glebius [Tue, 17 May 2016 22:28:11 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
glebius [Thu, 14 Jan 2016 09:11:16 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
glebius [Wed, 4 Nov 2015 11:27:21 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
memory address. [3]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
jfv [Tue, 11 Nov 2014 05:00:51 +0000 (05:00 +0000)]
Update the Intel ixl/ixlv drivers to fix a panic in the boot/install
kernel if the system has a fiber-based Intel XL710 adapter installed.
In addition ixl version 1.2.8 and ixlv version 1.1.18 give:
- Improved VF stability (thanks to Ryan Stone for this)
- RSS fixes
- link detection in the ixlv driver
- new sysctl's added
- corrected media reporting
jhb [Mon, 10 Nov 2014 19:53:39 +0000 (19:53 +0000)]
MFstable10 273998:
Rework the EXAMPLES section to be a bit clearer.
- Add an example of using etcupdate diff.
- Create a subsection on bootstrapping that is below the simple
examples. This should make it clearer that 'etcupdate extract' is
a one-time operation and not part of the common workflow. It also
adds more suggestions on when bootstrapping is needed and additional
steps to make future merges simpler.
gjb [Mon, 3 Nov 2014 09:02:08 +0000 (09:02 +0000)]
Update the hardware page to reflect CPU updates/additions
added in head@r273941.
Since the original commit requires changes to the doc/
repository after the release tag had already happened,
(re)define entities in share/xml/release.ent that reflect
doc@r45900 to prevent build breakage.
Requested by: gavin
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
mav [Tue, 28 Oct 2014 14:01:58 +0000 (14:01 +0000)]
MFS10 r273767 / MFC r273638:
Revert somewhat hackish geom_disk optimization, committed as part of r256880,
and the following r273143 commit, supposed to workaround introduced issue by
quite innocent-looking change.
While there is no clear understanding why, but r273143 is accused in data
corruption in some environments with high I/O load. I personally don't see
any problem in that commit, and possibly it is just a trigger to some other
bug somewhere, but better safe then sorry for now.
gjb [Sun, 26 Oct 2014 17:17:08 +0000 (17:17 +0000)]
MFstable10 r273698:
MFC r273653:
Fix a few issues with creating VOLUME_LABEL for the
installation ISOs:
- TYPE, BRANCH, and REVISION are only defined if
OSRELEASE is not defined, so in situations where
one might set OSRELEASE for an in-house ISO build,
VOLUME_LABEL would be empty.
- makefs(8) limits the volume label to 32 characters,
which for the powerpc64 case, OSRELEASE expands to
FreeBSD-11.0-CURRENT-powerpc-powerpc64. Even with
removing the prefixing 'FreeBSD-', the string is 30
characters long, leaving zero room for suffixing the
type of ISO media (BO for bootonly, CD for cdrom, and
DVD for dvdrom).
Resolve these by defining VOLUME_LABEL when defining
OSRELEASE if unset. If OSRELEASE is defined by the
builder, use the OSRELEASE from that definition as the
VOLUME_LABEL.
In addition, for cases where both TARGET and TARGET_ARCH
are used for the VOLUME_LABEL, use TARGET_ARCH if it
differs from TARGET.
There are probably a few sharp edges here yet, but these
problems are going to affect the powerpc/powerpc64 builds
for 10.1-RELEASE, so the immediate concern is fixing the
underlying problem at hand quickly, and less so about the
elegance of the fix.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
gjb [Tue, 21 Oct 2014 23:07:30 +0000 (23:07 +0000)]
MFstable10 r273429:
MFC r273402:
Fix an issue where a FreeBSD virtual machine provisioned in
the Microsoft Azure service does not recognize the second
attached disk on the system.
PR: 194376
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
tuexen [Mon, 20 Oct 2014 05:17:16 +0000 (05:17 +0000)]
MFC10 r273275 (r273168 in head):
Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a
sent incoming stream reset request was responded with failed
or denied.
Thanks to Peter Bostroem from Google for reporting the issue.
emaste [Mon, 20 Oct 2014 01:45:40 +0000 (01:45 +0000)]
MFS10 r273294 (r273178 in HEAD):
Update vt(4) for UEFI defaults and special keys
vt(4) is the default console for UEFI boot [1], and the bitmapped
kern.vt.spclkeys sysctl has been replaced with individual kern.vt.kbd_*
enable sysctls.
jhb [Fri, 17 Oct 2014 20:39:39 +0000 (20:39 +0000)]
MFS10 273238;
Properly set the timeout in a query_state. The global query_timeout
configuration value is an integer count of seconds, it is not a timeval.
Using memcpy() to copy a timeval from it put garbage into the tv_usec
field.
emaste [Fri, 17 Oct 2014 16:32:27 +0000 (16:32 +0000)]
MFS10 r273232 (HEAD r257302 by rea):
binutils/bfd: fix printf-like format strings for "bfd *" arguments
There is a special format argument '%B' that directly handles values
of type 'bfd *', they must be used instead of '%s'. Manifestations
of this bug can be seen in ld(1) error messages, for example,
http://lists.freebsd.org/pipermail/freebsd-current/2013-August/043580.html
http://lists.freebsd.org/pipermail/freebsd-current/2013-October/045404.html
gjb [Thu, 16 Oct 2014 23:25:38 +0000 (23:25 +0000)]
MFstable10 r273198:
MFC r273093, r273096:
r273093:
Merge the following from ^/projects/release-vmimage:
r272436, r272437, r272792:
r272436:
Remove the first argument to panic(), which was initially
intended to be the exit code, however when a non-zero exit
code was returned to release/Makefile, this would prevent
any remaining (and possibly successful) stages from being
attempted.
r272437:
If the vm-base target fails, prevent the vm-image target
from being run since it cannot possibly succeed.
r272792:
Add /usr/local/bin and /usr/local/sbin to PATH, needed
if third-party software needs to use utilities outside
of the base system during post-install stages (indexinfo
is one culprit).
r273096:
Merge the following from ^/projects/release-vmimage:
r273076, r273077, r273079, r273095:
r273076:
Add a separate make(1) target to release/Makefile to
build FreeBSD virtual machine disk images for use on
the Microsoft Azure service.
For now, this target is not directly connected to the
build, however can be manually invoked.
The 'vm-azure' target invokes {amd64,i386}/mk-azure.sh,
which does the heavy lifting to produce proper VHDs.
mk-azure.sh uses a configuration file, defaulting to
tools/azure.conf if otherwise unset.
r273077:
Clear VM_RC_LIST.
r273079:
Fix signal list to trigger umount(8).
r273095:
Output an informational message when mkimg(1) runs, so it
does not appear that the process has stopped while waiting
for a 'y/n' response when waagent is deprovisioned.
Relnotes: yes
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
glebius [Thu, 16 Oct 2014 23:03:04 +0000 (23:03 +0000)]
Merge r273184, r273185 from stable/10:
- Use rn_detachhead() instead of direct free(9) for radix tables.
- Free radix mask entries on main radix destroy.
delphij [Thu, 16 Oct 2014 22:20:38 +0000 (22:20 +0000)]
MFS r273191: MFC r273060:
Use write_psize instead of write_asize when doing vdev_space_update.
Without this change the accounting of L2ARC usage would be wrong and
give 16EB free space because the number became negative and overflows.
hrs [Thu, 16 Oct 2014 22:00:24 +0000 (22:00 +0000)]
MFS r272855, 266846:
- Do not override sin6_scope_id in LLA when it is already set to non-zero.
This fixes destination list in output of netstat -r.
- Plug a memory leak.
- Add RTM_VERSION check.
- Fix a bug which can make sysctl() fail when -F is specified.
- Increase WID_IF_DEFAULT() from 6 to 8 (the default for AF_INET6) because
we have interfaces with longer names than 6 chars like epairN{a,b}.
- Style fixes.
MFS r272847:
- Add rwlock to struct dadq. A panic could occur when a large number of
addresses performed DAD at the same time.
MFS r272850:
- Replace Sun RPC license in TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
- Replace Sun Industry Standards Source License for Sun RPC code with a
3-clause BSD license as specified by Oracle America, Inc. in 2010.
This license change was approved by Wim Coekaerts, Senior Vice
President, Linux and Virtualization at Oracle Corporation.
- Replace Sun RPC license with a 3-clause BSD license. This license change
was approved in 2010 by Wim Coekaerts, Senior Vice President, Linux and
Virtualization at Oracle Corporation.
- Replace Sun RPC license for TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
The code in question in this file was copied from
lib/libc/rpc/pmap_getport.c.
MFS r272852,r272853:
- Add relative specification in expiration time.
- Add proto3 option for RTF_PROTO3.
- Use %lu for members of struct rt_metrics.
- Use long explicitly for the time difference.
MFS r272854:
- Return 0 if:
1. "-u N" specified, no -f, and mdN found,
2. no -u, "-f /pathname" specified, and mdN associated with
/pathname found,
3. "-u N" specified, "-f /pathname" specified, and both of them found,
4. "-l" specified and no -f,
5. "-l" specified, "-f /pathname" specified, and /pathname found.
otherwise return -1.
MFS r272856:
- Move configuration of IPv6 NDP flags to a point before handling ifconfig_IF.
This fixes a race that a non-IPv4 interface can get an EUI64 LLA even if it
has IFDISABLED nd6 flag at boot time.
MFS r272857:
- Cancel DAD for an ifa when the ifp has ND6_IFF_IFDISABLED as early as
possible and do not clear IN6_IFF_TENTATIVE. If IFDISABLED was accidentally
set after a DAD started, TENTATIVE could be cleared because no NA was
received due to IFDISABLED, and as a result it could prevent DAD when
manually clearing IFDISABLED after that.
MFS r272858:
- Fix an issue in range specification handling when a "-foo" is specified in
ifconfig_IF_aliasN.
MFS r272859:
- Fix EtherIP. TOS field must be initialized when the inner protocol is
PF_LINK, and multicast/broadcast flag should always be dropped because
the outer protocol uses unicast even when the inner address is not for
unicast. It had been broken since r236951 when gif_output() started to
use IFQ_HANDOFF().
MFS r272860:
- Recover sin6_scope_id of gateway addresses in riprecv() by using the
if_index where a RIP packet was received. This fixes a bug which
prevented gateway addresses in fe80::/64 from being added.
MFS r272861:
- Fix rc.d/gssd script to define the default values in a standard way.
- Use a parameter argument in jls(8) instead of doing grep.
MFS r272862, r272870:
- Restructure rc.d scripts for kerberos5 daemons.
MFS r272863:
- Return false status only when adding a route is failed. It could
erroneously return false due to an afexists() check loop in routing_start().
MFS r272864:
- Use ipv6_prefer when at least one ifconfig_IF_ipv6 is configured.
MFS r272865:
- Fix a bug which prevented mount.fstab parameter from being converted
when jail_JID_devfs_enable=NO.
MFS r272866:
- Fix header output when -P is specified and (ncpus - 1) != maxid.
MFS r272867:
- Fix a bug which could break extended attributes in a dump output.
This occurred when a file was >892kB long and had a large data (>1kB)
in the extended attributes.
MFS r272868, r272869:
- Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and
net.inet.ip.process_options vnet-aware.
MFS r272871:
- Revert changes in r269180. It could cause -c N option to enter an
infinite loop if no reply packet is received.
MFS r272874:
- Resurrect set_rcvar() as a function to define a rc.conf variable.
It defines a variable and its default value in load_rc_config() just after
rc.conf is loaded. "rcvar" command shows the current and the default
values.
MFS r272960:
- Do not add late flag when file= is specified because it has a bad
side-effect. The specified file should exist before the fstab line.
mjg [Wed, 15 Oct 2014 16:54:18 +0000 (16:54 +0000)]
MFC r273109:
fget_unlocked currently reads 'fde' which is a structure consisting of
serveral fields. In effect the read is inatomic and may result in
obtaining file pointer with stale or incorrect capabilities.
Example race is with dup2.
Side effect is that capability checks can be circumvented.
Fix the problem with introduction of sequence counters.
araujo [Wed, 15 Oct 2014 06:31:08 +0000 (06:31 +0000)]
Make external NFS clients know when files have their attributes changed and
avoid cache the file's state indefinitely. The va_filerev is what is sent
to the client as the "change" attribute, the client is periodically fetching
the attributes and without this option the attribute remains as some garbage
value.
Reported by: Kevin Buhr <buhr@asaurus.net>
Reviewed by: delphij
Approved by: re (gjb), delphij
Obtained from: r272467
tuexen [Tue, 14 Oct 2014 19:38:31 +0000 (19:38 +0000)]
MF10 r273000 (r272750 in head)
Ensure that the number of stream reported in srs_number_streams is
consistent with the amount of data provided in the SCTP_RESET_STREAMS
socket option.
Thanks to Peter Bostroem from Google for drawing my attention to
this part of the code.
MF10 r273001 (r272751 in head):
Ensure that the list of streams sent in a stream reset parameter fits
in an mbuf-cluster.
Thanks to Peter Bostroem for drawing my attention to this part of the code.
MF10 r273002 (r272841 in head):
Ensure that the flags field of sctp_tmit_chunks is initialized.
Thanks to Peter Bostroem from Google for reporting the issue.
dumbbell [Tue, 14 Oct 2014 19:01:11 +0000 (19:01 +0000)]
vt(4): Save/restore keyboard mode & LED states when switching window
MF10: r273036
MFC: r272416
Add new functions to manipulate these mode & state, instead of calling
kbdd_ioctl() everyhere.
This fixes at least two bugs:
1. The state of the Scroll Lock LED and the state of scroll mode
could be out-of-sync. For instance, if one enables scroll mode on
window #1 and switches to window #2, the LED would remain on, but
the window wouldn't be in scroll mode.
Similarily, when switching between a console and an X.Org
session, the LED states could be inconsistent with the real
state.
2. When exiting from an X.Org session, the user could be unable to
type anything. The workaround was to switch to another console
window and come back.
r272234:
Initial commit to include virtual machine images as part
of the FreeBSD release builds.
This adds a make(1) environment variable requirement,
WITH_VMIMAGES, which triggers the virtual machine image
targets when not defined to an empty value.
Relevant user-driven variables include:
o VMFORMATS: The virtual machine image formats to create.
Valid formats are provided by running 'mkimg --formats'
o VMSIZE: The size of the resulting virtual machine
image. Typical compression is roughly 140Mb, regardless
of the target size (10GB, 15GB, 20GB, 40GB sizes have been
tested with the same result).
o VMBASE: The prefix of the virtual machine disk images.
The VMBASE make(1) environment variable is suffixed with
each format in VMFORMATS for each individual disk image, as
well as '.img' for the source UFS filesystem passed to
mkimg(1).
This also includes a new script, mk-vmimage.sh, based on how
the VM images for 10.0-RELEASE, 9.3-RELEASE, and 10.1-RELEASE
were created (mk-vmimage.sh in ^/user/gjb/thermite/).
With the order in which the stages need to occur, as well as
sanity-checking error cases, it makes much more sense to
execute a shell script called from make(1), using env(1) to
set specific parameters for the target image than it does to
do this in make(1) directly.
r272236:
Use VMBASE in place of a hard-coded filename in the CLEANFILES
list.
r272262:
Remove a 'set -x' that snuck in during testing.
r272264:
release/Makefile:
Connect the virtual machine image build to the release
target if WITH_VMIMAGES is set to a non-empty value.
release/release.sh:
Add WITH_VMIMAGES to RELEASE_RMAKEFLAGS.
release/release.conf.sample:
Add commented entries for tuning the release build if the
WITH_VMIMAGES make(1) environment variable is set to
a non-empty value.
r272269:
release/Makefile:
Include .OBJDIR in DESTDIR in the vm-base target.
release/release.sh:
Provide the full path to mddev.
r272271:
Fix UFS label for the root filesystem.
r272272:
Remove comments left in accidentally while testing, so the
VM /etc/fstab is actually created.
r272277:
Remove the UFS label from the root filesystem since it is added
by mkimg(1) as a gpt label, consistent with the fstab(5) entry.
r272279:
Comment cleanup in panic() message when mkimg(1) does not support
the requested disk image format.
r272376:
Separate release/scripts/mk-vmimage.sh to machine-specific
scripts, making it possible to mimic the functionality for
non-x86 targets.
Move echo output if MAKEFLAGS is empty outside of usage().
Remove TARGET/TARGET_ARCH evaluation.
r272380:
Avoid using env(1) to set values passed to mk-vmimage.sh,
and instead pass the values as arguments to the script,
making it easier to run this by hand, without 'make release'.
Add usage_vm_base() and usage_vm_image() usage helpers.
r272381:
After evaluating WITH_VMIMAGES is non-empty, ensure
the mk-vmimage.sh script exists before running it.
r272392:
Add WITH_COMPRESSED_VMIMAGES variable, which when set enables
xz(1) compression of the virtual machine images.
This is intentionally separate to allow more fine-grained
tuning over which images are compressed, especially in cases
where compressing 20GB sparse images can take hours.
r272412:
Document the new 'vm-image' target, and associated release.conf
variables.
r272413:
Remove two stray comments added during the initial iterations
of testing, no longer needed.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation