Permalink
Switch branches/tags
hardenedbsd-master-20160531-1 hardenedbsd-master-20160518-1 hardenedbsd-master-20160503-1 hardenedbsd-master-20160501-1 hardenedbsd-master-20160409-1 hardenedbsd-master-20160305-1 hardenedbsd-master-20160213-1 hardenedbsd-master-20160129-1 hardenedbsd-master-20160127-1 hardenedbsd-master-20160114-2 hardenedbsd-master-20160114-1 hardenedbsd-master-20151230-1 hardenedbsd-master-20151225-1 hardenedbsd-master-20151210-1 hardenedbsd-master-20151102-1 hardenedbsd-master-20150930-1 hardenedbsd-master-20150924-1 hardenedbsd-master-20150917-1 hardenedbsd-master-20150825-1 hardenedbsd-master-20150824-1 hardenedbsd-master-20150819-1 hardenedbsd-master-20150806-1 hardenedbsd-master-20150729-1 hardenedbsd-master-20150724-2 hardenedbsd-master-20150724-1 hardenedbsd-master-20150715-1 hardenedbsd-master-20150709-1 hardenedbsd-master-20150706-1 hardenedbsd-master-20150703-1 hardenedbsd-master-20150612-1 hardenedbsd-master-20150607-1 hardenedbsd-master-20150604-2 hardenedbsd-master-20150604-1 hardenedbsd-master-20150603-1 hardenedbsd-master-20150528-1 hardenedbsd-master-20150507-1 hardenedbsd-master-20150503-1 hardenedbsd-master-20150425-1 hardenedbsd-master-20150420-1 hardenedbsd-master-20150418-1 hardenedbsd-master-20150417-1 hardenedbsd-master-20150415-1 hardenedbsd-master-20150408-2 hardenedbsd-master-20150408-1 hardenedbsd-master-20150407-1 hardenedbsd-master-20150404-1 hardenedbsd-master-20150330-1 hardenedbsd-master-20150319-1 hardenedbsd-master-20150318-1 hardenedbsd-master-20150308-1 hardenedbsd-master-20150225-1 hardenedbsd-master-20150222-1 hardenedbsd-master-20150218-1 hardenedbsd-master-20150217-1 hardenedbsd-master-20150212-1 hardenedbsd-master-20150208-1 hardenedbsd-master-20150206-1 hardenedbsd-master-20150205-1 hardenedbsd-master-20150131-2 hardenedbsd-master-20150131-1 hardenedbsd-master-20150128-1 hardenedbsd-master-20150127-1 hardenedbsd-master-20150125-1 hardenedbsd-master-20150123-2 hardenedbsd-master-20150123-1 hardenedbsd-master-20150121-1 hardenedbsd-master-20150116-1 hardenedbsd-master-20150114-1 hardenedbsd-master-20150112-1 hardenedbsd-master-20150110-1 hardenedbsd-master-20150109-2 hardenedbsd-master-20150109-1 hardenedbsd-master-20150108-2 hardenedbsd-master-20150108-1 hardenedbsd-master-20150107-1 hardenedbsd-master-20150105-1 hardenedbsd-master-20150104-1 hardenedbsd-master-20150102-1 hardenedbsd-master-20141226-1 hardenedbsd-master-20141225-1 hardenedbsd-master-20141221-1 hardenedbsd-master-20141219-1 hardenedbsd-master-20141218-1 hardenedbsd-master-20141217-2 hardenedbsd-master-20141217-1 hardenedbsd-master-20141216-1 hardenedbsd-master-20141214-1 hardenedbsd-master-20141211-1 hardenedbsd-master-20141207-1 hardenedbsd-master-20141130-1 hardenedbsd-master-20141129-1 hardenedbsd-master-20141127-1 hardenedbsd-master-20141124-1 hardenedbsd-master-20141123-2 hardenedbsd-master-20141123-1 hardenedbsd-master-20141122-1 hardenedbsd-master-20141119-1 hardenedbsd-master-20141116-1 hardenedbsd-master-20141112-1 hardenedbsd-master-20141111-1
Nothing to show
Commits on May 23, 2016
  1. HBSD: contrib/libarchive: Import CVE-2016-1541 fix

    Sp1l authored and opntr committed May 15, 2016
    From d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 Mon Sep 17 00:00:00 2001
    From: Tim Kientzle <kientzle@acm.org>
    Date: Sun, 24 Apr 2016 17:13:45 -0700
    Subject: [PATCH] Issue #656:  Fix CVE-2016-1541, VU#862384
    
    When reading OS X metadata entries in Zip archives that were stored
    without compression, libarchive would use the uncompressed entry size
    to allocate a buffer but would use the compressed entry size to limit
    the amount of data copied into that buffer.  Since the compressed
    and uncompressed sizes are provided by data in the archive itself,
    an attacker could manipulate these values to write data beyond
    the end of the allocated buffer.
    
    This fix provides three new checks to guard against such
    manipulation and to make libarchive generally more robust when
    handling this type of entry:
     1. If an OS X metadata entry is stored without compression,
        abort the entire archive if the compressed and uncompressed
        data sizes do not match.
     2. When sanity-checking the size of an OS X metadata entry,
        abort this entry if either the compressed or uncompressed
        size is larger than 4MB.
     3. When copying data into the allocated buffer, check the copy
        size against both the compressed entry size and uncompressed
        entry size.
    ---
     libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
     1 file changed, 13 insertions(+)
    
    diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
    index 0f8262c..0a0be96 100644
    
    Signed-off-by: Bernard Spil <bernard.spil@hardenedbsd.org>
    (cherry picked from commit cff1f2c762d233c21cc48b0697c1bc5059e3855a)
    (cherry picked from commit d74d39cb10fc3530e083d021008d1e851a0391f8)
    Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
  2. MFC r299710,r299711,r299763,r299783,r299811:

    ngie-eign committed May 23, 2016
    r299710:
    
    Staticize global variables only used in bsnmpimport.c to fix
    -Wmissing-variable-declarations warnings
    
    r299711:
    
    Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
    
    r299763:
    
    Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
    
    This is a no-op as the malloc above set the size of the buffer to the size used
    below, but this keeps things consistent in case the malloc call changes somehow.
    
    r299783:
    
    Convert tok from enum tok to int32_t in function calls
    
    get_token(..) returns int32_t, not enum tok, and in many cases tests for items
    not in enum tok (e.g. '('). Make the typing consistent with get_token, which
    includes a domino effect of changing enum tok to int32_t.
    
    r299811:
    
    Use strdup instead of malloc + strlcpy
    
    Fix error messages on failure for calloc/strdup
  3. MFC r300005

    DonLewisFreeBSD committed May 23, 2016
    swprintf() and apparently wcsftime() want the their output buffer size
    specified in terms of the the number of wide characters and not
    sizeof(buffer).
    
    Reported by:	Coverity
    CID:		1007605, 1007606
  4. MFC r300002

    DonLewisFreeBSD committed May 23, 2016
    When clearing rtmsg, pass &rtmsg to bzero() instead of the address of
    just the header
    
    Reported by:	Coverity
    CID:		1007568, 1194256
  5. MFC r299712,r299759,r299760,r299761,r299762:

    ngie-eign committed May 23, 2016
    r299712:
    
    Fix some trivial clang/gcc warnings in bsnmptc.c
    
    - By definition, `enum snmp_tc` can't be false (the implied starting sequence
      index for the enum is 0). Don't test for it being < 0.
    - Staticize `struct snmp_text_conv` to mute a -Wmissing-variable-declarations
      warning from clang.
    - Remove set but unused variable, ptr, in parse_bridge_id(..) and
      parse_bport_id(..) to mute warning from gcc 4.9+.
    - Mark value and string unused in snmp_inetaddr2oct(..) and parse_inetaddr(..)
      as they're just stub functions.
    
    r299759:
    
    Use calloc instead of memset(.., 0, ..) + malloc
    
    r299760:
    
    Sort variables in parse_ascii(..) per style(9)
    
    r299761:
    
    parse_ascii: make count size_t to mute a -Wsign-compare issue
    
    count is always unsigned.
    
    r299762:
    
    Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..),
    parse_context(..), and parse_user_security(..).
  6. MFC r299991

    DonLewisFreeBSD committed May 23, 2016
    Don't walk off the end of the array when proto isn't explicitly
    listed above.  Instead update the catch-all "Others" bucket.
    
    Reported by:	Coverity
    CID:		1007571, 1007572
  7. MFC r299988

    DonLewisFreeBSD committed May 23, 2016
    Set ai2 to NULL in in find_host() before the loop and after calling
    freeaddrinfo() on it to indicate that it doesn't point to a valid
    addrinfo list.  This fixes this Coverity issues:
    	1006368 Uninitialized pointer read
    	1018506 Double free
    	1305590 Resource leak
    that can be triggered in the hp->hostname[0] != '\0' case.
    
    Don't treat a character as a boolean.
    
    Fix these Coverity issues:
    	1009293 Unchecked return value from library
    	1194246 Wrong size argument
    by tweaking the status file extend code.
    
    Reported by:	Coverity
    CID:		1006368, 1018506, 1305590, 1009293, 1194246
    Reviewed by:	rmacklem
    Feedback from:	hrs
    Differential Revision:	https://reviews.freebsd.org/D6398
  8. MFC r299249:

    dchagin dchagin
    dchagin authored and dchagin committed May 23, 2016
    Add a forgotten in r283424 .eh_frame section with CFI & FDE records to allow
    stack unwinding through signal handler.
  9. MFC r299659:

    ngie-eign committed May 23, 2016
    Remove unused const variable
  10. MFC r299986

    DonLewisFreeBSD committed May 23, 2016
    Actually use the loop interation limit so carefully computed on the
    previous line to prevent buffer overflow.  This turns out to not be
    important because the upstream xdr code already capped the object
    size at the proper value.  Using the correct limit here looks a lot
    less scary and should please Coverity.
    
    Reported by:	Coverity
    CID:		1199309, 1199310
  11. MFC r299971

    DonLewisFreeBSD committed May 23, 2016
    Fix off by one error that overflowed the rep_len array when doing
    the final NUL termination.
    
    Reported by:	Coverity
    CID:		1007617
  12. MFC r299655:

    ngie-eign committed May 23, 2016
    Add missing prototype for getchar(..)
  13. MFC r299953

    DonLewisFreeBSD committed May 23, 2016
    Fix an off by one error to avoid overflowing rp[].
    
    Reported by:	Coverity
    CID:		1007579
  14. MFC r299952

    DonLewisFreeBSD committed May 23, 2016
    Increase size of argv[] array to avoid running off the end.
    
    Reported by:	Coverity
    CID:		1193819
  15. MFC r299948

    DonLewisFreeBSD committed May 23, 2016
    Set retval in the empty password case to avoid a path through the
    code that fails to set retval before falling through to the final
    return().
    
    Reported by:	emaste
    Reported by:	Coverity
    CID:		1018711
  16. MFC r299654:

    ngie-eign committed May 23, 2016
    Read the contents of the snapshot files properly
    
    - Use fgetln instead of fgets; localize complexity related to fgetln(3)
      inside the loop.
    - Skip over blank lines.
    - Skip over lines (properly) that start with a "#"
  17. MFC r299926

    DonLewisFreeBSD committed May 23, 2016
    Hoist the getpwnam() call outside the first if/else block in
    pam_sm_chauthtok().  Set user = getlogin() inside the true
    branch so that it is initialized for the following PAM_LOG()
    call.  This is how it is done in pam_sm_authenticate().
    
    Reported by:	Coverity
    CID:		272498
  18. MFC r299922

    DonLewisFreeBSD committed May 23, 2016
    Don't call free_addrselectpolicy(&policyhead) before policyhead has been
    initialized.
    
    Reported by:	Coverity
    CID:		1018727
  19. MFC r299897

    DonLewisFreeBSD committed May 23, 2016
    NULL releasedfl after calling deallocate_file_lock() which frees it
    to avoid a use-after-free error in the debuglog() call at the top
    of the loop.
    
    Reported by:	Coverity
    CID:		1006080
  20. MFC r299894

    DonLewisFreeBSD committed May 23, 2016
    pdu_delete(request) frees request, so move the call after
    login_new_response(request) to avoid a use-after-free error
    
    Reported by:	Coverity
    CID:		1331219, 1331220
  21. MFC r299893

    DonLewisFreeBSD committed May 23, 2016
    Don't free fnamebuf before we calling cfgfile_add().  This changes a
    use-after-free error into a minor memory leak.
    
    Reported by:	Coverity
    CID:		1006084
  22. MFC r300305, r300332:

    kostikbel committed May 23, 2016
    Check for overflow and return EINVAL if detected.  Use unsigned index.
Commits on May 22, 2016
  1. MFC: r299242

    rmacklem rmacklem
    rmacklem authored and rmacklem committed May 22, 2016
    Make "-S" a default option for mountd.
    
    After a discussion on freebsd-fs@ there seemed to be a consensus that
    the "-S" option for mountd should become the default.
    Since the only known issue w.r.t. using "-S" was fixed by r299201,
    this commit adds "-S" to the default mountd_flags.
Commits on May 21, 2016
  1. MFC: r299226

    rmacklem rmacklem
    rmacklem authored and rmacklem committed May 21, 2016
    Don't increment srvrpccnt[] for the NFSv4.1 operations.
    
    When support for NFSv4.1 was added to the NFS server, it broke
    the server rpc count stats, since newnfsstats.srvrpccnt[] doesn't
    have entries for the new NFSv4.1 operations.
    Without this patch, the code was incrementing bogus entries in
    newnfsstats for the new NFSv4.1 operations.
    This patch is an interim fix. The nfsstats structure needs to be
    updated and that will come in a future commit.
  2. Backport security fix for absolute path traversal vulnerability in bs…

    mmatuska committed May 21, 2016
    …dcpio.
    
    This is a direct commit to stable/10.
    
    Security:	CVE-2015-2304
Commits on May 20, 2016
  1. HBSD MFC: Check for overflow and return EINVAL if detected. Backport …

    kostikbel authored and opntr committed May 20, 2016
    …this and r300305 to i386.
    
    PR:	209661
    Reported and reviewed by:	cturt
    Sponsored by:	The FreeBSD Foundation
    MFC after:	3 days
    
    (cherry picked from commit 5156142)
    Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
  2. HBSD MFC: Use unsigned type for the loop index to make overflow check…

    kostikbel authored and opntr committed May 20, 2016
    …s effective.
    
    PR:	209661
    Reported by:	cturt
    Sponsored by:	The FreeBSD Foundation
    MFC after:	3 days
    
    (cherry picked from commit b357843)
    Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
  3. MFC r292000: Remove historical GNUC test

    emaste committed May 20, 2016
    The requirement is for a GCC-compatible compiler and not necessarily
    GCC itself. However, we currently expect any compiler used for building
    the whole of FreeBSD to be GCC-compatible and many things will break if
    not; there's no longer a need to have an explicit test for this in csu.