aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix named(8) DNSSEC validation Denial of Service.releng/8.1Simon L. B. Nielsen2012-08-063-3/+7
| | | | | | | | | | Security: FreeBSD-SA-12:05.bind Security: CVE-2012-3817 Obtained from: ISC Approved by: so (simon) Notes: svn path=/releng/8.1/; revision=239108
* Add UPDATING and newvers.sh information for the FreeBSD-SA-12:04.sysretSimon L. B. Nielsen2012-06-182-1/+5
| | | | | | | | | correction. Approved by: so (simon) Notes: svn path=/releng/8.1/; revision=237242
* Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where itSimon L. B. Nielsen2012-06-181-17/+17
| | | | | | | | | | | | was accidently applied to the wrong location. Reported by: Steven Chamberlain <steven@pyro.eu.org> Reviewed by: jhb, kib Security: FreeBSD-SA-12:04.sysret Approved by: so (simon) Notes: svn path=/releng/8.1/; revision=237241
* Fix a problem where zero-length RDATA fields can cause named(8) to crash.Bjoern A. Zeeb2012-06-128-23/+74
| | | | | | | | | | | | | | | | | | | [12:03] Correct a privilege escalation when returning from kernel if running FreeBSD/amd64 on non-AMD processors. [12:04] Fix reference count errors in IPv6 code. [EN-12:02] Security: CVE-2012-1667 Security: FreeBSD-SA-12:03.bind Security: CVE-2012-0217 Security: FreeBSD-SA-12:04.sysret Security: FreeBSD-EN-12:02.ipv6refcount Approved by: so (simon, bz) Notes: svn path=/releng/8.1/; revision=236953
* Update the previous openssl fix. [12:01]Bjoern A. Zeeb2012-05-305-11/+16
| | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Notes: svn path=/releng/8.1/; revision=236304
* Fix multiple OpenSSL vulnerabilities.Bjoern A. Zeeb2012-05-0313-40/+166
| | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) Notes: svn path=/releng/8.1/; revision=234954
* Extend the character set accepted by freebsd-update(8) in fileColin Percival2012-01-043-2/+6
| | | | | | | | | | names in order to allow upgrades to FreeBSD 9.0-RELEASE. Approved by: so (cperciva) Errata Notice: FreeBSD-EN-12:01.freebsd-update Notes: svn path=/releng/8.1/; revision=229539
* Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]Colin Percival2011-12-2317-24/+150
| | | | | | | | | | | | | | | | | | | | | | | Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam Notes: svn path=/releng/8.1/; revision=228843
* Fix a bug in UNIX socket handling in the linux emulator which wasColin Percival2011-10-043-1/+20
| | | | | | | | | | | | exposed by the security fix in FreeBSD-SA-11:05.unix. Approved by: so (cperciva) Approved by: re (kib) Security: Related to FreeBSD-SA-11:05.unix, but not actually a security fix. Notes: svn path=/releng/8.1/; revision=226023
* Fix handling of corrupt compress(1)ed data. [11:04]Bjoern A. Zeeb2011-09-285-19/+46
| | | | | | | | | | | | | Add missing length checks on unix socket addresses. [11:05] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-11:04.compress Security: CVE-2011-2895 [11:04] Security: FreeBSD-SA-11:05.unix Notes: svn path=/releng/8.1/; revision=225827
* Fix an off by one which can result in a assertion failure in BINDSimon L. B. Nielsen2011-05-283-2/+6
| | | | | | | | | | | | | | related to large RRSIG RRsets and Negative Caching. This can cause named to crash. Security: FreeBSD-SA-11:02.bind Security: CVE-2011-1910 Security: https://www.isc.org/software/bind/advisories/cve-2011-1910 Obtained from: ISC Approved by: so (simon) Notes: svn path=/releng/8.1/; revision=222416
* Fix CIDR parsing bug in mountd ACLs.Colin Percival2011-04-203-2/+5
| | | | | | | | Approved by: so (cperciva) Security: FreeBSD-SA-11:01.mountd Notes: svn path=/releng/8.1/; revision=220901
* Fix a race condition exists in the OpenSSL TLS server extension code andSimon L. B. Nielsen2010-11-294-5/+19
| | | | | | | | | | | a double free in the SSL client ECDH handling code. Approved by: so (simon) Security: CVE-2010-2939, CVE-2010-3864 Security: FreeBSD-SA-10:10.openssl Notes: svn path=/releng/8.1/; revision=216063
* Fix an integer overflow in RLE length parsing when decompressingColin Percival2010-09-203-1/+12
| | | | | | | | | | corrupt bzip2 data. Approved by: so (cperciva) Security: FreeBSD-SA-10:08.bzip2 Notes: svn path=/releng/8.1/; revision=212901
* Ready for 8.1-RELEASE builds.release/8.1.0Ken Smith2010-07-171-1/+1
| | | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=210187 svn path=/release/8.1.0/; revision=210188; tag=release/8.1.0
* Predict the date we'll be ready to announce 8.1-RELEASE. While hereKen Smith2010-07-171-0/+6
| | | | | | | | | | add the entry for 8.0-RELEASE which was added to releng/8.0/UPDATING during the 8.0-RELEASE cycle but not to stable/8/UPDATING at that time. Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=210186
* Clean-up old contents and bump version numbers for 8.1R.Hiroki Sato2010-07-176-2440/+27
| | | | | | | Approved by: re (implicitly) Notes: svn path=/releng/8.1/; revision=210180
* Correctly copy the M_RDONLY flag when duplicating a referenceColin Percival2010-07-132-0/+5
| | | | | | | | | | | to an mbuf external buffer. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:07.mbuf Notes: svn path=/releng/8.1/; revision=209964
* MFC: r209695Marius Strobl2010-07-071-8/+24
| | | | | | | | | | | | | | - Pin the IPI cache and TLB demap functions in order to prevent migration between determining the other CPUs and calling cpu_ipi_selected(), which apart from generally doing the wrong thing can lead to a panic when a CPU is told to IPI itself (which sun4u doesn't support). Reported and tested by: Nathaniel W Filardo - Add __unused where appropriate. Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209781
* MFC r207303 (originally by kmacy):Bjoern A. Zeeb2010-07-071-1/+1
| | | | | | | | | | | need to initialize the lock before it is used Reported on: stable@ (MFC missing) Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209773
* Merge r209770 from stable/8:Ken Smith2010-07-071-34/+3
| | | | | | | | | | | | > Package set for 8.1-RELEASE. We still have a 2Gb maximum file size > limit caused by cvsup still being used for some of our mirror system. > That is being worked on. Reviewed by: re@, portmgr@ Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209771
* MFC r209624Michael Tuexen2010-07-051-2/+3
| | | | | | | | | | | | * Do not dereference a NULL pointer when calling an SCTP send syscall not providing a destination address and using ktrace. * Do not copy out kernel memory when providing sinfo for sctp_recvmsg(). Both bugs where reported by Valentin Nechayev. The first bug results in a kernel panic. Approved by: re@ Notes: svn path=/releng/8.1/; revision=209711
* MFC r209541, r209548:Rui Paulo2010-06-281-1/+1
| | | | | | | | | Fix the AR_SREV_MERLIN_20_OR_LATER() check. Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209575
* Ready to proceed with 8.1-RC2.Ken Smith2010-06-261-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209538
* MFC r208553Qing Li2010-06-258-17/+30
| | | | | | | | | | This patch fixes the problem where proxy ARP entries cannot be added over the if_ng interface. Approved by: re (bz) Notes: svn path=/releng/8.1/; revision=209524
* MFC r209263:Pawel Jakub Dawidek2010-06-237-40/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r209175: Eliminate dead code. Found by: Coverity Prevent CID: 5158 r209177: Remove macros that are not really needed. The idea was to have them in case we grow more descriptors, but I'll reconsider readding them once we get there. Passing (a = b) expression to FD_ISSET() is bad idea, as FD_ISSET() evaluates its argument twice. Found by: Coverity Prevent CID: 5243 r209179: Plug memory leaks. Found by: Coverity Prevent CID: 7052, 7053, 7054, 7055 r209180: Plug memory leak. Found by: Coverity Prevent CID: 7051 r209181: Plug memory leak. Found by: Coverity Prevent CID: 7056 r209182: Plug memory leak. Found by: Coverity Prevent CID: 7057 r209183: Initialize gctl_seq for synchronization requests. Reported by: hiroshi@soupacific.com Analysed by: Mikolaj Golub <to.my.trociny@gmail.com> Tested by: hiroshi@soupacific.com, Mikolaj Golub <to.my.trociny@gmail.com> r209184: Fix typos. r209185: Correct various log messages. Submitted by: Mikolaj Golub <to.my.trociny@gmail.com> Note that without some of these changes hastd won't work on 8.x properly. Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209488
* MFC r209262:Pawel Jakub Dawidek2010-06-231-2/+2
| | | | | | | | | | | | | | | | | | | r209186: BIO_DELETE contains range we want to delete and doesn't provide any useful data, so there is no need to copy it to userland. r209187: 'unit' can be negative, so use signed type for it. Found by: Coverity Prevent CID: 3731 Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209487
* MFC 209213:John Baldwin2010-06-231-1/+3
| | | | | | | | | | | | | When updating individual CPU's lowest Cx state to use, never set it to a state lower than the lowest one supported by the current CPU. This closes some races with changes to the hw.acpi.cpu_cx_lowest sysctl while Cx states for individual CPUs were changing (e.g. unplugging the AC adapter of a laptop) that could result in panics. Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209473
* MFC r209369:Nathan Whitehorn2010-06-231-1/+6
| | | | | | | | | | | | Temporarily disable instruction relocation while setting up the kernel's IBAT entry in early boot in order to prevent possible faults from races between the instruction cache and the MMU. PR: powerpc/148003 Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209465
* MFC r209341:Alexander Motin2010-06-231-0/+4
| | | | | | | | | Report transport type in XPT_PATH_INQ. Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209458
* MFC r209340:Alexander Motin2010-06-231-0/+4
| | | | | | | | | | Report transport type in XPT_PATH_INQ. PR: i386/147929 Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209457
* MFC 209286:Doug Barton2010-06-231-2/+3
| | | | | | | | | Add the AAAA address for i.root-servers.net Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209453
* merge r196650 from head (via stable/8): tty might be NULLDag-Erling Smørgrav2010-06-221-0/+5
| | | | | | | Approved by: re (kib@) Notes: svn path=/releng/8.1/; revision=209441
* MFC 209264Michael Tuexen2010-06-222-13/+20
| | | | | | | | | | | | | | | | | * Fix a bug where the length of the ASCONF-ACK was calculated wrong due to using an uninitialized variable. * Fix a bug where a NULL pointer was dereferenced when interfaces come and go at a high rate. * Fix a bug where inps where not deregistered from iterators. * Fix a race condition in freeing an association. * Fix a refcount problem related to the iterator. Each of the above bug results in a panic. It shows up when interfaces come and go at a high rate. Approved by: re Notes: svn path=/releng/8.1/; revision=209433
* MFC revs 209026 and 209085:Marcel Moolenaar2010-06-195-11/+72
| | | | | | | | | | | | o Bump MAX_BPAGES from 256 to 1024. o Synchronize the kernel entry on all CPUs with the use of the ptc.g instruction on a single CPU by implementing a bare-bones readers- writer lock. Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209327
* MFC r209265:Pawel Jakub Dawidek2010-06-182-18/+1
| | | | | | | | | | | | | | | | | | | | r209260: Backout r207970 for now, it can lead to deadlocks. Reported by: kan r209261: Turn off UMA allocations on all archs by default. It isn't stable even on amd64. Reported by: many Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209319
* MFC r209273:Randi Harper2010-06-181-0/+3
| | | | | | | | | | | | Fix uninitialized variables that cause a crash when the network is initialized and sysinstall is not running as init. Submitted by: Nick Mills Approved by: cperciva (mentor) Approved by: re (kensmith) Notes: svn path=/releng/8.1/; revision=209315
* MFC: r209138Marius Strobl2010-06-171-1/+1
| | | | | | | | | Update a branch missed in r207537 (committed to stable/8 in r207890). Approved by: re (kib) Notes: svn path=/releng/8.1/; revision=209272
* Ready for 8.1-RC1.Ken Smith2010-06-141-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209151
* Adjust __FreeBSD_version to reflect this is the 8.1 release branch.Ken Smith2010-06-141-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209150
* Adjust cvs branch tag.Ken Smith2010-06-141-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209149
* Adjust the cvs branch for 'make update'.Ken Smith2010-06-141-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.1/; revision=209148
* MFC r208888,208889,209017:Xin LI2010-06-121-30/+30
| | | | | | | | | | | | | - make sure that initialize isb with fstat() on input file before using it. (bin/147275) - Fix grammar for st_nlink. - Style changes. PR: bin/147275 Approved by: re (kensmith) Notes: svn path=/stable/8/; revision=209090
* MFC r209078:Xin LI2010-06-121-0/+7
| | | | | | | | | | | Detect bit endianness through machine/endian.h. This fixes xz on big-endian systems. Tested on: sparc64 (kindly provided by linimon), amd64 Approved by: re (kensmith) Notes: svn path=/stable/8/; revision=209089
* MFC r208795; additional date -v detailBrian Somers2010-06-121-3/+11
| | | | | | | | PR: 147354 Approved by: re (kib) Notes: svn path=/stable/8/; revision=209086
* MFC: r208778Marius Strobl2010-06-121-11/+38
| | | | | | | | | | | | | | | - Mention that VTOC8 labels are found in Fujitsu SPARC64 machines as well. - Add information regarding VTOC8 bootrstrap code and how it's handled with r208777 in place. - Document the mapping of partition types to VTOC8 tags. - Add examples for VTOC8 to the respective section. - Eliminated hard sentence breaks. Reviewed by: marcel (slightly buggy version) Approved by: re (bz) Notes: svn path=/stable/8/; revision=209083
* Revert part of r209077 which shouldn't have been MFC'ed, yet.Marius Strobl2010-06-111-1/+0
| | | | | | | | | This is a direct commit to stable/8. Approved by: re (kib) Notes: svn path=/stable/8/; revision=209081
* MFC: r208777Marius Strobl2010-06-112-38/+104
| | | | | | | | | | | | | | | | | - In gpart_bootfile_read() fix an off-by-one error preventing the bootstrap file to be of maximum size. - Add special handling required for SMI/VTOC8 disklabel partcode, i.e. avoid overwriting the label when writing the bootstrap code to the partition starting at 0 and install it to all partitions when the -i option is omitted just like geom_sunlabel(4) and sunlabel(8) do by default. - Add missing prototypes. - Add const where applicable. Reviewed by: marcel Approved by: re (kib) Notes: svn path=/stable/8/; revision=209077
* MFC: r208776Marius Strobl2010-06-111-19/+27
| | | | | | | | | | | Avoid possible NULL-dereferences. Found with: Coverity Prevent(tm) CID: 3428 Approved by: re (kib) Notes: svn path=/stable/8/; revision=209075
* MFC: r208746Marius Strobl2010-06-112-0/+12
| | | | | | | | | | Don't leak memory on destruction. Reviewed by: marcel Approved by: re (kib) Notes: svn path=/stable/8/; revision=209073