Date: Tue, 6 Aug 2019 17:31:19 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53296 - in head/share: security/advisories security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18 security/patches/SA-19:19 security/patches/SA-19:20 security/pa... Message-ID: <201908061731.x76HVJHL052544@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Tue Aug 6 17:31:19 2019 New Revision: 53296 URL: https://svnweb.freebsd.org/changeset/doc/53296 Log: Add EN-19:14, EN-19:15, and SA-19:18 to SA-19:21. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc (contents, props changed) head/share/security/patches/EN-19:14/ head/share/security/patches/EN-19:14/epoch.patch (contents, props changed) head/share/security/patches/EN-19:14/epoch.patch.asc (contents, props changed) head/share/security/patches/EN-19:15/ head/share/security/patches/EN-19:15/libunwind.patch (contents, props changed) head/share/security/patches/EN-19:15/libunwind.patch.asc (contents, props changed) head/share/security/patches/SA-19:18/ head/share/security/patches/SA-19:18/bzip2.patch (contents, props changed) head/share/security/patches/SA-19:18/bzip2.patch.asc (contents, props changed) head/share/security/patches/SA-19:19/ head/share/security/patches/SA-19:19/mldv2.11.patch (contents, props changed) head/share/security/patches/SA-19:19/mldv2.11.patch.asc (contents, props changed) head/share/security/patches/SA-19:19/mldv2.12.patch (contents, props changed) head/share/security/patches/SA-19:19/mldv2.12.patch.asc (contents, props changed) head/share/security/patches/SA-19:20/ head/share/security/patches/SA-19:20/bsnmp.patch (contents, props changed) head/share/security/patches/SA-19:20/bsnmp.patch.asc (contents, props changed) head/share/security/patches/SA-19:21/ head/share/security/patches/SA-19:21/bhyve.patch (contents, props changed) head/share/security/patches/SA-19:21/bhyve.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:14.epoch Errata Notice + The FreeBSD Project + +Topic: Incorrect locking in epoch(9) + +Category: core +Module: kernel +Announced: 2019-08-06 +Credits: Mark Johnston +Affects: FreeBSD 12.0 +Corrected: 2019-07-27 16:11:04 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:07:43 UTC (releng/12.0, 12.0-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Some parts of the kernel use a new synchronization primitive, epoch(9), +which can be used to implement safe memory reclamation. In this usage, +threads can use the epoch(9) KPI to ensure that no other threads hold +a reference to a given object in memory. + +II. Problem Description + +In the case where epoch(9) must wait for a thread that is blocked on +a lock, it will use the turnstile(9) KPI to propagate the current +thread's priority to the lock holder. However, in the case where the +lock has no designated owner - for example, it is a reader-writer lock +owned by one or more readers - a bug in the interaction with the +turnstile meant that pair of spin locks were left locked when they +should have been unlocked. + +III. Impact + +In rare cases and under heavy load, the kernel may panic or lock up. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch +# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch.asc +# gpg --verify epoch.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350373 +releng/12.0/ r350641 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:14.epoch.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1JtztfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJgXA//Wbh6Nv6OL+Aer7oZ8uiZEhDTj+a+IMG617uCyeD+x4/8Hj73J7Pg6vaT +CGqGAslxy8GMmvrO8Jmn0RFDyfJb+mW1M9FqQS4u9DNm1r7nNuOBWj9UcAC9TQOY +rIEoqe/wD6a+EKQ01tgsWm2TYA2hX/WwtKJiYuPJOyuTzm9d3PhQ2SPmU0NaqyfU ++0YT3QHRYUEYHU/tZwAV3axcihYP7NfrgEWmE3LY7fBX1ShxFOYZVlexY4604wyc +SLxCMVnfqFiB8vH5X8R4J9OlsK00j1W2B+PJodocDzNjvHgnRb3RSHeo+EC+3y7k +/P3qRCxtgPzb/VHCCRry0LAmeijxQDWVf4vydjaMVDQEv/zQ+Y5ujAucRAtvtjRm +gYLRTOHnXVTpZk/c8h2Gch9g3sB9aqrsMYtPUqSfRRUFDYJjN3NVmVLo4ciAhjwY +EvGr7HloO3O4n+zYWOagvSvu05TjOA1SGGURAkslthjTXRpmiqDSS6yawW23v7Jw +gC7pvVUnmGSGzlwGPojE6LBSX3CWlgwJV/6g2s0wizPGv3K/IQMMQn7NaaLl09xw +X6TND7mVGqk2w3do1k9ZSkvqI+jr4MkJbGh5Vl8q1J/oW9KPTVO3+mQEi91SvgU+ +YEyzryregBP69ta7gqT0Pgb2+LR9733qPLSh3Hgn/4zRI/seSkU= +=pBEN +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:15.libunwind Errata Notice + The FreeBSD Project + +Topic: Incorrect exception handling + +Category: contrib +Module: libunwind +Announced: 2019-08-06 +Affects: FreeBSD 11.2, FreeBSD 12.0 +Corrected: 2019-08-06 17:08:30 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 17:08:30 UTC (releng/11.2, 11.2-RELEASE-p13) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The libunwind library, which originates from the LLVM project, is responsible +for handling the unwinding of stack frames, when programs throw C or C++ +style exceptions. It uses exception handling information embedded in the +executable file to determine the layout of the stack, at the time the +exception is being processed. + +II. Problem Description + +In some cases, the exception handling information embedded in executables is +not correctly interpreted by libunwind. This causes it to emit a runtime +error, and abort the affected program. + +III. Impact + +Affected programs will show an message on the standard error stream, when +they attempt to throw an exception: + +libunwind: getEncodedP \ + /usr/src/contrib/llvm/projects/libunwind/src/AddressSpace.hpp:280 - \ + unknown pointer encoding + +After this message, the program will be aborted using the abort(3) function, +which usually results in a core dump. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch +# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch.asc +# gpg --verify libunwind.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>, and +reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +releng/12.0/ r350642 +releng/11.2/ r350642 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234201>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:15.libunwind.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt0pfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJOkQ/+N8Esx4GPWNOzNOGJAnBgtujVeCDjbubny9ktMElEw6mZJKWqcgFmG1bm +hdz5iAz6xn/W6Y5fUR07aM6KFLTN7Is0LqaC+4mWFgbmPu9t0DVgjjsSHAJk6+fu +NpkSMDYq0tUqhNUFlP36EoTHUuM7KlD3/a1dlGZwSOmT3tQitosD8MYNm8bXdsiG +Fx8xXJz8l7qtSw5a1HI2yrRmR7hZHEblGVDP1BjU+QVh7O+0oTeSWHjtriCeYXOl +KUNypPNU5HTySLI0XE+wXJ8S3SblmCOJSdEy/EDZYd8KxG2ib+abn6KdewQl0dIL +0evKaSeIfrVyHfbQporrUotpuTgHrxdD63vowtyH4fL/JzNmw38ZBRzu/4Lib4eF +uaMr7IXyUvifJRBNHCSV5waEQXdcaZ4/YiNg93kiBCC1FhqKEEel0TLARTqtCEVu +ByQVjjZ5v45OAq74uFSYfnSReLt96VnQFD8J5JIKlYaR145tSUKzgetUy+iekjq2 +7sRr0kh7lGFFNoOhbFDBURr3HrFgfpWgRA12/AuAVelXPTG4ik8tU6X/vNlvysK6 +TJel41R8++MPUQuaQPU9KfUiAycvV4P9/hHEodnjhNY7NaWkXaP+fJpxCtctcFGd +eIcI3nIoJX+6W2KjZkJcrbuZsqkVSsz0MXgfLNuoNZruzdppLAY= +=Sq9+ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:18.bzip2 Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in bzip2 + +Category: contrib +Module: bzip2 +Announced: 2019-08-06 +Affects: All supported versions of FreeBSD. +Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2016-3189, CVE-2019-12900 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and +decompress files using an algorithm based on the Burrows-Wheeler transform. +They are generally slower than Lempel-Ziv compressors such as gzip, but +usually provide a greater compression ratio. + +The bzip2recover utility extracts blocks from a damaged bzip2(1) file, +permitting partial recovery of the contents of the file. + +II. Problem Description + +The decompressor used in bzip2 contains a bug which can lead to an +out-of-bounds write when processing a specially crafted bzip2(1) file. + +bzip2recover contains a heap use-after-free bug which can be triggered +when processing a specially crafted bzip2(1) file. + +III. Impact + +An attacker who can cause maliciously crafted input to be processed +may trigger either of these bugs. The bzip2recover bug may cause a +crash, permitting a denial-of-service. The bzip2 decompressor bug +could potentially be exploited to execute arbitrary code. + +Note that some utilities, including the tar(1) archiver and the bspatch(1) +binary patching utility (used in portsnap(8) and freebsd-update(8)) +decompress bzip2(1)-compressed data internally; system administrators should +assume that their systems will at some point decompress bzip2(1)-compressed +data even if they never explicitly invoke the bunzip2(1) utility. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart daemons if necessary. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch +# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc +# gpg --verify bzip2.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r349717 +releng/12.0/ r350643 +stable/11/ r349718 +releng/11.3/ r350643 +releng/11.2/ r350643 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt09fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJWEQ//dBiFwPCKcUaeSBuM9opVUxWzFYrpWdYwwagQXzNqO3Z77Vi2hHQnfpkD +bM8WgWwChOJmlTja7sjnF+QjoV9/elzYhFrD6q0W1nLZ2XHcXyHrbFLMJ+CrvCWR +AuVCEkmT2fchE/5c71l/v8I452EpGZG7P0fwG1bpf84p1PFLl3esfeo8+CzN1x2h +YLnvfp69/tC18LR0/yozRUuFSqoYBhbnJsclB1JkrGx0fPOcE9y3sudVhBIDbH7h +nYSTJl/KkTHf6tbJVXWUVr5gJzCgGvvhUer49RCdJMAwj6hKYT49vWnOFl1T8DAL ++co0ZzTiKoCdrrrguijh4QTEUe4UAGS3PPAwhUiOu+y8Bry06/U565uO9y9iILef +M5oYTbM7h/TErPxSE421fWeexeK0seCHqmj/rO1Yf7RkRvLg/QaJk5YWM0KoP3NH +QQRdX8qNiy4liEqGvJwfUdNcVXA3d7BKifl6MKH+5/2i5B23wHItIeuIGYo5LgdI +mnH59L5wylhWGa0Dc+N9fP0jFvBfk7/4a0joXYIQ7/KDQg0X+WdiGZ/mzZ4GEisX +hwI2laAh/oyksInrMcLCbvgWql+lrUvK3ltHo17U+wrMeb+8btDLR5T/9XlLPWGp +s101XS6ewcwpZ8g5uBtlFBLmp8BGkALTAJtwwqJ2eoLfLYCXq3I= +=3O6m +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:19.mldv2 Security Advisory + The FreeBSD Project + +Topic: ICMPv6 / MLDv2 out-of-bounds memory access + +Category: core +Module: net +Announced: 2019-08-06 +Credits: CJD of Apple +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5608 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used +by IPv6 routers to discover multicast listeners. + +II. Problem Description + +The ICMPv6 input path incorrectly handles cases where an MLDv2 listener +query packet is internally fragmented across multiple mbufs. + +III. Impact + +A remote attacker may be able to cause an out-of-bounds read or write that +may cause the kernel to attempt to access an unmapped page and subsequently +panic. + +IV. Workaround + +No workaround is available. Systems not using IPv6 are not affected. + +V. Solution + +Perform one of the following: + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Reboot for security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2, FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc +# gpg --verify mldv2.11.patch.asc + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc +# gpg --verify mldv2.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350648 +releng/12.0/ r350644 +stable/11/ r350650 +releng/11.3/ r350644 +releng/11.2/ r350644 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5608>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r +NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR +VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h +oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW ++UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0 +15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo ++F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ +Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ +gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl +5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO +LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU= +=WaXC +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:20.bsnmp Security Advisory + The FreeBSD Project + +Topic: Insufficient message length validation in bsnmp library + +Category: contrib +Module: bsnmp +Announced: 2019-08-06 +Credits: Guido Vranken <guidovranken@gmail.com> +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-06 16:11:16 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:12:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 16:12:43 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:12:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:12:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5610 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The bsnmp software library is used for the Internet SNMP (Simple Network +Management Protocol). As part of this it includes functions to handle ASN.1 +(Abstract Syntax Notation One). + +II. Problem Description + +A function extracting the length from type-length-value encoding is not +properly validating the submitted length. + +III. Impact + +A remote user could cause, for example, an out-of-bounds read, decoding of +unrelated data, or trigger a crash of the software such as bsnmpd resulting +in a denial of service. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch +# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch.asc +# gpg --verify bsnmp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350637 +releng/12.0/ r350646 +stable/11/ r350638 +releng/11.3/ r350646 +releng/11.2/ r350646 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5610>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1lfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKtBBAAltxFzxuMqWCgJoL9SemLRQxGGk0hRFdN5b78mgVdk2lfDgVz8U7mVM6v +XbcCa4lIy7wMYpUdEySAZLR2ENt0xdpx7oQ6lAg5fnnvrUvom4wU9ruxEs5txFVL +K6RaJnQJyOkI2c/LYvI/ZYmuc29/Nt3p/DvVe7wq86taoqUufN11MXkrRHgn68N3 +7vewixzWpqH5L/aY2qP1d+Xe3QmHX0IcFqeo4U3/3G4wUGRCfHtaENY4w5eUbCa2 +1Qk0oS9iUdX1IJjM5l1ccoFqsjbcO6vNS337qeYNKhLspXMQPwoS0K0HfB6LKt1D +dCBFoXu/qUFjf3qqbpcqGEFrFPZjlNmC4R0Ngx1rfZ1t1dXbj83NOOE1okd3Gb/V +TPDU/jzwt+/6DE6ryNQpeanPdim83w/j+qeA0UaTyxlbj+oSz1gU9Ckaauf+9peI +GT8TPnrgmFlYg2tkYl4tbq5LtRstPGZYguqEt5SHCxBOg3dxByMPzikSFUL9oNxS +9GX7JZT36J20f62hG8Watp2y3W0QsMjJpxF9OojRU6B15Z4Q2aCht4F6DnvEkVfN +1GvS5NAHPHU09TniSgYK3ThkoYrLYykhsXPmJmETV7DU1Qhny1p8H0NwIwB20DEm +AOAcYzLhiXHGpniE5y+MT9Pvt3BDBt36k6WgZ4eZ4RWuzGOumiU= +=rH6X +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:21.bhyve Security Advisory + The FreeBSD Project + +Topic: Insufficient validation of guest-supplied data (e1000 device) + +Category: core +Module: bhyve +Announced: 2019-08-06 +Credits: Reno Robert +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-05 22:04:16 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:13:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-05 22:04:16 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:13:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:13:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5609 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +bhyve(8) is a hypervisor that supports running a variety of guest operating +systems in virtual machines. bhyve(8) includes an emulated Intel 82545 +network interface adapter ("e1000"). + +II. Problem Description + +The e1000 network adapters permit a variety of modifications to an Ethernet +packet when it is being transmitted. These include the insertion of IP and +TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation +offload ("TSO"). The e1000 device model uses an on-stack buffer to generate +the modified packet header when simulating these modifications on transmitted +packets. + +When TCP segmentation offload is requested for a transmitted packet, the +e1000 device model used a guest-provided value to determine the size of the +on-stack buffer without validation. The subsequent header generation could +overflow an incorrectly sized buffer or indirect a pointer composed of stack +garbage. + +III. Impact + +A misbehaving bhyve guest could overwrite memory in the bhyve process on the +host. + +IV. Workaround + +Only the e1000 device model is affected; the virtio-net device is not +affected by this issue. If supported by the guest operating system +presenting only the virtio-net device to the guest is a suitable workaround. +No workaround is available if the e1000 device model is required. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart any affected virtual machines. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch +# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch.asc +# gpg --verify bhyve.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable virtual machines, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350619 +releng/12.0/ r350647 +stable/11/ r350619 +releng/11.3/ r350647 +releng/11.2/ r350647 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5609>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1xfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL0qA//ZdapXUMl6KuuvtZIveMZgNdMVLYaqB1K8yHXO5udd58fTsH6+Khei0LT +gYGxDEJkHinM1EWy688xE+PSzb9twmEmawW4N4WMhWB9oMoTuLQ5E4Zm9my1TdDh +ducK6Q4GqOojIXJ0LtHDqs9qveAfkgB6L6jmLt/1jpZelLupte3S+bPmI4yta7ge +7k54V9GcN05i7wX2TaZA7H3ROQziW537ZeoRB8BQwt7bekFw2uBfO9s0CWcJZPnG ++0D6QEsRqbtYMJr5RkUCc1y4qaqnWBBn/Zyyr0P+bXZklU/IW2GJTDWNObXN7DPE +NOhuVY7PQHN6jv3u+nKa1AY7mjI3zBo009iAfPQFCb9Kn08tJ2A9WrExEMwZdcbI +nXVqCRdp7xCSPO73vjNv4btzvAU7iwbaBkpGFs721cH72ImvmXi7TwepPEAul0do +VwKYMxhStZtoDQhEea1eq41KNvqxmA/mkbEjpKcTZCUJq7xVyV4uaVme3Uq45uaa +mKMWx+Gg09A2Y5NfSCiz9AGuMkIGn05hKIOK39yAG159uTks60Ybsw/bOnE9WnMJ +5igcI+U6utIMi2M6nH4rn/wKBYM9cHWmQLfo6kECUi2CCTmR5VL8BTJ/8vHCqXi1 +vCcAPacKYAROsvGQyynSVLiXJAXOrc8/VyoXRHC5cAapVeParcw= +=0XzG +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:14/epoch.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:14/epoch.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,87 @@ +--- sys/kern/subr_epoch.c.orig ++++ sys/kern/subr_epoch.c +@@ -325,24 +325,20 @@ + */ + critical_enter(); + thread_unlock(td); +- owner = turnstile_lock(ts, &lock); +- /* +- * The owner pointer indicates that the lock succeeded. Only +- * in case we hold the lock and the turnstile we locked is still +- * the one that curwaittd is blocked on can we continue. Otherwise +- * The turnstile pointer has been changed out from underneath +- * us, as in the case where the lock holder has signalled curwaittd, +- * and we need to continue. +- */ +- if (owner != NULL && ts == curwaittd->td_blocked) { +- MPASS(TD_IS_INHIBITED(curwaittd) && TD_ON_LOCK(curwaittd)); +- critical_exit(); +- turnstile_wait(ts, owner, curwaittd->td_tsqueue); +- counter_u64_add(turnstile_count, 1); +- thread_lock(td); +- return; +- } else if (owner != NULL) ++ ++ if (turnstile_lock(ts, &lock, &owner)) { ++ if (ts == curwaittd->td_blocked) { ++ MPASS(TD_IS_INHIBITED(curwaittd) && ++ TD_ON_LOCK(curwaittd)); ++ critical_exit(); ++ turnstile_wait(ts, owner, ++ curwaittd->td_tsqueue); ++ counter_u64_add(turnstile_count, 1); ++ thread_lock(td); ++ return; ++ } + turnstile_unlock(ts, lock); ++ } + thread_lock(td); + critical_exit(); + KASSERT(td->td_locks == locksheld, +--- sys/kern/subr_turnstile.c.orig ++++ sys/kern/subr_turnstile.c +@@ -566,14 +566,15 @@ + return (ts); + } + +-struct thread * +-turnstile_lock(struct turnstile *ts, struct lock_object **lockp) ++bool ++turnstile_lock(struct turnstile *ts, struct lock_object **lockp, ++ struct thread **tdp) + { + struct turnstile_chain *tc; + struct lock_object *lock; + + if ((lock = ts->ts_lockobj) == NULL) +- return (NULL); ++ return (false); + tc = TC_LOOKUP(lock); + mtx_lock_spin(&tc->tc_lock); + mtx_lock_spin(&ts->ts_lock); +@@ -580,10 +581,11 @@ + if (__predict_false(lock != ts->ts_lockobj)) { + mtx_unlock_spin(&tc->tc_lock); + mtx_unlock_spin(&ts->ts_lock); +- return (NULL); ++ return (false); + } + *lockp = lock; +- return (ts->ts_owner); ++ *tdp = ts->ts_owner; ++ return (true); + } + + void +--- sys/sys/turnstile.h.orig ++++ sys/sys/turnstile.h +@@ -100,7 +100,8 @@ + struct turnstile *turnstile_trywait(struct lock_object *); + void turnstile_unpend(struct turnstile *); + void turnstile_wait(struct turnstile *, struct thread *, int); +-struct thread *turnstile_lock(struct turnstile *, struct lock_object **); ++bool turnstile_lock(struct turnstile *, struct lock_object **, ++ struct thread **); + void turnstile_unlock(struct turnstile *, struct lock_object *); + void turnstile_assert(struct turnstile *); + #endif /* _KERNEL */ Added: head/share/security/patches/EN-19:14/epoch.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:14/epoch.patch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt2lfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLIBg//ekpEak+WE5KSx7vvkel/UzUPtLMDHdcgb6w4xps5I0/jvbjGLp0JuNsW +Tj73NBDA3KkzTlZSaus38yauUzq8Io6Q11/6ovI15TR58V6R35RSDnI2Df9ML0Wg +GcTnm1bTYbJ1TADQtILO6hxCNR1rvHcj0GycT8NGRNFSerNAhpF+YfMba+Tc3rOU +BeOacXDr8WCTgpa46nltcKE7Qmov2JdMS4yMH21KqXSU3ZCnwHZK+pWthPbeAVyO +NzsRPDn9PKp6sYVc5t7BE5Vn3cg76QNYZBNrHcHJNxhJ1IXOyL/SWg1j3zeiOygp +lDxZPja+mKXerEALBdGVfr/eg1ZeySlKRdETezCuzKnUSMbrQEVGL4pgaPepBCg6 +eGa6PRiwVz+y93w1UpVl8aDOTr/u2O/LeRZX5lLBSa4nBp7sOLilzbDQNsgHWXCX +R4G72PnAkPNwA158u+/vvz1moLWggVeO8edjKNEwiH/i2gyNllXFOtG1TuBL1+EV +T8ySrByEJ/0/Hq+prZCr7ELry+EZcnaag6+Jg29bfxMOK8RAfjqFHgmtSzblWllg +RCTr6Wttw85XcAKYwTXR9CwBf7yuIJb3taMp7XXHljjaMAvQIybRiHphwZSFOh1q +mktgzP1Yp/CdUw8BKFR1cbB5kkQY6Ezq1XTUDH3qebdWLpTqizI= +=Wj+f +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:15/libunwind.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:15/libunwind.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,13 @@ +--- contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp.orig ++++ contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp +@@ -68,7 +68,9 @@ + ehHdrInfo.eh_frame_ptr = + addressSpace.getEncodedP(p, ehHdrEnd, eh_frame_ptr_enc, ehHdrStart); + ehHdrInfo.fde_count = +- addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart); ++ fde_count_enc == DW_EH_PE_omit ++ ? 0 ++ : addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart); + ehHdrInfo.table = p; + } + Added: head/share/security/patches/EN-19:15/libunwind.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:15/libunwind.patch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt25fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJ1hw/+I2Gj+htbN2MhOodcLa4e4LsgxP9rGW9NZw3F9MbjgDNlVnlVLXrvyKjB +sCBuzLWGWMPkrhyh8zkHTHBq+0An3dCPk5LW5jHy6k31mofL8Jj7SyqQVigK93BN +24NcJP51ScUV0sBrhArd2We1bqmVWXsw0ZZYwm0iHVNFqaxJ1+kkvcw4KQmer+/d +E8+bCKszDyPU3rVVlb6OIsXhMrLgW8Qu0LDP9Ym6qNsfXIGwpFhrtuG1OUiSLiT8 +lnDpB9x5tDYTBVv9//XVZinoTQY4aJ/IcMdK8B7TS2CTyjCL+n+xXgW3bj0u8zKE +gNoxFwH8JNg3srVSelvEkhxGta35JefjIxu0aqD38DHTcyWoqOfdHFcnsQob9SEq +5/afVzFFUutqjfENmYoQ2CvSt3d4GALRGeoNbp0uysIhw1IqIGGuYt5loAYwDApc +4ic6l4bZ+eNXz7GNYBS+CRqHhMdJH5/YxT0UO2uY7Cpd/FtgcM1kHf9xItnL5Kru +cgo35Aw/LWWC5xI1B9ivERtYuQkvQ1KA4wabAhiblA/2bzbEzuc+zB9NDof1nqFp +4BPSYOm8CYYPX8psoKLvxQzeWind1VlJ8NNKQijTmlSsJcR9OjGq5P5KiGYM41X7 +29hUiG8WFFn/3+VglGM6MrGxTCwYTGJ3ry0yFq5LhxDTdH1Yrrg= +=pcMq +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:18/bzip2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:18/bzip2.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,490 @@ +--- contrib/bzip2/CHANGES.orig ++++ contrib/bzip2/CHANGES +@@ -2,8 +2,8 @@ + This file is part of bzip2/libbzip2, a program and library for + lossless, block-sorting data compression. + +- bzip2/libbzip2 version 1.0.6 of 6 September 2010 +- Copyright (C) 1996-2010 Julian Seward <jseward@bzip.org> ++ bzip2/libbzip2 version 1.0.7 of 27 June 2019 ++ Copyright (C) 1996-2010 Julian Seward <jseward@acm.org> + + Please read the WARNING, DISCLAIMER and PATENTS sections in the + README file. +@@ -325,3 +325,16 @@ + Izdebski. + + * Make the documentation build on Ubuntu 10.04 ++ ++1.0.7 (27 Jun 19) ++~~~~~~~~~~~~~~~~~ ++ ++* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908061731.x76HVJHL052544>