diff options
author | Renato Botelho <renato@netgate.com> | 2016-07-26 10:02:40 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-07-26 10:02:40 -0300 |
commit | 3aafa4252efbb84e0797340dedf426616ea050ff (patch) | |
tree | 86cd3d2b7d616930ac7cb43b92d47373e5343c04 | |
parent | 7307492dde2abb993381ae1d139aa23199919593 (diff) | |
parent | 3a81e075fa773707432d8e3f71cbc9348670536e (diff) | |
download | FreeBSD-src-3aafa4252efbb84e0797340dedf426616ea050ff.zip FreeBSD-src-3aafa4252efbb84e0797340dedf426616ea050ff.tar.gz |
Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3
-rw-r--r-- | UPDATING | 8 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 | ||||
-rw-r--r-- | usr.sbin/freebsd-update/freebsd-update.sh | 2 |
4 files changed, 14 insertions, 2 deletions
@@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p6 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p5 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index b0022a6..ed9a2fa 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index d2af3ca..92bc75b 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index 9fcc012..cac7091 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -1250,7 +1250,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi |