From owner-svn-doc-all@freebsd.org Tue Aug 18 20:11:49 2015 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF6339BD5F4; Tue, 18 Aug 2015 20:11:49 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 99F3A28A; Tue, 18 Aug 2015 20:11:49 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7IKBnTZ011296; Tue, 18 Aug 2015 20:11:49 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7IKBjkF011279; Tue, 18 Aug 2015 20:11:45 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201508182011.t7IKBjkF011279@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 18 Aug 2015 20:11:45 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47263 - in head/share: security/advisories security/patches/EN-15:11 security/patches/EN-15:12 security/patches/EN-15:13 security/patches/SA-15:20 xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2015 20:11:49 -0000 Author: delphij Date: Tue Aug 18 20:11:44 2015 New Revision: 47263 URL: https://svnweb.freebsd.org/changeset/doc/47263 Log: Add EN-15:11, EN-15:12, EN-15:13 and SA-15:20. Added: head/share/security/advisories/FreeBSD-EN-15:11.toolchain.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-15:12.netstat.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-15:20.expat.asc (contents, props changed) head/share/security/patches/EN-15:11/ head/share/security/patches/EN-15:11/toolchain.patch (contents, props changed) head/share/security/patches/EN-15:11/toolchain.patch.asc (contents, props changed) head/share/security/patches/EN-15:12/ head/share/security/patches/EN-15:12/netstat.patch (contents, props changed) head/share/security/patches/EN-15:12/netstat.patch.asc (contents, props changed) head/share/security/patches/EN-15:13/ head/share/security/patches/EN-15:13/vidcontrol.patch (contents, props changed) head/share/security/patches/EN-15:13/vidcontrol.patch.asc (contents, props changed) head/share/security/patches/SA-15:20/ head/share/security/patches/SA-15:20/expat.patch (contents, props changed) head/share/security/patches/SA-15:20/expat.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-15:11.toolchain.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:11.toolchain.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:11.toolchain Errata Notice + The FreeBSD Project + +Topic: make(1) syntax errors when upgrading from 9.x and earlier + +Category: core +Module: toolchain +Announced: 2015-08-18 +Credits: John Hein +Affects: FreeBSD 10.2-RELEASE +Corrected: 2015-08-13 22:29:26 UTC (stable/10, 10.2-STABLE) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The FreeBSD userland and kernel build system ensures a seamless upgrade path +from the previous major FreeBSD version. During source-based upgrades, the +build system must utilize several utilities on the running system in order to +bootstrap the build toolchain, after which the bootstrapped utilities are used +to produce the build output for the system upgrade. + +The make(1) utility was replaced with the NetBSD bmake(1) utility as of +FreeBSD 10.0-RELEASE, which has several syntactical differences compared to +the fmake(1) utility found in earlier FreeBSD releases. + +II. Problem Description + +A hard-coded make(1) invocation in the FreeBSD 10.2 sources produce warnings +on FreeBSD versions earlier than 10.x due to a syntactical difference between +the FreeBSD and NetBSD versions of make(1). + +The warnings may persist on FreeBSD 10.2-RELEASE or 10.2-STABLE if the system +is configured to use fmake(1), by defining WITHOUT_BMAKE in src.conf(5). + +III. Impact + +The warnings produced have no known functional impact. Additionally, the +warnings will not recur after the system is upgraded to 10.2-RELEASE or +10.2-STABLE, unless WITHOUT_BMAKE is defined in src.conf(5) as noted above. + +IV. Workaround + +No workaround is available, but systems using binary upgrades such as +freebsd-update(8) are not affected. + +V. Solution + +Perform one of the following: + +1) Update the system sources to stable/10 or releng/10.2 dated after the +correction date prior to upgrading from FreeBSD 9.x or earlier. No addtional +action is required. + +2) To update your present system via a source code patch: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch +# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch.asc +# gpg --verify toolchain.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r286746 +releng/10.2/ r286901 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:11.toolchain.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnSJEP/A1452UILdiWXytwy75nCktq +a4vCmQ73gK1raY1SyFDzRppemiIeiDlsE3NTldNvMjw+itPkW/d/VJYIsUQimLxL +dQvuAaWLKDK2MKjCUkl7isxBJPdcnnB12QLIZ5TS9ZzqPo7awFq91tL3TmAhwdmw +mAikqUoOZilTC6j3wZp+2w4IjSrecN6dGdTutd9E8ahjy8BmNBax+hyPnbFTXGp4 +s8Tpx3LhmPicvXh4ou3uHm0IbKFJF2B5Y8THTDF2SAZ5pyaltjg+o4JvW1lvaOFM +XXp1XkGhfdkFj19FKeFUsT4BWLorqAnu9BqNJFlrxbotaPMMBJLbMEI2HqBVMa8a +fu+loj9tlAMprWjKnl+GLcYrpIEmIPQzGHHO0k8ke1efQmsfLeBo1cdKyQV1M88u +uwRBDkN08krEyun5QDeZwn35Kc//jeK14v465HRXt0gxztX+frt31UKNu7cTEuo9 +ZqZbX5RUS85u/Z8WKhIBp9LWSgVdaB1v10mSb9kHMqZvckEqlozxr3h+/lOezpep +rGCdnHPDEHaA5jvwX2WY3+Rb7hOvpzRw5UmBuGVfGp16HQALIwwMC0LM9hA2NnZf +re3Rx4asssbyoLmp8akZjDsr3j/500/XM7enNvQcEc1ZQhK9k5W9SDg6cbEthEle +Eiaq3eGZnWVBKiYftGcT +=ryS+ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-15:12.netstat.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:12.netstat.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:12.netstat Errata Notice + The FreeBSD Project + +Topic: Incorrect netstat(1) data handling on 32-bit systems + +Category: core +Module: netstat +Announced: 2015-08-18 +Credits: Mark Johnston +Affects: FreeBSD 10.2-RELEASE +Corrected: 2015-07-31 00:21:41 UTC (stable/10, 10.2-STABLE) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The netstat(1) utility displays the contents of various network related data +structures. + +II. Problem Description + +The netstat(1) utility incorrectly handles reported values on 32-bit systems. + +III. Impact + +Due to how netstat(1) processes IPSEC counters, the utility may produce +incorrect output on 32-bit systems. + +IV. Workaround + +No workaround is available, however systems without IPSEC compiled into the +kernel are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch +# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch.asc +# gpg --verify netstat.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r286099 +releng/10.2/ r286901 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:12.netstat.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnAzIQANyLdOOQhe9dHyAV4N5YKM3B +Z/86dY/KIIViVb1uzkBASBNnkHlG+mCMOQpzX2x8yCPF4i7bIEfPa4r2Bzw9pvCF +RWRKvZXERESh/RndQFhxcmJMAyYPq7MdK0IZzG53vinlMoSz2WTKj2vSR7t2jfo+ +ObTfgdkqN/PZs/W+AQY8a4DMdxCLg1KCZiSpQRO7ea+4AxsI8qNgoytvG6HRno/z +uGe6Ad82ZfysKgqe9JO4gvRTR77ebQAVSSr3qylQcOGHohy9tFHcI2FEAAqLJrQY +b5DDLOawLRsQm0hwkLCTOZX2QvIFgz0gGRpvPcN9ZKValMc5DKQv36z3hOByK+3i +dDHFG/Diy2JNP0tsKtW8IyyLvW2DAUoTs1nVaWMvLKkMUr+loOYvoaLdGT0xQP2d +M6UT40mRMznfH/Gq/0DJFArsYcyB9YRl7rD0dy1HhqApogHQrTjsT+1vtBtpaTmv +LHA77tHyzI0TxOvmx3hglj/z4BLZDPU6ydXr3zeOYBpLz5p02GKxHUc+JrmWBfOV +Jep0+Fr2fYST5bGVtExNQV6cTlBZPnGR4JxJEUQA6a+FdyJcDuzOTNcs0YzwjuSC +dIk5pdxI3nkc+zf9GZLXUdLcxXfo6jBUy0fSWkzirGzBfo0wxseE6cbxxTH7vumx +CLGGmHiqxVuF/nP4ScHi +=3aK1 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:13.vidcontrol Errata Notice + The FreeBSD Project + +Topic: Allow size argument to vidcontrol(1) for syscons(4) + +Category: core +Module: vidcontrol +Announced: 2015-08-18 +Credits: Ed Maste +Affects: FreeBSD 10.2-RELEASE +Corrected: 2015-08-04 15:15:06 UTC (stable/10, 10.2-STABLE) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The vidcontrol(1) utility is used to set various options for the syscons(4) or +vt(4) console driver, such as video mode, colors, cursor shape, screen output +map, font, and screen saver timeout. + +The vidcontrol(1) utility allows specifying a font size and font file as +arguments to the '-f' flag. When no size or file are specified, vidcontrol(1) +the default font will be used. + +II. Problem Description + +The vidcontrol(1) does not properly allow specifying the font size when +invoked from the command line. + +III. Impact + +The vidcontrol(1) utility will use the default font size, regardless of the +size specified as an argument to the '-f' flag. + +IV. Workaround + +No workaround is available, but systems not using the vt(4) driver are not +affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch +# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch.asc +# gpg --verify vidcontrol.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r286291 +releng/10.2/ r286901 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:13.vidcontrol.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV05A2AAoJEO1n7NZdz2rnUc0QAMiNBzG5yPZYN5yDzbKSzWAX +/bHJNOhM2SBTHIHuUd/s1UjW2OW57IYyVLaF8BPjs8pXlQT6op3R2r/ZItfe/5xz +dja6oBH74czaLRMigrxIT1SaJdSzlpnRbtJR4HMjGnA2f9Rbttl5S4j0vf6sy/6G +fqgbKrston6WbTQudNkpwekaYbUStA4iVarIBfntbNmg7TvFZLl+yKbPvoQ3/Lxz +pU1U55JNTQOYn+h1KaLm+p7pvEPM7g6q49ZsIaX3dXBIMB00GT9wwvZZPpvUNn+Q +v+EUSvuIspaIhFb0Jng5gULQkJ5pRg/xDWZ71PcNW/F7hKf4Gt8NUdpmMO+k180X +EQAS37q9hdSiYmktFx7O6tX//3vr/Zpvm0fZviBjqJwkNTqzRfa+NPojbDaDqolX +/b/af9FZ0dBET4VrlNRp/XpJq9d5MCrRZKd2zmcdUwiOh06ZpQzh0tYjJCdM8d5P +Ytdl36EIsCSBWm1vcXA9lHafMe+Ihuh3mOLPkWR+RL47jfHe7iuoyxKJGLBsK9T5 +Pzq7Le9uSdrIIqZce7zCsZ59MpwizMOBO8/XejynTQXmmLuzc/DI+L6lWINGbFc7 +pNYPSbcYB3iikdKe8LyQm2+Joiuu4EJJkiOiUSYYNT0o4yJYBTRntEwqnUJb8sO2 +kMp/1tcmaQbOdW6t8iqw +=/VcW +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-15:20.expat.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:20.expat.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:20.expat Security Advisory + The FreeBSD Project + +Topic: Multiple integer overflows in expat (libbsdxml) XML parser + +Category: contrib +Module: libbsdxml +Announced: 2015-08-18 +Affects: All supported versions of FreeBSD. +Corrected: 2015-08-18 19:30:05 UTC (stable/10, 10.2-STABLE) + 2015-08-18 19:30:35 UTC (releng/10.1, 10.1-RELEASE-p18) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1) + 2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1) + 2015-08-18 19:30:05 UTC (stable/9, 9.3-STABLE) + 2015-08-18 19:30:35 UTC (releng/9.3, 9.3-RELEASE-p23) +CVE Name: CVE-2015-1283 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Expat is an XML parser library written in C. It is a stream-oriented +parser in which an application registers handlers for things the parser +might find in the XML document (like start tags). + +The FreeBSD base system ships libexpat as libbsdxml for components that +need to parse XML data. Some of these applications use the XML parser +on trusted data from the kernel, for instance the geom(8) configuration +utilities, while other applications, like tar(1), cpio(1), svnlite(1) +and unbound-anchor(8), may use the XML parser on input from network or +the user. + +II. Problem Description + +Multiple integer overflows have been discovered in the XML_GetBuffer() +function in the expat library. + +III. Impact + +The integer overflows may be exploited by using specifically crafted XML +data and lead to infinite loop, or a heap buffer overflow, which results +in a Denial of Service condition, or enables remote attackers to execute +arbitrary code. + +IV. Workaround + +No workaround is available, but the problem is only exploitable when the +affected system needs to process data from an untrusted source. + +Because the library is used by many third party applications, we advise +system administrators to check and make sure that they have the latest +expat version as well, and restart all third party services, or reboot +the system. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +A reboot is not required after updating the base system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is not required after updating the base system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch +# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch.asc +# gpg --verify expat.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +The FreeBSD base system do not install daemons that uses the library, +therefore, a reboot is not required after updating the base system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r286900 +releng/9.3/ r286902 +stable/10/ r286900 +releng/10.1/ r286902 +releng/10.2/ r286901 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAEBCgAGBQJV05AOAAoJEO1n7NZdz2rnRPUP/2L0kectacl6IWOOeGFt6QgG +eRjZ6F53GqOYG3eW6tM71y+Vbeld+HkcMMgsckO4PM1vJg9AbKEJ56DmvGvFQepC +TBBcbg++VHOB2jilKh/meOiF0sUqwcpSTwOdRREfWTAMXNS5te7kcpuykZoi4R1x +LupCmRxQtM3taztw0AA/5AVRurmy+i6P9xuUnhGULyCcoi56VI1WvrpTk2KHbi7V +T5f/Xwf2hPfznJVoxvPjY9YoOlD2Fql0Dc51clJOQ82l9VVD+lP4ISoJmwLqFPKA +K4ZpiutMkoLda1er4lNaxsH4Ec7Oey4Dx2xpq1/JmQ9tP98Mtq4oaXNZAGminlET +rNoLOWR72Gg+NEh7Y+Yuu0K3zFmzLLm1pMjYfuIUaseT2qY7CE+qwm58kG6NvC53 +fF+BwofOSaVNX/uzQnbP0iMJbewKXpqNO21CkdaapZVG+sXn8BZF3S1QDAWPaNwV +cJT9agijNG6pNUESNZcgY0ow/n4B8J+wWwA1KWzBgbedzj0yG8rsmulkCZEpt1hU +4uHR62Ktvd2IecoRn2gptA6SkpxHHJhzG8uKvDFq9vvzZko31rc3ttLI/Bb5P1QZ +wqn1hp1sy9hEpoGxFQlYJj4msahR4P7vTt+0cN4dSVwwg08Xbq1TL4b077BR1ZbR +ymv8Cnwn7Kg5NRBS2GBD +=4h4f +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:11/toolchain.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:11/toolchain.patch Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,15 @@ +Index: Makefile.inc1 +=================================================================== +--- Makefile.inc1 (revision 286847) ++++ Makefile.inc1 (working copy) +@@ -133,8 +133,8 @@ OSRELDATE= 0 + .endif + + .if !defined(VERSION) +-REVISION!= make -C ${SRCDIR}/release -V REVISION +-BRANCH!= make -C ${SRCDIR}/release -V BRANCH ++REVISION!= ${MAKE} -C ${SRCDIR}/release -V REVISION ++BRANCH!= ${MAKE} -C ${SRCDIR}/release -V BRANCH + SRCRELDATE!= awk '/^\#define[[:space:]]*__FreeBSD_version/ { print $$3 }' \ + ${SRCDIR}/sys/sys/param.h + VERSION= FreeBSD ${REVISION}-${BRANCH:C/-p[0-9]+$//} ${TARGET_ARCH} ${SRCRELDATE} Added: head/share/security/patches/EN-15:11/toolchain.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:11/toolchain.patch.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn23IP/1S3dK2FSC1EI7DyOXF+gc7d +/OSBm2Y+mR1NFSJEOjIui3TPRxjRUG3aLYaK+HEnmGrgiXhksgCiWAgxAxLw4odq +dHbYP0lEnsQNZ8k4IJH5AyV+EshDJPmLyrvvKAJozZ9vSS0FlBxV4vJZDy4X65fh +JR28SWihiEp6uNSPU45I7ELPLIhaKo0fWDDThVRIfW3g8azl2kwXES1G8LbFTZhl +hEvKQoDHXrRArRo1aeLJ+v/OJ5OPTNY9sCJm3mozXibUIOpUPcg57dGqVx1QWWHU +pUhlqi3kYkL6niphRSkIEvlshUYwJHQfNZUJTVS5Yj2cXvcsv8BumjEXHdwlJBId +D4ZxLb+A+Nu9aZmKlzYGmdbguzUHjXEA9WrcIxktpgVpSpnpNzDbIywuofm5g8Q4 +U63sdB6PJsDxvEg9D6ocVfbg5LqMQE5TMFYRNXLUBJlTEU75OuTuNDoIct3vLOWI +tP+xMVEJrD8kbBlJYT/ywqr9q5I23bF7axLNpZ/QcEa8R/Ea1iePBGUiFiJrYxWF +AKXPQ/lfI+5Aaenw54yFA4tWLcD/6YUh8y+vbX1PA9yLs6mjZvcP+hBXnMmCQ0IS +g/ZRSmX/c+RgUtAWlBqOoejRco5i5AznrkPl8KUi4qNMsmT2NYu91pHat5IwIh1p +dus3VPkw1zZ+oHjuKaXw +=JkV1 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:12/netstat.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:12/netstat.patch Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,42 @@ +Index: usr.bin/netstat/main.c +=================================================================== +--- usr.bin/netstat/main.c (revision 286847) ++++ usr.bin/netstat/main.c (working copy) +@@ -785,19 +785,31 @@ kread_counter(u_long addr) + int + kread_counters(u_long addr, void *buf, size_t size) + { +- uint64_t *c = buf; ++ uint64_t *c; ++ u_long *counters; ++ size_t i, n; + + if (kvmd_init() < 0) + return (-1); + +- if (kread(addr, buf, size) < 0) ++ if (size % sizeof(uint64_t) != 0) { ++ warnx("kread_counters: invalid counter set size"); + return (-1); ++ } + +- while (size != 0) { +- *c = kvm_counter_u64_fetch(kvmd, *c); +- size -= sizeof(*c); +- c++; ++ n = size / sizeof(uint64_t); ++ if ((counters = malloc(n * sizeof(u_long))) == NULL) ++ err(-1, "malloc"); ++ if (kread(addr, counters, n * sizeof(u_long)) < 0) { ++ free(counters); ++ return (-1); + } ++ ++ c = buf; ++ for (i = 0; i < n; i++) ++ c[i] = kvm_counter_u64_fetch(kvmd, counters[i]); ++ ++ free(counters); + return (0); + } + Added: head/share/security/patches/EN-15:12/netstat.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:12/netstat.patch.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn5eEP/R4ofVcJW8kEubscqSVvvg5A +GYggED+J0CjwJQcEW5tpUxhm0/Tw/jqzQMjgyOv/eFzgMVpNz4Yp5UYMJW/05ZM6 +Jh1yh8b/v8F+zsKN/iFm/z0D0DOOtWACZwe7a3C8cPbycukwTkNhPrucumGZsEUL +9BJCpyaZUS31bsR6jprnQlIX3uG3uUehvLVJFooyhLWdQ2smehx4iyqzYeqbOvmz +R3kFv+qBmuTOmQb4q683+ARs6dfW/2xfVrYzQfOqWNNXqStlqEZ/MWlpga4diwKV +cfYyWsCuzZQcSTY+35ifT8x/zU/tDKfoYFpVs0O8z4zsPEQfb+Av5dNwpHM8nKW/ +KvvImlrgwMTsRzcyDqf8filSq5TpMScBjLeHqDBUwU7CTj4FV7j6sWesQq4nWjgo +rFPpA0FgxFVDgN3bCPj4pdwvJE8OIy50IDF+zAEUI6k0z66zoCf2MeMd4AxgdNxk +DHsk5/N29W0oilXuImg3jj3QYaThWVIhcX3NO029mW33c84+YFKNAox3ZHlJ0/n/ +7f654dFe1SGujtAOgaf4EMeYm7wwwqeT303YJXFuNQgy8tTaO8eKmdsXzbfNz2kv +Aq8I55mlUtTmU6UVGJp77ZQqcONUoMCn/D/flFh/5LY9HEDVGc/924tTq4JTQFyg +Yj5oJIiY5nRCWMcaOnAu +=LO9c +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:13/vidcontrol.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:13/vidcontrol.patch Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,13 @@ +Index: usr.sbin/vidcontrol/vidcontrol.c +=================================================================== +--- usr.sbin/vidcontrol/vidcontrol.c (revision 286847) ++++ usr.sbin/vidcontrol/vidcontrol.c (working copy) +@@ -1343,7 +1343,7 @@ main(int argc, char **argv) + if (vt4_mode) + opts = "b:Cc:fg:h:Hi:M:m:pPr:S:s:T:t:x"; + else +- opts = "b:Cc:df:g:h:Hi:l:LM:m:pPr:S:s:T:t:x"; ++ opts = "b:Cc:dfg:h:Hi:l:LM:m:pPr:S:s:T:t:x"; + + while ((opt = getopt(argc, argv, opts)) != -1) + switch(opt) { Added: head/share/security/patches/EN-15:13/vidcontrol.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:13/vidcontrol.patch.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rnToIP/30+OLVjPtkT8k3DUFTL8Mk3 +wWiPfBdueZ1BlYxC+/tDxyLWkDGGRUALljwOz9V4CobiT1FEcEW24VDMDJCk/Qiq +zveKkRMhY3hjna6rbqvfBWa2qCYmELXR0onJc69+mC7LXI6Jg4x3bTwQ1BjZQf2f +T3fwO6CWfHuHYzNxLkT726hs6xAP9B8drlUB328t6VGw8LPYsXEQ2aJLSIuRzE9T +Ds5jvaIvyKtGrDJE88ZZhKaZUncXPMiG22MKtkT1g4dljaIjCV31N7ZZVZg+yaO9 +L/5+5bT6p6dkbKJYvRsh+KqktfL1UeACGL/TzJdoZ6ZpVPcHfqVK3BPBQLnNGHPB +PbXnQXkgdLYJVeWVd8g275se/Dz1q3fryFwG5PzTl/aw1+lImR/Dgf9FDjkYEHXh +0NQcoE/8R1vMyAxeUSqMRkf95DX54NKpHeEadRHiGq8Lxj0HzmoNKn/hlARXrxCu +zRLvzxF/VXVysurq9V4kyQJk9yQDy+h/fn0Y70OYLTgVR5zYnq9oMK+Fw+7hqmiG +RaBQGwj+/8rByTQ7atgDj/W3wTARK0Y76aHoyl76fEzd/SFuvbMmJz+NKjWZv0mo +Cjxu+6Tb7rS1mAxDX0SEqlzbKlVPCaYV808jG2bl7F9r6x9N6zgXcD5HOC5jdGT3 +7zUqHo8l6/n3Xt27lvKF +=eCcb +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:20/expat.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:20/expat.patch Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,49 @@ +Index: contrib/expat/lib/xmlparse.c +=================================================================== +--- contrib/expat/lib/xmlparse.c (revision 286868) ++++ contrib/expat/lib/xmlparse.c (working copy) +@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int is + void * XMLCALL + XML_GetBuffer(XML_Parser parser, int len) + { ++/* BEGIN MOZILLA CHANGE (sanity check len) */ ++ if (len < 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + switch (ps_parsing) { + case XML_SUSPENDED: + errorCode = XML_ERROR_SUSPENDED; +@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len) + } + + if (len > bufferLim - bufferEnd) { +- /* FIXME avoid integer overflow */ + int neededSize = len + (int)(bufferEnd - bufferPtr); ++/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ ++ if (neededSize < 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + #ifdef XML_CONTEXT_BYTES + int keep = (int)(bufferPtr - buffer); + +@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len) + bufferSize = INIT_BUFFER_SIZE; + do { + bufferSize *= 2; +- } while (bufferSize < neededSize); ++/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ ++ } while (bufferSize < neededSize && bufferSize > 0); ++/* END MOZILLA CHANGE */ ++/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ ++ if (bufferSize <= 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + newBuf = (char *)MALLOC(bufferSize); + if (newBuf == 0) { + errorCode = XML_ERROR_NO_MEMORY; Added: head/share/security/patches/SA-15:20/expat.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:20/expat.patch.asc Tue Aug 18 20:11:44 2015 (r47263) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.7 (FreeBSD) + +iQIcBAABCgAGBQJV05AbAAoJEO1n7NZdz2rnrksP/3jxGcKHjoTJLwf4k4Mgwrlw +rxROcgN1v78gvmKO8RvMSh+/xVIbkV0gDANwoKRilRkA4Pyf5s7adv2QzyrpqXIv +lz/gGOU6RZuA9jBtml/fRot4m7o2jXOlmVtnFFcg7rLHwKlH1x0lzWm4ynHH0cW7 +a8ia6JOvaeTTvnclUIe69OEhucqgDh0+/mtDEfHTUvqBQ6P/JYt5vLYJ8uLdz+rs +mwHJDnoDq6Si0zprd75oqWY+k/pw70mYjhuPInm/skHgJNLVrmG4qqUk0krTNiHJ +tiXw1omNhcU6RKlUWSm33RvVZAoXUtVuezrN+49XufwpcggY0N38lFVVf3Qifqv7 +GblmmQLgG4kpnwfJQTyRSHUbx8nB6US8c521gdEVJzaOiegBITtjT/oFP+tB5oXc +6lXDTqYFODSYnPObObWOxO26ZCsbEnDeDuG4DzAVzmznTyGcBmCUMga1PKDiEKpP +zmz5J/r+NqpQLBNxIkIrzgw9glH3mIYMci7Scx7GS7i5BsI9JXhxjybWlzofNh1/ +1b3IbJFDFHyGYCkMXko0XSC8lVkmz4ycFxvRka06+T8veGqACjiDfmS5s9G2+mXt +rbzUgchdMXSKb264MU4Z9UPoRLwp9G0uYWaipmlohEZ21uA9rVv93USrXVnKnOB0 +s+eP4ITZ2Q/lIej858xV +=cOv7 +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Aug 18 19:45:39 2015 (r47262) +++ head/share/xml/advisories.xml Tue Aug 18 20:11:44 2015 (r47263) @@ -11,6 +11,14 @@ 8 + 18 + + + FreeBSD-SA-15:20.expat + + + + 5 Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Aug 18 19:45:39 2015 (r47262) +++ head/share/xml/notices.xml Tue Aug 18 20:11:44 2015 (r47263) @@ -8,6 +8,26 @@ 2015 + 8 + + + 30 + + + FreeBSD-EN-15:13.vidcontrol + + + + FreeBSD-EN-15:12.netstat + + + + FreeBSD-EN-15:11.toolchain + + + + + 6