[Glibc-bsd-commits] r5405 - in branches/wheezy/kfreebsd-8/debian: . patches

stevenc-guest at alioth.debian.org stevenc-guest at alioth.debian.org
Fri Jan 31 03:37:57 UTC 2014 

Author: stevenc-guest
Date: 2014-01-31 03:37:56 +0000 (Fri, 31 Jan 2014)
New Revision: 5405

Added:
   branches/wheezy/kfreebsd-8/debian/patches/SA-13_09.ip_multicast.diff
Modified:
   branches/wheezy/kfreebsd-8/debian/changelog
   branches/wheezy/kfreebsd-8/debian/patches/SA-13_10.sctp.diff
   branches/wheezy/kfreebsd-8/debian/patches/series
Log:
Split out patch which was already applied by mistake:
  * Apply upstream SA-13_09.ip_multicast patch (CVE-2013-3077).
    (Closes: #720470)


Modified: branches/wheezy/kfreebsd-8/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-8/debian/changelog	2014-01-31 03:16:42 UTC (rev 5404)
+++ branches/wheezy/kfreebsd-8/debian/changelog	2014-01-31 03:37:56 UTC (rev 5405)
@@ -5,6 +5,8 @@
     (Closes: #717959)
 
   [ Steven Chamberlain ]
+  * Apply upstream SA-13_09.ip_multicast patch (CVE-2013-3077).
+    (Closes: #720470)
   * Apply upstream SA-13_10.sctp patch (CVE-2013-5209).
     (Closes: #720476)
   * Apply upstream SA-13_12.ifioctl patch (CVE-2013-5691).

Added: branches/wheezy/kfreebsd-8/debian/patches/SA-13_09.ip_multicast.diff
===================================================================
--- branches/wheezy/kfreebsd-8/debian/patches/SA-13_09.ip_multicast.diff	                        (rev 0)
+++ branches/wheezy/kfreebsd-8/debian/patches/SA-13_09.ip_multicast.diff	2014-01-31 03:37:56 UTC (rev 5405)
@@ -0,0 +1,31 @@
+Description:
+ Fix an integer overflow in computing the size of a temporary buffer
+ can result in a buffer which is too small for the requested
+ operation. [13:09] (CVE-2013-3077)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:09/ip_multicast.patch
+Bug: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc
+Bug-Debian: http://bugs.debian.org/720470
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=254629
+
+--- kfreebsd-8-8.3.orig/sys/netinet/in_mcast.c
++++ kfreebsd-8-8.3/sys/netinet/in_mcast.c
+@@ -1613,6 +1613,8 @@
+ 	 * has asked for, but we always tell userland how big the
+ 	 * buffer really needs to be.
+ 	 */
++	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
++		msfr.msfr_nsrcs = in_mcast_maxsocksrc;
+ 	tss = NULL;
+ 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
+ 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,
+--- kfreebsd-8-8.3.orig/sys/netinet6/in6_mcast.c
++++ kfreebsd-8-8.3/sys/netinet6/in6_mcast.c
+@@ -1624,6 +1624,8 @@
+ 	 * has asked for, but we always tell userland how big the
+ 	 * buffer really needs to be.
+ 	 */
++	if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc)
++		msfr.msfr_nsrcs = in6_mcast_maxsocksrc;
+ 	tss = NULL;
+ 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
+ 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,

Modified: branches/wheezy/kfreebsd-8/debian/patches/SA-13_10.sctp.diff
===================================================================
--- branches/wheezy/kfreebsd-8/debian/patches/SA-13_10.sctp.diff	2014-01-31 03:16:42 UTC (rev 5404)
+++ branches/wheezy/kfreebsd-8/debian/patches/SA-13_10.sctp.diff	2014-01-31 03:37:56 UTC (rev 5405)
@@ -6,17 +6,6 @@
 Bug-Debian: http://bugs.debian.org/720476
 Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=254632
 
---- kfreebsd-8-8.3.orig/sys/netinet/in_mcast.c
-+++ kfreebsd-8-8.3/sys/netinet/in_mcast.c
-@@ -1613,6 +1613,8 @@
- 	 * has asked for, but we always tell userland how big the
- 	 * buffer really needs to be.
- 	 */
-+	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
-+		msfr.msfr_nsrcs = in_mcast_maxsocksrc;
- 	tss = NULL;
- 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
- 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,
 --- kfreebsd-8-8.3.orig/sys/netinet/sctp_output.c
 +++ kfreebsd-8-8.3/sys/netinet/sctp_output.c
 @@ -5456,6 +5456,14 @@
@@ -34,14 +23,3 @@
  	/* the time I built cookie */
  	(void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
  
---- kfreebsd-8-8.3.orig/sys/netinet6/in6_mcast.c
-+++ kfreebsd-8-8.3/sys/netinet6/in6_mcast.c
-@@ -1624,6 +1624,8 @@
- 	 * has asked for, but we always tell userland how big the
- 	 * buffer really needs to be.
- 	 */
-+	if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc)
-+		msfr.msfr_nsrcs = in6_mcast_maxsocksrc;
- 	tss = NULL;
- 	if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
- 		tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,

Modified: branches/wheezy/kfreebsd-8/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-8/debian/patches/series	2014-01-31 03:16:42 UTC (rev 5404)
+++ branches/wheezy/kfreebsd-8/debian/patches/series	2014-01-31 03:37:56 UTC (rev 5405)
@@ -14,6 +14,7 @@
 SCTP_DOS_svn239447.diff
 SA-12_08.linux.patch
 SA-13_08.nfsserver.diff
+SA-13_09.ip_multicast.diff
 SA-13_10.sctp.diff
 SA-13_12.ifioctl.diff
 SA-13_13.nullfs.diff

More information about the Glibc-bsd-commits mailing list