aboutsummaryrefslogtreecommitdiffstats
path: root/contrib
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of ntp.releng/9.3Xin LI2016-12-22172-3757/+7330
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=310419
* Fix possible login(1) argument injection in telnetd(8). [SA-16:36]Gleb Smirnoff2016-12-061-3/+4
| | | | | | | | | | | | | | | Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20] Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so Notes: svn path=/releng/9.3/; revision=309637
* Update tzdata to 2016i.Gleb Smirnoff2016-12-0526-2147/+9742
| | | | | | | | | | | | | | | Note: because of what appears to be a missing MFC to stable branches, these patches were generated by doing: % rsync -av stable/9/contrib/tzdata releng/9.3/contrib/tzdata % svn add releng/9.3/contrib/tzdata Errata Notice: EN-16:19 Submitted by: gjb Approved by: so Notes: svn path=/releng/9.3/; revision=309568
* Merge r307360 from stable/9:Gleb Smirnoff2016-12-052-33/+11
| | | | | | | | | | | | | | | | | | | Incorporate a change from OpenBSD by millert@OpenBSD.org Don't warn about valid time zone abbreviations. POSIX through 2000 says that an abbreviation cannot start with ':', and cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001 on changes this rule to say that an abbreviation can contain only '-', '+', and alphanumeric characters from the portable character set in the current locale. To be portable to both sets of rules, an abbreviation must therefore use only ASCII letters." Adapted from tzcode2015f. Errata Notice: EN-16:19.tzcode Approved by: so Notes: svn path=/releng/9.3/; revision=309567
* Fix BIND remote Denial of Service vulnerability. [SA-16:34]Xin LI2016-11-021-22/+47
| | | | | | | | | | | Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:34.bind Security: FreeBSD-SA-16:35.openssl Approved by: so Notes: svn path=/releng/9.3/; revision=308205
* Fix BIND remote Denial of Service vulnerability. [SA-16:28]Xin LI2016-10-101-11/+31
| | | | | | | | | | | Fix bspatch heap overflow vulnerability. [SA-16:29] Fix multiple portsnap vulnerabilities. [SA-16:30] Approved by: so Notes: svn path=/releng/9.3/; revision=306942
* Fix multiple ntp vulnerabilities.Xin LI2016-06-04150-3065/+4259
| | | | | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so Notes: svn path=/releng/9.3/; revision=301301
* Merge r300363 by mm@:Gleb Smirnoff2016-05-316-1/+37
| | | | | | | | | | | Backport security fix for absolute path traversal vulnerability in bsdcpio. Security: CVE-2015-2304 Security: SA-16:22 Approved by: so Notes: svn path=/releng/9.3/; revision=301044
* Fix ntp multiple vulnerabilities.Xin LI2016-04-29175-1194/+4409
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=298770
* Fix multiple vulnerabilities of BIND. [SA-16:13]Xin LI2016-03-105-126/+123
| | | | | | | | | Fix a regression with OpenSSL patch. [SA-16:12] Approved by: so Notes: svn path=/releng/9.3/; revision=296611
* Fix BIND remote denial of service vulnerability. [SA-16:08]Xin LI2016-01-27192-3468/+6582
| | | | | | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so Notes: svn path=/releng/9.3/; revision=294905
* o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]Gleb Smirnoff2016-01-14269-2056/+5057
| | | | | | | | | | | | | | | | | | | | | | | o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so Notes: svn path=/releng/9.3/; revision=293896
* Fix BIND remote denial of service vulnerability. [SA-15:27]Xin LI2015-12-164-7/+61
| | | | | | | | | Security: FreeBSD-SA-15:27.bind Security: CVE-2015-8000 Approved by: so Notes: svn path=/releng/9.3/; revision=292321
* Upgrade NTP to 4.2.8p4.Gleb Smirnoff2015-10-261793-161686/+723678
| | | | | | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so Notes: svn path=/releng/9.3/; revision=290001
* Fix remote denial of service vulnerability when parsing malformedXin LI2015-09-028-59/+87
| | | | | | | | | | | key. Security: CVE-2015-5722 Security: FreeBSD-SA-15:23.bind Approved by: so Notes: svn path=/releng/9.3/; revision=287410
* Fix multiple integer overflows in expat.Xin LI2015-08-181-2/+21
| | | | | | | | | Security: CVE-2015-1283 Security: FreeBSD-SA-15:20.expat Approved by: so Notes: svn path=/releng/9.3/; revision=286902
* Fix resource exhaustion in TCP reassembly. [SA-15:15]Xin LI2015-07-281-0/+1
| | | | | | | | | | | Fix OpenSSH multiple vulnerabilities. [SA-15:16] Fix BIND remote denial of service vulnerability. [SA-15:17] Approved by: so Notes: svn path=/releng/9.3/; revision=285980
* Fix BIND resolver remote denial of service when validating.Xin LI2015-07-071-3/+1
| | | | | | | | | Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Approved by: so Notes: svn path=/releng/9.3/; revision=285258
* [EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.Xin LI2015-06-301-1/+1
| | | | | | | | | [EN-15:09] Fix inconsistency between locale and rune locale states. Approved by: so Notes: svn path=/releng/9.3/; revision=284986
* Raise the default for sendmail client connections to 1024-bit DHXin LI2015-06-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | parameters to imporve TLS/DH interoperability with newer SSL/TLS suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD- SA-15:10.openssl). This is MFC of r284436 (gshapiro), the original commit message was: === The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. This commit chages that default to 1024 bits. sendmail 8.15.2, when released well use a default of 2048 bits. === Reported by: Frank Seltzer Errata Notice: FreeBSD-EN-15:08.sendmail Approved by: so Notes: svn path=/releng/9.3/; revision=284536
* Update base system file(1) to 5.22 to address multiple denial ofXin LI2015-06-09352-9899/+34580
| | | | | | | | | service issues. [EN-15:06] Approved by: so Notes: svn path=/releng/9.3/; revision=284194
* Improve patch for SA-15:04.igmp to solve a potential buffer overflow.Xin LI2015-04-072-53/+97
| | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-15:07] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09] Approved by: so Notes: svn path=/releng/9.3/; revision=281233
* Fix integer overflow in IGMP protocol. [SA-15:04]Xin LI2015-02-251-1/+7
| | | | | | | | | | | | | | | Fix BIND remote denial of service vulnerability. [SA-15:05] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 0.9.8zd. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so Notes: svn path=/releng/9.3/; revision=279265
* [SA-14:31] Fix multiple vulnerabilities in NTP suite.Dag-Erling Smørgrav2014-12-235-10/+38
| | | | | | | | | [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so Notes: svn path=/releng/9.3/; revision=276157
* Fix multiple vulnerabilities in file(1) and libmagic(3).Xin LI2014-12-1012-47/+213
| | | | | | | | | | | | | | | Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Fix BIND remote denial of service vulnerability. Security: FreeBSD-SA-14:29.bind Security: CVE-2014-8500 Approved by: so Notes: svn path=/releng/9.3/; revision=275672
* [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).Dag-Erling Smørgrav2014-11-041-14/+22
| | | | | | | | | | [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue. Approved by: so (des) Notes: svn path=/releng/9.3/; revision=274114
* Time zone data file update. [EN-14:10]Xin LI2014-10-2116-1980/+2311
| | | | | | | | | Change crypt(3) default hashing algorithm back to DES. [EN-14:11] Approved by: so Notes: svn path=/releng/9.3/; revision=273438
* Fix multiple vulnerabilities in file(1) and libmagic(3).Xin LI2014-06-245-26/+37
| | | | | | | | | | | [SA-14:16] Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: re (implicit) Notes: svn path=/releng/9.3/; revision=267830
* MFC: r267478Christian Brueffer2014-06-171-1/+1
| | | | | | | | | | | | | | MFp4: change 1191346 In print_header32_tok(), correct printing in the XML case. This lead to invalid XML files before. PR: 176259 Submitted by: zi Approved by: re (marius) Notes: svn path=/stable/9/; revision=267576
* MFC of 267473,tzdata2014eEdwin Groothuis2014-06-154-134/+163
| | | | | | | | | | | | Fix historical data for Egypt. Better prediction for future Egypt / Morocco changes. Update to Cocos / Cook islands. Fix historical data for Russia. Approved by: re (gjb) Notes: svn path=/stable/9/; revision=267489
* Fix ktrace kernel memory disclosure. [SA-14:12]Xin LI2014-06-031-7/+33
| | | | | | | | | Fix incorrect error handling in PAM policy parser. [SA-14:13] Approved by: re (glebius) Notes: svn path=/stable/9/; revision=267015
* MFC r266674:Dimitry Andric2014-05-281-1/+1
| | | | | | | | | | | | | | | | | Pull in r209489 from upstream clang trunk (by Akira Hatanaka): Fix a bug in xmmintrin.h. The last step of _mm_cvtps_pi16 should use _mm_packs_pi32, which is a function that reads two __m64 values and packs four 32-bit values into four 16-bit values. <rdar://problem/16873717> Approved by: re (glebius) Notes: svn path=/stable/9/; revision=266815
* MFC r265925:Dimitry Andric2014-05-2774-404/+920
| | | | | | | | | | | | | | | | | | | Upgrade our copy of llvm/clang to 3.4.1 release. This release contains mostly fixes, for the following upstream bugs: http://llvm.org/PR16365 http://llvm.org/PR17473 http://llvm.org/PR18000 http://llvm.org/PR18068 http://llvm.org/PR18102 http://llvm.org/PR18165 http://llvm.org/PR18260 http://llvm.org/PR18290 http://llvm.org/PR18316 http://llvm.org/PR18460 http://llvm.org/PR18473 http://llvm.org/PR18515 http://llvm.org/PR18526 http://llvm.org/PR18600 http://llvm.org/PR18762 http://llvm.org/PR18773 http://llvm.org/PR18860 http://llvm.org/PR18994 http://llvm.org/PR19007 http://llvm.org/PR19010 http://llvm.org/PR19033 http://llvm.org/PR19059 http://llvm.org/PR19144 http://llvm.org/PR19326 Approved by: re (kib) Notes: svn path=/stable/9/; revision=266759
* MFC: Update for sendmail 8.14.9 importGregory Neil Shapiro2014-05-261-2/+2
| | | | | | | Approved by: re (delphij) Notes: svn path=/stable/9/; revision=266712
* MFC: Merge sendmail 8.14.9Gregory Neil Shapiro2014-05-26547-584/+593
| | | | | | | Approved by: re (delphij) Notes: svn path=/stable/9/; revision=266711
* Merge r266111 from head:Gavin Atkinson2014-05-221-1/+1
| | | | | | | | | | | | | Fix typo. Note that although this file is under contrib, it has diverged sufficiently from upstream (including a full whitespace commit and large portions rewritten) that this change does not move us further from the upstream. PR: docs/186608 Submitted by: Jamie Landeg-Jones <jamie@dyslexicfish.net> Notes: svn path=/stable/9/; revision=266558
* MFC r265465:Xin LI2014-05-201-2/+0
| | | | | | | Don't reply monlist request when it's not enabled. Notes: svn path=/stable/9/; revision=266458
* MFC r265249,r265250,r265251:Bryan Drewery2014-05-174-6/+82
| | | | | | | | | | - Add -J command/flag to filter by jail name/jid. This will automatically display the JID as well (the -j command/flag). - Add a hint for 'u' and 'J' command that '+' displays all. - Add J command to help. Notes: svn path=/stable/9/; revision=266287
* MFC of 265978, tzdata2014cEdwin Groothuis2014-05-133-16/+47
| | | | | | | - Egypt will go into DST on 15 May 2014. Notes: svn path=/stable/9/; revision=265982
* MFC: nc(1) from OpenBSD 5.5.Xin LI2014-05-094-36/+124
| | | | Notes: svn path=/stable/9/; revision=265750
* MFC: r265090Marius Strobl2014-05-021-1/+1
| | | | | | | | | | | | | | | | | | Merge r133175 from upstream: 2008-03-13 Dennis Czeremin <dennis.czeremin@smiths-heimann.com> PR libstdc++/35566 * include/bits/stl_multimap.h (multimap<>::multimap(_InputIterator, _InputIterator)): Forward to _M_insert_equal, not _M_insert_unique. This patch was GPL2 at the time and fixes a regression introduced with the merge of GCC r129013 in FreeBSD r236829 (merged to stable/9 in r237507). Sponsored by: Bally Wulff Games & Entertainment GmbH Notes: svn path=/stable/9/; revision=265221
* MFC r264345:Dimitry Andric2014-04-141-3/+2
| | | | | | | | | | | | | | Amend r263891, by making clang default to DWARF2 debug info format for all FreeBSD versions, not just 10.x and earlier. Apparently too many people seem to have trouble with post-1993 formats. Also remove the related notes about messing with kernel configuration files from UPDATING, which are now superfluous. Requested by: many Notes: svn path=/stable/9/; revision=264464
* MFC r264238:Dimitry Andric2014-04-102-0/+16
| | | | | | | | | | | For GNU as, add two missing modes for each of the fcomip and fucomip instructions. Partially obtained from OpenBSD by Pedro Giffuni, while I added the fcomip variants. Apparently this should help with compiling certain variants of WebKit. Notes: svn path=/stable/9/; revision=264312
* MFC r263775:Dimitry Andric2014-04-021-0/+16
| | | | | | | | | | | | | | | Avoid "cc1: warning: is shorter than expected" when using GNU cpp in combination with dtrace scripts, which have "#!/usr/sbin/dtrace -Cs" shebang lines. This is because dtrace positions the file pointer after the shebang line, before passing the file to GNU cpp. To fix the warning, adjust the size downwards by the current position, after a bit of sanity checking. Suggested by: avg Notes: svn path=/stable/9/; revision=264032
* MFC r263891:Dimitry Andric2014-04-011-2/+4
| | | | | | | | | Make clang default to DWARF2 debug info format for FreeBSD 10.x and earlier. For head, this commit does not change anything, but it is purely meant to be MFC'd. Notes: svn path=/stable/9/; revision=263984
* MFC r263774:Dimitry Andric2014-03-291-0/+11
| | | | | | | | | | | Revert r263694, and apply a better fix to squelch unnecessary warnings from clang about possible keywords being treated as identifiers for the remainder of the translation unit (a.k.a. -Wkeyword-compat), when using libstdc++ in combination with -Wsystem-headers. This will not only fix devd, but any C++ program using libstdc++. Notes: svn path=/stable/9/; revision=263911
* MFC of 263901, tzdata2014bEdwin Groothuis2014-03-295-18/+58
| | | | | | | | | | - Update antartica. - Comments about historical data for Hawaii. - Update details for Crimea on 30 March - Move location data Simferopol. Notes: svn path=/stable/9/; revision=263905
* MFC r263312:Dimitry Andric2014-03-26111-36/+16451
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull in r196939 from upstream llvm trunk (by Reid Kleckner): Reland "Fix miscompile of MS inline assembly with stack realignment" This re-lands commit r196876, which was reverted in r196879. The tests have been fixed to pass on platforms with a stack alignment larger than 4. Update to clang side tests will land shortly. Pull in r196986 from upstream llvm trunk (by Reid Kleckner): Revert the backend fatal error from r196939 The combination of inline asm, stack realignment, and dynamic allocas turns out to be too common to reject out of hand. ASan inserts empy inline asm fragments and uses aligned allocas. Compiling any trivial function containing a dynamic alloca with ASan is enough to trigger the check. XFAIL the test cases that would be miscompiled and add one that uses the relevant functionality. Pull in r202930 from upstream llvm trunk (by Hans Wennborg): Check for dynamic allocas and inline asm that clobbers sp before building selection dag (PR19012) In X86SelectionDagInfo::EmitTargetCodeForMemcpy we check with MachineFrameInfo to make sure that ESI isn't used as a base pointer register before we choose to emit rep movs (which clobbers esi). The problem is that MachineFrameInfo wouldn't know about dynamic allocas or inline asm that clobbers the stack pointer until SelectionDAGBuilder has encountered them. This patch fixes the problem by checking for such things when building the FunctionLoweringInfo. Differential Revision: http://llvm-reviews.chandlerc.com/D2954 Together, these commits fix the problem encountered in the devel/emacs port on the i386 architecture, where a combination of stack realignment, alloca() and memcpy() could incidentally clobber the %esi register, leading to segfaults in the temacs build-time utility. See also: http://llvm.org/PR18171 and http://llvm.org/PR19012 Reported by: ashish PR: ports/183064 MFC r263313: Pull in r203311 from upstream llvm trunk (by Arnold Schwaighofer): ISel: Make VSELECT selection terminate in cases where the condition type has to be split and the result type widened. When the condition of a vselect has to be split it makes no sense widening the vselect and thereby widening the condition. We end up in an endless loop of widening (vselect result type) and splitting (condition mask type) doing this. Instead, split both the condition and the vselect and widen the result. I ran this over the test suite with i686 and mattr=+sse and saw no regressions. Fixes PR18036. With this fix the original problem case from the graphics/rawtherapee port (posted in http://llvm.org/PR18036 ) now compiles within ~97MB RSS. Reported by: mandree MFC r263320: Add separate patch files for all the customizations we have currently applied to our copy of llvm/clang. These can be applied in alphabetical order to a pristine llvm/clang 3.4 release source tree, to result in the same version used in FreeBSD. This is intended to clearly document all the changes until now, which mostly consist of cherry pickings from the respective upstream trunks, plus a number of hand-written FreeBSD-specific ones. Hopefully those can eventually be cleaned up and sent upstream too. Notes: svn path=/stable/9/; revision=263765
* MFC r262613:Dimitry Andric2014-03-2687-956/+4932
| | | | | | | | | | | | | | | | | | | | | | | | Merge the projects/clang-sparc64 branch back to head. This brings in several updates from the llvm and clang trunks to make the sparc64 backend fully functional. Apart from one patch to sys/sparc64/include/pcpu.h which is still under discussion, this makes it possible to let clang fully build world and kernel for sparc64. Any assistance with testing this on actual sparc64 hardware is greatly appreciated, as there will unavoidably be bugs left. Many thanks go to Roman Divacky for his upstream work on getting the sparc64 backend into shape. MFC r262985: Repair a few minor mismerges from r262261 in the clang-sparc64 project branch. This is also to minimize differences with upstream. Notes: svn path=/stable/9/; revision=263764
* MFC r263289: Update NetBSD Foundation copyrights to 2-clause BSDEd Maste2014-03-244-28/+0
| | | | | | | | | | | | | | The NetBSD Foundation states "Third parties are encouraged to change the license on any files which have a 4-clause license contributed to the NetBSD Foundation to a 2-clause license." This change removes clauses 3 and 4 from copyright / license blocks that list The NetBSD Foundation as the only copyright holder. Sponsored by: The FreeBSD Foundation Notes: svn path=/stable/9/; revision=263688