 0)
|
||||
return (ret);
|
||||
if (flag) {
|
||||
sigaddset(&_sigintr, sig);
|
||||
@@ -59,5 +58,5 @@ int
|
||||
sigdelset(&_sigintr, sig);
|
||||
sa.sa_flags |= SA_RESTART;
|
||||
}
|
||||
- return (_sigaction(sig, &sa, (struct sigaction *)0));
|
||||
+ return (__libc_sigaction(sig, &sa, (struct sigaction *)0));
|
||||
}
|
||||
Index: lib/libc/gen/signal.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/signal.c (revision 287549)
|
||||
+++ lib/libc/gen/signal.c (working copy)
|
||||
@@ -44,9 +44,7 @@ __FBSDID("$FreeBSD$");
|
||||
sigset_t _sigintr __hidden; /* shared with siginterrupt */
|
||||
|
||||
sig_t
|
||||
-signal(s, a)
|
||||
- int s;
|
||||
- sig_t a;
|
||||
+signal(int s, sig_t a)
|
||||
{
|
||||
struct sigaction sa, osa;
|
||||
|
||||
@@ -55,7 +53,7 @@ sig_t
|
||||
sa.sa_flags = 0;
|
||||
if (!sigismember(&_sigintr, s))
|
||||
sa.sa_flags |= SA_RESTART;
|
||||
- if (_sigaction(s, &sa, &osa) < 0)
|
||||
+ if (__libc_sigaction(s, &sa, &osa) < 0)
|
||||
return (SIG_ERR);
|
||||
return (osa.sa_handler);
|
||||
}
|
||||
Index: lib/libc/gen/wordexp.c
|
||||
===================================================================
|
||||
--- lib/libc/gen/wordexp.c (revision 287549)
|
||||
+++ lib/libc/gen/wordexp.c (working copy)
|
||||
@@ -38,6 +38,7 @@
|
||||
#include <unistd.h>
|
||||
#include <wordexp.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
@@ -127,12 +128,12 @@ we_askshell(const char *words, wordexp_t *we, int
|
||||
return (WRDE_NOSPACE); /* XXX */
|
||||
(void)sigemptyset(&newsigblock);
|
||||
(void)sigaddset(&newsigblock, SIGCHLD);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
|
||||
if ((pid = fork()) < 0) {
|
||||
serrno = errno;
|
||||
_close(pdes[0]);
|
||||
_close(pdes[1]);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
errno = serrno;
|
||||
return (WRDE_NOSPACE); /* XXX */
|
||||
}
|
||||
@@ -141,7 +142,7 @@ we_askshell(const char *words, wordexp_t *we, int
|
||||
* We are the child; just get /bin/sh to run the wordexp
|
||||
* builtin on `words'.
|
||||
*/
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
if ((pdes[1] != STDOUT_FILENO ?
|
||||
_dup2(pdes[1], STDOUT_FILENO) :
|
||||
_fcntl(pdes[1], F_SETFD, 0)) < 0)
|
||||
@@ -210,7 +211,7 @@ cleanup:
|
||||
do
|
||||
wpid = _waitpid(pid, &status, 0);
|
||||
while (wpid < 0 && errno == EINTR);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
if (error != 0) {
|
||||
errno = serrno;
|
||||
return (error);
|
||||
Index: lib/libc/i386/gen/setjmp.S
|
||||
===================================================================
|
||||
--- lib/libc/i386/gen/setjmp.S (revision 287549)
|
||||
+++ lib/libc/i386/gen/setjmp.S (working copy)
|
||||
@@ -50,21 +50,12 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
ENTRY(setjmp)
|
||||
movl 4(%esp),%ecx
|
||||
- PIC_PROLOGUE
|
||||
-#ifdef PIC
|
||||
- subl $12,%esp /* make the stack 16-byte aligned */
|
||||
-#endif
|
||||
leal 28(%ecx), %eax
|
||||
pushl %eax /* (sigset_t*)oset */
|
||||
pushl $0 /* (sigset_t*)set */
|
||||
pushl $1 /* SIG_BLOCK */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
-#ifdef PIC
|
||||
- addl $24,%esp
|
||||
-#else
|
||||
+ call __libc_sigprocmask
|
||||
addl $12,%esp
|
||||
-#endif
|
||||
- PIC_EPILOGUE
|
||||
movl 4(%esp),%ecx
|
||||
movl 0(%esp),%edx
|
||||
movl %edx, 0(%ecx)
|
||||
@@ -82,21 +73,12 @@ END(setjmp)
|
||||
.set CNAME(longjmp),CNAME(__longjmp)
|
||||
ENTRY(__longjmp)
|
||||
movl 4(%esp),%edx
|
||||
- PIC_PROLOGUE
|
||||
-#ifdef PIC
|
||||
- subl $12,%esp /* make the stack 16-byte aligned */
|
||||
-#endif
|
||||
pushl $0 /* (sigset_t*)oset */
|
||||
leal 28(%edx), %eax
|
||||
pushl %eax /* (sigset_t*)set */
|
||||
pushl $3 /* SIG_SETMASK */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
-#ifdef PIC
|
||||
- addl $24,%esp
|
||||
-#else
|
||||
+ call __libc_sigprocmask
|
||||
addl $12,%esp
|
||||
-#endif
|
||||
- PIC_EPILOGUE
|
||||
movl 4(%esp),%edx
|
||||
movl 8(%esp),%eax
|
||||
movl 0(%edx),%ecx
|
||||
Index: lib/libc/i386/gen/sigsetjmp.S
|
||||
===================================================================
|
||||
--- lib/libc/i386/gen/sigsetjmp.S (revision 287549)
|
||||
+++ lib/libc/i386/gen/sigsetjmp.S (working copy)
|
||||
@@ -59,21 +59,12 @@ ENTRY(sigsetjmp)
|
||||
movl %eax,44(%ecx)
|
||||
testl %eax,%eax
|
||||
jz 2f
|
||||
- PIC_PROLOGUE
|
||||
-#ifdef PIC
|
||||
- subl $12,%esp /* make the stack 16-byte aligned */
|
||||
-#endif
|
||||
leal 28(%ecx), %eax
|
||||
pushl %eax /* (sigset_t*)oset */
|
||||
pushl $0 /* (sigset_t*)set */
|
||||
pushl $1 /* SIG_BLOCK */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
-#ifdef PIC
|
||||
- addl $24,%esp
|
||||
-#else
|
||||
+ call __libc_sigprocmask
|
||||
addl $12,%esp
|
||||
-#endif
|
||||
- PIC_EPILOGUE
|
||||
movl 4(%esp),%ecx
|
||||
2: movl 0(%esp),%edx
|
||||
movl %edx, 0(%ecx)
|
||||
@@ -93,21 +84,12 @@ ENTRY(__siglongjmp)
|
||||
movl 4(%esp),%edx
|
||||
cmpl $0,44(%edx)
|
||||
jz 2f
|
||||
- PIC_PROLOGUE
|
||||
-#ifdef PIC
|
||||
- subl $12,%esp /* make the stack 16-byte aligned */
|
||||
-#endif
|
||||
pushl $0 /* (sigset_t*)oset */
|
||||
leal 28(%edx), %eax
|
||||
pushl %eax /* (sigset_t*)set */
|
||||
pushl $3 /* SIG_SETMASK */
|
||||
- call PIC_PLT(CNAME(_sigprocmask))
|
||||
-#ifdef PIC
|
||||
- addl $24,%esp
|
||||
-#else
|
||||
+ call __libc_sigprocmask
|
||||
addl $12,%esp
|
||||
-#endif
|
||||
- PIC_EPILOGUE
|
||||
movl 4(%esp),%edx
|
||||
2: movl 8(%esp),%eax
|
||||
movl 0(%edx),%ecx
|
||||
Index: lib/libc/include/libc_private.h
|
||||
===================================================================
|
||||
--- lib/libc/include/libc_private.h (revision 287549)
|
||||
+++ lib/libc/include/libc_private.h (working copy)
|
||||
@@ -368,6 +368,11 @@ __pid_t __sys_wait6(enum idtype, __id_t, int *, i
|
||||
__ssize_t __sys_write(int, const void *, __size_t);
|
||||
__ssize_t __sys_writev(int, const struct iovec *, int);
|
||||
|
||||
+int __libc_sigaction(int, const struct sigaction *,
|
||||
+ struct sigaction *) __hidden;
|
||||
+int __libc_sigprocmask(int, const __sigset_t *, __sigset_t *)
|
||||
+ __hidden;
|
||||
+int __libc_sigsuspend(const __sigset_t *) __hidden;
|
||||
int __libc_sigwait(const __sigset_t * __restrict,
|
||||
int * restrict sig);
|
||||
int __libc_system(const char *);
|
||||
Index: lib/libc/net/rcmd.c
|
||||
===================================================================
|
||||
--- lib/libc/net/rcmd.c (revision 287549)
|
||||
+++ lib/libc/net/rcmd.c (working copy)
|
||||
@@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
|
||||
#endif
|
||||
#include <arpa/nameser.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
extern int innetgr( const char *, const char *, const char *, const char * );
|
||||
|
||||
@@ -148,7 +149,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
|
||||
refused = 0;
|
||||
sigemptyset(&newmask);
|
||||
sigaddset(&newmask, SIGURG);
|
||||
- _sigprocmask(SIG_BLOCK, (const sigset_t *)&newmask, &oldmask);
|
||||
+ __libc_sigprocmask(SIG_BLOCK, (const sigset_t *)&newmask, &oldmask);
|
||||
for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
|
||||
s = rresvport_af(&lport, ai->ai_family);
|
||||
if (s < 0) {
|
||||
@@ -163,7 +164,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
|
||||
(void)fprintf(stderr, "rcmd: socket: %s\n",
|
||||
strerror(errno));
|
||||
freeaddrinfo(res);
|
||||
- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
|
||||
+ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
|
||||
NULL);
|
||||
return (-1);
|
||||
}
|
||||
@@ -181,7 +182,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
|
||||
(void)fprintf(stderr, "%s: %s\n",
|
||||
*ahost, strerror(errno));
|
||||
freeaddrinfo(res);
|
||||
- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
|
||||
+ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
|
||||
NULL);
|
||||
return (-1);
|
||||
}
|
||||
@@ -306,7 +307,7 @@ again:
|
||||
}
|
||||
goto bad2;
|
||||
}
|
||||
- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
|
||||
+ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
|
||||
freeaddrinfo(res);
|
||||
return (s);
|
||||
bad2:
|
||||
@@ -314,7 +315,7 @@ bad2:
|
||||
(void)_close(*fd2p);
|
||||
bad:
|
||||
(void)_close(s);
|
||||
- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
|
||||
+ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
|
||||
freeaddrinfo(res);
|
||||
return (-1);
|
||||
}
|
||||
Index: lib/libc/stdio/tmpfile.c
|
||||
===================================================================
|
||||
--- lib/libc/stdio/tmpfile.c (revision 287549)
|
||||
+++ lib/libc/stdio/tmpfile.c (working copy)
|
||||
@@ -46,9 +46,10 @@ __FBSDID("$FreeBSD$");
|
||||
#include <string.h>
|
||||
#include <paths.h>
|
||||
#include "un-namespace.h"
|
||||
+#include "libc_private.h"
|
||||
|
||||
FILE *
|
||||
-tmpfile()
|
||||
+tmpfile(void)
|
||||
{
|
||||
sigset_t set, oset;
|
||||
FILE *fp;
|
||||
@@ -69,7 +70,7 @@ FILE *
|
||||
return (NULL);
|
||||
|
||||
sigfillset(&set);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
|
||||
|
||||
fd = mkstemp(buf);
|
||||
if (fd != -1)
|
||||
@@ -77,7 +78,7 @@ FILE *
|
||||
|
||||
free(buf);
|
||||
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
|
||||
if (fd == -1)
|
||||
return (NULL);
|
||||
Index: lib/libc/stdlib/abort.c
|
||||
===================================================================
|
||||
--- lib/libc/stdlib/abort.c (revision 287549)
|
||||
+++ lib/libc/stdlib/abort.c (working copy)
|
||||
@@ -61,7 +61,7 @@ abort()
|
||||
* any errors -- ISO C doesn't allow abort to return anyway.
|
||||
*/
|
||||
sigdelset(&act.sa_mask, SIGABRT);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
|
||||
(void)raise(SIGABRT);
|
||||
|
||||
/*
|
||||
@@ -71,9 +71,9 @@ abort()
|
||||
act.sa_handler = SIG_DFL;
|
||||
act.sa_flags = 0;
|
||||
sigfillset(&act.sa_mask);
|
||||
- (void)_sigaction(SIGABRT, &act, NULL);
|
||||
+ (void)__libc_sigaction(SIGABRT, &act, NULL);
|
||||
sigdelset(&act.sa_mask, SIGABRT);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
|
||||
(void)raise(SIGABRT);
|
||||
exit(1);
|
||||
}
|
||||
Index: lib/libc/stdlib/system.c
|
||||
===================================================================
|
||||
--- lib/libc/stdlib/system.c (revision 287549)
|
||||
+++ lib/libc/stdlib/system.c (working copy)
|
||||
@@ -70,16 +70,20 @@ __libc_system(const char *command)
|
||||
(void)sigaddset(&newsigblock, SIGCHLD);
|
||||
(void)sigaddset(&newsigblock, SIGINT);
|
||||
(void)sigaddset(&newsigblock, SIGQUIT);
|
||||
- (void)_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
|
||||
+ (void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
|
||||
switch(pid = vfork()) {
|
||||
+ /*
|
||||
+ * In the child, use unwrapped syscalls. libthr is in
|
||||
+ * undefined state after vfork().
|
||||
+ */
|
||||
case -1: /* error */
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
return (-1);
|
||||
case 0: /* child */
|
||||
/*
|
||||
* Restore original signal dispositions and exec the command.
|
||||
*/
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ (void)__sys_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
execl(_PATH_BSHELL, "sh", "-c", command, (char *)NULL);
|
||||
_exit(127);
|
||||
}
|
||||
@@ -92,16 +96,16 @@ __libc_system(const char *command)
|
||||
memset(&ign, 0, sizeof(ign));
|
||||
ign.sa_handler = SIG_IGN;
|
||||
(void)sigemptyset(&ign.sa_mask);
|
||||
- (void)_sigaction(SIGINT, &ign, &intact);
|
||||
- (void)_sigaction(SIGQUIT, &ign, &quitact);
|
||||
+ (void)__libc_sigaction(SIGINT, &ign, &intact);
|
||||
+ (void)__libc_sigaction(SIGQUIT, &ign, &quitact);
|
||||
savedpid = pid;
|
||||
do {
|
||||
pid = _wait4(savedpid, &pstat, 0, (struct rusage *)0);
|
||||
} while (pid == -1 && errno == EINTR);
|
||||
- (void)_sigaction(SIGINT, &intact, NULL);
|
||||
- (void)_sigaction(SIGQUIT, &quitact, NULL);
|
||||
- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
- return(pid == -1 ? -1 : pstat);
|
||||
+ (void)__libc_sigaction(SIGINT, &intact, NULL);
|
||||
+ (void)__libc_sigaction(SIGQUIT, &quitact, NULL);
|
||||
+ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
|
||||
+ return (pid == -1 ? -1 : pstat);
|
||||
}
|
||||
|
||||
__weak_reference(__libc_system, __system);
|
||||
Index: lib/libc/sys/sigaction.c
|
||||
===================================================================
|
||||
--- lib/libc/sys/sigaction.c (revision 287549)
|
||||
+++ lib/libc/sys/sigaction.c (working copy)
|
||||
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include "libc_private.h"
|
||||
|
||||
__weak_reference(__sys_sigaction, __sigaction);
|
||||
+__weak_reference(sigaction, __libc_sigaction);
|
||||
|
||||
#pragma weak sigaction
|
||||
int
|
||||
Index: lib/libc/sys/sigprocmask.c
|
||||
===================================================================
|
||||
--- lib/libc/sys/sigprocmask.c (revision 287549)
|
||||
+++ lib/libc/sys/sigprocmask.c (working copy)
|
||||
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include "libc_private.h"
|
||||
|
||||
__weak_reference(__sys_sigprocmask, __sigprocmask);
|
||||
+__weak_reference(sigprocmask, __libc_sigprocmask);
|
||||
|
||||
#pragma weak sigprocmask
|
||||
int
|
||||
Index: lib/libc/sys/sigsuspend.c
|
||||
===================================================================
|
||||
--- lib/libc/sys/sigsuspend.c (revision 287549)
|
||||
+++ lib/libc/sys/sigsuspend.c (working copy)
|
||||
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include "libc_private.h"
|
||||
|
||||
__weak_reference(__sys_sigsuspend, __sigsuspend);
|
||||
+__weak_reference(sigsuspend, __libc_sigsuspend);
|
||||
|
||||
#pragma weak sigsuspend
|
||||
int
|
17
share/security/patches/EN-15:17/libc.patch.asc
Normal file
17
share/security/patches/EN-15:17/libc.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rn2C4QAMDDczxpTAeDoMkZB3TUT21G
|
||||
sXpFS4/YvZUWTrXgKTFmHP9vy2wzE0u2TU2sFq/h8lJ6WMiKi7siP92/eb9CJWlY
|
||||
5LzgKiAgVpTrmXWJUPraBPGjSdgKs3hW3nzwfWqnQi0EH4Wv0rGSLyQoY1N4N1A4
|
||||
W1tg/GRSkoyCko3RlvnE3nGnR8h+rbQiWw6dlDf2+IARwJWb66O8riHfrHpkinfo
|
||||
IoEMnRQttIoeNsSFAVEnWSBkZYs9eSRkSZMgsBPSGgTNMXjO3MwimKkcOVoJshim
|
||||
zekorHKeUEtz77AUqFnpyGE/GFobkYJD/Dc5tyBYNaZv4eCzWDB2o8wDqR/35U1A
|
||||
peLD1w7cJkKdjklsb5apWby8ccM5EwS6JTiuce3y5o6gGoDc6EhhsmJbpKazKHVy
|
||||
SjnFWiLHW3D/J3W/seDNo5Gz1Tq/zpJ74OUqT1YrkVfTTRYUcHDpeerHpy4hTwGF
|
||||
kTaHYTBMifwJP3FZJwZ3UfafN/0hUguiPQJwVONt7lKl8tpOU/EQ4cFPLKf/Thns
|
||||
SXnOFINEwPrW+J+aQ/ZkA+7RsTYHW5appRcIjjIeQVexWUKf+ICZBq3Pc/iZLTET
|
||||
D49+Dt2T0fBT7kIv1yZ1rePzYZ2kWiruLiWMw55WbComgbYEc9LPKw0qHWMPw4h1
|
||||
RLPHdFcVjvF5HzlkoHnr
|
||||
=RjtR
|
||||
-----END PGP SIGNATURE-----
|
320
share/security/patches/EN-15:18/pkg-10.patch
Normal file
320
share/security/patches/EN-15:18/pkg-10.patch
Normal file
|
@ -0,0 +1,320 @@
|
|||
Index: usr.sbin/pkg/config.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/config.c (revision 287854)
|
||||
+++ usr.sbin/pkg/config.c (working copy)
|
||||
@@ -131,6 +131,15 @@ static struct config_entry c[] = {
|
||||
false,
|
||||
true,
|
||||
},
|
||||
+ [PUBKEY] = {
|
||||
+ PKG_CONFIG_STRING,
|
||||
+ "PUBKEY",
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ false,
|
||||
+ false
|
||||
+ }
|
||||
};
|
||||
|
||||
static int
|
||||
@@ -231,6 +240,8 @@ config_parse(const ucl_object_t *obj, pkg_conf_fil
|
||||
sbuf_cpy(buf, "SIGNATURE_TYPE");
|
||||
else if (strcasecmp(key, "fingerprints") == 0)
|
||||
sbuf_cpy(buf, "FINGERPRINTS");
|
||||
+ else if (strcasecmp(key, "pubkey") == 0)
|
||||
+ sbuf_cpy(buf, "PUBKEY");
|
||||
else if (strcasecmp(key, "enabled") == 0) {
|
||||
if ((cur->type != UCL_BOOLEAN) ||
|
||||
!ucl_object_toboolean(cur))
|
||||
Index: usr.sbin/pkg/config.h
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/config.h (revision 287854)
|
||||
+++ usr.sbin/pkg/config.h (working copy)
|
||||
@@ -40,6 +40,7 @@ typedef enum {
|
||||
SIGNATURE_TYPE,
|
||||
FINGERPRINTS,
|
||||
REPOS_DIR,
|
||||
+ PUBKEY,
|
||||
CONFIG_SIZE
|
||||
} pkg_config_key;
|
||||
|
||||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 287854)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -65,6 +65,11 @@ struct sig_cert {
|
||||
bool trusted;
|
||||
};
|
||||
|
||||
+struct pubkey {
|
||||
+ unsigned char *sig;
|
||||
+ int siglen;
|
||||
+};
|
||||
+
|
||||
typedef enum {
|
||||
HASH_UNKNOWN,
|
||||
HASH_SHA256,
|
||||
@@ -470,6 +475,25 @@ cleanup:
|
||||
}
|
||||
|
||||
static EVP_PKEY *
|
||||
+load_public_key_file(const char *file)
|
||||
+{
|
||||
+ EVP_PKEY *pkey;
|
||||
+ BIO *bp;
|
||||
+ char errbuf[1024];
|
||||
+
|
||||
+ bp = BIO_new_file(file, "r");
|
||||
+ if (!bp)
|
||||
+ errx(EXIT_FAILURE, "Unable to read %s", file);
|
||||
+
|
||||
+ if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL)
|
||||
+ warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf));
|
||||
+
|
||||
+ BIO_free(bp);
|
||||
+
|
||||
+ return (pkey);
|
||||
+}
|
||||
+
|
||||
+static EVP_PKEY *
|
||||
load_public_key_buf(const unsigned char *cert, int certlen)
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
@@ -487,8 +511,8 @@ load_public_key_buf(const unsigned char *cert, int
|
||||
}
|
||||
|
||||
static bool
|
||||
-rsa_verify_cert(int fd, const unsigned char *key, int keylen,
|
||||
- unsigned char *sig, int siglen)
|
||||
+rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key,
|
||||
+ int keylen, unsigned char *sig, int siglen)
|
||||
{
|
||||
EVP_MD_CTX *mdctx;
|
||||
EVP_PKEY *pkey;
|
||||
@@ -500,6 +524,8 @@ static bool
|
||||
mdctx = NULL;
|
||||
ret = false;
|
||||
|
||||
+ SSL_load_error_strings();
|
||||
+
|
||||
/* Compute SHA256 of the package. */
|
||||
if (lseek(fd, 0, 0) == -1) {
|
||||
warn("lseek");
|
||||
@@ -510,9 +536,16 @@ static bool
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if ((pkey = load_public_key_buf(key, keylen)) == NULL) {
|
||||
- warnx("Error reading public key");
|
||||
- goto cleanup;
|
||||
+ if (sigfile != NULL) {
|
||||
+ if ((pkey = load_public_key_file(sigfile)) == NULL) {
|
||||
+ warnx("Error reading public key");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if ((pkey = load_public_key_buf(key, keylen)) == NULL) {
|
||||
+ warnx("Error reading public key");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Verify signature of the SHA256(pkg) is valid. */
|
||||
@@ -552,6 +585,35 @@ cleanup:
|
||||
return (ret);
|
||||
}
|
||||
|
||||
+static struct pubkey *
|
||||
+read_pubkey(int fd)
|
||||
+{
|
||||
+ struct pubkey *pk;
|
||||
+ struct sbuf *sig;
|
||||
+ char buf[4096];
|
||||
+ int r;
|
||||
+
|
||||
+ if (lseek(fd, 0, 0) == -1) {
|
||||
+ warn("lseek");
|
||||
+ return (NULL);
|
||||
+ }
|
||||
+
|
||||
+ sig = sbuf_new_auto();
|
||||
+
|
||||
+ while ((r = read(fd, buf, sizeof(buf))) >0) {
|
||||
+ sbuf_bcat(sig, buf, r);
|
||||
+ }
|
||||
+
|
||||
+ sbuf_finish(sig);
|
||||
+ pk = calloc(1, sizeof(struct pubkey));
|
||||
+ pk->siglen = sbuf_len(sig);
|
||||
+ pk->sig = calloc(1, pk->siglen);
|
||||
+ memcpy(pk->sig, sbuf_data(sig), pk->siglen);
|
||||
+ sbuf_delete(sig);
|
||||
+
|
||||
+ return (pk);
|
||||
+}
|
||||
+
|
||||
static struct sig_cert *
|
||||
parse_cert(int fd) {
|
||||
int my_fd;
|
||||
@@ -625,6 +687,45 @@ parse_cert(int fd) {
|
||||
}
|
||||
|
||||
static bool
|
||||
+verify_pubsignature(int fd_pkg, int fd_sig)
|
||||
+{
|
||||
+ struct pubkey *pk;
|
||||
+ const char *pubkey;
|
||||
+ bool ret;
|
||||
+
|
||||
+ pk = NULL;
|
||||
+ pubkey = NULL;
|
||||
+ ret = false;
|
||||
+ if (config_string(PUBKEY, &pubkey) != 0) {
|
||||
+ warnx("No CONFIG_PUBKEY defined");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((pk = read_pubkey(fd_sig)) == NULL) {
|
||||
+ warnx("Error reading signature");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ /* Verify the signature. */
|
||||
+ printf("Verifying signature with public key %s... ", pubkey);
|
||||
+ if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig,
|
||||
+ pk->siglen) == false) {
|
||||
+ fprintf(stderr, "Signature is not valid\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ ret = true;
|
||||
+
|
||||
+cleanup:
|
||||
+ if (pk) {
|
||||
+ free(pk->sig);
|
||||
+ free(pk);
|
||||
+ }
|
||||
+
|
||||
+ return (ret);
|
||||
+}
|
||||
+
|
||||
+static bool
|
||||
verify_signature(int fd_pkg, int fd_sig)
|
||||
{
|
||||
struct fingerprint_list *trusted, *revoked;
|
||||
@@ -702,7 +803,7 @@ verify_signature(int fd_pkg, int fd_sig)
|
||||
|
||||
/* Verify the signature. */
|
||||
printf("Verifying signature with trusted certificate %s... ", sc->name);
|
||||
- if (rsa_verify_cert(fd_pkg, sc->cert, sc->certlen, sc->sig,
|
||||
+ if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig,
|
||||
sc->siglen) == false) {
|
||||
fprintf(stderr, "Signature is not valid\n");
|
||||
goto cleanup;
|
||||
@@ -768,24 +869,42 @@ bootstrap_pkg(bool force)
|
||||
|
||||
if (signature_type != NULL &&
|
||||
strcasecmp(signature_type, "NONE") != 0) {
|
||||
- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+
|
||||
+ snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
|
||||
+ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
+ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
|
||||
+ packagesite);
|
||||
+
|
||||
+ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto fetchfail;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
|
||||
+
|
||||
+ snprintf(tmpsig, MAXPATHLEN,
|
||||
+ "%s/pkg.txz.pubkeysig.XXXXXX",
|
||||
+ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
+ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.pubkeysig",
|
||||
+ packagesite);
|
||||
+
|
||||
+ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto fetchfail;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_pubsignature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+ } else {
|
||||
warnx("Signature type %s is not supported for "
|
||||
"bootstrapping.", signature_type);
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
- snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
|
||||
- getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
- snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
|
||||
- packagesite);
|
||||
-
|
||||
- if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
- fprintf(stderr, "Signature for pkg not available.\n");
|
||||
- goto fetchfail;
|
||||
- }
|
||||
-
|
||||
- if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
- goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
|
||||
@@ -862,21 +981,37 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
|
||||
}
|
||||
if (signature_type != NULL &&
|
||||
strcasecmp(signature_type, "NONE") != 0) {
|
||||
- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+
|
||||
+ snprintf(path, sizeof(path), "%s.sig", pkgpath);
|
||||
+
|
||||
+ if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
|
||||
+
|
||||
+ snprintf(path, sizeof(path), "%s.pubkeysig", pkgpath);
|
||||
+
|
||||
+ if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_pubsignature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ } else {
|
||||
warnx("Signature type %s is not supported for "
|
||||
"bootstrapping.", signature_type);
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
- snprintf(path, sizeof(path), "%s.sig", pkgpath);
|
||||
-
|
||||
- if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
- fprintf(stderr, "Signature for pkg not available.\n");
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
- goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
|
17
share/security/patches/EN-15:18/pkg-10.patch.asc
Normal file
17
share/security/patches/EN-15:18/pkg-10.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnbogP/3iMJ97jTQzuwDxcGM/QwOuL
|
||||
nvh5/Q0/8wj9yunL2YwlhZBEpL4Z73/SAgiyle6kjZTJIQBiVnLU4C9zmx7K2Nop
|
||||
vAEhYc/pFc+iZKQWdQatL0LcWDhg+9eOEiy9AwaxTYQ8PM5XHv7blQ8LAboGwNnP
|
||||
P8hyDquMJVYWjd0haqIZMTBKI8a9/kyO0e8QAjfKXZIrS3wOiAEGFfD2cUUKEzvv
|
||||
MNsuz4RECKw+r+sZlHk2XJYmiJfvzw0Nc/6qEejt0XhsXeePEY8/wk9EOkL6SX9p
|
||||
EOEXQ9QvgwkZvpDgn38cXTSzfZi9/Fr+S+mFTyBKRAICB8v1nrccKzQ6VONun6c+
|
||||
fwb5K/IiF5VP5x7SRNv0bqF3CwmdTJBGflN6kYFstUNSbZEnAa5YNBukOX0QozzW
|
||||
p2EBQyPF8zyeBbwuYCuyLcyIGDi2Oda9SDqEBL8Nj3un07yP2qSFuKBGhPESPGm4
|
||||
qwSSzcQqf3PdIG81NjFhvVyQ8gVambvglVS6uCcF3Wy/UGoYz3srFLOeuh5EDCYw
|
||||
ClyIFgJUj9o9eQoi3Efw/SmEVdp6IhPAJai3SVuXkU2LUMp3X3XxmA1ZmvWnxyBO
|
||||
WDglAKFiUSQD9miFc4kkJBohB0JGl0FsiWV/axE1SZEpaSUkbemwJz7E+NczHRQh
|
||||
2N5QEydvrxCZ5SswDIL3
|
||||
=TPCJ
|
||||
-----END PGP SIGNATURE-----
|
357
share/security/patches/EN-15:18/pkg-9.patch
Normal file
357
share/security/patches/EN-15:18/pkg-9.patch
Normal file
|
@ -0,0 +1,357 @@
|
|||
Index: usr.sbin/pkg/config.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/config.c (revision 287854)
|
||||
+++ usr.sbin/pkg/config.c (working copy)
|
||||
@@ -131,6 +131,15 @@ static struct config_entry c[] = {
|
||||
false,
|
||||
true,
|
||||
},
|
||||
+ [PUBKEY] = {
|
||||
+ PKG_CONFIG_STRING,
|
||||
+ "PUBKEY",
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ false,
|
||||
+ false
|
||||
+ }
|
||||
};
|
||||
|
||||
static const char *
|
||||
@@ -347,6 +356,8 @@ config_parse(ucl_object_t *obj, pkg_conf_file_t co
|
||||
sbuf_cpy(buf, "SIGNATURE_TYPE");
|
||||
else if (strcasecmp(key, "fingerprints") == 0)
|
||||
sbuf_cpy(buf, "FINGERPRINTS");
|
||||
+ else if (strcasecmp(key, "pubkey") == 0)
|
||||
+ sbuf_cpy(buf, "PUBKEY");
|
||||
else if (strcasecmp(key, "enabled") == 0) {
|
||||
if ((cur->type != UCL_BOOLEAN) ||
|
||||
!ucl_object_toboolean(cur))
|
||||
Index: usr.sbin/pkg/config.h
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/config.h (revision 287854)
|
||||
+++ usr.sbin/pkg/config.h (working copy)
|
||||
@@ -40,6 +40,7 @@ typedef enum {
|
||||
SIGNATURE_TYPE,
|
||||
FINGERPRINTS,
|
||||
REPOS_DIR,
|
||||
+ PUBKEY,
|
||||
CONFIG_SIZE
|
||||
} pkg_config_key;
|
||||
|
||||
Index: usr.sbin/pkg/pkg.c
|
||||
===================================================================
|
||||
--- usr.sbin/pkg/pkg.c (revision 287854)
|
||||
+++ usr.sbin/pkg/pkg.c (working copy)
|
||||
@@ -47,7 +47,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
-#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <ucl.h>
|
||||
|
||||
@@ -66,6 +65,11 @@ struct sig_cert {
|
||||
bool trusted;
|
||||
};
|
||||
|
||||
+struct pubkey {
|
||||
+ unsigned char *sig;
|
||||
+ int siglen;
|
||||
+};
|
||||
+
|
||||
typedef enum {
|
||||
HASH_UNKNOWN,
|
||||
HASH_SHA256,
|
||||
@@ -176,14 +180,11 @@ fetch_to_fd(const char *url, char *path)
|
||||
/* To store _https._tcp. + hostname + \0 */
|
||||
int fd;
|
||||
int retry, max_retry;
|
||||
- off_t done, r;
|
||||
- time_t now, last;
|
||||
+ ssize_t r;
|
||||
char buf[10240];
|
||||
char zone[MAXHOSTNAMELEN + 13];
|
||||
static const char *mirror_type = NULL;
|
||||
|
||||
- done = 0;
|
||||
- last = 0;
|
||||
max_retry = 3;
|
||||
current = mirrors = NULL;
|
||||
remote = NULL;
|
||||
@@ -233,19 +234,16 @@ fetch_to_fd(const char *url, char *path)
|
||||
}
|
||||
}
|
||||
|
||||
- while (done < st.size) {
|
||||
- if ((r = fread(buf, 1, sizeof(buf), remote)) < 1)
|
||||
- break;
|
||||
-
|
||||
+ while ((r = fread(buf, 1, sizeof(buf), remote)) > 0) {
|
||||
if (write(fd, buf, r) != r) {
|
||||
warn("write()");
|
||||
goto fetchfail;
|
||||
}
|
||||
+ }
|
||||
|
||||
- done += r;
|
||||
- now = time(NULL);
|
||||
- if (now > last || done == st.size)
|
||||
- last = now;
|
||||
+ if (r != 0) {
|
||||
+ warn("An error occurred while fetching pkg(8)");
|
||||
+ goto fetchfail;
|
||||
}
|
||||
|
||||
if (ferror(remote))
|
||||
@@ -480,6 +478,29 @@ cleanup:
|
||||
}
|
||||
|
||||
static RSA *
|
||||
+load_rsa_public_key_file(const char *file)
|
||||
+{
|
||||
+ RSA *rsa = NULL;
|
||||
+ BIO *bp;
|
||||
+ char errbuf[1024];
|
||||
+
|
||||
+ bp = BIO_new_file(file, "r");
|
||||
+ if (!bp)
|
||||
+ errx(EXIT_FAILURE, "Unable to read %s", file);
|
||||
+
|
||||
+ if (!PEM_read_bio_RSA_PUBKEY(bp, &rsa, NULL, NULL)) {
|
||||
+ warn("error reading public key: %s",
|
||||
+ ERR_error_string(ERR_get_error(), errbuf));
|
||||
+ BIO_free(bp);
|
||||
+ return (NULL);
|
||||
+ }
|
||||
+
|
||||
+ BIO_free(bp);
|
||||
+
|
||||
+ return (rsa);
|
||||
+}
|
||||
+
|
||||
+static RSA *
|
||||
load_rsa_public_key_buf(unsigned char *cert, int certlen)
|
||||
{
|
||||
RSA *rsa = NULL;
|
||||
@@ -499,8 +520,8 @@ load_rsa_public_key_buf(unsigned char *cert, int c
|
||||
|
||||
|
||||
static bool
|
||||
-rsa_verify_cert(int fd, unsigned char *key, int keylen,
|
||||
- unsigned char *sig, int siglen)
|
||||
+rsa_verify_cert(int fd, const char *sigfile, unsigned char *key,
|
||||
+ int keylen, unsigned char *sig, int siglen)
|
||||
{
|
||||
char sha256[SHA256_DIGEST_LENGTH *2 +1];
|
||||
char hash[SHA256_DIGEST_LENGTH];
|
||||
@@ -517,7 +538,11 @@ static bool
|
||||
|
||||
sha256_buf_bin(sha256, strlen(sha256), hash);
|
||||
|
||||
- rsa = load_rsa_public_key_buf(key, keylen);
|
||||
+ if (sigfile != NULL) {
|
||||
+ rsa = load_rsa_public_key_file(sigfile);
|
||||
+ } else {
|
||||
+ rsa = load_rsa_public_key_buf(key, keylen);
|
||||
+ }
|
||||
if (rsa == NULL)
|
||||
return (false);
|
||||
ret = RSA_verify(NID_sha256, hash, sizeof(hash), sig, siglen, rsa);
|
||||
@@ -532,6 +557,35 @@ static bool
|
||||
return (true);
|
||||
}
|
||||
|
||||
+static struct pubkey *
|
||||
+read_pubkey(int fd)
|
||||
+{
|
||||
+ struct pubkey *pk;
|
||||
+ struct sbuf *sig;
|
||||
+ char buf[4096];
|
||||
+ int r;
|
||||
+
|
||||
+ if (lseek(fd, 0, 0) == -1) {
|
||||
+ warn("lseek");
|
||||
+ return (NULL);
|
||||
+ }
|
||||
+
|
||||
+ sig = sbuf_new_auto();
|
||||
+
|
||||
+ while ((r = read(fd, buf, sizeof(buf))) >0) {
|
||||
+ sbuf_bcat(sig, buf, r);
|
||||
+ }
|
||||
+
|
||||
+ sbuf_finish(sig);
|
||||
+ pk = calloc(1, sizeof(struct pubkey));
|
||||
+ pk->siglen = sbuf_len(sig);
|
||||
+ pk->sig = calloc(1, pk->siglen);
|
||||
+ memcpy(pk->sig, sbuf_data(sig), pk->siglen);
|
||||
+ sbuf_delete(sig);
|
||||
+
|
||||
+ return (pk);
|
||||
+}
|
||||
+
|
||||
static struct sig_cert *
|
||||
parse_cert(int fd) {
|
||||
int my_fd;
|
||||
@@ -605,6 +659,45 @@ parse_cert(int fd) {
|
||||
}
|
||||
|
||||
static bool
|
||||
+verify_pubsignature(int fd_pkg, int fd_sig)
|
||||
+{
|
||||
+ struct pubkey *pk;
|
||||
+ const char *pubkey;
|
||||
+ bool ret;
|
||||
+
|
||||
+ pk = NULL;
|
||||
+ pubkey = NULL;
|
||||
+ ret = false;
|
||||
+ if (config_string(PUBKEY, &pubkey) != 0) {
|
||||
+ warnx("No CONFIG_PUBKEY defined");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((pk = read_pubkey(fd_sig)) == NULL) {
|
||||
+ warnx("Error reading signature");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ /* Verify the signature. */
|
||||
+ printf("Verifying signature with public key %s... ", pubkey);
|
||||
+ if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig,
|
||||
+ pk->siglen) == false) {
|
||||
+ fprintf(stderr, "Signature is not valid\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ ret = true;
|
||||
+
|
||||
+cleanup:
|
||||
+ if (pk) {
|
||||
+ free(pk->sig);
|
||||
+ free(pk);
|
||||
+ }
|
||||
+
|
||||
+ return (ret);
|
||||
+}
|
||||
+
|
||||
+static bool
|
||||
verify_signature(int fd_pkg, int fd_sig)
|
||||
{
|
||||
struct fingerprint_list *trusted, *revoked;
|
||||
@@ -682,7 +775,7 @@ verify_signature(int fd_pkg, int fd_sig)
|
||||
|
||||
/* Verify the signature. */
|
||||
printf("Verifying signature with trusted certificate %s... ", sc->name);
|
||||
- if (rsa_verify_cert(fd_pkg, sc->cert, sc->certlen, sc->sig,
|
||||
+ if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig,
|
||||
sc->siglen) == false) {
|
||||
printf("failed\n");
|
||||
fprintf(stderr, "Signature is not valid\n");
|
||||
@@ -750,24 +843,42 @@ bootstrap_pkg(bool force)
|
||||
|
||||
if (signature_type != NULL &&
|
||||
strcasecmp(signature_type, "NONE") != 0) {
|
||||
- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+
|
||||
+ snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
|
||||
+ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
+ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
|
||||
+ packagesite);
|
||||
+
|
||||
+ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto fetchfail;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
|
||||
+
|
||||
+ snprintf(tmpsig, MAXPATHLEN,
|
||||
+ "%s/pkg.txz.pubkeysig.XXXXXX",
|
||||
+ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
+ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.pubkeysig",
|
||||
+ packagesite);
|
||||
+
|
||||
+ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto fetchfail;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_pubsignature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+ } else {
|
||||
warnx("Signature type %s is not supported for "
|
||||
"bootstrapping.", signature_type);
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
- snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
|
||||
- getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
|
||||
- snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
|
||||
- packagesite);
|
||||
-
|
||||
- if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
|
||||
- fprintf(stderr, "Signature for pkg not available.\n");
|
||||
- goto fetchfail;
|
||||
- }
|
||||
-
|
||||
- if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
- goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
|
||||
@@ -841,21 +952,37 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
|
||||
}
|
||||
if (signature_type != NULL &&
|
||||
strcasecmp(signature_type, "NONE") != 0) {
|
||||
- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
|
||||
+ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
|
||||
+
|
||||
+ snprintf(path, sizeof(path), "%s.sig", pkgpath);
|
||||
+
|
||||
+ if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
|
||||
+
|
||||
+ snprintf(path, sizeof(path), "%s.pubkeysig", pkgpath);
|
||||
+
|
||||
+ if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
+ fprintf(stderr, "Signature for pkg not "
|
||||
+ "available.\n");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (verify_pubsignature(fd_pkg, fd_sig) == false)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ } else {
|
||||
warnx("Signature type %s is not supported for "
|
||||
"bootstrapping.", signature_type);
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
- snprintf(path, sizeof(path), "%s.sig", pkgpath);
|
||||
-
|
||||
- if ((fd_sig = open(path, O_RDONLY)) == -1) {
|
||||
- fprintf(stderr, "Signature for pkg not available.\n");
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- if (verify_signature(fd_pkg, fd_sig) == false)
|
||||
- goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
|
17
share/security/patches/EN-15:18/pkg-9.patch.asc
Normal file
17
share/security/patches/EN-15:18/pkg-9.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.8 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnLWcP/1zQAgu+QIRE2D8yqeV+SeRe
|
||||
qTOY0rkBqHoIaFw7HfzN/bkK5+niWwKf2GCienwLJ7JAmxcOkE1lthjfe4eUBWMx
|
||||
0pWxGfY77barfwNbbXM/yEYGqlVtzDK7o9QmVOar48SQDm3w2bCIF1C+MMDmP2UT
|
||||
M9voEUGG2JjgYDu9nW3JdqUiX2UEJwq47XE/n+imAWOef7f4rHNFeJB4CdS99xAV
|
||||
iuJaS6GqhGKLjHXUiQd6Er4VxbwMyrCf+yfoAtul8xY95og4f0TJPcVcbpll+Dw5
|
||||
kwxRIaL+6AfBPGq6GIMvBP/2Cu84c/GmoLWmS/PQqJe+AUcUGxy+mNJHKFXrqyTB
|
||||
4ewgRiFd30H4b5pwMjSlQx5RMZGnbXzUiuuU1tMy2rd+zJGAQE/maIdIfS0rJUUx
|
||||
xJ9bPSfkf18K6QUtltSLhMOfOEmxIthBtxSbtUGpNFBhh/DN6qaDnQWL2ve6DzRR
|
||||
N+2P89Om2LjFZZI2rulOF8lDvBV2rqbGU9sU8qEl6BoabJhC01RFFxwAkEAy5NYa
|
||||
djF17XTFBJ2EtltaySlQGY0cdGstl7ISdfttWrKr3VFf1ZFa1RHWRkdI63ARsf7u
|
||||
E9wNeIyDJFvhkiCMcERcBECAc3NZtze8Lnx7ArBgX9omL+zjssufFVqOsguA908t
|
||||
acyV6BWgVpt1sWgzk+IP
|
||||
=I0E2
|
||||
-----END PGP SIGNATURE-----
|
|
@ -7,6 +7,26 @@
|
|||
<year>
|
||||
<name>2015</name>
|
||||
|
||||
<month>
|
||||
<name>9</name>
|
||||
|
||||
<day>
|
||||
<name>16</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:18.pkg</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:17.libc</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:16.pw</name>
|
||||
</notice>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>8</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue