emaste [Wed, 19 Dec 2018 18:22:25 +0000 (18:22 +0000)]
MFS11 r342229: bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
gordon [Tue, 27 Nov 2018 19:42:16 +0000 (19:42 +0000)]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Reported by: Jakub Jirasek, Secunia Research at Flexera
Approved by: so
Security: FreeBSD-SA-18:13.nfs
Security: CVE-2018-17157
Security: CVE-2018-17158
Security: CVE-2018-17159
jtl [Mon, 6 Aug 2018 17:47:47 +0000 (17:47 +0000)]
Address concerns about CPU usage while doing TCP reassembly.
Currently, the per-queue limit is a function of the receive buffer
size and the MSS. In certain cases (such as connections with large
receive buffers), the per-queue segment limit can be quite large.
Because we process segments as a linked list, large queues may not
perform acceptably.
The better long-term solution is to make the queue more efficient.
But, in the short-term, we can provide a way for a system
administrator to set the maximum queue size.
We set the default queue limit to 100. This is an effort to balance
performance with a sane resource limit. Depending on their
environment, goals, etc., an administrator may choose to modify this
limit in either direction.
Approved by: so
Security: FreeBSD-SA-18:08.tcp
Security: CVE-2018-6922
gjb [Thu, 21 Jun 2018 18:13:04 +0000 (18:13 +0000)]
Final touches to 11.2-RELEASE release notes:
- Remove an empty section that was left over from a previous commit
to prune empty sections.
- Add a note about a late discovered issue with zfsd(8) (Bugzilla
228750). Fix a sentence stop while here.
- Document SA-18:07, which had been included in RC3.
- Fix FreeBSD versions in the installation.html page.
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
gjb [Fri, 8 Jun 2018 21:46:11 +0000 (21:46 +0000)]
Fix the ordering of where '$bootable' is set in the second
variable setting, which was moved around as part of prior
commits that were subsequently reverted.
This is a direct commit to releng/11.2.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
tuexen [Thu, 7 Jun 2018 18:01:31 +0000 (18:01 +0000)]
MFstable/11 334801
Improve compliance with RFC 4895 and RFC 6458.
Silently dicard SCTP chunks which have been requested to be
authenticated but are received unauthenticated no matter if support
for SCTP authentication has been negotiated. This improves compliance
with RFC 4895.
When the application uses the SCTP_AUTH_CHUNK socket option to
request a chunk to be received in an authenticated way, enable
the SCTP authentication extension for the end-point. This improves
compliance with RFC 6458.
Discussed with: Peter Lei
Approved by: re (marius@)
gjb [Thu, 7 Jun 2018 16:21:15 +0000 (16:21 +0000)]
relnotes/article.xml:
- Remove empty sections.
- Move the 'hardware support' section, containing only
driver information, to the 'device drivers' section.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
marius [Thu, 7 Jun 2018 15:51:23 +0000 (15:51 +0000)]
MFC: r334443 (by cem@) MF stable/11: r334787
dhclient(8): allow to supersede interface-mtu option
In some cases broken DHCP servers might send invalid MTU value, so allow to
use 'supersede' in dhclient.conf to override this. When superseded value is
0, MTU value is not updated at all.
tuexen [Wed, 6 Jun 2018 22:34:20 +0000 (22:34 +0000)]
MFstable/11 334732:
Don't overflow a buffer if we receive an INIT or INIT-ACK chunk
without a RANDOM parameter but with a CHUNKS or HMAC-ALGO parameter.
Please note that sending this combination violates the specification.
Thanks to Ronald E. Crane for reporting the issue for the userland
stack.
gjb [Wed, 6 Jun 2018 20:31:15 +0000 (20:31 +0000)]
Revert r333006:
This revision implemented hybrid ISOs for the amd64
architecture, however it was discovered to have caused
a regression in booting legacy-mode (BIOS/CSM).
This restores the way ISOs were previously created, as
the cause (and differences between head and stable/11
and releng/11.2) have not been entirely identified.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
Merge r334562 from stable/11 to releng/11.2. r334562 MFC'd the
following revisions to stable/11: r333650, r333652, r333682, r334406,
r334409-r334410, and r334489.
r333650:
cxgbe(4): Claim some more T5 and T6 boards.
r333652:
cxgbe(4): Add support for two more flash parts.
r333682:
cxgbe(4): Fall back to a failsafe configuration built into the firmware
if an error is reported while pre-processing the configuration file that
the driver attempted to use.
Also, allow the user to explicitly use the built-in configuration with
hw.cxgbe.config_file="built-in"
r334406:
cxgbe(4): Consider all supported speeds when building the ifmedia list
for a port. Fix other related issues while here:
- Require port lock for access to link_config.
- Allow 100Mbps operation by tracking the speed in Mbps. Yes, really.
- New port flag to indicate that the media list is immutable. It will
be used in future refinements.
This also fixes a bug where the driver reports incorrect media with
recent firmwares.
r334409:
cxgbe(4): Implement ifm_change callback.
r334410:
cxgbe(4): Use ifm for ifmedia just like the rest of the kernel.
No functional change.
r334489:
cxgbe(4): Include full duplex mediaopt in media that can be reported as
active. Always report full duplex in active media.
gjb [Thu, 31 May 2018 23:55:59 +0000 (23:55 +0000)]
MFC r334068 (phil):
Import libxo-0.9.0:
- Add xo_format_is_numeric() with improved logic to decide if format
strings are numeric, so json output quotes them
- Convert docs to sphinx/rst
- update tests
PR: 221676
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
marius [Thu, 31 May 2018 23:48:27 +0000 (23:48 +0000)]
Akin r302691 in head, synchronize the build stripping for the disc1
image with that of the bootonly image (but similarly modulo games
and groff(1)) as the amd64 disc1 image is overflowing. This also
removes the redundant MK_LLDB.
This is a direct commit to stable/11 rather than a MFC of r302691 as
the the disc1 image stripping previously has been directly modified
in stable/11 by r303027.