FreeBSD/releng/10.1.git
2 years agoFix multiple vulnerabilities of ntp. master
delphij [Thu, 22 Dec 2016 16:19:05 +0000 (16:19 +0000)]
Fix multiple vulnerabilities of ntp.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@310419 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoMerge r309688: address regressions in SA-16:37.libc.
glebius [Wed, 7 Dec 2016 23:34:06 +0000 (23:34 +0000)]
Merge r309688: address regressions in SA-16:37.libc.

PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@309696 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoFix possible login(1) argument injection in telnetd(8). [SA-16:36]
glebius [Tue, 6 Dec 2016 18:49:59 +0000 (18:49 +0000)]
Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]

Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@309636 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoUpdate tzdata to 2016i.
glebius [Mon, 5 Dec 2016 23:23:13 +0000 (23:23 +0000)]
Update tzdata to 2016i.

Note: because of what appears to be a missing MFC to stable branches,
these patches were generated by doing:

 % rsync -av stable/10/contrib/tzdata releng/10.x/contrib/tzdata
 % svn add releng/10.x/contrib/tzdata

Errata Notice: EN-16:19
Submitted by: gjb
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@309574 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoMerge r307359 from stable/10:
glebius [Mon, 5 Dec 2016 23:09:54 +0000 (23:09 +0000)]
Merge r307359 from stable/10:

    Incorporate a change from OpenBSD by millert@OpenBSD.org

    Don't warn about valid time zone abbreviations.  POSIX
    through 2000 says that an abbreviation cannot start with ':', and
    cannot contain ',', '-', '+', NUL, or a digit.  POSIX from 2001
    on changes this rule to say that an abbreviation can contain only
    '-', '+', and alphanumeric characters from the portable character
    set in the current locale.  To be portable to both sets of rules,
    an abbreviation must therefore use only ASCII letters."  Adapted
    from tzcode2015f.

Errata Notice: EN-16:19.tzcode
Submitted by: bapt
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@309570 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoFix OpenSSL remote DoS vulnerability. [SA-16:35]
delphij [Wed, 2 Nov 2016 07:24:14 +0000 (07:24 +0000)]
Fix OpenSSL remote DoS vulnerability. [SA-16:35]

Security: FreeBSD-SA-16:35.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@308204 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoRevised SA-16:15. The initial patch didn't cover all possible overflows
glebius [Tue, 25 Oct 2016 17:11:07 +0000 (17:11 +0000)]
Revised SA-16:15.  The initial patch didn't cover all possible overflows
based on passing incorrect parameters to sysarch(2).

Security: SA-16:15
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@307932 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoFix bspatch heap overflow vulnerability. [SA-16:29]
delphij [Mon, 10 Oct 2016 07:18:54 +0000 (07:18 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:29]

Fix multiple portsnap vulnerabilities. [SA-16:30]

Fix multiple libarchive vulnerabilities. [SA-16:31]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@306941 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoApply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
delphij [Mon, 26 Sep 2016 08:21:29 +0000 (08:21 +0000)]
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:

Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").

This fixes a regression introduced in SA-16:26.openssl.

Submitted by: jkim
PR: 212921
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@306336 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

2 years agoFix multiple OpenSSL vulnerabilitites.
delphij [Fri, 23 Sep 2016 07:48:34 +0000 (07:48 +0000)]
Fix multiple OpenSSL vulnerabilitites.

Approved by: so
Security: FreeBSD-SA-16:26.openssl

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@306230 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix bspatch heap overflow vulnerability. [SA-16:25]
delphij [Mon, 25 Jul 2016 15:04:17 +0000 (15:04 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:25]

Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@303304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix multiple ntp vulnerabilities.
delphij [Sat, 4 Jun 2016 05:46:52 +0000 (05:46 +0000)]
Fix multiple ntp vulnerabilities.

Security: FreeBSD-SA-16:24.ntp
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@301301 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
glebius [Tue, 31 May 2016 16:55:41 +0000 (16:55 +0000)]
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]

Security: SA-16:20
Security: SA-16:21
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@301050 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoMerge r300361 by mm@:
glebius [Tue, 31 May 2016 16:32:42 +0000 (16:32 +0000)]
Merge r300361 by mm@:

  Backport security fix for absolute path traversal
  vulnerability in bsdcpio.

Security: CVE-2015-2304
Security: SA-16:22
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@301046 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years ago- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
glebius [Tue, 17 May 2016 22:28:11 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
  is not negative.

Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@300085 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix multiple OpenSSL vulnerabilitites. [SA-16:17]
delphij [Wed, 4 May 2016 15:27:09 +0000 (15:27 +0000)]
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]

Fix memory leak in ZFS. [EN-16:08]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@299068 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix ntp multiple vulnerabilities.
delphij [Fri, 29 Apr 2016 08:02:31 +0000 (08:02 +0000)]
Fix ntp multiple vulnerabilities.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@298770 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoo Fix OpenSSH xauth(1) command injection. [SA-16:14]
glebius [Wed, 16 Mar 2016 22:30:56 +0000 (22:30 +0000)]
o Fix OpenSSH xauth(1) command injection. [SA-16:14]
o Fix incorrect argument validation in sysarch(2). [SA-16:15]
o Fix Hyper-V KVP (Key-Value Pair) daemon indefinite sleep. [EN-16:04]

Errata:         FreeBSD-EN-16:04.hyperv
Security:       FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115
Security:       FreeBSD-SA-16:15.sysarch, CVE-2016-1885
Approved by:    so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@296954 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix multiple OpenSSL vulnerabilities.
delphij [Thu, 3 Mar 2016 07:30:55 +0000 (07:30 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-16:12.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@296341 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
delphij [Sat, 30 Jan 2016 06:12:03 +0000 (06:12 +0000)]
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.

Security: CVE-2015-3197
Security: FreeBSD-SA-16:11.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@295061 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix multiple vulnerabilities of ntp. [SA-16:09]
delphij [Wed, 27 Jan 2016 07:41:31 +0000 (07:41 +0000)]
Fix multiple vulnerabilities of ntp. [SA-16:09]

Fix Linux compatibility layer issetugid(2) system call
vulnerability. [SA-16:10]

Security: FreeBSD-SA-16:09.ntp
Security: FreeBSD-SA-16:10.linux
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@294904 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix OpenSSH client information leak.
glebius [Thu, 14 Jan 2016 22:47:54 +0000 (22:47 +0000)]
Fix OpenSSH client information leak.

Security:       SA-16:07.openssh
Security:       CVE-2016-0777
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@294051 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoo Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
glebius [Thu, 14 Jan 2016 09:11:16 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]

Errata: FreeBSD-EN-16:02.pf
Errata: FreeBSD-EN-16:03.yplib
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@293894 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix OpenSSL multiple vulnerabilities.
delphij [Sat, 5 Dec 2015 09:53:58 +0000 (09:53 +0000)]
Fix OpenSSL multiple vulnerabilities.

Security: FreeBSD-SA-15:26.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@291854 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoo Fix regressions related to SA-15:25 upgrade of NTP. [1]
glebius [Wed, 4 Nov 2015 11:27:21 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
  memory address. [3]

PR: 204046 [1]
PR: 204203 [1]
Errata Notice: FreeBSD-EN-15:19.kqueue [2]
Errata Notice: FreeBSD-EN-15:20.vm [3]
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@290362 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoUpgrade NTP to 4.2.8p4.
glebius [Mon, 26 Oct 2015 11:37:31 +0000 (11:37 +0000)]
Upgrade NTP to 4.2.8p4.

Security: FreeBSD-SA-15:25.ntp
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@290000 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix a regression with SA-15:24 patch that prevented NIS from
delphij [Fri, 2 Oct 2015 16:37:06 +0000 (16:37 +0000)]
Fix a regression with SA-15:24 patch that prevented NIS from
working.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@288512 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoThe Sun RPC framework uses a netbuf structure to represent the
delphij [Tue, 29 Sep 2015 18:07:18 +0000 (18:07 +0000)]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address.  The
structure is expected to be opaque to consumers.  In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.

In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer.  When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.

Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.

Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@288385 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoImplement pubkey support for pkg(7) bootstrap. [EN-15:18]
delphij [Wed, 16 Sep 2015 21:00:21 +0000 (21:00 +0000)]
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@287873 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

3 years agoFix local privilege escalation in IRET handler. [SA-15:21]
delphij [Tue, 25 Aug 2015 20:48:58 +0000 (20:48 +0000)]
Fix local privilege escalation in IRET handler. [SA-15:21]

Fix OpenSSH multiple vulnerabilities. [SA-15:22]

Disabled ixgbe(4) flow-director support. [EN-15:14]

Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@287146 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix patchlevel in UPDATING.
delphij [Tue, 18 Aug 2015 20:21:45 +0000 (20:21 +0000)]
Fix patchlevel in UPDATING.

Spotted by: pluknet
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@286905 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix multiple integer overflows in expat.
delphij [Tue, 18 Aug 2015 19:30:35 +0000 (19:30 +0000)]
Fix multiple integer overflows in expat.

Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@286902 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix patch(1) shell injection vulnerability via ed(1). [SA-15:18]
delphij [Wed, 5 Aug 2015 22:05:18 +0000 (22:05 +0000)]
Fix patch(1) shell injection vulnerability via ed(1). [SA-15:18]

Fix routed remote denial of service vulnerability. [SA-15:19]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@286351 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoCorrect patchlevel.
delphij [Tue, 28 Jul 2015 21:43:23 +0000 (21:43 +0000)]
Correct patchlevel.

Noticed by: Piotr Kubaj
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@285987 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix patch(1) shell injection vulnerability. [SA-15:14]
delphij [Tue, 28 Jul 2015 19:59:11 +0000 (19:59 +0000)]
Fix patch(1) shell injection vulnerability. [SA-15:14]

Fix resource exhaustion in TCP reassembly. [SA-15:15]

Fix OpenSSH multiple vulnerabilities. [SA-15:16]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@285979 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix resource exhaustion due to sessions stuck in LAST_ACK state.
delphij [Tue, 21 Jul 2015 23:42:56 +0000 (23:42 +0000)]
Fix resource exhaustion due to sessions stuck in LAST_ACK state.

Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@285780 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years ago[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
delphij [Tue, 30 Jun 2015 23:21:37 +0000 (23:21 +0000)]
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.

[EN-15:09] Fix inconsistency between locale and rune locale states.

[EN-15:10] Improved iconv(3) UTF-7 support.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284985 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoRaise the default for sendmail client connections to 1024-bit DH
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).

This is MFC of r284436 (gshapiro), the original commit message
was:

===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits.  sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits.  sendmail 8.15.2, when
released well use a default of 2048 bits.
===

Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284536 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix OpenSSL multiple vulnerabilities.
delphij [Fri, 12 Jun 2015 07:23:55 +0000 (07:23 +0000)]
Fix OpenSSL multiple vulnerabilities.

Security: FreeBSD-SA-15:10.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284295 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agosrc/UPDATING in releng/10.1 should reflect the right patchlevel.
delphij [Wed, 10 Jun 2015 17:27:48 +0000 (17:27 +0000)]
src/UPDATING in releng/10.1 should reflect the right patchlevel.

Reported by: madpilot
Pointy hat to: delphij
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284230 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate base system file(1) to 5.22 to address multiple denial of
delphij [Tue, 9 Jun 2015 22:13:25 +0000 (22:13 +0000)]
Update base system file(1) to 5.22 to address multiple denial of
service issues. [EN-15:06]

Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
[EN-15:07]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284193 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix bug with freebsd-update(8) that does not ensure the previous
delphij [Wed, 13 May 2015 22:52:35 +0000 (22:52 +0000)]
Fix bug with freebsd-update(8) that does not ensure the previous
upgrade was completed. [EN-15:04]

Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@282873 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoImprove patch for SA-15:04.igmp to solve a potential buffer overflow.
delphij [Tue, 7 Apr 2015 20:21:01 +0000 (20:21 +0000)]
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.

Fix multiple vulnerabilities of ntp. [SA-15:07]

Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]

Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@281232 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix issues with original SA-15:06.openssl commit:
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:

 - Revert a portion of ASN1 change per suggested by OpenBSD
   and OpenSSL developers.  The change was removed from the
   formal OpenSSL release and does not solve security issue.
 - Properly fix CVE-2015-0209 and CVE-2015-0288.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@280275 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix multiple OpenSSL vulnerabilities.
delphij [Thu, 19 Mar 2015 17:42:38 +0000 (17:42 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@280268 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix multiple OpenSSL vulnerabilities.
delphij [Thu, 19 Mar 2015 17:41:17 +0000 (17:41 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@280267 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix integer overflow in IGMP protocol. [SA-15:04]
delphij [Wed, 25 Feb 2015 05:56:16 +0000 (05:56 +0000)]
Fix integer overflow in IGMP protocol. [SA-15:04]

Fix vt(4) crash with improper ioctl parameters. [EN-15:01]

Updated base system OpenSSL to 1.0.1l. [EN-15:02]

Fix freebsd-update libraries update ordering issue. [EN-15:03]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@279264 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
delphij [Tue, 27 Jan 2015 19:37:02 +0000 (19:37 +0000)]
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
and SCTP stream reset vulnerability.

Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@277808 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix multiple vulnerabilities in OpenSSL. [SA-15:01]
delphij [Wed, 14 Jan 2015 21:27:46 +0000 (21:27 +0000)]
Fix multiple vulnerabilities in OpenSSL.  [SA-15:01]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@277195 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years ago[SA-14:31] Fix multiple vulnerabilities in NTP suite.
des [Tue, 23 Dec 2014 22:56:01 +0000 (22:56 +0000)]
[SA-14:31] Fix multiple vulnerabilities in NTP suite.
[EN-14:13] Fix directory deletion issue in freebsd-update.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@276159 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix unbound remote denial of service vulnerability.
delphij [Wed, 17 Dec 2014 06:59:47 +0000 (06:59 +0000)]
Fix unbound remote denial of service vulnerability.

Security: FreeBSD-SA-14:30.unbound
Security: CVE-2014-8602
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@275854 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoBump BRANCH (forgotten in r275670)
des [Wed, 10 Dec 2014 18:41:25 +0000 (18:41 +0000)]
Bump BRANCH (forgotten in r275670)

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@275684 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix buffer overflow in stdio.
delphij [Wed, 10 Dec 2014 08:35:55 +0000 (08:35 +0000)]
Fix buffer overflow in stdio.

Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611

Fix multiple vulnerabilities in file(1) and libmagic(3).

Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@275670 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoForced commit to sys/conf/newvers.sh to mark the real
gjb [Tue, 11 Nov 2014 19:52:24 +0000 (19:52 +0000)]
Forced commit to sys/conf/newvers.sh to mark the real
10.1-RELEASE point.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274401 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoSet static abitag to the current value of __FreeBSD_version.
gjb [Tue, 11 Nov 2014 19:51:27 +0000 (19:51 +0000)]
Set static abitag to the current value of __FreeBSD_version.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274400 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate releng/10.1 to -RELEASE status, and prepare
gjb [Tue, 11 Nov 2014 05:54:50 +0000 (05:54 +0000)]
Update releng/10.1 to -RELEASE status, and prepare
for final 10.1-RELEASE builds.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274371 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument incompatibility between bsdconfig(8) and
gjb [Tue, 11 Nov 2014 05:46:10 +0000 (05:46 +0000)]
Document incompatibility between bsdconfig(8) and
pkg(8) in 10.1-RELEASE, and provide steps to install
the on-disc packages via alternative method.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274368 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate the Intel ixl/ixlv drivers to fix a panic in the boot/install
jfv [Tue, 11 Nov 2014 05:00:51 +0000 (05:00 +0000)]
Update the Intel ixl/ixlv drivers to fix a panic in the boot/install
kernel if the system has a fiber-based Intel XL710 adapter installed.

In addition ixl version 1.2.8 and ixlv version 1.1.18 give:
  - Improved VF stability (thanks to Ryan Stone for this)
  - RSS fixes
  - link detection in the ixlv driver
  - new sysctl's added
  - corrected media reporting

Submitted by: jfv
Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274367 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 273998:
jhb [Mon, 10 Nov 2014 19:53:39 +0000 (19:53 +0000)]
MFstable10 273998:
Rework the EXAMPLES section to be a bit clearer.
- Add an example of using etcupdate diff.
- Create a subsection on bootstrapping that is below the simple
  examples.  This should make it clearer that 'etcupdate extract' is
  a one-time operation and not part of the common workflow.  It also
  adds more suggestions on when bootstrapping is needed and additional
  steps to make future merges simpler.

Approved by: re (delphij)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274352 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument SA-14:25, SA-14:26
gjb [Thu, 6 Nov 2014 02:28:08 +0000 (02:28 +0000)]
Document SA-14:25, SA-14:26

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274161 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFC r274128:
wblock [Wed, 5 Nov 2014 22:33:20 +0000 (22:33 +0000)]
MFC r274128:

Add the less-ambiguous freebsd-version command.

Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274147 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years ago[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
des [Tue, 4 Nov 2014 23:34:46 +0000 (23:34 +0000)]
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
[SA-14:26] Fix remote command execution in ftp(1).

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274115 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 r274102:
gjb [Tue, 4 Nov 2014 23:03:59 +0000 (23:03 +0000)]
MFstable10 r274102:
  MFC r274095:
  Fix VOLUME_LABEL when BRANCH contains '-' and '.'
  characters.

Approved by: re (hrs)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274104 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate the hardware page to reflect CPU updates/additions
gjb [Mon, 3 Nov 2014 09:02:08 +0000 (09:02 +0000)]
Update the hardware page to reflect CPU updates/additions
added in head@r273941.

Since the original commit requires changes to the doc/
repository after the release tag had already happened,
(re)define entities in share/xml/release.ent that reflect
doc@r45900 to prevent build breakage.

Requested by: gavin
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@274019 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate releng/10.1 to -RC4 as part of the 10.1-RELEASE cycle.
gjb [Thu, 30 Oct 2014 22:21:12 +0000 (22:21 +0000)]
Update releng/10.1 to -RC4 as part of the 10.1-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273874 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273573, MFC r273356:
neel [Wed, 29 Oct 2014 16:49:28 +0000 (16:49 +0000)]
MFS10 r273573, MFC r273356:
Fix a race in pmap_emulate_accessed_dirty() that could trigger a EPT
misconfiguration VM-exit.

MFS10 r273807, MFC r273666:
Don't pass the 'error' return from an I/O port handler directly to vm_run().

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273832 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273814
smh [Wed, 29 Oct 2014 11:11:54 +0000 (11:11 +0000)]
MFS10 r273814
MFC r273704

Fix ATA CF ERASE breakage caused by 268205

PR: 194606
Approved by: re (marius)
Sponsored by: Multiplay

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273818 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273767 / MFC r273638:
mav [Tue, 28 Oct 2014 14:01:58 +0000 (14:01 +0000)]
MFS10 r273767 / MFC r273638:
Revert somewhat hackish geom_disk optimization, committed as part of r256880,
and the following r273143 commit, supposed to workaround introduced issue by
quite innocent-looking change.

While there is no clear understanding why, but r273143 is accused in data
corruption in some environments with high I/O load.  I personally don't see
any problem in that commit, and possibly it is just a trigger to some other
bug somewhere, but better safe then sorry for now.

Requested by:   scottl@
Approved by: re (kib@)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273776 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 r273698:
gjb [Sun, 26 Oct 2014 17:17:08 +0000 (17:17 +0000)]
MFstable10 r273698:
MFC r273653:
  Fix a few issues with creating VOLUME_LABEL for the
  installation ISOs:

   - TYPE, BRANCH, and REVISION are only defined if
     OSRELEASE is not defined, so in situations where
     one might set OSRELEASE for an in-house ISO build,
     VOLUME_LABEL would be empty.

   - makefs(8) limits the volume label to 32 characters,
     which for the powerpc64 case, OSRELEASE expands to
     FreeBSD-11.0-CURRENT-powerpc-powerpc64.  Even with
     removing the prefixing 'FreeBSD-', the string is 30
     characters long, leaving zero room for suffixing the
     type of ISO media (BO for bootonly, CD for cdrom, and
     DVD for dvdrom).

  Resolve these by defining VOLUME_LABEL when defining
  OSRELEASE if unset.  If OSRELEASE is defined by the
  builder, use the OSRELEASE from that definition as the
  VOLUME_LABEL.

  In addition, for cases where both TARGET and TARGET_ARCH
  are used for the VOLUME_LABEL, use TARGET_ARCH if it
  differs from TARGET.

  There are probably a few sharp edges here yet, but these
  problems are going to affect the powerpc/powerpc64 builds
  for 10.1-RELEASE, so the immediate concern is fixing the
  underlying problem at hand quickly, and less so about the
  elegance of the fix.

Approved by: re (kib)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273699 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoNote to avoid using GENERIC kernel on i386 when using
gjb [Sat, 25 Oct 2014 01:17:29 +0000 (01:17 +0000)]
Note to avoid using GENERIC kernel on i386 when using
multi-disk ZFS pools, referencing an old UPDATING entry
that predates 10.0-RELEASE.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273620 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r273399, OpenSSL updated to version 1.0.1j.
gjb [Fri, 24 Oct 2014 21:40:44 +0000 (21:40 +0000)]
Document r273399, OpenSSL updated to version 1.0.1j.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273608 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS r273580: MFC r273577:
delphij [Fri, 24 Oct 2014 07:50:34 +0000 (07:50 +0000)]
MFS r273580: MFC r273577:

Return BUS_PROBE_DEFAULT instead of BUS_PROBE_VENDOR or 0 for in-tree
driver.  This change was verified by Microsoft.

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273581 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoUpdate releng/10.1 to -RC3 as part of the 10.1-RELEASE cycle.
gjb [Tue, 21 Oct 2014 23:09:09 +0000 (23:09 +0000)]
Update releng/10.1 to -RC3 as part of the 10.1-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273437 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 r273429:
gjb [Tue, 21 Oct 2014 23:07:30 +0000 (23:07 +0000)]
MFstable10 r273429:
  MFC r273402:
  Fix an issue where a FreeBSD virtual machine provisioned in
  the Microsoft Azure service does not recognize the second
  attached disk on the system.

PR: 194376
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273435 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument the following security advisories:
gjb [Tue, 21 Oct 2014 21:44:24 +0000 (21:44 +0000)]
Document the following security advisories:
 FreeBSD-SA-14:20.rtsold
 FreeBSD-SA-14:21.routed
 FreeBSD-SA-14:22.namei
 FreeBSD-SA-14:23.openssl

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273433 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
delphij [Tue, 21 Oct 2014 20:20:36 +0000 (20:20 +0000)]
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]

Fix routed(8) remote denial of service vulnerability. [SA-14:21]

Fix memory leak in sandboxed namei lookup. [SA-14:22]

Approved by: re (so@ blanket)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273414 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS r273149 (jkim): MFC: r273144, r273146
delphij [Tue, 21 Oct 2014 19:00:32 +0000 (19:00 +0000)]
MFS r273149 (jkim): MFC: r273144, r273146

Merge OpenSSL 1.0.1j.

This is part of an upcoming FreeBSD security advisory.

Approved by: re (so@ blanket)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273399 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoAdd basic UEFI boot procedure manpage
emaste [Tue, 21 Oct 2014 16:20:23 +0000 (16:20 +0000)]
Add basic UEFI boot procedure manpage

MFS10 of r273385 (r273218,r273235 in HEAD)

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273386 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 r273354:
gjb [Tue, 21 Oct 2014 02:41:40 +0000 (02:41 +0000)]
MFstable10 r273354:
  MFC r273204:
  Add more descriptive metadata to the ISO images.

MFstable10 r273355:
  Fix label for the UEFI bootonly cd.

PR: 165876
Approved by: re (hrs)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273364 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273272 (r273143 in head):
mav [Mon, 20 Oct 2014 07:15:04 +0000 (07:15 +0000)]
MFS10 r273272 (r273143 in head):
Remove setting BIO_DONE flag for BIOs that have done() method.

This fixes use-after-free, caused by geom_disk, completing same BIO twice
to save extra allocation, and getting BIO_DONE set after the first.

Approved by: re (hrs)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFC10 r273275 (r273168 in head):
tuexen [Mon, 20 Oct 2014 05:17:16 +0000 (05:17 +0000)]
MFC10 r273275 (r273168 in head):
Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a
sent incoming stream reset request was responded with failed
or denied.
Thanks to Peter Bostroem from Google for reporting the issue.

Approved by: re (hrs)
Sponsored 2y:

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273303 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273296 (r273219 in HEAD):
emaste [Mon, 20 Oct 2014 03:17:48 +0000 (03:17 +0000)]
MFS10 r273296 (r273219 in HEAD):

  Do nothing in vt_upgrade if there is no vt driver

  Previously, if no drivers attached at boot we would panic with
  "vtbuf_fill_locked begin.tp_row 0 must be < screen height 0".

PR: 192248
Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273300 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273294 (r273178 in HEAD):
emaste [Mon, 20 Oct 2014 01:45:40 +0000 (01:45 +0000)]
MFS10 r273294 (r273178 in HEAD):

  Update vt(4) for UEFI defaults and special keys

  vt(4) is the default console for UEFI boot [1], and the bitmapped
  kern.vt.spclkeys sysctl has been replaced with individual kern.vt.kbd_*
  enable sysctls.

PR: 193710
Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273297 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 273238;
jhb [Fri, 17 Oct 2014 20:39:39 +0000 (20:39 +0000)]
MFS10 273238;
Properly set the timeout in a query_state.  The global query_timeout
configuration value is an integer count of seconds, it is not a timeval.
Using memcpy() to copy a timeval from it put garbage into the tv_usec
field.

PR: 194025
Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273240 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273232 (HEAD r257302 by rea):
emaste [Fri, 17 Oct 2014 16:32:27 +0000 (16:32 +0000)]
MFS10 r273232 (HEAD r257302 by rea):

  binutils/bfd: fix printf-like format strings for "bfd *" arguments

  There is a special format argument '%B' that directly handles values
  of type 'bfd *', they must be used instead of '%s'.  Manifestations
  of this bug can be seen in ld(1) error messages, for example,
    http://lists.freebsd.org/pipermail/freebsd-current/2013-August/043580.html
    http://lists.freebsd.org/pipermail/freebsd-current/2013-October/045404.html

Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273233 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoFill in the security advisories section.
gjb [Fri, 17 Oct 2014 16:02:34 +0000 (16:02 +0000)]
Fill in the security advisories section.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273231 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument the current version of pkg(8) for the release.
gjb [Fri, 17 Oct 2014 15:37:48 +0000 (15:37 +0000)]
Document the current version of pkg(8) for the release.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273230 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoRemove empty sections.
gjb [Fri, 17 Oct 2014 15:34:27 +0000 (15:34 +0000)]
Remove empty sections.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273229 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoRewrap a paragraph to conform to FDP style.
gjb [Fri, 17 Oct 2014 15:31:04 +0000 (15:31 +0000)]
Rewrap a paragraph to conform to FDP style.
Fix a wording nit while here.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273228 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r273199, support for building VM images for the Microsoft
gjb [Fri, 17 Oct 2014 15:31:02 +0000 (15:31 +0000)]
Document r273199, support for building VM images for the Microsoft
Azure platform.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273227 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r273101, support for building VM images as part of the
gjb [Fri, 17 Oct 2014 15:31:00 +0000 (15:31 +0000)]
Document r273101, support for building VM images as part of the
release process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273226 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r273098, options for displaying mkimg(1) internals
gjb [Fri, 17 Oct 2014 15:30:58 +0000 (15:30 +0000)]
Document r273098, options for displaying mkimg(1) internals

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273225 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r272819, mkimg(1) QCOW and QCOW2 support.
gjb [Fri, 17 Oct 2014 15:30:55 +0000 (15:30 +0000)]
Document r272819, mkimg(1) QCOW and QCOW2 support.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273224 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoAdd a section for periodic(8) scripts.
gjb [Fri, 17 Oct 2014 15:30:53 +0000 (15:30 +0000)]
Add a section for periodic(8) scripts.
Document r272430, 110.clean-tmps: avoid crossing filesystem
mount boundaries when cleaning /tmp.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273223 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoDocument r272078, addition of /usr/lib32/compat to the default
gjb [Fri, 17 Oct 2014 15:30:51 +0000 (15:30 +0000)]
Document r272078, addition of /usr/lib32/compat to the default
ld-elf32.so.1 search path.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273222 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273057
smh [Fri, 17 Oct 2014 13:46:16 +0000 (13:46 +0000)]
MFS10 r273057
MFC r272324
Fix a missed merge introduced in r272883

Approved by: re@ (gjb)
Sponsored by: Multiplay

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273217 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS10 r273161
smh [Fri, 17 Oct 2014 13:35:56 +0000 (13:35 +0000)]
MFS10 r273161
MFC r273158
Prevent ZFS leaking pool free space

Approved by: re@ (gjb)
Sponsored by: Multiplay

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273215 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFstable10 r273198:
gjb [Thu, 16 Oct 2014 23:25:38 +0000 (23:25 +0000)]
MFstable10 r273198:
MFC r273093, r273096:

r273093:
  Merge the following from ^/projects/release-vmimage:
  r272436, r272437, r272792:

  r272436:
    Remove the first argument to panic(), which was initially
    intended to be the exit code, however when a non-zero exit
    code was returned to release/Makefile, this would prevent
    any remaining (and possibly successful) stages from being
    attempted.

  r272437:

    If the vm-base target fails, prevent the vm-image target
    from being run since it cannot possibly succeed.

  r272792:

    Add /usr/local/bin and /usr/local/sbin to PATH, needed
    if third-party software needs to use utilities outside
    of the base system during post-install stages (indexinfo
    is one culprit).

r273096:
  Merge the following from ^/projects/release-vmimage:
  r273076, r273077, r273079, r273095:

  r273076:
    Add a separate make(1) target to release/Makefile to
    build FreeBSD virtual machine disk images for use on
    the Microsoft Azure service.

    For now, this target is not directly connected to the
    build, however can be manually invoked.

    The 'vm-azure' target invokes {amd64,i386}/mk-azure.sh,
    which does the heavy lifting to produce proper VHDs.
    mk-azure.sh uses a configuration file, defaulting to
    tools/azure.conf if otherwise unset.

  r273077:
    Clear VM_RC_LIST.

  r273079:
    Fix signal list to trigger umount(8).

  r273095:
    Output an informational message when mkimg(1) runs, so it
    does not appear that the process has stopped while waiting
    for a 'y/n' response when waagent is deprovisioned.

Relnotes: yes
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273199 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMerge r273184, r273185 from stable/10:
glebius [Thu, 16 Oct 2014 23:03:04 +0000 (23:03 +0000)]
Merge r273184, r273185 from stable/10:
  - Use rn_detachhead() instead of direct free(9) for radix tables.
  - Free radix mask entries on main radix destroy.

PR: 194078
Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273196 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

4 years agoMFS r273191: MFC r273060:
delphij [Thu, 16 Oct 2014 22:20:38 +0000 (22:20 +0000)]
MFS r273191: MFC r273060:

Use write_psize instead of write_asize when doing vdev_space_update.
Without this change the accounting of L2ARC usage would be wrong and
give 16EB free space because the number became negative and overflows.

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273192 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f