Date: Tue, 3 Jun 2014 19:32:05 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r45000 - in head/share: security/advisories security/patches/EN-14:06 security/patches/SA-14:11 security/patches/SA-14:12 security/patches/SA-14:13 xml Message-ID: <201406031932.s53JW5aO041679@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jun 3 19:32:04 2014 New Revision: 45000 URL: http://svnweb.freebsd.org/changeset/doc/45000 Log: Add 3 latest advisories and 1 errata: Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix ktrace memory disclosure. [SA-14:12] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Added: head/share/security/advisories/FreeBSD-EN-14:06.exec.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-14:11.sendmail.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-14:12.ktrace.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-14:13.pam.asc (contents, props changed) head/share/security/patches/EN-14:06/ head/share/security/patches/EN-14:06/exec-10.0.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-10.0.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-10.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-10.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-8.4.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-8.4.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-8.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-8.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-9.1.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-9.1.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-9.2.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-9.2.patch.asc (contents, props changed) head/share/security/patches/EN-14:06/exec-9.patch (contents, props changed) head/share/security/patches/EN-14:06/exec-9.patch.asc (contents, props changed) head/share/security/patches/SA-14:11/ head/share/security/patches/SA-14:11/sendmail.patch (contents, props changed) head/share/security/patches/SA-14:11/sendmail.patch.asc (contents, props changed) head/share/security/patches/SA-14:12/ head/share/security/patches/SA-14:12/ktrace.patch (contents, props changed) head/share/security/patches/SA-14:12/ktrace.patch.asc (contents, props changed) head/share/security/patches/SA-14:13/ head/share/security/patches/SA-14:13/pam-freebsd10.patch (contents, props changed) head/share/security/patches/SA-14:13/pam-freebsd10.patch.asc (contents, props changed) head/share/security/patches/SA-14:13/pam-freebsd9.patch (contents, props changed) head/share/security/patches/SA-14:13/pam-freebsd9.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-14:06.exec.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-14:06.exec.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,163 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-14:06.exec Errata Notice + The FreeBSD Project + +Topic: triple-fault when executing from a threaded process + +Category: core +Module: kern +Announced: 2014-06-03 +Credits: Ivo De Decker and Debian GNU/kFreeBSD porters +Affects: All supported versions of FreeBSD. +Corrected: 2014-05-23 09:29:04 UTC (stable/10, 10.0-STABLE) + 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) + 2014-05-23 11:56:32 UTC (stable/9, 9.2-STABLE) + 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) + 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) + 2014-05-23 09:48:42 UTC (stable/8, 8.4-STABLE) + 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) +CVE Name: CVE-2014-3880 + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:http://security.freebsd.org/>. + +I. Background + +The execve and fexecve system calls transforms the calling process into a +new process, constructed from an ordinarty file. + +When executing a new process, the FreeBSD virtual memory subsystem tries to +optimize the process by avoiding destroying the old virtual memory address +space when the calling process do not share its address space with another +process (for instance, via rfork(2) with RFMEM) and when the new min/max +address limit stays the same. In the optimized scenario, the virtual memory +subsystem only removes usermode mappings from the existing virtual memory +address space instead of destroying and recreating it. + +II. Problem Description + +When the virtual memory address space is recreated for the calling process, +the old virtual memory address space as well as its associated mappings are +destroyed before thread_single(9) boundary, where threads were allowed to +run to safely terminate. If such threads were on other CPUs, the old page +table pointer may still be referenced. + +III. Impact + +The system will crash when this happens due to a triple-fault triggered by +dereferencing an invalid page table pointer. + +IV. Workaround + +No workaround is available, but systems that do not run binaries that are +of different bit-ness (e.g. 32-bit and 64-bit binaries) are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 8.4] +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-8.4.patch +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-8.4.patch.asc +# gpg --verify exec-8.4.patch.asc + +[FreeBSD 9.1] +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.1.patch +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.1.patch.asc +# gpg --verify exec-9.1.patch.asc + +[FreeBSD 9.2] +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.2.patch +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-9.2.patch.asc +# gpg --verify exec-9.2.patch.asc + +[FreeBSD 10.0] +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-10.0.patch +# fetch http://security.FreeBSD.org/patches/EN-14:06/exec-10.0.patch.asc +# gpg --verify exec-10.0.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +3) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r266583 +releng/8.4/ r267019 +stable/9/ r266585 +releng/9.1/ r267018 +releng/9.2/ r267018 +stable/10/ r266582 +releng/10.0/ r267017 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://bugs.debian.org/743141>; + +<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3880>; + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-14:06.exec.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnNcIQANX2RW/Yeuso43ziviT10iH9 +IBd0Ibazfq4HIVANEGfBF9pkL7vQ4VZzzWJBZEA6r/0qDMVO0mMoFA2/SDAB3oCO +Wjc2TF/FLNPlrYamO1Comb1lKG8nmXj3C+AEEOyzlxDBLIH4cEuCX6yBbjZgjeuz +eYTmFWqiMBwjOctZSFzmaZjaG0EtUIig8ELkPePXBP+zGZiBlBRpLuXWTUuRTT1T +I8YbhEhlvw7rZmtK7rq5uRFfFclmFCC1cYRxKb9o+9tXUL9Qq6q0740hAG/I1HJU +s7M3gvQZNhFa6B8fC2XbBwe1g51pfcxRkU8ZZ0kIU4064r9CP9In9InmcFKrfZTo +xNYNiV9/8rY2lHts6cXZgfrJQLfEWzYghlKVBBZpd8syVjt8ozA08YAD4RAzGAsb +s1cwI9ZCpc9ak6kd9xvDV/ZUmJLE3XS8HkogUd/RBYiu0GTn6MsCIc/pnOpAL1Cq +BWLmWS8vDT4rcuC828L2VmdfLjrdWcr9DHreiW7xxCX4O+/ktOT43PrgQtjd/mf+ +i0k9OAJRwdoh92ylLkEJqm3kugoDGxOITKHvo2dx+g2ySukIzTv0BCNT9EAJ0kX+ +i4G0eyGNTsIycZcokil1rUzk2giNLa5yqKOZNzPZ3EA7U/knuXDN1rdN0OzrqncY +WZlllko53SvpSDli15vp +=A9nK +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-14:11.sendmail.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-14:11.sendmail.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-14:11.sendmail Security Advisory + The FreeBSD Project + +Topic: sendmail improper close-on-exec flag handling + +Category: contrib +Module: sendmail +Announced: 2014-06-03 +Affects: All supported versions of FreeBSD. +Corrected: 2014-05-26 15:35:11 UTC (stable/10, 10.0-STABLE) + 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) + 2014-05-26 20:10:00 UTC (stable/9, 9.3-PRERELEASE) + 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) + 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) + 2014-05-26 15:30:27 UTC (stable/8, 8.4-STABLE) + 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +FreeBSD uses file descriptor as an abstract indicator for accessing a file. +Upon execve(2), file descriptors open in the calling process image remain +open in the new process image, except for those for which the close-on-exec +flag is set. + +II. Problem Description + +There is a programming error in sendmail(8) that prevented open file +descriptors have close-on-exec properly set. Consequently a subprocess +will be able to access all open files that the parent process have open. + +III. Impact + +A local user who can execute their own program for mail delivery will be +able to interfere with an open SMTP connection. + +IV. Workaround + +Do not allow untrusted users to specify programs for mail delivery, for +instance, procmail. + +Systems that do not use sendmail(8) MTA are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch +# fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch.asc +# gpg --verify sendmail.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +3) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r266693 +releng/8.4/ r267019 +stable/9/ r266711 +releng/9.1/ r267018 +releng/9.2/ r267018 +stable/10/ r266692 +releng/10.0/ r267017 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:11.sendmail.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnMxgP/0N9dTCKztkx92+Er1riKEns +k0dfQswsTn2BwKzqIwiuzYcC9YFuBbU/ydfhIy3CGHJoZXd98sl0IZkWok7N7gYb +N46aSyMypHh5RtoxtRm7aLhmKSBXiXhygwoeV8HW5fBhgZG544BQ+zs3wDWL/Y4J +sfTEV4C254hm8+loCjtg+WIoFDtaYFWTWCUm1Yhxb1puN5scCNNgbvqvmhmrCLtb +n/AoWUvqQi8B7tu2YafbG+BE8qaLC+tGpqC4mF3NxtNUX++4HMC6ZhbcOaa2PKrk +kepReV/zdc3DaZ0e0KsiwFBiWMe9NW0RjHaZeDe3wzbX9fer2WjoOszLw7xLo/8s +GPZwI+fPRysKGRXeW+0Bp3itbHYAFUhS5PttZQcGqzFKIRNLdVcAIMsj/+j32/LM +vVw3e1NpsIhpxqIorxJEwuBxr4SWzCY26TbJVG+jWqEzhaRgjgpW+TZ2bhW3EDKm +CNnngufJzh54/rEKolWxntyiw442JRpcPvumiUiH9WmRHipkCrMttQGA9TfjUy0u +diQFs/nWNa9YeUkF1jB7eMFoJubg5d/7/gDFPbHMvgjP7kN75k1TmeyzrBVUuplH +ek+XMzxkWYPStw1QHub94VpKhVm7fjvLrq2+2bfdQnM7bRbgwdA66jSwqVQ569Hr +oOFXJjVfz279BMqszAsw +=JUzV +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-14:12.ktrace.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-14:12.ktrace.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-14:12.ktrace Security Advisory + The FreeBSD Project + +Topic: ktrace kernel memory disclosure + +Category: core +Module: kern +Announced: 2014-06-03 +Credits: Jilles Tjoelker +Affects: FreeBSD 8.4, FreeBSD 9.1 and FreeBSD 9.2 +Corrected: 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1) + 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1-p1) + 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) + 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) + 2014-06-03 19:02:42 UTC (stable/8, 8.4-STABLE) + 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) +CVE Name: CVE-2014-3873 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +The ktrace utility enables kernel trace logging for the specified processes, +commonly used for diagnostic or debugging purposes. The kernel operations +that are traced include system calls, namei translations, signal processing, +and I/O as well as data associated with these operations. + +The utility may be used only with a kernel that has been built with the +``KTRACE'' option in the kernel configuration file, which is enabled by +default. + +II. Problem Description + +Due to an overlooked merge to -STABLE branches, the size for page fault +kernel trace entries was set incorrectly. + +III. Impact + +A user who can enable kernel process tracing could end up reading the +contents of kernel memory. + +Such memory might contain sensitive information, such as portions of the +file cache or terminal buffers. This information might be directly +useful, or it might be leveraged to obtain elevated privileges in some +way; for example, a terminal buffer might include a user-entered +password. + +IV. Workaround + +The system administrator may set sysctl security.bsd.unprivileged_proc_debug +to 0 to prevent non-privileged users from using all process debugging +facilities provided by the kernel, that includes ktrace functionality. +Please note that this flag have broad effect and may break applications, +as some of them may rely on certain debugging facilities to function. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-14:12/ktrace.patch +# fetch http://security.FreeBSD.org/patches/SA-14:12/ktrace.patch.asc +# gpg --verify ktrace.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r267016 +releng/8.4/ r267019 +stable/9/ r267015 +releng/9.1/ r267018 +releng/9.2/ r267018 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3873>; + +The latest revision of this advisory is available at +<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:12.ktrace.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnIfQP/0kHBNvnNUiZ+1OWo5fMDg3N +Oe7UdrvnfyeXlgw5bP4t0qwbTpn0kVYL2dfr3bxhkT1w7oF/xQjbcosx/DbzPZZs +VtlAGQYh0CvOXcUZmh+COuRfcy2wkr1kKFlc2bGQVTq1uzKS+vceqA3619IWMnJO +b6ClzFnn+0hk6BrUd8xdvoiYIF2RG+zcw7CxuoBQrzPYA9iO/S4ACmxzfTIgRcAD +ZLGXfUEw3wlftfg605H1iV9xKm4FDUGr9qoL4W0UmYmmTmU4Z71yXSzX3A53qlRg +Xd1Grw2K+zhaKaV6xL+mqox0nzSKiYuNf/ZguB5+x9ZA14ck7NtCYg6up1fgh7Ms +pznVb8/GCc+IPdWJGXpSz6yFhl/MJc6mTOi+L0gOGvNKp0raNHelCpxlqavGt/tv +9Niv791FK32S8ynlP0yKRvd8Hzq4b185ehWuGWbQO8bEHljqhOyZDhysBYYWdgFi +0KG16lJopCbMPPPBVb4zfsFBvokr31m2w+/xsDD+hmaXa6C9bHIvHpuyJep4q02E +4NOoVr1x8dO5s7yVk7bNZx0WFCDYZ/DLMycLjEftHog7iq4nw29HW/Mt/rPgJWOf +NiO0GEJ1XucJ1ShV/OC0B+69mFx9OsOI8kDNLE4l9oqGu2UqcZ/W0Dsa9PPl+ec+ +njyksdL+yqvx9kF8fnJ0 +=46Yf +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-14:13.pam.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-14:13.pam.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-14:13.pam Security Advisory + The FreeBSD Project + +Topic: Incorrect error handling in PAM policy parser + +Category: contrib +Module: pam +Announced: 2014-06-03 +Credits: Peter Wemm, Dag-Erling Smørgrav +Affects: FreeBSD 9.2 and later. +Corrected: 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1) + 2014-06-03 19:02:33 UTC (stable/9, 9.3-BETA1-p1) + 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) + 2014-06-03 19:02:18 UTC (stable/10, 10.0-STABLE) + 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) +CVE Name: CVE-2014-3879 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. It is +used not only in the base system, but also by a large number of +third-party applications. + +Various authentication methods (UNIX, LDAP, Kerberos etc.) are +implemented in modules which are loaded and executed according to +predefined, named policies. These policies are defined in +/etc/pam.conf, /etc/pam.d/<policy name>, /usr/local/etc/pam.conf or +/usr/local/etc/pam.d/<policy name>. + +The PAM API is a de facto industry standard which has been implemented +by several parties. FreeBSD uses the OpenPAM implementation. + +II. Problem Description + +The OpenPAM library searches for policy definitions in several +locations. While doing so, the absence of a policy file is a soft +failure (handled by searching in the next location) while the presence +of an invalid file is a hard failure (handled by returning an error to +the caller). + +The policy parser returns the same error code (ENOENT) when a +syntactically valid policy references a non-existent module as when +the requested policy file does not exist. The search loop regards +this as a soft failure and looks for the next similarly-named policy, +without discarding the partially-loaded configuration. + +A similar issue can arise if a policy contains an include directive +that refers to a non-existent policy. + +III. Impact + +If a module is removed, or the name of a module is misspelled in the +policy file, the PAM library will proceed with a partially loaded +configuration. Depending on the exact circumstances, this may result +in a fail-open scenario where users are allowed to log in without a +password, or with an incorrect password. + +In particular, if a policy references a module installed by a package +or port, and that package or port is being reinstalled or upgraded, +there is a brief window of time during which the module is absent and +policies that use it may fail open. This can be especially damaging +to Internet-facing SSH servers, which are regularly subjected to +brute-force scans. + +IV. Workaround + +If your system uses customized PAM policies, carefully review your +policies to ensure that all module names are spelled correctly. + +If your system uses third-party authentication modules, either refrain +from upgrading those modules until you have patched your system, or +shut down the affected services before upgrading. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 9.2] +# fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd9.patch +# fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd9.patch.asc +# gpg --verify pam-freebsd9.patch.asc + +[FreeBSD 9.3 and 10.0] +# fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd10.patch +# fetch http://security.FreeBSD.org/patches/SA-14:13/pam-freebsd10.patch.asc +# gpg --verify pam-freebsd10.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all deamons using the library, or reboot the system. + +3) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r267015 +releng/9.2/ r267018 +stable/10/ r267014 +releng/10.0/ r267017 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879>; + +The latest revision of this advisory is available at +<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:13.pam.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnx90P/je9ArC02N90sK//UauenbXV +BJCNh1WRSVE3hoxgVyPC0R+6Ts6J9At42ANUHXHVxipA2Qpu2UKf+/c3JreSuSGs +6rgAj1TPZEideQInTs9qCJWr6f/M2aPlYCF8iHuuLMJTO35wfVYQENDaFJmebKoI +fKkVvTh8ig2cgJWe7RZxd+Y4tPxKZb5ix5jV+xFjDPrmzVgSCUVpW0GrD7qWOg1W +25Ysx+LLBr03guDnFd9RodObWoNZ+aFxuvkKELmjUKva7xRSEw6PfwPCpLp9/83Q +HDVlkw0jH+0sF1SY7V+GUvQriPNpwyGNEOfDvL47gnlN/Z7HOZ0hYlVuYw4QYGv5 +l5PZOL5eFC6xl88fn+ypKQwGDdzpM4i+svBy//2CW17luU31L4F/cde+yCxsEJB5 +JXNhVTYe2z+ACfSs+Oxzk5uGI1f9FhvTzIyoO26Coq6e2Nk2633451kRgdPNxoAP +kMimT2Mle/1kqupLirGi44lEyUYV9As2AhnLBFFUXTnESlWVe6q0N0Rb8G6D2jcR +0m5hccsS2HcysUtSIP8ADB6LlSgH+bKP2FUFopdjQUx3J+/KQ5kl6L/UhOOr1Hag +4PdoCPpR15s2CaICmu5HkDtGNkZQV7xdN6TLcksJHXRshISlbzZjlaNyrbu6oJu9 +nz3mhzGz1ZH6l7kuNYXD +=qUxk +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-14:06/exec-10.0.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-10.0.patch Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,66 @@ +Index: sys/kern/kern_exec.c +=================================================================== +--- sys/kern/kern_exec.c (revision 266979) ++++ sys/kern/kern_exec.c (working copy) +@@ -283,6 +283,7 @@ kern_execve(td, args, mac_p) + struct mac *mac_p; + { + struct proc *p = td->td_proc; ++ struct vmspace *oldvmspace; + int error; + + AUDIT_ARG_ARGV(args->begin_argv, args->argc, +@@ -299,6 +300,8 @@ kern_execve(td, args, mac_p) + PROC_UNLOCK(p); + } + ++ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); ++ oldvmspace = td->td_proc->p_vmspace; + error = do_execve(td, args, mac_p); + + if (p->p_flag & P_HADTHREADS) { +@@ -313,6 +316,12 @@ kern_execve(td, args, mac_p) + thread_single_end(); + PROC_UNLOCK(p); + } ++ if ((td->td_pflags & TDP_EXECVMSPC) != 0) { ++ KASSERT(td->td_proc->p_vmspace != oldvmspace, ++ ("oldvmspace still used")); ++ vmspace_free(oldvmspace); ++ td->td_pflags &= ~TDP_EXECVMSPC; ++ } + + return (error); + } +Index: sys/sys/proc.h +=================================================================== +--- sys/sys/proc.h (revision 266979) ++++ sys/sys/proc.h (working copy) +@@ -966,4 +966,5 @@ curthread_pflags_restore(int save) + + #endif /* _KERNEL */ + ++#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ + #endif /* !_SYS_PROC_H_ */ +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 266979) ++++ sys/vm/vm_map.c (working copy) +@@ -3725,6 +3725,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + struct vmspace *oldvmspace = p->p_vmspace; + struct vmspace *newvmspace; + ++ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, ++ ("vmspace_exec recursed")); + newvmspace = vmspace_alloc(minuser, maxuser, NULL); + if (newvmspace == NULL) + return (ENOMEM); +@@ -3741,7 +3743,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + PROC_VMSPACE_UNLOCK(p); + if (p == curthread->td_proc) + pmap_activate(curthread); +- vmspace_free(oldvmspace); ++ curthread->td_pflags |= TDP_EXECVMSPC; + return (0); + } + Added: head/share/security/patches/EN-14:06/exec-10.0.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-10.0.patch.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAABCgAGBQJTjiErAAoJEO1n7NZdz2rnKXEQAJxIZgrVrGZobVSEztzpE8hT +yFcp2Yd0AZesA0glaqBaReEyDxpyKXvDDX33q3nFc+C5rhOePZXp5zw0e4MLT/DX +hGxBp9/sbji+w7soUdL25y5h6QfY19LK1WwJlI4+6CNQUGVvN/bN/uF0vyaiTk1k +9j5Twmtb31hsbpJNwHL6D7+K2vSd5hrMBxaozTn9TOBDzI0KS19NUp6Xt1CrpkAL +NmM65tD1PZ9flsoXqsUBdENydrIEH8XrCovwPXzYipUnqeEvl6VGS5D7U3t/m/SC +bh8v1mK6Ipt7YLJ0HducqO643XkG7n01pJKY8LIXEX1x0yVLI+hLqvSIfPjEza1j +kNs289QiWX3FG7k0ufucnd8tGbaZ5gyrJuA2OWERZurEDPoGYkHxz4cMPXKoTSw+ +ZX4h/mz8zvNGak9Jy6xStWAMGG1FdnrPAWDddNb1aOQJCdx3Ur+fOOTkrYT76JHA +k8iWI44rmBL0BFqkJk/LbcA2NI43pKN/WEVAgufi06yK3poQzV93WyunZ/iBJJVO +boz6F+cCG023r8Obq1jMv7qi+seuUL8pi8PxlYqWeye6xtOKc1Utm6yHJyFmLFN0 +4OmVxgOneS5jcn4IV/F0WNuuRLshTEjpcOKxf9qn2Izll219ikZZtiCD4U5FN0hL +910LWVL+ek6GRdVOyRwg +=fRaC +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-14:06/exec-10.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-10.patch Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,77 @@ +Index: sys/sys/proc.h +=================================================================== +--- sys/sys/proc.h (revision 266581) ++++ sys/sys/proc.h (revision 266582) +@@ -425,6 +425,7 @@ do { \ + #define TDP_NERRNO 0x08000000 /* Last errno is already in td_errno */ + #define TDP_UIOHELD 0x10000000 /* Current uio has pages held in td_ma */ + #define TDP_DEVMEMIO 0x20000000 /* Accessing memory for /dev/mem */ ++#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ + + /* + * Reasons that the current thread can not be run yet. +Index: sys/kern/kern_exec.c +=================================================================== +--- sys/kern/kern_exec.c (revision 266581) ++++ sys/kern/kern_exec.c (revision 266582) +@@ -283,6 +283,7 @@ kern_execve(td, args, mac_p) + struct mac *mac_p; + { + struct proc *p = td->td_proc; ++ struct vmspace *oldvmspace; + int error; + + AUDIT_ARG_ARGV(args->begin_argv, args->argc, +@@ -299,6 +300,8 @@ kern_execve(td, args, mac_p) + PROC_UNLOCK(p); + } + ++ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); ++ oldvmspace = td->td_proc->p_vmspace; + error = do_execve(td, args, mac_p); + + if (p->p_flag & P_HADTHREADS) { +@@ -313,6 +316,12 @@ kern_execve(td, args, mac_p) + thread_single_end(); + PROC_UNLOCK(p); + } ++ if ((td->td_pflags & TDP_EXECVMSPC) != 0) { ++ KASSERT(td->td_proc->p_vmspace != oldvmspace, ++ ("oldvmspace still used")); ++ vmspace_free(oldvmspace); ++ td->td_pflags &= ~TDP_EXECVMSPC; ++ } + + return (error); + } +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 266581) ++++ sys/vm/vm_map.c (revision 266582) +@@ -3751,6 +3751,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + struct vmspace *oldvmspace = p->p_vmspace; + struct vmspace *newvmspace; + ++ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, ++ ("vmspace_exec recursed")); + newvmspace = vmspace_alloc(minuser, maxuser, NULL); + if (newvmspace == NULL) + return (ENOMEM); +@@ -3767,7 +3769,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + PROC_VMSPACE_UNLOCK(p); + if (p == curthread->td_proc) + pmap_activate(curthread); +- vmspace_free(oldvmspace); ++ curthread->td_pflags |= TDP_EXECVMSPC; + return (0); + } + +Index: . +=================================================================== +--- . (revision 266581) ++++ . (revision 266582) + +Property changes on: . +___________________________________________________________________ +Modified: svn:mergeinfo + Merged /head:r266464 Added: head/share/security/patches/EN-14:06/exec-10.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-10.patch.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAABCgAGBQJTjiErAAoJEO1n7NZdz2rnohMQAIzPJ9eBbU4Xdrk5QVHXIFYa +CFeHZM1JOSaNv/XLXXVIvLbZF8m5Egdskj8+PPbn4+cO6c1QhyNRAt/lcc+2Fqpb +w011aG2zTMNCJCTnU26l68cB//MmeWeu6RI2BvSDh6zQlluy9NPrONnSvhb8Y8tM +LZr9c4CVoe0esDTs06X6/0p2f1OStRpIH8hgNI+0OK1DAkL45XcJF5s4PdIkPIgM +0VzSXz93cxTMFAwbWzFNoo+JPM9AFtweUyVQ3vLFCLOSn198IAHrlYCvAoKsoRjI +kv69njIKpzKlRiD98PQxKjVSnMrZ9VcCtSXfEZgDzeBjrNMx7GpBCsVNkL3WHbDa +EgmoBb35mpKDkJ3SMMCDRIYOMTbmESek2Fgj2/u1n3ypNTE54VHevDCeb03+xnag +i3la3eBcRJ49QJcSWRci5S4FjiMX5ujdH6tLYJq1dz2qnqla3GV5jPM8ph6ZY5ZA +Keqf1eieQPaHL+7wfuRBeeDk4KXK7YYtj2/V9DDFuf7PndArHQx72tJjPamcgaEy +CoICjTEFwDHlyN0yJlNe0EWNaC5ItR6zdHEAcs7j9Jsgfn5AAfa+rhg90KuiBVjF +wnXIdWYfiUS65VHVgSO/x/n2/wOoF0Ky9v2CFMoDx5P6/2CCHadY8KcxiVRJs89M +epY+RFb27pmmbTIbV5P+ +=Lp2V +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-14:06/exec-8.4.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-8.4.patch Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,66 @@ +Index: sys/kern/kern_exec.c +=================================================================== +--- sys/kern/kern_exec.c (revision 266979) ++++ sys/kern/kern_exec.c (working copy) +@@ -278,6 +278,7 @@ kern_execve(td, args, mac_p) + struct mac *mac_p; + { + struct proc *p = td->td_proc; ++ struct vmspace *oldvmspace; + int error; + + AUDIT_ARG_ARGV(args->begin_argv, args->argc, +@@ -294,6 +295,8 @@ kern_execve(td, args, mac_p) + PROC_UNLOCK(p); + } + ++ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); ++ oldvmspace = td->td_proc->p_vmspace; + error = do_execve(td, args, mac_p); + + if (p->p_flag & P_HADTHREADS) { +@@ -308,6 +311,12 @@ kern_execve(td, args, mac_p) + thread_single_end(); + PROC_UNLOCK(p); + } ++ if ((td->td_pflags & TDP_EXECVMSPC) != 0) { ++ KASSERT(td->td_proc->p_vmspace != oldvmspace, ++ ("oldvmspace still used")); ++ vmspace_free(oldvmspace); ++ td->td_pflags &= ~TDP_EXECVMSPC; ++ } + + return (error); + } +Index: sys/sys/proc.h +=================================================================== +--- sys/sys/proc.h (revision 266979) ++++ sys/sys/proc.h (working copy) +@@ -938,4 +938,5 @@ curthread_pflags_restore(int save) + + #endif /* _KERNEL */ + ++#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ + #endif /* !_SYS_PROC_H_ */ +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 266979) ++++ sys/vm/vm_map.c (working copy) +@@ -3521,6 +3521,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + struct vmspace *oldvmspace = p->p_vmspace; + struct vmspace *newvmspace; + ++ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, ++ ("vmspace_exec recursed")); + newvmspace = vmspace_alloc(minuser, maxuser); + if (newvmspace == NULL) + return (ENOMEM); +@@ -3537,7 +3539,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + PROC_VMSPACE_UNLOCK(p); + if (p == curthread->td_proc) + pmap_activate(curthread); +- vmspace_free(oldvmspace); ++ curthread->td_pflags |= TDP_EXECVMSPC; + return (0); + } + Added: head/share/security/patches/EN-14:06/exec-8.4.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-8.4.patch.asc Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (FreeBSD) + +iQIcBAABCgAGBQJTjiErAAoJEO1n7NZdz2rnc3EP/3U2Q1wMCK+35jIdsGJ0g+sy +5Dr3VKBYO7h3Tt+V2bUtzDvIEleh7pqtjJZM1k4bT78VgFW0+y/3qdOdVrSbsEqc +0uDYwklb/VMpdQEFh4Qs5qiRt7xuBQPChKDlyzaOIjPl2YM4vy51aGxrwlyH/J9I +/OIEMIOdANDU7YSkm70+edV9/egR9zGupWSBaEfVtH0WUNm3AubyyU8pbE8DDsuz +dLS+PQF9ISZDDwGJgju07GCDmSyZkL0hBzhPQhaXvooxu3KZw8e1mapN7CCU/ntx +Dc9T5QKmuREkbY5ZmK+H2bhGfHU7+sEVwSKUzK3xhhSaBcTQ381q11+TtF2EaPkc +mLd0A4D1O8nJMX/OoLXy3vipS9kz6U10i9+PuntM4QzQqcNYvEjyLnQDpWOslIim +WabFiJL/bPYQiLF3dwcW43+V+acTJ1mXGIhh6iuCospL328JHj4sbp8KDU+qftSx +D/7+ojrxp8sD9m4Up3W8FZ7/DODJv+Rz2n2vXozpBOAo8gXYU30k313y6s/KAH+4 +9AQlohIjJVBMv3LX4Erx1CfPpR/Vs1rrswH2VpmMPGNkCy4HHDuKNda4z6r+huU+ +QgFVwOj6ooTod5yRVEnFqsZtkFAWvkWWOEpgkalEKVmVCha2d98ImdU7n6bSjipt +l404I80gEZeyntZHGMO2 +=DGKB +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-14:06/exec-8.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-14:06/exec-8.patch Tue Jun 3 19:32:04 2014 (r45000) @@ -0,0 +1,104 @@ +Index: sys/kern/kern_exec.c +=================================================================== +--- sys/kern/kern_exec.c (revision 266582) ++++ sys/kern/kern_exec.c (revision 266583) +@@ -278,6 +278,7 @@ kern_execve(td, args, mac_p) + struct mac *mac_p; + { + struct proc *p = td->td_proc; ++ struct vmspace *oldvmspace; + int error; + + AUDIT_ARG_ARGV(args->begin_argv, args->argc, +@@ -294,6 +295,8 @@ kern_execve(td, args, mac_p) + PROC_UNLOCK(p); + } + ++ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); ++ oldvmspace = td->td_proc->p_vmspace; + error = do_execve(td, args, mac_p); + + if (p->p_flag & P_HADTHREADS) { +@@ -308,6 +311,12 @@ kern_execve(td, args, mac_p) + thread_single_end(); + PROC_UNLOCK(p); + } ++ if ((td->td_pflags & TDP_EXECVMSPC) != 0) { ++ KASSERT(td->td_proc->p_vmspace != oldvmspace, ++ ("oldvmspace still used")); ++ vmspace_free(oldvmspace); ++ td->td_pflags &= ~TDP_EXECVMSPC; ++ } + + return (error); + } +Index: sys/kern +=================================================================== +--- sys/kern (revision 266582) ++++ sys/kern (revision 266583) + +Property changes on: sys/kern +___________________________________________________________________ +Modified: svn:mergeinfo + Merged /head/sys/kern:r266464 +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 266582) ++++ sys/vm/vm_map.c (revision 266583) +@@ -3521,6 +3521,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + struct vmspace *oldvmspace = p->p_vmspace; + struct vmspace *newvmspace; + ++ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, ++ ("vmspace_exec recursed")); + newvmspace = vmspace_alloc(minuser, maxuser); + if (newvmspace == NULL) + return (ENOMEM); +@@ -3537,7 +3539,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, + PROC_VMSPACE_UNLOCK(p); + if (p == curthread->td_proc) + pmap_activate(curthread); +- vmspace_free(oldvmspace); ++ curthread->td_pflags |= TDP_EXECVMSPC; + return (0); + } + +Index: sys/vm +=================================================================== +--- sys/vm (revision 266582) ++++ sys/vm (revision 266583) + +Property changes on: sys/vm +___________________________________________________________________ +Modified: svn:mergeinfo + Merged /head/sys/vm:r266464 +Index: sys/sys/proc.h +=================================================================== +--- sys/sys/proc.h (revision 266582) ++++ sys/sys/proc.h (revision 266583) +@@ -414,6 +414,7 @@ do { \ + #define TDP_AUDITREC 0x01000000 /* Audit record pending on thread */ + #define TDP_RESETSPUR 0x04000000 /* Reset spurious page fault history. */ + #define TDP_NERRNO 0x08000000 /* Last errno is already in td_errno */ ++#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ + + /* + * Reasons that the current thread can not be run yet. +Index: sys/sys +=================================================================== +--- sys/sys (revision 266582) ++++ sys/sys (revision 266583) + +Property changes on: sys/sys *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406031932.s53JW5aO041679>