FreeBSD/releng/8.1.git
6 years agoFix named(8) DNSSEC validation Denial of Service. master
simon [Mon, 6 Aug 2012 21:33:11 +0000 (21:33 +0000)]
Fix named(8) DNSSEC validation Denial of Service.

Security: FreeBSD-SA-12:05.bind
Security: CVE-2012-3817
Obtained from: ISC
Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@239108 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoAdd UPDATING and newvers.sh information for the FreeBSD-SA-12:04.sysret
simon [Mon, 18 Jun 2012 21:00:54 +0000 (21:00 +0000)]
Add UPDATING and newvers.sh information for the FreeBSD-SA-12:04.sysret
correction.

Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@237242 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoCorrect the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it
simon [Mon, 18 Jun 2012 20:48:21 +0000 (20:48 +0000)]
Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it
was accidently applied to the wrong location.

Reported by: Steven Chamberlain <steven@pyro.eu.org>
Reviewed by: jhb, kib
Security: FreeBSD-SA-12:04.sysret
Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@237241 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix a problem where zero-length RDATA fields can cause named(8) to crash.
bz [Tue, 12 Jun 2012 12:10:10 +0000 (12:10 +0000)]
Fix a problem where zero-length RDATA fields can cause named(8) to crash.
[12:03]

Correct a privilege escalation when returning from kernel if
running FreeBSD/amd64 on non-AMD processors. [12:04]

Fix reference count errors in IPv6 code. [EN-12:02]

Security: CVE-2012-1667
Security: FreeBSD-SA-12:03.bind
Security: CVE-2012-0217
Security: FreeBSD-SA-12:04.sysret
Security: FreeBSD-EN-12:02.ipv6refcount
Approved by: so (simon, bz)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@236953 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoUpdate the previous openssl fix. [12:01]
bz [Wed, 30 May 2012 12:01:28 +0000 (12:01 +0000)]
Update the previous openssl fix. [12:01]

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@236304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple OpenSSL vulnerabilities.
bz [Thu, 3 May 2012 15:25:11 +0000 (15:25 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@234954 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoExtend the character set accepted by freebsd-update(8) in file
cperciva [Wed, 4 Jan 2012 23:47:20 +0000 (23:47 +0000)]
Extend the character set accepted by freebsd-update(8) in file
names in order to allow upgrades to FreeBSD 9.0-RELEASE.

Approved by: so (cperciva)
Errata Notice: FreeBSD-EN-12:01.freebsd-update

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@229539 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
cperciva [Fri, 23 Dec 2011 15:00:37 +0000 (15:00 +0000)]
Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]

Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix a bug in UNIX socket handling in the linux emulator which was
cperciva [Tue, 4 Oct 2011 19:07:38 +0000 (19:07 +0000)]
Fix a bug in UNIX socket handling in the linux emulator which was
exposed by the security fix in FreeBSD-SA-11:05.unix.

Approved by: so (cperciva)
Approved by: re (kib)
Security: Related to FreeBSD-SA-11:05.unix, but not actually
a security fix.

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@226023 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix handling of corrupt compress(1)ed data. [11:04]
bz [Wed, 28 Sep 2011 08:47:17 +0000 (08:47 +0000)]
Fix handling of corrupt compress(1)ed data. [11:04]

Add missing length checks on unix socket addresses. [11:05]

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-11:04.compress
Security: CVE-2011-2895 [11:04]
Security: FreeBSD-SA-11:05.unix

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@225827 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix an off by one which can result in a assertion failure in BIND
simon [Sat, 28 May 2011 08:44:39 +0000 (08:44 +0000)]
Fix an off by one which can result in a assertion failure in BIND
related to large RRSIG RRsets and Negative Caching. This can cause
named to crash.

Security: FreeBSD-SA-11:02.bind
Security: CVE-2011-1910
Security: https://www.isc.org/software/bind/advisories/cve-2011-1910
Obtained from: ISC
Approved by: so (simon)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@222416 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoFix CIDR parsing bug in mountd ACLs.
cperciva [Wed, 20 Apr 2011 21:00:24 +0000 (21:00 +0000)]
Fix CIDR parsing bug in mountd ACLs.

Approved by: so (cperciva)
Security: FreeBSD-SA-11:01.mountd

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@220901 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoFix a race condition exists in the OpenSSL TLS server extension code and
simon [Mon, 29 Nov 2010 20:43:06 +0000 (20:43 +0000)]
Fix a race condition exists in the OpenSSL TLS server extension code and
a double free in the SSL client ECDH handling code.

Approved by: so (simon)
Security: CVE-2010-2939, CVE-2010-3864
Security: FreeBSD-SA-10:10.openssl

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@216063 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoFix an integer overflow in RLE length parsing when decompressing
cperciva [Mon, 20 Sep 2010 14:58:08 +0000 (14:58 +0000)]
Fix an integer overflow in RLE length parsing when decompressing
corrupt bzip2 data.

Approved by: so (cperciva)
Security: FreeBSD-SA-10:08.bzip2

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@212901 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoReady for 8.1-RELEASE builds.
kensmith [Sat, 17 Jul 2010 04:36:40 +0000 (04:36 +0000)]
Ready for 8.1-RELEASE builds.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@210187 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoPredict the date we'll be ready to announce 8.1-RELEASE. While here
kensmith [Sat, 17 Jul 2010 04:35:51 +0000 (04:35 +0000)]
Predict the date we'll be ready to announce 8.1-RELEASE.  While here
add the entry for 8.0-RELEASE which was added to releng/8.0/UPDATING
during the 8.0-RELEASE cycle but not to stable/8/UPDATING at that time.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@210186 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoClean-up old contents and bump version numbers for 8.1R.
hrs [Sat, 17 Jul 2010 00:12:41 +0000 (00:12 +0000)]
Clean-up old contents and bump version numbers for 8.1R.

Approved by: re (implicitly)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@210180 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoCorrectly copy the M_RDONLY flag when duplicating a reference
cperciva [Tue, 13 Jul 2010 02:45:17 +0000 (02:45 +0000)]
Correctly copy the M_RDONLY flag when duplicating a reference
to an mbuf external buffer.

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:07.mbuf

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209964 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC: r209695
marius [Wed, 7 Jul 2010 21:00:17 +0000 (21:00 +0000)]
MFC: r209695

- Pin the IPI cache and TLB demap functions in order to prevent migration
  between determining the other CPUs and calling cpu_ipi_selected(), which
  apart from generally doing the wrong thing can lead to a panic when a
  CPU is told to IPI itself (which sun4u doesn't support).
  Reported and tested by: Nathaniel W Filardo
- Add __unused where appropriate.

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209781 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r207303 (originally by kmacy):
bz [Wed, 7 Jul 2010 17:52:13 +0000 (17:52 +0000)]
MFC r207303 (originally by kmacy):

  need to initialize the lock before it is used

  Reported on:  stable@ (MFC missing)

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209773 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMerge r209770 from stable/8:
kensmith [Wed, 7 Jul 2010 17:20:16 +0000 (17:20 +0000)]
Merge r209770 from stable/8:

> Package set for 8.1-RELEASE.  We still have a 2Gb maximum file size
> limit caused by cvsup still being used for some of our mirror system.
> That is being worked on.

Reviewed by: re@, portmgr@
Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209771 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209624
tuexen [Mon, 5 Jul 2010 18:45:59 +0000 (18:45 +0000)]
MFC r209624
 * Do not dereference a NULL pointer when calling an SCTP send syscall
   not providing a destination address and using ktrace.
 * Do not copy out kernel memory when providing sinfo for sctp_recvmsg().
 Both bugs where reported by Valentin Nechayev.
 The first bug results in a kernel panic.
Approved by: re@

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209711 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209541, r209548:
rpaulo [Mon, 28 Jun 2010 14:15:54 +0000 (14:15 +0000)]
MFC r209541, r209548:
  Fix the AR_SREV_MERLIN_20_OR_LATER() check.

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209575 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoReady to proceed with 8.1-RC2.
kensmith [Sat, 26 Jun 2010 14:55:53 +0000 (14:55 +0000)]
Ready to proceed with 8.1-RC2.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209538 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r208553
qingli [Fri, 25 Jun 2010 21:26:34 +0000 (21:26 +0000)]
MFC r208553

This patch fixes the problem where proxy ARP entries cannot be added
over the if_ng interface.

Approved by: re (bz)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209524 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209263:
pjd [Wed, 23 Jun 2010 23:07:57 +0000 (23:07 +0000)]
MFC r209263:

r209175:

Eliminate dead code.

Found by: Coverity Prevent
CID: 5158

r209177:

Remove macros that are not really needed. The idea was to have them in case
we grow more descriptors, but I'll reconsider readding them once we get there.

Passing (a = b) expression to FD_ISSET() is bad idea, as FD_ISSET() evaluates
its argument twice.

Found by: Coverity Prevent
CID: 5243

r209179:

Plug memory leaks.

Found by: Coverity Prevent
CID: 7052, 7053, 7054, 7055

r209180:

Plug memory leak.

Found by: Coverity Prevent
CID: 7051

r209181:

Plug memory leak.

Found by: Coverity Prevent
CID: 7056

r209182:

Plug memory leak.

Found by: Coverity Prevent
CID: 7057

r209183:

Initialize gctl_seq for synchronization requests.

Reported by: hiroshi@soupacific.com
Analysed by: Mikolaj Golub <to.my.trociny@gmail.com>
Tested by: hiroshi@soupacific.com, Mikolaj Golub <to.my.trociny@gmail.com>

r209184:

Fix typos.

r209185:

Correct various log messages.

Submitted by: Mikolaj Golub <to.my.trociny@gmail.com>

Note that without some of these changes hastd won't work on 8.x properly.

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209488 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209262:
pjd [Wed, 23 Jun 2010 23:03:25 +0000 (23:03 +0000)]
MFC r209262:

r209186:

BIO_DELETE contains range we want to delete and doesn't provide any
useful data, so there is no need to copy it to userland.

r209187:

'unit' can be negative, so use signed type for it.

Found by: Coverity Prevent
CID: 3731

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209487 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC 209213:
jhb [Wed, 23 Jun 2010 17:51:11 +0000 (17:51 +0000)]
MFC 209213:
When updating individual CPU's lowest Cx state to use, never set it to a
state lower than the lowest one supported by the current CPU.  This closes
some races with changes to the hw.acpi.cpu_cx_lowest sysctl while Cx
states for individual CPUs were changing (e.g. unplugging the AC adapter
of a laptop) that could result in panics.

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209473 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209369:
nwhitehorn [Wed, 23 Jun 2010 13:47:27 +0000 (13:47 +0000)]
MFC r209369:
Temporarily disable instruction relocation while setting up the kernel's
IBAT entry in early boot in order to prevent possible faults from races
between the instruction cache and the MMU.

PR: powerpc/148003
Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209465 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209341:
mav [Wed, 23 Jun 2010 10:06:31 +0000 (10:06 +0000)]
MFC r209341:
Report transport type in XPT_PATH_INQ.

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209458 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209340:
mav [Wed, 23 Jun 2010 10:04:48 +0000 (10:04 +0000)]
MFC r209340:
Report transport type in XPT_PATH_INQ.

PR: i386/147929
Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209457 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC 209286:
dougb [Wed, 23 Jun 2010 03:56:53 +0000 (03:56 +0000)]
MFC 209286:

Add the AAAA address for i.root-servers.net

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209453 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agomerge r196650 from head (via stable/8): tty might be NULL
des [Tue, 22 Jun 2010 19:56:07 +0000 (19:56 +0000)]
merge r196650 from head (via stable/8): tty might be NULL

Approved by: re (kib@)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209441 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC 209264
tuexen [Tue, 22 Jun 2010 17:45:21 +0000 (17:45 +0000)]
MFC 209264
 * Fix a bug where the length of the ASCONF-ACK was calculated wrong due
   to using an uninitialized variable.
 * Fix a bug where a NULL pointer was dereferenced when interfaces
   come and go at a high rate.
 * Fix a bug where inps where not deregistered from iterators.
 * Fix a race condition in freeing an association.
 * Fix a refcount problem related to the iterator.
 Each of the above bug results in a panic. It shows up when
 interfaces come and go at a high rate.

Approved by: re

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209433 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC revs 209026 and 209085:
marcel [Sat, 19 Jun 2010 05:35:47 +0000 (05:35 +0000)]
MFC revs 209026 and 209085:
o   Bump MAX_BPAGES from 256 to 1024.
o   Synchronize the kernel entry on all CPUs with the use of the ptc.g
    instruction on a single CPU by implementing a bare-bones readers-
    writer lock.

Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209327 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209265:
pjd [Fri, 18 Jun 2010 22:06:49 +0000 (22:06 +0000)]
MFC r209265:

r209260:

Backout r207970 for now, it can lead to deadlocks.

Reported by: kan

r209261:

Turn off UMA allocations on all archs by default. It isn't stable even
on amd64.

Reported by: many

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209319 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r209273:
randi [Fri, 18 Jun 2010 21:10:56 +0000 (21:10 +0000)]
MFC r209273:
  Fix uninitialized variables that cause a crash when the network is
  initialized and sysinstall is not running as init.

Submitted by: Nick Mills
Approved by: cperciva (mentor)
Approved by: re (kensmith)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209315 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC: r209138
marius [Thu, 17 Jun 2010 20:53:56 +0000 (20:53 +0000)]
MFC: r209138

Update a branch missed in r207537 (committed to stable/8 in r207890).

Approved by: re (kib)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209272 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoReady for 8.1-RC1.
kensmith [Mon, 14 Jun 2010 02:31:53 +0000 (02:31 +0000)]
Ready for 8.1-RC1.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209151 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoAdjust __FreeBSD_version to reflect this is the 8.1 release branch.
kensmith [Mon, 14 Jun 2010 02:30:59 +0000 (02:30 +0000)]
Adjust __FreeBSD_version to reflect this is the 8.1 release branch.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209150 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoAdjust cvs branch tag.
kensmith [Mon, 14 Jun 2010 02:29:25 +0000 (02:29 +0000)]
Adjust cvs branch tag.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209149 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoAdjust the cvs branch for 'make update'.
kensmith [Mon, 14 Jun 2010 02:26:33 +0000 (02:26 +0000)]
Adjust the cvs branch for 'make update'.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209148 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoCopy stable/8 to releng/8.1 in preparation for 8.1-RC1.
kensmith [Mon, 14 Jun 2010 02:09:06 +0000 (02:09 +0000)]
Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/8.1@209145 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f