date:20150818

svn commit: r286900 - in stable: 10/contrib/expat/lib 9/contrib/expat/lib

2015-08-18 Thread Xin LI

Author: delphij
Date: Tue Aug 18 19:30:05 2015
New Revision: 286900
URL: https://svnweb.freebsd.org/changeset/base/286900

Log:
  Fix multiple integer overflows in expat.
  
  Security: CVE-2015-1283
  Security: FreeBSD-SA-15:20.expat

Modified:
  stable/10/contrib/expat/lib/xmlparse.c

Changes in other areas also in this revision:
Modified:
  stable/9/contrib/expat/lib/xmlparse.c

Modified: stable/10/contrib/expat/lib/xmlparse.c
==
--- stable/10/contrib/expat/lib/xmlparse.c  Tue Aug 18 19:30:04 2015
(r286899)
+++ stable/10/contrib/expat/lib/xmlparse.c  Tue Aug 18 19:30:05 2015
(r286900)
@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int l
 void * XMLCALL
 XML_GetBuffer(XML_Parser parser, int len)
 {
+/* BEGIN MOZILLA CHANGE (sanity check len) */
+  if (len  0) {
+errorCode = XML_ERROR_NO_MEMORY;
+return NULL;
+  }
+/* END MOZILLA CHANGE */
   switch (ps_parsing) {
   case XML_SUSPENDED:
 errorCode = XML_ERROR_SUSPENDED;
@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len
   }
 
   if (len  bufferLim - bufferEnd) {
-/* FIXME avoid integer overflow */
 int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
+if (neededSize  0) {
+  errorCode = XML_ERROR_NO_MEMORY;
+  return NULL;
+}
+/* END MOZILLA CHANGE */
 #ifdef XML_CONTEXT_BYTES
 int keep = (int)(bufferPtr - buffer);
 
@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len
 bufferSize = INIT_BUFFER_SIZE;
   do {
 bufferSize *= 2;
-  } while (bufferSize  neededSize);
+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
+  } while (bufferSize  neededSize  bufferSize  0);
+/* END MOZILLA CHANGE */
+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
+  if (bufferSize = 0) {
+errorCode = XML_ERROR_NO_MEMORY;
+return NULL;
+  }
+/* END MOZILLA CHANGE */
   newBuf = (char *)MALLOC(bufferSize);
   if (newBuf == 0) {
 errorCode = XML_ERROR_NO_MEMORY;
___
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org

svn commit: r286898 - stable/10/sys/dev/cxgbe

2015-08-18 Thread Navdeep Parhar

Author: np
Date: Tue Aug 18 19:15:20 2015
New Revision: 286898
URL: https://svnweb.freebsd.org/changeset/base/286898

Log:
  MFC r271490:
  cxgbe(4): add support for the SIOCGI2C ioctl.

Modified:
  stable/10/sys/dev/cxgbe/t4_main.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/cxgbe/t4_main.c
==
--- stable/10/sys/dev/cxgbe/t4_main.c   Tue Aug 18 19:04:55 2015
(r286897)
+++ stable/10/sys/dev/cxgbe/t4_main.c   Tue Aug 18 19:15:20 2015
(r286898)
@@ -1386,6 +1386,31 @@ fail:
ifmedia_ioctl(ifp, ifr, pi-media, cmd);
break;
 
+   case SIOCGI2C: {
+   struct ifi2creq i2c;
+
+   rc = copyin(ifr-ifr_data, i2c, sizeof(i2c));
+   if (rc != 0)
+   break;
+   if (i2c.dev_addr != 0xA0  i2c.dev_addr != 0xA2) {
+   rc = EPERM;
+   break;
+   }
+   if (i2c.len  sizeof(i2c.data)) {
+   rc = EINVAL;
+   break;
+   }
+   rc = begin_synchronized_op(sc, pi, SLEEP_OK | INTR_OK, t4i2c);
+   if (rc)
+   return (rc);
+   rc = -t4_i2c_rd(sc, sc-mbox, pi-port_id, i2c.dev_addr,
+   i2c.offset, i2c.len, i2c.data[0]);
+   end_synchronized_op(sc, 0);
+   if (rc == 0)
+   rc = copyout(i2c, ifr-ifr_data, sizeof(i2c));
+   break;
+   }
+
default:
rc = ether_ioctl(ifp, cmd, data);
}
___
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org

svn commit: r286895 - in stable/10/sys: conf dev/cxgbe dev/cxgbe/firmware dev/cxgbe/tom modules/cxgbe/t4_firmware modules/cxgbe/t5_firmware

2015-08-18 Thread Navdeep Parhar

Author: np
Date: Tue Aug 18 18:54:45 2015
New Revision: 286895
URL: https://svnweb.freebsd.org/changeset/base/286895

Log:
  MFC r285527 and r286338.  This takes the firmware from 1.11.27.0 to 1.14.4.0.
  
  r286338:
  cxgbe(4):  Update T5 and T4 firmwares bundled with the driver to 1.14.4.0.  
The
  changes in the firmwares since 1.11.27.0 are listed here (straight copy-paste
  from the Release Notes.txt accompanying the Chelsio Unified Wire 2.11.1.0
  release on the website).
  
  22.1. T5 Firmware
  +
  
  Version : 1.14.4.0
  Date: 08/05/2015
  

  
  FIXES
  -
  
  BASE:
  - Fixes a potential data path hang by properly programming PMTX congestion
threshold settings.
  - Fixes a potential initialization error when accessing a configuration file
stored on the flash.
  - Fixes a regression where SGE resources can be miss-sized if iWARP is 
disabled.
  
  ETH:
  - Fixes a timing issue that would prevent CR4 links from coming up with some
switches.
  
  FOFCoE:
  - Defers fcoe linkdown mailbox command handling till LOGO is sent.
  - Updates vlan prio for all outstanding IOs during dcbx update.
  
  ENHANCEMENTS
  
  
  BASE:
  - Adds support for PAUSE OFF watchdog.
  - Reports devlog access information in PCIE_FW_PF register 7.
  
  ETH:
  - Enhances segmentation offload to include VxLAN and Geneve.
  - Adds PTP support.
  - Adds new interface to allow the driver to query the VI rss table base
addresses.
  - Allows the driver to program the SGE ingrext contxt CongDrop field.
  
  OFLD:
  - Adds new interface for the driver to specify offloaded connections TCP snd
and rcv scale factors.
  
  iSCSI:
  - Adds support for iscsi segmentatation offload (ISO).
  - Adds support for iscsi t10-dif offload.
  
  FOiSCSI:
  - Sets FORCE_BIT for cut through processing for FOiSCSI.
  
  FOFCoE:
  - Adds support for FCoE BB6.
  - Improves WRITE performance.
  
  

  

  
  Version : 1.13.32.0
  Date: 03/25/2015
  

  
  FIXES
  -
  
  BASE:
  - Fixes FW_CAPS_CONFIG_CMD return value on error (was positive instead of
 negative)
  - Fixes FW_PARAMS_PARAM_DEV_FLOWC_BUFFIFO_SZ indication (was wrong on certain
 adapter configurations)
  - Fixes config file based PL_TIMEOUT register programming
  
  ETH:
  - Fixes a potential EO UDP SEG header corruption
  - Fixes an issue where 1000Base-X was not enabled correctly when using QSA
 modules
  
  OFLD:
  - Fixes timeout issue with half-open connections
  - Fixes FW_FLOWC_WR processing when state is set to finwait1
  
  FOFCoE:
  - Fixes fcoe xchg leaks in linkdown/peer down path
  - Fixes cleanup in FCoE linkdown and fixed buf timer flowid abuse
  - Fixes fw crash by clearing fcf flowc during bye
  
  FOiSCSI:
  - Don't create a new tcp socket if ERL0 attempt has timed out.
  
  ENHANCEMENTS
  
  
  BASE:
  - Adds support for VFs on PFs 4 to 7
  - Adds support for QPs/CQs on any physical and virtual function
  
  ETH:
  - Stops sending LACP frames on loopback interface
  - Adds an AUTOEQU indication to CPL_SGE_EGR_UPDATE
  - Adds support for CR4 links (BEAN/AEC on 40G TwinAx cables)
  
  OFLD:
  - Improves default settings of LAN and CLUSTER TCP timer settings
  - Sends Negative Advice CPLs to software
  
  FOISCSI:
  - Adds IPv6 support for foiscsi. Keeps backward compatibility with
 old foiscsi drivers which doesn't support ipv6.
  
  FOFCoE:
  - Added fcoe debug support in flowc dump
  
  

  

  
  Version : 1.12.25.0
  Date: 10/22/2014
  

  
  FIXES
  -
  
  BASE:
  - Improves precision of the Weight Round Robing Traffic Management Algorithm
  - Fixes an issue where the link would intermittently fail to come up
  - Fixes an issue where adapters with an external PHY couldn't run at 100Mbps
  - Fixes an issue where active optical cables were not recognized
  - Fixes link advertising issues on T520-BT (speed and pause frames) that would
cause the link to negotiate unexpected settings
  - Forces link restart when auto-negotiation is disabled
  - Fix an issue where pause frames wouldn't be fully disabled even if requested
  
  ETH:
  - Fixes NVGRE Segmentation Offload network header generation.
  
  DCBX:
  - Fixes an issue where some settings were not being sent to the switch
correctly
  - Fixes an issue where back-to-back DCBX port updates could get overwritten by
FW
  - Fixes a firmware crash on DCBX

svn commit: r286912 - stable/10

2015-08-18 Thread Glen Barber

Author: gjb
Date: Wed Aug 19 00:26:54 2015
New Revision: 286912
URL: https://svnweb.freebsd.org/changeset/base/286912

Log:
  Add 10.2-RELEASE to UPDATING, forgotten with prior related commits.
  
  Submitted by: junovitch
  Sponsored by: The FreeBSD Foundation

Modified:
  stable/10/UPDATING

Modified: stable/10/UPDATING
==
--- stable/10/UPDATING  Wed Aug 19 00:06:46 2015(r286911)
+++ stable/10/UPDATING  Wed Aug 19 00:26:54 2015(r286912)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20150813:
+   10.2-RELEASE.
+
 20150731:
As ZFS requires more kernel stack pages than is the default on some
architectures e.g. i386, it now warns if KSTACK_PAGES is less than
___
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org

svn commit: r286900 - in stable: 10/contrib/expat/lib 9/contrib/expat/lib

svn commit: r286898 - stable/10/sys/dev/cxgbe

svn commit: r286895 - in stable/10/sys: conf dev/cxgbe dev/cxgbe/firmware dev/cxgbe/tom modules/cxgbe/t4_firmware modules/cxgbe/t5_firmware

svn commit: r286912 - stable/10

4 matches

Site Navigation

Mail list logo

Footer information