svn commit: r296608 - in stable/9/contrib/bind9: . bin/named bin/rndc doc/arm lib/dns lib/isccc
Author: delphij Date: Thu Mar 10 07:44:56 2016 New Revision: 296608 URL: https://svnweb.freebsd.org/changeset/base/296608 Log: MFV r296599: BIND 9.9.8-P4. Security: CVE-2016-1285 Security: CVE-2016-1286 Security: CVE-2016-2088 Security: FreeBSD-SA-16:13.bind Modified: stable/9/contrib/bind9/CHANGES stable/9/contrib/bind9/COPYRIGHT stable/9/contrib/bind9/README stable/9/contrib/bind9/bin/named/control.c stable/9/contrib/bind9/bin/named/controlconf.c stable/9/contrib/bind9/bin/named/query.c stable/9/contrib/bind9/bin/rndc/rndc.c stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html stable/9/contrib/bind9/doc/arm/Bv9ARM.html stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf stable/9/contrib/bind9/doc/arm/man.arpaname.html stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html stable/9/contrib/bind9/doc/arm/man.dig.html stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html stable/9/contrib/bind9/doc/arm/man.genrandom.html stable/9/contrib/bind9/doc/arm/man.host.html stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html stable/9/contrib/bind9/doc/arm/man.named-checkconf.html stable/9/contrib/bind9/doc/arm/man.named-checkzone.html stable/9/contrib/bind9/doc/arm/man.named-journalprint.html stable/9/contrib/bind9/doc/arm/man.named.html stable/9/contrib/bind9/doc/arm/man.nsec3hash.html stable/9/contrib/bind9/doc/arm/man.nsupdate.html stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html stable/9/contrib/bind9/doc/arm/man.rndc.conf.html stable/9/contrib/bind9/doc/arm/man.rndc.html stable/9/contrib/bind9/doc/arm/notes.html stable/9/contrib/bind9/doc/arm/notes.pdf stable/9/contrib/bind9/doc/arm/notes.xml stable/9/contrib/bind9/lib/dns/api stable/9/contrib/bind9/lib/dns/resolver.c stable/9/contrib/bind9/lib/isccc/cc.c stable/9/contrib/bind9/version Directory Properties: stable/9/contrib/bind9/ (props changed) Modified: stable/9/contrib/bind9/CHANGES == --- stable/9/contrib/bind9/CHANGES Thu Mar 10 06:25:47 2016 (r296607) +++ stable/9/contrib/bind9/CHANGES Thu Mar 10 07:44:56 2016 (r296608) @@ -1,3 +1,12 @@ + --- 9.9.8-P4 released --- + +4319. [security] Fix resolver assertion failure due to improper + DNAME handling when parsing fetch reply messages. + (CVE-2016-1286) [RT #41753] + +4318. [security] Malformed control messages can trigger assertions + in named and rndc. (CVE-2016-1285) [RT #41666] + --- 9.9.8-P3 released --- 4288. [bug] Fixed a regression in resolver.c:possibly_mark() Modified: stable/9/contrib/bind9/COPYRIGHT == --- stable/9/contrib/bind9/COPYRIGHTThu Mar 10 06:25:47 2016 (r296607) +++ stable/9/contrib/bind9/COPYRIGHTThu Mar 10 07:44:56 2016 (r296608) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any Modified: stable/9/contrib/bind9/README == --- stable/9/contrib/bind9/README Thu Mar 10 06:25:47 2016 (r296607) +++ stable/9/contrib/bind9/README Thu Mar 10 07:44:56 2016 (r296608) @@ -51,6 +51,11 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.9.8-P4 + + BIND 9.9.8-P4 is a security release addressing the flaws + described in CVE-2016-1285 and CVE-2016-1286. + BIND 9.9.8-P3 BIND 9.9.8-P3 is a security release addressing the flaw described in
svn commit: r296598 - stable/9/crypto/openssl/crypto/bn
Author: delphij Date: Thu Mar 10 03:58:48 2016 New Revision: 296598 URL: https://svnweb.freebsd.org/changeset/base/296598 Log: Fix CR/LF's in bn_exp.c introduced in r207783. No actual code change. Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c == --- stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:57:37 2016 (r296597) +++ stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:58:48 2016 (r296598) @@ -107,13 +107,13 @@ * (e...@cryptsoft.com). This product includes software written by Tim * Hudson (t...@cryptsoft.com). * - */ - -#include "cryptlib.h" -#include "constant_time_locl.h" -#include "bn_lcl.h" - -/* maximum precomputation table size for *variable* sliding windows */ + */ + +#include "cryptlib.h" +#include "constant_time_locl.h" +#include "bn_lcl.h" + +/* maximum precomputation table size for *variable* sliding windows */ #define TABLE_SIZE 32 /* this one works - simple but works */ @@ -521,79 +521,79 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI * pattern as far as cache lines are concerned. The following functions are * used to transfer a BIGNUM from/to that table. */ - -static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, -unsigned char *buf, int idx, -int window) -{ -int i, j; -int width = 1 << window; -BN_ULONG *table = (BN_ULONG *)buf; - -if (bn_wexpand(b, top) == NULL) -return 0; + +static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, +unsigned char *buf, int idx, +int window) +{ +int i, j; +int width = 1 << window; +BN_ULONG *table = (BN_ULONG *)buf; + +if (bn_wexpand(b, top) == NULL) +return 0; while (b->top < top) { -b->d[b->top++] = 0; -} - -for (i = 0, j = idx; i < top; i++, j += width) { -table[j] = b->d[i]; -} - -bn_correct_top(b); +b->d[b->top++] = 0; +} + +for (i = 0, j = idx; i < top; i++, j += width) { +table[j] = b->d[i]; +} + +bn_correct_top(b); return 1; } - -static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) -{ -int i, j; -int width = 1 << window; -volatile BN_ULONG *table = (volatile BN_ULONG *)buf; - -if (bn_wexpand(b, top) == NULL) -return 0; - -if (window <= 3) { -for (i = 0; i < top; i++, table += width) { -BN_ULONG acc = 0; - -for (j = 0; j < width; j++) { -acc |= table[j] & - ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); -} - -b->d[i] = acc; -} -} else { -int xstride = 1 << (window - 2); -BN_ULONG y0, y1, y2, y3; - -i = idx >> (window - 2);/* equivalent of idx / xstride */ -idx &= xstride - 1; /* equivalent of idx % xstride */ - -y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); -y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); -y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); -y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); - -for (i = 0; i < top; i++, table += width) { -BN_ULONG acc = 0; - -for (j = 0; j < xstride; j++) { -acc |= ( (table[j + 0 * xstride] & y0) | - (table[j + 1 * xstride] & y1) | - (table[j + 2 * xstride] & y2) | - (table[j + 3 * xstride] & y3) ) - & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); -} - -b->d[i] = acc; -} -} - -b->top = top; + +static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, + unsigned char *buf, int idx, + int window) +{ +int i, j; +int width = 1 << window; +volatile BN_ULONG *table = (volatile BN_ULONG *)buf; + +if (bn_wexpand(b, top) == NULL) +return 0; + +if (window <= 3) { +for (i = 0; i < top; i++, table += width) { +BN_ULONG acc = 0; + +for (j = 0; j < width; j++) { +acc |= table[j] & + ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); +} + +b->d[i] = acc; +} +} else { +int xstride = 1 << (window - 2); +BN_ULONG y0, y1, y2, y3; + +i = idx >> (window - 2);/* equivalent of idx / xstride */ +idx &= xstride - 1; /* equivalent of idx % xstride */ + +y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); +y1 = (BN_ULONG)0 -
svn commit: r296597 - stable/9/crypto/openssl/crypto/bn
Author: delphij Date: Thu Mar 10 03:57:37 2016 New Revision: 296597 URL: https://svnweb.freebsd.org/changeset/base/296597 Log: Fix a regression introduced in r296462 that causes out-of-bound access in the BN code and have slipped my review. PR: 207783 Submitted by: dim Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c Modified: stable/9/crypto/openssl/crypto/bn/bn_exp.c == --- stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 02:43:10 2016 (r296596) +++ stable/9/crypto/openssl/crypto/bn/bn_exp.c Thu Mar 10 03:57:37 2016 (r296597) @@ -758,7 +758,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr * Fetch the appropriate pre-computed value from the pre-buf */ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF -(computeTemp, top, powerbuf, wvalue, numPowers)) +(computeTemp, top, powerbuf, wvalue, window)) goto err; /* Multiply the result into the intermediate result */ ___ svn-src-stable-9@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9 To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
svn commit: r296581 - in stable/9/sys: dev/bxe modules/bxe
Author: davidcs Date: Wed Mar 9 21:40:00 2016 New Revision: 296581 URL: https://svnweb.freebsd.org/changeset/base/296581 Log: MFC r296071 Upgrade the firmware carried in driver and loaded during hardware initialization (a.k.a STORM firmware) to version 7.13.1 (latest version) Modified: stable/9/sys/dev/bxe/57710_init_values.c stable/9/sys/dev/bxe/57710_int_offsets.h stable/9/sys/dev/bxe/57711_init_values.c stable/9/sys/dev/bxe/57711_int_offsets.h stable/9/sys/dev/bxe/57712_init_values.c stable/9/sys/dev/bxe/57712_int_offsets.h stable/9/sys/dev/bxe/bxe.c stable/9/sys/dev/bxe/bxe.h stable/9/sys/dev/bxe/bxe_elink.c stable/9/sys/dev/bxe/bxe_elink.h stable/9/sys/dev/bxe/bxe_stats.c stable/9/sys/dev/bxe/ecore_fw_defs.h stable/9/sys/dev/bxe/ecore_hsi.h stable/9/sys/dev/bxe/ecore_init.h stable/9/sys/dev/bxe/ecore_init_ops.h stable/9/sys/dev/bxe/ecore_mfw_req.h stable/9/sys/dev/bxe/ecore_reg.h stable/9/sys/dev/bxe/ecore_sp.c stable/9/sys/dev/bxe/ecore_sp.h stable/9/sys/modules/bxe/Makefile Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) stable/9/sys/modules/ (props changed) Modified: stable/9/sys/dev/bxe/57710_init_values.c == --- stable/9/sys/dev/bxe/57710_init_values.cWed Mar 9 21:30:21 2016 (r296580) +++ stable/9/sys/dev/bxe/57710_init_values.cWed Mar 9 21:40:00 2016 (r296581) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2007-2014 QLogic Corporation. All rights reserved. + * Copyright (c) 2007-2017 QLogic Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -11,7 +11,7 @@ *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS' + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS @@ -104,19 +104,19 @@ static const struct raw_op init_ops_e1[] /* #define CFC_COMMON_START88 */ {OP_ZR, 0x104c00, 0x100}, {OP_WR, 0x104028, 0x10}, - {OP_WR, 0x104044, 0x3fff}, + {OP_SW, 0x104040, 0x20469}, {OP_WR, 0x104058, 0x28}, {OP_WR, 0x104084, 0x84924a}, {OP_WR, 0x104058, 0x0}, /* #define CFC_COMMON_END 89 */ /* #define CSDM_COMMON_START110 */ - {OP_SW, 0xc2008, 0x30469}, - {OP_SW, 0xc201c, 0x4046c}, - {OP_SW, 0xc2038, 0x110470}, + {OP_SW, 0xc2008, 0x3046b}, + {OP_SW, 0xc201c, 0x4046e}, + {OP_SW, 0xc2038, 0x110472}, {OP_ZR, 0xc207c, 0x4f}, - {OP_SW, 0xc21b8, 0x110481}, + {OP_SW, 0xc21b8, 0x110483}, {OP_ZR, 0xc21fc, 0xf}, - {OP_SW, 0xc2238, 0x40492}, + {OP_SW, 0xc2238, 0x40494}, {OP_RD, 0xc2248, 0x0}, {OP_RD, 0xc224c, 0x0}, {OP_RD, 0xc2250, 0x0}, @@ -141,76 +141,76 @@ static const struct raw_op init_ops_e1[] /* #define CSDM_COMMON_END 111 */ /* #define CSEM_COMMON_START132 */ {OP_FW, 0x200400, 0xe0}, - {OP_WR_64, 0x200780, 0x100496}, + {OP_WR_64, 0x200780, 0x100498}, {OP_ZR, 0x22, 0x1600}, {OP_ZR, 0x228000, 0x40}, {OP_ZR, 0x223bd0, 0x8}, {OP_ZR, 0x224800, 0x6}, - {OP_SW, 0x224818, 0x40498}, + {OP_SW, 0x224818, 0x4049a}, {OP_ZR, 0x224828, 0xc}, - {OP_SW, 0x224858, 0x4049c}, + {OP_SW, 0x224858, 0x4049e}, {OP_ZR, 0x224868, 0xc}, - {OP_SW, 0x224898, 0x404a0}, + {OP_SW, 0x224898, 0x404a2}, {OP_ZR, 0x2248a8, 0xc}, - {OP_SW, 0x2248d8, 0x404a4}, + {OP_SW, 0x2248d8, 0x404a6}, {OP_ZR, 0x2248e8, 0xc}, - {OP_SW, 0x224918, 0x404a8}, + {OP_SW, 0x224918, 0x404aa}, {OP_ZR, 0x224928, 0xc}, - {OP_SW, 0x224958, 0x404ac}, + {OP_SW, 0x224958, 0x404ae}, {OP_ZR, 0x224968, 0xc}, - {OP_SW, 0x224998, 0x404b0}, + {OP_SW, 0x224998, 0x404b2}, {OP_ZR, 0x2249a8, 0xc}, - {OP_SW, 0x2249d8, 0x404b4}, + {OP_SW, 0x2249d8, 0x404b6}, {OP_ZR, 0x2249e8, 0xc}, - {OP_SW, 0x224a18, 0x404b8}, + {OP_SW, 0x224a18, 0x404ba}, {OP_ZR, 0x224a28, 0xc}, - {OP_SW, 0x224a58, 0x404bc}, + {OP_SW, 0x224a58, 0x404be}, {OP_ZR, 0x224a68, 0xc}, - {OP_SW, 0x224a98, 0x404c0}, + {OP_SW, 0x224a98, 0x404c2}, {OP_ZR, 0x224aa8, 0xc}, - {OP_SW, 0x224ad8, 0x404c4}, + {OP_SW, 0x224ad8, 0x404c6}, {OP_ZR, 0x224ae8, 0xc}, -
svn commit: r296560 - stable/9/sys/netipsec
Author: ae Date: Wed Mar 9 10:14:53 2016 New Revision: 296560 URL: https://svnweb.freebsd.org/changeset/base/296560 Log: MFC r295967: Fix useless check. m_pkthdr.len should be equal to orglen. Modified: stable/9/sys/netipsec/key.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/netipsec/key.c == --- stable/9/sys/netipsec/key.c Wed Mar 9 10:09:51 2016(r296559) +++ stable/9/sys/netipsec/key.c Wed Mar 9 10:14:53 2016(r296560) @@ -7338,8 +7338,7 @@ key_parse(m, so) orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); target = KEY_SENDUP_ONE; - if ((m->m_flags & M_PKTHDR) == 0 || - m->m_pkthdr.len != m->m_pkthdr.len) { + if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); PFKEYSTAT_INC(out_invlen); error = EINVAL; ___ svn-src-stable-9@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9 To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"