Fix integer overflow in IGMP protocol. [SA-15:04] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 1.0.1l. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@279264 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability and SCTP stream reset vulnerability. Security: FreeBSD-SA-15:02.kmem Security: CVE-2014-8612 Security: FreeBSD-SA-15:03.sctp Security: CVE-2014-8613 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@277808 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple vulnerabilities in OpenSSL. [SA-15:01] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@277195 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@276158 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix unbound remote denial of service vulnerability. Security: FreeBSD-SA-14:30.unbound Security: CVE-2014-8602 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@275854 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple vulnerabilities in file(1) and libmagic(3). Security: FreeBSD-SA-14:28.file Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@275671 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
[SA-14:24] Fix denial of service attack against sshd(8). [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue. Approved by: so (des) git-svn-id: svn://svn.freebsd.org/base/releng/10.0@274110 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Time zone data file update. [EN-14:10] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@273439 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20] Fix routed(8) remote denial of service vulnerability. [SA-14:21] Fix memory leak in sandboxed namei lookup. [SA-14:22] Fix OpenSSL multiple vulnerabilities. [SA-14:23] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@273415 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple OpenSSL vulnerabilities: The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506] The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507] A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508] OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510] If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509] A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. [CVE-2014-3511] A malicious client or server can send invalid SRP parameters and overrun an internal buffer. [CVE-2014-3512] A malicious server can crash the client with a NULL pointer dereference by specifying a SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139] Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139 Security: FreeBSD-SA-14:18.openssl Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@271304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix kernel memory disclosure in control message and SCTP notifications. Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@268434 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix iconv(3) NULL pointer dereference and out-of-bounds array access. [SA-14:15] Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Worked around bug with PCID implementation. [EN-14:07] Security: CVE-2014-3951 Security: FreeBSD-SA-14:15.iconv Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@267829 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix OpenSSL multiple vulnerabilities. Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@267104 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@267017 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09] Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198 Fix data corruption with ciss(4). [EN-14:05] Errata: FreeBSD-EN-14:05.ciss Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@265987 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix devfs rules not applied by default for jails. Fix OpenSSL use-after-free vulnerability. Fix TCP reassembly vulnerability. Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@265124 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix NFS deadlock vulnerability. [SA-14:05] Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@264267 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFreleng10 r259582 (reverse), MFstable10 r259491, r259492, r260781: r259582 (reverted): Set PACKAGESITE to 'release/0' for the pkg-stage target to pull the release set of packages. (Required to eliminate conflicts.) r259491: Prevent release build errors found during snapshot builds where if NOPORTS=1, pkg-stage.sh cannot build the ports-mgmt/pkg port if WITH_DVD=1. r259492: Add NOPKG to disable pkg-stage. r260781: Update the pkg-stage target to be more compatible with pkg-1.2: - Add a release-dvd.conf pkg(8) configuration file to override the default FreeBSD.conf configuration. - Remove architecture-specific pkg-stage.conf files, consolidate, and move their contents to scripts/pkg-stage.sh. - Use 'pkg -vv' to determine the ABI, which is used as the cache directory. Prior to these changes, it would be possible for pkg-stage to fetch conflicting binary packages from multiple repositories. A change local to releng/10.0 sets the package fetch URL to 'release/0'. Approved by: re (delphij) Sponsored by: The FreeBSD Foundation git-svn-id: svn://svn.freebsd.org/base/releng/10.0@260787 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f