aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [SA-14:31] Fix multiple vulnerabilities in NTP suite.releng/9.1Dag-Erling Smørgrav2014-12-238-11/+46
| | | | | | | | | [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so Notes: svn path=/releng/9.1/; revision=276155
* Fix multiple vulnerabilities in file(1) and libmagic(3).Xin LI2014-12-1021-63/+513
| | | | | | | | | | | | | | | Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Fix BIND remote denial of service vulnerability. Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500 Approved by: so Notes: svn path=/releng/9.1/; revision=275672
* [SA-14:24] Fix denial of service attack against sshd(8).Dag-Erling Smørgrav2014-11-046-29/+65
| | | | | | | | | | | [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue. Approved by: so (des) Notes: svn path=/releng/9.1/; revision=274112
* Time zone data file update. [EN-14:10]Xin LI2014-10-2119-2385/+3687
| | | | | | | Approved by: so Notes: svn path=/releng/9.1/; revision=273439
* Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]Xin LI2014-10-2125-108/+322
| | | | | | | | | | | | | Fix routed(8) remote denial of service vulnerability. [SA-14:21] Fix memory leak in sandboxed namei lookup. [SA-14:22] Fix OpenSSL multiple vulnerabilities. [SA-14:23] Approved by: so Notes: svn path=/releng/9.1/; revision=273415
* Fix Denial of Service in TCP packet processing.Xin LI2014-09-163-6/+5
| | | | | | | | Security: FreeBSD-SA-14:19.tcp Approved by: so Notes: svn path=/releng/9.1/; revision=271669
* Fix multiple OpenSSL vulnerabilities:Xin LI2014-09-098-51/+125
| | | | | | | | | | | | | | | | | | | | | | The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506] The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507] A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508] OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510] Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510 Security: FreeBSD-SA-14:18.openssl Approved by: so Notes: svn path=/releng/9.1/; revision=271305
* Fix kernel memory disclosure in control message and SCTP notifications.Xin LI2014-07-086-28/+44
| | | | | | | | | Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so Notes: svn path=/releng/9.1/; revision=268434
* Fix multiple vulnerabilities in file(1) and libmagic(3).Xin LI2014-06-248-28/+47
| | | | | | | | | | | | | [SA-14:16] Fix gss_pseudo_random interoperability issue. [EN-14:08] Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so Notes: svn path=/releng/9.1/; revision=267831
* Fix OpenSSL multiple vulnerabilities.Xin LI2014-06-057-4/+37
| | | | | | | | | | Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so Notes: svn path=/releng/9.1/; revision=267104
* Fix sendmail improper close-on-exec flag handling. [SA-14:11]Xin LI2014-06-037-4/+31
| | | | | | | | | | | | | Fix ktrace memory disclosure. [SA-14:12] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so Notes: svn path=/releng/9.1/; revision=267018
* Add pkg bootstrapping, configuration and public keys. [EN-14:03]Xin LI2014-05-1316-52/+111
| | | | | | | | | | Improve build repeatability for kldxref(8). [EN-14:04] Fix data corruption with ciss(4). [EN-14:05] Approved by: so Notes: svn path=/releng/9.1/; revision=265988
* Fix TCP reassembly vulnerability.Xin LI2014-04-303-4/+9
| | | | | | | | | Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Approved by: so Notes: svn path=/releng/9.1/; revision=265125
* Fix NFS deadlock vulnerability. [SA-14:05]Xin LI2014-04-086-17/+105
| | | | | | | | | Fix ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so Notes: svn path=/releng/9.1/; revision=264284
* Fix bsnmpd remote denial of service vulnerability. [SA-14:01]Xin LI2014-01-147-10/+45
| | | | | | | | | | | | | | | | Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02] Approved by: so Notes: svn path=/releng/9.1/; revision=260647
* MFC r257879:Xin LI2013-11-283-3/+6
| | | | | | | | | | | | | | Fix typo in r256646: We want to generate lists of directories in INDEX-OLD and INDEX-NEW and compare them, not generate the same list of directories from INDEX-OLD twice... Pointy hats to: cperciva & everybody who didn't proofread EN-13:04 enough Errata Notice: FreeBSD-EN-13:05.freebsd-update Approved by: so Notes: svn path=/releng/9.1/; revision=258725
* MFC r256646, r256767, r257038:Xin LI2013-10-263-9/+30
| | | | | | | | | | | | | | | | | | | When installing updates, install new directories first and remove old directories last. Allow ~ in file names so libtool droppings in contrib don't break updates. It has happened twice now, and is likely to happen again. Be more selective when filtering for lib*.so.N files. These are deleted at the end of the upgrade process, after warning users to upgrade any 3rd party software (e.g., from the ports tree) which might link to the libraries being removed. Errata Notice: FreeBSD-EN-13:04.freebsd-update Approved by: so Notes: svn path=/releng/9.1/; revision=257194
* In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDRDag-Erling Smørgrav2013-09-106-3/+65
| | | | | | | | | | | | | | | | | and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] Security: CVE-2013-5691 Security: FreeBSD-SA-13:12.ifioctl Security: CVE-2013-5710 Security: FreeBSD-SA-13:13.nullfs Approved by: so Notes: svn path=/releng/9.1/; revision=255448
* Fix an integer overflow in computing the size of a temporary bufferXin LI2013-08-2211-205/+319
| | | | | | | | | | | | | | | | | | | | can result in a buffer which is too small for the requested operation. [13:09] Fix a bug that could lead to kernel memory disclosure with SCTP state cookie. [13:10] Fix a data corruption problem with mfi(4) operating on > 2TB disks in a JBOD. [EN-13:03] Security: CVE-2013-3077 Security: FreeBSD-SA-13:09.ip_multicast Security: CVE-2013-5209 Security: FreeBSD-SA-13:10.sctp Approved by: so Notes: svn path=/releng/9.1/; revision=254631
* Fix Denial of Service vulnerability in named(8). [13:07]Xin LI2013-07-264-3/+10
| | | | | | | | | | | | | | | Fix a bug that allows remote client bypass the normal access checks when when -network or -host restrictions are used at the same time with -mapall. [13:08] Security: CVE-2013-4854 Security: FreeBSD-SA-13:07.bind Security: CVE-2013-4851 Security: FreeBSD-SA-13:08.nfsserver Approved by: so Notes: svn path=/releng/9.1/; revision=253693
* Fix a bug that allowed a tracing process (e.g. gdb) to writeDag-Erling Smørgrav2013-06-183-1/+13
| | | | | | | | | | | | | to a memory-mapped file in the traced process's address space even if neither the traced process nor the tracing process had write access to that file. Security: CVE-2013-2171 Security: FreeBSD-SA-13:06.mmap Approved by: so Notes: svn path=/releng/9.1/; revision=251903
* Fix a bug that allows NFS clients to issue READDIR on files.Dag-Erling Smørgrav2013-04-292-1/+4
| | | | | | | | | | | | (files missing from previous commit) PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so Notes: svn path=/releng/9.1/; revision=250071
* Fix a bug that allows NFS clients to issue READDIR on files.Dag-Erling Smørgrav2013-04-291-0/+2
| | | | | | | | | | PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so Notes: svn path=/releng/9.1/; revision=250061
* Fix OpenSSL multiple vulnerabilities. [13:03]Xin LI2013-04-0247-929/+1968
| | | | | | | | | | | | | Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Approved by: so Notes: svn path=/releng/9.1/; revision=249029
* Fix Denial of Service vulnerability in named(8) with DNS64. [13:01]Bjoern A. Zeeb2013-02-194-24/+88
| | | | | | | | | | | | | | Fix Denial of Service vulnerability in libc's glob(3) functionality. [13:02] Security: CVE-2012-5688 Security: FreeBSD-SA-13:01.bind Security: CVE-2010-2632 Security: FreeBSD-SA-13:02.libc Approved by: so (simon, bz) Notes: svn path=/releng/9.1/; revision=246989
* We think we're ready for the 9.1-RELEASE builds.release/9.1.0Ken Smith2012-11-301-1/+1
| | | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=243710 svn path=/release/9.1.0/; revision=243808; tag=release/9.1.0
* Merge r243708:Ken Smith2012-11-301-0/+3
| | | | | | | | | Guess when we'll be ready to announce 9.1-RELEASE. Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=243709
* Remove stale documents.Hiroki Sato2012-11-30245-43664/+0
| | | | | | | Approved by: re (implicitly) Notes: svn path=/releng/9.1/; revision=243706
* - Bump versions and revert XML migration of the release documents inHiroki Sato2012-11-30247-3309/+1523
| | | | | | | | | | | | | | | | | | | | | | releng/9.1 branch. The doc tree release/9.1.0 for this release still uses SGML toolchain[1]. - Add SVNROOT{BASE,SRC,DOC,PORTS} for subversion repository URLs and BRANCH{SRC,DOC,PORTS} for the branches to generate-release.sh, and remove -p, -r, -d options. The revision to be built should be specified in the URL. - Add {WORLD,KERNEL}_FLAGS to generate-release.sh. These were supported in the old release build framework. - Disable to use binary package for docproj port during a release build. This package should be built successfully. Pointy hat to: hrs [1] Approved by: re (implicitly) Notes: svn path=/releng/9.1/; revision=243705
* Fix multiple Denial of Service vulnerabilities with named(8).Simon L. B. Nielsen2012-11-222-2/+11
| | | | | | | | | | | | | | | | Fix insufficient message length validation for EAP-TLS messages. Fix Linux compatibility layer input validation error. Security: FreeBSD-SA-12:06.bind Security: FreeBSD-SA-12:07.hostapd Security: FreeBSD-SA-12:08.linux Security: CVE-2012-4244, CVE-2012-5166, CVE-2012-4445, CVE-2012-4576 Approved by: re Approved by: security-officer Notes: svn path=/releng/9.1/; revision=243417
* MFC r242514:Eitan Adler2012-11-102-2/+2
| | | | | | | | | | | | | | | | | | | Revert the change that makes less default. Since I've committed this I've receieved roughly an equal amount of email thanking me for making this change and asking me to revert it. I've resisted making this change because new users tend to prefer less over more and these users are the least likely to know how to change the PAGER on their own. Approved by: cperciva (implicit) Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=242850
* Ready for 9.1-RC3...Ken Smith2012-10-281-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=242247
* MFC of r242187:Hiroki Sato2012-10-271-2/+8
| | | | | | | | | | Fix an issue when ipv6_enable=YES && ipv6_gateway_enable=YES which could prevent rtadvd(8) from working as intended. Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=242189
* MFC of 240586 and 240587 to unbreak release building:Hiroki Sato2012-10-271-32/+37
| | | | | | | | | | | | | Update generate-release.sh script: - Use svn for ports and doc trees - When installing a binary textproc/docproj package, switch pkg_add(1) to pkg(8) [1] Approved by: re (implicitly) Notes: svn path=/releng/9.1/; revision=242186
* Update branch tag from RELENG_9 to RELENG_9_1.Ken Smith2012-10-241-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=241980
* Update for being on releng/9.1 (RELENG_9_1).Ken Smith2012-10-241-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=241979
* MFC r241976: Add the release package directory for 9.1-RELEASE.Ken Smith2012-10-241-0/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=241978
* MFC: r241679Marius Strobl2012-10-211-3/+11
| | | | | | | | | | | | | | It turns out that as documented, PCF8563_R_SECOND_VL (i.e. battery low) doesn't automatically clear when VDD rises above Vlow again and needs to be cleared manually. However, apparently this needs all of the time registers to be set, i.e. pcf8563_settime(), and not just PCF8563_R_SECOND in order for PCF8563_R_SECOND_VL to stick. Thus, we just issue a warning during pcf8563_attach() rather than failing with ENXIO in case it is set. Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=241813
* MFC r241753:Xin LI2012-10-205-39/+68
| | | | | | | | | | | Integrate changes from LSI vendor driver 10.80.00.005 to FreeBSD. PR: kern/172833 Submitted by: "Charles O'Donnell" <cao bus net> Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=241764
* MFC r241096:Gabor Kovesdan2012-10-11238-525/+511
| | | | | | | | | | - Rename files to track the XML migration in the doc tree and make the release notes build again Approved by: re (hrs) Notes: svn path=/releng/9.1/; revision=241445
* MFC r241414:Xin LI2012-10-103-34/+40
| | | | | | | | | | | | | | Upgrade to 9.8.3-P4: Prevents a lockup when queried a deliberately constructed combination of records. [CVE-2012-5166] For more information: https://kb.isc.org/article/AA-00801 Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=241417
* Merge r240985 from head:Gleb Smirnoff2012-10-021-8/+15
| | | | | | | | | | | | | | | | Fix bug in TCP_KEEPCNT setting, which slipped in in the last round of reviewing of r231025. Unlike other options from this family TCP_KEEPCNT doesn't specify time interval, but a count, thus parameter supplied doesn't need to be multiplied by hz. Reported & tested by: amdmi3 Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=241133
* MFC r240917:Alexander Motin2012-10-011-5/+5
| | | | | | | | | | | | | Reduce delays in several wait loops from 10ms to 10us, same is it is done in Linux. This substantially increases graphics performance on Ivy Bridge. Submitted by: avg@ Reviewed by: kib@ Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=241093
* MFC r240884:Alexander Motin2012-09-271-2/+2
| | | | | | | | | | | | | Fix panic caused by wrong pointer dereference, left after pin sense rewrite at r230551. Also while there, make sense polling use reported for each node separately instead of reporting accumulated total status. Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=240988
* Ready for 9.1-RC2 builds.Ken Smith2012-09-261-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/9.1/; revision=240964
* MFC 240729 (dougb):Xin LI2012-09-226-8/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to 9.8.3-P3: Prevents a crash when queried for a record whose RDATA exceeds 65535 bytes. Prevents a crash when validating caused by using "Bad cache" data before it has been initialized. ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. For more information: https://kb.isc.org/article/AA-00788 Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=240808
* MFC r240079:Xin LI2012-09-203-123/+140
| | | | | | | | | | | | Update arcmsr(4) to vendor version 1.20.00.25. Many thanks to Areca for continuing to support FreeBSD. Submitted by: Ching-Lung Huang <ching2048 areca com tw> Approved by: re (kib) Notes: svn path=/releng/9.1/; revision=240758
* - Fix release notes build on releng/9.1 [1]Glen Barber2012-09-1945-597/+457
| | | | | | | | | | | | | | | - MFC r240508, r240516, r240519 (gabor): o Update releng/9.1/release/doc files post-XML conversion. o This commit fixes most of the 9-STABLE release build problems. - Close colspec tags to conform to XML standards. [1] - Convert installation article to XML stanards. [1] [1] - These are direct commits to releng/9.1 Approved by: re (hrs) Notes: svn path=/releng/9.1/; revision=240710
* MFC: r240476Jung-uk Kim2012-09-195-6/+7
| | | | | | | | | | | Do not change owner, group, or mode when package database directory and its contents are created with pkg_add(1). It may happen when the packing list contains @owner, @group, or @mode. Approved by: re (kib), portmgr (bapt) Notes: svn path=/releng/9.1/; revision=240702
* MFC r240412:Ed Maste2012-09-182-4/+3
| | | | | | | | | | | | | According to a clarification at http://austingroupbugs.net/view.php?id=503 ptsname may set errno, so avoid saving and restoring errno across the function. PR: standards/171572 Approved by: re Sponsored by: ADARA Networks Notes: svn path=/releng/9.1/; revision=240648