Bug 207272

Summary: emulators/linux_base-c6: fix CVE-2015-7547
Product: Ports & Packages Reporter: Johannes Jost Meixner <xmj>
Component: Individual Port(s)Assignee: freebsd-emulation (Nobody) <emulation>
Status: Closed FIXED    
Severity: Affects Only Me CC: junovitch, pi
Priority: --- Flags: bugzilla: maintainer-feedback? (emulation)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
fix cve
none
fix cve
none
add vuxml entry none

Description Johannes Jost Meixner freebsd_committer 2016-02-17 09:22:11 UTC
Created attachment 167106 [details]
fix cve

Patch attached fixes the getaddrinfo stack-based buffer-overflow vulnerability dubbed CVE-2015-7547.

I've run it through testport for the x86_64 and i686 case, works fine.
Comment 1 Johannes Jost Meixner freebsd_committer 2016-02-17 18:18:06 UTC
Created attachment 167115 [details]
fix cve

Fix CVE *and* bump portversion
Comment 2 commit-hook freebsd_committer 2016-02-17 18:25:57 UTC
A commit references this bug:

Author: des
Date: Wed Feb 17 18:25:44 UTC 2016
New revision: 409060
URL: https://svnweb.freebsd.org/changeset/ports/409060

Log:
  Update glibc and glibc-common to latest version

  PR:		207272
  Submitted by:	Johannes Jost Meixner <johannes@meixner.dk>
  MFH:		2016Q1
  Security:	CVE-2015-7547

Changes:
  head/emulators/linux_base-c6/Makefile
  head/emulators/linux_base-c6/distinfo.i686
  head/emulators/linux_base-c6/distinfo.x86_64
Comment 3 Johannes Jost Meixner freebsd_committer 2016-02-17 18:29:19 UTC
Created attachment 167116 [details]
add vuxml entry
Comment 4 commit-hook freebsd_committer 2016-02-18 00:14:22 UTC
A commit references this bug:

Author: des
Date: Thu Feb 18 00:13:41 UTC 2016
New revision: 409078
URL: https://svnweb.freebsd.org/changeset/ports/409078

Log:
  Upgrade to CentOS 6.7 including fix for CVE-2015-7547.  Include earlier
  commits as needed to reduce merge conflicts, plus a few cleanup commits.

  This commit merges revisions 405244, 405560, 405637, 405641, 405643,
  406201, 406224, 406230, 406231, 406233, 407537 and 409060 from head.

  PR:		207272
  Security:	CVE-2015-7547
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/MOVED
  branches/2016Q1/Mk/bsd.linux-apps.mk
  branches/2016Q1/Mk/bsd.linux-rpm.mk
  branches/2016Q1/Mk/bsd.port.mk
  branches/2016Q1/accessibility/linux-c6-atk/Makefile
  branches/2016Q1/accessibility/linux-c6-atk/distinfo.i686
  branches/2016Q1/accessibility/linux-c6-atk/distinfo.x86_64
  branches/2016Q1/astro/google-earth/Makefile
  branches/2016Q1/audio/linux-c6-alsa-lib/Makefile
  branches/2016Q1/audio/linux-c6-alsa-lib/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-lib/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/Makefile
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-plugins-oss/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/Makefile
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-plugins-pulseaudio/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-alsa-utils/Makefile
  branches/2016Q1/audio/linux-c6-alsa-utils/distinfo.i686
  branches/2016Q1/audio/linux-c6-alsa-utils/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-arts/distinfo.i686
  branches/2016Q1/audio/linux-c6-arts/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-esound/distinfo.i686
  branches/2016Q1/audio/linux-c6-esound/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-flac/Makefile
  branches/2016Q1/audio/linux-c6-flac/distinfo.i686
  branches/2016Q1/audio/linux-c6-flac/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libaudiofile/distinfo.i686
  branches/2016Q1/audio/linux-c6-libaudiofile/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libogg/distinfo.i686
  branches/2016Q1/audio/linux-c6-libogg/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libsndfile/distinfo.i686
  branches/2016Q1/audio/linux-c6-libsndfile/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-libvorbis/distinfo.i686
  branches/2016Q1/audio/linux-c6-libvorbis/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-mikmod/distinfo.i686
  branches/2016Q1/audio/linux-c6-mikmod/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.i386
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.i686
  branches/2016Q1/audio/linux-c6-nas-libs/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-openal-soft/distinfo.i686
  branches/2016Q1/audio/linux-c6-openal-soft/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/Makefile
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/distinfo.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/pkg-plist.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-libs/pkg-plist.x86_64
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/Makefile
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/distinfo.i686
  branches/2016Q1/audio/linux-c6-pulseaudio-utils/distinfo.x86_64
  branches/2016Q1/audio/linux-c6-sdl_mixer/distinfo.i686
  branches/2016Q1/audio/linux-c6-sdl_mixer/distinfo.x86_64
  branches/2016Q1/comms/kvasd/Makefile
  branches/2016Q1/databases/linux-c6-sqlite3/Makefile
  branches/2016Q1/databases/linux-c6-sqlite3/distinfo.i686
  branches/2016Q1/databases/linux-c6-sqlite3/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-dbus-glib/distinfo.i686
  branches/2016Q1/devel/linux-c6-dbus-glib/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-dbus-libs/Makefile
  branches/2016Q1/devel/linux-c6-dbus-libs/distinfo.i686
  branches/2016Q1/devel/linux-c6-dbus-libs/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-devtools/Makefile
  branches/2016Q1/devel/linux-c6-devtools/distinfo.i686
  branches/2016Q1/devel/linux-c6-devtools/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-devtools/pkg-plist.i686
  branches/2016Q1/devel/linux-c6-devtools/pkg-plist.x86_64
  branches/2016Q1/devel/linux-c6-libgfortran/Makefile
  branches/2016Q1/devel/linux-c6-libgfortran/distinfo.i686
  branches/2016Q1/devel/linux-c6-libgfortran/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libglade2/distinfo.i686
  branches/2016Q1/devel/linux-c6-libglade2/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libpciaccess/distinfo.i686
  branches/2016Q1/devel/linux-c6-libpciaccess/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-libsigc++20/distinfo.i686
  branches/2016Q1/devel/linux-c6-libsigc++20/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-ncurses-base/Makefile
  branches/2016Q1/devel/linux-c6-ncurses-base/distinfo.i686
  branches/2016Q1/devel/linux-c6-ncurses-base/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-nspr/Makefile
  branches/2016Q1/devel/linux-c6-nspr/distinfo.i686
  branches/2016Q1/devel/linux-c6-nspr/distinfo.x86_64
  branches/2016Q1/devel/linux-c6-sdl12/Makefile
  branches/2016Q1/devel/linux-c6-sdl12/distinfo.i686
  branches/2016Q1/devel/linux-c6-sdl12/distinfo.x86_64
  branches/2016Q1/dns/linux-c6-libasyncns/distinfo.i686
  branches/2016Q1/dns/linux-c6-libasyncns/distinfo.x86_64
  branches/2016Q1/emulators/linux-c6/Makefile
  branches/2016Q1/emulators/linux_base-c6/Makefile
  branches/2016Q1/emulators/linux_base-c6/distinfo.i686
  branches/2016Q1/emulators/linux_base-c6/distinfo.x86_64
  branches/2016Q1/emulators/linux_base-c6/pkg-plist.i686
  branches/2016Q1/emulators/linux_base-c6/pkg-plist.x86_64
  branches/2016Q1/ftp/linux-c6-curl/Makefile
  branches/2016Q1/ftp/linux-c6-curl/distinfo.i686
  branches/2016Q1/ftp/linux-c6-curl/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-cairo/Makefile
  branches/2016Q1/graphics/linux-c6-cairo/distinfo.i686
  branches/2016Q1/graphics/linux-c6-cairo/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-dri/Makefile
  branches/2016Q1/graphics/linux-c6-dri/distinfo.i686
  branches/2016Q1/graphics/linux-c6-dri/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-dri/pkg-plist.i686
  branches/2016Q1/graphics/linux-c6-dri/pkg-plist.x86_64
  branches/2016Q1/graphics/linux-c6-dri-compat/distinfo.i686
  branches/2016Q1/graphics/linux-c6-dri-compat/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/Makefile
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/distinfo.i686
  branches/2016Q1/graphics/linux-c6-gdk-pixbuf2/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-glx-utils/Makefile
  branches/2016Q1/graphics/linux-c6-glx-utils/distinfo.i686
  branches/2016Q1/graphics/linux-c6-glx-utils/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-jpeg/distinfo.i686
  branches/2016Q1/graphics/linux-c6-jpeg/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-libGLU/Makefile
  branches/2016Q1/graphics/linux-c6-libGLU/distinfo.i686
  branches/2016Q1/graphics/linux-c6-libGLU/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-png/distinfo.i686
  branches/2016Q1/graphics/linux-c6-png/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-sdl_image/distinfo.i686
  branches/2016Q1/graphics/linux-c6-sdl_image/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-sdl_ttf/distinfo.i686
  branches/2016Q1/graphics/linux-c6-sdl_ttf/distinfo.x86_64
  branches/2016Q1/graphics/linux-c6-tiff/distinfo.i686
  branches/2016Q1/graphics/linux-c6-tiff/distinfo.x86_64
  branches/2016Q1/lang/linux-c6-tcl85/distinfo.i686
  branches/2016Q1/lang/linux-c6-tcl85/distinfo.x86_64
  branches/2016Q1/multimedia/linux-c6-libtheora/distinfo.i686
  branches/2016Q1/multimedia/linux-c6-libtheora/distinfo.x86_64
  branches/2016Q1/multimedia/linux-c6-libv4l/distinfo.i686
  branches/2016Q1/multimedia/linux-c6-libv4l/distinfo.x86_64
  branches/2016Q1/net/linux-c6-avahi-libs/distinfo.i686
  branches/2016Q1/net/linux-c6-avahi-libs/distinfo.x86_64
  branches/2016Q1/net/linux-c6-openldap/Makefile
  branches/2016Q1/net/linux-c6-openldap/distinfo.i686
  branches/2016Q1/net/linux-c6-openldap/distinfo.x86_64
  branches/2016Q1/net/linux-c6-openldap/pkg-plist.i686
  branches/2016Q1/net/linux-c6-openldap/pkg-plist.x86_64
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/distinfo.i686
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/distinfo.x86_64
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/pkg-plist.i686
  branches/2016Q1/net/linux-c6-tcp_wrappers-libs/pkg-plist.x86_64
  branches/2016Q1/net-im/skype4/Makefile
  branches/2016Q1/print/linux-c6-cups-libs/Makefile
  branches/2016Q1/print/linux-c6-cups-libs/distinfo.i686
  branches/2016Q1/print/linux-c6-cups-libs/distinfo.x86_64
  branches/2016Q1/security/linux-c6-cyrus-sasl2/Makefile
  branches/2016Q1/security/linux-c6-cyrus-sasl2/distinfo.i686
  branches/2016Q1/security/linux-c6-cyrus-sasl2/distinfo.x86_64
  branches/2016Q1/security/linux-c6-gnutls/Makefile
  branches/2016Q1/security/linux-c6-gnutls/distinfo.i686
  branches/2016Q1/security/linux-c6-gnutls/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgcrypt/distinfo.i686
  branches/2016Q1/security/linux-c6-libgcrypt/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgpg-error/distinfo.i686
  branches/2016Q1/security/linux-c6-libgpg-error/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libgpg-error/pkg-plist
  branches/2016Q1/security/linux-c6-libssh2/Makefile
  branches/2016Q1/security/linux-c6-libssh2/distinfo.i686
  branches/2016Q1/security/linux-c6-libssh2/distinfo.x86_64
  branches/2016Q1/security/linux-c6-libtasn1/distinfo.i686
  branches/2016Q1/security/linux-c6-libtasn1/distinfo.x86_64
  branches/2016Q1/security/linux-c6-nss/Makefile
  branches/2016Q1/security/linux-c6-nss/distinfo.i686
  branches/2016Q1/security/linux-c6-nss/distinfo.x86_64
  branches/2016Q1/security/linux-c6-nss/pkg-plist.x86_64
  branches/2016Q1/security/linux-c6-openssl/Makefile
  branches/2016Q1/security/linux-c6-openssl/distinfo.i686
  branches/2016Q1/security/linux-c6-openssl/distinfo.x86_64
  branches/2016Q1/security/linux-c6-openssl-compat/distinfo.i686
  branches/2016Q1/security/linux-c6-openssl-compat/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-aspell/distinfo.i686
  branches/2016Q1/textproc/linux-c6-aspell/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-expat/distinfo.i686
  branches/2016Q1/textproc/linux-c6-expat/distinfo.x86_64
  branches/2016Q1/textproc/linux-c6-libxml2/Makefile
  branches/2016Q1/textproc/linux-c6-libxml2/distinfo.i686
  branches/2016Q1/textproc/linux-c6-libxml2/distinfo.x86_64
  branches/2016Q1/www/linux-c6-flashplugin11/Makefile
  branches/2016Q1/www/linux-c6-flashplugin11/distinfo.x86_64
  branches/2016Q1/www/linux-c6-qt47-webkit/Makefile
  branches/2016Q1/www/linux-f10-flashplugin11/Makefile
  branches/2016Q1/x11/linux-c6-xorg-libs/Makefile
  branches/2016Q1/x11/linux-c6-xorg-libs/distinfo.i686
  branches/2016Q1/x11/linux-c6-xorg-libs/distinfo.x86_64
  branches/2016Q1/x11-fonts/linux-c6-fontconfig/distinfo.i686
  branches/2016Q1/x11-fonts/linux-c6-fontconfig/distinfo.x86_64
  branches/2016Q1/x11-themes/linux-c6-hicolor-icon-theme/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-gtk2/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-openmotif/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-openmotif/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-pango/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-pango/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-pango/pkg-plist.i686
  branches/2016Q1/x11-toolkits/linux-c6-pango/pkg-plist.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-qt47-x11/Makefile
  branches/2016Q1/x11-toolkits/linux-c6-tk85/distinfo.i686
  branches/2016Q1/x11-toolkits/linux-c6-tk85/distinfo.x86_64
  branches/2016Q1/x11-toolkits/linux-c6-tk85/pkg-plist.x86_64
Comment 5 commit-hook freebsd_committer 2016-02-18 03:05:38 UTC
A commit references this bug:

Author: junovitch
Date: Thu Feb 18 03:04:39 UTC 2016
New revision: 409084
URL: https://svnweb.freebsd.org/changeset/ports/409084

Log:
  Document Linux glibc crash/code execution via crafted DNS responses

  PR:		207272
  Submitted by:	Johannes Jost Meixner <johannes@meixner.dk>
  Security:	CVE-2015-7547
  Security:	https://vuxml.FreeBSD.org/freebsd/2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28.html

Changes:
  head/security/vuxml/vuln.xml
Comment 6 Jason Unovitch freebsd_committer 2016-02-18 03:08:36 UTC
I see from http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/10/SRPMS/glibc-2.9-3.src.rpm that is the impacted version as well.  Is there a timeline set for hard deprecation/forbidden on the -f10 ports?
Comment 7 Johannes Jost Meixner freebsd_committer 2016-02-18 19:44:59 UTC
Not that I know of.

Let me spawn a thread in the emulation@ list.
Comment 8 Johannes Jost Meixner freebsd_committer 2016-02-20 15:28:40 UTC
Merged into ports/head and ports/branches/2016Q1