-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-21:16.bc Errata Notice
The FreeBSD Project
Topic: dc update
Category: contrib
Module: bc
Announced: 2021-05-26
Affects: FreeBSD 13.0
FreeBSD 12.2 (only when built with option WITH_GH_BC)
Corrected: 2021-04-06 08:44:52 UTC (stable/13, 13.0-STABLE)
2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1)
2021-04-06 08:44:52 UTC (stable/12, 12.2-STABLE)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The program dc provides a simple stack-based programming language that uses
a reverse Polish notation. Although it is a fully functional language, it
has been used primarily as a computational engine by the program bc, which
implements a more traditional language based on infix notation of operands.
In FreeBSD 13.0 and in custom builds of FreeBSD 12.2-STABLE (with the
non-default option WITH_GH_BC) the traditional implementations of bc and dc
have been replaced by a single program under both names that provides better
POSIX conformance of the bc language, compatibility with GNU bc extensions,
and significantly improved performance of big number calculations.
II. Problem Description
The "P" command of the dc language outputs the top-of-stack value and should
consume it, but in this version leaves it on the stack. This problem only
affects direct dc command scripts that use "P" and rely on its effect on the
stack (i.e., do not terminate after this command and have references to stack
elements that are hidden by the value that has not been removed).
III. Impact
Since dc has been used very little as a general purpose programming language,
only a very small number of dc scripts exist, and most of them are used to
describe the language for educational purposes only. This issue has existed
in this implementation of dc for at least 3 years without having been
noticed.
If a dc script relies on the correct semantics of a "P" instruction, it will
not execute subsequent instructions correctly, which may result in incorrect
output or in an infinite loop.
IV. Workaround
The math/gh-bc port and the gh-bc package have been updated to correct the
issue and are fully compatible with this version in all other aspects.
They can be installed in addition to the base system versions of bc and
dc but may require a change of scripts that use dc to invoke the version
installed below LOCALBASE.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch
# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch.asc
# gpg --verify bc.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/13/ 0ca6ce5e976a stable/13-n245186
releng/13.0/ 312510880e2e releng/13.0-n244742
stable/12/ r369589
- -------------------------------------------------------------------------
For FreeBSD 13 and later:
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
For FreeBSD 12 and earlier:
Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:16.bc.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6u0ACgkQ05eS9J6n
5cK2Ww//Th4xtnGjvJ/GSGUq+eLMDPLJzUJhRI0jgjDVqI8tL5JMyxcui1oR0/Ur
+0GvR7JSYJ+WYLLIMHwnP3DYzyHp7ICRhCJoykwa4yKVpcdLcvX0R8Nm+2/fBC02
PDFAvnO4HVdOJdqM5rNzA4/Y150HYj30bDXrry0RKaHKYDgp6SVc9+2T7o5zHJSX
x49TiHSVwHCjvnauIFqqFldTz1eGUMMxlisyxD9sP6efkYS49C/25O/xhwdqmrtx
HvhTdFsOr0FgPsMUSvLVcuYJOcW+/1Q+5CM/rjMyQ1VkdP/5UqFGoXHfZuiTvrRY
9pXjymwk1MyUYzEn3vu7B1ZDqJptZ4DRok4La/ylOlVVWq2hUKYtJUQja9u9O2wt
YjBvdAF/wjkr3t93qwsoWwiTP3tuPADtccfQ18rSNmN12405hAVKfLvvGDQ/mTZn
lnDHOpMQXMvuChYdf2VYOX67S7yhxV4+ThrEJkopcdCOOxYRN8A6ePmPyVg+HqHw
WcAGWWPZjm/o0r2SKJi5SM6cwJUMOQAF/hVw02NiK2uY5aXuZlIVDPgHR/LfoDce
juLKfBWAw3om7nPOF7dDXkJDN/HZ03IQM6DOStK7zvytCctxNq2+eVgSb4g/3yvs
mpvGMP1DLQywSOvmp00B8mLws9rcQbe8rUI6rR2hb9kMCcfTHIU=
=MITo
-----END PGP SIGNATURE-----