11.1/releng-p5.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(版本 325875)
 +++ sys/conf/newvers.sh	(版本 326360)
 @@ -44,7 +44,7 @@

  TYPE="FreeBSD"
  REVISION="11.1"
 -BRANCH="RELEASE-p4"
 +BRANCH="RELEASE-p5"
  if [ -n "${BRANCH_OVERRIDE}" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
 Index: UPDATING
 ===================================================================
 --- UPDATING	(版本 325875)
 +++ UPDATING	(版本 326360)
 @@ -16,7 +16,11 @@
  the tip of head, and then rebuild without this option. The bootstrap process
  from older version of current across the gcc/clang cutover is a bit fragile.

 -20171115	p3	FreeBSD-SA-17:08.ptrace
 +20171129	p5	FreeBSD-SA-17:11.openssl
 +
 +	Fix multiple vulnerabilities of OpenSSL.
 +
 +20171115	p4	FreeBSD-SA-17:08.ptrace
  			FreeBSD-SA-17:10.kldstat

  	Fix ptrace(2) vulnerability. [SA-17:08.ptrace]
 Index: crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
 ===================================================================
 --- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl	(版本 325875)
 +++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl	(版本 326360)
 @@ -3090,11 +3090,19 @@

  .align	32
  .Lsqrx8x_break:
 -	sub	16+8(%rsp),%r8		# consume last carry
 +	xor	$zero,$zero
 +	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
 +	adcx	$zero,%r8
  	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
 +	adcx	$zero,%r9
  	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
 -	xor	%ebp,%ebp		# xor	$zero,$zero
 +	adc	\$0,%r10
  	mov	%r8,0*8($tptr)
 +	adc	\$0,%r11
 +	adc	\$0,%r12
 +	adc	\$0,%r13
 +	adc	\$0,%r14
 +	adc	\$0,%r15
  	cmp	$carry,$tptr		# cf=0, of=0
  	je	.Lsqrx8x_outer_loop

 Index: crypto/openssl/crypto/x509v3/v3_addr.c
 ===================================================================
 --- crypto/openssl/crypto/x509v3/v3_addr.c	(版本 325875)
 +++ crypto/openssl/crypto/x509v3/v3_addr.c	(版本 326360)
 @@ -130,10 +130,12 @@
   */
  unsigned int v3_addr_get_afi(const IPAddressFamily *f)
  {
 -    return ((f != NULL &&
 -             f->addressFamily != NULL && f->addressFamily->data != NULL)
 -            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
 -            : 0);
 +    if (f == NULL
 +            || f->addressFamily == NULL
 +            || f->addressFamily->data == NULL
 +            || f->addressFamily->length < 2)
 +        return 0;
 +    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
  }

  /*
 Index: secure/lib/libcrypto/amd64/x86_64-mont5.S
 ===================================================================
 --- secure/lib/libcrypto/amd64/x86_64-mont5.S	(版本 325875)
 +++ secure/lib/libcrypto/amd64/x86_64-mont5.S	(版本 326360)
 @@ -3077,11 +3077,19 @@

  .align	32
  .Lsqrx8x_break:
 -	subq	16+8(%rsp),%r8
 +	xorq	%rbp,%rbp
 +	subq	16+8(%rsp),%rbx
 +	adcxq	%rbp,%r8
  	movq	24+8(%rsp),%rcx
 +	adcxq	%rbp,%r9
  	movq	0(%rsi),%rdx
 -	xorl	%ebp,%ebp
 +	adcq	$0,%r10
  	movq	%r8,0(%rdi)
 +	adcq	$0,%r11
 +	adcq	$0,%r12
 +	adcq	$0,%r13
 +	adcq	$0,%r14
 +	adcq	$0,%r15
  	cmpq	%rcx,%rdi
  	je	.Lsqrx8x_outer_loop
	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (版本 325875)
	+++ sys/conf/newvers.sh (版本 326360)
	@@ -44,7 +44,7 @@

	TYPE="FreeBSD"
	REVISION="11.1"
	-BRANCH="RELEASE-p4"
	+BRANCH="RELEASE-p5"
	if [ -n "${BRANCH_OVERRIDE}" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi
	Index: UPDATING
	===================================================================
	--- UPDATING (版本 325875)
	+++ UPDATING (版本 326360)
	@@ -16,7 +16,11 @@
	the tip of head, and then rebuild without this option. The bootstrap process
	from older version of current across the gcc/clang cutover is a bit fragile.

	-20171115 p3 FreeBSD-SA-17:08.ptrace
	+20171129 p5 FreeBSD-SA-17:11.openssl
	+
	+ Fix multiple vulnerabilities of OpenSSL.
	+
	+20171115 p4 FreeBSD-SA-17:08.ptrace
	FreeBSD-SA-17:10.kldstat

	Fix ptrace(2) vulnerability. [SA-17:08.ptrace]
	Index: crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
	===================================================================
	--- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl (版本 325875)
	+++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl (版本 326360)
	@@ -3090,11 +3090,19 @@

	.align 32
	.Lsqrx8x_break:
	- sub 16+8(%rsp),%r8 # consume last carry
	+ xor $zero,$zero
	+ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
	+ adcx $zero,%r8
	mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
	+ adcx $zero,%r9
	mov 0*8($aptr),%rdx # a[8], modulo-scheduled
	- xor %ebp,%ebp # xor $zero,$zero
	+ adc \$0,%r10
	mov %r8,0*8($tptr)
	+ adc \$0,%r11
	+ adc \$0,%r12
	+ adc \$0,%r13
	+ adc \$0,%r14
	+ adc \$0,%r15
	cmp $carry,$tptr # cf=0, of=0
	je .Lsqrx8x_outer_loop

	Index: crypto/openssl/crypto/x509v3/v3_addr.c
	===================================================================
	--- crypto/openssl/crypto/x509v3/v3_addr.c (版本 325875)
	+++ crypto/openssl/crypto/x509v3/v3_addr.c (版本 326360)
	@@ -130,10 +130,12 @@
	*/
	unsigned int v3_addr_get_afi(const IPAddressFamily *f)
	{
	- return ((f != NULL &&
	- f->addressFamily != NULL && f->addressFamily->data != NULL)
	- ? ((f->addressFamily->data[0] << 8) \| (f->addressFamily->data[1]))
	- : 0);
	+ if (f == NULL
	+ \|\| f->addressFamily == NULL
	+ \|\| f->addressFamily->data == NULL
	+ \|\| f->addressFamily->length < 2)
	+ return 0;
	+ return (f->addressFamily->data[0] << 8) \| f->addressFamily->data[1];
	}

	/*
	Index: secure/lib/libcrypto/amd64/x86_64-mont5.S
	===================================================================
	--- secure/lib/libcrypto/amd64/x86_64-mont5.S (版本 325875)
	+++ secure/lib/libcrypto/amd64/x86_64-mont5.S (版本 326360)
	@@ -3077,11 +3077,19 @@

	.align 32
	.Lsqrx8x_break:
	- subq 16+8(%rsp),%r8
	+ xorq %rbp,%rbp
	+ subq 16+8(%rsp),%rbx
	+ adcxq %rbp,%r8
	movq 24+8(%rsp),%rcx
	+ adcxq %rbp,%r9
	movq 0(%rsi),%rdx
	- xorl %ebp,%ebp
	+ adcq $0,%r10
	movq %r8,0(%rdi)
	+ adcq $0,%r11
	+ adcq $0,%r12
	+ adcq $0,%r13
	+ adcq $0,%r14
	+ adcq $0,%r15
	cmpq %rcx,%rdi
	je .Lsqrx8x_outer_loop