FreeBSD/releng/8.0.git
11 years agoFix a race condition exists in the OpenSSL TLS server extension code and master
simon [Mon, 29 Nov 2010 20:43:06 +0000 (20:43 +0000)]
Fix a race condition exists in the OpenSSL TLS server extension code and
a double free in the SSL client ECDH handling code.

Approved by: so (simon)
Security: CVE-2010-2939, CVE-2010-3864
Security: FreeBSD-SA-10:10.openssl

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@216063 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

11 years agoFix an integer overflow in RLE length parsing when decompressing
cperciva [Mon, 20 Sep 2010 14:58:08 +0000 (14:58 +0000)]
Fix an integer overflow in RLE length parsing when decompressing
corrupt bzip2 data.

Approved by: so (cperciva)
Security: FreeBSD-SA-10:08.bzip2

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@212901 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

11 years agoCorrectly copy the M_RDONLY flag when duplicating a reference
cperciva [Tue, 13 Jul 2010 02:45:17 +0000 (02:45 +0000)]
Correctly copy the M_RDONLY flag when duplicating a reference
to an mbuf external buffer.

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:07.mbuf

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@209964 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoChange the current working directory to be inside the jail created by
cperciva [Thu, 27 May 2010 03:15:04 +0000 (03:15 +0000)]
Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]

Fix a one-NUL-byte buffer overflow in libopie. [10:05]

Correctly sanity-check a buffer length in nfs mount. [10:06]

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@208586 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoFix BIND named(8) cache poisoning with DNSSEC validation.
simon [Wed, 6 Jan 2010 21:45:30 +0000 (21:45 +0000)]
Fix BIND named(8) cache poisoning with DNSSEC validation.
[SA-10:01]

Fix ntpd mode 7 denial of service. [SA-10:02]

Fix ZFS ZIL playback with insecure permissions. [SA-10:03]

Various FreeBSD 8.0-RELEASE improvements. [EN-10:01]

Security: FreeBSD-SA-10:01.bind
Security: FreeBSD-SA-10:02.ntpd
Security: FreeBSD-SA-10:03.zfs
Errata: FreeBSD-EN-10:01.freebsd
Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@201679 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoBump the patch level in the kernel version number, which was
simon [Thu, 3 Dec 2009 12:59:39 +0000 (12:59 +0000)]
Bump the patch level in the kernel version number, which was
accidentally left out of main commit for SA-09:15, SA-09:15, and
SA-09:17 in r200054.

Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@200057 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoDisable SSL renegotiation in order to protect against a serious
cperciva [Thu, 3 Dec 2009 09:18:40 +0000 (09:18 +0000)]
Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@200054 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoPredict when 8.0-RELEASE will be announced.
kensmith [Fri, 20 Nov 2009 16:00:40 +0000 (16:00 +0000)]
Predict when 8.0-RELEASE will be announced.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@199595 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoPrepare for 8.0-RELEASE builds.
kensmith [Fri, 20 Nov 2009 15:55:23 +0000 (15:55 +0000)]
Prepare for 8.0-RELEASE builds.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@199591 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoMake a few adjustments to say this is 8.0-RELEASE. Add a warning that
kensmith [Fri, 20 Nov 2009 15:53:59 +0000 (15:53 +0000)]
Make a few adjustments to say this is 8.0-RELEASE.  Add a warning that
the actual release notes were not available at the time of the release
builds, they are still being assembled.  Remove the existing entries
which are not accurate for 8.0-RELEASE.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@199590 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoRemove the warning that all users should subscribe to -current, it
kensmith [Fri, 20 Nov 2009 15:51:07 +0000 (15:51 +0000)]
Remove the warning that all users should subscribe to -current, it
only applies to head.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@199588 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

12 years agoAdjust to reflect 8.0-RELEASE.
kensmith [Fri, 20 Nov 2009 15:48:58 +0000 (15:48 +0000)]
Adjust to reflect 8.0-RELEASE.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.0@199586 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f