Bug 207272 - emulators/linux_base-c6: fix CVE-2015-7547
Summary: emulators/linux_base-c6: fix CVE-2015-7547
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-emulation (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-17 09:22 UTC by Johannes Jost Meixner
Modified: 2016-02-20 15:28 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (emulation)

Attachments
fix cve (6.32 KB, patch)
2016-02-17 09:22 UTC, Johannes Jost Meixner 		no flags Details | Diff
fix cve (6.54 KB, patch)
2016-02-17 18:18 UTC, Johannes Jost Meixner 		no flags Details | Diff
add vuxml entry (2.09 KB, patch)
2016-02-17 18:29 UTC, Johannes Jost Meixner 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Jost Meixner freebsd_committer freebsd_triage 2016-02-17 09:22:11 UTC 
Created attachment 167106 [details]
fix cve

Patch attached fixes the getaddrinfo stack-based buffer-overflow vulnerability dubbed CVE-2015-7547.

I've run it through testport for the x86_64 and i686 case, works fine.
Comment 1 Johannes Jost Meixner freebsd_committer freebsd_triage 2016-02-17 18:18:06 UTC 
Created attachment 167115 [details]
fix cve

Fix CVE *and* bump portversion
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-02-17 18:25:57 UTC 
A commit references this bug:

Author: des
Date: Wed Feb 17 18:25:44 UTC 2016
New revision: 409060
URL: https://svnweb.freebsd.org/changeset/ports/409060

Log:
  Update glibc and glibc-common to latest version

  PR:		207272
  Submitted by:	Johannes Jost Meixner <johannes@meixner.dk>
  MFH:		2016Q1
  Security:	CVE-2015-7547

Changes:
  head/emulators/linux_base-c6/Makefile
  head/emulators/linux_base-c6/distinfo.i686
  head/emulators/linux_base-c6/distinfo.x86_64
Comment 3 Johannes Jost Meixner freebsd_committer freebsd_triage 2016-02-17 18:29:19 UTC 
Created attachment 167116 [details]
add vuxml entry
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-02-18 00:14:22 UTC 
A commit references this bug:

Author: des
Date: Thu Feb 18 00:13:41 UTC 2016
New revision: 409078
URL: https://svnweb.freebsd.org/changeset/ports/409078

Log:
  Upgrade to CentOS 6.7 including fix for CVE-2015-7547.  Include earlier
  commits as needed to reduce merge conflicts, plus a few cleanup commits.

  This commit merges revisions 405244, 405560, 405637, 405641, 405643,
  406201, 406224, 406230, 406231, 406233, 407537 and 409060 from head.

  PR:		207272
  Security:	CVE-2015-7547
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/MOVED
  branches/2016Q1/Mk/bsd.linux-apps.mk
  branches/2016Q1/Mk/bsd.linux-rpm.mk
  branches/2016Q1/Mk/bsd.port.mk
  branches/2016Q1/accessibility/linux-c6-atk/Makefile
  branches/2016Q1/accessibility/linux-c6-atk/distinfo.i686
  branches/2016Q1/accessibility/linux-c6-atk/distinfo.x86_64
  branches/2016Q1/astro/google-earth/Makefile
  branches/2016Q1/audio/linux-c6-alsa-lib/Makefile
  branches/2016Q1/audio/linux-c6-alsa-lib/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-lib/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/Makefile
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/Makefile
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-utils/Makefile
  branches/2016Q1/audio/linux-c6-alsa-utils/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-utils/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-arts/distinfo.i686
  branches/2016Q1/audio/linux-c6-arts/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-esound/distinfo.i686
  branches/2016Q1/audio/linux-c6-esound/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-flac/Makefile
  branches/2016Q1/audio/linux-c6-flac/distinfo.i686
  branches/2016Q1/audio/linux-c6-flac/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libaudiofile/distinfo.i686
  branches/2016Q1/audio/linux-c6-libaudiofile/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libogg/distinfo.i686
  branches/2016Q1/audio/linux-c6-libogg/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libsndfile/distinfo.i686
  branches/2016Q1/audio/linux-c6-libsndfile/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libvorbis/distinfo.i686
  branches/2016Q1/audio/linux-c6-libvorbis/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-mikmod/distinfo.i686
  branches/2016Q1/audio/linux-c6-mikmod/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.i386
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.i686
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-openal-soft/distinfo.i686
  branches/2016Q1/audio/linux-c6-openal-soft/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/Makefile
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/distinfo.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/pkg-plist.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/pkg-plist.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/Makefile
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/distinfo.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-sdl_mixer/distinfo.i686
  branches/2016Q1/audio/linux-c6-sdl_mixer/distinfo.x86_64
  branches/2016Q1/comms/kvasd/Makefile
  branches/2016Q1/databases/linux-c6-sqlite3/Makefile
  branches/2016Q1/databases/linux-c6-sqlite3/distinfo.i686
  branches/2016Q1/databases/linux-c6-sqlite3/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-dbus-glib/distinfo.i686
  branches/2016Q1/devel/linux-c6-dbus-glib/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-dbus-libs/Makefile
  branches/2016Q1/devel/linux-c6-dbus-libs/distinfo.i686
  branches/2016Q1/devel/linux-c6-dbus-libs/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-devtools/Makefile
  branches/2016Q1/devel/linux-c6-devtools/distinfo.i686
  branches/2016Q1/devel/linux-c6-devtools/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-devtools/pkg-plist.i686
  branches/2016Q1/devel/linux-c6-devtools/pkg-plist.x86_64
  branches/2016Q1/devel/linux-c6-libgfortran/Makefile
  branches/2016Q1/devel/linux-c6-libgfortran/distinfo.i686
  branches/2016Q1/devel/linux-c6-libgfortran/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libglade2/distinfo.i686
  branches/2016Q1/devel/linux-c6-libglade2/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libpciaccess/distinfo.i686
  branches/2016Q1/devel/linux-c6-libpciaccess/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libsigc++20/distinfo.i686
  branches/2016Q1/devel/linux-c6-libsigc++20/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-ncurses-base/Makefile
  branches/2016Q1/devel/linux-c6-ncurses-base/distinfo.i686
  branches/2016Q1/devel/linux-c6-ncurses-base/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-nspr/Makefile
  branches/2016Q1/devel/linux-c6-nspr/distinfo.i686
  branches/2016Q1/devel/linux-c6-nspr/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-sdl12/Makefile
  branches/2016Q1/devel/linux-c6-sdl12/distinfo.i686
  branches/2016Q1/devel/linux-c6-sdl12/distinfo.x86_64
  branches/2016Q1/dns/linux-c6-libasyncns/distinfo.i686
  branches/2016Q1/dns/linux-c6-libasyncns/distinfo.x86_64
  branches/2016Q1/emulators/linux-c6/Makefile
  branches/2016Q1/emulators/linux_base-c6/Makefile
  branches/2016Q1/emulators/linux_base-c6/distinfo.i686
  branches/2016Q1/emulators/linux_base-c6/distinfo.x86_64
  branches/2016Q1/emulators/linux_base-c6/pkg-plist.i686
  branches/2016Q1/emulators/linux_base-c6/pkg-plist.x86_64
  branches/2016Q1/ftp/linux-c6-curl/Makefile
  branches/2016Q1/ftp/linux-c6-curl/distinfo.i686
  branches/2016Q1/ftp/linux-c6-curl/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-cairo/Makefile
  branches/2016Q1/graphics/linux-c6-cairo/distinfo.i686
  branches/2016Q1/graphics/linux-c6-cairo/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-dri/Makefile
  branches/2016Q1/graphics/linux-c6-dri/distinfo.i686
  branches/2016Q1/graphics/linux-c6-dri/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-dri/pkg-plist.i686
  branches/2016Q1/graphics/linux-c6-dri/pkg-plist.x86_64
  branches/2016Q1/graphics/linux-c6-dri-compat/distinfo.i686
  branches/2016Q1/graphics/linux-c6-dri-compat/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/Makefile
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/distinfo.i686
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-glx-utils/Makefile
  branches/2016Q1/graphics/linux-c6-glx-utils/distinfo.i686
  branches/2016Q1/graphics/linux-c6-glx-utils/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-jpeg/distinfo.i686
  branches/2016Q1/graphics/linux-c6-jpeg/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-libGLU/Makefile
  branches/2016Q1/graphics/linux-c6-libGLU/distinfo.i686
  branches/2016Q1/graphics/linux-c6-libGLU/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-png/distinfo.i686
  branches/2016Q1/graphics/linux-c6-png/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-sdl_image/distinfo.i686
  branches/2016Q1/graphics/linux-c6-sdl_image/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-sdl_ttf/distinfo.i686
  branches/2016Q1/graphics/linux-c6-sdl_ttf/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-tiff/distinfo.i686
  branches/2016Q1/graphics/linux-c6-tiff/distinfo.x86_64
  branches/2016Q1/lang/linux-c6-tcl85/distinfo.i686
  branches/2016Q1/lang/linux-c6-tcl85/distinfo.x86_64
  branches/2016Q1/multimedia/linux-c6-libtheora/distinfo.i686
  branches/2016Q1/multimedia/linux-c6-libtheora/distinfo.x86_64
  branches/2016Q1/multimedia/linux-c6-libv4l/distinfo.i686
  branches/2016Q1/multimedia/linux-c6-libv4l/distinfo.x86_64
  branches/2016Q1/net/linux-c6-avahi-libs/distinfo.i686
  branches/2016Q1/net/linux-c6-avahi-libs/distinfo.x86_64
  branches/2016Q1/net/linux-c6-openldap/Makefile
  branches/2016Q1/net/linux-c6-openldap/distinfo.i686
  branches/2016Q1/net/linux-c6-openldap/distinfo.x86_64
  branches/2016Q1/net/linux-c6-openldap/pkg-plist.i686
  branches/2016Q1/net/linux-c6-openldap/pkg-plist.x86_64
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/distinfo.i686
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/distinfo.x86_64
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/pkg-plist.i686
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/pkg-plist.x86_64
  branches/2016Q1/net-im/skype4/Makefile
  branches/2016Q1/print/linux-c6-cups-libs/Makefile
  branches/2016Q1/print/linux-c6-cups-libs/distinfo.i686
  branches/2016Q1/print/linux-c6-cups-libs/distinfo.x86_64
  branches/2016Q1/security/linux-c6-cyrus-sasl2/Makefile
  branches/2016Q1/security/linux-c6-cyrus-sasl2/distinfo.i686
  branches/2016Q1/security/linux-c6-cyrus-sasl2/distinfo.x86_64
  branches/2016Q1/security/linux-c6-gnutls/Makefile
  branches/2016Q1/security/linux-c6-gnutls/distinfo.i686
  branches/2016Q1/security/linux-c6-gnutls/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgcrypt/distinfo.i686
  branches/2016Q1/security/linux-c6-libgcrypt/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgpg-error/distinfo.i686
  branches/2016Q1/security/linux-c6-libgpg-error/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgpg-error/pkg-plist
  branches/2016Q1/security/linux-c6-libssh2/Makefile
  branches/2016Q1/security/linux-c6-libssh2/distinfo.i686
  branches/2016Q1/security/linux-c6-libssh2/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libtasn1/distinfo.i686
  branches/2016Q1/security/linux-c6-libtasn1/distinfo.x86_64
  branches/2016Q1/security/linux-c6-nss/Makefile
  branches/2016Q1/security/linux-c6-nss/distinfo.i686
  branches/2016Q1/security/linux-c6-nss/distinfo.x86_64
  branches/2016Q1/security/linux-c6-nss/pkg-plist.x86_64
  branches/2016Q1/security/linux-c6-openssl/Makefile
  branches/2016Q1/security/linux-c6-openssl/distinfo.i686
  branches/2016Q1/security/linux-c6-openssl/distinfo.x86_64
  branches/2016Q1/security/linux-c6-openssl-compat/distinfo.i686
  branches/2016Q1/security/linux-c6-openssl-compat/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-aspell/distinfo.i686
  branches/2016Q1/textproc/linux-c6-aspell/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-expat/distinfo.i686
  branches/2016Q1/textproc/linux-c6-expat/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-libxml2/Makefile
  branches/2016Q1/textproc/linux-c6-libxml2/distinfo.i686
  branches/2016Q1/textproc/linux-c6-libxml2/distinfo.x86_64
  branches/2016Q1/www/linux-c6-flashplugin11/Makefile
  branches/2016Q1/www/linux-c6-flashplugin11/distinfo.x86_64
  branches/2016Q1/www/linux-c6-qt47-webkit/Makefile
  branches/2016Q1/www/linux-f10-flashplugin11/Makefile
  branches/2016Q1/x11/linux-c6-xorg-libs/Makefile
  branches/2016Q1/x11/linux-c6-xorg-libs/distinfo.i686
  branches/2016Q1/x11/linux-c6-xorg-libs/distinfo.x86_64
  branches/2016Q1/x11-fonts/linux-c6-fontconfig/distinfo.i686
  branches/2016Q1/x11-fonts/linux-c6-fontconfig/distinfo.x86_64
  branches/2016Q1/x11-themes/linux-c6-hicolor-icon-theme/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-openmotif/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-openmotif/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-pango/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-pango/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-pango/pkg-plist.i686
  branches/2016Q1/x11-toolkits/linux-c6-pango/pkg-plist.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-qt47-x11/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-tk85/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-tk85/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-tk85/pkg-plist.x86_64
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-02-18 03:05:38 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Feb 18 03:04:39 UTC 2016
New revision: 409084
URL: https://svnweb.freebsd.org/changeset/ports/409084

Log:
  Document Linux glibc crash/code execution via crafted DNS responses

  PR:		207272
  Submitted by:	Johannes Jost Meixner <johannes@meixner.dk>
  Security:	CVE-2015-7547
  Security:	https://vuxml.FreeBSD.org/freebsd/2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28.html

Changes:
  head/security/vuxml/vuln.xml
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-02-18 03:08:36 UTC 
I see from http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/10/SRPMS/glibc-2.9-3.src.rpm that is the impacted version as well.  Is there a timeline set for hard deprecation/forbidden on the -f10 ports?
Comment 7 Johannes Jost Meixner freebsd_committer freebsd_triage 2016-02-18 19:44:59 UTC 
Not that I know of.

Let me spawn a thread in the emulation@ list.
Comment 8 Johannes Jost Meixner freebsd_committer freebsd_triage 2016-02-20 15:28:40 UTC 
Merged into ports/head and ports/branches/2016Q1