]>
CyberLeo.Net >> Repos - FreeBSD/releng/9.3.git/log
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
delphij [Mon, 10 Oct 2016 07:19:16 +0000 (07:19 +0000)]
Fix BIND remote Denial of Service vulnerability. [SA-16:28]
Fix bspatch heap overflow vulnerability. [SA-16:29]
Fix multiple portsnap vulnerabilities. [SA-16:30]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306942
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 26 Sep 2016 08:21:29 +0000 (08:21 +0000)]
Apply upstream revision
3612ff6fcec0e3d1f2a598135fe12177c0419582 :
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by
07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306336
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 23 Sep 2016 07:48:34 +0000 (07:48 +0000)]
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306230
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 25 Jul 2016 15:04:17 +0000 (15:04 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@303304
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Sat, 4 Jun 2016 05:46:52 +0000 (05:46 +0000)]
Fix multiple ntp vulnerabilities.
Security: FreeBSD-SA-16:24.ntp
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301301
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 31 May 2016 16:55:37 +0000 (16:55 +0000)]
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301049
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 31 May 2016 16:23:56 +0000 (16:23 +0000)]
Merge r300363 by mm@:
Backport security fix for absolute path traversal vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301044
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 17 May 2016 22:28:36 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@300088
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 4 May 2016 15:27:09 +0000 (15:27 +0000)]
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@299068
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 29 Apr 2016 08:02:31 +0000 (08:02 +0000)]
Fix ntp multiple vulnerabilities.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@298770
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Wed, 16 Mar 2016 22:30:03 +0000 (22:30 +0000)]
o Fix OpenSSH xauth(1) command injection. [SA-16:14]
o Fix incorrect argument validation in sysarch(2). [SA-16:15]
Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115
Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296953
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 10 Mar 2016 10:03:28 +0000 (10:03 +0000)]
Fix multiple vulnerabilities of BIND. [SA-16:13]
Fix a regression with OpenSSL patch. [SA-16:12]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296611
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 7 Mar 2016 16:22:11 +0000 (16:22 +0000)]
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296465
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Sat, 30 Jan 2016 06:12:03 +0000 (06:12 +0000)]
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197
Security: FreeBSD-SA-16:11.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@295061
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 27 Jan 2016 07:42:11 +0000 (07:42 +0000)]
Fix BIND remote denial of service vulnerability. [SA-16:08]
Fix multiple vulnerabilities of ntp. [SA-16:09]
Fix Linux compatibility layer issetugid(2) system call
vulnerability. [SA-16:10]
Security: FreeBSD-SA-16:08.bind
Security: FreeBSD-SA-16:09.ntp
Security: FreeBSD-SA-16:10.linux
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@294905
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Thu, 14 Jan 2016 22:53:07 +0000 (22:53 +0000)]
Fix OpenSSH client information leak.
Security: SA-16:07.openssh
Security: CVE-2016-0777
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@294054
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Thu, 14 Jan 2016 09:11:26 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Errata: FreeBSD-EN-16:02.pf
Errata: FreeBSD-EN-16:03.yplib
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@293896
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 16 Dec 2015 06:21:26 +0000 (06:21 +0000)]
Fix BIND remote denial of service vulnerability. [SA-15:27]
Security: FreeBSD-SA-15:27.bind
Security: CVE-2015-8000
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@292321
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Sat, 5 Dec 2015 09:53:58 +0000 (09:53 +0000)]
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@291854
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Wed, 4 Nov 2015 11:27:30 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
memory address. [3]
PR: 204046 [1]
PR: 204203 [1]
Errata Notice: FreeBSD-EN-15:19.kqueue [2]
Errata Notice: FreeBSD-EN-15:20.vm [3]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@290363
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Mon, 26 Oct 2015 11:42:25 +0000 (11:42 +0000)]
Upgrade NTP to 4.2.8p4.
Security: FreeBSD-SA-15:25.ntp
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@290001
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 2 Oct 2015 16:37:06 +0000 (16:37 +0000)]
Fix a regression with SA-15:24 patch that prevented NIS from
working.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@288512
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 29 Sep 2015 18:07:18 +0000 (18:07 +0000)]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@288385
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 16 Sep 2015 21:00:21 +0000 (21:00 +0000)]
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287873
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 2 Sep 2015 20:07:03 +0000 (20:07 +0000)]
Fix remote denial of service vulnerability when parsing malformed
key.
Security: CVE-2015-5722
Security: FreeBSD-SA-15:23.bind
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287410
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 25 Aug 2015 20:49:05 +0000 (20:49 +0000)]
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287147
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 18 Aug 2015 19:30:35 +0000 (19:30 +0000)]
Fix multiple integer overflows in expat.
Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@286902
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 5 Aug 2015 22:05:24 +0000 (22:05 +0000)]
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@286352
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 28 Jul 2015 19:59:22 +0000 (19:59 +0000)]
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Fix BIND remote denial of service vulnerability. [SA-15:17]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285980
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 21 Jul 2015 23:42:56 +0000 (23:42 +0000)]
Fix resource exhaustion due to sessions stuck in LAST_ACK state.
Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285780
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 7 Jul 2015 21:44:01 +0000 (21:44 +0000)]
Fix BIND resolver remote denial of service when validating.
Security: CVE-2015-4620
Security: FreeBSD-SA-15:11.bind
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285258
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 30 Jun 2015 23:21:48 +0000 (23:21 +0000)]
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
[EN-15:09] Fix inconsistency between locale and rune locale states.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284986
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284536
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 12 Jun 2015 07:23:55 +0000 (07:23 +0000)]
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284295
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 9 Jun 2015 22:13:53 +0000 (22:13 +0000)]
Update base system file(1) to 5.22 to address multiple denial of
service issues. [EN-15:06]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284194
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 13 May 2015 22:52:51 +0000 (22:52 +0000)]
Fix bug with freebsd-update(8) that does not ensure the previous
upgrade was completed. [EN-15:04]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@282874
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 7 Apr 2015 20:21:23 +0000 (20:21 +0000)]
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@281233
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280275
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 19 Mar 2015 17:42:38 +0000 (17:42 +0000)]
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280268
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 19 Mar 2015 17:41:17 +0000 (17:41 +0000)]
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280267
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 25 Feb 2015 05:56:54 +0000 (05:56 +0000)]
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix BIND remote denial of service vulnerability. [SA-15:05]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 0.9.8zd. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@279265
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 27 Jan 2015 19:37:02 +0000 (19:37 +0000)]
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@277808
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 14 Jan 2015 21:27:46 +0000 (21:27 +0000)]
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@277195
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
des [Tue, 23 Dec 2014 22:54:25 +0000 (22:54 +0000)]
[SA-14:31] Fix multiple vulnerabilities in NTP suite.
[EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@276157
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 10 Dec 2014 08:36:40 +0000 (08:36 +0000)]
Fix multiple vulnerabilities in file(1) and libmagic(3).
Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
Fix BIND remote denial of service vulnerability.
Security: FreeBSD-SA-14:29.bind
Security: CVE-2014-8500
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@275672
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
des [Tue, 4 Nov 2014 23:33:46 +0000 (23:33 +0000)]
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
[SA-14:26] Fix remote command execution in ftp(1).
[EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@274114
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 21 Oct 2014 23:50:46 +0000 (23:50 +0000)]
Time zone data file update. [EN-14:10]
Change crypt(3) default hashing algorithm back to DES. [EN-14:11]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@273438
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 21 Oct 2014 20:21:10 +0000 (20:21 +0000)]
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
Fix routed(8) remote denial of service vulnerability. [SA-14:21]
Fix memory leak in sandboxed namei lookup. [SA-14:22]
Fix OpenSSL multiple vulnerabilities. [SA-14:23]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@273415
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 16 Sep 2014 09:50:19 +0000 (09:50 +0000)]
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@271669
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)]
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@271305
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Thu, 10 Jul 2014 21:53:54 +0000 (21:53 +0000)]
Update releng/9.3 to -RELEASE in preparation of starting
9.3-RELEASE builds.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268512
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Thu, 10 Jul 2014 21:52:31 +0000 (21:52 +0000)]
Set static abitag to the current value of __FreeBSD_version.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268511
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Thu, 10 Jul 2014 21:51:37 +0000 (21:51 +0000)]
Anticipate when we will announce 9.3-RELEASE.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268510
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 22:54:11 +0000 (22:54 +0000)]
Document FreeBSD-SA-14:17.kmem
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268438
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 8 Jul 2014 21:55:02 +0000 (21:55 +0000)]
Fix kernel memory disclosure in control message and SCTP notifications.
Security: FreeBSD-SA-14:17.kmem
Security: CVE-2014-3952, CVE-2014-3953
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268433
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 19:55:44 +0000 (19:55 +0000)]
Remove incorrect (for this branch) entry regarding r262124.
Submitted by: José María Alcaide (via -stable@)
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268425
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 19:52:41 +0000 (19:52 +0000)]
Reorder the KDE4 entry so it does not follow how to continue
using old Xorg.
Requested by: wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268424
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 19:44:32 +0000 (19:44 +0000)]
Add a 'Ports and Packages' section to make note of
several items of importance regarding Xorg and KMS.
Submitted by: wblock (original)
Reviewed by: kms, wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268423
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 16:31:59 +0000 (16:31 +0000)]
In errata/article.xml, update the document will be maintained
until the EoL of the stable/9 branch.
In share/xml/release.xsl update the recommended mailing list
from -current to -stable.
In share/examples/Makefile.relnotesng, update the branch name
convention from CVS-style to SVN-style.
In installation/article.xml:
- Use descriptive text for the synching.html and the
makeworld.html pages to fix how the URLs are displayed.
- Remove a reference to 7.x.
- Change a reference from 8.2-RELEASE to 8.4-RELEASE.
In readme/article.xml:
- Change the recommended mailing list from -current
to -stable.
- Replace send-pr(1) references to Bugzilla equivalents.
- Note that send-pr(1) is a stub shell script now.
- Use descriptive text in a link to fix the URL.
In share/xml/release.ent:
- Update release.type from 'snapshot' to 'release.'
- Set IGNORE on release.type.snapshot, and INCLUDE on
release.type.release.
- Update release.manpath.freebsd to 9.3-RELEASE.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268417
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 8 Jul 2014 16:21:21 +0000 (16:21 +0000)]
Document r267911, send-pr(1) replaced with a stub instructing
to use the Bugzilla interface.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268416
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 4 Jul 2014 21:04:19 +0000 (21:04 +0000)]
Switch releng/9.3 to -RC3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268267
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hselasky [Thu, 3 Jul 2014 17:42:26 +0000 (17:42 +0000)]
MFC r268221 and r268222:
- Remove some unused variables.
- Add proper rangechecks in "axge_rx_frame()" function and
fix receive loop header parsing.
- Add new USB IDs.
Approved by: re, gjb @
PR: 191432
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268226
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
ume [Thu, 3 Jul 2014 16:26:37 +0000 (16:26 +0000)]
MFS r268218 (MFC r267912, r267915):
- Exclude loopback address rather than loopback interface.
- style(9)
Spotted by: melifaro
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268220
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hselasky [Thu, 3 Jul 2014 13:49:43 +0000 (13:49 +0000)]
MFC r268078 and r268080:
Fix for memory use after free() and mtx_destroy().
Approved by: re, glebius @
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268214
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Thu, 3 Jul 2014 13:21:00 +0000 (13:21 +0000)]
Revert mergeinfo to the root of releng/9.3/ introduced in
r267841.
Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268213
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
dteske [Wed, 2 Jul 2014 19:53:51 +0000 (19:53 +0000)]
MFS9 r268171 (MFC r267680):
Fix a code typo that prevented mkdir from firing (unnoticed usually
because another part of the code succeeded in making the same
directory).
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268174
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
ume [Tue, 1 Jul 2014 18:05:38 +0000 (18:05 +0000)]
MFS r268053 (MFC r267800):
Exclude IPv4 address from doing longest match.
It prevented DNS based load balancing.
Approved by: re (delphij)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268107
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
ume [Tue, 1 Jul 2014 17:31:47 +0000 (17:31 +0000)]
MFS r267876 (MFC r267616):
Retooling addrconfig() to exclude addresses on loopback interfaces
when looking for configured addresses.
This change is based upon the code from the submitter, and made
following changes:
- Exclude addresses assigned on interfaces which are down, like NetBSD
does.
- Exclude addresses assigned on interfaces which are ifdisabled.
PR: 190824
Submitted by: Justin McOmie
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268106
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 1 Jul 2014 14:12:59 +0000 (14:12 +0000)]
Fix typo: s/ata/ichsmb/
Wrap.
Submitted by: mav
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268092
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
rodrigc [Mon, 30 Jun 2014 23:39:13 +0000 (23:39 +0000)]
MFC r267821:
Strict value checking will cause problem.
Bay trail DN2820FYKH is supported on Linux but does not work on FreeBSD.
This behaviour is bug-compatible with Linux-3.13.5.
References:
http://d.hatena.ne.jp/syuu1228/
20140326
http://lxr.linux.no/linux+v3.13.5/arch/x86/kernel/acpi/boot.c#L1094
Submitted by: syuu
PR: 187966
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268068
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 30 Jun 2014 19:36:08 +0000 (19:36 +0000)]
Make reference to vt(4) a link now that the manual page is available.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268060
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 30 Jun 2014 19:33:04 +0000 (19:33 +0000)]
Prefix SA-14:16.file with 'FreeBSD-' for consistency with other SA
listings.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268058
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 30 Jun 2014 16:16:35 +0000 (16:16 +0000)]
MFS r267944 (MFC r258941,267839):
Apply vendor improvements to oce(4) driver:
- Add support to 20Gbps, 25Gbps, 40Gbps devices;
- Add support to control adaptive interrupt coalescing (AIC)
via sysctl;
- Improve support of BE3 devices;
- Big endian support fixes;
Many thanks to Emulex for their continued support of FreeBSD.
Submitted by: Venkata Duvvuru <VenkatKumar.Duvvuru Emulex.Com>
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268044
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Mon, 30 Jun 2014 12:20:25 +0000 (12:20 +0000)]
MFC: r267967, r267968
- SC_NO_SYSMOUSE isn't currently supported by vt(4), so nuke it from vt.4.
- vt_vga(4) is a driver rather than a function so reference it accordingly.
- Uncomment HISTORY section given that vt(4) will first appear in 9.3.
Reviewed by: emaste (modulo last part)
Approved by: re (gjb)
Sponsored by: Bally Wulff Games & Entertainment GmbH
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268039
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 27 Jun 2014 00:11:01 +0000 (00:11 +0000)]
Update releng/9.3 to -RC2 status as part of the 9.2-RELEASE
process.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267943
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
np [Thu, 26 Jun 2014 17:58:29 +0000 (17:58 +0000)]
Merge r267757, which was MFC'd to stable/9 as r267882:
cxgbe(4): Update the bundled T4 and T5 firmwares to versions 1.11.27.0.
Approved by: re (glebius)
Obtained from: Chelsio
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267926
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gavin [Thu, 26 Jun 2014 11:02:51 +0000 (11:02 +0000)]
Merge r267738 from stable/9:
Remove send-pr and fix up all references to it. Replace it with a
stub send-pr directing people towards the web site.
Approved by: re (gjb), bugmeister
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267911
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Thu, 26 Jun 2014 03:27:12 +0000 (03:27 +0000)]
MFS9 r267683 (dteske):
- Replace pkg-tools with pkgng
- Fix cosmetic typos
- Use `pkg -vv' to obtain ABI
- Unbreak the installer
- Remove the env(1) but keep the var
- Remove an unused variable
- Improve debugging with f_eval_catch()
- Fix package installation from physical media such as DVD
- Fix PKG_ABI detection after pkg-1.2
- Fix failed attempt to send pkg(8) stderr to /dev/null
- Export 'REPOS_DIR' when selected source medium is cdrom
Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267892
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Wed, 25 Jun 2014 19:22:40 +0000 (19:22 +0000)]
MFS9 r267879:
Fix a bug in bsdgrep(1) where patterns are not correctly
detected.
Certain criteria must be met for this bug to show up:
* the -w flag is specified, and
* neither -o or --color are specified, and
* the pattern is part of another word in the line, and
* the other word that contains the pattern occurs first
PR: 181973
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267881
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Wed, 25 Jun 2014 10:27:17 +0000 (10:27 +0000)]
MFC: r267145
Fix the keyfile being cleared prematurely after r259428 (MFCed to stable/9
in r266750).
PR: 185084
Submitted by: fk@fabiankeil.de
Reviewed by: pjd
Approved by: re (glebius)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267862
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Wed, 25 Jun 2014 00:33:30 +0000 (00:33 +0000)]
Document FreeBSD-SA-14:16.file.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267848
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
jhb [Tue, 24 Jun 2014 20:35:20 +0000 (20:35 +0000)]
MFC 253392:
Workaround some broken BIOSes that specify edge-sensitive but active-low
settings for ACPI-enumerated serial ports by forcing any IRQs that use
an ISA IRQ value with these settings to active-high instead of active-low.
This is known to occur with the BIOS on an Intel
D2500CCE motherboard.
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267841
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Tue, 24 Jun 2014 19:05:19 +0000 (19:05 +0000)]
Fix multiple vulnerabilities in file(1) and libmagic(3).
[SA-14:16]
Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
Security: FreeBSD-SA-14:16.file
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267830
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
tuexen [Mon, 23 Jun 2014 19:47:25 +0000 (19:47 +0000)]
MFC r267781:
Fix a bug in the setsockopt()-handling of the SCTP
specific option SCTP_PEER_ADDR_THLDS: Use the
provided address as intended.
MFC r267781:
Fix a bug which incorrectly allowed two listening SCTP sockets on
the same port bound to the wildcard address.
Approved by: re (gjb@)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267806
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 23 Jun 2014 19:37:11 +0000 (19:37 +0000)]
Packages for KDE4 will not immediately be available for
9.3-RELEASE, so include XFCE4 on the DVD in its place.
This is a direct commit to releng/9.3.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267805
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 23 Jun 2014 19:36:57 +0000 (19:36 +0000)]
Switch the DVD pkg(8) repository to 'release_3' now that
the 9.3-RELEASE package builds are complete.
This is a direct commit to releng/9.3.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267804
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
tuexen [Mon, 23 Jun 2014 15:04:32 +0000 (15:04 +0000)]
MFC r267780:
Honor jails for unbound SCTP sockets when selecting source addresses,
reporting IP-addresses to the peer during the handshake, adding
addresses to the host, reporting the addresses via the sysctl
interface (used by netstat, for example) and reporting the
addresses to the application via socket options.
This issue was reported by Bernd Walter.
Approved by: re (glebius@)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267799
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Sat, 21 Jun 2014 23:35:11 +0000 (23:35 +0000)]
Reword the compatibility note regarding earlier versions of
FreeBSD prior to 9.0.
Submitted by: wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267707
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Sat, 21 Jun 2014 01:11:59 +0000 (01:11 +0000)]
Spell '14' correctly.
Submitted by: delphij
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267699
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
np [Sat, 21 Jun 2014 01:05:46 +0000 (01:05 +0000)]
Merge r267600, which was MFC'd to stable/9 as r267695.
cxgbe(4): Fix bug in the fast rx buffer recycle path. In some cases rx
buffers were getting recycled when they should have been left alone.
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267698
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 20 Jun 2014 21:35:39 +0000 (21:35 +0000)]
Remove the '<?ignore ?>' surrounding the 9.3R installation
documentation.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267691
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 20 Jun 2014 00:18:25 +0000 (00:18 +0000)]
Update __FreeBSD_version now that releng/9.3 is branched.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267656
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 20 Jun 2014 00:13:56 +0000 (00:13 +0000)]
Remove svn:mergeinfo carried over from stable/9.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267655
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 20 Jun 2014 00:11:34 +0000 (00:11 +0000)]
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267654
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f