svn commit: r286900 - in stable: 10/contrib/expat/lib 9/contrib/expat/lib
Author: delphij Date: Tue Aug 18 19:30:05 2015 New Revision: 286900 URL: https://svnweb.freebsd.org/changeset/base/286900 Log: Fix multiple integer overflows in expat. Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Modified: stable/10/contrib/expat/lib/xmlparse.c Changes in other areas also in this revision: Modified: stable/9/contrib/expat/lib/xmlparse.c Modified: stable/10/contrib/expat/lib/xmlparse.c == --- stable/10/contrib/expat/lib/xmlparse.c Tue Aug 18 19:30:04 2015 (r286899) +++ stable/10/contrib/expat/lib/xmlparse.c Tue Aug 18 19:30:05 2015 (r286900) @@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int l void * XMLCALL XML_GetBuffer(XML_Parser parser, int len) { +/* BEGIN MOZILLA CHANGE (sanity check len) */ + if (len 0) { +errorCode = XML_ERROR_NO_MEMORY; +return NULL; + } +/* END MOZILLA CHANGE */ switch (ps_parsing) { case XML_SUSPENDED: errorCode = XML_ERROR_SUSPENDED; @@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len } if (len bufferLim - bufferEnd) { -/* FIXME avoid integer overflow */ int neededSize = len + (int)(bufferEnd - bufferPtr); +/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ +if (neededSize 0) { + errorCode = XML_ERROR_NO_MEMORY; + return NULL; +} +/* END MOZILLA CHANGE */ #ifdef XML_CONTEXT_BYTES int keep = (int)(bufferPtr - buffer); @@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len bufferSize = INIT_BUFFER_SIZE; do { bufferSize *= 2; - } while (bufferSize neededSize); +/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ + } while (bufferSize neededSize bufferSize 0); +/* END MOZILLA CHANGE */ +/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ + if (bufferSize = 0) { +errorCode = XML_ERROR_NO_MEMORY; +return NULL; + } +/* END MOZILLA CHANGE */ newBuf = (char *)MALLOC(bufferSize); if (newBuf == 0) { errorCode = XML_ERROR_NO_MEMORY; ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r286898 - stable/10/sys/dev/cxgbe
Author: np Date: Tue Aug 18 19:15:20 2015 New Revision: 286898 URL: https://svnweb.freebsd.org/changeset/base/286898 Log: MFC r271490: cxgbe(4): add support for the SIOCGI2C ioctl. Modified: stable/10/sys/dev/cxgbe/t4_main.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/cxgbe/t4_main.c == --- stable/10/sys/dev/cxgbe/t4_main.c Tue Aug 18 19:04:55 2015 (r286897) +++ stable/10/sys/dev/cxgbe/t4_main.c Tue Aug 18 19:15:20 2015 (r286898) @@ -1386,6 +1386,31 @@ fail: ifmedia_ioctl(ifp, ifr, pi-media, cmd); break; + case SIOCGI2C: { + struct ifi2creq i2c; + + rc = copyin(ifr-ifr_data, i2c, sizeof(i2c)); + if (rc != 0) + break; + if (i2c.dev_addr != 0xA0 i2c.dev_addr != 0xA2) { + rc = EPERM; + break; + } + if (i2c.len sizeof(i2c.data)) { + rc = EINVAL; + break; + } + rc = begin_synchronized_op(sc, pi, SLEEP_OK | INTR_OK, t4i2c); + if (rc) + return (rc); + rc = -t4_i2c_rd(sc, sc-mbox, pi-port_id, i2c.dev_addr, + i2c.offset, i2c.len, i2c.data[0]); + end_synchronized_op(sc, 0); + if (rc == 0) + rc = copyout(i2c, ifr-ifr_data, sizeof(i2c)); + break; + } + default: rc = ether_ioctl(ifp, cmd, data); } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r286895 - in stable/10/sys: conf dev/cxgbe dev/cxgbe/firmware dev/cxgbe/tom modules/cxgbe/t4_firmware modules/cxgbe/t5_firmware
Author: np Date: Tue Aug 18 18:54:45 2015 New Revision: 286895 URL: https://svnweb.freebsd.org/changeset/base/286895 Log: MFC r285527 and r286338. This takes the firmware from 1.11.27.0 to 1.14.4.0. r286338: cxgbe(4): Update T5 and T4 firmwares bundled with the driver to 1.14.4.0. The changes in the firmwares since 1.11.27.0 are listed here (straight copy-paste from the Release Notes.txt accompanying the Chelsio Unified Wire 2.11.1.0 release on the website). 22.1. T5 Firmware + Version : 1.14.4.0 Date: 08/05/2015 FIXES - BASE: - Fixes a potential data path hang by properly programming PMTX congestion threshold settings. - Fixes a potential initialization error when accessing a configuration file stored on the flash. - Fixes a regression where SGE resources can be miss-sized if iWARP is disabled. ETH: - Fixes a timing issue that would prevent CR4 links from coming up with some switches. FOFCoE: - Defers fcoe linkdown mailbox command handling till LOGO is sent. - Updates vlan prio for all outstanding IOs during dcbx update. ENHANCEMENTS BASE: - Adds support for PAUSE OFF watchdog. - Reports devlog access information in PCIE_FW_PF register 7. ETH: - Enhances segmentation offload to include VxLAN and Geneve. - Adds PTP support. - Adds new interface to allow the driver to query the VI rss table base addresses. - Allows the driver to program the SGE ingrext contxt CongDrop field. OFLD: - Adds new interface for the driver to specify offloaded connections TCP snd and rcv scale factors. iSCSI: - Adds support for iscsi segmentatation offload (ISO). - Adds support for iscsi t10-dif offload. FOiSCSI: - Sets FORCE_BIT for cut through processing for FOiSCSI. FOFCoE: - Adds support for FCoE BB6. - Improves WRITE performance. Version : 1.13.32.0 Date: 03/25/2015 FIXES - BASE: - Fixes FW_CAPS_CONFIG_CMD return value on error (was positive instead of negative) - Fixes FW_PARAMS_PARAM_DEV_FLOWC_BUFFIFO_SZ indication (was wrong on certain adapter configurations) - Fixes config file based PL_TIMEOUT register programming ETH: - Fixes a potential EO UDP SEG header corruption - Fixes an issue where 1000Base-X was not enabled correctly when using QSA modules OFLD: - Fixes timeout issue with half-open connections - Fixes FW_FLOWC_WR processing when state is set to finwait1 FOFCoE: - Fixes fcoe xchg leaks in linkdown/peer down path - Fixes cleanup in FCoE linkdown and fixed buf timer flowid abuse - Fixes fw crash by clearing fcf flowc during bye FOiSCSI: - Don't create a new tcp socket if ERL0 attempt has timed out. ENHANCEMENTS BASE: - Adds support for VFs on PFs 4 to 7 - Adds support for QPs/CQs on any physical and virtual function ETH: - Stops sending LACP frames on loopback interface - Adds an AUTOEQU indication to CPL_SGE_EGR_UPDATE - Adds support for CR4 links (BEAN/AEC on 40G TwinAx cables) OFLD: - Improves default settings of LAN and CLUSTER TCP timer settings - Sends Negative Advice CPLs to software FOISCSI: - Adds IPv6 support for foiscsi. Keeps backward compatibility with old foiscsi drivers which doesn't support ipv6. FOFCoE: - Added fcoe debug support in flowc dump Version : 1.12.25.0 Date: 10/22/2014 FIXES - BASE: - Improves precision of the Weight Round Robing Traffic Management Algorithm - Fixes an issue where the link would intermittently fail to come up - Fixes an issue where adapters with an external PHY couldn't run at 100Mbps - Fixes an issue where active optical cables were not recognized - Fixes link advertising issues on T520-BT (speed and pause frames) that would cause the link to negotiate unexpected settings - Forces link restart when auto-negotiation is disabled - Fix an issue where pause frames wouldn't be fully disabled even if requested ETH: - Fixes NVGRE Segmentation Offload network header generation. DCBX: - Fixes an issue where some settings were not being sent to the switch correctly - Fixes an issue where back-to-back DCBX port updates could get overwritten by FW - Fixes a firmware crash on DCBX
svn commit: r286912 - stable/10
Author: gjb Date: Wed Aug 19 00:26:54 2015 New Revision: 286912 URL: https://svnweb.freebsd.org/changeset/base/286912 Log: Add 10.2-RELEASE to UPDATING, forgotten with prior related commits. Submitted by: junovitch Sponsored by: The FreeBSD Foundation Modified: stable/10/UPDATING Modified: stable/10/UPDATING == --- stable/10/UPDATING Wed Aug 19 00:06:46 2015(r286911) +++ stable/10/UPDATING Wed Aug 19 00:26:54 2015(r286912) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150813: + 10.2-RELEASE. + 20150731: As ZFS requires more kernel stack pages than is the default on some architectures e.g. i386, it now warns if KSTACK_PAGES is less than ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org