git: ccb8730e4a - main - Add EN-24:10 through EN-24:13.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 19 Jun 2024 20:55:52 UTC
The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=ccb8730e4a6c4fc35167f59327e9ce11247c2462 commit ccb8730e4a6c4fc35167f59327e9ce11247c2462 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2024-06-19 20:54:36 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2024-06-19 20:54:36 +0000 Add EN-24:10 through EN-24:13. Approved by: so --- website/data/security/errata.toml | 16 ++ .../security/advisories/FreeBSD-EN-24:10.zfs.asc | 130 +++++++++++++ .../security/advisories/FreeBSD-EN-24:11.ldns.asc | 152 +++++++++++++++ .../advisories/FreeBSD-EN-24:12.killpg.asc | 132 +++++++++++++ .../advisories/FreeBSD-EN-24:13.libc++.asc | 151 +++++++++++++++ website/static/security/patches/EN-24:10/zfs.patch | 10 + .../static/security/patches/EN-24:10/zfs.patch.asc | 16 ++ .../static/security/patches/EN-24:11/ldns.patch | 207 +++++++++++++++++++++ .../security/patches/EN-24:11/ldns.patch.asc | 16 ++ .../static/security/patches/EN-24:12/killpg.patch | 63 +++++++ .../security/patches/EN-24:12/killpg.patch.asc | 16 ++ .../static/security/patches/EN-24:13/libc++.patch | 16 ++ .../security/patches/EN-24:13/libc++.patch.asc | 16 ++ 13 files changed, 941 insertions(+) diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index 702576a943..885339ab1d 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,22 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-24:13.libc++" +date = "2024-06-19" + +[[notices]] +name = "FreeBSD-EN-24:12.killpg" +date = "2024-06-19" + +[[notices]] +name = "FreeBSD-EN-24:11.ldns" +date = "2024-06-19" + +[[notices]] +name = "FreeBSD-EN-24:10.zfs" +date = "2024-06-19" + [[notices]] name = "FreeBSD-EN-24:09.zfs" date = "2024-04-24" diff --git a/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc b/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc new file mode 100644 index 0000000000..28b188812c --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:10.zfs Errata Notice + The FreeBSD Project + +Topic: Kernel memory leak in ZFS + +Category: core +Module: openzfs +Announced: 2024-06-19 +Affects: FreeBSD 14.1 +Corrected: 2024-06-17 14:35:24 UTC (stable/14, 14.1-STABLE) + 2024-06-19 20:36:48 UTC (releng/14.1, 14.1-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is an advanced and scalable file system originally developed by Sun +Microsystems for its Solaris operating system. ZFS was integrated as part of +the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent +and preferred choice for storage management. + +II. Problem Description + +When writing data to a file on ZFS, the kernel may need to handle soft +page faults that can occur when accessing user data. When doing so, in +some cases ZFS needs to undo an earlier kernel buffer allocation. A bug +in the handling of these cases causes this buffer to be leaked. + +III. Impact + +The leaked kernel memory is effectively lost and cannot be reused for +other purposes. Some workloads may trigger the leak frequently, +eventually requiring a reboot of the system. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 1c27279ed22d stable/14-n267965 +releng/14.1/ f566b7eb8d94 releng/14.1-n267680 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276341> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:10.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTcACgkQbljekB8A +Gu+zUQ/+IiSe/HQFSKrBwIxBxnlFQfTjNq02f14TPZghCTxNCWdGXXD6QR2d8ydZ +bfryBwVsnnU3WlCPs6kyJfIlSp9vH2hqRJ+N5VyDvGkBUpWaGm0+ps5LGTQbGR8O +ig/kIuRzNO0Mqi42MIse6UvozLAuahYA6sQ3nn6j/4grV7jiuxDCrfmfBOMLgN4D +LZ87ApJM09lT2pe8x7hZBxk8wJKf6cWvpBjNh+zwPLc+oMvvIPkqiMjuy7ni7f/5 +K/GDf4i3XgTf9pdPAwLNZoTNb7UebKzRGWlxmdOie6FUDHIuEwoJledmhbOmH91G +PKtHx2skFVKKtFXgfMGraK5FBpwkoJbIo1uCUamEoo4cGMGR92ErP/MVa6MsIs3Z +pLq1M/eN9aYQHCogb1uirQVZAutJhNJ9QsQo0rBJNgLE9l1UPnSIJ6CLpW83nY1f +8eedQKyfwMYL5jivH/aKEsd/vzqInAiFU55oO64OPvgKv3pj3TgIECoc9kfdfXc7 +VR2yfNy8CKd/exb+CRqgeJGT8LaL2Wy66pUd9usIc/mNola8ce0uuPDc0703b5ob +xfCorrd3gRhNB+Od3wrs4p7tzwqndfo5882w9EXEhuhubfft9voRTzpDvSe0y3ib +YPY6EnHWSYAP56+f/shnworMxYtYrUipBYQVYxLBBtdV7DsYuKo= +=YxSw +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc b/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc new file mode 100644 index 0000000000..0c58c2d9f0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:11.ldns Errata Notice + The FreeBSD Project + +Topic: LDNS uses nameserver commented out in resolv.conf + +Category: contrib +Module: ldns +Announced: 2024-06-19 +Credits: Michael Gmelin <grembo@FreeBSD.org> + Dag-Erling Smørgrav <des@FreeBSD.org> +Affects: FreeBSD 13.3 and FreeBSD 14.0. +Corrected: 2024-05-20 09:04:54 UTC (stable/14, 14.0-STABLE) + 2024-06-19 20:36:59 UTC (releng/14.0, 14.0-RELEASE-p7) + 2024-05-20 09:04:59 UTC (stable/13, 13.3-STABLE) + 2024-06-19 20:37:08 UTC (releng/13.3, 13.3-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +LDNS is a DNS library that facilitates DNS tool programming. + +II. Problem Description + +Due to a bug in the library's configuration file parser, commented out +configuration settings in /etc/resolv.conf were picked up by the LDNS +resolver, potentially leading to malfunction and/or information leakage. + +This included, but was not limited to, the nameserver setting. Given +this example + + # /etc/resolv.conf + + # nameserver 8.8.8.8 + nameserver 127.0.0.1 + +DNS requests were sent to the commented out external resolver instead +of the local one. + +III. Impact + +Programs using the LDNS library might behave in unexpected ways. Name +resolution could be inconsistent with what other tools which use libc +return, e.g., `ping` vs. `host`. DNS request containing private +information could leak to third parties. A system's attack surface is +increased. + +Affected tools include host(1), drill(1), and ssh(1), which uses +LDNS in the VerifyHostKeyDNS feature to fetch SSHFP records. + +IV. Workaround + +Removing empty lines from /etc/resolv.conf mitigates the problem: + + sed -i '' '/^[[:space:]]*$/d' /etc/resolv.conf + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch +# fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch.asc +# gpg --verify ldns.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 7daf36028411 stable/14-n267742 +releng/14.0/ bdf75e830a77 releng/14.0-n265418 +stable/13/ e95e16191f63 stable/13-n257915 +releng/13.3/ d45cf1d2f124 releng/13.3-n257434 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278721> + +<URL:https://github.com/NLnetLabs/ldns/issues/237> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:11.ldns.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTkACgkQbljekB8A +Gu9BYBAApSQZbv3wgT5PhJRsaCulmOZOH5gywlVdaBA1I4sDF3on0CFwLQfy7lLH +q2xFEfll5vBVbfGCVp2zVBgb4IyknqMgf8Ae4uBEEJJejRgxxnFTnQmdlzg7a8TR +9UW3g6QB/5tUIGrxFqIdx4qRAQz1ie6NwR+KvP8ojXk0xVscKIaijXACbmAgT6nH +HygG7snrB9VmMMlRIHYhoarhRBd+aX68Jg3F+yGUX76FB4HVMSFMYo0fEWgi7SQ3 +psZfq54GvCH+kSvYduXS3QkTJ7N/S9p6JAVraRlJmFnjQ69qE7u59bc68zW0D2pn +Pj6/c0OZtWE2SQGqCuqgnBffjArisAJ/BKiK/XeO8B1fSvaVKJToR18+6KGTmc0f +nnqQLxFeGbh5gHHcM8QaLBJFUgm5TVvdevcDmLuiVMSvQyt5iC6rIGwb3UNYAnW7 +w/UFSresVKppsB2JDqyGjaSf2FI00rYIKHChZ8nkKYPMhb6V/TJZr3k25/3idbvi +6zO7wfbOhwAYQ44Mg/gY/v206qpoYiZO2tMQazbiicOqBOQBYWdXsojYhCB6qkyU +++kBNAMugpOAsDkIvN9mWLniRnvycrbEqthQlmfR7X3tZRiuz+0S1alx03Z5VsP6 +zM5//i6W2Lt8DmX34zQDeQAMTZXD3bG1JSe2UbKyZkL20vrSTfg= +=lQUa +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc b/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc new file mode 100644 index 0000000000..eac987cede --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:12.killpg Errata Notice + The FreeBSD Project + +Topic: Lock order reversal in killpg causing livelock + +Category: core +Module: kern +Announced: 2024-06-19 +Credits: Peter Holm <pho@FreeBSD.org> + Konstantin Belousov <kib@FreeBSD.org> + Michael Gmelin <grembo@FreeBSD.org> +Affects: FreeBSD 13.3 +Corrected: 2024-05-22 23:47:55 UTC (stable/13, 13.3-STABLE) + 2024-06-19 20:37:09 UTC (releng/13.3, 13.3-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +killpg(2) is a system call that sends signals to process groups. +In order to prevent race conditions with the fork(2) system call, +locking is required. + +II. Problem Description + +The code designed to prevent lock order reversals between killpg(2) +and fork(2) did not wait for lock availability before retrying to +acquire a lock, which could result in a livelock causing very high +system load. + +III. Impact + +Affected machines are practically unusable. They recover if the +processes causing the load are killed. + +IV. Workaround + +No workaround is available. Systems that fork a lot are more likely to +to hit this problem. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10m "Rebooting for a stability patch" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch +# fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch.asc +# gpg --verify killpg.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ cd73b38955f6 stable/13-n257926 +releng/13.3/ eb410545d00d releng/13.3-n257435 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279203> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:12.killpg.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTsACgkQbljekB8A +Gu9uEA//cITydBAKrRYsf6xP1z/tDmKR3DqAkQYYytFGFI35lsvM6iN77wq5QFW4 +5i1nVS1+YMPINlI9jXCfgoEsA8KAC2l8untSKHRh0uR8TzFak6BWTjbnCBFYd1K/ +I0bnc38FeRDjMEPyCDmiq26aU7WZ0Ftjb5mgf0PUn09pX9hP8/MXa1FTxkwyWq5Y +9RZXNXUSAEug9+uCgJqzl4CiYzqbaxHZ3ich6Erd955gDb72LwxHHkWiq0ADi35K +d0C8LipwtpKCYoo1dfXkLnoPo0loDt18pzSIx0svmUQinlipfwSbGxuZ31NiLLgE +bEzc6OFhV1D0WhIxM8z+kunTmWAY5/Uo5YHARulD406SS27GWp0s8fEbnN4rcnPG +m5cPNQYXemBjRB2LnqoocgczkEHNVHr+ZuN3/mPSadS/m4llavj8xqGlrdDB1eLT +LCkSSnF/4kBLZyHO7C5hJHQseRoWpLd/hR+h4Q/nnTsU2mbelhFm0C297mPWpt+D +8RHxOshrA8WryQCVEqJmC63bmA3MtmqyuMhpi3+c4Iy4bvj2GKGcdsB0E4JugbMf +5zg+muywBmIQMYIIFrdRN0i3BW8y6KPvgokoBPUfnCsdS65WWlLBQLxKpfDHCkzl +juEZY5CUGvBnc3eFtLOzEvriFY7tAhephW0ZSal0wMyHw2NbE7E= +=5wI2 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc b/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc new file mode 100644 index 0000000000..53eacbcba6 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:13.libc++ Errata Notice + The FreeBSD Project + +Topic: Incorrect size passed to heap allocated std::string delete + +Category: contrib +Module: libc++ +Announced: 2024-06-19 +Affects: FreeBSD 14.1 +Corrected: 2024-06-07 07:29:25 UTC (stable/14, 14.1-STABLE) + 2024-06-19 20:36:50 UTC (releng/14.1, 14.1-RELEASE-p1) + 2024-06-07 07:29:30 UTC (stable/13, 13.3-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +libc++ is an implementation of the C++ Standard Library, provided by the LLVM +project. It is used by C++ programs in the base system, and also by many C++ +programs in the ports collection. + +II. Problem Description + +C++14 and later supports size-aware deletion of heap objects, when the compiler +is able to determine at compile time what the exact size of a particular object +is. For this purpose, there are specific variants of "operator delete" that take +an additional size_t argument. If such a variant is called, the size is passed +through to the underlying allocator, which can optionally utilize this size for +for more efficient deallocation. + +A recent change in libc++'s implementation of std::string has introduced a +potential mismatch between the actual size allocated on the heap for the +contained string, and the size that is passed to "operator delete" when the +string is eventually destroyed. + +III. Impact + +The default allocator in FreeBSD does not leverage the size_t argument and is +unaffected. + +When std::string objects of a known size are deleted, and the size passed +through to the deallocation function does not match the actual size on the heap, +the underlying allocator can potentially produce unexpected results. In case of +allocators that are used for heap debugging or profiling, such as with Google's +gperftools (aka tcmalloc) this can lead to runtime warnings about incorrect +deallocations. + +IV. Workaround + +No workaround is available. Systems using the default memory allocator are +not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +No reboot is necessary, but programs compiled against the old version of the +<string> header should be rebuilt to fully fix the problem. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch +# fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch.asc +# gpg --verify libc++.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +No reboot is necessary, but programs compiled against the old version of the +<string> header should be rebuilt to fully fix the problem. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 55c5dad2f305 stable/14-n267917 +releng/14.1/ 8e0e6b428cb8 releng/14.1-n267681 +stable/13/ ef4d145057c1 stable/13-n257958 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<other info on the problem> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279560> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:13.libc++.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRT0ACgkQbljekB8A +Gu/HpQ//Xkz6NMBUg4CdmV1ElSP+dTUfh8YpNfD/X//4RgngKoz9DKt6CM78KSWI +68JfNrn6XRGdhjG0Mn/YvRCe8xzGBGpvcd1lcun7mAw5yqpsbSAUKvFmywjX+oxs +bQpCJRloBLZJE6NoZgBmhw2K2HzfmvApPin3TjLGa/u/ovsK+pD7SvDynbR5VsxH +Bey21H2+3LOqyBPaiTe6ccJ4JXCOX9+oAK5byhMLPrnRqLyvh3IV2jttWurbtNki +nFMYhqoBq6cWoAba3gVD0ZM7S5C+P5VDeMMIBOPKQVRwIl9eDS/UKICXrMbaMNqL +002egG7Oia22H0dpYuYX6dl7cAtn/M3NcBEwDDvqNuHncbGVeaYA8qXHAh+eeA3R +gBK2NkltdDvZbk8Uv9hgHwIrdJyENhWGoT1OQ1JqgaIKo7tIvlhIA/HtpTygeyMA +F/TgFvg+K42/kWQ/N1UTwUFbEH6jgDu1BGTZzkMMyQf3rymdQ1VM6Z1p7dxppVI7 +uw2+80BePzDbnV9naXMzlhr/YjYgytRRQFbVR2ZlPM+rEGyfMAM/XvtCWfdlstwY +3bZXo/vPRZPXg/sd/AFEKqIiz1ZvVTJroMUCnnDvsDKcRzAHgIIHfMK1mMpSizna +LNDS/vvyQszgINWPUMZOZaALQzUY9SAmm0eNqIz3uV4o0qM6DQE= +=7Qxx +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:10/zfs.patch b/website/static/security/patches/EN-24:10/zfs.patch new file mode 100644 index 0000000000..10cc6dc682 --- /dev/null +++ b/website/static/security/patches/EN-24:10/zfs.patch @@ -0,0 +1,10 @@ +--- sys/contrib/openzfs/module/zfs/dbuf.c.orig ++++ sys/contrib/openzfs/module/zfs/dbuf.c +@@ -2840,6 +2840,7 @@ + failed = B_FALSE; + } else if (failed) { + VERIFY(!dbuf_undirty(db, tx)); ++ arc_buf_destroy(db->db_buf, db); + db->db_buf = NULL; + dbuf_clear_data(db); + DTRACE_SET_STATE(db, "fill failed"); diff --git a/website/static/security/patches/EN-24:10/zfs.patch.asc b/website/static/security/patches/EN-24:10/zfs.patch.asc new file mode 100644 index 0000000000..a601f3e9ba --- /dev/null +++ b/website/static/security/patches/EN-24:10/zfs.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTgACgkQbljekB8A +Gu86Lw//bYytQzAfOOGO1h03/l0QCiaz8jcekW3DVG0Lfl8mYVumlbzCRxOsXGox +hzNonjnEOu8h7ShJURFu+RvmZ+dYG9i6nsXZeqO6bE8unktnpLGpvO64oSuYObPk +NLGx6uVKdlf9c1niYzydKcLOWtQG6OA2jZOl4WPadQsrdsf3MpQ94aQWxQYV7GwY +FhVlfFDsMFP35a6MWtnQCRmsIQUcMGSIiUkmvgfdEALoaf5pfUI8Dri9TR7ePfm9 +dfmtnyC7FTA/i8K+VdqURl/pKdAVtkpfv8OAk79Jgi77If5/+0prpC8M7kgbCq3o +z8vOjcRkmdJO0ckflcR9onpyHSB9MK8f0aZl+a0+4ED7HiFFcB0JsnPjw16KjsEz +qv0tur7HhBcdjIvKX9jZNx67yMtXMiLCTbK0s2fW/3y7uKkonyKiZxJf7RN05ft2 +KfPMWwUv1uq70V0gyo+cwYzrEbucQTl63fCwt8E71DL24mrPTWYHm0Ags1qM+zgn +OeVdycKVEmZTnbSkFhyfu9Wqle0OOY0dzmKUd5qOR3U/C9XoB6r3G6Jw/tDHqBH+ +dfWF2LcTOvVGmFB2T8I/R6+hgIZ33e3J3u/Pc7xDWuzbubwfoBPQ4/MJ3aditBb2 +ev04cADlvm2MUnEHjZZJxTUQjgQRcz/1trzOeMpwezGhaxs1ZTo= +=8kFd +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:11/ldns.patch b/website/static/security/patches/EN-24:11/ldns.patch new file mode 100644 index 0000000000..4faad85808 --- /dev/null +++ b/website/static/security/patches/EN-24:11/ldns.patch @@ -0,0 +1,207 @@ +--- contrib/ldns/ldns/parse.h.orig ++++ contrib/ldns/ldns/parse.h +@@ -95,6 +95,8 @@ + */ + ldns_status ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed, const char *delim, int *line_nr); + ++ssize_t ldns_fget_token_l_resolv_conf(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); ++ + /** + * returns a token/char from the buffer b. + * This function deals with ( and ) in the buffer, +--- contrib/ldns/parse.c.orig ++++ contrib/ldns/parse.c +@@ -27,9 +27,14 @@ + return ldns_fget_token_l(f, token, delim, limit, NULL); + } + +-ldns_status +-ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed +- , const char *delim, int *line_nr) ++enum file_type2parse { ++ zone_file_type, resolv_conf_file_type ++}; ++ ++static ldns_status ++ldns_fget_token_l_st_file_type(FILE *f, char **token, size_t *limit, ++ bool fixed, const char *delim, int *line_nr, ++ enum file_type2parse file_type) + { + int c, prev_c; + int p; /* 0 -> no parentheses seen, >0 nr of ( seen */ +@@ -98,7 +103,9 @@ + } + + /* do something with comments ; */ +- if (c == ';' && quoted == 0) { ++ if ((c == ';' ++ || (c == '#' && file_type == resolv_conf_file_type)) ++ && quoted == 0) { + if (prev_c != '\\') { + com = 1; + } +@@ -215,6 +222,26 @@ + return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK; + } + ++ldns_status ++ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed ++ , const char *delim, int *line_nr) ++{ ++ return ldns_fget_token_l_st_file_type( ++ f, token, limit, fixed, delim, line_nr, zone_file_type); ++} ++ ++ssize_t ++ldns_fget_token_l_resolv_conf(FILE *f, char *token, const char *delim, ++ size_t limit, int *line_nr) ++{ ++ if (limit == 0) ++ limit = LDNS_MAX_LINELEN; ++ if (ldns_fget_token_l_st_file_type(f, &token, &limit, true, delim, ++ line_nr, resolv_conf_file_type)) ++ return -1; ++ else ++ return (ssize_t)strlen(token); ++} + + ssize_t + ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) +--- contrib/ldns/resolver.c.orig ++++ contrib/ldns/resolver.c +@@ -775,7 +775,7 @@ + #endif + ssize_t gtr, bgtr; + ldns_buffer *b; +- int lnr = 0, oldline; ++ int lnr = 0; + FILE* myfp = fp; + if(!line_nr) line_nr = &lnr; + +@@ -809,36 +809,18 @@ + + gtr = 1; + word[0] = 0; +- oldline = *line_nr; + expect = LDNS_RESOLV_KEYWORD; + while (gtr > 0) { +- /* check comments */ +- if (word[0] == '#') { +- word[0]='x'; +- if(oldline == *line_nr) { +- /* skip until end of line */ +- int c; +- do { +- c = fgetc(myfp); +- } while(c != EOF && c != '\n'); +- if(c=='\n') (*line_nr)++; +- } +- /* and read next to prepare for further parsing */ +- oldline = *line_nr; +- continue; +- } +- oldline = *line_nr; + switch(expect) { + case LDNS_RESOLV_KEYWORD: + /* keyword */ +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr != 0) { +- if(word[0] == '#') continue; + for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) { + if (strcasecmp(keyword[i], word) == 0) { + /* chosen the keyword and + * expect values carefully +- */ ++ */ + expect = i; + break; + } +@@ -856,16 +838,12 @@ + break; + case LDNS_RESOLV_DEFDOMAIN: + /* default domain dname */ +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + if(!fp) fclose(myfp); + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } +- if(word[0] == '#') { +- expect = LDNS_RESOLV_KEYWORD; +- continue; +- } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + if(!fp) fclose(myfp); +@@ -879,16 +857,12 @@ + break; + case LDNS_RESOLV_NAMESERVER: + /* NS aaaa or a record */ +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + if(!fp) fclose(myfp); + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } +- if(word[0] == '#') { +- expect = LDNS_RESOLV_KEYWORD; +- continue; +- } + if(strchr(word, '%')) { + /* snip off interface labels, + * fe80::222:19ff:fe31:4222%eth0 */ +@@ -911,7 +885,7 @@ + break; + case LDNS_RESOLV_SEARCH: + /* search list domain dname */ +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + b = LDNS_MALLOC(ldns_buffer); + if(!b) { + ldns_resolver_deep_free(r); +@@ -929,10 +903,6 @@ + bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1); + while (bgtr > 0) { + gtr -= bgtr; +- if(word[0] == '#') { +- expect = LDNS_RESOLV_KEYWORD; +- break; +- } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + ldns_resolver_deep_free(r); +@@ -954,28 +924,23 @@ + } + break; + case LDNS_RESOLV_SORTLIST: +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* sortlist not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_OPTIONS: +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* options not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_ANCHOR: + /* a file containing a DNSSEC trust anchor */ +- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); ++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } +- if(word[0] == '#') { +- expect = LDNS_RESOLV_KEYWORD; +- continue; +- } +- + #ifdef HAVE_SSL + tmp_rr = ldns_read_anchor_file(word); + (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr); diff --git a/website/static/security/patches/EN-24:11/ldns.patch.asc b/website/static/security/patches/EN-24:11/ldns.patch.asc new file mode 100644 index 0000000000..cbf6dd5acc --- /dev/null +++ b/website/static/security/patches/EN-24:11/ldns.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRToACgkQbljekB8A +Gu+/nBAArstsX30sRh4RTztlnK+YppF0LX6qdi5btBGcQeim3qeVrgDem8eblbxY +aN1rseaRjEai7KbgGzArC0w3wLOKC7fDwt5MPoPproqyb9bf03441GslGurA4hBW +NkCyHBCuXog1DkdWvu2YONiC7UPxoHAmBaRbE9IXMmCdsopZd+m0BqAOf3GO6Hem +XXXb0hzxBKQPS2qnnYF04OvYjitloG/Azsh0RBpRkYKhJXbypkTR+ZnfUTKke2V3 +SFu0pG2fDWc3rTQV3wY9ZezR9x4mtDuRXfupE5RLg53fI0XZzPdvLQ0FH4GfMN7E +KbRqMuNmpkhw+NQ7XoVl9h/+COZT75lU+WTGhO3/PH6qgzGnIZ8BAYqbbmWgYXsK +FuKWFFPQTJ5AdEaQdxe2GMCZ7/xLMpde9Bv95/s/s3NSRlj0M4SMUs+oVeiHZmQV +/S2v/EHVze9yuKszFY9ZVtm0Km+ejRc7+hBLWJ23buB1RKOepxIfTuuMxvW+V1X7 +8OcfmRIfw+iPayWyftYpWURkKJzrWE9NHrCLtXUqgGn+0zL33Sdh/JGg6UII9OJg +cccgev4/ohPDlZdmaKQfV37ukHO/ehdmVs6emGfqYgczTtNEvNY6uAeDWlHdZqrY +qSWVBtHuBbSi8j3u+BYj5iRZ4R5ZzS1aoyCR4uW28eFKOWhviWw= +=Yb9t +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:12/killpg.patch b/website/static/security/patches/EN-24:12/killpg.patch new file mode 100644 index 0000000000..7b9134334b --- /dev/null +++ b/website/static/security/patches/EN-24:12/killpg.patch @@ -0,0 +1,63 @@ +--- sys/kern/kern_proc.c.orig ++++ sys/kern/kern_proc.c +@@ -587,8 +587,12 @@ + ("enterpgrp: session leader attempted setpgrp")); + + old_pgrp = p->p_pgrp; +- if (!sx_try_xlock(&old_pgrp->pg_killsx)) ++ if (!sx_try_xlock(&old_pgrp->pg_killsx)) { ++ sx_xunlock(&proctree_lock); ++ sx_xlock(&old_pgrp->pg_killsx); ++ sx_xunlock(&old_pgrp->pg_killsx); + return (ERESTART); ++ } + MPASS(old_pgrp == p->p_pgrp); + + if (sess != NULL) { +@@ -656,11 +660,18 @@ + ("%s: p %p belongs to pgrp %p", __func__, p, pgrp)); + + old_pgrp = p->p_pgrp; +- if (!sx_try_xlock(&old_pgrp->pg_killsx)) ++ if (!sx_try_xlock(&old_pgrp->pg_killsx)) { ++ sx_xunlock(&proctree_lock); ++ sx_xlock(&old_pgrp->pg_killsx); ++ sx_xunlock(&old_pgrp->pg_killsx); + return (ERESTART); ++ } + MPASS(old_pgrp == p->p_pgrp); + if (!sx_try_xlock(&pgrp->pg_killsx)) { + sx_xunlock(&old_pgrp->pg_killsx); ++ sx_xunlock(&proctree_lock); ++ sx_xlock(&pgrp->pg_killsx); ++ sx_xunlock(&pgrp->pg_killsx); + return (ERESTART); + } + +--- sys/kern/kern_prot.c.orig ++++ sys/kern/kern_prot.c +@@ -345,10 +345,8 @@ + error = EPERM; + } else { + error = enterpgrp(p, p->p_pid, newpgrp, newsess); +- if (error == ERESTART) { +- sx_xunlock(&proctree_lock); ++ if (error == ERESTART) + goto again; +- } + MPASS(error == 0); + td->td_retval[0] = p->p_pid; + newpgrp = NULL; +@@ -458,11 +456,11 @@ + error = enterthispgrp(targp, pgrp); + } + done: +- sx_xunlock(&proctree_lock); + KASSERT(error == 0 || newpgrp != NULL, + ("setpgid failed and newpgrp is NULL")); + if (error == ERESTART) + goto again; ++ sx_xunlock(&proctree_lock); + uma_zfree(pgrp_zone, newpgrp); + return (error); + } *** 66 LINES SKIPPED ***