svn commit: r296608 - in stable/9/contrib/bind9: . bin/named bin/rndc doc/arm lib/dns lib/isccc
Author: delphij
Date: Thu Mar 10 07:44:56 2016
New Revision: 296608
URL: https://svnweb.freebsd.org/changeset/base/296608
Log:
MFV r296599: BIND 9.9.8-P4.
Security: CVE-2016-1285
Security: CVE-2016-1286
Security: CVE-2016-2088
Security: FreeBSD-SA-16:13.bind
Modified:
stable/9/contrib/bind9/CHANGES
stable/9/contrib/bind9/COPYRIGHT
stable/9/contrib/bind9/README
stable/9/contrib/bind9/bin/named/control.c
stable/9/contrib/bind9/bin/named/controlconf.c
stable/9/contrib/bind9/bin/named/query.c
stable/9/contrib/bind9/bin/rndc/rndc.c
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf
stable/9/contrib/bind9/doc/arm/man.arpaname.html
stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html
stable/9/contrib/bind9/doc/arm/man.dig.html
stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html
stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html
stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html
stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html
stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html
stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html
stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html
stable/9/contrib/bind9/doc/arm/man.genrandom.html
stable/9/contrib/bind9/doc/arm/man.host.html
stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html
stable/9/contrib/bind9/doc/arm/man.named-checkconf.html
stable/9/contrib/bind9/doc/arm/man.named-checkzone.html
stable/9/contrib/bind9/doc/arm/man.named-journalprint.html
stable/9/contrib/bind9/doc/arm/man.named.html
stable/9/contrib/bind9/doc/arm/man.nsec3hash.html
stable/9/contrib/bind9/doc/arm/man.nsupdate.html
stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html
stable/9/contrib/bind9/doc/arm/man.rndc.conf.html
stable/9/contrib/bind9/doc/arm/man.rndc.html
stable/9/contrib/bind9/doc/arm/notes.html
stable/9/contrib/bind9/doc/arm/notes.pdf
stable/9/contrib/bind9/doc/arm/notes.xml
stable/9/contrib/bind9/lib/dns/api
stable/9/contrib/bind9/lib/dns/resolver.c
stable/9/contrib/bind9/lib/isccc/cc.c
stable/9/contrib/bind9/version
Directory Properties:
stable/9/contrib/bind9/ (props changed)
Modified: stable/9/contrib/bind9/CHANGES
==
--- stable/9/contrib/bind9/CHANGES Thu Mar 10 06:25:47 2016
(r296607)
+++ stable/9/contrib/bind9/CHANGES Thu Mar 10 07:44:56 2016
(r296608)
@@ -1,3 +1,12 @@
+ --- 9.9.8-P4 released ---
+
+4319. [security] Fix resolver assertion failure due to improper
+ DNAME handling when parsing fetch reply messages.
+ (CVE-2016-1286) [RT #41753]
+
+4318. [security] Malformed control messages can trigger assertions
+ in named and rndc. (CVE-2016-1285) [RT #41666]
+
--- 9.9.8-P3 released ---
4288. [bug] Fixed a regression in resolver.c:possibly_mark()
Modified: stable/9/contrib/bind9/COPYRIGHT
==
--- stable/9/contrib/bind9/COPYRIGHTThu Mar 10 06:25:47 2016
(r296607)
+++ stable/9/contrib/bind9/COPYRIGHTThu Mar 10 07:44:56 2016
(r296608)
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/README
==
--- stable/9/contrib/bind9/README Thu Mar 10 06:25:47 2016
(r296607)
+++ stable/9/contrib/bind9/README Thu Mar 10 07:44:56 2016
(r296608)
@@ -51,6 +51,11 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.9.8-P4
+
+ BIND 9.9.8-P4 is a security release addressing the flaws
+ described in CVE-2016-1285 and CVE-2016-1286.
+
BIND 9.9.8-P3
BIND 9.9.8-P3 is a security release addressing the flaw described in
svn commit: r296598 - stable/9/crypto/openssl/crypto/bn
Author: delphij
Date: Thu Mar 10 03:58:48 2016
New Revision: 296598
URL: https://svnweb.freebsd.org/changeset/base/296598
Log:
Fix CR/LF's in bn_exp.c introduced in r207783. No actual code change.
Modified:
stable/9/crypto/openssl/crypto/bn/bn_exp.c
Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c
==
--- stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:57:37 2016
(r296597)
+++ stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:58:48 2016
(r296598)
@@ -107,13 +107,13 @@
* (e...@cryptsoft.com). This product includes software written by Tim
* Hudson (t...@cryptsoft.com).
*
- */
-
-#include "cryptlib.h"
-#include "constant_time_locl.h"
-#include "bn_lcl.h"
-
-/* maximum precomputation table size for *variable* sliding windows */
+ */
+
+#include "cryptlib.h"
+#include "constant_time_locl.h"
+#include "bn_lcl.h"
+
+/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/* this one works - simple but works */
@@ -521,79 +521,79 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
* pattern as far as cache lines are concerned. The following functions are
* used to transfer a BIGNUM from/to that table.
*/
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
-unsigned char *buf, int idx,
-int window)
-{
-int i, j;
-int width = 1 << window;
-BN_ULONG *table = (BN_ULONG *)buf;
-
-if (bn_wexpand(b, top) == NULL)
-return 0;
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
+unsigned char *buf, int idx,
+int window)
+{
+int i, j;
+int width = 1 << window;
+BN_ULONG *table = (BN_ULONG *)buf;
+
+if (bn_wexpand(b, top) == NULL)
+return 0;
while (b->top < top) {
-b->d[b->top++] = 0;
-}
-
-for (i = 0, j = idx; i < top; i++, j += width) {
-table[j] = b->d[i];
-}
-
-bn_correct_top(b);
+b->d[b->top++] = 0;
+}
+
+for (i = 0, j = idx; i < top; i++, j += width) {
+table[j] = b->d[i];
+}
+
+bn_correct_top(b);
return 1;
}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
- unsigned char *buf, int idx,
- int window)
-{
-int i, j;
-int width = 1 << window;
-volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
-if (bn_wexpand(b, top) == NULL)
-return 0;
-
-if (window <= 3) {
-for (i = 0; i < top; i++, table += width) {
-BN_ULONG acc = 0;
-
-for (j = 0; j < width; j++) {
-acc |= table[j] &
- ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
-}
-
-b->d[i] = acc;
-}
-} else {
-int xstride = 1 << (window - 2);
-BN_ULONG y0, y1, y2, y3;
-
-i = idx >> (window - 2);/* equivalent of idx / xstride */
-idx &= xstride - 1; /* equivalent of idx % xstride */
-
-y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
-y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
-y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
-y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
-
-for (i = 0; i < top; i++, table += width) {
-BN_ULONG acc = 0;
-
-for (j = 0; j < xstride; j++) {
-acc |= ( (table[j + 0 * xstride] & y0) |
- (table[j + 1 * xstride] & y1) |
- (table[j + 2 * xstride] & y2) |
- (table[j + 3 * xstride] & y3) )
- & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
-}
-
-b->d[i] = acc;
-}
-}
-
-b->top = top;
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+ int window)
+{
+int i, j;
+int width = 1 << window;
+volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+if (bn_wexpand(b, top) == NULL)
+return 0;
+
+if (window <= 3) {
+for (i = 0; i < top; i++, table += width) {
+BN_ULONG acc = 0;
+
+for (j = 0; j < width; j++) {
+acc |= table[j] &
+ ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+}
+
+b->d[i] = acc;
+}
+} else {
+int xstride = 1 << (window - 2);
+BN_ULONG y0, y1, y2, y3;
+
+i = idx >> (window - 2);/* equivalent of idx / xstride */
+idx &= xstride - 1; /* equivalent of idx % xstride */
+
+y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+y1 = (BN_ULONG)0 -
svn commit: r296597 - stable/9/crypto/openssl/crypto/bn
Author: delphij Date: Thu Mar 10 03:57:37 2016 New Revision: 296597 URL: https://svnweb.freebsd.org/changeset/base/296597 Log: Fix a regression introduced in r296462 that causes out-of-bound access in the BN code and have slipped my review. PR: 207783 Submitted by: dim Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c == --- stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 02:43:10 2016 (r296596) +++ stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:57:37 2016 (r296597) @@ -758,7 +758,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr * Fetch the appropriate pre-computed value from the pre-buf */ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF -(computeTemp, top, powerbuf, wvalue, numPowers)) +(computeTemp, top, powerbuf, wvalue, window)) goto err; /* Multiply the result into the intermediate result */ ___ svn-src-stable-9@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9 To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
svn commit: r296581 - in stable/9/sys: dev/bxe modules/bxe
Author: davidcs
Date: Wed Mar 9 21:40:00 2016
New Revision: 296581
URL: https://svnweb.freebsd.org/changeset/base/296581
Log:
MFC r296071
Upgrade the firmware carried in driver and loaded during hardware
initialization (a.k.a STORM firmware) to version 7.13.1 (latest version)
Modified:
stable/9/sys/dev/bxe/57710_init_values.c
stable/9/sys/dev/bxe/57710_int_offsets.h
stable/9/sys/dev/bxe/57711_init_values.c
stable/9/sys/dev/bxe/57711_int_offsets.h
stable/9/sys/dev/bxe/57712_init_values.c
stable/9/sys/dev/bxe/57712_int_offsets.h
stable/9/sys/dev/bxe/bxe.c
stable/9/sys/dev/bxe/bxe.h
stable/9/sys/dev/bxe/bxe_elink.c
stable/9/sys/dev/bxe/bxe_elink.h
stable/9/sys/dev/bxe/bxe_stats.c
stable/9/sys/dev/bxe/ecore_fw_defs.h
stable/9/sys/dev/bxe/ecore_hsi.h
stable/9/sys/dev/bxe/ecore_init.h
stable/9/sys/dev/bxe/ecore_init_ops.h
stable/9/sys/dev/bxe/ecore_mfw_req.h
stable/9/sys/dev/bxe/ecore_reg.h
stable/9/sys/dev/bxe/ecore_sp.c
stable/9/sys/dev/bxe/ecore_sp.h
stable/9/sys/modules/bxe/Makefile
Directory Properties:
stable/9/ (props changed)
stable/9/sys/ (props changed)
stable/9/sys/dev/ (props changed)
stable/9/sys/modules/ (props changed)
Modified: stable/9/sys/dev/bxe/57710_init_values.c
==
--- stable/9/sys/dev/bxe/57710_init_values.cWed Mar 9 21:30:21 2016
(r296580)
+++ stable/9/sys/dev/bxe/57710_init_values.cWed Mar 9 21:40:00 2016
(r296581)
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2007-2014 QLogic Corporation. All rights reserved.
+ * Copyright (c) 2007-2017 QLogic Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -11,7 +11,7 @@
*notice, this list of conditions and the following disclaimer in the
*documentation and/or other materials provided with the distribution.
*
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS'
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
@@ -104,19 +104,19 @@ static const struct raw_op init_ops_e1[]
/* #define CFC_COMMON_START88 */
{OP_ZR, 0x104c00, 0x100},
{OP_WR, 0x104028, 0x10},
- {OP_WR, 0x104044, 0x3fff},
+ {OP_SW, 0x104040, 0x20469},
{OP_WR, 0x104058, 0x28},
{OP_WR, 0x104084, 0x84924a},
{OP_WR, 0x104058, 0x0},
/* #define CFC_COMMON_END 89 */
/* #define CSDM_COMMON_START110 */
- {OP_SW, 0xc2008, 0x30469},
- {OP_SW, 0xc201c, 0x4046c},
- {OP_SW, 0xc2038, 0x110470},
+ {OP_SW, 0xc2008, 0x3046b},
+ {OP_SW, 0xc201c, 0x4046e},
+ {OP_SW, 0xc2038, 0x110472},
{OP_ZR, 0xc207c, 0x4f},
- {OP_SW, 0xc21b8, 0x110481},
+ {OP_SW, 0xc21b8, 0x110483},
{OP_ZR, 0xc21fc, 0xf},
- {OP_SW, 0xc2238, 0x40492},
+ {OP_SW, 0xc2238, 0x40494},
{OP_RD, 0xc2248, 0x0},
{OP_RD, 0xc224c, 0x0},
{OP_RD, 0xc2250, 0x0},
@@ -141,76 +141,76 @@ static const struct raw_op init_ops_e1[]
/* #define CSDM_COMMON_END 111 */
/* #define CSEM_COMMON_START132 */
{OP_FW, 0x200400, 0xe0},
- {OP_WR_64, 0x200780, 0x100496},
+ {OP_WR_64, 0x200780, 0x100498},
{OP_ZR, 0x22, 0x1600},
{OP_ZR, 0x228000, 0x40},
{OP_ZR, 0x223bd0, 0x8},
{OP_ZR, 0x224800, 0x6},
- {OP_SW, 0x224818, 0x40498},
+ {OP_SW, 0x224818, 0x4049a},
{OP_ZR, 0x224828, 0xc},
- {OP_SW, 0x224858, 0x4049c},
+ {OP_SW, 0x224858, 0x4049e},
{OP_ZR, 0x224868, 0xc},
- {OP_SW, 0x224898, 0x404a0},
+ {OP_SW, 0x224898, 0x404a2},
{OP_ZR, 0x2248a8, 0xc},
- {OP_SW, 0x2248d8, 0x404a4},
+ {OP_SW, 0x2248d8, 0x404a6},
{OP_ZR, 0x2248e8, 0xc},
- {OP_SW, 0x224918, 0x404a8},
+ {OP_SW, 0x224918, 0x404aa},
{OP_ZR, 0x224928, 0xc},
- {OP_SW, 0x224958, 0x404ac},
+ {OP_SW, 0x224958, 0x404ae},
{OP_ZR, 0x224968, 0xc},
- {OP_SW, 0x224998, 0x404b0},
+ {OP_SW, 0x224998, 0x404b2},
{OP_ZR, 0x2249a8, 0xc},
- {OP_SW, 0x2249d8, 0x404b4},
+ {OP_SW, 0x2249d8, 0x404b6},
{OP_ZR, 0x2249e8, 0xc},
- {OP_SW, 0x224a18, 0x404b8},
+ {OP_SW, 0x224a18, 0x404ba},
{OP_ZR, 0x224a28, 0xc},
- {OP_SW, 0x224a58, 0x404bc},
+ {OP_SW, 0x224a58, 0x404be},
{OP_ZR, 0x224a68, 0xc},
- {OP_SW, 0x224a98, 0x404c0},
+ {OP_SW, 0x224a98, 0x404c2},
{OP_ZR, 0x224aa8, 0xc},
- {OP_SW, 0x224ad8, 0x404c4},
+ {OP_SW, 0x224ad8, 0x404c6},
{OP_ZR, 0x224ae8, 0xc},
-
svn commit: r296560 - stable/9/sys/netipsec
Author: ae
Date: Wed Mar 9 10:14:53 2016
New Revision: 296560
URL: https://svnweb.freebsd.org/changeset/base/296560
Log:
MFC r295967:
Fix useless check. m_pkthdr.len should be equal to orglen.
Modified:
stable/9/sys/netipsec/key.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/netipsec/key.c
==
--- stable/9/sys/netipsec/key.c Wed Mar 9 10:09:51 2016(r296559)
+++ stable/9/sys/netipsec/key.c Wed Mar 9 10:14:53 2016(r296560)
@@ -7338,8 +7338,7 @@ key_parse(m, so)
orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
target = KEY_SENDUP_ONE;
- if ((m->m_flags & M_PKTHDR) == 0 ||
- m->m_pkthdr.len != m->m_pkthdr.len) {
+ if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) {
ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
PFKEYSTAT_INC(out_invlen);
error = EINVAL;
___
svn-src-stable-9@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
