From owner-svn-doc-all@freebsd.org Thu Dec 8 03:59:24 2016 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF9DAC6C7CE; Thu, 8 Dec 2016 03:59:24 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DD051FAB; Thu, 8 Dec 2016 03:59:24 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB83xNDX036935; Thu, 8 Dec 2016 03:59:23 GMT (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB83xNND036930; Thu, 8 Dec 2016 03:59:23 GMT (envelope-from glebius@FreeBSD.org) Message-Id: <201612080359.uB83xNND036930@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: glebius set sender to glebius@FreeBSD.org using -f From: Gleb Smirnoff Date: Thu, 8 Dec 2016 03:59:23 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49715 - in head/share/security: advisories patches/SA-16:37 X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 03:59:24 -0000 Author: glebius (src committer) Date: Thu Dec 8 03:59:23 2016 New Revision: 49715 URL: https://svnweb.freebsd.org/changeset/doc/49715 Log: Revised SA-16:37, addressing regressions from initial SA. Added: head/share/security/patches/SA-16:37/libc-inc.patch (contents, props changed) head/share/security/patches/SA-16:37/libc-inc.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-16:37.libc.asc head/share/security/patches/SA-16:37/libc.patch head/share/security/patches/SA-16:37/libc.patch.asc Modified: head/share/security/advisories/FreeBSD-SA-16:37.libc.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-16:37.libc.asc Wed Dec 7 19:03:09 2016 (r49714) +++ head/share/security/advisories/FreeBSD-SA-16:37.libc.asc Thu Dec 8 03:59:23 2016 (r49715) @@ -9,22 +9,27 @@ Topic: link_ntoa(3) buffer over Category: core Module: libc -Announced: 2016-12-06 +Announced: 2016-12-06, revised on 2016-12-08 Affects: All supported versions of FreeBSD. -Corrected: 2016-12-06 18:53:21 UTC (stable/11, 11.0-STABLE) - 2016-12-06 18:49:38 UTC (releng/11.0, 11.0-RELEASE-p4) - 2016-12-06 18:53:46 UTC (stable/10, 10.3-STABLE) - 2016-12-06 18:49:48 UTC (releng/10.3, 10.3-RELEASE-p13) - 2016-12-06 18:49:54 UTC (releng/10.2, 10.2-RELEASE-p26) - 2016-12-06 18:49:59 UTC (releng/10.1, 10.1-RELEASE-p43) - 2016-12-06 18:54:04 UTC (stable/9, 9.3-STABLE) - 2016-12-06 18:50:06 UTC (releng/9.3, 9.3-RELEASE-p51) +Corrected: 2016-12-07 23:19:46 UTC (stable/11, 11.0-STABLE) + 2016-12-07 23:29:42 UTC (releng/11.0, 11.0-RELEASE-p5) + 2016-12-07 23:20:26 UTC (stable/10, 10.3-STABLE) + 2016-12-07 23:31:07 UTC (releng/10.3, 10.3-RELEASE-p14) + 2016-12-07 23:32:42 UTC (releng/10.2, 10.2-RELEASE-p27) + 2016-12-07 23:34:06 UTC (releng/10.1, 10.1-RELEASE-p44) + 2016-12-07 23:20:50 UTC (stable/9, 9.3-STABLE) + 2016-12-07 23:35:15 UTC (releng/9.3, 9.3-RELEASE-p52) CVE Name: CVE-2016-6559 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history. + +v1.0 2016-12-06 Initial release. +v1.1 2016-12-08 Revised patches to address regressions. + I. Background The link_ntoa(3) function generates ASCII representation of a link-level @@ -73,10 +78,21 @@ FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. +[*** v1.1 NOTE ***] If your sources are not yet patched using the initially +published patch, then you need to apply libc.patch. If your sources are +already updated, or patched with patch from the initial advisory, then you +need to apply the incremental patch, named libc-inc.patch. + +[FreeBSD system, not patched with initial SA-16:37 patch] # fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch # fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch.asc # gpg --verify libc.patch.asc +[FreeBSD system, initial SA-16:37 patch already applied] +# fetch https://security.FreeBSD.org/patches/SA-16:37/libc-inc.patch +# fetch https://security.FreeBSD.org/patches/SA-16:37/libc-inc.patch.asc +# gpg --verify libc-inc.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -94,14 +110,14 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/9/ r309646 -releng/9.3/ r309637 -stable/10/ r309645 -releng/10.1/ r309636 -releng/10.2/ r309635 -releng/10.3/ r309634 -stable/11/ r309644 -releng/11.0/ r309633 +stable/9/ r309691 +releng/9.3/ r309697 +stable/10/ r309690 +releng/10.1/ r309696 +releng/10.2/ r309694 +releng/10.3/ r309693 +stable/11/ r309689 +releng/11.0/ r309692 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -118,22 +134,23 @@ VII. References + The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQIcBAEBCgAGBQJYRw1vAAoJEO1n7NZdz2rnk5sP/18NuTRoit3jfa1uHCYMyTOB -vOGtNtn5xs8NNY4wAdYx2cF3CscTZEWyQtXWsMWzXgbWI0KrWteacGDaDlFwraCu -9/TJmkCQC5FCfYsgQFOpOPtMl9W+gY2ZrmEPXsfc/smjvIas3fPCBjnoRM2qQlfc -25YIut+S6OFhm2XM42t/jljbLs6b/PJikeKt7kEEEjKKXWHNwLEYjbtEyelKxD1i -1IBVe4Run2RajERg99yCznAGGvRo2hbGmnV59kDAilanJK+s3pzCOBFdnKyZd/2l -Ie8B/fKEXRJyFgJF7A9eSuElTV5fCFfX05AC3PXMoi+GsVPQqhEpNb1FvJoANiFL -l61nbqkM5KEteIWvf1udHZo6kjhYY4YlvutXW7o41XaUhnaO3dC+4+VpfTycH/no -j8kVFS1Y9oun31TTZ/+aQqnCfozAMKFaZtrZI3UkSR1kjz5Z5Rqrc4isBhXXP1dQ -QC87THCyW2D1+E0LvMyJEWKtjGMd8OO5KZjvTxcmxDSrqEOn+yGT1Lp8G/NLuQ4D -zcarPPl2eE0bikvL/T/k7OdpplTDXoaCOHiMIr02WpbJwipw6HD4FZrg1IQu/Db9 -2cHihr/tS1mbr7k/VKUyIZvQQhZ9j72m4wwBk0CFEG8DeZtMeSum1xgLTEjUerHe -rWrKG2feWv//R0BvVNhu -=8y53 +iQIcBAEBCgAGBQJYSNoxAAoJEO1n7NZdz2rnQfQP/0oJ8WdTTVMpjEHRBQ7WbayB +f7Y8MeVFErNLL8caQDxRyiF/ex07m5m2morik84ggDTkHiWnllaP0H3MadivP9Ly +XspViMU73r49PmYTAsrMARyW2ncufgGpsvaEcVOVKEAiwcm0ATu7gnTf+cyrfWoe +k9HlTS18bN18zQ/FFSJPjmIsTh8Cb+cdF6SrVEt7bIcoVzZWMU/sDJP9JDnRFa3+ +o7bWDQg3kfA8k3XEzrL9FSO52Sr9jNslZGAaycFFQjxecgC/05mTbqPsJOpdhkaC +mfcARX/8+iwxsE/3h7R5OK6vsu6piUE6vi8HsnTwK7ZMz/IYkPpe4C9WroRYAG29 +mqBl+qdVElk/DXPgsz6F7PHqG3SUY3Kkn/bMGT4B3yLjNvWs4+pjh74uyvVLPKkQ +meQEs3VLl+c0VkpAxbieMS1KChJwBAKAD7Cevg83YfosC8/LFRoqS6kofjXjVqCd +dd0cSWyOE6y/eFy2187lncnz1BNW1Eg8AEH02vEkXOI5hrnhmO6t0cH9dQcj3nHa +6yULqFHJJJGsGqPD1/FkXjn7hAMKsMMROCGpY0txNVA2a3Z6zf593nZL7Vr1nPy7 +7C7/sKToSilR3OJGoSFxNlRHqkgb08dQOzsof/355M94baKw82QAULuQoOBYu0DU +PZ21bNtGfZSN4rThyVuQ +=Id1+ -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:37/libc-inc.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:37/libc-inc.patch Thu Dec 8 03:59:23 2016 (r49715) @@ -0,0 +1,43 @@ +--- lib/libc/net/linkaddr.c.orig ++++ lib/libc/net/linkaddr.c +@@ -125,7 +125,7 @@ + static char obuf[64]; + _Static_assert(sizeof(obuf) >= IFNAMSIZ + 20, "obuf is too small"); + char *out; +- const char *in, *inlim; ++ const u_char *in, *inlim; + int namelen, i, rem; + + namelen = (sdl->sdl_nlen <= IFNAMSIZ) ? sdl->sdl_nlen : IFNAMSIZ; +@@ -142,11 +142,11 @@ + } + } + +- in = (const char *)sdl->sdl_data + sdl->sdl_nlen; ++ in = (const u_char *)sdl->sdl_data + sdl->sdl_nlen; + inlim = in + sdl->sdl_alen; + + while (in < inlim && rem > 1) { +- if (in != (const char *)sdl->sdl_data + sdl->sdl_nlen) { ++ if (in != (const u_char *)sdl->sdl_data + sdl->sdl_nlen) { + *out++ = '.'; + rem--; + } +@@ -154,15 +154,14 @@ + if (i > 0xf) { + if (rem < 3) + break; ++ *out++ = hexlist[i >> 4]; + *out++ = hexlist[i & 0xf]; +- i >>= 4; +- *out++ = hexlist[i]; + rem -= 2; + } else { + if (rem < 2) + break; + *out++ = hexlist[i]; +- rem++; ++ rem--; + } + } + *out = 0; Added: head/share/security/patches/SA-16:37/libc-inc.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:37/libc-inc.patch.asc Thu Dec 8 03:59:23 2016 (r49715) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJYSNpCAAoJEO1n7NZdz2rnQhwQAIB9bWgYA4tn7fHwbpmEZrrz +9clKJ+DUrINrgjD4R5J52b2vTirwSX+jLhwcblDcFz85VeoIc8xDPpd8rvFa9znC +UZ2SBI0itfVZQkEGu+uEJE+9QdEr2jbwq1LIr3Ye3SECQJORlg11detvPEbNyDvm +20DrfR+BPFvDSGKGEbKvegGaPUTv+MYXx3Km4jiXDB/Bo7lUjmE/mdIZszskzJpM +AKx4moCR0Wep73vxGOhi2GArf+p4ZUe9eu0wdU/NTKzYH5DdjGnV+bNam2SdpgDT +rMfrvpUJ+uqdZ1cj7yCsPjuKzskKdWihOCD+vHS3rC00ggYCQv5gnnnyo08z4qRE +e0yU/4lj68i0X1E6gUIvATW7Y4r4EqX5xNl/nKfpgFQSqJRtZGbmlUH/7eni82Fh +W3BKZsUyTtZJIod+SlmEloOlsqpRpL+ePSKXv5e0vLq6pr4tdLFFrPaKsi+6AbFO +mfVSHGJIdB7WUaau34ymhpyb1SI1qrEoNNoYki6SNfuXsghgQKgghwl0cWpJEsUp +Atg+BQH7ea2sPQh9BXqsiSiUb6wuyi/JHeuBQ4pQcKzyf7RuyxaA7rtr2p0w+UBG +MRgceUP4H8XxCCltddq2WrNTB5dmac0t5ehYO8eJpQgtWPsl8yG5PldHkXWkhEa6 +gJVPBsoQJObVrkM/PXrl +=/W0I +-----END PGP SIGNATURE----- Modified: head/share/security/patches/SA-16:37/libc.patch ============================================================================== --- head/share/security/patches/SA-16:37/libc.patch Wed Dec 7 19:03:09 2016 (r49714) +++ head/share/security/patches/SA-16:37/libc.patch Thu Dec 8 03:59:23 2016 (r49715) @@ -8,7 +8,7 @@ #include #include -@@ -122,31 +123,47 @@ +@@ -122,31 +123,46 @@ link_ntoa(const struct sockaddr_dl *sdl) { static char obuf[64]; @@ -19,7 +19,7 @@ - int firsttime = 1; + _Static_assert(sizeof(obuf) >= IFNAMSIZ + 20, "obuf is too small"); + char *out; -+ const char *in, *inlim; ++ const u_char *in, *inlim; + int namelen, i, rem; - if (sdl->sdl_nlen) { @@ -44,31 +44,31 @@ - firsttime = 0; - else + -+ in = (const char *)sdl->sdl_data + sdl->sdl_nlen; ++ in = (const u_char *)sdl->sdl_data + sdl->sdl_nlen; + inlim = in + sdl->sdl_alen; + + while (in < inlim && rem > 1) { -+ if (in != (const char *)sdl->sdl_data + sdl->sdl_nlen) { ++ if (in != (const u_char *)sdl->sdl_data + sdl->sdl_nlen) { *out++ = '.'; + rem--; + } i = *in++; if (i > 0xf) { - out[1] = hexlist[i & 0xf]; -+ if (rem < 3) -+ break; -+ *out++ = hexlist[i & 0xf]; - i >>= 4; +- i >>= 4; - out[0] = hexlist[i]; - out += 2; - } else - *out++ = hexlist[i]; ++ if (rem < 3) ++ break; ++ *out++ = hexlist[i >> 4]; ++ *out++ = hexlist[i & 0xf]; + rem -= 2; + } else { + if (rem < 2) + break; -+ *out++ = hexlist[i]; -+ rem++; + *out++ = hexlist[i]; ++ rem--; + } } *out = 0; Modified: head/share/security/patches/SA-16:37/libc.patch.asc ============================================================================== --- head/share/security/patches/SA-16:37/libc.patch.asc Wed Dec 7 19:03:09 2016 (r49714) +++ head/share/security/patches/SA-16:37/libc.patch.asc Thu Dec 8 03:59:23 2016 (r49715) @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIcBAABCgAGBQJYRw1vAAoJEO1n7NZdz2rnH2QP/jQF/xtjDHJoEKk3h6DGZUC4 -GM27jneyYt/SWbGVHchYhD6y+67304OeUCZ7N6aEUI3cVgoZObDuVNoNrtfBnSPB -gTtAOUQchlF0ZP/TKZSrONz6Pz+1R/N9QryJSDYr3KUsLDuU6I2nob7kR+Iwxn1V -pX8MakPMSOUH8tHHpXlQySN8rjobtiCdvulDyi0IX92Ajdq7fqLlu2oiHsMYdtfW -hzWahmHJZUFe0CqLc+78vGB5WTsIXcwSfrkq5MVy8hDlbtmFrgyXcReEBnXSw+kC -Y751w+W674Cck/60inzA3is7Iy84/yE0fGuBmFWPhOatTbVqI6dG+gK0CqlzW8g7 -M9ven4K9S9vO52oMSlQJi1VGx66r1P4+7RpiqIC6GFpBZ4ItEYvD4/SP3y75eIGD -LRSzV+LHJarwNslznAFWxg0rWoHbOhH2x0XT2Ve7rXXm4jzIMTL6LSczYlppQ6d2 -DBfyFHykY4iA0VbSBJYXueQrDHc4njJnr4Kl1ZSOZq9HhUbwVcVM0Wse+ZZJ7veQ -Xe83iqX6+bbRM8GFLtSw/mJa1h+TMW6N8T/qQXdokYCpVASLDnwfLinqkeC1mh+H -Wr5kf9pbrBTLcnR/LRnVDZ9ySN6AaZdbLea+7RnPZ46MyQIG14yIvJMPk1LnQB9L -dO+RStwsKHuz2O37ENqi -=lrl6 +iQIcBAABCgAGBQJYSNpCAAoJEO1n7NZdz2rn878P/Apo2QqeYGpvg35269V/BSL/ +jV42W8llFJ+5sxieWMgxTX3RxymwqhxZPQU6gFoBadnESWo/Z00mtNHygP7JIkDZ +SKmOBJl2uZDuZpXAwt2wpKqzYixBAzA19R7gxHI9nXU9CiAG4Ql+EAD99QbUZhPf +CjELbPmYwdkt77QrRJXdUZd+vUV3QkvB/4B+eww+aoaG5pTZ1IVjO45PXQn4FDsW +04UNYlvgKXQCpEBDYKbsht1B75JCrlvgMpG0KBeDzVMtWxLcTtj8l4U4HH70N6Jx +OTcvyCuzRMNltKVEcl5j8HX8YbHq8cGSzdbtKXbCrP4BHGjNJpL9ZGZyZt0DpwI1 +/vjij8ChpMUH9g+lrIGZF6WvXaY3L4OInldtUvBuYuVuJMiXiR2WuRJSzyMHVgxN +2+k3+wgkwPHwJ24UTu+pj0GJ/e7HdWTEUK+Ox6m/+ynj69jlRoUipf1JrFMCsBVh +BfoPZdYEXjy2Y8hAs4ybQvufFdBs/A7G+xHR4qgQ7XxnTaCTR3GObHAvp1ytHj19 +J1nHjPoF7t9wq7ZBOXJNJGtZ4T1S5E5POtXQvxXm/pk+I9JqauESUDyBkhaStEJB +O+g0cS3G51tJpcfhEnaNQnFeI20NIXkqeqGZSDdCMHXseWzJuWqux7xKICv0iA2x +Sc88sLhCDB/Hu+VGm5DX +=hvSq -----END PGP SIGNATURE-----