Date: Tue, 30 Jun 2015 23:36:52 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46903 - in head/share: security/advisories security/patches/EN-15:08 security/patches/EN-15:09 security/patches/EN-15:10 xml Message-ID: <201506302336.t5UNaqgS004898@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jun 30 23:36:51 2015 New Revision: 46903 URL: https://svnweb.freebsd.org/changeset/doc/46903 Log: Revise EN-15:08, add EN-15:09.xlocale and EN-15:10.iconv. Added: head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc (contents, props changed) head/share/security/patches/EN-15:08/sendmail-01.patch (contents, props changed) head/share/security/patches/EN-15:08/sendmail-01.patch.asc (contents, props changed) head/share/security/patches/EN-15:09/ head/share/security/patches/EN-15:09/xlocale.patch (contents, props changed) head/share/security/patches/EN-15:09/xlocale.patch.asc (contents, props changed) head/share/security/patches/EN-15:10/ head/share/security/patches/EN-15:10/iconv.patch (contents, props changed) head/share/security/patches/EN-15:10/iconv.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc head/share/xml/notices.xml Modified: head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc ============================================================================== --- head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc Tue Jun 30 15:38:37 2015 (r46902) +++ head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -9,27 +9,32 @@ Topic: sendmail TLS/DH Interope Category: contrib Module: sendmail -Announced: 2015-06-18 +Announced: 2015-06-18; Last revised on 2015-06-30. Credits: Frank Seltzer, Gregory Shapiro Affects: All supported versions of FreeBSD. -Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) - 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) - 2015-06-17 03:11:25 UTC (stable/9, 9.3-STABLE) - 2015-06-18 05:36:45 UTC (releng/9.3, 9.3-RELEASE-p17) - 2015-06-17 03:22:18 UTC (stable/8, 8.4-STABLE) - 2015-06-18 05:36:45 UTC (releng/8.4, 8.4-RELEASE-p31) +Corrected: 2015-06-25 01:49:44 UTC (stable/10, 10.1-STABLE) + 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14) + 2015-06-25 01:53:45 UTC (stable/9, 9.3-STABLE) + 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18) + 2015-06-25 01:56:36 UTC (stable/8, 8.4-STABLE) + 2015-06-30 23:21:59 UTC (releng/8.4, 8.4-RELEASE-p32) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.freebsd.org/>. +0. Revision history + +v1.0 2015-06-18 Initial release. +v1.1 2015-06-30 Revised patch for non-existent DH parameter file. + I. Background -sendmail supports STARTTLS encrypted connections using DHE_EXPORT -ciphers. As part of that support, by default, sendmail employs 1024-bit -DH parameters for server connections and 512-bit DH parameters for -client connections. +Sendmail supports STARTTLS encrypted connections using DHE_EXPORT +ciphers. As part of that support, by default, Sendmail employs 1024-bit +DH parameters for server connections but 512-bit DH parameters if +configured to use a DH parameter file that does not exist. II. Problem Description @@ -39,14 +44,16 @@ parameters during negotiation, thereby r III. Impact -In its default configuration, client connections from sendmail to other -SMTP servers will not be able to negotiate a STARTTLS encrypted session -with SMTP servers which reject 512-bit DH parameters. This may cause -mail deliverability issues for outbound mail. +In its default FreeBSD configuration, client connections from Sendmail +to other SMTP servers will not be able to negotiate a STARTTLS encrypted +session with SMTP servers that reject 512-bit DH parameters. This may +cause mail deliverability issues for outbound mail. IV. Workaround -To work around this interoperability, sendmail can be configured to use +Systems that do not use Sendmail are not affected. + +To work around this interoperability, Sendmail can be configured to use a 1024 or 2048 bit DH parameter using these steps: 1. Edit /etc/mail/`hostname`.mc @@ -59,20 +66,17 @@ a 1024 or 2048 bit DH parameter using th for 2048-bit or: openssl dhparam -out /path/to/file 1024 for 1024-bit. - 4. If you have modified your MSP submission configuration - file to enable STARTTLS (not enabled by default), repeat - the above steps for /etc/mail/`hostname`.submit.mc. - 5. Rebuild the .cf file(s): - cd /etc/mail/; make; make install - 6. Restart sendmail: - cd /etc/mail/; make restart -Systems that do not use sendmail are not affected. + 4. Rebuild the .cf file: + cd /etc/mail/; make; make install + 5. Restart sendmail: + cd /etc/mail/; make restart V. Solution -A change to the raise the default for sendmail client connections to -1024-bit DH parameters has been committed. +A change to the raise the default for Sendmail connections to use +1024-bit DH parameters if the configured DH parameters file does not +exist has been committed. Perform one of the following: @@ -99,6 +103,10 @@ detached PGP signature using your PGP ut # fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc # gpg --verify sendmail.patch.asc +# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch +# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch.asc +# gpg --verify sendmail.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -107,7 +115,7 @@ b) Apply the patch. Execute the followi c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. -Restart the sendmail daemon(s), or reboot the system. +Restart the Sendmail daemon(s), or reboot the system. VI. Correction details @@ -116,12 +124,12 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r284491 -releng/8.4/ r284536 -stable/9/ r284488 -releng/9.3/ r284536 -stable/10/ r284485 -releng/10.1/ r284536 +stable/8/ r284790 +releng/8.4/ r284987 +stable/9/ r284788 +releng/9.3/ r284986 +stable/10/ r284786 +releng/10.1/ r284985 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -141,17 +149,17 @@ https://security.FreeBSD.org/advisories/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.5 (FreeBSD) -iQIcBAEBCgAGBQJVgllYAAoJEO1n7NZdz2rnsY0QAIKcqNxRed97fvmxvL9kX1In -CpdKO0Cso8EhCDOKJzmSYR49QZc6CNtPflbgbK2wktiHptmK87R+xODyIWBR1q8T -peMoevr942gCUZzrA259cLaWJGC7MZer5G9SIsB7cnMJox/QcHmQysDONfu1PRjf -T8T3/q24230PnBBJpR1SNDMOPAc1YLMetEZ3ue72ToG9pd6gAXN8I9N1ZUPY/6dd -9/urhdQnxlX5RB3JnqujueJvCrcstInZ8grtKOmTfPSUcWGL++dwu6YH34ORwKDh -wiI8U+qyg1Lq5vGx6srDOkGAhiSbYi177PV1RCNTxY28yGVvhiiSnLSsIesZBcoB -pVYcefBJeqcXNuQC5jsGKHEbti9X3bhHnThOaOBOvrooEGcc7/DuP02BZiNOWDvV -3axT+iFzJdZ1sZktdUQl65zqVBSDASTFz5uG/nTUFASj0W4+vVEghy6FAxlf3aBO -eV9tqxeUozt0nSb/44n2u2GHRplWWS1KEE3N+skN5IT4RfZaNvTVtZ0s1fRv6Jum -YNut6TGiVIyTACP0JjS2TkGC3kdPrqweZSQ6xnfrgOSCS+3w2nR1aqaGJ3aCIm/b -9ixFFIW03LhBH2fl4Y68+CbAlIgGd0zigbRds1IGxRSUxR8AKBngqC+KQUFCOSnY -snl4x6f2t36abWYgneaP -=mvxv +iQIcBAEBCgAGBQJVkyZLAAoJEO1n7NZdz2rnsdsP/2+xJUiaNWialSFlTwE75sHC +vN/CrkceLw6QrUi5U0PpQdI7xP/y8Cspj/vDCNUbHlkK8WfA5G8J6WhyyaVxMREG +aZTPHFBn0/IeP2vxlyf0PLq6hL1KtasOQNjDEasUMb4uclaE+hn3QxrWk+KGoe8B +8rZHYS6Y9gOfWLJj7Rvf6T6TEtKf8Mz1cBfn7lRQbF7yDwkvNDpmNv7BhTQOM5rw +/2q2i4ZjuZT4AX0IaSzZLC1dEyxuUKqAxMV1D+F1WYBQqMUwnoJLMAETmWXphuSa +QGDNU0w3PbAJrgK06qeLSswVo/r/5h+kjra5eL17MPKZPO+sWHv9E1jS7wUsbsFB +RE7kcafgWcN9S0TBldyuFo9g8nwjsWq4uooSLrf8pG8y7U6FtXbgyitS3BNVKT7i +9GqzTi89HKPefnPQR5wfJIl9YXgKvWJ/FNei7MpGTl2LGKHSd2P/21+OoIjfNeQl +hYOP9uWDrk3Uf7gJVrJOobMfme5Zb1/LDSQegTIFjzQ0Iac1p4nqj53rzG2Nufyx +/Y93rKOz280NCS193buARcl4KmFp9oGaJTjVG9Cthu8FUFlCkCeZl13ZrhDufKBS +z2ZEwkIYFamOFjbhCUJ5wm3gsozV7bzAOSRQEFEzzLDlYGPv2RPDAlgREcuzxr8N +OhK1HFcIqXbXRthWN7Sp +=ibhZ -----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:09.xlocale Errata Notice + The FreeBSD Project + +Topic: Inconsistency between locale and rune locale states + +Category: core +Module: libc +Announced: 2015-06-30 +Credits: David Chisnall +Affects: FreeBSD 9.x and FreeBSD 10.x. +Corrected: 2015-06-17 19:12:18 UTC (stable/10, 10.1-STABLE) + 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14) + 2015-06-17 19:13:13 UTC (stable/9, 9.3-STABLE) + 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.freebsd.org/>. + +I. Background + +Recent FreeBSD releases have support to thread-safe and extended locale API, +modeled after the Darwin xlocale(3) API. + +The C standard locale API was reimplemented as a wrapper of the xlocale(3) +API with a global locale in order to support its semantics. + +II. Problem Description + +The locale and rune locale may become out of sync, in which case calls of +mb* and similar functions would be supplied with wrong data. + +III. Impact + +Applications that uses xlocale but does not call setlocale(3) would crash. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch +# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch.asc +# gpg --verify xlocale.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all deamons using the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r284525 +releng/9.3/ r284986 +stable/10/ r284524 +releng/10.1/ r284985 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/188036> + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:09.locale.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnitMQAK5jY0n9Kv0VDwP5J4EXdcHZ +SOEE8n5O+bwWxVFWkqGGZrPQiUuJt6ujrAJb2iSeUtKIa2E84TLDVjmWGtyqP/RN +rLlRjVVQo14EhSScRI54oUeAYpoBWU8oRtFiixFbw24gFEW/ZeovFxQUY1Waueuy +Xpx28cmqQ3KG/T+Ujq1edHrtMpqwsBQd93eHRFSjtWaMrxmjnr4ln66AerdPQAYx +ib2rznxy+MCF0rmHbTsYnpZKZ1DupcyU7YkOdhVTk8cviL44wPGaCrA9Oaf6Q2hW +NTek9h5VQhvmhWaPsUZTGbQYPkvFjvEbmKOxRV+Mtf+UBt2y7SoqACpP1BbCC77n +8uRGdI8MPpC1j9RHZ5miWz4NkA3W1Pa/oi66PRhenzXgDe9Ua4aykklqnINhOrgm +ZBCLz1DXnx4WyeW2FIf7Z9GGcF3sUd9RU2e4H0WI3uZ75PT7p/zq1L4FKxXEn9/7 +VoGy6cyQWwFUZ27lIcSGLeUhSolrtDofHPwKe8YB12bTXPhxjNYs+4iYWF0ZScOE +Wr9Jx7mKecNQ+jD5iEP2Ne7tzqSPSDZGzwkvifz+dmHT5L9hx6Pu916xp6/kzVg1 +up31EcoQOn1N/ZHjC9VgGmyOgdA5ENHKNPhzcYp2CrJSadBHQHeINfwbRLdzLjVl +Nnt+YSShqakxvZhNmTex +=Wfyl +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-15:10.iconv Errata Notice + The FreeBSD Project + +Topic: Improved iconv(3) UTF-7 support + +Category: core +Module: libc/iconv +Announced: 2015-06-30 +Credits: Tijl Coosemans +Affects: FreeBSD 10.x +Corrected: 2015-06-02 09:42:00 UTC (stable/10, 10.1-STABLE) + 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.freebsd.org/>. + +I. Background + +The iconv(3) API allows converting text data from one character set +encoding to another. Applications first open a converter between two +encodings using iconv_open(3) and then convert text using iconv(3). + +UTF-7 is a variable-length character encoding representing Unicode text +using a stream of ASCII characters. + +II. Problem Description + +A defect in the iconv(3) UTF-7 decoding process causes the end of base64 +symbols ("-") to be treated as an incomplete character when they exist +at the end of the string. + +III. Impact + +Applications that use iconv(3) to decode UTF-7 may receive an incorrect +encoded result. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch +# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch.asc +# gpg --verify iconv.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all deamons using the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r283908 +releng/10.1/ r284985 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/200398> + +The latest revision of this Errata Notice is available at +https://security.FreeBSD.org/advisories/FreeBSD-EN-15:10.iconv.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnue4P/2TGL5ucl/YypMQAcgDxRn77 +3zky6DhJSWx0ydnoCsFNogiK2A9qdw6YHvYMyqwjcVTZ9NpjeXSOnuEgaD6SN9Xj +elIkvxPkbome8QDJAVsW+amqw1ipfJ4deN4XQqzbRTaNBd0Yo0jsC4S7zjVq+gwE +0EJ98vYQz8KfOFRW5Y1DlCS2OkapuGHPcxBJsRGoz5Y4Qe8KYDivRDZPJsrhbEWY ++QF+xjZ+ZDvCl6qBSVcYgsVNeMr6jHjmIS2BYSeWypKmI1LfPgZszOMCZsS/rvAs +DKsm9N7GcbMVCD0tUWSOQmN1jtfBEoYtgqoHg1/wg5/jTOlcVQgANVMF5p9jqo/Q +BGBUWfwQACZ4cJI/lXTqUt87Dg1n15JtU011nDCfbK4Ll9ZaYioAisqx2kXdUgBP +ojP3XMwoFtq2tJGJZLlIG3nWm3IatsOL+vtZxw6N4Y5PVksZeCctFikm7FhsCXjk +SCVSn3w+rLP1klWSCbqUUtpvRSMP3JZDH7auytvykUZ2pncKAzwhfb+TI9Qqnguk +RkSDUDnRvLEuwezZOAZ3lErVV/G38zyi6Hn/ODeO0Cg6w70XKdbuWqgf0z3etz7M +HiHk4dpVNO7S4Y12wNdin1XgXa94s08wyiY7bSGpDaqL22O6CHgd0B+NAsqUqJSx +lAsbtw23ytA4JwkVwIdf +=hK2X +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:08/sendmail-01.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:08/sendmail-01.patch Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,13 @@ +Index: contrib/sendmail/src/sendmail.h +=================================================================== +--- contrib/sendmail/src/sendmail.h (revision 284940) ++++ contrib/sendmail/src/sendmail.h (working copy) +@@ -1935,7 +1935,7 @@ struct termescape + + /* server requirements */ + #define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \ +- TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \ ++ TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \ + TLS_I_CACHE) + + /* client requirements */ Added: head/share/security/patches/EN-15:08/sendmail-01.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:08/sendmail-01.patch.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnDCgP/03Bv37NZRCd3fpZC8Og73t2 +qFxR5glnHfXeNpAnI2p0Jmfvay4/ZHYEOIXQwS60wdnNElN00mudJ/D7RBVr5sGF +fjW68S3+z9vppBP4pWq4xhitDkA+Ko9zZmCojMOta3DTBhJzp825i8al03wQbViQ +Xgv7AhA52bsdXqcru83DfRDfXfUuf8BivgvuGoohfaVQYhAusrOlAXR9jij9mWJo +24Phs3gXlmOvRnjWiRfcmESCZdZJwDwUfBXk+cMFuEQo60bburyjqp+rCD4bt1lN +3zkRTLggBQefqLer78CP++A/PrLxLWajqRpZ0SvUny3HeWED8Yrp/8L3xc0H+Zfs +Eo5lmVvi3RLAzTWgAkdQOBddjvYoK5jmJBauFyiY/sQ/sti1HT7vavXPIRZFTWFQ +VM/+URwLudyAnIXqVn0iSuOrrjW5eQnchuEWYs6ar7qc375sa9um7idfif9kCq5j +5GvBILw1m6CVfeuW5dfL/Gwkz6ALx9yqSVQ10L3m5Ik7+hbCAkD+GnMK53OvQSjA +Kuw3nMDVHjdVVYZKYI7h8Ez25K2S9EoPARcmX9oikkeUYLR3s8PbLOikixltpRpp +viaHkskG4bvxY2b5SP64NRZowUqPP2EgVY/Mi11pPsr5cuQR+PTTv7mx0QUzJ862 +m86CQtJ8so6TKWTO8bQb +=c8JT +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:09/xlocale.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:09/xlocale.patch Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,58 @@ +Index: lib/libc/locale/setrunelocale.c +=================================================================== +--- lib/libc/locale/setrunelocale.c (revision 284940) ++++ lib/libc/locale/setrunelocale.c (working copy) +@@ -202,6 +202,8 @@ __set_thread_rune_locale(locale_t loc) + + if (loc == NULL) { + _ThreadRuneLocale = &_DefaultRuneLocale; ++ } else if (loc == LC_GLOBAL_LOCALE) { ++ _ThreadRuneLocale = 0; + } else { + _ThreadRuneLocale = XLOCALE_CTYPE(loc)->runes; + } +Index: lib/libc/locale/xlocale.c +=================================================================== +--- lib/libc/locale/xlocale.c (revision 284940) ++++ lib/libc/locale/xlocale.c (working copy) +@@ -154,23 +154,24 @@ __get_locale(void) + static void + set_thread_locale(locale_t loc) + { ++ locale_t l = (loc == LC_GLOBAL_LOCALE) ? 0 : loc; + + _once(&once_control, init_key); + +- if (NULL != loc) { +- xlocale_retain((struct xlocale_refcounted*)loc); ++ if (NULL != l) { ++ xlocale_retain((struct xlocale_refcounted*)l); + } + locale_t old = pthread_getspecific(locale_info_key); +- if ((NULL != old) && (loc != old)) { ++ if ((NULL != old) && (l != old)) { + xlocale_release((struct xlocale_refcounted*)old); + } + if (fake_tls) { +- thread_local_locale = loc; ++ thread_local_locale = l; + } else { +- pthread_setspecific(locale_info_key, loc); ++ pthread_setspecific(locale_info_key, l); + } + #ifndef __NO_TLS +- __thread_locale = loc; ++ __thread_locale = l; + __set_thread_rune_locale(loc); + #endif + } +@@ -361,9 +362,6 @@ locale_t uselocale(locale_t loc) + { + locale_t old = get_thread_locale(); + if (NULL != loc) { +- if (LC_GLOBAL_LOCALE == loc) { +- loc = NULL; +- } + set_thread_locale(loc); + } + return (old ? old : LC_GLOBAL_LOCALE); Added: head/share/security/patches/EN-15:09/xlocale.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:09/xlocale.patch.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnwpgQAI29DAkpuY6cD9vJNtVvD/BC +EeGcYGO+hq82b5QAVS1778ETaQOPZjPrVycj3o8pFjCdVTaCCVhutKbEVxojDTAj +pqPpTvBZqcAf9pfBL7mPGLjfF8gzKiLVwNMNxfs/uC++rWdebdVUMI3sWntnc85c +a8oplvXIBuXJHXOd2xNG2c6+Zdo4GJBAouUxMvkneUwS5Sw8sB+cMJt5UZ5lHbRH +qgekU+v4HLjurK10WWzBKN178y/+mOhvZ0gck0ft0BR4EZmaaFJqBYE6otUDz9MM +W9dG2e+Bfg5VmVhuVZMetIFPzLmhTQtwciGhp5JFT5lBzx2JyLlZ9mztDo6s+hwm +wsD8/Wf6xK0UbxLrlCi3cjNS/MKUmjjTJkFnbPnUljU3khmOjeGRkT3LZJL0eOft +U/UU+AzOOUKXLAgOWuYjaG6a3QB1aAB6dEPX5YpMfdsprM6r3D9mYWLF6b2ieD/2 +QKZiQTUasJno5lXsyp6p/sEW59prPYOsWOtv5m65Tzjim+/rxX41w0vDTm8Ou2rh +yHfCJidFL6AzYZEWh6dS2AGS/EW0hgWtp5frOP65cfNlFHdXiZqv21Xq0IRchs+L +mYpWpxpzbdA7vk33tvolkv+TahgPCXML0waCucKEY9p8vRfl+wJo2vs3kqozl0jG +rzjVDz4t+4Kbr0LNm9aI +=BvyK +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-15:10/iconv.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:10/iconv.patch Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,107 @@ +Index: lib/libiconv_modules/UTF7/citrus_utf7.c +=================================================================== +--- lib/libiconv_modules/UTF7/citrus_utf7.c (revision 284940) ++++ lib/libiconv_modules/UTF7/citrus_utf7.c (working copy) +@@ -62,8 +62,7 @@ typedef struct { + unsigned int + mode: 1, /* whether base64 mode */ + bits: 4, /* need to hold 0 - 15 */ +- cache: 22, /* 22 = BASE64_BIT + UTF16_BIT */ +- surrogate: 1; /* whether surrogate pair or not */ ++ cache: 22; /* 22 = BASE64_BIT + UTF16_BIT */ + int chlen; + char ch[4]; /* BASE64_IN, 3 * 6 = 18, most closed to UTF16_BIT */ + } _UTF7State; +@@ -154,12 +153,11 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr + uint16_t * __restrict u16, const char ** __restrict s, size_t n, + _UTF7State * __restrict psenc, size_t * __restrict nresult) + { +- _UTF7State sv; + const char *s0; + int done, i, len; + ++ *nresult = 0; + s0 = *s; +- sv = *psenc; + + for (i = 0, done = 0; done == 0; i++) { + if (i == psenc->chlen) { +@@ -166,9 +164,6 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr + if (n-- < 1) { + *nresult = (size_t)-2; + *s = s0; +- sv.chlen = psenc->chlen; +- memcpy(sv.ch, psenc->ch, sizeof(sv.ch)); +- *psenc = sv; + return (0); + } + psenc->ch[psenc->chlen++] = *s0++; +@@ -257,34 +252,31 @@ _citrus_UTF7_mbrtowc_priv(_UTF7EncodingInfo * __re + *nresult = (size_t)_ENCODING_IS_STATE_DEPENDENT; + return (0); + } +- if (psenc->surrogate) { +- hi = (psenc->cache >> psenc->bits) & UTF16_MAX; +- if (hi < HISRG_MIN || hi > HISRG_MAX) +- return (EINVAL); +- siz = 0; +- } else { +- err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr); +- if (nr == (size_t)-1 || nr == (size_t)-2) { +- *nresult = nr; +- return (err); +- } +- if (err != 0) +- return (err); +- n -= nr; +- siz = nr; +- if (hi < HISRG_MIN || hi > HISRG_MAX) { +- u32 = (uint32_t)hi; +- goto done; +- } +- psenc->surrogate = 1; ++ err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr); ++ if (nr == (size_t)-1 || nr == (size_t)-2) { ++ *nresult = nr; ++ return (err); + } ++ if (err != 0) ++ return (err); ++ n -= nr; ++ siz = nr; ++ if (hi < HISRG_MIN || hi > HISRG_MAX) { ++ u32 = (uint32_t)hi; ++ goto done; ++ } + err = _citrus_UTF7_mbtoutf16(ei, &lo, s, n, psenc, &nr); + if (nr == (size_t)-1 || nr == (size_t)-2) { ++ psenc->chlen = 1; /* make get_state_desc return incomplete */ + *nresult = nr; + return (err); + } + if (err != 0) + return (err); ++ if (lo < LOSRG_MIN || lo > LOSRG_MAX) { ++ *nresult = (size_t)-1; ++ return (EILSEQ); ++ } + hi -= HISRG_MIN; + lo -= LOSRG_MIN; + u32 = (hi << 10 | lo) + SRG_BASE; +@@ -297,7 +289,6 @@ done: + _citrus_UTF7_init_state(ei, psenc); + } else { + *nresult = siz; +- psenc->surrogate = 0; + } + return (err); + } +@@ -396,7 +387,7 @@ _citrus_UTF7_put_state_reset(_UTF7EncodingInfo * _ + { + int bits, pos; + +- if (psenc->chlen != 0 || psenc->bits > BASE64_BIT || psenc->surrogate) ++ if (psenc->chlen != 0 || psenc->bits > BASE64_BIT) + return (EINVAL); + + if (psenc->mode) { Added: head/share/security/patches/EN-15:10/iconv.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-15:10/iconv.patch.asc Tue Jun 30 23:36:51 2015 (r46903) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rn5vIP/jsofR8DW12TqLeEURwBKF+S +mmUY4wQaCxDJQddAMRIEDHwWN0FPJnNn3sA7L40+c6iYnf1kTkK2Fimw733TAmsB +hEZujVoFP77QUsFVGm7iYzzRu4ck76riNonNlEw8kvt1VUhJjzxFPVjkh55wRM6D +T75JJD3VV78bfHN/umj437tsTe3wfH8el2nXXjTxyzRbucGZpz6EAkBYdnFc7PPu +bFrEFmNVs/tD0V5C5FdoxFLkuti84FfdZ42Ad9z4o+1H80adwMLL+1dLciutLdQt +7eHLGljdz9iDMlPhi3e8BCHM2Ij1QAa6L16BH43yTLaD/XMcM14HdwCwiNNl6YAr +Mc6PScRwGSjZAixgL1rMR1iFtlDndyRGg6KCNydH89xIHTb+SEdEC+I6pOPvX4yg +SAmzOwPsEGScslNbqxNeLkPlv70/zqnCihwN/8Z7M6yERYdWmfs8n8dhMBGc/UF5 +1vw/lOfOZf1CR+KJmhQQgpFknnx2aStJXdzqsTm+Bdx5n09wdRzoRVqwiuvPEBt+ +a+IInr9cybNdUeU3r+sobzuCcxfDDiRtoYtStoQ2vI7iGkuuwq8lulbBxvh1xzGH +xolOc6tXDDn7Ndvo+pmY83/C9qI0q3TOnqWjody97zqihs+yRJwN7xrrujgngpdy +FdClblODnEpnK3GmJsPE +=ZMx/ +-----END PGP SIGNATURE----- Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Jun 30 15:38:37 2015 (r46902) +++ head/share/xml/notices.xml Tue Jun 30 23:36:51 2015 (r46903) @@ -11,6 +11,18 @@ <name>6</name> <day> + <name>30</name> + + <notice> + <name>FreeBSD-EN-15:10.iconv</name> + </notice> + + <notice> + <name>FreeBSD-EN-15:09.xlocale</name> + </notice> + </day> + + <day> <name>18</name> <notice>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506302336.t5UNaqgS004898>