Date: Mon, 25 Jul 2016 15:04:17 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r303304 - in releng: 10.1 10.1/sys/conf 10.1/usr.bin/bsdiff/bspatch 10.1/usr.sbin/freebsd-update 10.2 10.2/sys/conf 10.2/usr.bin/bsdiff/bspatch 10.2/usr.sbin/freebsd-update 10.3 10.3/sy... Message-ID: <201607251504.u6PF4HKb058193@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Jul 25 15:04:17 2016 New Revision: 303304 URL: https://svnweb.freebsd.org/changeset/base/303304 Log: Fix bspatch heap overflow vulnerability. [SA-16:25] Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so Modified: releng/10.1/UPDATING releng/10.1/sys/conf/newvers.sh releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh releng/10.2/UPDATING releng/10.2/sys/conf/newvers.sh releng/10.2/usr.bin/bsdiff/bspatch/bspatch.c releng/10.2/usr.sbin/freebsd-update/freebsd-update.sh releng/10.3/UPDATING releng/10.3/sys/conf/newvers.sh releng/10.3/usr.bin/bsdiff/bspatch/bspatch.c releng/10.3/usr.sbin/freebsd-update/freebsd-update.sh releng/9.3/UPDATING releng/9.3/sys/conf/newvers.sh releng/9.3/usr.bin/bsdiff/bspatch/bspatch.c releng/9.3/usr.sbin/freebsd-update/freebsd-update.sh Modified: releng/10.1/UPDATING ============================================================================== --- releng/10.1/UPDATING Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.1/UPDATING Mon Jul 25 15:04:17 2016 (r303304) @@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p37 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p36 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. Modified: releng/10.1/sys/conf/newvers.sh ============================================================================== --- releng/10.1/sys/conf/newvers.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.1/sys/conf/newvers.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p36" +BRANCH="RELEASE-p37" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:17 2016 (r303304) @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); Modified: releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh ============================================================================== --- releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -1229,7 +1229,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi Modified: releng/10.2/UPDATING ============================================================================== --- releng/10.2/UPDATING Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.2/UPDATING Mon Jul 25 15:04:17 2016 (r303304) @@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p20 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p19 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. Modified: releng/10.2/sys/conf/newvers.sh ============================================================================== --- releng/10.2/sys/conf/newvers.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.2/sys/conf/newvers.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.2" -BRANCH="RELEASE-p19" +BRANCH="RELEASE-p20" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.2/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- releng/10.2/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.2/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:17 2016 (r303304) @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); Modified: releng/10.2/usr.sbin/freebsd-update/freebsd-update.sh ============================================================================== --- releng/10.2/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.2/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -1245,7 +1245,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi Modified: releng/10.3/UPDATING ============================================================================== --- releng/10.3/UPDATING Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.3/UPDATING Mon Jul 25 15:04:17 2016 (r303304) @@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p6 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p5 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. Modified: releng/10.3/sys/conf/newvers.sh ============================================================================== --- releng/10.3/sys/conf/newvers.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.3/sys/conf/newvers.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.3/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- releng/10.3/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.3/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:17 2016 (r303304) @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); Modified: releng/10.3/usr.sbin/freebsd-update/freebsd-update.sh ============================================================================== --- releng/10.3/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/10.3/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -1250,7 +1250,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Mon Jul 25 15:04:15 2016 (r303303) +++ releng/9.3/UPDATING Mon Jul 25 15:04:17 2016 (r303304) @@ -11,6 +11,14 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20160725 p45 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p44 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/9.3/sys/conf/newvers.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p44" +BRANCH="RELEASE-p45" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.3/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- releng/9.3/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:15 2016 (r303303) +++ releng/9.3/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 15:04:17 2016 (r303304) @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); Modified: releng/9.3/usr.sbin/freebsd-update/freebsd-update.sh ============================================================================== --- releng/9.3/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:15 2016 (r303303) +++ releng/9.3/usr.sbin/freebsd-update/freebsd-update.sh Mon Jul 25 15:04:17 2016 (r303304) @@ -1229,7 +1229,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607251504.u6PF4HKb058193>