os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Revise EN-15:08, add EN-15:09.xlocale and EN-15:10.iconv.

Browse source
This commit is contained in:
Xin LI 2015-06-30 23:36:51 +00:00
parent 0413d7e930
commit e53a87ba89
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=46903
10 changed files with 552 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

100
share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
View file

@ -9,27 +9,32 @@ Topic: sendmail TLS/DH Interoperability Improvement
Category: contrib
Module: sendmail
Announced: 2015-06-18
Announced: 2015-06-18; Last revised on 2015-06-30.
Credits: Frank Seltzer, Gregory Shapiro
Affects: All supported versions of FreeBSD.
Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13)
2015-06-17 03:11:25 UTC (stable/9, 9.3-STABLE)
2015-06-18 05:36:45 UTC (releng/9.3, 9.3-RELEASE-p17)
2015-06-17 03:22:18 UTC (stable/8, 8.4-STABLE)
2015-06-18 05:36:45 UTC (releng/8.4, 8.4-RELEASE-p31)
Corrected: 2015-06-25 01:49:44 UTC (stable/10, 10.1-STABLE)
2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
2015-06-25 01:53:45 UTC (stable/9, 9.3-STABLE)
2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
2015-06-25 01:56:36 UTC (stable/8, 8.4-STABLE)
2015-06-30 23:21:59 UTC (releng/8.4, 8.4-RELEASE-p32)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
0. Revision history
v1.0 2015-06-18 Initial release.
v1.1 2015-06-30 Revised patch for non-existent DH parameter file.
I. Background
sendmail supports STARTTLS encrypted connections using DHE_EXPORT
ciphers. As part of that support, by default, sendmail employs 1024-bit
DH parameters for server connections and 512-bit DH parameters for
client connections.
Sendmail supports STARTTLS encrypted connections using DHE_EXPORT
ciphers. As part of that support, by default, Sendmail employs 1024-bit
DH parameters for server connections but 512-bit DH parameters if
configured to use a DH parameter file that does not exist.
II. Problem Description
@ -39,14 +44,16 @@ parameters during negotiation, thereby reducing interoperability.
III. Impact
In its default configuration, client connections from sendmail to other
SMTP servers will not be able to negotiate a STARTTLS encrypted session
with SMTP servers which reject 512-bit DH parameters. This may cause
mail deliverability issues for outbound mail.
In its default FreeBSD configuration, client connections from Sendmail
to other SMTP servers will not be able to negotiate a STARTTLS encrypted
session with SMTP servers that reject 512-bit DH parameters. This may
cause mail deliverability issues for outbound mail.
IV. Workaround
To work around this interoperability, sendmail can be configured to use
Systems that do not use Sendmail are not affected.
To work around this interoperability, Sendmail can be configured to use
a 1024 or 2048 bit DH parameter using these steps:
1. Edit /etc/mail/`hostname`.mc
@ -59,20 +66,17 @@ a 1024 or 2048 bit DH parameter using these steps:
for 2048-bit or:
openssl dhparam -out /path/to/file 1024
for 1024-bit.
4. If you have modified your MSP submission configuration
file to enable STARTTLS (not enabled by default), repeat
the above steps for /etc/mail/`hostname`.submit.mc.
5. Rebuild the .cf file(s):
cd /etc/mail/; make; make install
6. Restart sendmail:
cd /etc/mail/; make restart
Systems that do not use sendmail are not affected.
4. Rebuild the .cf file:
cd /etc/mail/; make; make install
5. Restart sendmail:
cd /etc/mail/; make restart
V. Solution
A change to the raise the default for sendmail client connections to
1024-bit DH parameters has been committed.
A change to the raise the default for Sendmail connections to use
1024-bit DH parameters if the configured DH parameters file does not
exist has been committed.
Perform one of the following:
@ -99,6 +103,10 @@ detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc
# gpg --verify sendmail.patch.asc
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch.asc
# gpg --verify sendmail.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@ -107,7 +115,7 @@ b) Apply the patch. Execute the following commands as root:
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the sendmail daemon(s), or reboot the system.
Restart the Sendmail daemon(s), or reboot the system.
VI. Correction details
@ -116,12 +124,12 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r284491
releng/8.4/ r284536
stable/9/ r284488
releng/9.3/ r284536
stable/10/ r284485
releng/10.1/ r284536
stable/8/ r284790
releng/8.4/ r284987
stable/9/ r284788
releng/9.3/ r284986
stable/10/ r284786
releng/10.1/ r284985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@ -141,17 +149,17 @@ https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAEBCgAGBQJVgllYAAoJEO1n7NZdz2rnsY0QAIKcqNxRed97fvmxvL9kX1In
CpdKO0Cso8EhCDOKJzmSYR49QZc6CNtPflbgbK2wktiHptmK87R+xODyIWBR1q8T
peMoevr942gCUZzrA259cLaWJGC7MZer5G9SIsB7cnMJox/QcHmQysDONfu1PRjf
T8T3/q24230PnBBJpR1SNDMOPAc1YLMetEZ3ue72ToG9pd6gAXN8I9N1ZUPY/6dd
9/urhdQnxlX5RB3JnqujueJvCrcstInZ8grtKOmTfPSUcWGL++dwu6YH34ORwKDh
wiI8U+qyg1Lq5vGx6srDOkGAhiSbYi177PV1RCNTxY28yGVvhiiSnLSsIesZBcoB
pVYcefBJeqcXNuQC5jsGKHEbti9X3bhHnThOaOBOvrooEGcc7/DuP02BZiNOWDvV
3axT+iFzJdZ1sZktdUQl65zqVBSDASTFz5uG/nTUFASj0W4+vVEghy6FAxlf3aBO
eV9tqxeUozt0nSb/44n2u2GHRplWWS1KEE3N+skN5IT4RfZaNvTVtZ0s1fRv6Jum
YNut6TGiVIyTACP0JjS2TkGC3kdPrqweZSQ6xnfrgOSCS+3w2nR1aqaGJ3aCIm/b
9ixFFIW03LhBH2fl4Y68+CbAlIgGd0zigbRds1IGxRSUxR8AKBngqC+KQUFCOSnY
snl4x6f2t36abWYgneaP
=mvxv
iQIcBAEBCgAGBQJVkyZLAAoJEO1n7NZdz2rnsdsP/2+xJUiaNWialSFlTwE75sHC
vN/CrkceLw6QrUi5U0PpQdI7xP/y8Cspj/vDCNUbHlkK8WfA5G8J6WhyyaVxMREG
aZTPHFBn0/IeP2vxlyf0PLq6hL1KtasOQNjDEasUMb4uclaE+hn3QxrWk+KGoe8B
8rZHYS6Y9gOfWLJj7Rvf6T6TEtKf8Mz1cBfn7lRQbF7yDwkvNDpmNv7BhTQOM5rw
/2q2i4ZjuZT4AX0IaSzZLC1dEyxuUKqAxMV1D+F1WYBQqMUwnoJLMAETmWXphuSa
QGDNU0w3PbAJrgK06qeLSswVo/r/5h+kjra5eL17MPKZPO+sWHv9E1jS7wUsbsFB
RE7kcafgWcN9S0TBldyuFo9g8nwjsWq4uooSLrf8pG8y7U6FtXbgyitS3BNVKT7i
9GqzTi89HKPefnPQR5wfJIl9YXgKvWJ/FNei7MpGTl2LGKHSd2P/21+OoIjfNeQl
hYOP9uWDrk3Uf7gJVrJOobMfme5Zb1/LDSQegTIFjzQ0Iac1p4nqj53rzG2Nufyx
/Y93rKOz280NCS193buARcl4KmFp9oGaJTjVG9Cthu8FUFlCkCeZl13ZrhDufKBS
z2ZEwkIYFamOFjbhCUJ5wm3gsozV7bzAOSRQEFEzzLDlYGPv2RPDAlgREcuzxr8N
OhK1HFcIqXbXRthWN7Sp
=ibhZ
-----END PGP SIGNATURE-----

129
share/security/advisories/FreeBSD-EN-15:09.xlocale.asc Normal file
View file

@ -0,0 +1,129 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:09.xlocale Errata Notice
The FreeBSD Project
Topic: Inconsistency between locale and rune locale states
Category: core
Module: libc
Announced: 2015-06-30
Credits: David Chisnall
Affects: FreeBSD 9.x and FreeBSD 10.x.
Corrected: 2015-06-17 19:12:18 UTC (stable/10, 10.1-STABLE)
2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
2015-06-17 19:13:13 UTC (stable/9, 9.3-STABLE)
2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
Recent FreeBSD releases have support to thread-safe and extended locale API,
modeled after the Darwin xlocale(3) API.
The C standard locale API was reimplemented as a wrapper of the xlocale(3)
API with a global locale in order to support its semantics.
II. Problem Description
The locale and rune locale may become out of sync, in which case calls of
mb* and similar functions would be supplied with wrong data.
III. Impact
Applications that uses xlocale but does not call setlocale(3) would crash.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch
# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch.asc
# gpg --verify xlocale.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r284525
releng/9.3/ r284986
stable/10/ r284524
releng/10.1/ r284985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/188036>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:09.locale.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnitMQAK5jY0n9Kv0VDwP5J4EXdcHZ
SOEE8n5O+bwWxVFWkqGGZrPQiUuJt6ujrAJb2iSeUtKIa2E84TLDVjmWGtyqP/RN
rLlRjVVQo14EhSScRI54oUeAYpoBWU8oRtFiixFbw24gFEW/ZeovFxQUY1Waueuy
Xpx28cmqQ3KG/T+Ujq1edHrtMpqwsBQd93eHRFSjtWaMrxmjnr4ln66AerdPQAYx
ib2rznxy+MCF0rmHbTsYnpZKZ1DupcyU7YkOdhVTk8cviL44wPGaCrA9Oaf6Q2hW
NTek9h5VQhvmhWaPsUZTGbQYPkvFjvEbmKOxRV+Mtf+UBt2y7SoqACpP1BbCC77n
8uRGdI8MPpC1j9RHZ5miWz4NkA3W1Pa/oi66PRhenzXgDe9Ua4aykklqnINhOrgm
ZBCLz1DXnx4WyeW2FIf7Z9GGcF3sUd9RU2e4H0WI3uZ75PT7p/zq1L4FKxXEn9/7
VoGy6cyQWwFUZ27lIcSGLeUhSolrtDofHPwKe8YB12bTXPhxjNYs+4iYWF0ZScOE
Wr9Jx7mKecNQ+jD5iEP2Ne7tzqSPSDZGzwkvifz+dmHT5L9hx6Pu916xp6/kzVg1
up31EcoQOn1N/ZHjC9VgGmyOgdA5ENHKNPhzcYp2CrJSadBHQHeINfwbRLdzLjVl
Nnt+YSShqakxvZhNmTex
=Wfyl
-----END PGP SIGNATURE-----

128
share/security/advisories/FreeBSD-EN-15:10.iconv.asc Normal file
View file

@ -0,0 +1,128 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:10.iconv Errata Notice
The FreeBSD Project
Topic: Improved iconv(3) UTF-7 support
Category: core
Module: libc/iconv
Announced: 2015-06-30
Credits: Tijl Coosemans
Affects: FreeBSD 10.x
Corrected: 2015-06-02 09:42:00 UTC (stable/10, 10.1-STABLE)
2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The iconv(3) API allows converting text data from one character set
encoding to another. Applications first open a converter between two
encodings using iconv_open(3) and then convert text using iconv(3).
UTF-7 is a variable-length character encoding representing Unicode text
using a stream of ASCII characters.
II. Problem Description
A defect in the iconv(3) UTF-7 decoding process causes the end of base64
symbols ("-") to be treated as an incomplete character when they exist
at the end of the string.
III. Impact
Applications that use iconv(3) to decode UTF-7 may receive an incorrect
encoded result.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch
# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch.asc
# gpg --verify iconv.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r283908
releng/10.1/ r284985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/200398>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:10.iconv.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnue4P/2TGL5ucl/YypMQAcgDxRn77
3zky6DhJSWx0ydnoCsFNogiK2A9qdw6YHvYMyqwjcVTZ9NpjeXSOnuEgaD6SN9Xj
elIkvxPkbome8QDJAVsW+amqw1ipfJ4deN4XQqzbRTaNBd0Yo0jsC4S7zjVq+gwE
0EJ98vYQz8KfOFRW5Y1DlCS2OkapuGHPcxBJsRGoz5Y4Qe8KYDivRDZPJsrhbEWY
+QF+xjZ+ZDvCl6qBSVcYgsVNeMr6jHjmIS2BYSeWypKmI1LfPgZszOMCZsS/rvAs
DKsm9N7GcbMVCD0tUWSOQmN1jtfBEoYtgqoHg1/wg5/jTOlcVQgANVMF5p9jqo/Q
BGBUWfwQACZ4cJI/lXTqUt87Dg1n15JtU011nDCfbK4Ll9ZaYioAisqx2kXdUgBP
ojP3XMwoFtq2tJGJZLlIG3nWm3IatsOL+vtZxw6N4Y5PVksZeCctFikm7FhsCXjk
SCVSn3w+rLP1klWSCbqUUtpvRSMP3JZDH7auytvykUZ2pncKAzwhfb+TI9Qqnguk
RkSDUDnRvLEuwezZOAZ3lErVV/G38zyi6Hn/ODeO0Cg6w70XKdbuWqgf0z3etz7M
HiHk4dpVNO7S4Y12wNdin1XgXa94s08wyiY7bSGpDaqL22O6CHgd0B+NAsqUqJSx
lAsbtw23ytA4JwkVwIdf
=hK2X
-----END PGP SIGNATURE-----

13
share/security/patches/EN-15:08/sendmail-01.patch Normal file
View file

@ -0,0 +1,13 @@
Index: contrib/sendmail/src/sendmail.h
===================================================================
--- contrib/sendmail/src/sendmail.h (revision 284940)
+++ contrib/sendmail/src/sendmail.h (working copy)
@@ -1935,7 +1935,7 @@ struct termescape
/* server requirements */
#define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
- TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \
+ TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \
TLS_I_CACHE)
/* client requirements */

17
share/security/patches/EN-15:08/sendmail-01.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnDCgP/03Bv37NZRCd3fpZC8Og73t2
qFxR5glnHfXeNpAnI2p0Jmfvay4/ZHYEOIXQwS60wdnNElN00mudJ/D7RBVr5sGF
fjW68S3+z9vppBP4pWq4xhitDkA+Ko9zZmCojMOta3DTBhJzp825i8al03wQbViQ
Xgv7AhA52bsdXqcru83DfRDfXfUuf8BivgvuGoohfaVQYhAusrOlAXR9jij9mWJo
24Phs3gXlmOvRnjWiRfcmESCZdZJwDwUfBXk+cMFuEQo60bburyjqp+rCD4bt1lN
3zkRTLggBQefqLer78CP++A/PrLxLWajqRpZ0SvUny3HeWED8Yrp/8L3xc0H+Zfs
Eo5lmVvi3RLAzTWgAkdQOBddjvYoK5jmJBauFyiY/sQ/sti1HT7vavXPIRZFTWFQ
VM/+URwLudyAnIXqVn0iSuOrrjW5eQnchuEWYs6ar7qc375sa9um7idfif9kCq5j
5GvBILw1m6CVfeuW5dfL/Gwkz6ALx9yqSVQ10L3m5Ik7+hbCAkD+GnMK53OvQSjA
Kuw3nMDVHjdVVYZKYI7h8Ez25K2S9EoPARcmX9oikkeUYLR3s8PbLOikixltpRpp
viaHkskG4bvxY2b5SP64NRZowUqPP2EgVY/Mi11pPsr5cuQR+PTTv7mx0QUzJ862
m86CQtJ8so6TKWTO8bQb
=c8JT
-----END PGP SIGNATURE-----

58
share/security/patches/EN-15:09/xlocale.patch Normal file
View file

@ -0,0 +1,58 @@
Index: lib/libc/locale/setrunelocale.c
===================================================================
--- lib/libc/locale/setrunelocale.c (revision 284940)
+++ lib/libc/locale/setrunelocale.c (working copy)
@@ -202,6 +202,8 @@ __set_thread_rune_locale(locale_t loc)
if (loc == NULL) {
_ThreadRuneLocale = &_DefaultRuneLocale;
+ } else if (loc == LC_GLOBAL_LOCALE) {
+ _ThreadRuneLocale = 0;
} else {
_ThreadRuneLocale = XLOCALE_CTYPE(loc)->runes;
}
Index: lib/libc/locale/xlocale.c
===================================================================
--- lib/libc/locale/xlocale.c (revision 284940)
+++ lib/libc/locale/xlocale.c (working copy)
@@ -154,23 +154,24 @@ __get_locale(void)
static void
set_thread_locale(locale_t loc)
{
+ locale_t l = (loc == LC_GLOBAL_LOCALE) ? 0 : loc;
_once(&once_control, init_key);
- if (NULL != loc) {
- xlocale_retain((struct xlocale_refcounted*)loc);
+ if (NULL != l) {
+ xlocale_retain((struct xlocale_refcounted*)l);
}
locale_t old = pthread_getspecific(locale_info_key);
- if ((NULL != old) && (loc != old)) {
+ if ((NULL != old) && (l != old)) {
xlocale_release((struct xlocale_refcounted*)old);
}
if (fake_tls) {
- thread_local_locale = loc;
+ thread_local_locale = l;
} else {
- pthread_setspecific(locale_info_key, loc);
+ pthread_setspecific(locale_info_key, l);
}
#ifndef __NO_TLS
- __thread_locale = loc;
+ __thread_locale = l;
__set_thread_rune_locale(loc);
#endif
}
@@ -361,9 +362,6 @@ locale_t uselocale(locale_t loc)
{
locale_t old = get_thread_locale();
if (NULL != loc) {
- if (LC_GLOBAL_LOCALE == loc) {
- loc = NULL;
- }
set_thread_locale(loc);
}
return (old ? old : LC_GLOBAL_LOCALE);

17
share/security/patches/EN-15:09/xlocale.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnwpgQAI29DAkpuY6cD9vJNtVvD/BC
EeGcYGO+hq82b5QAVS1778ETaQOPZjPrVycj3o8pFjCdVTaCCVhutKbEVxojDTAj
pqPpTvBZqcAf9pfBL7mPGLjfF8gzKiLVwNMNxfs/uC++rWdebdVUMI3sWntnc85c
a8oplvXIBuXJHXOd2xNG2c6+Zdo4GJBAouUxMvkneUwS5Sw8sB+cMJt5UZ5lHbRH
qgekU+v4HLjurK10WWzBKN178y/+mOhvZ0gck0ft0BR4EZmaaFJqBYE6otUDz9MM
W9dG2e+Bfg5VmVhuVZMetIFPzLmhTQtwciGhp5JFT5lBzx2JyLlZ9mztDo6s+hwm
wsD8/Wf6xK0UbxLrlCi3cjNS/MKUmjjTJkFnbPnUljU3khmOjeGRkT3LZJL0eOft
U/UU+AzOOUKXLAgOWuYjaG6a3QB1aAB6dEPX5YpMfdsprM6r3D9mYWLF6b2ieD/2
QKZiQTUasJno5lXsyp6p/sEW59prPYOsWOtv5m65Tzjim+/rxX41w0vDTm8Ou2rh
yHfCJidFL6AzYZEWh6dS2AGS/EW0hgWtp5frOP65cfNlFHdXiZqv21Xq0IRchs+L
mYpWpxpzbdA7vk33tvolkv+TahgPCXML0waCucKEY9p8vRfl+wJo2vs3kqozl0jG
rzjVDz4t+4Kbr0LNm9aI
=BvyK
-----END PGP SIGNATURE-----

107
share/security/patches/EN-15:10/iconv.patch Normal file
View file

@ -0,0 +1,107 @@
Index: lib/libiconv_modules/UTF7/citrus_utf7.c
===================================================================
--- lib/libiconv_modules/UTF7/citrus_utf7.c (revision 284940)
+++ lib/libiconv_modules/UTF7/citrus_utf7.c (working copy)
@@ -62,8 +62,7 @@ typedef struct {
unsigned int
mode: 1, /* whether base64 mode */
bits: 4, /* need to hold 0 - 15 */
- cache: 22, /* 22 = BASE64_BIT + UTF16_BIT */
- surrogate: 1; /* whether surrogate pair or not */
+ cache: 22; /* 22 = BASE64_BIT + UTF16_BIT */
int chlen;
char ch[4]; /* BASE64_IN, 3 * 6 = 18, most closed to UTF16_BIT */
} _UTF7State;
@@ -154,12 +153,11 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
uint16_t * __restrict u16, const char ** __restrict s, size_t n,
_UTF7State * __restrict psenc, size_t * __restrict nresult)
{
- _UTF7State sv;
const char *s0;
int done, i, len;
+ *nresult = 0;
s0 = *s;
- sv = *psenc;
for (i = 0, done = 0; done == 0; i++) {
if (i == psenc->chlen) {
@@ -166,9 +164,6 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
if (n-- < 1) {
*nresult = (size_t)-2;
*s = s0;
- sv.chlen = psenc->chlen;
- memcpy(sv.ch, psenc->ch, sizeof(sv.ch));
- *psenc = sv;
return (0);
}
psenc->ch[psenc->chlen++] = *s0++;
@@ -257,34 +252,31 @@ _citrus_UTF7_mbrtowc_priv(_UTF7EncodingInfo * __re
*nresult = (size_t)_ENCODING_IS_STATE_DEPENDENT;
return (0);
}
- if (psenc->surrogate) {
- hi = (psenc->cache >> psenc->bits) & UTF16_MAX;
- if (hi < HISRG_MIN || hi > HISRG_MAX)
- return (EINVAL);
- siz = 0;
- } else {
- err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
- if (nr == (size_t)-1 || nr == (size_t)-2) {
- *nresult = nr;
- return (err);
- }
- if (err != 0)
- return (err);
- n -= nr;
- siz = nr;
- if (hi < HISRG_MIN || hi > HISRG_MAX) {
- u32 = (uint32_t)hi;
- goto done;
- }
- psenc->surrogate = 1;
+ err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
+ if (nr == (size_t)-1 || nr == (size_t)-2) {
+ *nresult = nr;
+ return (err);
}
+ if (err != 0)
+ return (err);
+ n -= nr;
+ siz = nr;
+ if (hi < HISRG_MIN || hi > HISRG_MAX) {
+ u32 = (uint32_t)hi;
+ goto done;
+ }
err = _citrus_UTF7_mbtoutf16(ei, &lo, s, n, psenc, &nr);
if (nr == (size_t)-1 || nr == (size_t)-2) {
+ psenc->chlen = 1; /* make get_state_desc return incomplete */
*nresult = nr;
return (err);
}
if (err != 0)
return (err);
+ if (lo < LOSRG_MIN || lo > LOSRG_MAX) {
+ *nresult = (size_t)-1;
+ return (EILSEQ);
+ }
hi -= HISRG_MIN;
lo -= LOSRG_MIN;
u32 = (hi << 10 | lo) + SRG_BASE;
@@ -297,7 +289,6 @@ done:
_citrus_UTF7_init_state(ei, psenc);
} else {
*nresult = siz;
- psenc->surrogate = 0;
}
return (err);
}
@@ -396,7 +387,7 @@ _citrus_UTF7_put_state_reset(_UTF7EncodingInfo * _
{
int bits, pos;
- if (psenc->chlen != 0 || psenc->bits > BASE64_BIT || psenc->surrogate)
+ if (psenc->chlen != 0 || psenc->bits > BASE64_BIT)
return (EINVAL);
if (psenc->mode) {

17
share/security/patches/EN-15:10/iconv.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rn5vIP/jsofR8DW12TqLeEURwBKF+S
mmUY4wQaCxDJQddAMRIEDHwWN0FPJnNn3sA7L40+c6iYnf1kTkK2Fimw733TAmsB
hEZujVoFP77QUsFVGm7iYzzRu4ck76riNonNlEw8kvt1VUhJjzxFPVjkh55wRM6D
T75JJD3VV78bfHN/umj437tsTe3wfH8el2nXXjTxyzRbucGZpz6EAkBYdnFc7PPu
bFrEFmNVs/tD0V5C5FdoxFLkuti84FfdZ42Ad9z4o+1H80adwMLL+1dLciutLdQt
7eHLGljdz9iDMlPhi3e8BCHM2Ij1QAa6L16BH43yTLaD/XMcM14HdwCwiNNl6YAr
Mc6PScRwGSjZAixgL1rMR1iFtlDndyRGg6KCNydH89xIHTb+SEdEC+I6pOPvX4yg
SAmzOwPsEGScslNbqxNeLkPlv70/zqnCihwN/8Z7M6yERYdWmfs8n8dhMBGc/UF5
1vw/lOfOZf1CR+KJmhQQgpFknnx2aStJXdzqsTm+Bdx5n09wdRzoRVqwiuvPEBt+
a+IInr9cybNdUeU3r+sobzuCcxfDDiRtoYtStoQ2vI7iGkuuwq8lulbBxvh1xzGH
xolOc6tXDDn7Ndvo+pmY83/C9qI0q3TOnqWjody97zqihs+yRJwN7xrrujgngpdy
FdClblODnEpnK3GmJsPE
=ZMx/
-----END PGP SIGNATURE-----

12
share/xml/notices.xml
View file

@ -10,6 +10,18 @@
<month>
<name>6</name>
<day>
<name>30</name>
<notice>
<name>FreeBSD-EN-15:10.iconv</name>
</notice>
<notice>
<name>FreeBSD-EN-15:09.xlocale</name>
</notice>
</day>
<day>
<name>18</name>