| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix BIND remote denial of service. [13:04]
Security: CVE-2013-0166, CVE-2013-0169
Security: FreeBSD-SA-13:03.openssl
Security: CVE-2013-2266
Security: FreeBSD-SA-13:04.bind
Approved by: so
Notes:
svn path=/releng/9.0/; revision=249029
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Denial of Service vulnerability in libc's glob(3) functionality.
[13:02]
Security: CVE-2012-5688
Security: FreeBSD-SA-13:01.bind
Security: CVE-2010-2632
Security: FreeBSD-SA-13:02.libc
Approved by: so (simon, bz)
Notes:
svn path=/releng/9.0/; revision=246989
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix insufficient message length validation for EAP-TLS messages.
Fix Linux compatibility layer input validation error.
Security: FreeBSD-SA-12:06.bind
Security: FreeBSD-SA-12:07.hostapd
Security: FreeBSD-SA-12:08.linux
Security: CVE-2012-4244, CVE-2012-5166, CVE-2012-4445, CVE-2012-4576
Approved by: re
Approved by: security-officer
Notes:
svn path=/releng/9.0/; revision=243417
|
| |
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-12:05.bind
Security: CVE-2012-3817
Obtained from: ISC
Approved by: so (simon)
Notes:
svn path=/releng/9.0/; revision=239108
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[12:03]
Correct a privilege escalation when returning from kernel if
running FreeBSD/amd64 on non-AMD processors. [12:04]
Fix reference count errors in IPv6 code. [EN-12:02]
Security: CVE-2012-1667
Security: FreeBSD-SA-12:03.bind
Security: CVE-2012-0217
Security: FreeBSD-SA-12:04.sysret
Security: FreeBSD-EN-12:02.ipv6refcount
Approved by: so (simon, bz)
Notes:
svn path=/releng/9.0/; revision=236953
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
Notes:
svn path=/releng/9.0/; revision=236304
|
| |
|
|
|
|
|
|
|
|
| |
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)
Notes:
svn path=/releng/9.0/; revision=234954
|
| |
|
|
|
|
|
|
|
|
|
|
| |
> The portion of r225757 that added the packages-9.0-release directory
> was supposed to be MFCed closer to the release but that got missed.
>
> Pointy hat: kensmith
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=229305
|
| |
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=229283
|
| |
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=229282
|
| |
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=229262
|
| |
|
|
|
|
|
|
|
| |
RELENG_9 exists now so updated commented out target branch.
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=229261
|
| |
|
|
|
|
|
|
|
| |
Happy 2012 and may 9.0-RELEASE be a good one.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=229089
|
| |
|
|
|
|
|
|
|
| |
stable/9.
Approved by: re (kensmith)
Notes:
svn path=/releng/9.0/; revision=229044
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
Notes:
svn path=/releng/9.0/; revision=228843
|
| |
|
|
|
|
|
|
|
|
| |
compatibility support for specifing IPv4 aliases in rc.conf without
the "inet" keyword.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228706
|
| |
|
|
|
|
|
|
|
|
| |
The "inet" keyword in the "ifconfig_IF_aliasN" is mandatory for
IPv4 aliases to work since network.subr@197139.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228704
|
| |
|
|
|
|
|
|
|
|
| |
Approved by: re (kib)
Security: some poorly thought out programs allow the user to specify
the service name; this patch makes it harder to trick these
programs into loading and executing arbitrary code.
Notes:
svn path=/releng/9.0/; revision=228465
|
| |
|
|
|
|
|
|
|
|
| |
Approved by: re (kib)
Security: prevents users with unencrypted ssh keys (prohibited
unless the nullok option is specified) from logging in
by providing a bogus non-null passphrase.
Notes:
svn path=/releng/9.0/; revision=228414
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix an issue that 127/8 is not configured when $ifconfig_DEFAULT is not empty.
- Add description that IPv6 configuration will be ignored if $ifconfig_IF_ipv6
is empty.
- Move a configuration example "inet6 accept_rtadv" to just after the manual
GUA configuration.
- Add an example of $ipv6_prefix_IF.
- Add support for removing addresses added by ipv6_prefix_hostid_addr_up()
upon rc.d/netif stop.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228247
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a problem that an interface unexpectedly becomes IFF_UP by
just doing "ifconfing inet6 -ifdisabled" when the interface has
ND6_IFF_AUTO_LINKLOCAL flag and no link-local address.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228246
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent user astonishment by providing the shell option at the end, after
any installer-provided configuration files have been copied. This allows
users to edit their fstab, if desired, and to see what the installer has
placed in rc.conf.
Requested by: phk
Approved by: re (kensmith)
Notes:
svn path=/releng/9.0/; revision=228241
|
| |
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/9.0/; revision=228239
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Add a screen that asks if the user would like to enable crash dumps,
> giving them a very brief description of the trade-offs. Whether the
> user opts in or out add an entry to what will become /etc/rc.conf
> explaining what dumpdev is and how to turn on/off crash dumps. The folks
> who handle interacting with users submitting PRs have asked for this.
>
> Reviewed by: nwhitehorn
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228238
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recursive name servers are failing with an assertion:
INSIST(! dns_rdataset_isassociated(sigrdataset))
At this time it is not thought that authoritative-only servers
are affected, but information about this bug is evolving rapidly.
Because it may be possible to trigger this bug even on networks
that do not allow untrusted users to access the recursive name
servers (perhaps via specially crafted e-mail messages, and/or
malicious web sites) it is recommended that ALL operators of
recursive name servers upgrade immediately.
For more information see:
https://www.isc.org/software/bind/advisories/cve-2011-4313
which will be updated as more information becomes available.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228190
|
| |
|
|
|
|
|
| |
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228188
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Return value should be conditional on return value of pfsync_defer_ptr()
PR: kern/162947
Submitted by: Matthieu Kraus <matthieu.kraus s2008.tu-chemnitz.de>
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228183
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix behavior of --null to match GNU grep
MFC 228097
- Call warnx() instead of errx() if a directory is not readable when using
a recursive search. This is the expected behavior instead of aborting.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228180
|
| |
|
|
|
|
|
|
|
|
| |
If using DESTDIR we need to be sure to create a
${DESTDIR}/var/db/zoneinfo
Approved by: re (kensmith)
Notes:
svn path=/releng/9.0/; revision=228170
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default setting, daily_accounting_compress="NO", was causing
only 1 old file to be saved, so fix this.
While I'm here, fix a very old off-by-one error causing 1 more
file than specified in daily_accounting_save to be saved because
acct.0 was not taken into account (pun intended). Change that, and
use a more thorough method of finding old files to delete. Partly
just because this is the right thing to do, but also to silently
fix the extra log that would have been left behind forever with the
previous method.
Approved by: re (kensmith)
Notes:
svn path=/releng/9.0/; revision=228166
|
| |
|
|
|
|
|
|
|
| |
This is a direct commit.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228139
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Based on a report on sparc64@ move V245 to the list of known working
machines.
- Mention that V480 with broken centerplanes have a chance of working with
the WAR in the upcoming 8.3-RELEASE and 9.0-RELEASE.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228135
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the default cvs tag for RELENG_9 by merging the following revisions:
r225757 (by kensmith, partial):
Shift head from 9.0-CURRENT to 10.0-CURRENT in preparation for releasing
it from the 9.0-RELEASE release cycle code freeze.
r225764 (by kensmith):
Forgot to add "RELENG_8" to list of CVS tags.
Reported by: Milan Obuch <freebsd-current at dino sk> (cvs tag)
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228131
|
| |
|
|
|
|
|
|
|
| |
Add sfxge(4) to the hardware notes.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228129
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Increase the CDMA sync timeout for Schizo bridges to 15 seconds as used by
OpenSolaris. One second turned out to be not enough for certain loads while
10 seconds were sufficient.
Reported by: Peter Jeremy
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228127
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the Makefile in cddl/lib/drti to use bsd.lib.mk instead of
bsd.prog.mk -- we need to compile PIC, which requires a library build.
With this change, USDT (userspace DTrace probes) work from within
shared libraries.
PR: kern/159046
Submitted by: Alex Samorukov <samm at os2.kiev.ua>
Comments by: Scott Lystig Fritchie <slfritchie at snookles.com>
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228107
|
| |
|
|
|
|
|
|
|
|
|
| |
Cross-reference capsicum.4 from cap_enter.2 and cap_new.2.
Sponsored by: Google, Inc.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228106
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add an introductory Capsicum man page providing a high-level description of
its mechanisms, pointing at other pertinent man pages, and cautioning about
the experimental status of Capsicum in FreeBSD.
Sponsored by: Google, Inc.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228105
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
based on Solarflare SFC9000 family controllers. The driver supports jumbo
frames, transmit/receive checksum offload, TCP Segmentation Offload (TSO),
Large Receive Offload (LRO), VLAN checksum offload, VLAN TSO, and Receive Side
Scaling (RSS) using MSI-X interrupts.
This work was sponsored by Solarflare Communications, Inc.
My sincere thanks to Ben Hutchings for doing a lot of the hard work!
Sponsored by: Solarflare Communications, Inc.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228101
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Plug a TCP reassembly UMA zone leak introduced in r226228 by only using the
backup stack queue entry when the zone is exhausted, otherwise we leak a zone
allocation each time we plug a hole in the reassembly queue.
Reported by: many on freebsd-stable@ (thread: "TCP Reassembly Issues")
Tested by: many on freebsd-stable@ (thread: "TCP Reassembly Issues")
Reviewed by: bz (very brief sanity check)
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228059
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix parsing of redirect_addr argument.
PR: kern/162739
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228052
|
| |
|
|
|
|
|
|
|
|
| |
Add check-password.4th and screen.4th to the boot image. They are
needed by the loader.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228044
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Wire the kernel text RWX, rather than RX. We're not quite ready
for having kernel text non-writable, because we still need to
apply relocations. On top of that, the PBVM page table has all
pages marked as RWX, so it's an inconsistency to begin with.
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=228042
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix a warning reported by arundel@.
Fix a bug where the parameter length of a supported address types
parameter is set to a wrong value if the kernel is built with
with either INET or INET6, but not both.
Approved by: re@
Notes:
svn path=/releng/9.0/; revision=228037
|
| |
|
|
|
|
|
|
|
|
| |
Fix a race between getvnode() dereferencing half-constructed file
and dupfdopen().
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228035
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To limit amount of the kernel memory allocated, and to optimize the
iteration over the fdsets, kern_select() limits the length of the
fdsets copied in by the last valid file descriptor index. If any bit
is set in a mask above the limit, current implementation ignores the
filedescriptor, instead of returning EBADF.
Fix the issue by scanning the tails of fdset before entering the
select loop and returning EBADF if any bit above last valid
filedescriptor index is set. The performance impact of the additional
check is only imposed on the (somewhat) buggy applications that pass
bad file descriptors to select(2) or pselect(2).
PR: kern/155606, kern/162379
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=228034
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a confusing sentence.
Other wording tweaks.
Approved by: gjb (mentor)
Approved by: re@ (kostikbel)
Notes:
svn path=/releng/9.0/; revision=227996
|
| |
|
|
|
|
|
|
|
| |
Free unused allocation on error.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=227991
|
| |
|
|
|
|
|
|
|
| |
Fix fd leak.
Approved by: re (bz)
Notes:
svn path=/releng/9.0/; revision=227990
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a DEVMETHOD_END alias for KOBJMETHOD_END so that along with 'driver_t'
and DEVMETHOD() we can fully hide the explicit mention of kobj(9) from
device drivers.
- Update the device driver examples to use DEVMETHOD_END.
Submitted by: jhb
Approved by: re (kib)
Notes:
svn path=/releng/9.0/; revision=227977
|
