Date: Fri, 8 Aug 2025 00:53:58 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: e546c17a0b - main - Add EN-25:12 through EN-25:14 and SA-25:07. Message-ID: <202508080053.5780rwwY009595@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=e546c17a0be3dc9343b06a7ef5910817666743c4 commit e546c17a0be3dc9343b06a7ef5910817666743c4 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2025-08-08 00:53:37 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2025-08-08 00:53:37 +0000 Add EN-25:12 through EN-25:14 and SA-25:07. Approved by: so --- website/data/security/advisories.toml | 4 + website/data/security/errata.toml | 12 + .../security/advisories/FreeBSD-EN-25:12.efi.asc | 130 + .../advisories/FreeBSD-EN-25:13.wlan_tkip.asc | 131 + .../security/advisories/FreeBSD-EN-25:14.route.asc | 133 + .../advisories/FreeBSD-SA-25:07.libarchive.asc | 136 + website/static/security/patches/EN-25:12/efi.patch | 59 + .../static/security/patches/EN-25:12/efi.patch.asc | 16 + .../security/patches/EN-25:13/wlan_tkip.patch | 13 + .../security/patches/EN-25:13/wlan_tkip.patch.asc | 16 + .../static/security/patches/EN-25:14/route.patch | 10 + .../security/patches/EN-25:14/route.patch.asc | 16 + .../security/patches/SA-25:07/libarchive.patch | 38022 +++++++++++++++++++ .../security/patches/SA-25:07/libarchive.patch.asc | 16 + 14 files changed, 38714 insertions(+) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index 103be4c068..298db59a39 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,10 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-25:07.libarchive" +date = "2025-08-08" + [[advisories]] name = "FreeBSD-SA-25:06.xz" date = "2025-07-02" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index c58cf02825..6f9ce70d62 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,18 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-25:14.route" +date = "2025-08-08" + +[[notices]] +name = "FreeBSD-EN-25:13.wlan_tkip" +date = "2025-08-08" + +[[notices]] +name = "FreeBSD-EN-25:12.efi" +date = "2025-08-08" + [[notices]] name = "FreeBSD-EN-25:11.ena" date = "2025-07-02" diff --git a/website/static/security/advisories/FreeBSD-EN-25:12.efi.asc b/website/static/security/advisories/FreeBSD-EN-25:12.efi.asc new file mode 100644 index 0000000000..d33b44ce3a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:12.efi.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:12.efi Errata Notice + The FreeBSD Project + +Topic: bsdinstall(8) not copying the correct loader on systems with + IA32 UEFI firmware. + +Category: core +Module: efi +Announced: 2025-08-08 +Affects: FreeBSD 14.3 +Corrected: 2025-06-16 23:07:25 UTC (stable/14, 14.3-STABLE) + 2025-08-08 00:39:02 UTC (releng/14.3, 14.3-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +bsdinstall(8) checks the machdep.efi_arch sysctl and depending on its value, +it either copies loader.efi or loader_ia32.efi. + +II. Problem Description + +The commit that added the machdep.efi_arch sysctl was not MFCed in time for +releng/14.3, however, the commit that added support for loader_ia32.efi in +bsdinstall(8) was. The result is that bsdinstall(8) always copies loader.efi. + +III. Impact + +bsdinstall(8) copying loader.efi regardless of the firmware's architecture +results in an unbootable system after install for systems which expect a +32-bit UEFI loader. + +IV. Workaround + +loader_ia32.efi can be manually copied to /boot/efi/efi/boot/bootia32.efi +where the EFI boot partition is mounted at /boot/efi. + +Systems which have 64-bit UEFI firmware are unaffected. Non x86 systems are +likewise unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot the system. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:12/efi.patch +# fetch https://security.FreeBSD.org/patches/EN-25:12/efi.patch.asc +# gpg --verify efi.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 0e8890a425bc stable/14-n271710 +releng/14.3/ ce4fe4c4bfcd releng/14.3-n271435 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:12.efi.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVShUACgkQbljekB8A +Gu/B+xAAy3AcOLVmDr4YNs0PXwENZ5Xqg00TYgSXSRl/iA+wk4h7XFcaytdVUgk5 +nX0dLZGTyZoQpmdiX8HsVht95XONfdhwoPxUtWFTY9SWBYh859IjFHTpr8E/MXHH +lAmbs7H0W/lw4Fqm6xs6+esXitaBE2Q3rgl0LFI0BbEfHdGiNz/qWYXR2U+qVAPY +5aiC9tcvRU3pNLLN7XGIophVjL10k1iuwzQeKGDopzBx7qVFklRSDb1oe1BawDYh +jkn+mqzpkgqEIVdgsZSKGO5lpEMCtDwgyA7uIik/QE525oNVpsWfJ/aHbDapB+1P +pFYH/yWpI/eT3DVMnTiNhCBkBcm0pCWJZlLTKcLU19fm8wMxq01H5FqqueBLrh39 +LztN/xnmdpAoG1AytICoV86gbRy4fnCbbbhLOLWhPVfc6q2UyJUHa1LjR3LtSeNG +0f+evVM81IfG0Niynqcy/DEIem0aamFUJhqU6aJISj+aVGd9PRp2JhVllbkiR7H/ +xd3dnEHtLt6wCJh1PlK+3Sa2WuSDDRWo1WCmx1xvUI+5VWl4HL8f+YoQl8aOu0DR +XnpxyAqD+4uTXiQOhf+9HuteoTq9aePbUef5qkSQXXxOtohUL6xvq62Zb1HU6Jbs +ZpGd15oa4o4yJXTu1lEE/D/dSZhtX2rACh+GzEW9vt6lIUZENe0= +=7zQB +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc b/website/static/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc new file mode 100644 index 0000000000..4dfd91e244 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:13.wlan_tkip Errata Notice + The FreeBSD Project + +Topic: net80211 TKIP crypto support fails for some drivers + +Category: core +Module: wlan_tkip +Announced: 2025-08-08 +Credits: Adrian Chadd +Affects: FreeBSD 14.3 +Corrected: 2025-06-10 23:45:16 UTC (stable/14, 14.3-STABLE) + 2025-08-08 00:39:03 UTC (releng/14.3, 14.3-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +In order to support Temporal Key Integrity Protocol (TKIP) on modern wireless +chipsets, the net80211 wireless stack was adjusted to skip certain crypto +operations if a driver indicated that they were already done by hardware. + +II. Problem Description + +One adjustment erroneously changed a default for an operation from opt-in +to opt-out. + +III. Impact + +Older drivers may not pass flags to either opt-in or opt-out and thus +one TKIP operations is no longer executed for them given the changed +default. This leads to non-working wireless connections. + +IV. Workaround + +Users still using TKIP are highly advised to change their Cipher Suite +to CCMP as TKIP is no longer considered secure and has been deprecated +since 2012. + +No other workaround is available. Systems using CCMP are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:13/wlan_tkip.patch +# fetch https://security.FreeBSD.org/patches/EN-25:13/wlan_tkip.patch.asc +# gpg --verify wlan_tkip.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 950343a170f0 stable/14-n271651 +releng/14.3/ a3bd81ddfe29 releng/14.3-n271436 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288009>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:13.wlan_tkip.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSh0ACgkQbljekB8A +Gu9d9BAAhaBGWImVR+mFeKhvJFJ01a47YpxVTyyfJR+Rd+4wF1Z9YZu1OcoZyMMQ +0vSkumjR98NeMFGpH9rZg2D6dJ4JQfvF+MbFlKlQ0QCdD8El++KM3T/S3h9WVXGp +Rs5in2XMxGj36LKNZ43Okmszh/JO6AiSLkfqkt708JiV+8Fff00JugFnU9ulQeDP +k3e5hw68ohS6DS5xrlmuY3yLzySl3PcI8vAp/8fY7cLchhJsPBmoWv87mParj6AG +uIlzJoQMFCVdlv2+e8p6be2Ua68f/qp6i1wgwUzLqLrirPUe74RlnU/+hkGRMYL+ ++tkaPI/Bwdhn1xyybueBuGAJMiHi6iqlvmbORwxaTvuRZr2UTX/piCAMlWaiOlsu +REsVHc3d2bF6GkY7xx1TGYMI/+jx5Y5xrgXrpWZwcf8xzJxkMu+FOpOkzJEmqG3L +oDsvoCAOlck3/8+1R9nWMj36Q8HqhnJTr6axKNi7yRs5KC8BcTxjqM98eNSfurAe +pg818lA6xCEwgbc1M7kcVTAtQbaZUwSCaTbryr9EBBSIudVnsn7ZnrtT/yr/MLk8 +/F4KDaPKXcbWYEPIFwIV0GKkMXVltD4O4cUPO1SSXmxcrMV+9mJ0xlKmQzbCD56y +6eFZsADV0l9mGYMv3LtODycbwAiL36F2JgTiNGLrPJbkAmy9foc= +=uFgf +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:14.route.asc b/website/static/security/advisories/FreeBSD-EN-25:14.route.asc new file mode 100644 index 0000000000..8f3a13f3bc --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:14.route.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:14.route Errata Notice + The FreeBSD Project + +Topic: route(8) monitor buffers too much when redirected to a file + +Category: core +Module: route +Announced: 2025-08-08 +Affects: FreeBSD 14.x +Corrected: 2025-07-21 02:13:16 UTC (stable/14, 14.3-STABLE) + 2025-08-08 00:39:04 UTC (releng/14.3, 14.3-RELEASE-p2) + 2025-08-08 00:39:17 UTC (releng/14.2, 14.2-RELEASE-p5) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +route(8)'s `monitor` command continuously reports routing changes on the system, +which may be used interactively or by other tooling. When a command's output +is redirected to a file, its standard output becomes fully buffered. + +II. Problem Description + +In FreeBSD 14.x, route(8) does not flush its standard output at distinct message +boundaries as it previously did in FreeBSD 13.x and before. As such, it could +appear that no changes are happening on the system when its output has been +redirected to a file. + +III. Impact + +Other programs that rely on `route monitor` are likely to miss changes that +they are expecting to see, unless routing tables/information are changing at +a high frequency. + +IV. Workaround + +Use `stdbuf -oL route monitor` to force the output of `route monitor` to be +line-buffered. See stdbuf(1). Programs watching `route monitor` output are +not incredibly common. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and restart any affected +services. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:14/route.patch +# fetch https://security.FreeBSD.org/patches/EN-25:14/route.patch.asc +# gpg --verify route.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ dd695839efd8 stable/14-n271995 +releng/14.3/ 97f34921d77b releng/14.3-n271437 +releng/14.2/ 168703212b61 releng/14.2-n269531 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278265>; +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275026>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:14.route.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSh8ACgkQbljekB8A +Gu9SKxAAwfW3Ql0ZaqG5aIYJ1FOUBMY/F0p22E9RmO1L8xGpX6m0vzjQUrrCycHq +3Lc+QWg4IpDq9WUvfg3yuslZpRnRa679EVjeR7R/Bo7qgfAEVYVZK52g5L7kukAq +ta9Ufqltrp5UZUkYdfj1k5nROM/SfSROj8opvlwDxdwjzgr0shiY5WUfYTxkTFOA +WNSzxnjB95VLgT9PCRXv2oUvs/4N/vZtLwzxFPkfBsbLOyz0+lDZ/ub5q1tllBfi +QMRrsJ+bxAfjZtD0VutmL1kY0BaialP6/hOqTka+DuGVi3C73mk6+/xlu/ig7RUk +xsaAigN5pdfQpa2UDx+vEVp5OYHIja6rgzlZeIELv1sZLridp8kySygQ7W3k9PED +nQM6rZe4d/sp7REv/wSCK0sC6BEQ5KgZ1l89ChR8BtCb7gVj69A/OU1KoSyUkuAV +Qn8vCVr0zOBXrwlGIgP94R2qhl4smWylynKajjqT6Hgh3k4KRZMJKfFxDAQlUxWf +5m1aHD41O7h92L6IixoVAHQ0E/MtnuV9Pos5lDlDewRvUdSSfT02UahcIOoch860 +NtsFyurxnBOVPtpr92gg1aVx/u4EnP3/2NnMDWwLIM80QvsXOXZ+e6WigBJ3bJxB +FAMdoiMJyi3orwDfxnCuUBOwnnwLtxjd3iw5frZXEa5xJfmKpsA= +=YgHt +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-25:07.libarchive.asc b/website/static/security/advisories/FreeBSD-SA-25:07.libarchive.asc new file mode 100644 index 0000000000..f1242dd39a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-25:07.libarchive.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-25:07.libarchive Security Advisory + The FreeBSD Project + +Topic: Integer overflow in libarchive leading to double free + +Category: contrib +Module: libarchive +Announced: 2025-08-08 +Affects: All supported versions of FreeBSD. +Corrected: 2025-06-19 22:47:34 UTC (stable/14, 14.3-STABLE) + 2025-08-08 00:39:05 UTC (releng/14.3, 14.3-RELEASE-p2) + 2025-08-08 00:39:19 UTC (releng/14.2, 14.2-RELEASE-p5) + 2025-06-20 20:43:32 UTC (stable/13, 13.5-STABLE) + 2025-08-08 00:39:29 UTC (releng/13.5, 13.5-RELEASE-p3) +CVE Name: CVE-2025-5914 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The libarchive(3) library provides a flexible interface for reading and +writing streaming archive files such as tar(1) and cpio(1), and has been the +basis for the FreeBSD implementation of the tar(1) and cpio(1) utilities +since FreeBSD 5.3. + +II. Problem Description + +An integer overflow in the archive_read_format_rar_seek_data() function may +lead to a double free problem. + +III. Impact + +Exploiting a double free vulnerability can cause memory corruption. This in +turn could enable a threat actor to execute arbitrary code. It might also +result in denial of service. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-25:07/libarchive.patch +# fetch https://security.FreeBSD.org/patches/SA-25:07/libarchive.patch.asc +# gpg --verify libarchive.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 6dad4525a291 stable/14-n271728 +releng/14.3/ fb780a82dfbd releng/14.3-n271438 +releng/14.2/ c0979bd2734f releng/14.2-n269532 +stable/13/ f47afeb2ce1e stable/13-n259312 +releng/13.5/ 798b7b161a71 releng/13.5-n259173 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/libarchive/libarchive/pull/2598>; +<URL:https://github.com/advisories/GHSA-7376-x4rm-3v8x>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:07.libarchive.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSiEACgkQbljekB8A +Gu9QGg/9Gri16tBoEsU57UcI3MlbHYGHSXb3Bqs+EgAfxeLjSB58GH1zDUjgjVmT +js6QN6scVbyX4SHQyM4nBw1zn5D7Ejhr/1nrnkbr98YWJn6OZzadp9ANNO2joclx +QBD6Gztk9bCPMPtSyMCTe7yOtvcYWoNzHQfaIU+xdfRmlRFNv/VzaUL/vfGdTF1a ++yJ0BEB0oNLlRpCFayDXpFquxe72Uwc2qaYKd5cuEHNrXoo54KZC7fSH1lJR5ZiH +puPz/mxp3sY/zdWwNvmuFxZTuAIgfLiovV1Hr/UbzyoOfhqtZUuPuXkSS1JQAfuo +9lSd71E8ZB11MSUZ23kfUMO8KMAgt+d47UGHC2v/uU2t9CcSpc7IpO7khZpRGisE +DjwQ0XgMu5Csa7YBB++tulOsESlNqlcVaredBqRaT8h7ClTQ4pNguhkJy+mRm0m1 +3nRYKoG7xejJIArrg+aTu5HboAPGINwbX1m2dOIhI/P6hKCMxoZm4P5ubgxDIXIM +Ofv19plmhEVACSPb+uzEvIke82R51aGyCnVAjORL6fNX5SkZoLZb5VDJTr5F3BdL +90ZOgWpKCwD6r7K65unDA7BuHz/VntNNR0QdxO3+fJk/Bmqo8mykAAU5LO0JmWUw +H4mgUonPalkZag2pYFJpixqV/BPa9tad2xXRfKiFzsRsawfzrJA= +=fwMp +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:12/efi.patch b/website/static/security/patches/EN-25:12/efi.patch new file mode 100644 index 0000000000..cd15bf1b89 --- /dev/null +++ b/website/static/security/patches/EN-25:12/efi.patch @@ -0,0 +1,59 @@ +--- stand/efi/loader/bootinfo.c.orig ++++ stand/efi/loader/bootinfo.c +@@ -447,9 +447,15 @@ + module = *modulep; + file_addmetadata(kfp, MODINFOMD_MODULEP, sizeof(module), &module); + #endif +-#if defined(EFI) && !defined(__i386__) ++#ifdef EFI ++#ifndef __i386__ + file_addmetadata(kfp, MODINFOMD_FW_HANDLE, sizeof(ST), &ST); + #endif ++#if defined(__amd64__) || defined(__i386__) ++ file_addmetadata(kfp, MODINFOMD_EFI_ARCH, sizeof(MACHINE_ARCH), ++ MACHINE_ARCH); ++#endif ++#endif + #ifdef LOADER_GELI_SUPPORT + geli_export_key_metadata(kfp); + #endif +--- sys/amd64/amd64/machdep.c.orig ++++ sys/amd64/amd64/machdep.c +@@ -1691,6 +1691,27 @@ + efi_map_sysctl_handler, "S,efi_map_header", + "Raw EFI Memory Map"); + ++static int ++efi_arch_sysctl_handler(SYSCTL_HANDLER_ARGS) ++{ ++ char *arch; ++ caddr_t kmdp; ++ ++ kmdp = preload_search_by_type("elf kernel"); ++ if (kmdp == NULL) ++ kmdp = preload_search_by_type("elf64 kernel"); ++ ++ arch = (char *)preload_search_info(kmdp, ++ MODINFO_METADATA | MODINFOMD_EFI_ARCH); ++ if (arch == NULL) ++ return (0); ++ ++ return (SYSCTL_OUT_STR(req, arch)); ++} ++SYSCTL_PROC(_machdep, OID_AUTO, efi_arch, ++ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, ++ efi_arch_sysctl_handler, "A", "EFI Firmware Architecture"); ++ + void + spinlock_enter(void) + { +--- sys/x86/include/metadata.h.orig ++++ sys/x86/include/metadata.h +@@ -34,6 +34,7 @@ + #define MODINFOMD_EFI_FB 0x1005 + #define MODINFOMD_MODULEP 0x1006 + #define MODINFOMD_VBE_FB 0x1007 ++#define MODINFOMD_EFI_ARCH 0x1008 + + struct efi_map_header { + uint64_t memory_size; diff --git a/website/static/security/patches/EN-25:12/efi.patch.asc b/website/static/security/patches/EN-25:12/efi.patch.asc new file mode 100644 index 0000000000..ac25268b3a --- /dev/null +++ b/website/static/security/patches/EN-25:12/efi.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVShwACgkQbljekB8A +Gu96qRAAw0SdIOM6CoKh6R91MNsbA4wBL4TtrlBG8pPBDkhP8N1zn3hYOFu10MA8 +hEMB08WdHm6ruLG8Hlb7toVIvs2xM83CUZnywDvAHryuCZ81/JrzPU7MKJCAhz8/ +wqhGN56qsn9R7jSNYS4KgGSZlK+742OJD9hRgbUQ57ZRlpN0/VLRovTPQ9KPVPEG +OaNKZh4vcAKjIYHpLmKdtKnM7BY7Ep4r9ZUfIck147PiV1T6b4eC/k4ZjIXnKLX5 +EfxB93r7DaOYSsyBI8IDMMyJFD7JcsWWzacoOoLqak0YciuaJAFFObJ8r5EpOIH/ +YfC0r+siD4tL+RYd4DlSNdB9xLhLA9tGQ4x1IMJspMj0vXb2QY+docgUG6QUzqCI +cUaZSm7kWnyELir4NfYHocpRZP8dTQzB0kLkXCz8DY8crhhhMEwfLBKoz7j7mMTL +d+M5cSNqwbHRrSC1DG9BrC8r4LWmZ7Rtbj90sTtcTCv9Ue5K4TOW9+h8p08LpSHk +p93Jp7SQxy8qniaANnciXgjXS48HlReWL1GbFXI372M01qNAxdP3ZysvUpm9OKuV +KEyYsyhe+324fKKtEhq5hSJD3eyCycih3eN9/VCDOQqKEnfG4Y9+Mch7MiQt3Z3i +1Nc+Ri9sUgpE3fXMa/OEapu6CX9QLUSkLwsscP/wIRvasbX1qQw= +=rniG +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:13/wlan_tkip.patch b/website/static/security/patches/EN-25:13/wlan_tkip.patch new file mode 100644 index 0000000000..b26adf8fb6 --- /dev/null +++ b/website/static/security/patches/EN-25:13/wlan_tkip.patch @@ -0,0 +1,13 @@ + sys/net80211/ieee80211_crypto_tkip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +--- sys/net80211/ieee80211_crypto_tkip.c.orig ++++ sys/net80211/ieee80211_crypto_tkip.c +@@ -370,7 +370,7 @@ + /* + * Strip the ICV if hardware has not done so already. + */ +- if (rxs != NULL && (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0) ++ if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0) + m_adj(m, -tkip.ic_trailer); + + return 1; diff --git a/website/static/security/patches/EN-25:13/wlan_tkip.patch.asc b/website/static/security/patches/EN-25:13/wlan_tkip.patch.asc new file mode 100644 index 0000000000..a757c7505d --- /dev/null +++ b/website/static/security/patches/EN-25:13/wlan_tkip.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSh4ACgkQbljekB8A +Gu/8XxAAyLbpO5IQL14hklDvN8E6jJb3+71TG5cH7e8mTPMQ0hFVer9CrWIxm8JC +QqWYHOxV+ahuopQOcQz8Km1jJGB88gLTPNsyD1V8KF37HIfsXpuM8pKV2UuJaU9w +TzlYflsfL4OTgKhqgplPG4rdo5na1G+UoslScpX+0rm8EhpZCtd4w5TNOKOuQI5f +nnNPjGboFfudzlTJF19bZlZzJJoHSeQHpqNYi/ZBeRMzhHYlKLvpDATW3j31tklL +GM04iT2Rlrco2BB7WBiftn2te6Ok/3Zv7UVyqSUPdi/v+pNmn5BuXE2+8bNrKP84 +OomUsh5dfw1E/J2cb+Wh0J7nExUa9RtbSFXqVlZgLyos5DIDQ6wDuuMNTcOFhPnJ +mvIkDrfBLPS8pWWSPEuajaPvtG3BkKy5JiK0pxfJlvx6MA7DA0myhBAjm27n5sxb +r+18h2ra9umZzvIxBzs3qTnxo/1V//J2C/B1EuoR2oBU532mk5CooZQuBbzUQ+5P +EsqzMGBUf2Q+h9V6Jr87hdLgMCc33yNlNgQSpNq4QIKx42l0SSNaQhc4RRfs8fR/ +gRCC+Xx9Fdzx7FNvnQMJV8F6TxDDfetM4oh6FaGlCFBosVJJxPMlz8XFecgwi0q4 +rKhYthBbfc5wCGIWhnYvP7xWB/dZ9nbNcU6RKGhNu8UJi0Luf/c= +=np7v +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:14/route.patch b/website/static/security/patches/EN-25:14/route.patch new file mode 100644 index 0000000000..fcdde605ba --- /dev/null +++ b/website/static/security/patches/EN-25:14/route.patch @@ -0,0 +1,10 @@ +--- sbin/route/route_netlink.c.orig ++++ sbin/route/route_netlink.c +@@ -733,6 +733,7 @@ + print_nlmsg_generic(h, hdr, cinfo); + } + ++ fflush(stdout); + snl_clear_lb(&h->ss_cmd); + } + diff --git a/website/static/security/patches/EN-25:14/route.patch.asc b/website/static/security/patches/EN-25:14/route.patch.asc new file mode 100644 index 0000000000..2921d98028 --- /dev/null +++ b/website/static/security/patches/EN-25:14/route.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSiAACgkQbljekB8A +Gu+bhQ//VsSVSQD09d5QSCn36S0WaBsCDN2NbeROFoh59GBgj2PJtErMd7FhISpA +eAKk55yJ42irIRCPRZtozWg2UWoiBKb43kHzZqdmW1SAPKHP4BQOmTiM7X033qiD +yzap8t2R2kniBta8fzfYnC+m2V5wXc9ObQnsQCk1kNV6+b/9fFjQBrsLGRrRmM0S +t8gI+tpG5peIKnTs+SyCqHNaTu+GzHJY2ZfEMylrTK+IU1JMR1taw+a8TAPKVhth +REciSl3Pj3X9v8rsuATkW+V0RFnRwd8XOBWJoZt+sgK61B9pwcIvC5yiXZcYiPUJ +vmAkSiDJDisgmB+T1o/ZHAuxBz8CbifP4rHC0h9HJubLzsu1NCFelKPaFhJrVvkl +1YZzN+Oi2mJiKHfg4gNTKjcdMtTSA/AAUt2ZhFk94/oNpxnivs33os+uIg2PNWH3 +iH3Pt6ihEr77gJZ2AYot8RShsQivKRAX3HSsefj7uusLys8ZO8vbrgs/CgBtj/cl +fWCvCIRwq0EOL5WqNQ9YIck3jIASbSAJSkmEhKSw+3c1zSewVirrqONXIvxvGJ5Y +BV4G3LJBQ9EThr03mIuI4clYz6rUHYBIAp5/G1CrYhRUVb0WC4TRGTlGYR0ReuKe +cVLrbVEFJIFy6e9yOMutcMTTyFvGsW86llDLR8oNWoxqP4jyohg= +=f+CH +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-25:07/libarchive.patch b/website/static/security/patches/SA-25:07/libarchive.patch new file mode 100644 index 0000000000..30d2e8d1df --- /dev/null +++ b/website/static/security/patches/SA-25:07/libarchive.patch @@ -0,0 +1,38022 @@ +--- contrib/libarchive/COPYING.orig ++++ contrib/libarchive/COPYING +@@ -20,7 +20,7 @@ + libarchive/mtree.5 + + * The following source files are in the public domain: +- libarchive/archive_getdate.c ++ libarchive/archive_parse_date.c + + * The following source files are triple-licensed with the ability to choose + from CC0 1.0 Universal, OpenSSL or Apache 2.0 licenses: +--- contrib/libarchive/NEWS.orig ++++ contrib/libarchive/NEWS +@@ -1,3 +1,11 @@ ++Jun 01, 2026: libarchive 3.8.1 released ++ ++May 20, 2025: libarchive 3.8.0 released ++ ++Mar 30, 2025: libarchive 3.7.9 released ++ ++Mar 20, 2025: libarchive 3.7.8 released ++ + Oct 13, 2024: libarchive 3.7.7 released + + Sep 23, 2024: libarchive 3.7.6 released +--- contrib/libarchive/README.md.orig ++++ contrib/libarchive/README.md +@@ -85,13 +85,14 @@ + * PWB binary cpio + * ISO9660 CD-ROM images (with optional Rockridge or Joliet extensions) + * ZIP archives (with uncompressed or "deflate" compressed entries, including support for encrypted Zip archives) +- * ZIPX archives (with support for bzip2, ppmd8, lzma and xz compressed entries) ++ * ZIPX archives (with support for bzip2, zstd, ppmd8, lzma and xz compressed entries) + * GNU and BSD 'ar' archives + * 'mtree' format + * 7-Zip archives (including archives that use zstandard compression) + * Microsoft CAB format + * LHA and LZH archives + * RAR and RAR 5.0 archives (with some limitations due to RAR's proprietary status) ++ * WARC archives + * XAR archives + + The library also detects and handles any of the following before evaluating the archive: +@@ -120,15 +121,18 @@ + * PWB binary cpio + * shar archives + * ZIP archives (with uncompressed or "deflate" compressed entries) ++ * ZIPX archives (with bzip2, zstd, lzma or xz compressed entries) + * GNU and BSD 'ar' archives + * 'mtree' format + * ISO9660 format +- * 7-Zip archives ++ * 7-Zip archives (including archives that use zstandard compression) ++ * WARC archives + * XAR archives + + When creating archives, the result can be filtered with any of the following: + + * uuencode ++ * base64 + * gzip compression + * bzip2 compression + * compress/LZW compression +@@ -241,4 +245,3 @@ + appropriate. It has many advantages over other tar formats + (including the legacy GNU tar format) and is widely supported by + current tar implementations. +- +--- /dev/null ++++ contrib/libarchive/build/ci/github_actions/install-macos-dependencies.sh +@@ -0,0 +1,19 @@ ++#!/bin/sh ++set -eux ++ ++# Uncommenting these adds a full minute to the CI time ++#brew update > /dev/null ++#brew upgrade > /dev/null ++ ++# This does an upgrade if the package is already installed ++brew install \ ++ autoconf \ ++ automake \ ++ libtool \ ++ pkg-config \ ++ cmake \ ++ xz \ ++ lz4 \ ++ zstd \ ++ libxml2 \ ++ openssl +--- contrib/libarchive/cpio/cpio.c.orig ++++ contrib/libarchive/cpio/cpio.c +@@ -1206,7 +1206,7 @@ + else + strcpy(date, "invalid mtime"); + +- fprintf(out, "%s%3d %-8s %-8s %8s %12s %s", ++ fprintf(out, "%s%3u %-8s %-8s %8s %12s %s", + archive_entry_strmode(entry), + archive_entry_nlink(entry), + uname, gname, size, date, +--- contrib/libarchive/cpio/test/test_format_newc.c.orig ++++ contrib/libarchive/cpio/test/test_format_newc.c +@@ -189,10 +189,10 @@ + gid = from_hex(e + 30, 8); /* gid */ + assertEqualMem(e + 38, "00000003", 8); /* nlink */ + t = from_hex(e + 46, 8); /* mtime */ +- failure("t=%#08jx now=%#08jx=%jd", (intmax_t)t, (intmax_t)now, ++ failure("t=%#08jx now=%#08jx=%jd", (uintmax_t)t, (uintmax_t)now, + (intmax_t)now); + assert(t <= now); /* File wasn't created in future. */ +- failure("t=%#08jx now - 2=%#08jx=%jd", (intmax_t)t, (intmax_t)now - 2, ++ failure("t=%#08jx now - 2=%#08jx=%jd", (uintmax_t)t, (uintmax_t)now - 2, + (intmax_t)now - 2); + assert(t >= now - 2); /* File was created w/in last 2 secs. */ + failure("newc format stores body only with last appearance of a link\n" +@@ -219,7 +219,7 @@ + assert(is_hex(e, 110)); + assertEqualMem(e + 0, "070701", 6); /* Magic */ + assert(is_hex(e + 6, 8)); /* ino */ +-#if defined(_WIN32) && !defined(CYGWIN) ++#if defined(_WIN32) && !defined(__CYGWIN__) + /* Mode: Group members bits and others bits do not work. */ + assertEqualInt(0xa180, from_hex(e + 14, 8) & 0xffc0); + #else +@@ -230,7 +230,7 @@ + assertEqualMem(e + 38, "00000001", 8); /* nlink */ + t2 = from_hex(e + 46, 8); /* mtime */ + failure("First entry created at t=%#08jx this entry created" +- " at t2=%#08jx", (intmax_t)t, (intmax_t)t2); ++ " at t2=%#08jx", (uintmax_t)t, (uintmax_t)t2); + assert(t2 == t || t2 == t + 1); /* Almost same as first entry. */ + assertEqualMem(e + 54, "00000005", 8); /* File size */ + fs = (uint64_t)from_hex(e + 54, 8); +@@ -266,7 +266,7 @@ + #endif + t2 = from_hex(e + 46, 8); /* mtime */ + failure("First entry created at t=%#08jx this entry created at" +- "t2=%#08jx", (intmax_t)t, (intmax_t)t2); ++ "t2=%#08jx", (uintmax_t)t, (uintmax_t)t2); + assert(t2 == t || t2 == t + 1); /* Almost same as first entry. */ + assertEqualMem(e + 54, "00000000", 8); /* File size */ + fs = (uint64_t)from_hex(e + 54, 8); +@@ -300,7 +300,7 @@ + assertEqualMem(e + 38, "00000003", 8); /* nlink */ + t2 = from_hex(e + 46, 8); /* mtime */ + failure("First entry created at t=%#08jx this entry created at" +- "t2=%#08jx", (intmax_t)t, (intmax_t)t2); ++ "t2=%#08jx", (uintmax_t)t, (uintmax_t)t2); + assert(t2 == t || t2 == t + 1); /* Almost same as first entry. */ + assertEqualInt(10, from_hex(e + 54, 8)); /* File size */ + fs = (uint64_t)from_hex(e + 54, 8); +--- contrib/libarchive/cpio/test/test_option_a.c.orig ++++ contrib/libarchive/cpio/test/test_option_a.c +@@ -52,7 +52,7 @@ + * #ifdef this section out. Most of the test below is + * still valid. */ + memset(×, 0, sizeof(times)); +-#if defined(_WIN32) && !defined(CYGWIN) ++#if defined(_WIN32) && !defined(__CYGWIN__) + times.actime = 86400; + times.modtime = 86400; + #else +--- contrib/libarchive/cpio/test/test_option_c.c.orig ++++ contrib/libarchive/cpio/test/test_option_c.c +@@ -18,7 +18,7 @@ + return (1); + } + +-static long long int ++static unsigned long long int + from_octal(const char *p, size_t l) + { + long long int r = 0; +@@ -117,7 +117,7 @@ + gid = (int)from_octal(e + 30, 6); + assertEqualMem(e + 36, "000001", 6); /* nlink */ + failure("file entries should not have rdev set (dev field was 0%o)", +- dev); ++ (unsigned int)dev); + assertEqualMem(e + 42, "000000", 6); /* rdev */ + t = from_octal(e + 48, 11); /* mtime */ + assert(t <= now); /* File wasn't created in future. */ +@@ -133,7 +133,7 @@ + assert(is_octal(e, 76)); /* Entire header is octal digits. */ + assertEqualMem(e + 0, "070707", 6); /* Magic */ + assertEqualInt(dev, from_octal(e + 6, 6)); /* dev */ +- assert(ino != from_octal(e + 12, 6)); /* ino */ ++ assert(ino != (int)from_octal(e + 12, 6)); /* ino */ + #if !defined(_WIN32) || defined(__CYGWIN__) + /* On Windows, symbolic link and group members bits and + * others bits do not work. */ *** 37852 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202508080053.5780rwwY009595>