git: f0cdbe99cc - main - Update EN-23:15 for 13.2.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gordon Tetlow <gordon_at_FreeBSD.org>
Date: Tue, 05 Dec 2023 19:09:03 UTC
The branch main has been updated by gordon:

URL: https://cgit.FreeBSD.org/doc/commit/?id=f0cdbe99ccb93725b8aa6a725665749924faef2f

commit f0cdbe99ccb93725b8aa6a725665749924faef2f
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2023-12-05 19:08:18 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-12-05 19:08:18 +0000

    Update EN-23:15 for 13.2.
    
    Approved by:    so
---
 .../advisories/FreeBSD-EN-23:15.sanitizer.asc      | 41 ++++++++++++++--------
 .../security/patches/EN-23:15/sanitizer.13.patch   | 27 ++++++++++++++
 .../patches/EN-23:15/sanitizer.13.patch.asc        | 16 +++++++++
 3 files changed, 70 insertions(+), 14 deletions(-)

diff --git a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc
index c99758ce43..ff869155bb 100644
--- a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc
+++ b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc
@@ -10,16 +10,22 @@ Topic:          Clang sanitizer failure with ASLR enabled
 Category:       contrib
 Module:         compiler-rt
 Announced:      2023-12-01
-Affects:        FreeBSD 14.0
+Affects:        FreeBSD 13.2 and FreeBSD 14.0
 Corrected:      2023-11-25 09:05:09 UTC (stable/14, 14.0-STABLE)
                 2023-12-01 00:38:35 UTC (releng/14.0, 14.0-RELEASE-p1)
                 2023-11-25 09:05:14 UTC (stable/13, 13.2-STABLE)
+                2023-12-05 18:20:00 UTC (releng/13.2, 13.2-RELEASE-p7)
 
 For general information regarding FreeBSD Errata Notices and Security
 Advisories, including descriptions of the fields above, security
 branches, and the following sections, please visit
 <URL:https://security.FreeBSD.org/>.
 
+0.   Revision History
+
+v1.0  2023-12-01 -- Initial release
+v1.1  2023-12-05 -- Updated affected versions and added patch FreeBSD 13.2
+
 I.   Background
 
 Compiler-RT is an implementation of various compiler runtime support routines,
@@ -82,10 +88,16 @@ FreeBSD release branches.
 a) Download the relevant patch from the location below, and verify the
 detached PGP signature using your PGP utility.
 
+[FreeBSD 14.0]
 # fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch
 # fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch.asc
 # gpg --verify sanitizer.patch.asc
 
+[FreeBSD 13.2]
+# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch.asc
+# gpg --verify sanitizer.13.patch.asc
+
 b) Apply the patch.  Execute the following commands as root:
 
 # cd /usr/src
@@ -104,6 +116,7 @@ Branch/path                             Hash                     Revision
 stable/14/                              1e4798e9677f    stable/14-n265803
 releng/14.0/                            78b4c762b20b  releng/14.0-n265381
 stable/13/                              7c25a53a2cb9    stable/13-n256726
+releng/13.2/                            6d94fc2b0db9  releng/13.2-n254646
 - -------------------------------------------------------------------------
 
 Run the following command to see which files were modified by a
@@ -129,17 +142,17 @@ The latest revision of this advisory is available at
 
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPoYACgkQbljekB8A
-Gu+z2A//VhWVguaPhfTkV0jRrG/tD1iu+xhM7TSRcnnGYn7IIkzWzHkO5jrP9Oy5
-aRueyAVvw048f4unEG36qBM+UO5LSCcDEj3OAhxhJzfTfXcRBYMRuvp5cC+Xjgji
-s6S7JlSTeHqJakj6UV58d4elppj5QN1b2IQtwahcwuBtlue4NaOg16z6GFDDbVKo
-Db8h+yOyQuwGj7uvahpuHpNB21pMfTwi4IWV2F9QOjQMO/+pcqia+leG53WOsB/A
-SFW3zNHdAl+Q7NBq6lRVTqyW69Ouh1gblQ57kMCdzyTF5BSzcDhX5QwiS9t2TIU9
-gs2ulNxxIiSPmi7n/ZlDPRyH57C/+h6vSHVeXOVKZhIffrqvpqqhT0WKQfIUnNLb
-0uhdmXLdXWWAAk1OvDkBAIiO6C8GxVvgZvHWFhELjnDK6+qmZD7xv3RVpJnRVk9X
-//U89b+zGNKhS+JFiTvXY90oUxoE72a9PuqvONZuKMGH+ooL9aRGEJujahCL2Swl
-jxymcZHduvsXbnzrmGZr8Lxl4DP+cHD688gc8KOgitb3MCupcx066KmX1Pem7PvX
-2AULZrFBDTPEIgf0ZuGt5R3+zd+k/sDlPVGdkLpF1AVOOuwtfton6Vbd5CKDzDLR
-0PqGdkk9CLpI0Mm8I1o+v69bopYua1ndo3G2YuKIK7V472sgrRw=
-=EPbY
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvdI0ACgkQbljekB8A
+Gu/tzA//WlbAichQYjs2EOKsBkikGpWRf/Vg3PNpwfT0Bh8Nkuapf8H41Cm0prRT
+ZNgwqOcckJK+pj/e99nz3/nxdIJLkzyGMUblAhpkvklXK4KXGT9ASgkzXShyKlIC
+nXY7OfEwxUJ/N74Ty6+2d/ZkAIVV+f7A3r4OJ6sPVkB5TDbddg4NbzhMNi+yg3lg
+tujrBdmXxSTlBEKy2WVwMyWTrK9lfkDmp0GfbaGvODYhzdNZpfvQ5WEw4rCiC7x9
+4zE5YbbtOgZ1zG2tJz/Mklv+dQQFmCf6W3E2aCzhtyw0qcvy5LlYO8oTeDA6LVD5
+neWRVXjRk7/g/fLe1dBAbn7loRxglWtnvSdYZU3iZRxgX3Mn+s5zrKhNXmF6QIVM
+ppuSI6N9dXaeI4dlFTF+oZkNuP9UFS5thhFmRONES55gifWYGm3YphetrcEIRGBW
+WgLUdxE33mALlFOhHSSCmkrqWe59iLjRnbC14HaB4K/fzePZsRd9onqRarEeVQz5
+BzDN6t+w0kuBKjjMpmZS3wg0waK7E2YuVdk9nazGS3Mg3YXEdB0Z7lK8AnNLKRJr
+Ih/4h1Cj/vyie0j9n0zezgcTdCR/1sNU7+19NCGWhXr3Bwl9OhDuRsz1056Bt1N+
+CvdwFB7e7CzoMcOrQC/X2z0qSmX7TvQ6Fx777vK+Cr167NE9mM4=
+=Lf9R
 -----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:15/sanitizer.13.patch b/website/static/security/patches/EN-23:15/sanitizer.13.patch
new file mode 100644
index 0000000000..65664509e0
--- /dev/null
+++ b/website/static/security/patches/EN-23:15/sanitizer.13.patch
@@ -0,0 +1,27 @@
+--- contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp.orig
++++ contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
+@@ -55,6 +55,7 @@
+ // that, it was never implemented. So just define it to zero.
+ #undef MAP_NORESERVE
+ #define MAP_NORESERVE 0
++extern const Elf_Auxinfo *__elf_aux_vector;
+ #endif
+ 
+ #if SANITIZER_NETBSD
+@@ -905,11 +906,11 @@
+   const char *pathname = "/proc/self/exe";
+ 
+ #if SANITIZER_FREEBSD
+-  char exe_path[PATH_MAX];
+-  if (elf_aux_info(AT_EXECPATH, exe_path, sizeof(exe_path)) == 0) {
+-    char link_path[PATH_MAX];
+-    if (realpath(exe_path, link_path))
+-      pathname = link_path;
++  for (const auto *aux = __elf_aux_vector; aux->a_type != AT_NULL; aux++) {
++    if (aux->a_type == AT_EXECPATH) {
++      pathname = static_cast<const char *>(aux->a_un.a_ptr);
++      break;
++    }
+   }
+ #elif SANITIZER_NETBSD
+   static const int name[] = {
diff --git a/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc b/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc
new file mode 100644
index 0000000000..948b7c7140
--- /dev/null
+++ b/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvdJMACgkQbljekB8A
+Gu8aMQ/9GtXjaonKbA5yLzc/+QaeAFOwfbEqEKNmD+SwAByKwKvxAkUwNjt2FBZE
+IXwDXe2lVtB8ECHSED9YVr8yRiIHvUjOTrIRDQsaXDwEQqV1mDgdSRlRSfKBLpgY
+OqXzY+tcS9cQaUohEvLXUxqnEQ9M33yJoJkNtX0/0R2JA0KzmIGBj5DQerRVz9qB
+0cD8BmeOrOVxW2tSMULcA88bYD4fVTRjJ3fydyKA99Lnqye7HylbUn/IXSFMPyob
+8v2kLHZFGX+4NFY31uyAqUtBZ9uxfi7SnmP3gxV3Ixaed8yfDyLv5b6pI7NSPPpN
+aGdWwDiKTx2VRps4kM05vJCuQvkHiMHT1dof+iUjLlne88DIoWw64nmPmUVlLYyb
+16Bh8WIiIhtLZjCaHy8p2MyQS6J63rneOsBNxnxPVWvq60bdCZLRg49/t6XNqAub
+GwQIRBEJfxT0M82Yf2GRNRbermOnktAGKXcZRA5F1Z8aMlMFxXe0xw7OQhyTK7Bc
+zPqgidL1TQOz/iM5v3IfbGR2vbOKFXVvL2lnbikhEv8EPOYTXcXBwK0v4exP2xaN
+iv6Nz80ttXLmtiXcVjHcGhXRWMv8hUq5/jKUkrdZdziFX9Uejxh43u61kEDBjHht
+vIk1O2m/360v2ikwvWwXHoR1Rxsh/SNHaJLOaN8G2NtDyaNrcxo=
+=rC5U
+-----END PGP SIGNATURE-----