From nobody Tue Dec 05 19:09:03 2023 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sl97M3VkMz53LFS for ; Tue, 5 Dec 2023 19:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sl97M2zNNz4Gdx; Tue, 5 Dec 2023 19:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701803343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tWoTm/W4jmIew1wxOa0kJtEgFFIdilsnvD7XKXlTXHg=; b=uQVtTPhD+BD5jfTEF/EZWOwWDFb315wFa7ihrtV6aWomFAoychDoiKu5XTAq3ohuxIPZZb 9AsY2CpLg4kL38lYQtGfPxMhhnPJxrsb6K5s/gT1CJ0HlB4YpRab5m1QS2ofhdof9PuB4I v/2LmZKZ5Tti2ChTQz2v8haEIN8GmiMariOU/hzwO/V5+5zWk6SDvc4y26CYhekEbHglb3 sSGv/cWTp2nqZYTIlAvstqnc+zTlqPT/Co3vWGCA09jOouo40vX2BS3lz6JFjbzODI5Em8 wfaXCG7w0MI5Wu4OyKFJ07YMF4c9lIUXeSuBQBeMynEChnoA2aXWu1gYmR+Fug== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701803343; a=rsa-sha256; cv=none; b=kHuLisfH4Z3M8ai4yK8h/xM2Sr8m2JaBv+dBpfCgFbWABeDF3nwRQ6c5XvVdpzLg0EDhzc k2Aw8gEMbr4O1XRAq3yesM9z2ceNYPxCQt3aFwbPhvFMY1BMqbDx/vIPEmWH6k0XwUF2Wi 6xNk/7My4AWMWr6Laf2i2Utb1QW2+N5U1A0pLsq/3nZ5L+3sOYsabE9HsROrAUvu7YZIAW WHaiWNsvWPjb42IF1iMwG1oOboqmsbW14KV0YQBBe4WtpfWwAMpYHiZb6uPOi+ZKG0kNEP t/42giRJ+HdCjcC3VkUen74l3Tsz4mTMKhrje6FGLSX1q/c2EFX0J185+iHlMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701803343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tWoTm/W4jmIew1wxOa0kJtEgFFIdilsnvD7XKXlTXHg=; b=NpFarjMDjaPd5Z38ag45/6WBB7L5n/I8oWhao2hbg/itiDbIk2S18zb0LetPV8MatAqJPm fI/ARaI5U92ooaWLiqpemDTD+kxMGKqZsHUjsmrMKnh/LDVj6hYLgkf2oi8AOxhAjf4eXt AZzoyrvoOw2qWIV5GkMSk1WyS10tyXj+mvlMcL7dOm3+dkOTK0zBj2vSUiOREjzYbLyu7N IeHEXwznK/DS9OCn4QgiGExTkTcc4rhlsP1Aff+HMxPhfZWir8e5zJy3bbLyqoM0bnQcox 86T43isIGZgcx6iaZMKu9l8qZkpHPbr+2FsrN24oL3CsESk3dfJGqAARkuTMFg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sl97M1mSmz6Xj; Tue, 5 Dec 2023 19:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3B5J93b3077966; Tue, 5 Dec 2023 19:09:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3B5J93wQ077963; Tue, 5 Dec 2023 19:09:03 GMT (envelope-from git) Date: Tue, 5 Dec 2023 19:09:03 GMT Message-Id: <202312051909.3B5J93wQ077963@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Gordon Tetlow Subject: git: f0cdbe99cc - main - Update EN-23:15 for 13.2. List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f0cdbe99ccb93725b8aa6a725665749924faef2f Auto-Submitted: auto-generated The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=f0cdbe99ccb93725b8aa6a725665749924faef2f commit f0cdbe99ccb93725b8aa6a725665749924faef2f Author: Gordon Tetlow AuthorDate: 2023-12-05 19:08:18 +0000 Commit: Gordon Tetlow CommitDate: 2023-12-05 19:08:18 +0000 Update EN-23:15 for 13.2. Approved by: so --- .../advisories/FreeBSD-EN-23:15.sanitizer.asc | 41 ++++++++++++++-------- .../security/patches/EN-23:15/sanitizer.13.patch | 27 ++++++++++++++ .../patches/EN-23:15/sanitizer.13.patch.asc | 16 +++++++++ 3 files changed, 70 insertions(+), 14 deletions(-) diff --git a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc index c99758ce43..ff869155bb 100644 --- a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc +++ b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc @@ -10,16 +10,22 @@ Topic: Clang sanitizer failure with ASLR enabled Category: contrib Module: compiler-rt Announced: 2023-12-01 -Affects: FreeBSD 14.0 +Affects: FreeBSD 13.2 and FreeBSD 14.0 Corrected: 2023-11-25 09:05:09 UTC (stable/14, 14.0-STABLE) 2023-12-01 00:38:35 UTC (releng/14.0, 14.0-RELEASE-p1) 2023-11-25 09:05:14 UTC (stable/13, 13.2-STABLE) + 2023-12-05 18:20:00 UTC (releng/13.2, 13.2-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision History + +v1.0 2023-12-01 -- Initial release +v1.1 2023-12-05 -- Updated affected versions and added patch FreeBSD 13.2 + I. Background Compiler-RT is an implementation of various compiler runtime support routines, @@ -82,10 +88,16 @@ FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. +[FreeBSD 14.0] # fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch # fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch.asc # gpg --verify sanitizer.patch.asc +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch.asc +# gpg --verify sanitizer.13.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -104,6 +116,7 @@ Branch/path Hash Revision stable/14/ 1e4798e9677f stable/14-n265803 releng/14.0/ 78b4c762b20b releng/14.0-n265381 stable/13/ 7c25a53a2cb9 stable/13-n256726 +releng/13.2/ 6d94fc2b0db9 releng/13.2-n254646 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a @@ -129,17 +142,17 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPoYACgkQbljekB8A -Gu+z2A//VhWVguaPhfTkV0jRrG/tD1iu+xhM7TSRcnnGYn7IIkzWzHkO5jrP9Oy5 -aRueyAVvw048f4unEG36qBM+UO5LSCcDEj3OAhxhJzfTfXcRBYMRuvp5cC+Xjgji -s6S7JlSTeHqJakj6UV58d4elppj5QN1b2IQtwahcwuBtlue4NaOg16z6GFDDbVKo -Db8h+yOyQuwGj7uvahpuHpNB21pMfTwi4IWV2F9QOjQMO/+pcqia+leG53WOsB/A -SFW3zNHdAl+Q7NBq6lRVTqyW69Ouh1gblQ57kMCdzyTF5BSzcDhX5QwiS9t2TIU9 -gs2ulNxxIiSPmi7n/ZlDPRyH57C/+h6vSHVeXOVKZhIffrqvpqqhT0WKQfIUnNLb -0uhdmXLdXWWAAk1OvDkBAIiO6C8GxVvgZvHWFhELjnDK6+qmZD7xv3RVpJnRVk9X -//U89b+zGNKhS+JFiTvXY90oUxoE72a9PuqvONZuKMGH+ooL9aRGEJujahCL2Swl -jxymcZHduvsXbnzrmGZr8Lxl4DP+cHD688gc8KOgitb3MCupcx066KmX1Pem7PvX -2AULZrFBDTPEIgf0ZuGt5R3+zd+k/sDlPVGdkLpF1AVOOuwtfton6Vbd5CKDzDLR -0PqGdkk9CLpI0Mm8I1o+v69bopYua1ndo3G2YuKIK7V472sgrRw= -=EPbY +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvdI0ACgkQbljekB8A +Gu/tzA//WlbAichQYjs2EOKsBkikGpWRf/Vg3PNpwfT0Bh8Nkuapf8H41Cm0prRT +ZNgwqOcckJK+pj/e99nz3/nxdIJLkzyGMUblAhpkvklXK4KXGT9ASgkzXShyKlIC +nXY7OfEwxUJ/N74Ty6+2d/ZkAIVV+f7A3r4OJ6sPVkB5TDbddg4NbzhMNi+yg3lg +tujrBdmXxSTlBEKy2WVwMyWTrK9lfkDmp0GfbaGvODYhzdNZpfvQ5WEw4rCiC7x9 +4zE5YbbtOgZ1zG2tJz/Mklv+dQQFmCf6W3E2aCzhtyw0qcvy5LlYO8oTeDA6LVD5 +neWRVXjRk7/g/fLe1dBAbn7loRxglWtnvSdYZU3iZRxgX3Mn+s5zrKhNXmF6QIVM +ppuSI6N9dXaeI4dlFTF+oZkNuP9UFS5thhFmRONES55gifWYGm3YphetrcEIRGBW +WgLUdxE33mALlFOhHSSCmkrqWe59iLjRnbC14HaB4K/fzePZsRd9onqRarEeVQz5 +BzDN6t+w0kuBKjjMpmZS3wg0waK7E2YuVdk9nazGS3Mg3YXEdB0Z7lK8AnNLKRJr +Ih/4h1Cj/vyie0j9n0zezgcTdCR/1sNU7+19NCGWhXr3Bwl9OhDuRsz1056Bt1N+ +CvdwFB7e7CzoMcOrQC/X2z0qSmX7TvQ6Fx777vK+Cr167NE9mM4= +=Lf9R -----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:15/sanitizer.13.patch b/website/static/security/patches/EN-23:15/sanitizer.13.patch new file mode 100644 index 0000000000..65664509e0 --- /dev/null +++ b/website/static/security/patches/EN-23:15/sanitizer.13.patch @@ -0,0 +1,27 @@ +--- contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp.orig ++++ contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp +@@ -55,6 +55,7 @@ + // that, it was never implemented. So just define it to zero. + #undef MAP_NORESERVE + #define MAP_NORESERVE 0 ++extern const Elf_Auxinfo *__elf_aux_vector; + #endif + + #if SANITIZER_NETBSD +@@ -905,11 +906,11 @@ + const char *pathname = "/proc/self/exe"; + + #if SANITIZER_FREEBSD +- char exe_path[PATH_MAX]; +- if (elf_aux_info(AT_EXECPATH, exe_path, sizeof(exe_path)) == 0) { +- char link_path[PATH_MAX]; +- if (realpath(exe_path, link_path)) +- pathname = link_path; ++ for (const auto *aux = __elf_aux_vector; aux->a_type != AT_NULL; aux++) { ++ if (aux->a_type == AT_EXECPATH) { ++ pathname = static_cast(aux->a_un.a_ptr); ++ break; ++ } + } + #elif SANITIZER_NETBSD + static const int name[] = { diff --git a/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc b/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc new file mode 100644 index 0000000000..948b7c7140 --- /dev/null +++ b/website/static/security/patches/EN-23:15/sanitizer.13.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvdJMACgkQbljekB8A +Gu8aMQ/9GtXjaonKbA5yLzc/+QaeAFOwfbEqEKNmD+SwAByKwKvxAkUwNjt2FBZE +IXwDXe2lVtB8ECHSED9YVr8yRiIHvUjOTrIRDQsaXDwEQqV1mDgdSRlRSfKBLpgY +OqXzY+tcS9cQaUohEvLXUxqnEQ9M33yJoJkNtX0/0R2JA0KzmIGBj5DQerRVz9qB +0cD8BmeOrOVxW2tSMULcA88bYD4fVTRjJ3fydyKA99Lnqye7HylbUn/IXSFMPyob +8v2kLHZFGX+4NFY31uyAqUtBZ9uxfi7SnmP3gxV3Ixaed8yfDyLv5b6pI7NSPPpN +aGdWwDiKTx2VRps4kM05vJCuQvkHiMHT1dof+iUjLlne88DIoWw64nmPmUVlLYyb +16Bh8WIiIhtLZjCaHy8p2MyQS6J63rneOsBNxnxPVWvq60bdCZLRg49/t6XNqAub +GwQIRBEJfxT0M82Yf2GRNRbermOnktAGKXcZRA5F1Z8aMlMFxXe0xw7OQhyTK7Bc +zPqgidL1TQOz/iM5v3IfbGR2vbOKFXVvL2lnbikhEv8EPOYTXcXBwK0v4exP2xaN +iv6Nz80ttXLmtiXcVjHcGhXRWMv8hUq5/jKUkrdZdziFX9Uejxh43u61kEDBjHht +vIk1O2m/360v2ikwvWwXHoR1Rxsh/SNHaJLOaN8G2NtDyaNrcxo= +=rC5U +-----END PGP SIGNATURE-----