svn commit: r46903 - in head/share: security/advisories security/patches/EN-15:08 security/patches/EN-15:09 security/patches/EN-15:10 xml
Xin LI
delphij at FreeBSD.org
Tue Jun 30 23:36:54 UTC 2015
Author: delphij
Date: Tue Jun 30 23:36:51 2015
New Revision: 46903
URL: https://svnweb.freebsd.org/changeset/doc/46903
Log:
Revise EN-15:08, add EN-15:09.xlocale and EN-15:10.iconv.
Added:
head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc (contents, props changed)
head/share/security/patches/EN-15:08/sendmail-01.patch (contents, props changed)
head/share/security/patches/EN-15:08/sendmail-01.patch.asc (contents, props changed)
head/share/security/patches/EN-15:09/
head/share/security/patches/EN-15:09/xlocale.patch (contents, props changed)
head/share/security/patches/EN-15:09/xlocale.patch.asc (contents, props changed)
head/share/security/patches/EN-15:10/
head/share/security/patches/EN-15:10/iconv.patch (contents, props changed)
head/share/security/patches/EN-15:10/iconv.patch.asc (contents, props changed)
Modified:
head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
head/share/xml/notices.xml
Modified: head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc Tue Jun 30 15:38:37 2015 (r46902)
+++ head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -9,27 +9,32 @@ Topic: sendmail TLS/DH Interope
Category: contrib
Module: sendmail
-Announced: 2015-06-18
+Announced: 2015-06-18; Last revised on 2015-06-30.
Credits: Frank Seltzer, Gregory Shapiro
Affects: All supported versions of FreeBSD.
-Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
- 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13)
- 2015-06-17 03:11:25 UTC (stable/9, 9.3-STABLE)
- 2015-06-18 05:36:45 UTC (releng/9.3, 9.3-RELEASE-p17)
- 2015-06-17 03:22:18 UTC (stable/8, 8.4-STABLE)
- 2015-06-18 05:36:45 UTC (releng/8.4, 8.4-RELEASE-p31)
+Corrected: 2015-06-25 01:49:44 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+ 2015-06-25 01:53:45 UTC (stable/9, 9.3-STABLE)
+ 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
+ 2015-06-25 01:56:36 UTC (stable/8, 8.4-STABLE)
+ 2015-06-30 23:21:59 UTC (releng/8.4, 8.4-RELEASE-p32)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
+0. Revision history
+
+v1.0 2015-06-18 Initial release.
+v1.1 2015-06-30 Revised patch for non-existent DH parameter file.
+
I. Background
-sendmail supports STARTTLS encrypted connections using DHE_EXPORT
-ciphers. As part of that support, by default, sendmail employs 1024-bit
-DH parameters for server connections and 512-bit DH parameters for
-client connections.
+Sendmail supports STARTTLS encrypted connections using DHE_EXPORT
+ciphers. As part of that support, by default, Sendmail employs 1024-bit
+DH parameters for server connections but 512-bit DH parameters if
+configured to use a DH parameter file that does not exist.
II. Problem Description
@@ -39,14 +44,16 @@ parameters during negotiation, thereby r
III. Impact
-In its default configuration, client connections from sendmail to other
-SMTP servers will not be able to negotiate a STARTTLS encrypted session
-with SMTP servers which reject 512-bit DH parameters. This may cause
-mail deliverability issues for outbound mail.
+In its default FreeBSD configuration, client connections from Sendmail
+to other SMTP servers will not be able to negotiate a STARTTLS encrypted
+session with SMTP servers that reject 512-bit DH parameters. This may
+cause mail deliverability issues for outbound mail.
IV. Workaround
-To work around this interoperability, sendmail can be configured to use
+Systems that do not use Sendmail are not affected.
+
+To work around this interoperability, Sendmail can be configured to use
a 1024 or 2048 bit DH parameter using these steps:
1. Edit /etc/mail/`hostname`.mc
@@ -59,20 +66,17 @@ a 1024 or 2048 bit DH parameter using th
for 2048-bit or:
openssl dhparam -out /path/to/file 1024
for 1024-bit.
- 4. If you have modified your MSP submission configuration
- file to enable STARTTLS (not enabled by default), repeat
- the above steps for /etc/mail/`hostname`.submit.mc.
- 5. Rebuild the .cf file(s):
- cd /etc/mail/; make; make install
- 6. Restart sendmail:
- cd /etc/mail/; make restart
-Systems that do not use sendmail are not affected.
+ 4. Rebuild the .cf file:
+ cd /etc/mail/; make; make install
+ 5. Restart sendmail:
+ cd /etc/mail/; make restart
V. Solution
-A change to the raise the default for sendmail client connections to
-1024-bit DH parameters has been committed.
+A change to the raise the default for Sendmail connections to use
+1024-bit DH parameters if the configured DH parameters file does not
+exist has been committed.
Perform one of the following:
@@ -99,6 +103,10 @@ detached PGP signature using your PGP ut
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc
# gpg --verify sendmail.patch.asc
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch.asc
+# gpg --verify sendmail.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@@ -107,7 +115,7 @@ b) Apply the patch. Execute the followi
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
-Restart the sendmail daemon(s), or reboot the system.
+Restart the Sendmail daemon(s), or reboot the system.
VI. Correction details
@@ -116,12 +124,12 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/8/ r284491
-releng/8.4/ r284536
-stable/9/ r284488
-releng/9.3/ r284536
-stable/10/ r284485
-releng/10.1/ r284536
+stable/8/ r284790
+releng/8.4/ r284987
+stable/9/ r284788
+releng/9.3/ r284986
+stable/10/ r284786
+releng/10.1/ r284985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@@ -141,17 +149,17 @@ https://security.FreeBSD.org/advisories/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
-iQIcBAEBCgAGBQJVgllYAAoJEO1n7NZdz2rnsY0QAIKcqNxRed97fvmxvL9kX1In
-CpdKO0Cso8EhCDOKJzmSYR49QZc6CNtPflbgbK2wktiHptmK87R+xODyIWBR1q8T
-peMoevr942gCUZzrA259cLaWJGC7MZer5G9SIsB7cnMJox/QcHmQysDONfu1PRjf
-T8T3/q24230PnBBJpR1SNDMOPAc1YLMetEZ3ue72ToG9pd6gAXN8I9N1ZUPY/6dd
-9/urhdQnxlX5RB3JnqujueJvCrcstInZ8grtKOmTfPSUcWGL++dwu6YH34ORwKDh
-wiI8U+qyg1Lq5vGx6srDOkGAhiSbYi177PV1RCNTxY28yGVvhiiSnLSsIesZBcoB
-pVYcefBJeqcXNuQC5jsGKHEbti9X3bhHnThOaOBOvrooEGcc7/DuP02BZiNOWDvV
-3axT+iFzJdZ1sZktdUQl65zqVBSDASTFz5uG/nTUFASj0W4+vVEghy6FAxlf3aBO
-eV9tqxeUozt0nSb/44n2u2GHRplWWS1KEE3N+skN5IT4RfZaNvTVtZ0s1fRv6Jum
-YNut6TGiVIyTACP0JjS2TkGC3kdPrqweZSQ6xnfrgOSCS+3w2nR1aqaGJ3aCIm/b
-9ixFFIW03LhBH2fl4Y68+CbAlIgGd0zigbRds1IGxRSUxR8AKBngqC+KQUFCOSnY
-snl4x6f2t36abWYgneaP
-=mvxv
+iQIcBAEBCgAGBQJVkyZLAAoJEO1n7NZdz2rnsdsP/2+xJUiaNWialSFlTwE75sHC
+vN/CrkceLw6QrUi5U0PpQdI7xP/y8Cspj/vDCNUbHlkK8WfA5G8J6WhyyaVxMREG
+aZTPHFBn0/IeP2vxlyf0PLq6hL1KtasOQNjDEasUMb4uclaE+hn3QxrWk+KGoe8B
+8rZHYS6Y9gOfWLJj7Rvf6T6TEtKf8Mz1cBfn7lRQbF7yDwkvNDpmNv7BhTQOM5rw
+/2q2i4ZjuZT4AX0IaSzZLC1dEyxuUKqAxMV1D+F1WYBQqMUwnoJLMAETmWXphuSa
+QGDNU0w3PbAJrgK06qeLSswVo/r/5h+kjra5eL17MPKZPO+sWHv9E1jS7wUsbsFB
+RE7kcafgWcN9S0TBldyuFo9g8nwjsWq4uooSLrf8pG8y7U6FtXbgyitS3BNVKT7i
+9GqzTi89HKPefnPQR5wfJIl9YXgKvWJ/FNei7MpGTl2LGKHSd2P/21+OoIjfNeQl
+hYOP9uWDrk3Uf7gJVrJOobMfme5Zb1/LDSQegTIFjzQ0Iac1p4nqj53rzG2Nufyx
+/Y93rKOz280NCS193buARcl4KmFp9oGaJTjVG9Cthu8FUFlCkCeZl13ZrhDufKBS
+z2ZEwkIYFamOFjbhCUJ5wm3gsozV7bzAOSRQEFEzzLDlYGPv2RPDAlgREcuzxr8N
+OhK1HFcIqXbXRthWN7Sp
+=ibhZ
-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:09.xlocale Errata Notice
+ The FreeBSD Project
+
+Topic: Inconsistency between locale and rune locale states
+
+Category: core
+Module: libc
+Announced: 2015-06-30
+Credits: David Chisnall
+Affects: FreeBSD 9.x and FreeBSD 10.x.
+Corrected: 2015-06-17 19:12:18 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+ 2015-06-17 19:13:13 UTC (stable/9, 9.3-STABLE)
+ 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+Recent FreeBSD releases have support to thread-safe and extended locale API,
+modeled after the Darwin xlocale(3) API.
+
+The C standard locale API was reimplemented as a wrapper of the xlocale(3)
+API with a global locale in order to support its semantics.
+
+II. Problem Description
+
+The locale and rune locale may become out of sync, in which case calls of
+mb* and similar functions would be supplied with wrong data.
+
+III. Impact
+
+Applications that uses xlocale but does not call setlocale(3) would crash.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch.asc
+# gpg --verify xlocale.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r284525
+releng/9.3/ r284986
+stable/10/ r284524
+releng/10.1/ r284985
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/188036>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:09.locale.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnitMQAK5jY0n9Kv0VDwP5J4EXdcHZ
+SOEE8n5O+bwWxVFWkqGGZrPQiUuJt6ujrAJb2iSeUtKIa2E84TLDVjmWGtyqP/RN
+rLlRjVVQo14EhSScRI54oUeAYpoBWU8oRtFiixFbw24gFEW/ZeovFxQUY1Waueuy
+Xpx28cmqQ3KG/T+Ujq1edHrtMpqwsBQd93eHRFSjtWaMrxmjnr4ln66AerdPQAYx
+ib2rznxy+MCF0rmHbTsYnpZKZ1DupcyU7YkOdhVTk8cviL44wPGaCrA9Oaf6Q2hW
+NTek9h5VQhvmhWaPsUZTGbQYPkvFjvEbmKOxRV+Mtf+UBt2y7SoqACpP1BbCC77n
+8uRGdI8MPpC1j9RHZ5miWz4NkA3W1Pa/oi66PRhenzXgDe9Ua4aykklqnINhOrgm
+ZBCLz1DXnx4WyeW2FIf7Z9GGcF3sUd9RU2e4H0WI3uZ75PT7p/zq1L4FKxXEn9/7
+VoGy6cyQWwFUZ27lIcSGLeUhSolrtDofHPwKe8YB12bTXPhxjNYs+4iYWF0ZScOE
+Wr9Jx7mKecNQ+jD5iEP2Ne7tzqSPSDZGzwkvifz+dmHT5L9hx6Pu916xp6/kzVg1
+up31EcoQOn1N/ZHjC9VgGmyOgdA5ENHKNPhzcYp2CrJSadBHQHeINfwbRLdzLjVl
+Nnt+YSShqakxvZhNmTex
+=Wfyl
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:10.iconv Errata Notice
+ The FreeBSD Project
+
+Topic: Improved iconv(3) UTF-7 support
+
+Category: core
+Module: libc/iconv
+Announced: 2015-06-30
+Credits: Tijl Coosemans
+Affects: FreeBSD 10.x
+Corrected: 2015-06-02 09:42:00 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The iconv(3) API allows converting text data from one character set
+encoding to another. Applications first open a converter between two
+encodings using iconv_open(3) and then convert text using iconv(3).
+
+UTF-7 is a variable-length character encoding representing Unicode text
+using a stream of ASCII characters.
+
+II. Problem Description
+
+A defect in the iconv(3) UTF-7 decoding process causes the end of base64
+symbols ("-") to be treated as an incomplete character when they exist
+at the end of the string.
+
+III. Impact
+
+Applications that use iconv(3) to decode UTF-7 may receive an incorrect
+encoded result.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch.asc
+# gpg --verify iconv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r283908
+releng/10.1/ r284985
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/200398>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:10.iconv.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnue4P/2TGL5ucl/YypMQAcgDxRn77
+3zky6DhJSWx0ydnoCsFNogiK2A9qdw6YHvYMyqwjcVTZ9NpjeXSOnuEgaD6SN9Xj
+elIkvxPkbome8QDJAVsW+amqw1ipfJ4deN4XQqzbRTaNBd0Yo0jsC4S7zjVq+gwE
+0EJ98vYQz8KfOFRW5Y1DlCS2OkapuGHPcxBJsRGoz5Y4Qe8KYDivRDZPJsrhbEWY
++QF+xjZ+ZDvCl6qBSVcYgsVNeMr6jHjmIS2BYSeWypKmI1LfPgZszOMCZsS/rvAs
+DKsm9N7GcbMVCD0tUWSOQmN1jtfBEoYtgqoHg1/wg5/jTOlcVQgANVMF5p9jqo/Q
+BGBUWfwQACZ4cJI/lXTqUt87Dg1n15JtU011nDCfbK4Ll9ZaYioAisqx2kXdUgBP
+ojP3XMwoFtq2tJGJZLlIG3nWm3IatsOL+vtZxw6N4Y5PVksZeCctFikm7FhsCXjk
+SCVSn3w+rLP1klWSCbqUUtpvRSMP3JZDH7auytvykUZ2pncKAzwhfb+TI9Qqnguk
+RkSDUDnRvLEuwezZOAZ3lErVV/G38zyi6Hn/ODeO0Cg6w70XKdbuWqgf0z3etz7M
+HiHk4dpVNO7S4Y12wNdin1XgXa94s08wyiY7bSGpDaqL22O6CHgd0B+NAsqUqJSx
+lAsbtw23ytA4JwkVwIdf
+=hK2X
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-15:08/sendmail-01.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:08/sendmail-01.patch Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,13 @@
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+--- contrib/sendmail/src/sendmail.h (revision 284940)
++++ contrib/sendmail/src/sendmail.h (working copy)
+@@ -1935,7 +1935,7 @@ struct termescape
+
+ /* server requirements */
+ #define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
+- TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \
++ TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \
+ TLS_I_CACHE)
+
+ /* client requirements */
Added: head/share/security/patches/EN-15:08/sendmail-01.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:08/sendmail-01.patch.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnDCgP/03Bv37NZRCd3fpZC8Og73t2
+qFxR5glnHfXeNpAnI2p0Jmfvay4/ZHYEOIXQwS60wdnNElN00mudJ/D7RBVr5sGF
+fjW68S3+z9vppBP4pWq4xhitDkA+Ko9zZmCojMOta3DTBhJzp825i8al03wQbViQ
+Xgv7AhA52bsdXqcru83DfRDfXfUuf8BivgvuGoohfaVQYhAusrOlAXR9jij9mWJo
+24Phs3gXlmOvRnjWiRfcmESCZdZJwDwUfBXk+cMFuEQo60bburyjqp+rCD4bt1lN
+3zkRTLggBQefqLer78CP++A/PrLxLWajqRpZ0SvUny3HeWED8Yrp/8L3xc0H+Zfs
+Eo5lmVvi3RLAzTWgAkdQOBddjvYoK5jmJBauFyiY/sQ/sti1HT7vavXPIRZFTWFQ
+VM/+URwLudyAnIXqVn0iSuOrrjW5eQnchuEWYs6ar7qc375sa9um7idfif9kCq5j
+5GvBILw1m6CVfeuW5dfL/Gwkz6ALx9yqSVQ10L3m5Ik7+hbCAkD+GnMK53OvQSjA
+Kuw3nMDVHjdVVYZKYI7h8Ez25K2S9EoPARcmX9oikkeUYLR3s8PbLOikixltpRpp
+viaHkskG4bvxY2b5SP64NRZowUqPP2EgVY/Mi11pPsr5cuQR+PTTv7mx0QUzJ862
+m86CQtJ8so6TKWTO8bQb
+=c8JT
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-15:09/xlocale.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:09/xlocale.patch Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,58 @@
+Index: lib/libc/locale/setrunelocale.c
+===================================================================
+--- lib/libc/locale/setrunelocale.c (revision 284940)
++++ lib/libc/locale/setrunelocale.c (working copy)
+@@ -202,6 +202,8 @@ __set_thread_rune_locale(locale_t loc)
+
+ if (loc == NULL) {
+ _ThreadRuneLocale = &_DefaultRuneLocale;
++ } else if (loc == LC_GLOBAL_LOCALE) {
++ _ThreadRuneLocale = 0;
+ } else {
+ _ThreadRuneLocale = XLOCALE_CTYPE(loc)->runes;
+ }
+Index: lib/libc/locale/xlocale.c
+===================================================================
+--- lib/libc/locale/xlocale.c (revision 284940)
++++ lib/libc/locale/xlocale.c (working copy)
+@@ -154,23 +154,24 @@ __get_locale(void)
+ static void
+ set_thread_locale(locale_t loc)
+ {
++ locale_t l = (loc == LC_GLOBAL_LOCALE) ? 0 : loc;
+
+ _once(&once_control, init_key);
+
+- if (NULL != loc) {
+- xlocale_retain((struct xlocale_refcounted*)loc);
++ if (NULL != l) {
++ xlocale_retain((struct xlocale_refcounted*)l);
+ }
+ locale_t old = pthread_getspecific(locale_info_key);
+- if ((NULL != old) && (loc != old)) {
++ if ((NULL != old) && (l != old)) {
+ xlocale_release((struct xlocale_refcounted*)old);
+ }
+ if (fake_tls) {
+- thread_local_locale = loc;
++ thread_local_locale = l;
+ } else {
+- pthread_setspecific(locale_info_key, loc);
++ pthread_setspecific(locale_info_key, l);
+ }
+ #ifndef __NO_TLS
+- __thread_locale = loc;
++ __thread_locale = l;
+ __set_thread_rune_locale(loc);
+ #endif
+ }
+@@ -361,9 +362,6 @@ locale_t uselocale(locale_t loc)
+ {
+ locale_t old = get_thread_locale();
+ if (NULL != loc) {
+- if (LC_GLOBAL_LOCALE == loc) {
+- loc = NULL;
+- }
+ set_thread_locale(loc);
+ }
+ return (old ? old : LC_GLOBAL_LOCALE);
Added: head/share/security/patches/EN-15:09/xlocale.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:09/xlocale.patch.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnwpgQAI29DAkpuY6cD9vJNtVvD/BC
+EeGcYGO+hq82b5QAVS1778ETaQOPZjPrVycj3o8pFjCdVTaCCVhutKbEVxojDTAj
+pqPpTvBZqcAf9pfBL7mPGLjfF8gzKiLVwNMNxfs/uC++rWdebdVUMI3sWntnc85c
+a8oplvXIBuXJHXOd2xNG2c6+Zdo4GJBAouUxMvkneUwS5Sw8sB+cMJt5UZ5lHbRH
+qgekU+v4HLjurK10WWzBKN178y/+mOhvZ0gck0ft0BR4EZmaaFJqBYE6otUDz9MM
+W9dG2e+Bfg5VmVhuVZMetIFPzLmhTQtwciGhp5JFT5lBzx2JyLlZ9mztDo6s+hwm
+wsD8/Wf6xK0UbxLrlCi3cjNS/MKUmjjTJkFnbPnUljU3khmOjeGRkT3LZJL0eOft
+U/UU+AzOOUKXLAgOWuYjaG6a3QB1aAB6dEPX5YpMfdsprM6r3D9mYWLF6b2ieD/2
+QKZiQTUasJno5lXsyp6p/sEW59prPYOsWOtv5m65Tzjim+/rxX41w0vDTm8Ou2rh
+yHfCJidFL6AzYZEWh6dS2AGS/EW0hgWtp5frOP65cfNlFHdXiZqv21Xq0IRchs+L
+mYpWpxpzbdA7vk33tvolkv+TahgPCXML0waCucKEY9p8vRfl+wJo2vs3kqozl0jG
+rzjVDz4t+4Kbr0LNm9aI
+=BvyK
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-15:10/iconv.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:10/iconv.patch Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,107 @@
+Index: lib/libiconv_modules/UTF7/citrus_utf7.c
+===================================================================
+--- lib/libiconv_modules/UTF7/citrus_utf7.c (revision 284940)
++++ lib/libiconv_modules/UTF7/citrus_utf7.c (working copy)
+@@ -62,8 +62,7 @@ typedef struct {
+ unsigned int
+ mode: 1, /* whether base64 mode */
+ bits: 4, /* need to hold 0 - 15 */
+- cache: 22, /* 22 = BASE64_BIT + UTF16_BIT */
+- surrogate: 1; /* whether surrogate pair or not */
++ cache: 22; /* 22 = BASE64_BIT + UTF16_BIT */
+ int chlen;
+ char ch[4]; /* BASE64_IN, 3 * 6 = 18, most closed to UTF16_BIT */
+ } _UTF7State;
+@@ -154,12 +153,11 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+ uint16_t * __restrict u16, const char ** __restrict s, size_t n,
+ _UTF7State * __restrict psenc, size_t * __restrict nresult)
+ {
+- _UTF7State sv;
+ const char *s0;
+ int done, i, len;
+
++ *nresult = 0;
+ s0 = *s;
+- sv = *psenc;
+
+ for (i = 0, done = 0; done == 0; i++) {
+ if (i == psenc->chlen) {
+@@ -166,9 +164,6 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+ if (n-- < 1) {
+ *nresult = (size_t)-2;
+ *s = s0;
+- sv.chlen = psenc->chlen;
+- memcpy(sv.ch, psenc->ch, sizeof(sv.ch));
+- *psenc = sv;
+ return (0);
+ }
+ psenc->ch[psenc->chlen++] = *s0++;
+@@ -257,34 +252,31 @@ _citrus_UTF7_mbrtowc_priv(_UTF7EncodingInfo * __re
+ *nresult = (size_t)_ENCODING_IS_STATE_DEPENDENT;
+ return (0);
+ }
+- if (psenc->surrogate) {
+- hi = (psenc->cache >> psenc->bits) & UTF16_MAX;
+- if (hi < HISRG_MIN || hi > HISRG_MAX)
+- return (EINVAL);
+- siz = 0;
+- } else {
+- err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
+- if (nr == (size_t)-1 || nr == (size_t)-2) {
+- *nresult = nr;
+- return (err);
+- }
+- if (err != 0)
+- return (err);
+- n -= nr;
+- siz = nr;
+- if (hi < HISRG_MIN || hi > HISRG_MAX) {
+- u32 = (uint32_t)hi;
+- goto done;
+- }
+- psenc->surrogate = 1;
++ err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
++ if (nr == (size_t)-1 || nr == (size_t)-2) {
++ *nresult = nr;
++ return (err);
+ }
++ if (err != 0)
++ return (err);
++ n -= nr;
++ siz = nr;
++ if (hi < HISRG_MIN || hi > HISRG_MAX) {
++ u32 = (uint32_t)hi;
++ goto done;
++ }
+ err = _citrus_UTF7_mbtoutf16(ei, &lo, s, n, psenc, &nr);
+ if (nr == (size_t)-1 || nr == (size_t)-2) {
++ psenc->chlen = 1; /* make get_state_desc return incomplete */
+ *nresult = nr;
+ return (err);
+ }
+ if (err != 0)
+ return (err);
++ if (lo < LOSRG_MIN || lo > LOSRG_MAX) {
++ *nresult = (size_t)-1;
++ return (EILSEQ);
++ }
+ hi -= HISRG_MIN;
+ lo -= LOSRG_MIN;
+ u32 = (hi << 10 | lo) + SRG_BASE;
+@@ -297,7 +289,6 @@ done:
+ _citrus_UTF7_init_state(ei, psenc);
+ } else {
+ *nresult = siz;
+- psenc->surrogate = 0;
+ }
+ return (err);
+ }
+@@ -396,7 +387,7 @@ _citrus_UTF7_put_state_reset(_UTF7EncodingInfo * _
+ {
+ int bits, pos;
+
+- if (psenc->chlen != 0 || psenc->bits > BASE64_BIT || psenc->surrogate)
++ if (psenc->chlen != 0 || psenc->bits > BASE64_BIT)
+ return (EINVAL);
+
+ if (psenc->mode) {
Added: head/share/security/patches/EN-15:10/iconv.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:10/iconv.patch.asc Tue Jun 30 23:36:51 2015 (r46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rn5vIP/jsofR8DW12TqLeEURwBKF+S
+mmUY4wQaCxDJQddAMRIEDHwWN0FPJnNn3sA7L40+c6iYnf1kTkK2Fimw733TAmsB
+hEZujVoFP77QUsFVGm7iYzzRu4ck76riNonNlEw8kvt1VUhJjzxFPVjkh55wRM6D
+T75JJD3VV78bfHN/umj437tsTe3wfH8el2nXXjTxyzRbucGZpz6EAkBYdnFc7PPu
+bFrEFmNVs/tD0V5C5FdoxFLkuti84FfdZ42Ad9z4o+1H80adwMLL+1dLciutLdQt
+7eHLGljdz9iDMlPhi3e8BCHM2Ij1QAa6L16BH43yTLaD/XMcM14HdwCwiNNl6YAr
+Mc6PScRwGSjZAixgL1rMR1iFtlDndyRGg6KCNydH89xIHTb+SEdEC+I6pOPvX4yg
+SAmzOwPsEGScslNbqxNeLkPlv70/zqnCihwN/8Z7M6yERYdWmfs8n8dhMBGc/UF5
+1vw/lOfOZf1CR+KJmhQQgpFknnx2aStJXdzqsTm+Bdx5n09wdRzoRVqwiuvPEBt+
+a+IInr9cybNdUeU3r+sobzuCcxfDDiRtoYtStoQ2vI7iGkuuwq8lulbBxvh1xzGH
+xolOc6tXDDn7Ndvo+pmY83/C9qI0q3TOnqWjody97zqihs+yRJwN7xrrujgngpdy
+FdClblODnEpnK3GmJsPE
+=ZMx/
+-----END PGP SIGNATURE-----
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Tue Jun 30 15:38:37 2015 (r46902)
+++ head/share/xml/notices.xml Tue Jun 30 23:36:51 2015 (r46903)
@@ -11,6 +11,18 @@
<name>6</name>
<day>
+ <name>30</name>
+
+ <notice>
+ <name>FreeBSD-EN-15:10.iconv</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-15:09.xlocale</name>
+ </notice>
+ </day>
+
+ <day>
<name>18</name>
<notice>
More information about the svn-doc-all
mailing list