aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix small kernel memory disclosures. [EN-18:12.mem]releng/11.1Gordon Tetlow2018-09-271-0/+2
| | | | | | | | | | Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:12.mem Security: CVE-2018-17155 Notes: svn path=/releng/11.1/; revision=338981
* Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]Gordon Tetlow2018-09-273-11/+63
| | | | | | | | | | Reported by: Jakub Jirasek, Secunia Research at Flexera Approved by: so Security: FreeBSD-EN-18:11.listen Security: CVE-2018-6925 Notes: svn path=/releng/11.1/; revision=338980
* Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]Gordon Tetlow2018-09-271-0/+2
| | | | | | | | | | Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:10.syscall Security: CVE-2018-17154 Notes: svn path=/releng/11.1/; revision=338979
* Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]Gordon Tetlow2018-09-273-2/+17
| | | | | | | | Approved by: so Security: FreeBSD-EN-18:09.ip Notes: svn path=/releng/11.1/; revision=338978
* Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]Gordon Tetlow2018-09-124-35/+43
| | | | | | | | Approved by: so Security: FreeBSD-EN-18:08.lazyfpu Notes: svn path=/releng/11.1/; revision=338607
* Fix improper elf header parsing. [SA-18:12.elf]Gordon Tetlow2018-09-124-2/+17
| | | | | | | | | Approved by: so Security: FreeBSD-SA-18:12.elf Security: CVE-2018-6924 Notes: svn path=/releng/11.1/; revision=338606
* Revis manual pages. [SA-18:08.tcp]Xin LI2018-08-1518-179/+598
| | | | | | | | | | | | | | | Fix L1 Terminal Fault (L1TF) kernel information disclosure. [SA-18:09.l1tf] Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip] Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so Notes: svn path=/releng/11.1/; revision=337828
* Bump patch level and document them.Xin LI2018-08-062-1/+5
| | | | | | | Approved by: so Notes: svn path=/releng/11.1/; revision=337395
* Address concerns about CPU usage while doing TCP reassembly.Jonathan T. Looney2018-08-062-1/+25
| | | | | | | | | | | | | | | | | | | | | | | | Currently, the per-queue limit is a function of the receive buffer size and the MSS. In certain cases (such as connections with large receive buffers), the per-queue segment limit can be quite large. Because we process segments as a linked list, large queues may not perform acceptably. The better long-term solution is to make the queue more efficient. But, in the short-term, we can provide a way for a system administrator to set the maximum queue size. We set the default queue limit to 100. This is an effort to balance performance with a sane resource limit. Depending on their environment, goals, etc., an administrator may choose to modify this limit in either direction. Approved by: so Security: FreeBSD-SA-18:08.tcp Security: CVE-2018-6922 Notes: svn path=/releng/11.1/; revision=337388
* Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]Gordon Tetlow2018-06-211-2/+53
| | | | | | | | Approved by: so Security: FreeBSD-EN-18:07.pmap Notes: svn path=/releng/11.1/; revision=335466
* Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]Gordon Tetlow2018-06-216-91/+164
| | | | | | | | | | | | Bump newvers.sh and UPDATING for today's patches. Approved by: so Security: CVE-2018-3665 Security: FreeBSD-SA-18:07.lazyfpu Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=335465
* Update timezone database information. [EN-18:06.tzdata]Gordon Tetlow2018-05-089-103/+313
| | | | | | | | Approved by: so Security: FreeBSD-EN-18:06.tzdata Notes: svn path=/releng/11.1/; revision=333375
* Fix multiple small kernel memory disclosures. [EN-18:05.mem]Gordon Tetlow2018-05-087-5/+22
| | | | | | | | | | Approved by: so Security: CVE-2018-6920 Security: CVE-2018-6921 Security: FreeBSD-EN-18:05.mem Notes: svn path=/releng/11.1/; revision=333372
* Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]Gordon Tetlow2018-05-088-5/+232
| | | | | | | | | | | | Bump newvers.sh and UPDATING for today's patches. Approved by: so Security: CVE-2018-8897 Security: FreeBSD-SA-18:06.debugreg Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=333371
* Fix multiple small kernel memory disclosures. [EN-18:04.mem]Gordon Tetlow2018-04-047-7/+10
| | | | | | | | | | Reported by: Ilja van Sprundel Approved by: so Security: CVE-2018-6919 Security: FreeBSD-EN-18:04.mem Notes: svn path=/releng/11.1/; revision=331987
* Update timezone database information. [EN-18:03.tzdata]Gordon Tetlow2018-04-0418-1207/+1889
| | | | | | | | | Submitted by: philip Approved by: so Security: FreeBSD-EN-18:03.tzdata Notes: svn path=/releng/11.1/; revision=331986
* Fix ipsec crash or denial of service. [SA-18:05.ipsec]Gordon Tetlow2018-04-041-44/+28
| | | | | | | | | | Reported by: Maxime Villard Approved by: so Security: CVE-2018-6918 Security: FreeBSD-SA-18:05.ipsec Notes: svn path=/releng/11.1/; revision=331985
* Fix vt console memory disclosure. [SA-18:04.vt]Gordon Tetlow2018-04-043-2/+17
| | | | | | | | | | | | | | Bump newvers.sh and UPDATING for today's patches. Submitted by: emaste Reported by: Dr Silvio Cesare of InfoSect Approved by: so Security: CVE-2018-6917 Security: FreeBSD-SA-18:04.vt Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=331984
* Add mitigations for two classes of speculative execution vulnerabilitiesGordon Tetlow2018-03-1453-591/+2141
| | | | | | | | | | | | on amd64. [FreeBSD-SA-18:03.speculative_execution] Approved by: so Security: FreeBSD-SA-18:03.speculative_execution Security: CVE-2017-5715 Security: CVE-2017-5754 Notes: svn path=/releng/11.1/; revision=330908
* Update file(1) to new version with security update. [EN-18:02.file]Gordon Tetlow2018-03-07145-1848/+3231
| | | | | | | | | Approved by: so Security: FreeBSD-EN-18:02.file Security: CVE-2017-1000249 Notes: svn path=/releng/11.1/; revision=330569
* Update timezone database information. [EN-18:01.tzdata]Gordon Tetlow2018-03-0717-201/+557
| | | | | | | | Approved by: so Security: FreeBSD-EN-18:01.tzdata Notes: svn path=/releng/11.1/; revision=330568
* Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]Gordon Tetlow2018-03-07252-11264/+18567
| | | | | | | | | | | | | Approved by: so Security: FreeBSD-SA-18:02.ntp Security: CVE-2018-7182 Security: CVE-2018-7170 Security: CVE-2018-7184 Security: CVE-2018-7185 Security: CVE-2018-7183 Notes: svn path=/releng/11.1/; revision=330567
* Fix ipsec validation and use-after-free. [SA-18:01.ipsec]Gordon Tetlow2018-03-073-2/+28
| | | | | | | | | Approved by: so Security: FreeBSD-SA-18:01.ipsec Security: CVE-2018-6916 Notes: svn path=/releng/11.1/; revision=330566
* Fix multiple OpenSSL vulnerabilities.Gordon Tetlow2017-12-095-15/+19
| | | | | | | | | | Approved by: so Security: CVE-2017-3737 Security: CVE-2017-3738 Security: FreeBSD-SA-17:12.openssl Notes: svn path=/releng/11.1/; revision=326722
* Bump patch level.Xin LI2017-11-291-1/+1
| | | | | | | | Reported by: Franco Fichtner <franco lastsummer de> Approved by: so Notes: svn path=/releng/11.1/; revision=326360
* Fix multiple vulnerabilities of OpenSSL.Xin LI2017-11-294-8/+30
| | | | | | | | Security: FreeBSD-SA-17:11 Approved by: so Notes: svn path=/releng/11.1/; revision=326358
* Correct patch level.Gordon Tetlow2017-11-151-1/+1
| | | | | | | | Approved by: so X-Pointy-Hat: gordon@ Notes: svn path=/releng/11.1/; revision=325879
* Properly bzero kldstat structure to prevent information leak. [SA-17:10]Gordon Tetlow2017-11-154-19/+33
| | | | | | | | | Approved by: so Security: FreeBSD-SA-17:10.kldstat Security: CVE-2017-1088 Notes: svn path=/releng/11.1/; revision=325875
* Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]Gordon Tetlow2017-11-151-2/+2
| | | | | | | | | Approved by: so Security: FreeBSD-SA-17:08.ptrace Security: CVE-2017-1086 Notes: svn path=/releng/11.1/; revision=325868
* Update timezone database information. [EN-17:09]Gordon Tetlow2017-11-0226-1229/+2154
| | | | | | | Approved by: so Notes: svn path=/releng/11.1/; revision=325325
* Correct copy-paste. 11.1 is p2, not p13.Gordon Tetlow2017-10-171-1/+1
| | | | | | | | X-Pointy-Hat-To: gordon Approved by: so Notes: svn path=/releng/11.1/; revision=324708
* Fix WPA2 protocol vulnerability. [SA-17:07]Gordon Tetlow2017-10-1715-54/+245
| | | | | | | Approved by: so Notes: svn path=/releng/11.1/; revision=324699
* Fix OpenSSH Denial of Service vulnerability. [SA-17:06]Xin LI2017-08-105-1/+26
| | | | | | | | | | | Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Fix pf(4) housekeeping thread causes kernel panic. [EN-17:08] Approved by: so Notes: svn path=/releng/11.1/; revision=322342
* - Switch releng/11.1 to -RELEASE.release/11.1.0Glen Barber2017-07-203-2/+5
| | | | | | | | | | | | - Add the anticipated 11.1-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=321309 svn path=/release/11.1.0/; revision=321354; tag=release/11.1.0
* Document r307265, vfs.zfs.compressed_arc_enabled.Glen Barber2017-07-161-0/+7
| | | | | | | | | Proxied by: allanjude, emaste Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=321050
* Rename releng/11.1 to RC3 as part of the 11.1-RELEASE cycle.Glen Barber2017-07-132-2/+2
| | | | | | | | | | Use the 'release_1' package set to populate the dvd1.iso packages. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=320976
* Document r320954, deprecation of digi(4), ie(4), mcd(4), scd(4),Glen Barber2017-07-131-0/+7
| | | | | | | | | | si(4), spic(4), wl(4), sicontrol(8), and wlconfig(8). Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=320955
* MFS11 320921:John Baldwin2017-07-1316-9/+68
| | | | | | | | | Add deprecation notices for various device drivers removed in 12.0. Approved by: re (kib) Notes: svn path=/releng/11.1/; revision=320954
* Document pkg(8) version 1.10.1.Glen Barber2017-07-131-41/+2
| | | | | | | | | | | Prune empty sections. Remove a stale comment. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=320952
* Document SA-17:05.heimdal.Glen Barber2017-07-131-0/+8
| | | | | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=320951
* MF11 r320947; MFC r320876:Hans Petter Selasky2017-07-131-1/+7
| | | | | | | | | | | | Make sure the mlx4en RX DMA ring gets stamped with software ownership in order to prevent the flow of QP to error in the firmware once UPDATE_QP is called. Approved by: re (marius) Sponsored by: Mellanox Technologies Notes: svn path=/releng/11.1/; revision=320949
* MFS 320891Peter Grehan2017-07-133-4/+4
| | | | | | | | | | | | | MFC r317542, r317543, r317543 317542 comment fix 317543 set rfb default port 317543 listen on localhost by default for rfb Approved by: re (kib) Notes: svn path=/releng/11.1/; revision=320935
* MFS 320866Peter Grehan2017-07-1313-2/+321
| | | | | | | | | | | | | | | MFC 313727, 317483 In addition, replace the missing caph routines with small helper functions (bhyverun.c) or an open-coded replacement (uart_emul.c) 313727 Capsicumize bhyve 317483 Allow CAP_MMAP_RW on memfd for PCI passthru Approved by: re (kib) Notes: svn path=/releng/11.1/; revision=320934
* MFS r320855Peter Grehan2017-07-131-8/+19
| | | | | | | | | ps2 mouse fixes, found by plan9/9front. Approved by: re (kib) Notes: svn path=/releng/11.1/; revision=320933
* MF11: r320898; MFC: r320577, r320620Marius Strobl2017-07-121-2/+14
| | | | | | | | | | | | Retry up to 2 ms to enable bus power as at least with some Intel SDHCI/eMMC controllers the first attempt after a D3 to D0 transition, i. e. when the firmware has put the devices into D3 state before, can fail. Approved by: re (gjb) Notes: svn path=/releng/11.1/; revision=320922
* MFS r320907: MFC r320906: MFV r320905: Import upstream fix forXin LI2017-07-121-2/+2
| | | | | | | | | | | | | | | | | | CVE-2017-11103. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Submitted by: hrs Obtained from: Heimdal Security: FreeBSD-SA-17:05.heimdal Security: CVE-2017-11103 Approved by: re (kib) Notes: svn path=/releng/11.1/; revision=320910
* MFS r320889:Konstantin Belousov2017-07-121-0/+1
| | | | | | | | | Restore layout of struct vm_map_entry. Approved by: re (delphij) Notes: svn path=/releng/11.1/; revision=320909
* MFC r320843 MFS r320903:Konstantin Belousov2017-07-121-1/+1
| | | | | | | | | Fix loop termination in vm_map_find_min(). Approved by: re (delphij) Notes: svn path=/releng/11.1/; revision=320904
* MFC r320801 MFS r320887:Konstantin Belousov2017-07-111-3/+5
| | | | | | | | | Simplify language. Approved by: re (delphij) Notes: svn path=/releng/11.1/; revision=320890
* Document r320874, gdb(1) and kgdb(1) deprecation.Glen Barber2017-07-101-0/+6
| | | | | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/11.1/; revision=320875