summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2016-07-25 15:04:17 +0000
committerdelphij <delphij@FreeBSD.org>2016-07-25 15:04:17 +0000
commit3a81e075fa773707432d8e3f71cbc9348670536e (patch)
tree7033a73957a69c75879fbb375ea2c66ace9c6ced
parent1c978b35b9ee5349b17431da32fc8f413549f4ce (diff)
downloadFreeBSD-src-3a81e075fa773707432d8e3f71cbc9348670536e.zip
FreeBSD-src-3a81e075fa773707432d8e3f71cbc9348670536e.tar.gz
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so
-rw-r--r--UPDATING8
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--usr.bin/bsdiff/bspatch/bspatch.c4
-rw-r--r--usr.sbin/freebsd-update/freebsd-update.sh2
4 files changed, 14 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 3febf9f..a033fd0 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160725 p6 FreeBSD-SA-16:25.bspatch
+ FreeBSD-EN-16:09.freebsd-update
+
+ Fix bspatch heap overflow vulnerability. [SA-16:25]
+
+ Fix freebsd-update(8) support of FreeBSD 11.0 release
+ distribution. [EN-16:09]
+
20160604 p5 FreeBSD-SA-16:24.ntp
Fix multiple vulnerabilities of ntp.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index b0022a6..ed9a2fa 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index d2af3ca..92bc75b 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -155,6 +155,10 @@ int main(int argc,char * argv[])
};
/* Sanity-check */
+ if ((ctrl[0] < 0) || (ctrl[1] < 0))
+ errx(1,"Corrupt patch\n");
+
+ /* Sanity-check */
if(newpos+ctrl[0]>newsize)
errx(1,"Corrupt patch\n");
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
index 9fcc012..cac7091 100644
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -1250,7 +1250,7 @@ fetch_metadata_sanity () {
# Check that the first four fields make sense.
if gunzip -c < files/$1.gz |
- grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then
+ grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
fetch_metadata_bogus ""
return 1
fi
OpenPOWER on IntegriCloud