glebius [Tue, 17 May 2016 22:28:11 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
glebius [Thu, 14 Jan 2016 09:11:16 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
glebius [Wed, 4 Nov 2015 11:27:21 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
memory address. [3]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
jfv [Tue, 11 Nov 2014 05:00:51 +0000 (05:00 +0000)]
Update the Intel ixl/ixlv drivers to fix a panic in the boot/install
kernel if the system has a fiber-based Intel XL710 adapter installed.
In addition ixl version 1.2.8 and ixlv version 1.1.18 give:
- Improved VF stability (thanks to Ryan Stone for this)
- RSS fixes
- link detection in the ixlv driver
- new sysctl's added
- corrected media reporting
jhb [Mon, 10 Nov 2014 19:53:39 +0000 (19:53 +0000)]
MFstable10 273998:
Rework the EXAMPLES section to be a bit clearer.
- Add an example of using etcupdate diff.
- Create a subsection on bootstrapping that is below the simple
examples. This should make it clearer that 'etcupdate extract' is
a one-time operation and not part of the common workflow. It also
adds more suggestions on when bootstrapping is needed and additional
steps to make future merges simpler.
gjb [Mon, 3 Nov 2014 09:02:08 +0000 (09:02 +0000)]
Update the hardware page to reflect CPU updates/additions
added in head@r273941.
Since the original commit requires changes to the doc/
repository after the release tag had already happened,
(re)define entities in share/xml/release.ent that reflect
doc@r45900 to prevent build breakage.
Requested by: gavin
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
mav [Tue, 28 Oct 2014 14:01:58 +0000 (14:01 +0000)]
MFS10 r273767 / MFC r273638:
Revert somewhat hackish geom_disk optimization, committed as part of r256880,
and the following r273143 commit, supposed to workaround introduced issue by
quite innocent-looking change.
While there is no clear understanding why, but r273143 is accused in data
corruption in some environments with high I/O load. I personally don't see
any problem in that commit, and possibly it is just a trigger to some other
bug somewhere, but better safe then sorry for now.
gjb [Sun, 26 Oct 2014 17:17:08 +0000 (17:17 +0000)]
MFstable10 r273698:
MFC r273653:
Fix a few issues with creating VOLUME_LABEL for the
installation ISOs:
- TYPE, BRANCH, and REVISION are only defined if
OSRELEASE is not defined, so in situations where
one might set OSRELEASE for an in-house ISO build,
VOLUME_LABEL would be empty.
- makefs(8) limits the volume label to 32 characters,
which for the powerpc64 case, OSRELEASE expands to
FreeBSD-11.0-CURRENT-powerpc-powerpc64. Even with
removing the prefixing 'FreeBSD-', the string is 30
characters long, leaving zero room for suffixing the
type of ISO media (BO for bootonly, CD for cdrom, and
DVD for dvdrom).
Resolve these by defining VOLUME_LABEL when defining
OSRELEASE if unset. If OSRELEASE is defined by the
builder, use the OSRELEASE from that definition as the
VOLUME_LABEL.
In addition, for cases where both TARGET and TARGET_ARCH
are used for the VOLUME_LABEL, use TARGET_ARCH if it
differs from TARGET.
There are probably a few sharp edges here yet, but these
problems are going to affect the powerpc/powerpc64 builds
for 10.1-RELEASE, so the immediate concern is fixing the
underlying problem at hand quickly, and less so about the
elegance of the fix.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
gjb [Tue, 21 Oct 2014 23:07:30 +0000 (23:07 +0000)]
MFstable10 r273429:
MFC r273402:
Fix an issue where a FreeBSD virtual machine provisioned in
the Microsoft Azure service does not recognize the second
attached disk on the system.
PR: 194376
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
tuexen [Mon, 20 Oct 2014 05:17:16 +0000 (05:17 +0000)]
MFC10 r273275 (r273168 in head):
Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a
sent incoming stream reset request was responded with failed
or denied.
Thanks to Peter Bostroem from Google for reporting the issue.
emaste [Mon, 20 Oct 2014 01:45:40 +0000 (01:45 +0000)]
MFS10 r273294 (r273178 in HEAD):
Update vt(4) for UEFI defaults and special keys
vt(4) is the default console for UEFI boot [1], and the bitmapped
kern.vt.spclkeys sysctl has been replaced with individual kern.vt.kbd_*
enable sysctls.
jhb [Fri, 17 Oct 2014 20:39:39 +0000 (20:39 +0000)]
MFS10 273238;
Properly set the timeout in a query_state. The global query_timeout
configuration value is an integer count of seconds, it is not a timeval.
Using memcpy() to copy a timeval from it put garbage into the tv_usec
field.
emaste [Fri, 17 Oct 2014 16:32:27 +0000 (16:32 +0000)]
MFS10 r273232 (HEAD r257302 by rea):
binutils/bfd: fix printf-like format strings for "bfd *" arguments
There is a special format argument '%B' that directly handles values
of type 'bfd *', they must be used instead of '%s'. Manifestations
of this bug can be seen in ld(1) error messages, for example,
http://lists.freebsd.org/pipermail/freebsd-current/2013-August/043580.html
http://lists.freebsd.org/pipermail/freebsd-current/2013-October/045404.html
gjb [Thu, 16 Oct 2014 23:25:38 +0000 (23:25 +0000)]
MFstable10 r273198:
MFC r273093, r273096:
r273093:
Merge the following from ^/projects/release-vmimage:
r272436, r272437, r272792:
r272436:
Remove the first argument to panic(), which was initially
intended to be the exit code, however when a non-zero exit
code was returned to release/Makefile, this would prevent
any remaining (and possibly successful) stages from being
attempted.
r272437:
If the vm-base target fails, prevent the vm-image target
from being run since it cannot possibly succeed.
r272792:
Add /usr/local/bin and /usr/local/sbin to PATH, needed
if third-party software needs to use utilities outside
of the base system during post-install stages (indexinfo
is one culprit).
r273096:
Merge the following from ^/projects/release-vmimage:
r273076, r273077, r273079, r273095:
r273076:
Add a separate make(1) target to release/Makefile to
build FreeBSD virtual machine disk images for use on
the Microsoft Azure service.
For now, this target is not directly connected to the
build, however can be manually invoked.
The 'vm-azure' target invokes {amd64,i386}/mk-azure.sh,
which does the heavy lifting to produce proper VHDs.
mk-azure.sh uses a configuration file, defaulting to
tools/azure.conf if otherwise unset.
r273077:
Clear VM_RC_LIST.
r273079:
Fix signal list to trigger umount(8).
r273095:
Output an informational message when mkimg(1) runs, so it
does not appear that the process has stopped while waiting
for a 'y/n' response when waagent is deprovisioned.
Relnotes: yes
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
glebius [Thu, 16 Oct 2014 23:03:04 +0000 (23:03 +0000)]
Merge r273184, r273185 from stable/10:
- Use rn_detachhead() instead of direct free(9) for radix tables.
- Free radix mask entries on main radix destroy.
delphij [Thu, 16 Oct 2014 22:20:38 +0000 (22:20 +0000)]
MFS r273191: MFC r273060:
Use write_psize instead of write_asize when doing vdev_space_update.
Without this change the accounting of L2ARC usage would be wrong and
give 16EB free space because the number became negative and overflows.
hrs [Thu, 16 Oct 2014 22:00:24 +0000 (22:00 +0000)]
MFS r272855, 266846:
- Do not override sin6_scope_id in LLA when it is already set to non-zero.
This fixes destination list in output of netstat -r.
- Plug a memory leak.
- Add RTM_VERSION check.
- Fix a bug which can make sysctl() fail when -F is specified.
- Increase WID_IF_DEFAULT() from 6 to 8 (the default for AF_INET6) because
we have interfaces with longer names than 6 chars like epairN{a,b}.
- Style fixes.
MFS r272847:
- Add rwlock to struct dadq. A panic could occur when a large number of
addresses performed DAD at the same time.
MFS r272850:
- Replace Sun RPC license in TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
- Replace Sun Industry Standards Source License for Sun RPC code with a
3-clause BSD license as specified by Oracle America, Inc. in 2010.
This license change was approved by Wim Coekaerts, Senior Vice
President, Linux and Virtualization at Oracle Corporation.
- Replace Sun RPC license with a 3-clause BSD license. This license change
was approved in 2010 by Wim Coekaerts, Senior Vice President, Linux and
Virtualization at Oracle Corporation.
- Replace Sun RPC license for TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
The code in question in this file was copied from
lib/libc/rpc/pmap_getport.c.
MFS r272852,r272853:
- Add relative specification in expiration time.
- Add proto3 option for RTF_PROTO3.
- Use %lu for members of struct rt_metrics.
- Use long explicitly for the time difference.
MFS r272854:
- Return 0 if:
1. "-u N" specified, no -f, and mdN found,
2. no -u, "-f /pathname" specified, and mdN associated with
/pathname found,
3. "-u N" specified, "-f /pathname" specified, and both of them found,
4. "-l" specified and no -f,
5. "-l" specified, "-f /pathname" specified, and /pathname found.
otherwise return -1.
MFS r272856:
- Move configuration of IPv6 NDP flags to a point before handling ifconfig_IF.
This fixes a race that a non-IPv4 interface can get an EUI64 LLA even if it
has IFDISABLED nd6 flag at boot time.
MFS r272857:
- Cancel DAD for an ifa when the ifp has ND6_IFF_IFDISABLED as early as
possible and do not clear IN6_IFF_TENTATIVE. If IFDISABLED was accidentally
set after a DAD started, TENTATIVE could be cleared because no NA was
received due to IFDISABLED, and as a result it could prevent DAD when
manually clearing IFDISABLED after that.
MFS r272858:
- Fix an issue in range specification handling when a "-foo" is specified in
ifconfig_IF_aliasN.
MFS r272859:
- Fix EtherIP. TOS field must be initialized when the inner protocol is
PF_LINK, and multicast/broadcast flag should always be dropped because
the outer protocol uses unicast even when the inner address is not for
unicast. It had been broken since r236951 when gif_output() started to
use IFQ_HANDOFF().
MFS r272860:
- Recover sin6_scope_id of gateway addresses in riprecv() by using the
if_index where a RIP packet was received. This fixes a bug which
prevented gateway addresses in fe80::/64 from being added.
MFS r272861:
- Fix rc.d/gssd script to define the default values in a standard way.
- Use a parameter argument in jls(8) instead of doing grep.
MFS r272862, r272870:
- Restructure rc.d scripts for kerberos5 daemons.
MFS r272863:
- Return false status only when adding a route is failed. It could
erroneously return false due to an afexists() check loop in routing_start().
MFS r272864:
- Use ipv6_prefer when at least one ifconfig_IF_ipv6 is configured.
MFS r272865:
- Fix a bug which prevented mount.fstab parameter from being converted
when jail_JID_devfs_enable=NO.
MFS r272866:
- Fix header output when -P is specified and (ncpus - 1) != maxid.
MFS r272867:
- Fix a bug which could break extended attributes in a dump output.
This occurred when a file was >892kB long and had a large data (>1kB)
in the extended attributes.
MFS r272868, r272869:
- Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and
net.inet.ip.process_options vnet-aware.
MFS r272871:
- Revert changes in r269180. It could cause -c N option to enter an
infinite loop if no reply packet is received.
MFS r272874:
- Resurrect set_rcvar() as a function to define a rc.conf variable.
It defines a variable and its default value in load_rc_config() just after
rc.conf is loaded. "rcvar" command shows the current and the default
values.
MFS r272960:
- Do not add late flag when file= is specified because it has a bad
side-effect. The specified file should exist before the fstab line.