aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSL NULL pointer de-reference.releng/11.4Gordon Tetlow2020-12-147-7/+90
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:33.openssl Security: CVE-2020-1971 Notes: svn path=/releng/11.4/; revision=368643
* Add UPDATING entries and bump version.Gordon Tetlow2020-12-012-1/+17
| | | | | | | Approved by: so Notes: svn path=/releng/11.4/; revision=368257
* Fix multiple vulnerabilities in rtsold.Gordon Tetlow2020-12-011-6/+18
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:32.rtsold Security: CVE-2020-25577 Notes: svn path=/releng/11.4/; revision=368256
* Fix ICMPv6 use-after-free in error message handling.Gordon Tetlow2020-12-011-9/+4
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:31.icmp6 Security: CVE-2020-7469 Notes: svn path=/releng/11.4/; revision=368255
* Update timezone database information.Gordon Tetlow2020-12-0119-336/+640
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:20.tzdata Notes: svn path=/releng/11.4/; revision=368251
* Add UPDATING entries and bump version.Gordon Tetlow2020-09-152-1/+15
| | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Notes: svn path=/releng/11.4/; revision=365782
* Fix ftpd privilege escalation via ftpchroot.Gordon Tetlow2020-09-151-4/+11
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:30.ftpd Security: CVE-2020-7468 Notes: svn path=/releng/11.4/; revision=365781
* Fix bhyve SVM guest escape.Gordon Tetlow2020-09-151-2/+11
| | | | | | | | | | | | | This actually has a patch to sys/amd64/vmm/amd/svm.c that was accidentally committed as part of r365779. Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:29.bhyve_svm Security: CVE-2020-7467 Notes: svn path=/releng/11.4/; revision=365780
* Fix bhyve privilege escalation via VMCS access.Gordon Tetlow2020-09-152-37/+73
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:28.bhyve_vmcs Security: CVE-2020-24718 Notes: svn path=/releng/11.4/; revision=365779
* Fix ure device driver susceptible to packet-in-packet attack.Gordon Tetlow2020-09-151-1/+3
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464 Notes: svn path=/releng/11.4/; revision=365778
* Add UPDATING entries and bump version.Gordon Tetlow2020-09-022-1/+14
| | | | | | | Approved by: so Notes: svn path=/releng/11.4/; revision=365258
* Fix dhclient heap overflow.Gordon Tetlow2020-09-021-0/+2
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:26.dhclient Security: CVE-2020-7461 Notes: svn path=/releng/11.4/; revision=365257
* Fix SCTP socket use-after-free.Gordon Tetlow2020-09-026-25/+56
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:25.sctp Security: CVE-2020-7463 Notes: svn path=/releng/11.4/; revision=365256
* Fix getfsstat compatibility system call panic.Gordon Tetlow2020-09-021-0/+2
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:18.getfsstat Notes: svn path=/releng/11.4/; revision=365254
* Fix FreeBSD Linux ABI kernel panic.Gordon Tetlow2020-09-021-14/+26
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:17.linuxthread Notes: svn path=/releng/11.4/; revision=365253
* Add UPDATING entries and bump version.Gordon Tetlow2020-08-052-1/+11
| | | | | | | Approved by: so Notes: svn path=/releng/11.4/; revision=363924
* Fix sendmsg(2) privilege escalation.Gordon Tetlow2020-08-051-59/+71
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:23.sendmsg Security: CVE-2020-7460 Notes: svn path=/releng/11.4/; revision=363923
* Fix multiple vulnerabilities in sqlite3.Gordon Tetlow2020-08-0511-7380/+12716
| | | | | | | | | | | | | | | Approved by: so Security: FreeBSD-SA-20:22.sqlite Security: CVE-2020-11655 Security: CVE-2020-11656 Security: CVE-2020-13434 Security: CVE-2020-13435 Security: CVE-2020-13630 Security: CVE-2020-13631 Security: CVE-2020-13632 Notes: svn path=/releng/11.4/; revision=363922
* Fix memory corruption in USB network device drivers.Gordon Tetlow2020-08-051-2/+11
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:21.usb_net Security: CVE-2020-7459 Notes: svn path=/releng/11.4/; revision=363921
* Add UPDATING entries and bump version.Gordon Tetlow2020-07-082-1/+14
| | | | | | | Approved by: so Notes: svn path=/releng/11.4/; revision=363030
* Fix multiple vulnerabilities in unbound.Gordon Tetlow2020-07-0891-1588/+5252
| | | | | | | | | | Approved by: so Security: FreeBSD-SA-20:19.unbound Security: CVE-2020-12662 Security: CVE-2020-12663 Notes: svn path=/releng/11.4/; revision=363028
* Fix IPv6 socket option race condition and use after free.Gordon Tetlow2020-07-081-2/+7
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:20.ipv6 Security: CVE-2020-7457 Notes: svn path=/releng/11.4/; revision=363026
* Fix posix_spawnp(3) buffer overflow.Gordon Tetlow2020-07-085-24/+139
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:18.posix_spawnp Security: CVE-2020-7458 Notes: svn path=/releng/11.4/; revision=363025
* Fix kernel panic in mps(4) driver.Gordon Tetlow2020-07-081-3/+5
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:15.mps Notes: svn path=/releng/11.4/; revision=363024
* Re-apply r362079, renaming releng/11.4 to -RELEASE, in preparationrelease/11.4.0Glen Barber2020-06-123-2/+5
| | | | | | | | | | | for restarting 11.4-RELEASE builds. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362094 svn path=/release/11.4.0/; revision=362227; tag=release/11.4.0
* Revert r362074, reconnecting the errata page back to the build.Glen Barber2020-06-121-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362093
* Revert r362079 in order to correct an issue that triggeredGlen Barber2020-06-123-5/+2
| | | | | | | | | | a build failure in 11.4-RELEASE builds. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362092
* - Switch releng/11.4 to -RELEASE.Glen Barber2020-06-123-2/+5
| | | | | | | | | | | - Add the anticipated 11.4-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362079
* Disconnect the errata page from the build, and switch to theGlen Barber2020-06-111-1/+1
| | | | | | | | | | version built from stable/11. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362074
* Fix a URL in an included ENTITY.Glen Barber2020-06-111-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362070
* Fix a URL in the readme page.Glen Barber2020-06-111-1/+2
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362069
* Release notes documentation:Glen Barber2020-06-111-169/+0
| | | | | | | | | | - Trim empty sections. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362068
* Release notes documentation:Glen Barber2020-06-111-1/+8
| | | | | | | | | | | | - pkg 1.13.2. - GNOME 3.28. - KDE 5.8.4.1.19.12.3. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362067
* Release notes documentation:Glen Barber2020-06-111-0/+6
| | | | | | | | | | | - r353583: synchronous 128KB write latency improvements. - r353759: ZFS bookmark renaming support. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362066
* Add a note about i386 source-based upgrade issues noted in PRGlen Barber2020-06-111-1/+14
| | | | | | | | | | 246274. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362062
* Release notes documentation:Glen Barber2020-06-112-5/+41
| | | | | | | | | | | | | | | | | | | | | - r361217: lld fix for ports using DTrace. - r351694: YPMAXRECORD increased. - r361049: ubsec(4) driver deprecation in 13.0. - r361539: ena(4) version 2.2.0. - r359971: JMicron JMB582/JMB585 AHCI support. - r359258: D-Link DWM-222 LTE dongle support. - r359114: Cannon Lake PCH support in snd_hda(4). - r354965: aacraid(4) version 3.2.10. - r351246: crypto(4) deprecated algorithms. - r359698: ng_nat(4) can attach to ethernet interface. - r351243: Kerberos GSS algorithm deprecation (RFC 6649, 8429). - r358903: netatalk removed from /etc/services. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=362061
* Fix a typo.Glen Barber2020-06-091-1/+1
| | | | | | | | | Submitted by: yuripv Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=361981
* Document SA-20:17.Glen Barber2020-06-091-0/+8
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=361979
* Add UPDATING entries and bump version.Gordon Tetlow2020-06-092-1/+5
| | | | | | | | Approved by: so Approved by: re (implicit) Notes: svn path=/releng/11.4/; revision=361973
* Fix USB HID descriptor parsing error.Gordon Tetlow2020-06-092-42/+44
| | | | | | | | | | Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:17.usb Security: CVE-2020-7456 Notes: svn path=/releng/11.4/; revision=361972
* MF11 r361755:Dimitry Andric2020-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable clang's -fintegrated-cc1 stage by default In bug 246630, it was found that part of the rescue binary could be compiled to very slightly different (but still equivalent) machine code, depending on the number of simultaneous make jobs (via the -j option). This turned out to be caused by the upstream change that made clang's first stage compiler (i.e. the -cc1 stage) run as part of the initial clang process invocation, instead of forking and exec'ing a new clang process. We are currently investigating the root cause for the difference in output, but while that is ongoing, disable the integrated cc1 stage for now to work around it. You can always turn it on explicitly by using the -fintegrated-cc1 option, or turn it off with -fno-integrated-cc1. Direct commit to stable/{11,12}, so this can hopefully end up in the upcoming 11.4-RELEASE. Approved by: re (gjb) Reported by: Fabian Keil <fk@fabiankeil.de> PR: 246630 Notes: svn path=/releng/11.4/; revision=361772
* Insta-merge r361652 from stable/11: Expand EC2 AMI UFS partition to 2.9 GB.Colin Percival2020-05-301-2/+2
| | | | | | | | Approved by: re (gjb) Sponsored by: https://www.patreon.com/cperciva Notes: svn path=/releng/11.4/; revision=361653
* Update the pkg.conf used to populate the dvd1.iso to use the release_4Glen Barber2020-05-291-1/+1
| | | | | | | | | | package set from this point forward. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=361631
* Update releng/11.4 to RC2 as part of the 11.4-RELEASE cycle.Glen Barber2020-05-291-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=361611
* MFS11 r361592:Glen Barber2020-05-281-1/+1
| | | | | | | | | | | | | MFH r361591: Include the shells/bash port on Vagrant images, which prevents a shell issue during startup. PR: 245051 Approved by: re (kib, insta-MFC for inclusion in RC2) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/11.4/; revision=361594
* MFC r361299, r361302:Konstantin Belousov2020-05-286-15/+61
| | | | | | | | | | | | MFstable/11 r361558, r361302: Do not consider CAP_RDCL_NO as an indicator for all MDS vulnerabilities handled by hardware. amd64: Add a knob to flush RSB on context switches if machine has SMEP. Approved by: re (gjb) Notes: svn path=/releng/11.4/; revision=361588
* MFS r361026Piotr Pawel Stefaniak2020-05-281-1/+9
| | | | | | | | | ps: extend the non-standard option -d (tree view) to work with -p Approved by: re (gjb) Notes: svn path=/releng/11.4/; revision=361585
* MFS r361436: MFC r361347: With RFC3168 ECN, CWR SHOULD only be sent with new ↵Richard Scheffenegger2020-05-272-11/+18
| | | | | | | | | | | | | | | | | | | | | | data. Overly conservative data receivers may ignore the CWR flag on other packets, and keep ECE latched. This can result in continuous reduction of the congestion window, and very poor performance when ECN is enabled. This does NOT contain the merge of the change to RACK since at this time that code does not exist in stable/11, and there is no plan to merge RACK to stable/11. PR: 243590 Reviewed by: rgrimes (mentor), rrs Approved by: re(gjb) Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D23364 Notes: svn path=/releng/11.4/; revision=361565
* MFS r361538: loader: fix userboot's ability to detect a guest's interpreterKyle Evans2020-05-271-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some time after r338418, I believe with -Os/-Oz -ffunction-sections -fdata-sections, the bootprog_interp variable that held our "$Interpreter:" marker started getting strip from all loaders, with exception to userboot since it used bootprog_interp to determine what flavor of userboot it was. At some point, it had been brought to my attention that this was no longer working and I had worked up some potential solutions to use the variable that involved printing it out. My vague recollection is that this was rejected, and I forgot to explore the alternatives; I cannot find records of this discussion anymore. Fast forward to present day, Andrew reported that it was non-functional and offered (effectively) this patch (sans comment) to stop the compiler from optimizing it out by assigning it to a volatile variable. This removes concerns about user-facing change while retaining the interpreter marker. Furthermore, it could certainly be uglier. Note that this doesn't affect the stock build of 11.4's loaders, which do not have whatever set of optimizations leads to bootprog_interp getting removed; this is being merged as a low-risk change that will prevent accidents in case I've missed some non-default option combination that can lead to the same situation. Approved by: re (gjb) Notes: svn path=/releng/11.4/; revision=361554
* MF11: r361467-361468,361534Marcin Wojtas2020-05-2620-2658/+5581
| | | | | | | | | | This patch upgrades the ENA driver to version 2.2.0. Approved by: re (gjb) Sponsored by: Amazon, Inc. Notes: svn path=/releng/11.4/; revision=361539