aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2016-07-25 15:04:17 +0000
committerXin LI <delphij@FreeBSD.org>2016-07-25 15:04:17 +0000
commit5094663b7917042ee0d0ef7b493e7787a6eaf298 (patch)
tree7033a73957a69c75879fbb375ea2c66ace9c6ced
parentce559d21512bdbb83b7809dcd50e87e5ac407b25 (diff)
downloadsrc-5094663b7917042ee0d0ef7b493e7787a6eaf298.tar.gz
src-5094663b7917042ee0d0ef7b493e7787a6eaf298.zip
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so
Notes
Notes: svn path=/releng/10.3/; revision=303304
-rw-r--r--UPDATING8
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--usr.bin/bsdiff/bspatch/bspatch.c4
-rw-r--r--usr.sbin/freebsd-update/freebsd-update.sh2
4 files changed, 14 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 3febf9f795a1..a033fd0137bb 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,14 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160725 p6 FreeBSD-SA-16:25.bspatch
+ FreeBSD-EN-16:09.freebsd-update
+
+ Fix bspatch heap overflow vulnerability. [SA-16:25]
+
+ Fix freebsd-update(8) support of FreeBSD 11.0 release
+ distribution. [EN-16:09]
+
20160604 p5 FreeBSD-SA-16:24.ntp
Fix multiple vulnerabilities of ntp.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index b0022a6d070c..ed9a2faf304e 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index d2af3ca869a2..92bc75b63d25 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -155,6 +155,10 @@ int main(int argc,char * argv[])
};
/* Sanity-check */
+ if ((ctrl[0] < 0) || (ctrl[1] < 0))
+ errx(1,"Corrupt patch\n");
+
+ /* Sanity-check */
if(newpos+ctrl[0]>newsize)
errx(1,"Corrupt patch\n");
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
index 9fcc01214755..cac709198b0a 100644
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -1250,7 +1250,7 @@ fetch_metadata_sanity () {
# Check that the first four fields make sense.
if gunzip -c < files/$1.gz |
- grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then
+ grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
fetch_metadata_bogus ""
return 1
fi