aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix a race condition exists in the OpenSSL TLS server extension code andreleng/8.0Simon L. B. Nielsen2010-11-294-5/+19
| | | | | | | | | | | a double free in the SSL client ECDH handling code. Approved by: so (simon) Security: CVE-2010-2939, CVE-2010-3864 Security: FreeBSD-SA-10:10.openssl Notes: svn path=/releng/8.0/; revision=216063
* Fix an integer overflow in RLE length parsing when decompressingColin Percival2010-09-203-1/+12
| | | | | | | | | | corrupt bzip2 data. Approved by: so (cperciva) Security: FreeBSD-SA-10:08.bzip2 Notes: svn path=/releng/8.0/; revision=212901
* Correctly copy the M_RDONLY flag when duplicating a referenceColin Percival2010-07-133-1/+6
| | | | | | | | | | | to an mbuf external buffer. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:07.mbuf Notes: svn path=/releng/8.0/; revision=209964
* Change the current working directory to be inside the jail created byColin Percival2010-05-276-5/+28
| | | | | | | | | | | | | | | | | the jail(8) command. [10:04] Fix a one-NUL-byte buffer overflow in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient Notes: svn path=/releng/8.0/; revision=208586
* Fix BIND named(8) cache poisoning with DNSSEC validation.Simon L. B. Nielsen2010-01-0620-87/+273
| | | | | | | | | | | | | | | | | | | [SA-10:01] Fix ntpd mode 7 denial of service. [SA-10:02] Fix ZFS ZIL playback with insecure permissions. [SA-10:03] Various FreeBSD 8.0-RELEASE improvements. [EN-10:01] Security: FreeBSD-SA-10:01.bind Security: FreeBSD-SA-10:02.ntpd Security: FreeBSD-SA-10:03.zfs Errata: FreeBSD-EN-10:01.freebsd Approved by: so (simon) Notes: svn path=/releng/8.0/; revision=201679
* Bump the patch level in the kernel version number, which wasSimon L. B. Nielsen2009-12-031-1/+1
| | | | | | | | | | accidentally left out of main commit for SA-09:15, SA-09:15, and SA-09:17 in r200054. Approved by: so (simon) Notes: svn path=/releng/8.0/; revision=200057
* Disable SSL renegotiation in order to protect against a seriousColin Percival2009-12-037-12/+31
| | | | | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Notes: svn path=/releng/8.0/; revision=200054
* Predict when 8.0-RELEASE will be announced.release/8.0.0Ken Smith2009-11-201-0/+3
| | | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199595 svn path=/release/8.0.0/; revision=199625; tag=release/8.0.0
* Prepare for 8.0-RELEASE builds.Ken Smith2009-11-201-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199591
* Make a few adjustments to say this is 8.0-RELEASE. Add a warning thatKen Smith2009-11-201-305/+14
| | | | | | | | | | | the actual release notes were not available at the time of the release builds, they are still being assembled. Remove the existing entries which are not accurate for 8.0-RELEASE. Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199590
* Remove the warning that all users should subscribe to -current, itKen Smith2009-11-201-11/+0
| | | | | | | | | only applies to head. Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199588
* Adjust to reflect 8.0-RELEASE.Ken Smith2009-11-201-17/+11
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199586
* On a 32 bit kernel the igb driver may cause a pageJack F Vogel2009-11-161-3/+3
| | | | | | | | | | | | | | | | fault panic due to a failed bounce page allocation during RX mbuf setup. The large demand on bounce pages is due to the alignment requirement in the tag, the ixgbe driver has demonstrated this to be unnecessary and so it is being removed here to fix this problem. Note that ultimately there needs to be a more elegant handling of the failure case here. Approved by: re Notes: svn path=/releng/8.0/; revision=199325
* MFC r199241Robert Noland2009-11-141-1/+2
| | | | | | | | | | | | | This patch addresses an overflow in the the zfs boot code and allows users to boot from zfs raidz volumes. This has been tested by a number of users and does not impact those which are not booting from zfs raidz volumes. Submitted by: Matt Reimer <mattjreimer@gmail.com> Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=199275
* Ready for 8.0-RC3 builds.Ken Smith2009-11-101-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199125
* MFC r198846 (MF8 r199121):Xin LI2009-11-101-0/+2
| | | | | | | | | | | Set umask to 0x077 instead of the default. This prevents non-root user from reading crashinfo output, which could contain some sensitive information. Approved by: re (kensmith) Notes: svn path=/releng/8.0/; revision=199124
* MFC revision 199069 (MF8 199120):Xin LI2009-11-102-2/+4
| | | | | | | | | | | | | | | Initialize the whole message unit's DMA buffer to zero, this fixes a panic during boot when ARC1200 is being used with certain motherboard models. This commit brings the driver to the same state of vendor's 1.20.00.16 release. Many thanks to Areca for their continued support to FreeBSD. Reported by: Jirka Mikulas <jiri mikulas com> Submitted by: Erich Chen (Areca) Approved by: re (kensmith) Notes: svn path=/releng/8.0/; revision=199122
* Adjust branch tag.Ken Smith2009-11-091-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199119
* Adjust the branch tag used for 'make update'.Ken Smith2009-11-091-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.0/; revision=199118
* MFC r199112:Ken Smith2009-11-095-5/+5
| | | | | | | | | | | | | | > Comment out the sbp(4) entry for GENERIC config files that contain it. > There are known issues with this driver that are beyond what can be > fixed for 8.0-RELEASE and the bugs can cause boot failure on some systems. > It's not clear if it impacts all systems and there is interest in getting > the problem fixed so for now just comment it out instead of remove it. Reviewed by: Primary misc. architecture maintainers (marcel, marius) Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=199117
* Insta-MFC of r199084,199108:Nathan Whitehorn2009-11-091-1/+4
| | | | | | | | | | | | | | | | | Increase the size of the OFW translations buffer to handle G5 systems that use many translation regions in firmware, and add bounds checking to prevent buffer overflows in case even the new value is exceeded. Short MFC requested by re since the problem this fixes broken CD boot on most G5 systems, making them uninstallable. Reported by: Jacob Lambert Approved by: re (kib) Reviewed by: grehan, marcel Requested by: re Notes: svn path=/releng/8.0/; revision=199113
* MFC r198719 (head) r199095 (stable/8):Ken Smith2009-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | > While certain supported Symbios/LSI SCSI chips (532c896, 53c1000, 53c1010) > do support 64bit addresses, the current SCRIPTS code supports only 32bit > addresses causing data corruption for buffer addresses >4GB. This problem > affects 64bit machines with more than 4GB RAM or amd64 with 4GB and > memory hole remapping. > Work-around this problem with a bus_dma tag that requests bounce-buffers > for addresses >4GB. This causes some overhead, but given the maximum SCSI > bus speed of 160MB/s compared, the effect should hardly be noticeable. > The problem was reported by Mike Watters (mike at mwatters net) who also > verified that this fix cures the problem. > > Since this change is a NOOP on systems with less than 4GB RAM and fixes > data corruption (in RAM and on disk) on systems with more than 4GB, I hope > that this change is accepted for 8.0. Requested by: Stefan Esser (se at freebsd dot org)[1] Reviewed by: jhb, scottl [1] Stefan requested this be part of 8.0 but has been unavailable to do the MFC since submitting the request. We want to get 8.0-RC3 started so I'm doing the merges with re@ hat on. Approved by: re (bz) Notes: svn path=/releng/8.0/; revision=199109
* MFC r198948 from HEAD:Rong-En Fan2009-11-081-1/+4
| | | | | | | | | | | | Revert the spelling of Taiwan to be politically neutral in accordance with the policy published at http://www.freebsd.org/internal/i18n.html. Requested by: core (murray) Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=199051
* MFC r197070:Attilio Rao2009-11-069-35/+29
| | | | | | | | | | | | | | | Consolidate CPUID to CPU family/model macros for amd64 and i386 to reduce unnecessary #ifdef's for shared code between them. This MFC should unbreak the kernel build breakage introduced by r198978. Reported by: kib Pointy hat to: me Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198991
* MFC r197789:Edward Tomasz Napierala2009-11-061-1/+1
| | | | | | | | | | | | | | Fix ACL support on sparc64. Turns out that fuword(9) fetches 64 bits instead of sizeof(int), and on sparc64 that resulted in fetching wrong value for acl_maxcnt, which in turn caused __acl_get_link(2) to fail with EINVAL. PR: sparc64/139304 Submitted by: Dmitry Afanasiev <KOT at MATPOCKuH.Ru> Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198984
* MFC r198868, r198950:Attilio Rao2009-11-062-0/+30
| | | | | | | | | | | Opteron rev E family of processor expose a bug where acq memory barriers can be broken, resulting in random breakages. Printout a warning message if affected family and model are found. Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198978
* Unbreak SBus cards which have been broken (apparently) for a while.Matt Jacob2009-11-051-18/+8
| | | | | | | | | | | | Most of the pieces came from Marius- correct settings for channels and resource management. The one piece missing was that you cannot for SBus cards replace 32 bit operations with A64 operations- not supported. MFC of 198822. Approved by: re (ks) Notes: svn path=/releng/8.0/; revision=198962
* MFC 198554:John Baldwin2009-11-052-70/+61
| | | | | | | | | | | | | | | Fix some problems with effective mmap() offsets > 32 bits. This was partially fixed on amd64 earlier. Rather than forcing linux_mmap_common() to use a 32-bit offset, have it accept a 64-bit file offset. This offset is then passed to the real mmap() call. Rather than inventing a structure to hold the normal linux_mmap args that has a 64-bit offset, just pass each of the arguments individually to linux_mmap_common() since that more closes matches the existing style of various kern_foo() functions. Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198951
* MFC r198775Andrew Thompson2009-11-042-1/+20
| | | | | | | | | | | Fix a corner case where usbd_transfer_drain() can return too early if the callback has dropped the mutex, leading to a panic. Submitted by: HPS Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198930
* MFC r197999:Hiroki Sato2009-11-021-12/+51
| | | | | | | | | | | | | | Fix the 106/109 USB Japanese keyboard "underscore" issue. Sun Type 6 USB keyboard support (added in rev 1.46) conflicted with some scan codes used in Japanese keyboards because the scan code conversion routine was ambiguous for the overlapped codes. PR: ports/134005 Submitted by: YAMASHIRO Jun Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198780
* MFC r198490Rong-En Fan2009-10-311-0/+6
| | | | | | | | | | | | | | | | Pull upstream patch to fix ee(1) crash when received SIGWINCH: modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a SIGWINCH, and discard that value, to avoid confusing application (patch by Eygene Ryabinkin, FreeBSD bin/136223). PR: 136223 Submitted by: Eygene Ryabinkin Obtained from: ncurses-5.7-20091024 snapshot Approved by: re (kib@) Notes: svn path=/releng/8.0/; revision=198716
* MFC rev. 198480, 198483:Alexander Motin2009-10-292-0/+46
| | | | | | | | | | Document new modularised ATA kernel modules and options. PR: kern/133162, amd64/139859 Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198606
* MFC rev. 198479:Alexander Motin2009-10-291-1/+2
| | | | | | | | | | | Fix SATA on nVidia MCP55 chipset. It needs some short time to allow BAR(5) memory access. PR: amd64/128686, amd64/132372, amd64/139156 Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198580
* MFC r198353Qing Li2009-10-281-6/+10
| | | | | | | | | | | Verify "smp_started" is true before calling sched_bind() and sched_unbind(). Reviewed by: kmacy Approved by: re Notes: svn path=/releng/8.0/; revision=198568
* MFC of r197597, r198270, r198515.Edwin Groothuis2009-10-283-25/+165
| | | | | | | | | | | | | | | | | | | MFC of tzdata2009n: - Pakistan will go out DST on 1 October. - Headsup for changes in Argentina. MFC of tzdata2009o: - Somoa has not moved to DST this year (comment only) - Bangladesh stays on DST for now. - Pakistan went back to standard time in 1 October 2009 MFC of tzdata2009p: - Argentina does not go to DST this year. Approved by: re (Ken Smith) Notes: svn path=/releng/8.0/; revision=198558
* MFC: Remove spurious README and an old version of the manpage.John Baldwin2009-10-282-678/+0
| | | | | | | Approved by: re (kib) Notes: svn path=/releng/8.0/; revision=198557
* Prepare for 8.0-RC2 builds.Ken Smith2009-10-251-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/stable/8/; revision=198456
* MFC r198295:Ruslan Ermilov2009-10-243-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | Random number generator initialization cleanup: - Introduce new SI_SUB_RANDOM point in boot sequence to make it clear from where one may start using random(9). It should be as early as possible, so place it just after SI_SUB_CPU where we have some randomness on most platforms via get_cyclecount(). - Move stack protector initialization to be after SI_SUB_RANDOM as before this point we have no randomness at all. This fixes stack protector to actually protect stack with some random guard value instead of a well-known one. Note that this patch doesn't try to address arc4random(9) issues. With current code, it will be implicitly seeded by stack protector and hence will get the same entropy as random(9). It will be securely reseeded once /dev/random is feeded by some entropy from userland. Submitted by: Maxim Dounin <mdounin@mdounin.ru> Approved by: re (kib) Notes: svn path=/stable/8/; revision=198434
* MFC 198174:John Baldwin2009-10-231-6/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Close a race with caching of -ve name lookups in the NFS client. Specifically, clients only trust -ve cache entries while the directory remains unchanged and discard any -ve cache entries for a directory when they notice that the modification time of a directory entry changes. The race involves two concurrent lookups as follows: - Thread A does a lookup for file 'foo' which sends a lookup RPC to the server. The lookup fails and the server replies. - The 'foo' file is created (either by the same client or a different client) updating the modification time on the parent directory of 'foo'. - Thread B does a lookup for a different file 'bar' which updates the cached attributes of the parent directory of 'foo' to reflect the new modification time after 'foo' was created. - Thread A finally resumes execution to parse the reply from the NFS server. It adds a -ve cache entry and sets the cached value of the directory's modification time that is used for invalidating -ve cached lookups to the new modification time set by thread B. At this point, future lookups of 'foo' will honor the -ve cached entry until the cached entry is pushed out of the name cache's LRU or the modification time of the parent directory is changed again by some other change. The fix is to read the directory's modification time before sending the lookup RPC and use that cached modification time when setting the directory's cached modification time. Also, we do not add a -ve cache entry if another thread has added -ve cache entry that set the directory's cached modification time to a newer value than the value we read before sending the lookup RPC. Approved by: re (kib) Notes: svn path=/stable/8/; revision=198424
* MFC r198352Philip Paeps2009-10-233-18/+41
| | | | | | | | | | | | | | | | | | Make dhclient use bootpc (68) as the source port for unicast DHCPREQUEST packets instead of allowing the protocol stack to pick a random source port. This fixes the behaviour where dhclient would never transition from RENEWING to BOUND without going through REBINDING in networks which are paranoid about DHCP spoofing, such as most mainstream cable-broadband ISP networks. Obtained from: OpenBSD Reviewed by: brooks Approved by: re (kib) Notes: svn path=/stable/8/; revision=198405
* MFC r198376Andrew Thompson2009-10-231-1/+5
| | | | | | | | | | Prevent wraparound of the timeout variable. Submitted by: HPS Approved by: re (kib) Notes: svn path=/stable/8/; revision=198386
* MFC 198306Qing Li2009-10-221-7/+11
| | | | | | | | | | | | | | The flow-table function flowtable_route_flush() may be called during system initialization time. Since the flow-table is designed to maintain per CPU flow cache, the existing code did not check whether "smp_started" is true before calling sched_bind() and sched_unbind(), which triggers a page fault. Reviewed by: jeff Approved by: re Notes: svn path=/stable/8/; revision=198371
* MFC r196863:Edward Tomasz Napierala2009-10-221-4/+8
| | | | | | | | | | | | | Improve wording. MFC r196941: Prevent the line from wrapping. Approved by: re (kib) Notes: svn path=/stable/8/; revision=198368
* MFC: r198232Christian Brueffer2009-10-221-7/+1
| | | | | | | | | | | Powercrypt and NetSec seem to be defunct (webpages point to link farms and a google search yields no alternative). Remove the links but keep the entries around for reference. Approved by: re (kib) Notes: svn path=/stable/8/; revision=198359
* MFC r198307Andrew Thompson2009-10-211-2/+3
| | | | | | | | | | | | | | Change from CAM_TID_INVALID to CAM_SEL_TIMEOUT error code when the usb device has been yanked, this works around a cam recounting bug when CAM_DEV_UNCONFIGURED is set late in the detach. In certain conditions the reference to the XPT device would not be released which would cause the usb explore thread to sleep forever on "simfree", preventing any new usb devices to be found/ejected on the bus. Approved by: re (kib) Notes: svn path=/stable/8/; revision=198348
* MFC r198287:Ken Smith2009-10-211-14/+17
| | | | | | | | | | Update package list for 8.0-REL. Reviewed by: re@, portmgr@ Approved by: re (implicit) Notes: svn path=/stable/8/; revision=198337
* MFC r198201:Konstantin Belousov2009-10-211-6/+4
| | | | | | | | | | | Remove spurious call to priv_check(PRIV_VM_SWAP_NOQUOTA). Call priv_check(PRIV_VM_SWAP_NORLIMIT) only when per-uid limit is actually exceed. Approved by: re (kensmith) Notes: svn path=/stable/8/; revision=198330
* Merge r198233 from head to stable/8:Robert Watson2009-10-211-19/+15
| | | | | | | | | | Clean up comments, white space, and style in pfil.c (VNET changes not MFC'd) Approved by: re (kib) Notes: svn path=/stable/8/; revision=198326
* Merge r198198 from head to stable/8:Robert Watson2009-10-211-6/+10
| | | | | | | | | Line-wrap pfil.c so that it prints more nicely. Approved by: re (kensmith) Notes: svn path=/stable/8/; revision=198324
* Merge r198219 from head to stable/8:Robert Watson2009-10-211-1/+0
| | | | | | | | | Remove unused pfil_flags field in packet_filter_hook. Approved by: re (kib) Notes: svn path=/stable/8/; revision=198315