From nobody Tue Oct 03 22:33:48 2023 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S0Xfh3M7wz4w5MZ for ; Tue, 3 Oct 2023 22:33:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S0Xfh2mFQz4vp6; Tue, 3 Oct 2023 22:33:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696372428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rS6X0lw8cakskeusEsDEykNV8u0jfUNTCuZ8jW39wjA=; b=QEkiM84yExzldBMrR1AN3bvPEQ7HW5FjMnZNNCuCtA48/vlMpjRi95k7BXM5VcM8i1zXU/ ZlzFSXMu+BcE1LIXxN2zq2uBjyHlTaOMKh2kOXAMTkSgYKlISHgsLcU8D0aDLZ++DfaSJA IcQkG7XZH7RW6URkUS2orAAIrp2/E/NGDkAUqvPS1eeC1f+FJC+ymXar4iBsozEvpo2J0u HsEX2mEfSuArnycmaJbxL00iQSsV1wvcHXJpnxDstl8p+nuPAjRTpnKHJOBqM8tP/Bt+QS 4y+ktLnY4sx8C22nfh76auJ8C+U8GaQ3XsXQByreB9GPP0cfkjn5dSYxrZ1LyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696372428; a=rsa-sha256; cv=none; b=Gy7/qt0eQwP76vHPGJg24iA387ubruIGgLE2OmTOCV+6tAtwTXCVqRlCbVj6WBn0sQqFAK Qm2aec9xSAWzasHbsMfvq+KA64MQeay+M5Bt/8JCiqO/0mozc6HcfdsinDx6Cw1sx7DvZg JcIuc9Km0eN2k4WVXIZb9Y7XUxzX3EqKn6y3UhPEoWbxj1uc8b28whG6GO2U/bwv0ki+1g cybnKUN/nLux0yaEiE2HtlLwjP9J4t2HOJIvYqD77rKxFpX/iIl+wQwUr0n0GWf3KLsJFT +UA/y2iie8TL3N/S+7P5yTXNuiXXUMaWBUe5A1kVyJ/oPTCpjIAqSfE9XtkPQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696372428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rS6X0lw8cakskeusEsDEykNV8u0jfUNTCuZ8jW39wjA=; b=p46wY3hbAWXiXyKz0ORvAbyLXrrTWAyvJIC9eHY58n09MQ0yx9V1D49yBDM/IWeAoUyPXj lIFtxSF3iZq5qtIR8La/1M5qFFwaFAWjH8shlC3R+WTaFkiUy+TLDbskr9ssh/LYzrnGRe YqZC2ABzo2rnl95cZ13B84pIdmqXaLXWrHi6Dw6dlE5vzNM5HC5Y00Q18Z1yImbDvyZB4u FcIYMDppbBY3rB4mKpN+38zsjrrQkqQjzyRebMK8JTSpep9jq/CFFc4RX4TVwAT6acZV3x ASwfXCjEbp1WDplRHyqVYG+BdQ89gUY5bL1I+C/KvU1V+C9yDe2LGtoSTBVj8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4S0Xfh1mxVz1CC4; Tue, 3 Oct 2023 22:33:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 393MXm77004337; Tue, 3 Oct 2023 22:33:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 393MXm61004334; Tue, 3 Oct 2023 22:33:48 GMT (envelope-from git) Date: Tue, 3 Oct 2023 22:33:48 GMT Message-Id: <202310032233.393MXm61004334@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Gordon Tetlow Subject: git: 802acbe255 - main - Update EN-23:09 and add EN-23:12, SA-23:12 through SA-23:14. List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 802acbe255a5bb736abb7ed36d96d7e5c8d104c7 Auto-Submitted: auto-generated The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=802acbe255a5bb736abb7ed36d96d7e5c8d104c7 commit 802acbe255a5bb736abb7ed36d96d7e5c8d104c7 Author: Gordon Tetlow AuthorDate: 2023-10-03 22:32:32 +0000 Commit: Gordon Tetlow CommitDate: 2023-10-03 22:32:32 +0000 Update EN-23:09 and add EN-23:12, SA-23:12 through SA-23:14. --- website/data/security/advisories.toml | 12 ++ website/data/security/errata.toml | 4 + .../advisories/FreeBSD-EN-23:09.freebsd-update.asc | 46 +++++-- .../advisories/FreeBSD-EN-23:12.freebsd-update.asc | 142 +++++++++++++++++++ .../advisories/FreeBSD-SA-23:12.msdosfs.asc | 152 +++++++++++++++++++++ .../advisories/FreeBSD-SA-23:13.capsicum.asc | 137 +++++++++++++++++++ .../security/advisories/FreeBSD-SA-23:14.smccc.asc | 140 +++++++++++++++++++ .../security/patches/EN-23:12/freebsd-update.patch | 17 +++ .../patches/EN-23:12/freebsd-update.patch.asc | 16 +++ .../security/patches/SA-23:12/msdosfs.12.4.patch | 86 ++++++++++++ .../patches/SA-23:12/msdosfs.12.4.patch.asc | 16 +++ .../security/patches/SA-23:12/msdosfs.13.2.patch | 86 ++++++++++++ .../patches/SA-23:12/msdosfs.13.2.patch.asc | 16 +++ .../security/patches/SA-23:13/capsicum.patch | 22 +++ .../security/patches/SA-23:13/capsicum.patch.asc | 16 +++ .../static/security/patches/SA-23:14/smccc.patch | 107 +++++++++++++++ .../security/patches/SA-23:14/smccc.patch.asc | 16 +++ 17 files changed, 1018 insertions(+), 13 deletions(-) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index 9fb568085e..6432cceb40 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,18 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-23:14.smccc" +date = "2023-10-03" + +[[advisories]] +name = "FreeBSD-SA-23:13.capsicum" +date = "2023-10-03" + +[[advisories]] +name = "FreeBSD-SA-23:12.msdosfs" +date = "2023-10-03" + [[advisories]] name = "FreeBSD-SA-23:11.wifi" date = "2023-09-06" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index b9b5b054e0..8c61975a0c 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,10 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-23:12.freebsd-update" +date = "2023-10-03" + [[notices]] name = "FreeBSD-EN-23:11.caroot" date = "2023-09-06" diff --git a/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc index 9f2d14fb2b..7cf538a97f 100644 --- a/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc +++ b/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc @@ -13,12 +13,17 @@ Announced: 2023-09-06 Affects: FreeBSD 13.2 Corrected: 2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE) 2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3) + 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:35 UTC (releng/12.4, 12.4-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +2023-09-06 Initial Revision +2023-10-03 Updated to include the patch for 12.4-RELEASE. + I. Background freebsd-update provides binary updates for supported releases of FreeBSD on @@ -87,8 +92,12 @@ Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 866e5c6b3ce7 stable/13-n255386 releng/13.2/ 0b39d9de2e71 releng/13.2-n254628 +stable/12/ r373221 +releng/12.4/ r373231 - ------------------------------------------------------------------------- +For FreeBSD 13 and later: + Run the following command to see which files were modified by a particular commit: @@ -103,6 +112,17 @@ nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + VII. References @@ -111,17 +131,17 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vxEACgkQbljekB8A -Gu9gmA/7BjuRje8BCxVKXenlsL0FbOLzpQd1Ac6+pQ8sYCotl9Z/S/BF0kgWGEyP -ezkgQDndc90tzGBkFwSh55utFPDxycRJy2ybhg1ownZDyfwtSokWPSp0qdbu2wYD -XBW2xwzsIIemvIOVAvCrn3GagIRMlziaFE8brtwiFCqAB4p4x/Ga9SRKvVPS5fVc -FHBjWRvcNYXanz5VPZA3wbm5CIiGUC+4x22A2DPovcXT8yO1nbIyQpMUnfj+BrJ3 -QPxVmIZsWWbGtkGgplpPuOyP/BPivkDR/TN0TI6fGRKSK517aycCmwF+cgD9Th+S -oISBwO4jZ50tyi36FtaTT9PnkLqX39McCq9T9kCQ5GBhztepSe7S31C8FLdH95TT -wgkML9X/7zoh5Y2i8IWvbvSrAJ/eOaO8VR97aITmbOxLj4dRHB1gfc5FhNLlmeF4 -fz+VbVzOUEta/8PkDkEbbkuG2ttPs///KQB1Lu6V3UkZfIl0L40mzS+X8xMjWL9P -TZBN1skjRcrEx8zaeyzTXEL2e4LX46wrKvm3Gvy0x5JOKgYy8ZHZpT3llChr3yTz -oSxdEZ+oTttfXieHeDtXrxSnFi8Bvgy8j3jFtam7QNbaWYgaURlc7mUC+aUbd+J8 -hYwE+RQFlK3nBpMvGfrFJhbl9RglpYC9qvK69V1zwDQ1DLjHnfk= -=GZ0v +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclTsACgkQbljekB8A +Gu+mvBAAumfz3Q0E3r4JXRaYDUBHgMN+L86xn9gzt/+sbrMtHCdJ1NariCwXO3lH +tGgPW97xRZG4r1IQYayydYo3N7X4u4egzyz/HNKWhxJjkSBkgQG19IDryi9n/2B4 +g5lFaLUGT57pKJDpbDWwvdKbpgUDEfHVTG2hthDVFcnJRuPVSaqdEcOi0eWuX/Dy +8t9CA+9TkvmaY9bl4Lbyltsf0ycSYOp2FDVOKorm0D1GvVAcA+5+9pw02IdFZuGo +CFiXhstcIGs9kKGdtC21tkxemz8oV4Ub9gjsVYyVDzbvKcYtsb/EIKCiTnPcgL9M +DBrekG3LhUK+pZ+V+eHFGToBukITPcZ/gkSwl59Zu1fB1ITBm9QoriwL5R6udpYA +mymzlTYTnLIrGAu4u1Ft2RSXvxwfIAtErM0MyijI1KFl9q5EFhSJzSnTG411FJP4 +w51r0iKHtMJdeL+gYFkWUQrZM+oDHOhuvhYwzbh0cZD2DFksCT2OB0F/zVCHvPsD +uQag2aCttm1uEEhUeMqIYmByR93ctN+TuwmH3Qev0u0lamG5xfzxDEBtDVB2ThyC +9TLFXTrgR5ENmwaCkRkj1YwHdwfBmqPyoN4BBOIFYCXzvA1UIN3nCcm4FpeHXvWs +EToL2Z1MUDCc7lfOsPNRrTBrDyqYUjOP9qlKR8F9CJfhR6eSMLc= +=wkOB -----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc new file mode 100644 index 0000000000..9020f53b72 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:12.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update to 14.0 fails + +Category: core +Module: freebsd-update +Announced: 2023-10-03 +Affects: All supported versions of FreeBSD. +Corrected: 2023-10-01 16:33:03 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:22:19 UTC (releng/13.2, 13.2-RELEASE-p4) + 2023-10-01 16:35:16 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:37 UTC (releng/12.4, 12.4-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +freebsd-update provides binary updates for supported releases of FreeBSD on +amd64, arm64, and i386. + +II. Problem Description + +freebsd-update was unable to handle the case where a file in the "old" +version changed to a directory in the "new" version. This case occurs with +upgrades to FreeBSD 14.0, as /usr/include/c++/v1/__string exists as a file +in 12.4 and 13.2, and as a directory in FreeBSD 14.0. + +III. Impact + +Using freebsd-update to upgrade to FreeBSD 14.0 emits errors during install +and results in a system with broken C++ headers. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:12/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-23:12/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 774cc6348a50 stable/13-n256442 +releng/13.2/ cfb624d7e250 releng/13.2-n254634 +stable/12/ r373223 +releng/12.4/ r373232 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUgACgkQbljekB8A +Gu+9fRAArZE0IrnLNZedxplzPbqrhErZAvomp04D+FR/FGiawgSuItfYmmX7sfxG +6MDlnfsIiumrxjWPr7btxN6tD9ouo6M1LLEz2WKRdRJfuhXsghjyP8TqSGb7DBZG +wIThOxz5akSVGLAWF2ShRGe42bloNfSJjnYWos0bkHpKo/m8ljOMbkQU9kjvsLXR +jV6vYvWJAkPanGJ30g4Hu1tucPUReCbnXRUJ66MzsAerQPRCYoCYx7to4ljPnwN2 +RBOKSeB+yE5ShVwOSCREcPYlsnE/ah7ayb0P4Vcskfy1CT7bN+yK8+DTfHCdICgr +R4h0FcmSXGls7S7OmewUZYjqnJHkpE6AH3s+fennOGB3Fv06QX7xxrP3l/5jqFgc +ffONEv0mYMDE49PnXTttXZL/trIBLWbqIO8KOGlQneOXciQYokbw4hZnyK0G64mn +M/bszNU2gjwei5BvlcCQLs9n84TgTRhfLPJMR+QFK5bNMlZM/b5/wETYjbqZBEDX +rjUsIuUzkLKAJr9MA4BItCGhRMjkViRJ06WcfLsSOdlNrNF7vBfGtcLbt7BiyWos +P4VPMPVKdt3XBR5c4EAC2y4j0s+On2Ts0SMqBXwmQ5/D+gGlIdPgHLMrq8gbvN0Q +ZF/qdH6EWIFLHAmBcWxYmqRhzmPeV3y8RrHxaPriffb6ko9KW4s= +=SfBw +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc b/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc new file mode 100644 index 0000000000..4cfc8f9e08 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:12.msdosfs Security Advisory + The FreeBSD Project + +Topic: msdosfs data disclosure + +Category: core +Module: msdosfs (FAT) file system driver +Announced: 2023-10-03 +Credits: Maxim Suhanov +Affects: All supported versions of FreeBSD. +Corrected: 2023-07-18 05:46:13 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:23:40 UTC (releng/13.2, 13.2-RELEASE-p4) + 2023-09-11 18:51:21 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:40 UTC (releng/12.4, 12.4-RELEASE-p6) +CVE Name: CVE-2023-5368 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The msdosfs driver provides read and write access to MS-DOS (FAT) file +systems. Systems may be configured to allow unprivileged users to have +read and write access to mounted msdosfs file systems. + +II. Problem Description + +In certain cases using the truncate or ftruncate system call to extend a +file size populates the additional space in the file with unallocated data +from the underlying disk device, rather than zero bytes. + +III. Impact + +A user with write access to files on a msdosfs file system may be able to +read unintended data (for example, from a previously deleted file). + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.13.2.patch +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.13.2.patch.asc +# gpg --verify msdosfs.13.2.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.12.4.patch +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.12.4.patch.asc +# gpg --verify msdosfs.12.4.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 868f3eadc5e0 stable/13-n255824 +releng/13.2/ 7d08a7e6908b releng/13.2-n254635 +stable/12/ r373207 +releng/12.4/ r373233 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUoACgkQbljekB8A +Gu9CSw/9G+9cwxNruCQaEOcNGCIUdOe9itmZzVJKVtIIWqXZhq+unXRS0D2YDMdA +EKkfGj6GYaPnFlRe7T3cfrqUFhlNMb4Na5SW0wJp8HUqhKzKB4/SNZSs+iXNQE2z +WdhYFl582Gg2+vuoije4Z9Idl0WYPqXHXyRC7TCtSwUHDwRsU9jA6g/GNM0X+0dl +mOzFxFSSGoORF5aJYtp91KeNwGdNwORc75k6xxMWGGDc0sba9Fbupfrjc/XQ8SaQ +tYil3Eomh/cbYOKneppGQo9ohY+PAC1u/2XxRBxXYFCDtNLed4SGEWp4pLKjq2QM +X8jkDooTPLwDiVaM6Cps54PmUI3YBrYKSpt3Z1SdTHWyh0hDtpAJb/1f/sPUu90D +oWCiFI5p6oZjFNJxskZZ8T6xFgjqiII70ULfHQ3GxGhMZ0Pe5QyzmqIFGvkn0UtX +uGechgeL+jwqnyviIFyfVTGORmbcWj60WHajUAVUbb5aF/WV5QS0XDOLhTFkeY/P +WQjOBFAH/pf93ahUnA0NuDqAe5yX/3NEXLzMg8bnSBDJRIPRWsPfIE3lqWl0zNmD +sdtsugBS74zTM3MUn/Lq5MdtozuvEWK6Hs60i1wuiTMT39X8oE89r5LLVgTyc0Tj +2nML+7TKutMqWgeRvYsXBp6VtEiZd9Qc6nx8FWtSq8UMODa57C8= +=T0YO +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc b/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc new file mode 100644 index 0000000000..b04d6fc23d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:13.capsicum Security Advisory + The FreeBSD Project + +Topic: copy_file_range insufficient capability rights check + +Category: core +Module: capsicum +Announced: 2023-10-03 +Credits: David Chisnall +Affects: FreeBSD 13.2 +Corrected: 2023-10-02 16:00:27 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:24:41 UTC (releng/13.2, 13.2-RELEASE-p4) +CVE Name: CVE-2023-5369 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Capsicum is a lightweight OS capability and sandbox framework. It provides +two kernel primatives, capability mode and capabilities. Capabilities limit +operations that can be performed on file descriptors. + +copy_file_range is a system call that performs a kernel copy of a byte range +from one file to another or within one file. copy_file_range accepts +optional pointers to offsets for the input and output file descriptors. + +II. Problem Description + +The syscall checked only for the CAP_READ and CAP_WRITE capabilities on the +input and output file descriptors, respectively. Using an offset is +logically equivalent to seeking, and the syscall must additionally require +the CAP_SEEK capability. + +III. Impact + +A sandboxed process with only read or write but no seek capability on a file +descriptor may be able to read data from or write data to an arbitrary +location within the file corresponding to that file descriptor. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:13/capsicum.patch +# fetch https://security.FreeBSD.org/patches/SA-23:13/capsicum.patch.asc +# gpg --verify capsicum.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 3f0ce63828dc stable/13-n256458 +releng/13.2/ 2d23f6c33431 releng/13.2-n254636 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclU0ACgkQbljekB8A +Gu/a3Q//aXO1+HdImFnqAzKEto8E97DEv6vB2HUZAoxrmwSX9VNjkrIo9Z9+LRyL +q7WXMcok1OPQCCE3ad+g05eqXwnmJ55CpToP/jEXrOOZRDInK0Z5owZbwVpmyAmW +zF/+xoEjcw90H7ReIQQ3+TNGDf025tCoXlTQKdzWtNN6BcY3px4zuDYHPUKgMwSv +XJDrjYWBzBede00CnlolwmsBorjvZvRMfllTIpiVTlmtD73s+sRDI7rc768MY0RZ +gCplCL9S9EkIGL8XJhDWB2+TsG7nvwrUII5M2u0Db252IK7nmgty4l03PtYotx4p +jH/a3oXWKeqExGHJaqNcaUwS6xdu+pvMRuJgY4mH6rd+uvOMbC5jvac3FopSlmXq +aVIctA2LCRomyYmVDsWXIGLcBT5cAOhsqkrw+JE0kA/k2Pl6NDNK7HNgo6Fj01TR +lVf91A1mTsDJxfymU4SWB/KGgImAnR9e7gHUo4gLZCNyYXvcnFa/ntHoswNZ+12L +e/b4+PnHts2X4/+I4K6qdF522yzF/vpyF6UjfwAGtT6qmbmGyW9VbDcn6TIL9I3p +IDKJCWeHPBfyspWua2hCUIi3/EwpSFvIECPad3hFT6cej1pZ6hfJt8XT0ma82QGp +ocbh3tb3E1phSGvgZitk8J0oyWDehuck3YfZ+6nHMwzPBgmr6Lo= +=lS69 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc b/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc new file mode 100644 index 0000000000..f815574ae2 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:14.smccc Security Advisory + The FreeBSD Project + +Topic: arm64 boot CPUs may lack speculative execution protections + +Category: core +Module: arm64 +Announced: 2023-10-03 +Affects: FreeBSD 13.2 +Corrected: 2023-09-25 12:13:47 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:29:11 UTC (releng/13.2, 13.2-RELEASE-p4) +CVE Name: CVE-2023-5370 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +To mitigate speculative execution side channel attacks on some AArch64 +hardware the kernel can call into the boot firmware using the Secure Monitor +Call Calling Convention (SMCCC) mechanism. + +To decide if the kernel needs to use the SMCCC mitigation on a given CPU it +can query the firmware if the SMCCC workaround is present. + +II. Problem Description + +On CPU 0 the check for the SMCCC workaround is called before SMCCC support +has been initialized. + +III. Impact + +No speculative execution workarounds are installed on CPU 0. + +IV. Workaround + +No workaround is available. Not all AArch64 CPUs are affected. + +Systems where CPU 0 has the CSV2 and PSTATE.SSBS processor +features are unaffected by the speculative execution attacks. +The kernel will print the following under CPU 0 on unaffected +CPUs: + +Processor Features 0 = <...CVS2...> +Processor Features 1 = <...PSTATE.SSBS...> + +The Arm Cortex-A35, Cortex-A53, and Cortex-A55 CPUs are +unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:14/smccc.patch +# fetch https://security.FreeBSD.org/patches/SA-23:14/smccc.patch.asc +# gpg --verify smccc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 4df1447f2c76 stable/13-n256420 +releng/13.2/ 485912e051bb releng/13.2-n254637 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclU8ACgkQbljekB8A +Gu8zqQ//bCjUB/hXZxypEFmnnnyUPr0Y/pzHd1i7EcIFQubd6kosUw4k2VGzwOsi +/BwKU4W/MrUyr/wwSkjJ/lmeA+CRX2TAPWPTPC0umnN58fOXRqhKpVAi0yfho+L9 +lYUfdLWM0xS4XWsZk7DapjfN8XznLnn6iQrWmFLmZd0ViJFGkGJcxjdWr7aSs7ZX +C8v8GoqFx6GUUdOgRERdpZ/2mxi7ibs9LbCt4PUTwKV8clAmq4w4Mv+q4xfZPSnM +nXGrTd+t2G5ZrmEZ9Rq32C9JqGaAaQUTp/NsOw8yQq5YVBXanA12VJLx2kdoVKsj +84e3rJz/QTpXTpgiSkVmWdT3ziZW8Zs9aygvUXyzK6C/s2ZiKd8o65dnF3MGCyJs +Y7aNgAS51mX/fgPyXwicF/eYA1nm/1AJAK9J/eUBbsi+hu9DW5XjpiLUYAe10KKf +9XsgJ1vTJMKXIv/UAlN0d78SfSfcGyUCbH0qk7zCzw9XfLYj+r9a7de/vnAc0qtm +8Gh0hqbacA6dqtxrNEDC9R1Tp6inf0YYR6gP5HPjjy96FvfZCGmHk5XUmbmk4C4T +UylvLXrO4gJiyBXhdZ3P3Mib6HdMWkLMRh095Y2revdAGMv0BrGs3G+eaMVIgNt2 +puELCPfLgJF1ljcHV8svdQcuy0Fea2R2R22cqwsT1vPuKqgmP60= +=lOTX +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:12/freebsd-update.patch b/website/static/security/patches/EN-23:12/freebsd-update.patch new file mode 100644 index 0000000000..c5c4f5f45a --- /dev/null +++ b/website/static/security/patches/EN-23:12/freebsd-update.patch @@ -0,0 +1,17 @@ +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -2905,7 +2905,13 @@ + while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do + case ${TYPE} in + d) +- # Create a directory ++ # Create a directory. A file may change to a directory ++ # on upgrade (PR273661). If that happens, remove the ++ # file first. ++ if [ -e "${BASEDIR}/${FPATH}" ] && \ ++ ! [ -d "${BASEDIR}/${FPATH}" ]; then ++ rm -f -- "${BASEDIR}/${FPATH}" ++ fi + install -d -o ${OWNER} -g ${GROUP} \ + -m ${PERM} ${BASEDIR}/${FPATH} + ;; diff --git a/website/static/security/patches/EN-23:12/freebsd-update.patch.asc b/website/static/security/patches/EN-23:12/freebsd-update.patch.asc new file mode 100644 index 0000000000..2d27e72457 --- /dev/null +++ b/website/static/security/patches/EN-23:12/freebsd-update.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUkACgkQbljekB8A +Gu82vBAAta3FgMcbU/T/c7xWQEwAGvzQRaC/T6+una4Mgv14u8ni++Nk0bSRpZZy +A06SdazAfLVJiMLRc1beXmr393/2SpPf2Luby9ySA1hTKapFbwB5YrmRTo58HgoO +7XxwYEkM+G1gKvta61q7suW9vX9N7q1oP8LmTIlUn8w6u1Qjr+BjyOTG8tLir4q+ +CmoBbpOXbiNNPj8W4Kqwz1dvjYk9XeVMik67mksk8bqvilgtPnCVPYA4wiul1mv2 +IGJq/26YVPuNbOOiVctIlfuWjaG+xfPjl9pq6Ld6cHf/Y0s95JPm0YmeVcfeHu34 +Otmdj860IQc3ZHZyNwPAbgRwxaq/5LxFORNSdN+1vwuqgLW2kofpAM2DgY+y9czr +hx1AusiAfWiBFPIUBAVCInSJIVkmRtjZaoWkakUTy0SQ7H9BUeSTuGC+b6Ifj01H +SKdvQlVATy3ttWT5darsEWJJ0ZeHWYwbH8BXTLhUL1HSaiZDAi1/6iaknh048UWF +O3VMDOe3Cfg3IBJVpyZYvtoU/W0EM7eisStBM9ar0nXCFsAYZNiW+0/IRZtNcGmr +iRz/dOxJjoCVHNWWcOhOWvHBKI0Ck0CxDRizu4oluYvD2n3Qp8NpwJb3Qyq7LQ8T +XSdzb0z1nO6Xtkz32XwVXcTePMA6HAXWuvc1PM3mAHWss3xhlHU= +=+nla +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-23:12/msdosfs.12.4.patch b/website/static/security/patches/SA-23:12/msdosfs.12.4.patch new file mode 100644 index 0000000000..07232f9791 --- /dev/null +++ b/website/static/security/patches/SA-23:12/msdosfs.12.4.patch @@ -0,0 +1,86 @@ +--- sys/fs/msdosfs/msdosfs_denode.c.orig ++++ sys/fs/msdosfs/msdosfs_denode.c +@@ -365,10 +365,8 @@ + return (EINVAL); + } + +- if (dep->de_FileSize < length) { +- vnode_pager_setsize(DETOV(dep), length); ++ if (dep->de_FileSize < length) + return deextend(dep, length, cred); +- } + + /* + * If the desired length is 0 then remember the starting cluster of +@@ -477,13 +475,16 @@ + deextend(struct denode *dep, u_long length, struct ucred *cred) + { + struct msdosfsmount *pmp = dep->de_pmp; ++ struct vnode *vp = DETOV(dep); ++ struct buf *bp; ++ off_t eof_clusteroff; + u_long count; + int error; + + /* + * The root of a DOS filesystem cannot be extended. + */ +- if ((DETOV(dep)->v_vflag & VV_ROOT) && !FAT32(pmp)) ++ if ((vp->v_vflag & VV_ROOT) != 0 && !FAT32(pmp)) + return (EINVAL); + + /* +@@ -503,15 +504,47 @@ + if (count > pmp->pm_freeclustercount) + return (ENOSPC); + error = extendfile(dep, count, NULL, NULL, DE_CLEAR); +- if (error) { +- /* truncate the added clusters away again */ +- (void) detrunc(dep, dep->de_FileSize, 0, cred); +- return (error); +- } ++ if (error != 0) ++ goto rewind; + } ++ ++ /* ++ * For the case of cluster size larger than the page size, we ++ * need to ensure that the possibly dirty partial buffer at ++ * the old end of file is not filled with invalid pages by ++ * extension. Otherwise it has a contradictory state of ++ * B_CACHE | B_DELWRI but with invalid pages, and cannot be ++ * neither written out nor validated. ++ * ++ * Fix it by proactively clearing extended pages. Need to do ++ * both vfs_bio_clrbuf() to mark pages valid, and to zero ++ * actual buffer content which might exist in the tail of the ++ * already valid cluster. ++ */ ++ error = bread(vp, de_cluster(pmp, dep->de_FileSize), pmp->pm_bpcluster, ++ NOCRED, &bp); ++ if (error != 0) ++ goto rewind; ++ vfs_bio_clrbuf(bp); ++ eof_clusteroff = de_cn2off(pmp, de_cluster(pmp, dep->de_FileSize)); ++ vfs_bio_bzero_buf(bp, dep->de_FileSize - eof_clusteroff, ++ pmp->pm_bpcluster - dep->de_FileSize + eof_clusteroff); ++ if (!DOINGASYNC(vp)) ++ (void)bwrite(bp); ++ else if (vm_page_count_severe() || buf_dirty_count_severe()) ++ bawrite(bp); ++ else ++ bdwrite(bp); ++ ++ vnode_pager_setsize(vp, length); + dep->de_FileSize = length; + dep->de_flag |= DE_UPDATE | DE_MODIFIED; +- return (deupdat(dep, !DOINGASYNC(DETOV(dep)))); ++ return (deupdat(dep, !DOINGASYNC(vp))); ++ ++rewind: ++ /* truncate the added clusters away again */ ++ (void)detrunc(dep, dep->de_FileSize, 0, cred); ++ return (error); + } + + /* diff --git a/website/static/security/patches/SA-23:12/msdosfs.12.4.patch.asc b/website/static/security/patches/SA-23:12/msdosfs.12.4.patch.asc new file mode 100644 index 0000000000..c112ba1cf7 --- /dev/null +++ b/website/static/security/patches/SA-23:12/msdosfs.12.4.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUsACgkQbljekB8A +Gu9MVA//eFP/Ak5QSSTRlWlwrP9kAF1+Gce8Kx1rYfrvGfSIv8VfI/1Ppe3UPZn1 +zepSumcgCDWDRaezcn0lMqcII5X6bdF88k7Gb+dmuOB9nsm54cM7O62391N8eJ3Q +mn86RzmUU6kHQ1LoaqMB59cgMxgCx9qSBvM/+rNs2Xujo/PUWNfjQRIYe30wyg54 +aTtIM+zeIf4ZRWIo4xwsmy7KoLsVQvVS4UYd7303VpDyxw+nhbupMAUcapKkE9nn +WEraYT3Z/zxAbuOk1PHjAEr6Q6b9ReiVexuZRSIfxt1jy7jzZLpdOaZ7NTsMXOYW +j3aCGxf8tSsRGNxA7PXpcmTEwOvq7igzBGkbVBG25Ww0y7v5JxZ8NUBFy0ih4pNE +6soAR9/mSbu1AYBPc5KpKYfnJFjKWza+5aixufFRuU+th2TH0LiMNZH4OgyQmnp3 +351tbDm3cykj2sLeVhfoeGNeoc+ebAJR7YDawoD6ql/OIi2TUXaTS0Bb8kywC31g +fh9aWzg2omzVNuFTawExWaHFWI0yzMgCgupv6QYSfOhCHV0eqFFuWfsiXKW1Yvrk +24Gfn2kXt3HH3I4qUpoTRkQ/nbPjNdglhTOuHZ7ZUvaOMybXeRCrZWqLHIfrWsd3 +TKTYTXDERGHF6gago87NdlIjwukLHWfCCZYQ4bEumVWgToVjVYQ= +=oKB1 +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-23:12/msdosfs.13.2.patch b/website/static/security/patches/SA-23:12/msdosfs.13.2.patch new file mode 100644 index 0000000000..1e66928461 --- /dev/null +++ b/website/static/security/patches/SA-23:12/msdosfs.13.2.patch @@ -0,0 +1,86 @@ +--- sys/fs/msdosfs/msdosfs_denode.c.orig ++++ sys/fs/msdosfs/msdosfs_denode.c +@@ -384,10 +384,8 @@ + return (EINVAL); + } + +- if (dep->de_FileSize < length) { +- vnode_pager_setsize(DETOV(dep), length); ++ if (dep->de_FileSize < length) + return (deextend(dep, length, cred)); +- } + + /* + * If the desired length is 0 then remember the starting cluster of +@@ -496,13 +494,16 @@ + deextend(struct denode *dep, u_long length, struct ucred *cred) + { + struct msdosfsmount *pmp = dep->de_pmp; ++ struct vnode *vp = DETOV(dep); ++ struct buf *bp; ++ off_t eof_clusteroff; + u_long count; + int error; + + /* + * The root of a DOS filesystem cannot be extended. + */ +- if ((DETOV(dep)->v_vflag & VV_ROOT) && !FAT32(pmp)) ++ if ((vp->v_vflag & VV_ROOT) != 0 && !FAT32(pmp)) + return (EINVAL); + + /* +@@ -522,15 +523,47 @@ + if (count > pmp->pm_freeclustercount) + return (ENOSPC); + error = extendfile(dep, count, NULL, NULL, DE_CLEAR); +- if (error) { +- /* truncate the added clusters away again */ +- (void) detrunc(dep, dep->de_FileSize, 0, cred); +- return (error); +- } ++ if (error != 0) ++ goto rewind; + } ++ ++ /* ++ * For the case of cluster size larger than the page size, we ++ * need to ensure that the possibly dirty partial buffer at ++ * the old end of file is not filled with invalid pages by ++ * extension. Otherwise it has a contradictory state of ++ * B_CACHE | B_DELWRI but with invalid pages, and cannot be ++ * neither written out nor validated. ++ * ++ * Fix it by proactively clearing extended pages. Need to do ++ * both vfs_bio_clrbuf() to mark pages valid, and to zero ++ * actual buffer content which might exist in the tail of the ++ * already valid cluster. ++ */ ++ error = bread(vp, de_cluster(pmp, dep->de_FileSize), pmp->pm_bpcluster, ++ NOCRED, &bp); ++ if (error != 0) ++ goto rewind; ++ vfs_bio_clrbuf(bp); ++ eof_clusteroff = de_cn2off(pmp, de_cluster(pmp, dep->de_FileSize)); ++ vfs_bio_bzero_buf(bp, dep->de_FileSize - eof_clusteroff, ++ pmp->pm_bpcluster - dep->de_FileSize + eof_clusteroff); ++ if (!DOINGASYNC(vp)) ++ (void)bwrite(bp); ++ else if (vm_page_count_severe() || buf_dirty_count_severe()) ++ bawrite(bp); ++ else ++ bdwrite(bp); ++ *** 220 LINES SKIPPED ***