o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]

o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]

Errata:		FreeBSD-EN-16:02.pf
Errata:		FreeBSD-EN-16:03.yplib
Security:	FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security:	FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security:	FreeBSD-SA-16:03.linux, CVE-2016-1880
Security:	FreeBSD-SA-16:04.linux, CVE-2016-1881
Security:	FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security:	FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by:	so

1 files changed, 6 insertions, 4 deletions

diff --git a/contrib/ntp/libntp/hextolfp.c b/contrib/ntp/libntp/hextolfp.c
index 2bff929..19a93cd 100644
--- a/contrib/ntp/libntp/hextolfp.c
+++ b/contrib/ntp/libntp/hextolfp.c
@@ -37,8 +37,9 @@ hextolfp(
 	while (*cp != '\0' && (cp - cpstart) < 8 &&
 	       (ind = strchr(digits, *cp)) != NULL) {
 		dec_i = dec_i << 4;	/* multiply by 16 */
-		dec_i += ((ind - digits) > 15) ? (ind - digits) - 6
-			: (ind - digits);
+		dec_i += ((ind - digits) > 15)
+			? (u_long)(ind - digits - 6)
+			: (u_long)(ind - digits);
 		cp++;
 	}
 
@@ -51,8 +52,9 @@ hextolfp(
 	while (*cp != '\0' && (cp - cpstart) < 8 &&
 	       (ind = strchr(digits, *cp)) != NULL) {
 		dec_f = dec_f << 4;	/* multiply by 16 */
-		dec_f += ((ind - digits) > 15) ? (ind - digits) - 6
-			: (ind - digits);
+		dec_f += ((ind - digits) > 15)
+			? (u_long)(ind - digits - 6)
+			: (u_long)(ind - digits);
 		cp++;
 	}