From owner-svn-doc-head@freebsd.org Wed Aug 5 17:30:29 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9515937C92C; Wed, 5 Aug 2020 17:30:29 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BMJYK3lzPz3dFs; Wed, 5 Aug 2020 17:30:29 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5F8FD19B00; Wed, 5 Aug 2020 17:30:29 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 075HUT9R007300; Wed, 5 Aug 2020 17:30:29 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 075HURbY007286; Wed, 5 Aug 2020 17:30:27 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202008051730.075HURbY007286@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 5 Aug 2020 17:30:27 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54399 - in head/share: security/advisories security/patches/EN-20:16 security/patches/SA-20:21 security/patches/SA-20:22 security/patches/SA-20:23 xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/EN-20:16 security/patches/SA-20:21 security/patches/SA-20:22 security/patches/SA-20:23 xml X-SVN-Commit-Revision: 54399 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Aug 2020 17:30:29 -0000 Author: gordon (src committer) Date: Wed Aug 5 17:30:26 2020 New Revision: 54399 URL: https://svnweb.freebsd.org/changeset/doc/54399 Log: Add EN-20:16 and SA-20:21 through SA-20:23. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-20:16.vmx.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:21.usb_net.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:22.sqlite.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:23.sendmsg.asc (contents, props changed) head/share/security/patches/EN-20:16/ head/share/security/patches/EN-20:16/vmx.patch (contents, props changed) head/share/security/patches/EN-20:16/vmx.patch.asc (contents, props changed) head/share/security/patches/SA-20:21/ head/share/security/patches/SA-20:21/usb_net.11.patch (contents, props changed) head/share/security/patches/SA-20:21/usb_net.11.patch.asc (contents, props changed) head/share/security/patches/SA-20:21/usb_net.12.patch (contents, props changed) head/share/security/patches/SA-20:21/usb_net.12.patch.asc (contents, props changed) head/share/security/patches/SA-20:22/ head/share/security/patches/SA-20:22/sqlite.11.3.patch (contents, props changed) head/share/security/patches/SA-20:22/sqlite.11.3.patch.asc (contents, props changed) head/share/security/patches/SA-20:22/sqlite.11.4.patch (contents, props changed) head/share/security/patches/SA-20:22/sqlite.11.4.patch.asc (contents, props changed) head/share/security/patches/SA-20:22/sqlite.12.1.patch (contents, props changed) head/share/security/patches/SA-20:22/sqlite.12.1.patch.asc (contents, props changed) head/share/security/patches/SA-20:23/ head/share/security/patches/SA-20:23/sendmsg.patch (contents, props changed) head/share/security/patches/SA-20:23/sendmsg.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-20:16.vmx.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:16.vmx.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,126 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:16.vmx Errata Notice + The FreeBSD Project + +Topic: vmx driver packet loss and degraded performance + +Category: core +Module: vmx +Announced: 2020-08-05 +Affects: FreeBSD 12.1 +Corrected: 2020-01-20 22:15:33 UTC (stable/12, 12.1-STABLE) + 2020-08-05 17:09:54 UTC (releng/12.1, 12.1-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +vmx(4) is a driver for the virtualized network interface device used by +VMware. It implements TCP segmentation offload (TSO), a performance +feature which allows the device to perform TCP segmentation immediately +prior to packet transmission, reducing the amount of work required of +the kernel's TCP implementation. + +II. Problem Description + +vmx(4) in FreeBSD 12.1 contains a bug which causes the driver to set up +transmit descriptors incorrectly when performing TSO. + +III. Impact + +With TSO enabled in vmx(4) interfaces, TCP sessions may hang or +experience degraded performance due to packet loss. + +IV. Workaround + +Using ifconfig(8), TSO can be disabled on vmx(4) interfaces by +specifying "-tso". + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:16/vmx.patch +# fetch https://security.FreeBSD.org/patches/EN-20:16/vmx.patch.asc +# gpg --verify vmx.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356932 +releng/12.1/ r363920 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63ZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIe2xAAoGWYRnKtTDRNBwKZSXbXSSrNcNv7rsiPGIqHYjn78ZBRypWFlztLzW8G +eAfo7ffcXDN6PfVrhg2ADKBHfOmghOWHvSEoigV8aT9fgBBvBoFoElmvUdLQjn6o +y5ABUoMbwapXSNDQtGEFi5wtBfomcfpZzxVRNTNzzbPCO3gkG3WZ4/0wiS9TXV34 +SMU2xLIeo0qvBGUfHpqTz+6BfCP/rtMCZ2kx6dIVYguGqBkRxkvJA4q4omEeokWz +XDyE32MdosB8DlmozhL+VDCFAB4k328nbO4kY3czdqOmOQ9krDdB176fHfT/+3Zm +6ogK2JvNNY9vZSeB3sqwSkv4j6B8aSb21bEDTopxF93TwsPO9hkIFC1f1ASH0YYP +TtPli/lsTGy1UdhuURNjgK6c5IuWkgeZpuJdX3UDyxDv+TDk8FvlAyR0R9EPsL3t +MoGKy12dsSF+Nkn6K9hmY9nRRpF6dlgHDpWsGQvJ8j8aw2QciVTU60vE47oM47js +v8KIOliq+OzaPWnL420wR0rjXJo3HIQmdyF1sVpLcFRW26QdJ+0No22qB4BLNr9D +zExolxEAlL/6jsrSwBoZdiHGxzxjFUPJBJojARIP2tZSLRlhGFmNJVnzAoPE5KY5 +HuxyDRcLqY0Rmeycs3pdupYd6ze2ViNbJsry7XY9+zbW15e1qNw= +=/2NI +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:21.usb_net.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:21.usb_net.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:21.usb_net Security Advisory + The FreeBSD Project + +Topic: Potential memory corruption in USB network device drivers + +Category: core +Module: kernel +Announced: 2020-08-05 +Credits: Ilja van Sprundel, IOActive +Affects: All supported versions of FreeBSD. +Corrected: 2020-06-14 05:25:06 UTC (stable/12, 12.1-STABLE) + 2020-08-05 17:11:18 UTC (releng/12.1, 12.1-RELEASE-p8) + 2020-06-14 05:27:37 UTC (stable/11, 11.4-STABLE) + 2020-08-05 17:11:18 UTC (releng/11.4, 11.4-RELEASE-p2) + 2020-08-05 17:11:18 UTC (releng/11.3, 11.3-RELEASE-p12) +CVE Name: CVE-2020-7459 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes a number of USB Ethernet network interface device drivers, +including: + + - smsc(4), supporting SMSC (now Microchip) devices + - muge(4), supporting Microchip devices + - cdceem(4), supporting USB Communication Device Class compatible devices + +II. Problem Description + +A missing length validation code common to these three drivers means that a +malicious USB device could write beyond the end of an allocated network +packet buffer. + +III. Impact + +An attacker with physical access to a USB port and the ability to bring a +network interface up may be able to use a specially crafted USB device to +gain kernel or user-space code execution. + +IV. Workaround + +No workaround is available. Systems with no active (i.e., UP) interface +supported by any of the smsc(4), muge(4), and cdceem(4) drivers are not +vulnerable. + +Exploitation likely requires malicious USB hardware that emulates hardware +supported by one of these device drivers. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.x] +# fetch https://security.FreeBSD.org/patches/SA-20:21/usb_net.12.patch +# fetch https://security.FreeBSD.org/patches/SA-20:21/usb_net.12.patch.asc +# gpg --verify usb_net.12.patch.asc + +[FreeBSD 11.x] +# fetch https://security.FreeBSD.org/patches/SA-20:21/usb_net.11.patch +# fetch https://security.FreeBSD.org/patches/SA-20:21/usb_net.11.patch.asc +# gpg --verify usb_net.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r362166 +releng/12.1/ r363921 +stable/11/ r362167 +releng/11.4/ r363921 +releng/11.3/ r363921 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63dfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIp7g//ZGKbxNKWsYEFXwNbBVbtkWMCQbj0V0TG2NReOsbYYhOolfkErZBpeTHt +iFJr5m3WY21a6ks/8up02HJyZ5oZwFFeMOMF/CKibZuym/8L8XgoU0uh/eHLiTvZ +qRf3p43xegcKgatFPggKA0yewNxMNETHI7BeO6+pkwYFQgb7f9GhM4JzC+DmaX6i +kyGcrnYoZzgKo2BGt65VRbvzucw/Su7wL4JutKhZlXDz7kxFv1gxB8Dqk9BBW9QM +EHejzhMCo6T0doYKLuZnz+SI2a/LOcTuNgR+5RnnxsVziLx+8csMNYy3YVw6JNXe +XC+8aJ7Un8BLKDoNJjoZ/J9IygJoaWgUa9+SH0pAtOeWhrfRUgd74ZZWfhiZkK5U +AXgY46c6Ce28TbEHTWgOAQgXRNB7iJgxVo6mTSnDt8t3YWh4t3g/rjHPKHagTNYC +aCd6gcJewb1Pw/8X/7H1FXRtUleHgMaxQ7ec8V5BwcXSexo4xZfq8qQTUbCuRmDg +4GaF8SondVb1TJxHwfq2wWvFhiwMWnRxwwjY6jkxiIjecc5vtrb2bwRq7nmKWciT +uV0jRj9ttP73ftE/zO94avXCbpCfHXMSpwaJMcs8PH+sHYXNhy0awuIped1ANXlh +E2jrNBW85gyKpnjfcAgECFid3Cu1V1xWo1BCTOWJXQjKi2Gaoa0= +=xbKP +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:22.sqlite.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:22.sqlite.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,159 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:22.sqlite Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in sqlite3 + +Category: contrib +Module: sqlite3 +Announced: 2020-08-05 +Affects: All supported versions of FreeBSD. +Corrected: 2020-06-15 03:10:53 UTC (stable/12, 12.1-STABLE) + 2020-08-05 17:13:08 UTC (releng/12.1, 12.1-RELEASE-p8) + 2020-06-15 03:10:53 UTC (stable/11, 11.4-STABLE) + 2020-08-05 17:13:08 UTC (releng/11.4, 11.4-RELEASE-p2) + 2020-08-05 17:13:08 UTC (releng/11.3, 11.3-RELEASE-p12) +CVE Name: CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, + CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, + CVE-2020-13632 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +SQLite is an SQL database engine in a C library. Programs that link the +SQLite library can have SQL database access without running a separate RDBMS +process. The distribution comes with a standalone command-line access +program (sqlite3) that can be used to administer an SQLite database and which +serves as an example of how to use the SQLite library. + +FreeBSD includes SQLite as a private library for base system usage that is +not generally exposed for third party packages to use. + +II. Problem Description + +Multiple vulnerabilities have been published including improper input +validation (CVE-2020-11655), use after free (CVE-2020-11656, CVE-2020-13630), +integer overflow (CVE-2020-13434), null pointer dereference (CVE-2020-13435, +CVE-2020-13632), and namespace collision (CVE-2020-13631). + +III. Impact + +Malicious SQL statements could crash, hijack processes, or cause data +corruption. + +IV. Workaround + +No workaround is available. The FreeBSD security team is not aware of any +base system components that use SQLite in such a way as to expose these +vulnerabilities to untrusted or remote users, but is updating SQLite out of +an abundance of caution. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch.asc +# gpg --verify sqlite.12.1.patch.asc + +[FreeBSD 11.4] +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch.asc +# gpg --verify sqlite.11.4.patch.asc + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch +# fetch https://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch.asc +# gpg --verify sqlite.11.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r362190 +releng/12.1/ r363922 +stable/11/ r362190 +releng/11.4/ r363922 +releng/11.3/ r363922 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63dfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIJdw/9FSXst26ZsA63KixpJbWMnlzJkSPEPiGQ0SlrfeE7co6qukiAnxKzL9rW +P5ztBbqqcqu/mISIDDRaOp03ex1oAwhYf4cMRCX4v1wZmGfdH6L9s0LwgfFXtT2G +RwucImiAKHwLo7YTxUs54qrSu6gmDUp9u440ac1tVHSEsKzvD557sg4sp248tSZx ++/W667F2xsed4plRvNostfFD1aIbBsgMl0vz4FPZ3dToxrjpeSW+9aHrv6iIgsSA +jheXF/Fol5AABrHrOHc8HbKBsDEsmz/AdwHiX1ngH1dXRRze95YEJy64Ee0C7/Fj +MXlhg3JqctCFXy2e2nTHna5xKd3YW4Gy2b2xquIAg/W9rZRxy1ZwQEOO5R+DyteF +s/YN6oD4jJPsR2uTUMq4Z6q7IKDwb7PT2ncTblxIG7vBs6V6NuM0Yd0cqMdPnEdt +rn7hIaPvvsp3nFYMPhIX9gMRl5K9Vl11BWtfEFv3Egh5c5jA0/LWvMP1DLkpKV8c +lXP5C/cltod7zTAkCk8XxOOCi5fLnP8qPQhAy3etq2dtREMgkHfnIxPSmjqsPgBI +uU4CXW3dDlh9RrsePwls++BItUcueKDUJYBAS98Z+XLxaapjj4R3fYa2ygbyjqno +nprfR9X6QW6MPv0xL9wCTGqwQXrvWxDxlnTPEQ5Ah6eOCKEfWD8= +=nB/p +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:23.sendmsg.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:23.sendmsg.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:23.sendmsg Security Advisory + The FreeBSD Project + +Topic: sendmsg(2) privilege escalation + +Category: core +Module: kernel compat32 +Announced: 2020-08-05 +Credits: m00nbsd working with Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2020-08-05 17:07:13 UTC (stable/12, 12.1-STABLE) + 2020-08-05 17:14:01 UTC (releng/12.1, 12.1-RELEASE-p8) + 2020-08-05 17:08:02 UTC (stable/11, 11.4-STABLE) + 2020-08-05 17:14:01 UTC (releng/11.4, 11.4-RELEASE-p2) + 2020-08-05 17:14:01 UTC (releng/11.3, 11.3-RELEASE-p12) +CVE Name: CVE-2020-7460 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD provides the compat32 subsystem, used to enable execution of 32-bit +binaries on amd64 and other 64-bit platforms. System calls whose parameters +require translation are handled by compat32 before being dispatched to the +native system call handler. + +sendmsg(2) and recvmsg(2) may be used to transmit or receive control messages +whose contents are evaluated by the kernel. Such messages have different +alignment constraints on 32-bit and 64-bit platforms and thus must be translated +by the compat32 subsystem when sendmsg(2) or recvmsg(2) are invoked by a 32-bit +process. + +II. Problem Description + +When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the +control message to be transmitted (if any) into kernel memory, and adjusts +alignment of control message headers. The code which performs this work +contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a +malicious userspace program to modify control message headers after they were +validated by the kernel. + +III. Impact + +The TOCTOU bug can be exploited by an unprivileged malicious userspace program +to trigger privilege escalation. + +IV. Workaround + +i386 and other 32-bit platforms are not vulnerable. + +No workaround is available for amd64 or arm64. Kernels compiled without the +COMPAT_FREEBSD32 option are not vulnerable, but this option is configured in +GENERIC kernels. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:23/sendmsg.patch +# fetch https://security.FreeBSD.org/patches/SA-20:23/sendmsg.patch.asc +# gpg --verify sendmsg.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r363918 +releng/12.1/ r363923 +stable/11/ r363919 +releng/11.4/ r363923 +releng/11.3/ r363923 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63hfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJDxw/+PML4MB46paBDyLvebprXe5Z/FrUN1ybH8YjrJTYFyX+aw8K3hAa2K+PB +kUc3VwbIv0BAylSCgULXdTxx8JKpMnmHcN3Bk8LKdMCvp0gJvkzcAP/a7Kj1EKfY +m04p3/7ka9f7u99n1QX1jnZP2XWEFKOoyWbEJWuDk0+NBW3ICQWqQLoiXaWAS4HD +BrXAqowtyoR1vaMrAjmSyWaFSDFjQeiHw8nxCzRF1E6cKF/rwCt37cnpEGqSCAYi +/ZyB1qy1s67F9hHnZp9+JhffWqUZAuLse8HTWgBG+svpzDrx2gNxE/C/Tui0lYXg +S3akC3DbiySZpP007J8yR5PvytYAbSuECJVVRoC0dukmBabFqSFlacInpfIn363m +fOg1nmq/oRh9MAJzaBKG+N6SD+mP3kvcV9Ad5fOKr4yLQtlwYEYyiN1WbCs0O/ve +fnRIGB9xtibIr1i9IEY7+KNMAH3Di2F0E4ixFPMrBcJiStuZmCTqJRx99QLYtb0G +p9p1bzjPUaWAMDi9mteFu1I+NO836MeLydbCZnSa5KLe+vc1PjP4kSvt6XQ9HFtO +nXMddWxdcus8BmxZ04K5a4WaaSYOiN4e4O72WWuA714io+EWJAEaqleMr7KbYTCv +f1fCmoKxyoFJcHL9z3oOOi5DqrBoFPnE0p/gPGFc8qyTNEbI428= +=tTSr +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-20:16/vmx.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-20:16/vmx.patch Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,11 @@ +--- sys/dev/vmware/vmxnet3/if_vmx.c.orig ++++ sys/dev/vmware/vmxnet3/if_vmx.c +@@ -1320,7 +1320,7 @@ + hdrlen = pi->ipi_ehdrlen + pi->ipi_ip_hlen; + if (pi->ipi_csum_flags & CSUM_TSO) { + sop->offload_mode = VMXNET3_OM_TSO; +- sop->hlen = hdrlen; ++ sop->hlen = hdrlen + pi->ipi_tcp_hlen; + sop->offload_pos = pi->ipi_tso_segsz; + } else if (pi->ipi_csum_flags & (VMXNET3_CSUM_OFFLOAD | + VMXNET3_CSUM_OFFLOAD_IPV6)) { Added: head/share/security/patches/EN-20:16/vmx.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-20:16/vmx.patch.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63dfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKCUg//TowAGFMQ0j1V6uIOnxlUWYu1RsFHqrUjh8QSeZmX8oz0B2IWLVzI8mk3 +9R2n4xUmuEVoF9WAR7gxhWuateUjAi4ksg2RdaFVb0Q2p8bQ6Tk2zj9wF5uy+CEQ +2pL0IzrsBc567CQjdhV8JfsHm0wa6BcZ8Pnr7AVVAUPY78XWdvamMupBxwil9zsC +zKCoxZdZk5xDe3kprWu90K5cdCxvvkJgzkVXZFzunqBbrpsjBlL4O5GQyMsFf4Ri +LJHieGwW6UhIAPYEu6tqTf0LanKbBxr/pgB+lD9b4W6YNSi5rEaPcNuBdCp5A/8L +OJjxXU7AUVRFe1YPP0m8FDonIi/5aEOF9VO6Fx5a3P3FBjpM/7CB34gfEv+ZIsrR +o27P7HhAmOdWw8nii50c9ukvhE66gNf3MglDAP6mB8YnSxHMpu5yqVQiGKjoO5hI +scxrlIDHzYWwc22mEJpZSVuuxMo7pFinKT0WwdNq3tSYpErNT4xvE1OT1ZTkRKB7 +bxWqbay7WGP9YHjq1vBgv9tt/iRB27Q0SsVsmGQchhoZANl03jU4wpO8ygAtRd0K +E13BhfaNQLzdByPQPhDLCflMqFHHC9IxKlHg9lVKb/CtDv52yh8/t21IrBy/iqJY +K5Ivn8GY3xOgCwQa5lXE0RzvMLkt4RjFqV++34jowXPyF9KT0ik= +=4RPg +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:21/usb_net.11.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:21/usb_net.11.patch Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,36 @@ +--- sys/dev/usb/net/if_smsc.c.orig ++++ sys/dev/usb/net/if_smsc.c +@@ -970,7 +970,7 @@ + struct mbuf *m; + struct usb_page_cache *pc; + uint32_t rxhdr; +- uint16_t pktlen; ++ int pktlen; + int off; + int actlen; + +@@ -996,6 +996,9 @@ + /* The frame header is always aligned on a 4 byte boundary */ + off = ((off + 0x3) & ~0x3); + ++ if ((off + sizeof(rxhdr)) > actlen) ++ goto tr_setup; ++ + usbd_copy_out(pc, off, &rxhdr, sizeof(rxhdr)); + off += (sizeof(rxhdr) + ETHER_ALIGN); + rxhdr = le32toh(rxhdr); +@@ -1024,7 +1027,13 @@ + if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); + goto tr_setup; + } +- ++ if (pktlen > m->m_len) { ++ smsc_dbg_printf(sc, "buffer too small %d vs %d bytes", ++ pktlen, m->m_len); ++ if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); ++ m_freem(m); ++ goto tr_setup; ++ } + usbd_copy_out(pc, off, mtod(m, uint8_t *), pktlen); + + /* Check if RX TCP/UDP checksumming is being offloaded */ Added: head/share/security/patches/SA-20:21/usb_net.11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:21/usb_net.11.patch.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63dfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKxGw//bjW21aF/b5zZn8HaB7ZTah8MLuppHhcKzEfy2T3e95MXwd8t/ZYP/1Th +UwTGxO/mWHIZq9Ky6Y7oS1FUifOsbnaMZjQBioF/+dyRBApczitrIfyyVzL7hBFR +u2stVlIPAoNsa+XKKxxo/jRcHR3RAH3OL7nfN4Bt+sd39lkpWyP6rZxfmD/4Xnmv +YirpypsMFLI1APeIgk0OCOCME8ssmp8xa9GNt4nQ5ycBJSrqIU5p9q9jXyedKFUO +zgMf+TWJg8MG4OohmOn7nGXVK2ZVGT5yeW3Q41mqg96kGgV78wGWFYtHas7hBnH3 +aTt/oP2XjFY6VYlqwMSh9cqLgqrb9zg5G18Ip0p6wntPHFOFcUrwIjEXGShX+XPn +U9fwPYz1fRaVrflxLDQMZ9WHB4e8d9fW7wuDUkOcL7/8kMcvEvfU+tFGktstKj9w +pZm1IZ0o51L7IwEY6ZwJ4rx73P9e8A4KrbqZwAdDYcArnSZTkvtFS8KYwral4fP1 +6AfWoyaQijINjb+Jr7jPWn6JHeCSaFF7Vrb4wMtxQ5YL0SnTxqS2zFlrgJ0FNIM6 +YebqXVVKvJT+eQTc+LSxEWe73CYCvur9dksty48KpBbaADpwFqi4nUFFxP4L93If +0AlliNEI0YFu4uKh5EmBpr5wbX8KoTBczjTYoVIilerq4yMXSGc= +=ZUVD +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:21/usb_net.12.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:21/usb_net.12.patch Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,113 @@ +--- sys/dev/usb/net/if_cdceem.c.orig ++++ sys/dev/usb/net/if_cdceem.c +@@ -426,9 +426,10 @@ + struct usb_ether *ue; + struct ifnet *ifp; + struct mbuf *m; +- int actlen, off; + uint32_t computed_crc, received_crc; +- uint16_t pktlen; ++ int pktlen; ++ int actlen; ++ int off; + + off = *offp; + sc = usbd_xfer_softc(xfer); +@@ -442,7 +443,7 @@ + (hdr & CDCEEM_DATA_CRC) ? "valid" : "absent", + pktlen); + +- if (pktlen < ETHER_HDR_LEN) { ++ if (pktlen < (ETHER_HDR_LEN + 4)) { + CDCEEM_WARN(sc, + "bad ethernet frame length %d, should be at least %d", + pktlen, ETHER_HDR_LEN); +@@ -466,6 +467,14 @@ + } + + pktlen -= 4; /* Subtract the CRC. */ ++ ++ if (pktlen > m->m_len) { ++ CDCEEM_WARN(sc, "buffer too small %d vs %d bytes", ++ pktlen, m->m_len); ++ if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); ++ m_freem(m); ++ return; ++ } + usbd_copy_out(pc, off, mtod(m, uint8_t *), pktlen); + off += pktlen; + +@@ -512,7 +521,7 @@ + pc = usbd_xfer_get_frame(xfer, 0); + off = 0; + +- while (off < actlen) { ++ while ((off + sizeof(hdr)) <= actlen) { + usbd_copy_out(pc, off, &hdr, sizeof(hdr)); + CDCEEM_DEBUG(sc, "hdr = %#x", hdr); + off += sizeof(hdr); +--- sys/dev/usb/net/if_muge.c.orig ++++ sys/dev/usb/net/if_muge.c +@@ -1166,9 +1166,9 @@ + struct ifnet *ifp = uether_getifp(ue); + struct mbuf *m; + struct usb_page_cache *pc; +- uint16_t pktlen; + uint32_t rx_cmd_a, rx_cmd_b; + uint16_t rx_cmd_c; ++ int pktlen; + int off; + int actlen; + +@@ -1246,7 +1246,14 @@ + 1); + goto tr_setup; + } +- ++ if (pktlen > m->m_len) { ++ muge_dbg_printf(sc, ++ "buffer too small %d vs %d bytes", ++ pktlen, m->m_len); ++ if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); ++ m_freem(m); ++ goto tr_setup; ++ } + usbd_copy_out(pc, off, mtod(m, uint8_t *), + pktlen); + +--- sys/dev/usb/net/if_smsc.c.orig ++++ sys/dev/usb/net/if_smsc.c +@@ -973,7 +973,7 @@ + struct mbuf *m; + struct usb_page_cache *pc; + uint32_t rxhdr; +- uint16_t pktlen; ++ int pktlen; + int off; + int actlen; + +@@ -999,6 +999,9 @@ + /* The frame header is always aligned on a 4 byte boundary */ + off = ((off + 0x3) & ~0x3); + ++ if ((off + sizeof(rxhdr)) > actlen) ++ goto tr_setup; ++ + usbd_copy_out(pc, off, &rxhdr, sizeof(rxhdr)); + off += (sizeof(rxhdr) + ETHER_ALIGN); + rxhdr = le32toh(rxhdr); +@@ -1027,7 +1030,13 @@ + if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); + goto tr_setup; + } +- ++ if (pktlen > m->m_len) { ++ smsc_dbg_printf(sc, "buffer too small %d vs %d bytes", ++ pktlen, m->m_len); ++ if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); ++ m_freem(m); ++ goto tr_setup; ++ } + usbd_copy_out(pc, off, mtod(m, uint8_t *), pktlen); + + /* Check if RX TCP/UDP checksumming is being offloaded */ Added: head/share/security/patches/SA-20:21/usb_net.12.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:21/usb_net.12.patch.asc Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl8q63dfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK/Rw/9EPrYfgoU/y0Qjp45sx8QyLcTrWasG2pwQT1PJZjes/KviQzy821uTtZG +fJqsAECKUf1Tkr3iKUzfHXFbTEb+oZgm2wbTzeqTSkzEDxd/psRJlA5D6tWk2sN6 +Ws4FzKSzMSM6YVreT0ITm7hwIV1qW1KcN7pjy3YQZtwrK6vYDV5MFB7qHdPe6uLF +hXofqIrw2pyiH7Z6Ok1cIgPqdBVV6t2xpU0daRGSSFIEAoguS2J+tUs8NsjWh1wf +Ihu7o185Z54q4u91vWTYTqBFe1rXmDX6GQgS1qIV3z43woHRy5otedolQBDpPCqz +mcNbITrDkU/ngx9UorJqyD6+hNuo73Px6Qyz0szGlpHeCupAbhCTt/vKj9FGcN+p +q9on5FlGJiZ5KK0JBixzAzTLpjxVyTSEypaOLtTrgNhWcJBL6o0GQqLp+9lv2M9A +x7CfVrrs75H1P44fZnVIr46evxq+I1Si6VCaVtamdQQqz5voawyjhgX7nwsw0gts +BicZVomn+b9EBH2kCIEa20CXIVE76F891JTBBcuasE2+aRI83NTnNfKiBRvizueE +I7BuZfOxm8+lE0A790sA+TbIaNpPZolRWdsV205IKrjDEo0VluJwrdQalUZ7pAxA +IZ07rDKbswFKGLxitlnOL4zWv2xsOKPGh+HcI5gUHGbChTSaH8g= +=pBal +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:22/sqlite.11.3.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:22/sqlite.11.3.patch Wed Aug 5 17:30:26 2020 (r54399) @@ -0,0 +1,47236 @@ +--- contrib/sqlite3/Makefile.msc.orig ++++ contrib/sqlite3/Makefile.msc +@@ -73,7 +73,7 @@ + !IFNDEF NO_WARN + !IF $(USE_FULLWARN)!=0 + NO_WARN = -wd4054 -wd4055 -wd4100 -wd4127 -wd4130 -wd4152 -wd4189 -wd4206 +-NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4305 -wd4306 -wd4702 -wd4706 ++NO_WARN = $(NO_WARN) -wd4210 -wd4232 -wd4244 -wd4305 -wd4306 -wd4702 -wd4706 + !ENDIF + !ENDIF + +@@ -196,6 +196,7 @@ + DEBUG = 0 + !ENDIF + ++ + # Enable use of available compiler optimizations? Normally, this should be + # non-zero. Setting this to zero, thus disabling all compiler optimizations, + # can be useful for testing. +@@ -210,6 +211,12 @@ + SESSION = 0 + !ENDIF + ++# Set this to non-0 to enable support for the rbu extension. ++# ++!IFNDEF RBU ++RBU = 0 ++!ENDIF ++ + # Set the source code file to be used by executables and libraries when + # they need the amalgamation. + # +@@ -282,7 +289,7 @@ + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_STMTVTAB=1 + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DBPAGE_VTAB=1 + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DBSTAT_VTAB=1 +-OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_INTROSPECTION_PRAGMAS=1 ++OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_BYTECODE_VTAB=1 + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_DESERIALIZE=1 + !ENDIF + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_COLUMN_METADATA=1 +@@ -296,6 +303,13 @@ + OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_PREUPDATE_HOOK=1 + !ENDIF + ++# Should the rbu extension be enabled? If so, add compilation options ++# to enable it. ++# ++!IF $(RBU)!=0 ++OPT_FEATURE_FLAGS = $(OPT_FEATURE_FLAGS) -DSQLITE_ENABLE_RBU=1 ++!ENDIF ++ + # These are the "extended" SQLite compilation options used when compiling for + # the Windows 10 platform. + # +@@ -978,7 +992,7 @@ + sqlite3.def: Replace.exe $(LIBOBJ) + echo EXPORTS > sqlite3.def + dumpbin /all $(LIBOBJ) \ +- | .\Replace.exe "^\s+/EXPORT:_?(sqlite3(?:session|changeset|changegroup|rebaser)?_[^@,]*)(?:@\d+|,DATA)?$$" $$1 true \ ++ | .\Replace.exe "^\s+/EXPORT:_?(sqlite3(?:session|changeset|changegroup|rebaser|rbu)?_[^@,]*)(?:@\d+|,DATA)?$$" $$1 true \ + | sort >> sqlite3.def + + $(SQLITE3EXE): shell.c $(SHELL_CORE_DEP) $(LIBRESOBJS) $(SHELL_CORE_SRC) $(SQLITE3H) +--- contrib/sqlite3/configure.orig ++++ contrib/sqlite3/configure +@@ -1,6 +1,6 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for sqlite 3.28.0. ++# Generated by GNU Autoconf 2.69 for sqlite 3.32.2. + # + # Report bugs to . + # +@@ -590,8 +590,8 @@ + # Identity of this package. + PACKAGE_NAME='sqlite' + PACKAGE_TARNAME='sqlite' +-PACKAGE_VERSION='3.28.0' +-PACKAGE_STRING='sqlite 3.28.0' ++PACKAGE_VERSION='3.32.2' ++PACKAGE_STRING='sqlite 3.32.2' + PACKAGE_BUGREPORT='http://www.sqlite.org' + PACKAGE_URL='' + +@@ -1341,7 +1341,7 @@ + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures sqlite 3.28.0 to adapt to many kinds of systems. ++\`configure' configures sqlite 3.32.2 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1412,7 +1412,7 @@ + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of sqlite 3.28.0:";; ++ short | recursive ) echo "Configuration of sqlite 3.32.2:";; + esac + cat <<\_ACEOF + +@@ -1537,7 +1537,7 @@ + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-sqlite configure 3.28.0 ++sqlite configure 3.32.2 + generated by GNU Autoconf 2.69 + + Copyright (C) 2012 Free Software Foundation, Inc. +@@ -1952,7 +1952,7 @@ + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by sqlite $as_me 3.28.0, which was ++It was created by sqlite $as_me 3.32.2, which was + generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ +@@ -2818,7 +2818,7 @@ + + # Define the identity of the package. + PACKAGE='sqlite' +- VERSION='3.28.0' ++ VERSION='3.32.2' + + + cat >>confdefs.h <<_ACEOF +@@ -13653,7 +13653,7 @@ + fi + + if test x"$enable_rtree" = "xyes"; then +- BUILD_CFLAGS="$BUILD_CFLAGS -DSQLITE_ENABLE_RTREE" ++ BUILD_CFLAGS="$BUILD_CFLAGS -DSQLITE_ENABLE_RTREE -DSQLITE_ENABLE_GEOPOLY" + fi + #----------------------------------------------------------------------- + +@@ -14438,7 +14438,7 @@ + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by sqlite $as_me 3.28.0, which was ++This file was extended by sqlite $as_me 3.32.2, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -14495,7 +14495,7 @@ + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-sqlite config.status 3.28.0 ++sqlite config.status 3.32.2 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +--- contrib/sqlite3/configure.ac.orig ++++ contrib/sqlite3/configure.ac +@@ -10,7 +10,7 @@ + # + + AC_PREREQ(2.61) +-AC_INIT(sqlite, 3.28.0, http://www.sqlite.org) ++AC_INIT(sqlite, 3.32.2, http://www.sqlite.org) + AC_CONFIG_SRCDIR([sqlite3.c]) + AC_CONFIG_AUX_DIR([.]) + +@@ -161,7 +161,7 @@ + [--enable-rtree], [include rtree support [default=yes]])], + [], [enable_rtree=yes]) + if test x"$enable_rtree" = "xyes"; then +- BUILD_CFLAGS="$BUILD_CFLAGS -DSQLITE_ENABLE_RTREE" ++ BUILD_CFLAGS="$BUILD_CFLAGS -DSQLITE_ENABLE_RTREE -DSQLITE_ENABLE_GEOPOLY" + fi *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***