Module Name: src Committed By: snj Date: Sat Aug 19 05:06:29 UTC 2017
Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: 1478-1489 To generate a diff of this commit: cvs rdiff -u -r1.1.2.108 -r1.1.2.109 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.108 src/doc/CHANGES-6.0.7:1.1.2.109 --- src/doc/CHANGES-6.0.7:1.1.2.108 Fri Aug 18 15:10:26 2017 +++ src/doc/CHANGES-6.0.7 Sat Aug 19 05:06:29 2017 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.108 2017/08/18 15:10:26 snj Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.109 2017/08/19 05:06:29 snj Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -12763,3 +12763,100 @@ sys/dev/ic/dm9000.c 1.12 dme_alloc_receive_buffer() [mrg, ticket #1477] +sys/dev/ic/bwi.c 1.32 + + wrong error checking in bwi_newbuf() can cause an mbuf to + declare an mbuf length that is too big + [mrg, ticket #1478] + +sys/compat/svr4/svr4_lwp.c 1.20 +sys/compat/svr4/svr4_signal.c 1.67 +sys/compat/svr4/svr4_stream.c 1.89-1.91 via patch +sys/compat/svr4_32/svr4_32_signal.c 1.29-1.30 + + Fix some of the multitudinous holes in svr4 streams. + Zero stack data before copyout. + Fix indexing of svr4 signals. + Attempt to get reference counting less bad. + Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds. + [mrg, ticket #1479] + +sys/dev/vnd.c 1.260, 1.262 + + int overflows / truncation issues in vndioctl can cause + memory corruption + [mrg, ticket #1480] + +sys/compat/ibcs2/ibcs2_exec_coff.c 1.27-1.29 +sys/compat/ibcs2/ibcs2_ioctl.c 1.46 +sys/compat/ibcs2/ibcs2_stat.c 1.49-1.50 + + Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic(). + Infoleak in ibcs2_sys_ioctl. + Potenial use of expired pointers in ibcs2_sys_statfs()/ + ibcs2_sys_statvfs() + [mrg, ticket #1481] + +sys/kern/vfs_getcwd.c 1.52 + + out of bound read in getcwd_scandir() + [mrg, ticket #1482] + +sys/compat/common/vfs_syscalls_12.c 1.34 +sys/compat/common/vfs_syscalls_43.c 1.60 +sys/compat/ibcs2/ibcs2_misc.c 1.114 +sys/compat/linux/common/linux_file64.c 1.59 +sys/compat/linux/common/linux_misc.c 1.239 +sys/compat/linux32/common/linux32_dirent.c 1.18 +sys/compat/osf1/osf1_file.c 1.44 +sys/compat/sunos/sunos_misc.c 1.171 +sys/compat/sunos32/sunos32_misc.c 1.78 +sys/compat/svr4/svr4_misc.c 1.158 +sys/compat/svr4_32/svr4_32_misc.c 1.78 + + puffs userland can trigger panic in compat getdents + [mrg, ticket #1483] + +sys/kern/kern_ktrace.c 1.171 via patch + + infoleak in ktruser() if copyin fails. + [mrg, ticket #1484] + +sys/dev/ic/isp_netbsd.c 1.89 + + unvalidated channel index in ISP_FC_GETDLIST case of + ispioctl() can cause out of bound read + [mrg, ticket #1485] + +sys/dev/ic/ciss.c 1.37 + + out of bound read in ciss_ioctl_vol() + signedness bug in ciss_ioctl() + [mrg, ticket #1486] + +sys/netsmb/smb_dev.c 1.50 +sys/netsmb/smb_subr.c 1.38 +sys/netsmb/smb_subr.h 1.22 +sys/netsmb/smb_usr.c 1.17-1.19 + + - no length validation in smb_usr_vc2spec() can cause out + of bound read. + - signedness bug in smb_usr_t2request() can cause out of + bound read + [mrg, ticket #1487] + +sys/altq/altq_cbq.c 1.31 +sys/altq/altq_hfsc.c 1.27 +sys/altq/altq_jobs.c 1.11 +sys/altq/altq_priq.c 1.24 +sys/altq/altq_wfq.c 1.22 + + infoleak in get_class_stats() + signedness bug in wfq_getstats() + [mrg, ticket #1488] + +sys/compat/linux/common/linux_time.c 1.38-1.39 via patch + + missing cred check in linux_sys_settimeofday() + [mrg, ticket #1489] +