freebsd-skq/contrib
Xin LI 780179e871 The rmt client in GNU cpio could have a heap overflow when a malicious
remote tape service returns deliberately crafted packets containing
more data than requested.

Fix this by checking the returned amount of data and bail out when it
is more than what we requested.

PR:		gnu/145010
Submitted by:	naddy
Reviewed by:	imp
MFC after:	immediately
Security:	CVE-2010-0624
2010-03-25 20:02:54 +00:00
..
amd Remove build timestamps from the following files: 2009-07-11 22:30:37 +00:00
bind9 Update to 9.6.2-P1, the latest patchfix release which deals with 2010-03-18 19:00:35 +00:00
binutils Push mips support into the tree. 2008-12-11 08:22:20 +00:00
bsnmp Fix typo in macro name and macro usage. 2010-03-12 11:05:37 +00:00
bzip2 Update and remove CVS-specific items 2009-08-13 06:07:38 +00:00
com_err - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
cpio The rmt client in GNU cpio could have a heap overflow when a malicious 2010-03-25 20:02:54 +00:00
cvs - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
diff - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
dtc Let dtc build with FreeBSD yacc/lex. 2010-02-28 22:06:07 +00:00
ee Add a minimal change to prevent NULL deference in ee(1). 2009-11-10 00:48:24 +00:00
expat Apply two vendor fixes for CVE-2009-3720. 2009-12-11 02:09:46 +00:00
file Merge vendor/file/dist@192348, bringing FILE 5.03 to 8-CURRENT. 2009-05-18 22:34:33 +00:00
gcc Tweak the linker spec a smidge. 2010-03-05 21:25:20 +00:00
gcclibs - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
gdb Adds the missing mips gdb files that I 2010-02-21 17:25:00 +00:00
gdtoa Import a vendor fix for a list overrun. 2009-09-07 09:30:37 +00:00
gnu-sort - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
gperf - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
groff Pull up vendor changes. 2010-01-15 15:10:29 +00:00
ipfilter Remove unneeded include of <sys/timeb.h>. 2010-03-09 20:58:15 +00:00
less Update less to v436. This is considered as a bugfix release from vendor. 2009-07-29 09:20:32 +00:00
libbegemot - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
libf2c - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
libobjc - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
libpcap Revised revision 199201 (add interface description capability as inspired 2010-01-27 00:30:07 +00:00
libreadline - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
libstdc++ - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
lukemftp - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
lukemftpd Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
ncurses Merge r198489 from vendor/ncurses/dist: 2009-10-26 13:03:52 +00:00
netcat Update metadata information as well as upgrade instructions. 2010-03-23 23:56:22 +00:00
ngatm - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
ntp Merge 4.2.4p8 into contrib (r200452 & r200454). 2009-12-15 14:58:10 +00:00
nvi - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
one-true-awk Apply patches directly to sources. Their effect is as follows: 2010-01-10 08:02:07 +00:00
openbsm Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release 2009-08-02 10:27:54 +00:00
openpam Merge upstream r432: 2010-03-22 11:00:57 +00:00
opie Don't include <utmp.h> when using <utmpx.h>. 2010-01-11 16:27:56 +00:00
pam_modules/pam_passwdqc - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
pf Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct 2009-12-24 00:43:44 +00:00
pnpinfo - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
sendmail Update FreeBSD information 2010-01-26 04:45:26 +00:00
smbfs shi1_remark is in little endian format, convert it to host ordering. 2010-01-25 18:35:58 +00:00
tcp_wrappers Allow comment (#) to be placed anywhere in the line, not only at the 2010-01-08 10:54:15 +00:00
tcpdump Add parsing code for TCP UTO (User Timeout Option). 2009-10-07 09:07:06 +00:00
tcsh Fix tcsh losing history when tcsh terminates because the pty beneath it 2009-10-06 20:19:16 +00:00
telnet Forgot a part that was missing in the previous commit. 2010-01-13 18:46:50 +00:00
texinfo - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
top Change the 'amt' parameter in format_k2 from int to unsigned long long 2010-03-13 11:17:39 +00:00
traceroute - Add AS lookup functionality to traceroute6(8) as well. 2009-08-23 17:00:16 +00:00
tzcode Remove non-contributed code. 2010-02-25 21:29:40 +00:00
tzdata MFV of tzdata2010f: 2010-03-22 21:27:51 +00:00
wpa Add some notes and clarify a few sections: 2009-03-16 23:56:28 +00:00