diff options
| author | delphij <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
| commit | 4a1b8f189df8bf0ef8ec7f20254e4f018196fc85 (patch) | |
| tree | 9f68d20f2ebd64068d4aeb0d8f638af879074167 | |
| parent | 8b05336d05340c5bf523a1781534f98449173e01 (diff) | |
| download | FreeBSD-src-4a1b8f189df8bf0ef8ec7f20254e4f018196fc85.zip FreeBSD-src-4a1b8f189df8bf0ef8ec7f20254e4f018196fc85.tar.gz | |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
| -rw-r--r-- | UPDATING | 8 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 | ||||
| -rw-r--r-- | usr.sbin/freebsd-update/freebsd-update.sh | 2 |
4 files changed, 14 insertions, 2 deletions
@@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160725 p37 FreeBSD-SA-16:25.bspatch + FreeBSD-EN-16:09.freebsd-update + + Fix bspatch heap overflow vulnerability. [SA-16:25] + + Fix freebsd-update(8) support of FreeBSD 11.0 release + distribution. [EN-16:09] + 20160604 p36 FreeBSD-SA-16:24.ntp Fix multiple vulnerabilities of ntp. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 7326ff7..f211a39 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p36" +BRANCH="RELEASE-p37" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index d2af3ca..92bc75b 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index bacdfa7..46004d4 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -1229,7 +1229,7 @@ fetch_metadata_sanity () { # Check that the first four fields make sense. if gunzip -c < files/$1.gz | - grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then + grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then fetch_metadata_bogus "" return 1 fi |
