svn commit: r45857 - in head/share: security/advisories security/patches/SA-14:20 security/patches/SA-14:21 security/patches/SA-14:22 security/patches/SA-14:23 xml
Xin LI
delphij at FreeBSD.org
Tue Oct 21 20:48:12 UTC 2014
Author: delphij
Date: Tue Oct 21 20:48:08 2014
New Revision: 45857
URL: https://svnweb.freebsd.org/changeset/doc/45857
Log:
Add SA-14:20 - SA-14:23.
Added:
head/share/security/advisories/FreeBSD-SA-14:20.rtsold.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-14:21.routed.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-14:22.namei.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-14:23.openssl.asc (contents, props changed)
head/share/security/patches/SA-14:20/
head/share/security/patches/SA-14:20/rtsold.patch (contents, props changed)
head/share/security/patches/SA-14:20/rtsold.patch.asc (contents, props changed)
head/share/security/patches/SA-14:21/
head/share/security/patches/SA-14:21/routed.patch (contents, props changed)
head/share/security/patches/SA-14:21/routed.patch.asc (contents, props changed)
head/share/security/patches/SA-14:22/
head/share/security/patches/SA-14:22/namei-10.patch (contents, props changed)
head/share/security/patches/SA-14:22/namei-10.patch.asc (contents, props changed)
head/share/security/patches/SA-14:22/namei-9.patch (contents, props changed)
head/share/security/patches/SA-14:22/namei-9.patch.asc (contents, props changed)
head/share/security/patches/SA-14:23/
head/share/security/patches/SA-14:23/openssl-10.0.patch (contents, props changed)
head/share/security/patches/SA-14:23/openssl-10.0.patch.asc (contents, props changed)
head/share/security/patches/SA-14:23/openssl-8.4.patch (contents, props changed)
head/share/security/patches/SA-14:23/openssl-8.4.patch.asc (contents, props changed)
head/share/security/patches/SA-14:23/openssl-9.3.patch (contents, props changed)
head/share/security/patches/SA-14:23/openssl-9.3.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
Added: head/share/security/advisories/FreeBSD-SA-14:20.rtsold.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-14:20.rtsold.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,169 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-14:20.rtsold Security Advisory
+ The FreeBSD Project
+
+Topic: rtsold(8) remote buffer overflow vulnerability
+
+Category: core
+Module: rtsold
+Announced: 2014-10-21
+Credits: Florian Obser, Hiroki Sato
+Affects: FreeBSD 9.1 and later.
+Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
+ 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
+ 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
+ 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
+ 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
+ 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
+CVE Name: CVE-2014-3954
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+As part of the stateless addess autoconfiguration (SLAAC) mechanism,
+IPv6 routers periodically broadcast router advertisement messages on
+attached networks to inform hosts of the correct network prefix,
+router address and MTU, as well as additional network parameters such
+as the DNS servers (RDNSS), DNS search list (DNSSL) and whether a
+stateful configuration service is available. Hosts that have recently
+joined the network can broadcast a router solicitation message to
+solicit an immediate advertisement instead of waiting for the next
+periodic advertisement.
+
+The router solicitation daemon, rtsold(8), broadcasts router
+solicitation messages at startup or when the state of an interface
+changes from passive to active. Incoming router advertisement
+messages are first processed by the kernel and then passed on to
+rtsold(8), which handles the DNS and stateful configuration options.
+
+II. Problem Description
+
+Due to a missing length check in the code that handles DNS parameters,
+a malformed router advertisement message can result in a stack buffer
+overflow in rtsold(8).
+
+III. Impact
+
+Receipt of a router advertisement message with a malformed DNSSL
+option, for instance from a compromised host on the same network, can
+cause rtsold(8) to crash.
+
+While it is theoretically possible to inject code into rtsold(8)
+through malformed router advertisement messages, it is normally
+compiled with stack protection enabled, rendering such an attack
+extremely difficult.
+
+When rtsold(8) crashes, the existing DNS configuration will remain in
+force, and the kernel will continue to receive and process periodic
+router advertisements.
+
+IV. Workaround
+
+No workaround is available, but systems that do not run rtsold(8) are
+not affected.
+
+As a general rule, SLAAC should not be used on networks where trusted
+and untrusted hosts coexist in the same broadcast domain.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch.asc
+# gpg --verify rtsold.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/rtsold.patch
+
+c) Recompile rtsold. Execute the following commands as root:
+
+# cd /usr/src/usr.sbin/rtsold
+# make && make install
+
+4) Restart the affected service
+
+To restart the affected service after updating the system, either
+reboot the system or execute the following command as root:
+
+# service rtsold restart
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r273412
+releng/9.1/ r273415
+releng/9.2/ r273415
+releng/9.3/ r273415
+stable/10/ r273411
+releng/10.0/ r273415
+releng/10.1/ r273414
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3954>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:20.rtsold.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBAgAGBQJURsSoAAoJEO1n7NZdz2rn5GsP/2y0fUJYVdsZjA4VtUcLFp4Q
+nhjGO3I4NOXZAj3c+bWwbw/Bmg7juFVXiAdLgcpK8UuTT+0znAkEcGoG+uA9q6K1
+PoFjTmXoukIqtu4sd5Gxp74+xVqY41XOuwanHNMiCbvGEbInxoCs3t56C7Ai1/9m
+DXhDCukNEH9JZv5qUS5L7IcosuQs2l1viU9oUA/hSfVeI9IFKp8SItDthwtLVrXe
+bgr50oQdCtwR3gx3Dwkg//er3JCsSJ0ixJO0bGGaqnGLPq7gwmJf8zKy10EE2fri
+AMpUcYMsO+MqhE+PyyuW9MJaPpX+zghZac75UYPh0EckIn8m2p6QGYXcDtZ18qR8
+uq4JCk5nDARKuy7kraEuNJgFzNIBN/wVwOSqaF4n43vhmsuiKF9uzePrtEhB7xoN
+7vT66EXXkCgiqQrQVJ6IH5LzoUJtYVDZTWLWU66r919qbQzYQFU7uslaGF8rgVIg
+HZOfEbDto3dvULmbVHkaWiyotKYSKXZROBTKvTOWVs+BX37zQgg4PGuU6CqatB8R
+Sltg2kxycQXoIm5XiiSL18RTgxEWb+DKfw8e/691EM1/F3XIQVNX11wJpeZwL/sf
+zE9TtTnmqpIBPGIe7aURgJWwX/iA4ljAqB1t5DmgIQrJMXovMXnAVMIu4L2jy+gY
+eRy82+SI3pc3thChv2hv
+=L56U
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-14:21.routed.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-14:21.routed.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-14:21.routed Security Advisory
+ The FreeBSD Project
+
+Topic: routed(8) remote denial of service vulnerability
+
+Category: core
+Module: routed
+Announced: 2014-10-21
+Credits: Hiroki Sato
+Affects: All supported versions of FreeBSD.
+Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
+ 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
+ 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
+ 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
+ 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
+ 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
+ 2014-10-21 20:20:26 UTC (stable/8, 8.4-STABLE)
+ 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
+CVE Name: CVE-2014-3955
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+The routing information protocol (RIP) is an older routing protocol
+which, while not as capable as more recent protocols such as OSPF and
+BGP, is sometimes preferred for its simplicity and therefore still
+used as an interior gateway protocol on smaller networks.
+
+Routers in a RIP network periodically broadcast their routing table on
+all enabled interfaces. Neighboring routers and hosts receive these
+broadcasts and update their routing tables accordingly.
+
+The routed(8) daemon is a RIP implementation for FreeBSD. The
+rtquery(8) utility can be used to send a RIP query to a router and
+display the result without updating the routing table.
+
+II. Problem Description
+
+The input path in routed(8) will accept queries from any source and
+attempt to answer them. However, the output path assumes that the
+destination address for the response is on a directly connected
+network.
+
+III. Impact
+
+Upon receipt of a query from a source which is not on a directly
+connected network, routed(8) will trigger an assertion and terminate.
+The affected system's routing table will no longer be updated. If the
+affected system is a router, its routes will eventually expire from
+other routers' routing tables, and its networks will no longer be
+reachable unless they are also connected to another router.
+
+IV. Workaround
+
+Use a packet filter such as pf(4) or ipfw(4) to block incoming UDP
+packets with destination port 520 that did not originate on the same
+subnet as the destination address.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch.asc
+# gpg --verify routed.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/routed.patch
+
+c) Recompile routed. Execute the following commands as root:
+
+# cd /usr/src/sbin/routed
+# make && make install
+
+4) Restart the affected service
+
+To restart the affected service after updating the system, either
+reboot the system or execute the following command as root:
+
+# service routed restart
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r273413
+releng/8.4/ r273416
+stable/9/ r273412
+releng/9.1/ r273415
+releng/9.2/ r273415
+releng/9.3/ r273415
+stable/10/ r272872
+releng/10.0/ r273415
+releng/10.1/ r273414
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3955>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:21.routed.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBAgAGBQJURsSrAAoJEO1n7NZdz2rneOIQAIXaYGwNAYmVFUqa/YOtxSlQ
+l1ETThsuHxuDUrlkHD82uZu6yJi+HdGz1R2xBLYlxpwk/4GO3D/IdUZI0w1LgNJs
+JRHmAikUpCgcMh0QfyoHD9KSp3wPiQJ9Cmp6ajrjsdIdjrNbFwczoaWHHQ1MyRwp
+kv9OEC7t9rJkZRMuCjrSvGTQVqHFixoZUdJV42a2PNYTyWZmwE33GJ+Zgv/59mPw
+bzGTTI3RTuj1WUJp4MmYV3Eb8y8SnM6szUs4Wlul/uVGfEI3dXYYo3iAHQNHWpAR
+sUaqoVI16P5x952I9PbMA/J5wq/Nm2bVwEAsJN9NE/KPMdD1I4QzvyAlNRFCro8S
+C7qS4a0X75nQ+pehRqPVDdnvJbkxfdgsWP+jwVZ4e0244DQfiKWTKTd+If/cPHa8
+T0z1uZ4xE/BQ0DpJiu9r/ndcm5ych6TbIkNXmGI05jQPntvSYQzhyUTEp2Rmq3IX
+rmre4CHWrTYT7/niTJonieErmtGDe5LrUyP2Odv13euKEsCIbSOPVnDFFhAwsAjJ
+zu2Tm+BPXh0lXHuq/tQ+L5lWv1uoMi9hkLxh6zhFaX4li15sS5tR+GeBXmd9h2Wp
++iT5hvgxfnQPZI3Ey932J20+7LMULlkr2aV2h5NcvroolnQIehj12z0IQBelFsXN
+wtFPveXqXWUfV8WVNBJ1
+=uHh+
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-14:22.namei.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-14:22.namei.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-14:22.namei Security Advisory
+ The FreeBSD Project
+
+Topic: memory leak in sandboxed namei lookup
+
+Category: core
+Module: kernel
+Announced: 2014-10-21
+Credits: Mateusz Guzik
+Affects: FreeBSD 9.1 and later.
+Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
+ 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
+ 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
+ 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
+ 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
+ 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
+ 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
+CVE Name: CVE-2014-3711
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+The namei kernel facility is responsible for performing and caching
+translations from path names to file system objects (vnodes).
+
+Capsicum is a lightweight capability and sandbox framework using a
+hybrid capability system model. It is often used to create sandboxes
+for applications that process data from untrusted sources.
+
+II. Problem Description
+
+The namei facility will leak a small amount of kernel memory every
+time a sandboxed process looks up a nonexistent path name.
+
+III. Impact
+
+A remote attacker that can cause a sandboxed process (for instance, a
+web server) to look up a large number of nonexistent path names can
+cause memory exhaustion.
+
+IV. Workaround
+
+Systems that do not have Capsicum enabled or do not run services that
+use Capsicum are not vulnerable.
+
+On systems that have Capsicum compiled into the kernel, it can be
+disabled by executing the following command as root:
+
+# sysctl kern.features.security_capabilities=0
+
+Services that use Capsicum are usually able to run without it, albeit
+with reduced security.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.x]
+# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch.asc
+# gpg --verify namei-9.patch.asc
+
+[FreeBSD 10.x]
+# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch.asc
+# gpg --verify namei-10.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r273412
+releng/9.1/ r273415
+releng/9.2/ r273415
+releng/9.3/ r273415
+stable/10/ r273411
+releng/10.0/ r273415
+releng/10.1/ r273414
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3711>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:22.namei.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBAgAGBQJURsStAAoJEO1n7NZdz2rnoMoQAIuqKpDLi+sGXnWUQeYGPEZH
+OqwkK9ZbvEiNDAeol03FvxfTg8LzI4OtzkceFDy7KWUTNUN3HnGq1MhFLo+s5r7x
+KtJVIzKgitZVh/1ikr6+DObpuwVHQfdKws6NKqCssqOknDIcNhNG97B1wl/QwnDX
+3/BmAWFYaf6+AG0+vQhxUBTuP9keu8DlpBJ4eEbhRqVCSuo6enJ4uTQXOet7lEOR
+loGqhuMJB265qi2e/vkcnXnOrd6eGQ9vkVJTS0jKmKF3VG8HTcUmUvwLAGeqmTuV
+LIJVpSaFgDX7BuG0tUhwmtmql4+ROU6tyHVWBAmVcSNTRgy9L/It/BdG0slNdVVq
+2OG0ApKCQIukfK6xtz7adgxRYvClzVZZmyjEPzu0MGs/imdEpfgsUap9yrPhHyoe
+KM98VaKtzz2e09KxoAxAezgioDCv5rLZnaX8IqBlFft3BvfPP7TPbKrPvvmETu4P
+/4nthuEFE4jl9xyVINaHdKW9gVAOP44OAj+HlxvNxn4llkrA2v4Zbc3mjukK0ZEx
+OKz++lf7SmfTPI1lD+oN6FJRWEkK0YnVytsw8taHYlqDYdxaL+OB60B+Ko2JoqpL
+AROBT2tp9j/NsG46CgDFqA7oV5JWe/Kk67VrkOs8BL6nplKVD9M5m4XDyakn9wkk
+PA3J/dN5bSd7VIxYExZD
+=MO7y
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-14:23.openssl.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-14:23.openssl.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,193 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-14:23.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSL multiple vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2014-10-21
+Affects: All supported versions of FreeBSD.
+Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)
+ 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)
+ 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)
+ 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)
+ 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)
+ 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
+ 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)
+ 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
+ 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
+ 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
+ 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)
+ 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
+CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II. Problem Description
+
+A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+sends a carefully crafted handshake message, to cause OpenSSL to fail
+to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
+
+When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+integrity of that ticket is first verified. In the event of a session
+ticket integrity check failing, OpenSSL will fail to free memory
+causing a memory leak. [CVE-2014-3567].
+
+The SSL protocol 3.0, as supported in OpenSSL and other products, supports
+CBC mode encryption where it could not adequately check the integrity of
+padding, because of the use of non-deterministic CBC padding. This
+protocol weakness makes it possible for an attacker to obtain clear text
+data through a padding-oracle attack.
+
+Some client applications (such as browsers) will reconnect using a
+downgraded protocol to work around interoperability bugs in older
+servers. This could be exploited by an active man-in-the-middle to
+downgrade connections to SSL 3.0 even if both sides of the connection
+support higher protocols. SSL 3.0 contains a number of weaknesses
+including POODLE [CVE-2014-3566].
+
+OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
+to block the ability for a MITM attacker to force a protocol downgrade.
+
+When OpenSSL is configured with "no-ssl3" as a build option, servers
+could accept and complete a SSL 3.0 handshake, and clients could be
+configured to send them. [CVE-2014-3568].
+
+III. Impact
+
+A remote attacker can cause Denial of Service with OpenSSL 1.0.1
+server implementations for both SSL/TLS and DTLS regardless of
+whether SRTP is used or configured. [CVE-2014-3513]
+
+By sending a large number of invalid session tickets an attacker
+could exploit this issue in a Denial Of Service attack.
+[CVE-2014-3567].
+
+An active man-in-the-middle attacker can force a protocol downgrade
+to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data
+from the connection. [CVE-2014-3566] [CVE-2014-3568]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.0]
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
+# gpg --verify openssl-10.0.patch.asc
+
+[FreeBSD 9.3]
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
+# gpg --verify openssl-9.3.patch.asc
+
+[FreeBSD 8.4, 9.1 and 9.2]
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
+# gpg --verify openssl-8.4.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r273151
+releng/8.4/ r273416
+stable/9/ r273151
+releng/9.1/ r273415
+releng/9.2/ r273415
+releng/9.3/ r273415
+stable/10/ r273149
+releng/10.0/ r273415
+releng/10.1/ r273399
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08
+Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+
+RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T
+Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu
+zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G
+Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG
+o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx
+9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0
+nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh
+89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk
+ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU
+cZ84y1sCp0qHtTqKuak9
+=ywze
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-14:20/rtsold.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:20/rtsold.patch Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,14 @@
+Index: usr.sbin/rtsold/rtsol.c
+===================================================================
+--- usr.sbin/rtsold/rtsol.c.orig
++++ usr.sbin/rtsold/rtsol.c
+@@ -933,7 +933,8 @@
+ dst_origin = dst;
+ memset(dst, '\0', dlen);
+ while (src && (len = (uint8_t)(*src++) & 0x3f) &&
+- (src + len) <= src_last) {
++ (src + len) <= src_last &&
++ (dst - dst_origin < (ssize_t)dlen)) {
+ if (dst != dst_origin)
+ *dst++ = '.';
+ warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len);
Added: head/share/security/patches/SA-14:20/rtsold.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:20/rtsold.patch.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJURsQSAAoJEO1n7NZdz2rnmGoQAJz5xZjKbFt1RrArI+K7pF2E
+qJ9V1trv6ltofAYF74m9BIrYJBodB7s+lwd+qIIfawd5wAK7eKvYtow8izloszP7
++f2Yl3AfXwqsJbStYfi+2OGqqYS/ruGOHRnCicILdHi2I2kH4L1/tUMiQbSe+oIj
+Ro6sT236c2A1khmqChtTotaoNmFT4yyF1/wRqo0sFYu/LPav+hH3VysPTzejAIun
+oLdXPe5ENKyqiMT8ikzB2NR2y4tk6a01iDBqeGjiyxo920uQBq176mAACFKzOAty
+IXwWAOnomCSQBETNgl7pYcgR6hzpVEFAO/PtJjVBh/z2U1FyVfeYslGt8B6S7pUh
+gBj68821d2jq56P4dKPsKQKJ8MORAZ+UcwnFqjFXF+op4ArM+9nA+MfuDUSdmBTx
+j1DqhxRbH8E0v36hv+/a+LT5JZtqt0iGfAdmujjdo4kehjo5woYHd32scX5ezXrt
+oq1GCckL7HACWd0cILo8CKoPTxzjr2VR3qfXqyekSDQgXXh9r+y11mmP6LwpVHa0
+LjrbNtkNUoixYPozk0JMjaZ16Ie9/r4a+cUiacrJSTpSQyLucP8CJNoj5oUEac5L
+l9GwgWGr8ipjeOdd0e81UmWbEZT5pdMokpW5Z31ZjIIpvnJRah8p77KE1IVnK56L
+0lgyNXhm+wD9SaO7DM52
+=l7Mg
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-14:21/routed.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:21/routed.patch Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,15 @@
+Index: sbin/routed/input.c
+===================================================================
+--- sbin/routed/input.c.orig
++++ sbin/routed/input.c
+@@ -288,6 +288,10 @@
+ /* Answer a query from a utility program
+ * with all we know.
+ */
++ if (aifp == NULL) {
++ trace_pkt("ignore remote query");
++ return;
++ }
+ if (from->sin_port != htons(RIP_PORT)) {
+ supply(from, aifp, OUT_QUERY, 0,
+ rip->rip_vers, ap != 0);
Added: head/share/security/patches/SA-14:21/routed.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:21/routed.patch.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJURsQVAAoJEO1n7NZdz2rnWtYP/2w38OHA+dJXuXZIV0Pf1dly
+6u3hpDY17pFmLfeqGB56PXZ/LhXfbFTcu9b5oNyyQpSM280gipdpsryIZ+BU1zqY
+dqf+NfTLIBHUgY+wJjxpPmh5c3ofdhSBJcoC3NMNruz/f5goZ/0yJ2suI0lff6G5
+NkKs2IiFY/pfRaAxOMA63sGSVUcEzSH3GK4VeP8YpCXu0rIYjLpZJKBls/vdROMV
+1YujzgdLPX7bDwClAvt0M0phfkuzt/sE/PNtMhSbFwumhkxFx8HH3pJwBABTR49h
+afYvBogdV+lT4+mQV4dl+vXBgl5vT3oydOfzjlfSSXIhBQxmhnWb/vxF9vt5U6xK
+5M8mhpuaYNqxq/+O3X/P/OI1eKE6f6k1ohuldHY+q2HTiCAFtaIViT1sKl4BenVQ
+nDPhHx9kSNHKqc5HWwiW6jL4hlWhVXMPLTZ0EB2yoUBfbsIXiZL4/vXydjayNzOK
+Q5+ke9C1khOTZ9Rw2f/BVB6s37KC5UwzinKBFuRtOnkDuKrkY9unke0fyuJ+qWK6
+Vnz1bOy0y1l8fkB7sPM06IEodQUbK6E3338aYAsbWYxAm8+Vol4F+KY7hPEqHFZf
+Cp8WcPQLOuYKCT3ZR1M045c4YwsnQjK648LzwrRVSVMGXzMeCJARreFT2ic8eY5X
+YTokboyN50+mxMLU7EW5
+=iu3B
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-14:22/namei-10.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:22/namei-10.patch Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,94 @@
+Index: sys/kern/vfs_lookup.c
+===================================================================
+--- sys/kern/vfs_lookup.c (revision 273277)
++++ sys/kern/vfs_lookup.c (working copy)
+@@ -121,6 +121,16 @@
+ * if symbolic link, massage name in buffer and continue
+ * }
+ */
++static void
++namei_cleanup_cnp(struct componentname *cnp)
++{
++ uma_zfree(namei_zone, cnp->cn_pnbuf);
++#ifdef DIAGNOSTIC
++ cnp->cn_pnbuf = NULL;
++ cnp->cn_nameptr = NULL;
++#endif
++}
++
+ int
+ namei(struct nameidata *ndp)
+ {
+@@ -185,11 +195,7 @@
+ }
+ #endif
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ ndp->ni_vp = NULL;
+ return (error);
+ }
+@@ -256,11 +262,7 @@
+ }
+ }
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ return (error);
+ }
+ }
+@@ -286,6 +288,7 @@
+ if (KTRPOINT(curthread, KTR_CAPFAIL))
+ ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
+ #endif
++ namei_cleanup_cnp(cnp);
+ return (ENOTCAPABLE);
+ }
+ while (*(cnp->cn_nameptr) == '/') {
+@@ -298,11 +301,7 @@
+ ndp->ni_startdir = dp;
+ error = lookup(ndp);
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0,
+ 0, 0);
+ return (error);
+@@ -312,11 +311,7 @@
+ */
+ if ((cnp->cn_flags & ISSYMLINK) == 0) {
+ if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ } else
+ cnp->cn_flags |= HASBUF;
+
+@@ -378,11 +373,7 @@
+ vput(ndp->ni_vp);
+ dp = ndp->ni_dvp;
+ }
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ vput(ndp->ni_vp);
+ ndp->ni_vp = NULL;
+ vrele(ndp->ni_dvp);
Added: head/share/security/patches/SA-14:22/namei-10.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:22/namei-10.patch.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJURsQYAAoJEO1n7NZdz2rndqIP/2KOMzeRy8OgxKuM634A88au
+yoK6vBzkShyGaW/HrOQxdz6+5WElnrIgoeb+MZ2jA8IFo97SYwOS19ygBJrknDvn
+u1XSwmZ3szDj/S70oOqbmKFFabP8fjIEhaHFa/OHakvv6KfcQdRIR7paLZc4ofGQ
+Vq/Zoo+v2OO88Ais6Zkty70l4ZGcnBWpglp8j9qn+0J5tJwdt3raI52KHS+LKIWs
+tP8MRxGf0GPQhuD2BI1Oh+XdETCxgF4yHav68eOAaJkjOi+ZHrhyXbnPMxTkkX1R
+G6rOOYVdsJR+YpllWJowSgOB3M/HnkOKovalM2r0CtEn77rjsPK6cUBBqfdlSJAk
+L42S85p7guE+oEZ0CwpdX8inKPwX5YjbRVpikQoNIPKjWak/+m2adq7sii455fJ0
+yNYNb24CnOS4wiBeqbUOkAYiLplxDhmR6TbqeklaD76rEopuf8bdO04OmUPFVWkG
+4uin6TIXHvtCknOEZWGnTaA00nDJoHqnlU5F5AGB1x1wJIal7zwarRfw/U3sI5uV
+hZoF5iiPH7OOYy5T9p78aYvbAyyl0W4CzLlMp1HM/c/KWoxAMXTquejfDggqsUvR
+abNT5XjSjw5+MA66ArZsv16SQUIedW5J8iqOsW/Fy8OXRLKJupfMHdoB8ofJ+1zF
+EPc5P5t949W1/E6GZDAk
+=aaVY
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-14:22/namei-9.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:22/namei-9.patch Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,98 @@
+Index: sys/kern/vfs_lookup.c
+===================================================================
+--- sys/kern/vfs_lookup.c.orig
++++ sys/kern/vfs_lookup.c
+@@ -121,6 +121,16 @@
+ * if symbolic link, massage name in buffer and continue
+ * }
+ */
++static void
++namei_cleanup_cnp(struct componentname *cnp)
++{
++ uma_zfree(namei_zone, cnp->cn_pnbuf);
++#ifdef DIAGNOSTIC
++ cnp->cn_pnbuf = NULL;
++ cnp->cn_nameptr = NULL;
++#endif
++}
++
+ int
+ namei(struct nameidata *ndp)
+ {
+@@ -182,11 +192,7 @@
+ }
+ #endif
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ ndp->ni_vp = NULL;
+ return (error);
+ }
+@@ -248,11 +254,7 @@
+ }
+ }
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ return (error);
+ }
+ }
+@@ -278,8 +280,10 @@
+ if (*(cnp->cn_nameptr) == '/') {
+ vrele(dp);
+ VFS_UNLOCK_GIANT(vfslocked);
+- if (ndp->ni_strictrelative != 0)
++ if (ndp->ni_strictrelative != 0) {
++ namei_cleanup_cnp(cnp);
+ return (ENOTCAPABLE);
++ }
+ while (*(cnp->cn_nameptr) == '/') {
+ cnp->cn_nameptr++;
+ ndp->ni_pathlen--;
+@@ -293,11 +297,7 @@
+ ndp->ni_startdir = dp;
+ error = lookup(ndp);
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0,
+ 0, 0);
+ return (error);
+@@ -309,11 +309,7 @@
+ */
+ if ((cnp->cn_flags & ISSYMLINK) == 0) {
+ if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ } else
+ cnp->cn_flags |= HASBUF;
+
+@@ -379,11 +375,7 @@
+ vput(ndp->ni_vp);
+ dp = ndp->ni_dvp;
+ }
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ vput(ndp->ni_vp);
+ ndp->ni_vp = NULL;
+ vrele(ndp->ni_dvp);
Added: head/share/security/patches/SA-14:22/namei-9.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-14:22/namei-9.patch.asc Tue Oct 21 20:48:08 2014 (r45857)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJURsQbAAoJEO1n7NZdz2rn7+YQAKhyf2yhQ+9oppNCmzuaFuFC
+XzswwLhQwCUj8J7mkKtDHlhQuAO4Cmr/MEN37CFpvx5u9w4dnhCIuvKPICRju0bN
++KJoM/R/Szapx2x4Ntc0ld+qDH1CuECF3Vpm4A4d5x6I8rTggYAiIx70UTHMyzPs
+xj9m9CKB2xpt6jZvz85a3eq/PW1A9qCumGX6da6Bo2NAO0sImpjlEiRzqmrmKKYZ
+5wk1L1K71dPMo6TaRw234gMRYhhSn5GG7akRRWiB37UuJNC+Y8KwqinbG4eAXSiY
+KFPkSqWPvdjLzpfGBaQTYpJvzm0Dzbwf7pjfOOLVOWfjqfMF/zn9huDMFIwtNFg6
+mPg7pBK3eXz4X6p+roeImdiFKV/RVZ6IzwS5ND6uMgTk3WdrwITjfjxxXEwR423X
+/olyNl+8WP3AkLn/7lE0h9l+ZDwX2cwHIEeiD3ZDUb9OAPDKO9Ip+rdN2Wgxr2PT
+wTltlTKnGB1FICFY5Vw5nL8QbiRmyZ3AxxM+DJveaFPBDRYyNXLQCUpDrPXE/OOm
+7ic6FWErhNJcRWR+ONzoasZgeDeggfez6IS0MzSXPTPRoERrYNwGAWcKznXzfNiw
+kJPQQaKEz1FOjVD3DoPwiO6Tno/810/h+T6exy1aEr8XMe0xyangdC8fPwLP5ndh
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list