diff options
| author | Xin LI <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
| commit | 3ace7cd42a3aedf152e9a3822bca4dfc9c7cd27c (patch) | |
| tree | 6059b9eacf94d21117757e7a95274c38d0f5f05c | |
| parent | fea4cba0ec1a17957b5bac4a059f519c1e53e372 (diff) | |
| download | src-3ace7cd42a3aedf152e9a3822bca4dfc9c7cd27c.tar.gz src-3ace7cd42a3aedf152e9a3822bca4dfc9c7cd27c.zip | |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
Notes
Notes:
svn path=/releng/10.2/; revision=303304
| -rw-r--r-- | UPDATING | 8 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 | ||||
| -rw-r--r-- | usr.sbin/freebsd-update/freebsd-update.sh | 2 |
4 files changed, 14 insertions, 2 deletions
@@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p20 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p19 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 78a6c2836653..e5ddab81e34c 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.2" -BRANCH="RELEASE-p19" +BRANCH="RELEASE-p20" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index d2af3ca869a2..92bc75b63d25 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index 19d519881e79..e7e464cfb03c 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -1245,7 +1245,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi |