Page MenuHomeFreeBSD
Files F156930320

D37241.diff
No OneTemporary
Actions

D37241.diff
View Options

diff --git a/documentation/content/en/books/handbook/eresources/_index.adoc b/documentation/content/en/books/handbook/eresources/_index.adoc
--- a/documentation/content/en/books/handbook/eresources/_index.adoc
+++ b/documentation/content/en/books/handbook/eresources/_index.adoc
@@ -491,119 +491,6 @@
|All changes to all stable branches of the src repository
|===
-_SVN lists:_ The following lists are for people interested in seeing the SVN log messages for changes to various areas of the source tree.
-
-[NOTE]
-====
-Only SVN log messages are sent to SVN lists.
-After the SVN to Git Migration, the following lists no longer receive new commit messages and are unavailable for subscribing.
-The lists' addresses are pointing to their respective archives.
-====
-
-[.informaltable]
-[cols="20%,20%,60%", frame="none", options="header"]
-|===
-| List
-| Source area
-| Area Description (source for)
-
-|link:{svn-doc-all-url}[svn-doc-all]
-|[.filename]#/usr/doc#
-|All changes to the doc Subversion repository (except for [.filename]#user#, [.filename]#projects# and [.filename]#translations#)
-
-|link:{svn-doc-head-url}[svn-doc-head]
-|[.filename]#/usr/doc#
-|All changes to the "head" branch of the doc Subversion repository
-
-|link:{svn-doc-projects-url}[svn-doc-projects]
-|[.filename]#/usr/doc/projects#
-|All changes to the [.filename]#projects# area of the doc Subversion repository
-
-|link:{svn-doc-svnadmin-url}[svn-doc-svnadmin]
-|[.filename]#/usr/doc#
-|All changes to the administrative scripts, hooks, and other configuration data of the doc Subversion repository
-
-|link:{svn-ports-all-url}[svn-ports-all]
-|[.filename]#/usr/ports#
-|All changes to the ports Subversion repository
-
-|link:{svn-ports-head-url}[svn-ports-head]
-|[.filename]#/usr/ports#
-|All changes to the "head" branch of the ports Subversion repository
-
-|link:{svn-ports-svnadmin-url}[svn-ports-svnadmin]
-|[.filename]#/usr/ports#
-|All changes to the administrative scripts, hooks, and other configuration data of the ports Subversion repository
-
-|link:{svn-src-all-url}[svn-src-all]
-|[.filename]#/usr/src#
-|All changes to the src Subversion repository (except for [.filename]#user# and [.filename]#projects#)
-
-|link:{svn-src-head-url}[svn-src-head]
-|[.filename]#/usr/src#
-|All changes to the "head" branch of the src Subversion repository (the FreeBSD-CURRENT branch)
-
-|link:{svn-src-projects-url}[svn-src-projects]
-|[.filename]#/usr/projects#
-|All changes to the [.filename]#projects# area of the src Subversion repository
-
-|link:{svn-src-release-url}[svn-src-release]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#releases# area of the src Subversion repository
-
-|link:{svn-src-releng-url}[svn-src-releng]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#releng# branches of the src Subversion repository (the security / release engineering branches)
-
-|link:{svn-src-stable-url}[svn-src-stable]
-|[.filename]#/usr/src#
-|All changes to the all stable branches of the src Subversion repository
-
-|link:{svn-src-stable-6-url}[svn-src-stable-6]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/6# branch of the src Subversion repository
-
-|link:{svn-src-stable-7-url}[svn-src-stable-7]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/7# branch of the src Subversion repository
-
-|link:{svn-src-stable-8-url}[svn-src-stable-8]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/8# branch of the src Subversion repository
-
-|link:{svn-src-stable-9-url}[svn-src-stable-9]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/9# branch of the src Subversion repository
-
-|link:{svn-src-stable-10-url}[svn-src-stable-10]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/10# branch of the src Subversion repository
-
-|link:{svn-src-stable-11-url}[svn-src-stable-11]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/11# branch of the src Subversion repository
-
-|link:{svn-src-stable-12-url}[svn-src-stable-12]
-|[.filename]#/usr/src#
-|All changes to the [.filename]#stable/12# branch of the src Subversion repository
-
-|link:{svn-src-stable-other-url}[svn-src-stable-other]
-|[.filename]#/usr/src#
-|All changes to the older [.filename]#stable# branches of the src Subversion repository
-
-|link:{svn-src-svnadmin-url}[svn-src-svnadmin]
-|[.filename]#/usr/src#
-|All changes to the administrative scripts, hooks, and other configuration data of the src Subversion repository
-
-|link:{svn-src-user-url}[svn-src-user]
-|[.filename]#/usr/src#
-|All changes to the experimental [.filename]#user# area of the src Subversion repository
-
-|link:{svn-src-vendor-url}[svn-src-vendor]
-|[.filename]#/usr/src#
-|All changes to the vendor work area of the src Subversion repository
-|===
-
[[eresources-subscribe]]
=== How to Subscribe
diff --git a/documentation/content/en/books/handbook/glossary.adoc b/documentation/content/en/books/handbook/glossary.adoc
--- a/documentation/content/en/books/handbook/glossary.adoc
+++ b/documentation/content/en/books/handbook/glossary.adoc
@@ -845,8 +845,6 @@
It allows the storage, retrieval, archival, logging, identification and merging of multiple revisions for each file.
RCS consists of many small tools that work together.
It lacks some of the features found in more modern revision control systems, like Git, but it is very simple to install, configure, and start using for a small set of files.
-+
-See <<svn-glossary,Also Subversion>>.
[[rd-glossary]]
Received Data::
@@ -919,9 +917,6 @@
STR::
See <<str-glossary,Suspend To RAM>>.
-SVN::
-See <<svn-glossary,Subversion>>.
-
[[smtpauth-glossary]]
SMTP Authentication::
{empty}
@@ -946,10 +941,6 @@
Small Computer System Interface::
{empty}
-[[svn-glossary]]
-Subversion::
-Subversion is a version control system currently used by the FreeBSD project.
-
[[str-glossary]]
Suspend To RAM::
{empty}
diff --git a/documentation/content/en/books/handbook/mirrors/_index.adoc b/documentation/content/en/books/handbook/mirrors/_index.adoc
--- a/documentation/content/en/books/handbook/mirrors/_index.adoc
+++ b/documentation/content/en/books/handbook/mirrors/_index.adoc
@@ -415,141 +415,6 @@
These are also published as SSHFP records in DNS.
-[[svn]]
-== Using Subversion
-
-[[svn-intro]]
-=== Introduction
-
-As of December 2020, FreeBSD uses git as the primary version control system for storing all of FreeBSD's source code and documentation.
-Changes from the git repo on the `stable/11`, `stable/12` and related releng branches are exported to the subversion repository.
-This export will continue through the life of these branches.
-From July 2012 to March 2021, FreeBSD used Subversion as the only version control system for storing all of FreeBSD's Ports Collection.
-As of April 2021, FreeBSD uses git as the only version control system for storing all of FreeBSD's Ports Collection.
-
-[NOTE]
-====
-Subversion is generally a developer tool.
-Users may prefer to use `freebsd-update` (crossref:cutting-edge[updating-upgrading-freebsdupdate,“FreeBSD Update”]) to update the FreeBSD base system, and `git` (crossref:ports[ports-using,“Using the Ports Collection”]) to update the FreeBSD Ports Collection.
-After March 2021, subversion use is only for legacy branches (`stable/11` and `stable/12`).
-====
-
-This section demonstrates how to install Subversion on a FreeBSD system and use it to create a local copy of a FreeBSD repository. Additional information on the use of Subversion is included.
-
-[[svn-svnlite]]
-=== Svnlite
-
-A lightweight version of Subversion is already installed on FreeBSD as `svnlite`.
-The port or package version of Subversion is only needed if the Python or Perl API is needed, or if a later version of Subversion is desired.
-
-The only difference from normal Subversion use is that the command name is `svnlite`.
-
-[[svn-install]]
-=== Installation
-
-If `svnlite` is unavailable or the full version of Subversion is needed, then it must be installed.
-
-Subversion can be installed from the Ports Collection:
-
-[source,shell]
-....
-# cd /usr/ports/devel/subversion
-# make install clean
-....
-
-Subversion can also be installed as a package:
-
-[source,shell]
-....
-# pkg install subversion
-....
-
-[[svn-usage]]
-=== Running Subversion
-
-To fetch a clean copy of the sources into a local directory, use `svn`.
-The files in this directory are called a _local working copy_.
-
-[WARNING]
-====
-Move or delete an existing destination directory before using `checkout` for the first time.
-Checkout over an existing non-`svn` directory can cause conflicts between the existing files and those brought in from the repository.
-====
-
-Subversion uses URLs to designate a repository, taking the form of _protocol://hostname/path_.
-The first component of the path is the FreeBSD repository to access.
-There are three different repositories, `base` for the FreeBSD base system source code, `ports` for the Ports Collection, and `doc` for documentation.
-For example, the URL `https://svn.FreeBSD.org/base/head/` specifies the main branch of the src repository, using the `https` protocol.
-
-A checkout from a given repository is performed with a command like this:
-
-[source,shell]
-....
-# svn checkout https://svn.FreeBSD.org/repository/branch lwcdir
-....
-
-where:
-
-* _repository_ is one of the Project repositories: `base`, `ports`, or `doc`.
-* _branch_ depends on the repository used. `ports` and `doc` are mostly updated in the `head` branch, while `base` maintains the latest version of -CURRENT under `head` and the respective latest versions of the -STABLE branches under `stable/11` (11._x_) and `stable/12` (12._x_).
-* _lwcdir_ is the target directory where the contents of the specified branch should be placed. This is usually [.filename]#/usr/ports# for `ports`, [.filename]#/usr/src# for `base`, and [.filename]#/usr/doc# for `doc`.
-
-This example checks out the Source Tree from the FreeBSD repository using the HTTPS protocol, placing the local working copy in [.filename]#/usr/src#.
-If [.filename]#/usr/src# is already present but was not created by `svn`, remember to rename or delete it before the checkout.
-
-[source,shell]
-....
-# svn checkout https://svn.FreeBSD.org/base/head /usr/src
-....
-
-Because the initial checkout must download the full branch of the remote repository, it can take a while.
-Please be patient.
-
-After the initial checkout, the local working copy can be updated by running:
-
-[source,shell]
-....
-# svn update lwcdir
-....
-
-To update [.filename]#/usr/src# created in the example above, use:
-
-[source,shell]
-....
-# svn update /usr/src
-....
-
-The update is much quicker than a checkout, only transferring files that have changed.
-
-An alternate way of updating the local working copy after checkout is provided by the [.filename]#Makefile# in the [.filename]#/usr/ports#, [.filename]#/usr/src#, and [.filename]#/usr/doc# directories.
-Set `SVN_UPDATE` and use the `update` target.
-For example, to update [.filename]#/usr/src#:
-
-[source,shell]
-....
-# cd /usr/src
-# make update SVN_UPDATE=yes
-....
-
-[[svn-mirrors]]
-=== Subversion Mirror Sites
-
-The FreeBSD Subversion repository is:
-
-[.programlisting]
-....
-svn.FreeBSD.org
-....
-
-This is a publicly accessible mirror network that uses GeoDNS to select an appropriate back end server.
-To view the FreeBSD Subversion repositories through a browser, use https://svnweb.FreeBSD.org/[https://svnweb.FreeBSD.org/].
-
-HTTPS is the preferred protocol, but the [.filename]#security/ca_root_nss# package will need to be installed in order to automatically validate certificates.
-
-=== For More Information
-
-For other information about using Subversion, please see the "Subversion Book", titled http://svnbook.red-bean.com/[Version Control with Subversion], or the http://subversion.apache.org/docs/[Subversion Documentation].
-
[[mirrors-cdrom]]
== CD and DVD Sets
diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc
--- a/documentation/content/en/books/handbook/security/_index.adoc
+++ b/documentation/content/en/books/handbook/security/_index.adoc
@@ -2064,61 +2064,68 @@
[.programlisting]
....
-=============================================================================
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
-FreeBSD-SA-14:04.bind Security Advisory
+FreeBSD-SA-22:13.zlib Security Advisory
The FreeBSD Project
-Topic: BIND remote denial of service vulnerability
+Topic: zlib heap buffer overflow
Category: contrib
-Module: bind
-Announced: 2014-01-14
-Credits: ISC
-Affects: FreeBSD 8.x and FreeBSD 9.x
-Corrected: 2014-01-14 19:38:37 UTC (stable/9, 9.2-STABLE)
- 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
- 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
- 2014-01-14 19:38:37 UTC (stable/8, 8.4-STABLE)
- 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
- 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)
-CVE Name: CVE-2014-0591
+Module: zlib
+Announced: 2022-08-30
+Credits: Evgeny Legerov of @intevydis
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-08-09 14:40:35 UTC (stable/13, 13.1-STABLE)
+ 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2)
+ 2022-08-30 22:57:49 UTC (releng/13.0, 13.0-RELEASE-p13)
+ 2022-08-09 14:45:04 UTC (stable/12, 12.3-STABLE)
+ 2022-08-30 23:16:45 UTC (releng/12.3, 12.3-RELEASE-p7)
+CVE Name: CVE-2022-37434
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
-following sections, please visit <URL:http://security.FreeBSD.org/>.
+following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
-BIND 9 is an implementation of the Domain Name System (DNS) protocols.
-The named(8) daemon is an Internet Domain Name Server.
+zlib is a software library implementing compression and decompression.
+It is used in various places in the FreeBSD kernel and userland.
II. Problem Description
-Because of a defect in handling queries for NSEC3-signed zones, BIND can
-crash with an "INSIST" failure in name.c when processing queries possessing
-certain properties. This issue only affects authoritative nameservers with
-at least one NSEC3-signed zone. Recursive-only servers are not at risk.
+zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
+in inflate in inflate.c via a large gzip header extra field.
III. Impact
-An attacker who can send a specially crafted query could cause named(8)
-to crash, resulting in a denial of service.
+Applications that call inflateGetHeader may be vulnerable to a buffer
+overflow. Note that inflateGetHeader is not used by anything in the
+FreeBSD base system, but may be used by third party software.
IV. Workaround
-No workaround is available, but systems not running authoritative DNS service
-with at least one NSEC3-signed zone using named(8) are not vulnerable.
+No workaround is available, but applications that do not call
+inflateGetHeader are not vulnerable.
V. Solution
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+restart daemons if necessary.
+
Perform one of the following:
-1) Upgrade your vulnerable system to a supported FreeBSD stable or
-release / security branch (releng) dated after the correction date.
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
2) To update your vulnerable system via a source code patch:
@@ -2128,52 +2135,54 @@
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
-[FreeBSD 8.3, 8.4, 9.1, 9.2-RELEASE and 8.4-STABLE]
-# fetch http://security.FreeBSD.org/patches/SA-14:04/bind-release.patch
-# fetch http://security.FreeBSD.org/patches/SA-14:04/bind-release.patch.asc
-# gpg --verify bind-release.patch.asc
+# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch.asc
+# gpg --verify zlib.patch.asc
-[FreeBSD 9.2-STABLE]
-# fetch http://security.FreeBSD.org/patches/SA-14:04/bind-stable-9.patch
-# fetch http://security.FreeBSD.org/patches/SA-14:04/bind-stable-9.patch.asc
-# gpg --verify bind-stable-9.patch.asc
-
-b) Execute the following commands as root:
+b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
-Recompile the operating system using buildworld and installworld as
+c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
-Restart the applicable daemons, or reboot the system.
-
-3) To update your vulnerable system via a binary patch:
-
-Systems running a RELEASE version of FreeBSD on the i386 or amd64
-platforms can be updated via the man:freebsd-update[8] utility:
-
-# freebsd-update fetch
-# freebsd-update install
+Restart all daemons that use the library, or reboot the system.
VI. Correction details
-The following list contains the correction revision numbers for each
-affected branch.
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
-Branch/path Revision
+Branch/path Hash Revision
- -------------------------------------------------------------------------
-stable/8/ r260646
-releng/8.3/ r260647
-releng/8.4/ r260647
-stable/9/ r260646
-releng/9.1/ r260647
-releng/9.2/ r260647
+stable/13/ 10cc2bf5f7a5 stable/13-n252073
+releng/13.1/ 289231c9634a releng/13.1-n250156
+releng/13.0/ 77cd23716ffb releng/13.0-n244808
+stable/12/ r372370
+releng/12.3/ r372460
- -------------------------------------------------------------------------
-To see which files were modified by a particular revision, run the
-following command, replacing NNNNNN with the revision number, on a
-machine with Subversion installed:
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
@@ -2183,27 +2192,25 @@
VII. References
-<URL:https://kb.isc.org/article/AA-01078>
-
-<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434>
The latest revision of this advisory is available at
-<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:04.bind.asc>
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:13.zlib.asc>
-----BEGIN PGP SIGNATURE-----
-iQIcBAEBCgAGBQJS1ZTYAAoJEO1n7NZdz2rnOvQP/2/68/s9Cu35PmqNtSZVVxVG
-ZSQP5EGWx/lramNf9566iKxOrLRMq/h3XWcC4goVd+gZFrvITJSVOWSa7ntDQ7TO
-XcinfRZ/iyiJbs/Rg2wLHc/t5oVSyeouyccqODYFbOwOlk35JjOTMUG1YcX+Zasg
-ax8RV+7Zt1QSBkMlOz/myBLXUjlTZ3Xg2FXVsfFQW5/g2CjuHpRSFx1bVNX6ysoG
-9DT58EQcYxIS8WfkHRbbXKh9I1nSfZ7/Hky/kTafRdRMrjAgbqFgHkYTYsBZeav5
-fYWKGQRJulYfeZQ90yMTvlpF42DjCC3uJYamJnwDIu8OhS1WRBI8fQfr9DRzmRua
-OK3BK9hUiScDZOJB6OqeVzUTfe7MAA4/UwrDtTYQ+PqAenv1PK8DZqwXyxA9ThHb
-zKO3OwuKOVHJnKvpOcr+eNwo7jbnHlis0oBksj/mrq2P9m2ueF9gzCiq5Ri5Syag
-Wssb1HUoMGwqU0roS8+pRpNC8YgsWpsttvUWSZ8u6Vj/FLeHpiV3mYXPVMaKRhVm
-067BA2uj4Th1JKtGleox+Em0R7OFbCc/9aWC67wiqI6KRyit9pYiF3npph+7D5Eq
-7zPsUdDd+qc+UTiLp3liCRp5w6484wWdhZO6wRtmUgxGjNkxFoNnX8CitzF8AaqO
-UWWemqWuz3lAZuORQ9KX
-=OQzQ
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoG4ACgkQ05eS9J6n
+5cIITA//WMND8i3L8agw4QBMZTmL8M6bbbKK+eua7bhH4MNxguruULwcWNoHvhuO
++ebgomd4cWlPfY2TJcpd9OCXCjuMGMLvwE6XmPlGzW5DuMdD893wWPdsYJtDK+6p
+yMSihFyZP+ELWFbLeO3SFedRRKBQiDEmO3X2oOR1Ukj5wjsUOFPv0/dLphyBiq3t
+3tn/0O9NfAmyONvHSozoVs34MIFC9Qc/8oxlp5wKjomFn6OifPRwNu4yeWDfVL/c
+11IwotsKNTR6QNckdNBwbFC2NwdWfl8Tqv7gbJ3PhXDlzCDC5hOQoIeOol3Nf8et
+9+FjCr9y/jTH0tzEHCgevO3U711UZYIu2s+STHTlJRNly/n+2CMG+YOn1XkKtu6A
+4x4Pw+YRHl5VesQCNcJOkwVwRiyrirp5yOaaUPhSKo0teykypgV/WS9Z1U0VVfGP
+xgxJ7ElcT2HoNiz06QUSG374dPyEBKqoZTo/g2tJ0mL17JLW7IAtlUpIHzU475YR
+1itARL0z7O3bbUa/h35LxRTCxT2Ojt0qZO9WsS4dIraz2gb8QbHkgUXETnLAx9Ih
+UwaPrLGkzqpMjkQFASDS+LeacFOZARdxT/tUFwTRCQI27Aujl1OJzy7t0drL5I9f
+pO529OH4plSsT0x4j89tAUZxIHB2RQet94777vP4T0J5UcBegxc=
+=y87U
-----END PGP SIGNATURE-----
....

File Metadata

Mime Type
text/plain
Expires
Mon, May 18, 10:51 AM (1 h, 43 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
33203391
Default Alt Text
D37241.diff (21 KB)

Event Timeline