FreeBSD/releng/9.3.git
5 years agoFix multiple vulnerabilities of ntp. master
delphij [Thu, 22 Dec 2016 16:19:05 +0000 (16:19 +0000)]
Fix multiple vulnerabilities of ntp.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@310419 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoMerge r309688: address regressions in SA-16:37.libc.
glebius [Wed, 7 Dec 2016 23:35:15 +0000 (23:35 +0000)]
Merge r309688: address regressions in SA-16:37.libc.

PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@309697 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoFix possible login(1) argument injection in telnetd(8). [SA-16:36]
glebius [Tue, 6 Dec 2016 18:50:06 +0000 (18:50 +0000)]
Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]

Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@309637 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoUpdate tzdata to 2016i.
glebius [Mon, 5 Dec 2016 23:02:02 +0000 (23:02 +0000)]
Update tzdata to 2016i.

Note: because of what appears to be a missing MFC to stable branches,
these patches were generated by doing:

 % rsync -av stable/9/contrib/tzdata releng/9.3/contrib/tzdata
 % svn add releng/9.3/contrib/tzdata

Errata Notice: EN-16:19
Submitted by: gjb
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@309568 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoMerge r307360 from stable/9:
glebius [Mon, 5 Dec 2016 22:43:24 +0000 (22:43 +0000)]
Merge r307360 from stable/9:

  Incorporate a change from OpenBSD by millert@OpenBSD.org

  Don't warn about valid time zone abbreviations.  POSIX
  through 2000 says that an abbreviation cannot start with ':', and
  cannot contain ',', '-', '+', NUL, or a digit.  POSIX from 2001
  on changes this rule to say that an abbreviation can contain only
  '-', '+', and alphanumeric characters from the portable character
  set in the current locale.  To be portable to both sets of rules,
  an abbreviation must therefore use only ASCII letters."  Adapted
  from tzcode2015f.

Errata Notice: EN-16:19.tzcode
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@309567 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoFix BIND remote Denial of Service vulnerability. [SA-16:34]
delphij [Wed, 2 Nov 2016 07:24:34 +0000 (07:24 +0000)]
Fix BIND remote Denial of Service vulnerability. [SA-16:34]

Fix OpenSSL remote DoS vulnerability. [SA-16:35]

Security: FreeBSD-SA-16:34.bind
Security: FreeBSD-SA-16:35.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@308205 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoRevised SA-16:15. The initial patch didn't cover all possible overflows
glebius [Tue, 25 Oct 2016 17:11:02 +0000 (17:11 +0000)]
Revised SA-16:15.  The initial patch didn't cover all possible overflows
based on passing incorrect parameters to sysarch(2).

Security: SA-16:15
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@307931 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoFix BIND remote Denial of Service vulnerability. [SA-16:28]
delphij [Mon, 10 Oct 2016 07:19:16 +0000 (07:19 +0000)]
Fix BIND remote Denial of Service vulnerability. [SA-16:28]

Fix bspatch heap overflow vulnerability. [SA-16:29]

Fix multiple portsnap vulnerabilities. [SA-16:30]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306942 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoApply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
delphij [Mon, 26 Sep 2016 08:21:29 +0000 (08:21 +0000)]
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:

Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").

This fixes a regression introduced in SA-16:26.openssl.

Submitted by: jkim
PR: 212921
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306336 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoFix multiple OpenSSL vulnerabilitites.
delphij [Fri, 23 Sep 2016 07:48:34 +0000 (07:48 +0000)]
Fix multiple OpenSSL vulnerabilitites.

Approved by: so
Security: FreeBSD-SA-16:26.openssl

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306230 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

5 years agoFix bspatch heap overflow vulnerability. [SA-16:25]
delphij [Mon, 25 Jul 2016 15:04:17 +0000 (15:04 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:25]

Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@303304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix multiple ntp vulnerabilities.
delphij [Sat, 4 Jun 2016 05:46:52 +0000 (05:46 +0000)]
Fix multiple ntp vulnerabilities.

Security: FreeBSD-SA-16:24.ntp
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301301 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
glebius [Tue, 31 May 2016 16:55:37 +0000 (16:55 +0000)]
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]

Security: SA-16:20
Security: SA-16:21
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301049 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoMerge r300363 by mm@:
glebius [Tue, 31 May 2016 16:23:56 +0000 (16:23 +0000)]
Merge r300363 by mm@:

  Backport security fix for absolute path traversal vulnerability in bsdcpio.

Security:       CVE-2015-2304
Security:       SA-16:22
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@301044 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years ago- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
glebius [Tue, 17 May 2016 22:28:36 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
  is not negative.

Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@300088 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix multiple OpenSSL vulnerabilitites. [SA-16:17]
delphij [Wed, 4 May 2016 15:27:09 +0000 (15:27 +0000)]
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]

Fix memory leak in ZFS. [EN-16:08]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@299068 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix ntp multiple vulnerabilities.
delphij [Fri, 29 Apr 2016 08:02:31 +0000 (08:02 +0000)]
Fix ntp multiple vulnerabilities.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@298770 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoo Fix OpenSSH xauth(1) command injection. [SA-16:14]
glebius [Wed, 16 Mar 2016 22:30:03 +0000 (22:30 +0000)]
o Fix OpenSSH xauth(1) command injection. [SA-16:14]
o Fix incorrect argument validation in sysarch(2). [SA-16:15]

Security:       FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115
Security:       FreeBSD-SA-16:15.sysarch, CVE-2016-1885
Approved by:    so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296953 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix multiple vulnerabilities of BIND. [SA-16:13]
delphij [Thu, 10 Mar 2016 10:03:28 +0000 (10:03 +0000)]
Fix multiple vulnerabilities of BIND. [SA-16:13]

Fix a regression with OpenSSL patch. [SA-16:12]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296611 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix multiple OpenSSL vulnerabilities.
delphij [Mon, 7 Mar 2016 16:22:11 +0000 (16:22 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-16:12.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@296465 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
delphij [Sat, 30 Jan 2016 06:12:03 +0000 (06:12 +0000)]
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.

Security: CVE-2015-3197
Security: FreeBSD-SA-16:11.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@295061 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix BIND remote denial of service vulnerability. [SA-16:08]
delphij [Wed, 27 Jan 2016 07:42:11 +0000 (07:42 +0000)]
Fix BIND remote denial of service vulnerability. [SA-16:08]

Fix multiple vulnerabilities of ntp. [SA-16:09]

Fix Linux compatibility layer issetugid(2) system call
vulnerability. [SA-16:10]

Security: FreeBSD-SA-16:08.bind
Security: FreeBSD-SA-16:09.ntp
Security: FreeBSD-SA-16:10.linux
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@294905 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix OpenSSH client information leak.
glebius [Thu, 14 Jan 2016 22:53:07 +0000 (22:53 +0000)]
Fix OpenSSH client information leak.

Security: SA-16:07.openssh
Security: CVE-2016-0777
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@294054 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoo Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
glebius [Thu, 14 Jan 2016 09:11:26 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]

Errata: FreeBSD-EN-16:02.pf
Errata: FreeBSD-EN-16:03.yplib
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@293896 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix BIND remote denial of service vulnerability. [SA-15:27]
delphij [Wed, 16 Dec 2015 06:21:26 +0000 (06:21 +0000)]
Fix BIND remote denial of service vulnerability. [SA-15:27]

Security: FreeBSD-SA-15:27.bind
Security: CVE-2015-8000
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@292321 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix OpenSSL multiple vulnerabilities.
delphij [Sat, 5 Dec 2015 09:53:58 +0000 (09:53 +0000)]
Fix OpenSSL multiple vulnerabilities.

Security: FreeBSD-SA-15:26.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@291854 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoo Fix regressions related to SA-15:25 upgrade of NTP. [1]
glebius [Wed, 4 Nov 2015 11:27:30 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
  memory address. [3]

PR: 204046 [1]
PR: 204203 [1]
Errata Notice: FreeBSD-EN-15:19.kqueue [2]
Errata Notice: FreeBSD-EN-15:20.vm [3]
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@290363 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoUpgrade NTP to 4.2.8p4.
glebius [Mon, 26 Oct 2015 11:42:25 +0000 (11:42 +0000)]
Upgrade NTP to 4.2.8p4.

Security: FreeBSD-SA-15:25.ntp
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@290001 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix a regression with SA-15:24 patch that prevented NIS from
delphij [Fri, 2 Oct 2015 16:37:06 +0000 (16:37 +0000)]
Fix a regression with SA-15:24 patch that prevented NIS from
working.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@288512 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoThe Sun RPC framework uses a netbuf structure to represent the
delphij [Tue, 29 Sep 2015 18:07:18 +0000 (18:07 +0000)]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address.  The
structure is expected to be opaque to consumers.  In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.

In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer.  When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.

Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.

Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@288385 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoImplement pubkey support for pkg(7) bootstrap. [EN-15:18]
delphij [Wed, 16 Sep 2015 21:00:21 +0000 (21:00 +0000)]
Implement pubkey support for pkg(7) bootstrap. [EN-15:18]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287873 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix remote denial of service vulnerability when parsing malformed
delphij [Wed, 2 Sep 2015 20:07:03 +0000 (20:07 +0000)]
Fix remote denial of service vulnerability when parsing malformed
key.

Security: CVE-2015-5722
Security: FreeBSD-SA-15:23.bind
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287410 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix local privilege escalation in IRET handler. [SA-15:21]
delphij [Tue, 25 Aug 2015 20:49:05 +0000 (20:49 +0000)]
Fix local privilege escalation in IRET handler. [SA-15:21]

Fix OpenSSH multiple vulnerabilities. [SA-15:22]

Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@287147 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix multiple integer overflows in expat.
delphij [Tue, 18 Aug 2015 19:30:35 +0000 (19:30 +0000)]
Fix multiple integer overflows in expat.

Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@286902 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix routed remote denial of service vulnerability. [SA-15:19]
delphij [Wed, 5 Aug 2015 22:05:24 +0000 (22:05 +0000)]
Fix routed remote denial of service vulnerability. [SA-15:19]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@286352 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix resource exhaustion in TCP reassembly. [SA-15:15]
delphij [Tue, 28 Jul 2015 19:59:22 +0000 (19:59 +0000)]
Fix resource exhaustion in TCP reassembly. [SA-15:15]

Fix OpenSSH multiple vulnerabilities. [SA-15:16]

Fix BIND remote denial of service vulnerability. [SA-15:17]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285980 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix resource exhaustion due to sessions stuck in LAST_ACK state.
delphij [Tue, 21 Jul 2015 23:42:56 +0000 (23:42 +0000)]
Fix resource exhaustion due to sessions stuck in LAST_ACK state.

Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285780 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years agoFix BIND resolver remote denial of service when validating.
delphij [Tue, 7 Jul 2015 21:44:01 +0000 (21:44 +0000)]
Fix BIND resolver remote denial of service when validating.

Security: CVE-2015-4620
Security: FreeBSD-SA-15:11.bind
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@285258 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

6 years ago[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.
delphij [Tue, 30 Jun 2015 23:21:48 +0000 (23:21 +0000)]
[EN-15:08] Revised: Improvements to sendmail TLS/DH interoperability.

[EN-15:09] Fix inconsistency between locale and rune locale states.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284986 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoRaise the default for sendmail client connections to 1024-bit DH
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).

This is MFC of r284436 (gshapiro), the original commit message
was:

===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits.  sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits.  sendmail 8.15.2, when
released well use a default of 2048 bits.
===

Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284536 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix OpenSSL multiple vulnerabilities.
delphij [Fri, 12 Jun 2015 07:23:55 +0000 (07:23 +0000)]
Fix OpenSSL multiple vulnerabilities.

Security: FreeBSD-SA-15:10.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284295 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoUpdate base system file(1) to 5.22 to address multiple denial of
delphij [Tue, 9 Jun 2015 22:13:53 +0000 (22:13 +0000)]
Update base system file(1) to 5.22 to address multiple denial of
service issues. [EN-15:06]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@284194 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix bug with freebsd-update(8) that does not ensure the previous
delphij [Wed, 13 May 2015 22:52:51 +0000 (22:52 +0000)]
Fix bug with freebsd-update(8) that does not ensure the previous
upgrade was completed. [EN-15:04]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@282874 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoImprove patch for SA-15:04.igmp to solve a potential buffer overflow.
delphij [Tue, 7 Apr 2015 20:21:23 +0000 (20:21 +0000)]
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.

Fix multiple vulnerabilities of ntp. [SA-15:07]

Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@281233 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix issues with original SA-15:06.openssl commit:
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:

 - Revert a portion of ASN1 change per suggested by OpenBSD
   and OpenSSL developers.  The change was removed from the
   formal OpenSSL release and does not solve security issue.
 - Properly fix CVE-2015-0209 and CVE-2015-0288.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280275 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple OpenSSL vulnerabilities.
delphij [Thu, 19 Mar 2015 17:42:38 +0000 (17:42 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280268 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple OpenSSL vulnerabilities.
delphij [Thu, 19 Mar 2015 17:41:17 +0000 (17:41 +0000)]
Fix multiple OpenSSL vulnerabilities.

Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@280267 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix integer overflow in IGMP protocol. [SA-15:04]
delphij [Wed, 25 Feb 2015 05:56:54 +0000 (05:56 +0000)]
Fix integer overflow in IGMP protocol. [SA-15:04]

Fix BIND remote denial of service vulnerability. [SA-15:05]

Fix vt(4) crash with improper ioctl parameters. [EN-15:01]

Updated base system OpenSSL to 0.9.8zd. [EN-15:02]

Fix freebsd-update libraries update ordering issue. [EN-15:03]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@279265 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
delphij [Tue, 27 Jan 2015 19:37:02 +0000 (19:37 +0000)]
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability
and SCTP stream reset vulnerability.

Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@277808 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple vulnerabilities in OpenSSL. [SA-15:01]
delphij [Wed, 14 Jan 2015 21:27:46 +0000 (21:27 +0000)]
Fix multiple vulnerabilities in OpenSSL.  [SA-15:01]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@277195 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years ago[SA-14:31] Fix multiple vulnerabilities in NTP suite.
des [Tue, 23 Dec 2014 22:54:25 +0000 (22:54 +0000)]
[SA-14:31] Fix multiple vulnerabilities in NTP suite.
[EN-14:13] Fix directory deletion issue in freebsd-update.

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@276157 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple vulnerabilities in file(1) and libmagic(3).
delphij [Wed, 10 Dec 2014 08:36:40 +0000 (08:36 +0000)]
Fix multiple vulnerabilities in file(1) and libmagic(3).

Security: FreeBSD-SA-14:28.file
Security: CVE-2014-3710, CVE-2014-8116, CVE-2014-8117

Fix BIND remote denial of service vulnerability.

Security: FreeBSD-SA-14:29.bind
Security: CVE-2014-8500

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@275672 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years ago[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
des [Tue, 4 Nov 2014 23:33:46 +0000 (23:33 +0000)]
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
[SA-14:26] Fix remote command execution in ftp(1).
[EN-14:12] Fix NFSv4 and ZFS cache consistency issue.

Approved by: so (des)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@274114 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoTime zone data file update. [EN-14:10]
delphij [Tue, 21 Oct 2014 23:50:46 +0000 (23:50 +0000)]
Time zone data file update. [EN-14:10]

Change crypt(3) default hashing algorithm back to DES. [EN-14:11]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@273438 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]
delphij [Tue, 21 Oct 2014 20:21:10 +0000 (20:21 +0000)]
Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]

Fix routed(8) remote denial of service vulnerability. [SA-14:21]

Fix memory leak in sandboxed namei lookup. [SA-14:22]

Fix OpenSSL multiple vulnerabilities. [SA-14:23]

Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@273415 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix Denial of Service in TCP packet processing.
delphij [Tue, 16 Sep 2014 09:50:19 +0000 (09:50 +0000)]
Fix Denial of Service in TCP packet processing.

Security: FreeBSD-SA-14:19.tcp
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@271669 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix multiple OpenSSL vulnerabilities:
delphij [Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)]
Fix multiple OpenSSL vulnerabilities:

The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@271305 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoUpdate releng/9.3 to -RELEASE in preparation of starting
gjb [Thu, 10 Jul 2014 21:53:54 +0000 (21:53 +0000)]
Update releng/9.3 to -RELEASE in preparation of starting
9.3-RELEASE builds.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268512 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoSet static abitag to the current value of __FreeBSD_version.
gjb [Thu, 10 Jul 2014 21:52:31 +0000 (21:52 +0000)]
Set static abitag to the current value of __FreeBSD_version.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268511 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoAnticipate when we will announce 9.3-RELEASE.
gjb [Thu, 10 Jul 2014 21:51:37 +0000 (21:51 +0000)]
Anticipate when we will announce 9.3-RELEASE.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268510 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoDocument FreeBSD-SA-14:17.kmem
gjb [Tue, 8 Jul 2014 22:54:11 +0000 (22:54 +0000)]
Document FreeBSD-SA-14:17.kmem

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268438 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix kernel memory disclosure in control message and SCTP notifications.
delphij [Tue, 8 Jul 2014 21:55:02 +0000 (21:55 +0000)]
Fix kernel memory disclosure in control message and SCTP notifications.

Security: FreeBSD-SA-14:17.kmem
Security: CVE-2014-3952, CVE-2014-3953
Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268433 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoRemove incorrect (for this branch) entry regarding r262124.
gjb [Tue, 8 Jul 2014 19:55:44 +0000 (19:55 +0000)]
Remove incorrect (for this branch) entry regarding r262124.

Submitted by: José María Alcaide (via -stable@)
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268425 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoReorder the KDE4 entry so it does not follow how to continue
gjb [Tue, 8 Jul 2014 19:52:41 +0000 (19:52 +0000)]
Reorder the KDE4 entry so it does not follow how to continue
using old Xorg.

Requested by: wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268424 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoAdd a 'Ports and Packages' section to make note of
gjb [Tue, 8 Jul 2014 19:44:32 +0000 (19:44 +0000)]
Add a 'Ports and Packages' section to make note of
several items of importance regarding Xorg and KMS.

Submitted by: wblock (original)
Reviewed by: kms, wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268423 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoIn errata/article.xml, update the document will be maintained
gjb [Tue, 8 Jul 2014 16:31:59 +0000 (16:31 +0000)]
In errata/article.xml, update the document will be maintained
until the EoL of the stable/9 branch.

In share/xml/release.xsl update the recommended mailing list
from -current to -stable.

In share/examples/Makefile.relnotesng, update the branch name
convention from CVS-style to SVN-style.

In installation/article.xml:
 - Use descriptive text for the synching.html and the
   makeworld.html pages to fix how the URLs are displayed.
 - Remove a reference to 7.x.
 - Change a reference from 8.2-RELEASE to 8.4-RELEASE.

In readme/article.xml:
 - Change the recommended mailing list from -current
   to -stable.
 - Replace send-pr(1) references to Bugzilla equivalents.
 - Note that send-pr(1) is a stub shell script now.
 - Use descriptive text in a link to fix the URL.

In share/xml/release.ent:
 - Update release.type from 'snapshot' to 'release.'
 - Set IGNORE on release.type.snapshot, and INCLUDE on
   release.type.release.
 - Update release.manpath.freebsd to 9.3-RELEASE.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268417 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoDocument r267911, send-pr(1) replaced with a stub instructing
gjb [Tue, 8 Jul 2014 16:21:21 +0000 (16:21 +0000)]
Document r267911, send-pr(1) replaced with a stub instructing
to use the Bugzilla interface.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268416 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoSwitch releng/9.3 to -RC3 as part of the 9.3-RELEASE cycle.
gjb [Fri, 4 Jul 2014 21:04:19 +0000 (21:04 +0000)]
Switch releng/9.3 to -RC3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268267 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFC r268221 and r268222:
hselasky [Thu, 3 Jul 2014 17:42:26 +0000 (17:42 +0000)]
MFC r268221 and r268222:
- Remove some unused variables.
- Add proper rangechecks in "axge_rx_frame()" function and
fix receive loop header parsing.
- Add new USB IDs.

Approved by:  re, gjb @
PR: 191432

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268226 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFS r268218 (MFC r267912, r267915):
ume [Thu, 3 Jul 2014 16:26:37 +0000 (16:26 +0000)]
MFS r268218 (MFC r267912, r267915):
- Exclude loopback address rather than loopback interface.
- style(9)

Spotted by: melifaro
Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268220 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFC r268078 and r268080:
hselasky [Thu, 3 Jul 2014 13:49:43 +0000 (13:49 +0000)]
MFC r268078 and r268080:
Fix for memory use after free() and mtx_destroy().

Approved by: re, glebius @

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268214 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoRevert mergeinfo to the root of releng/9.3/ introduced in
gjb [Thu, 3 Jul 2014 13:21:00 +0000 (13:21 +0000)]
Revert mergeinfo to the root of releng/9.3/ introduced in
r267841.

Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268213 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFS9 r268171 (MFC r267680):
dteske [Wed, 2 Jul 2014 19:53:51 +0000 (19:53 +0000)]
MFS9 r268171 (MFC r267680):
Fix a code typo that prevented mkdir from firing (unnoticed usually
because another part of the code succeeded in making the same
directory).

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268174 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFS r268053 (MFC r267800):
ume [Tue, 1 Jul 2014 18:05:38 +0000 (18:05 +0000)]
MFS r268053 (MFC r267800):
Exclude IPv4 address from doing longest match.
It prevented DNS based load balancing.

Approved by: re (delphij)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268107 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFS r267876 (MFC r267616):
ume [Tue, 1 Jul 2014 17:31:47 +0000 (17:31 +0000)]
MFS r267876 (MFC r267616):

Retooling addrconfig() to exclude addresses on loopback interfaces
when looking for configured addresses.
This change is based upon the code from the submitter, and made
following changes:
- Exclude addresses assigned on interfaces which are down, like NetBSD
  does.
- Exclude addresses assigned on interfaces which are ifdisabled.

PR: 190824
Submitted by: Justin McOmie
Approved by: re (marius)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268106 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoFix typo: s/ata/ichsmb/
gjb [Tue, 1 Jul 2014 14:12:59 +0000 (14:12 +0000)]
Fix typo: s/ata/ichsmb/
Wrap.

Submitted by: mav
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268092 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFC r267821:
rodrigc [Mon, 30 Jun 2014 23:39:13 +0000 (23:39 +0000)]
MFC r267821:

Strict value checking will cause problem.
Bay trail DN2820FYKH is supported on Linux but does not work on FreeBSD.
This behaviour is bug-compatible with Linux-3.13.5.

References:
http://d.hatena.ne.jp/syuu1228/20140326
http://lxr.linux.no/linux+v3.13.5/arch/x86/kernel/acpi/boot.c#L1094

Submitted by: syuu
PR: 187966
Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268068 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMake reference to vt(4) a link now that the manual page is available.
gjb [Mon, 30 Jun 2014 19:36:08 +0000 (19:36 +0000)]
Make reference to vt(4) a link now that the manual page is available.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268060 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoPrefix SA-14:16.file with 'FreeBSD-' for consistency with other SA
gjb [Mon, 30 Jun 2014 19:33:04 +0000 (19:33 +0000)]
Prefix SA-14:16.file with 'FreeBSD-' for consistency with other SA
listings.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268058 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFS r267944 (MFC r258941,267839):
delphij [Mon, 30 Jun 2014 16:16:35 +0000 (16:16 +0000)]
MFS r267944 (MFC r258941,267839):

Apply vendor improvements to oce(4) driver:

 - Add support to 20Gbps, 25Gbps, 40Gbps devices;
 - Add support to control adaptive interrupt coalescing (AIC)
   via sysctl;
 - Improve support of BE3 devices;
 - Big endian support fixes;

Many thanks to Emulex for their continued support of FreeBSD.

Submitted by: Venkata Duvvuru <VenkatKumar.Duvvuru Emulex.Com>
Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268044 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

7 years agoMFC: r267967, r267968
marius [Mon, 30 Jun 2014 12:20:25 +0000 (12:20 +0000)]
MFC: r267967, r267968

- SC_NO_SYSMOUSE isn't currently supported by vt(4), so nuke it from vt.4.
- vt_vga(4) is a driver rather than a function so reference it accordingly.
- Uncomment HISTORY section given that vt(4) will first appear in 9.3.

Reviewed by: emaste (modulo last part)
Approved by: re (gjb)
Sponsored by: Bally Wulff Games & Entertainment GmbH

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@268039 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoUpdate releng/9.3 to -RC2 status as part of the 9.2-RELEASE
gjb [Fri, 27 Jun 2014 00:11:01 +0000 (00:11 +0000)]
Update releng/9.3 to -RC2 status as part of the 9.2-RELEASE
process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267943 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMerge r267757, which was MFC'd to stable/9 as r267882:
np [Thu, 26 Jun 2014 17:58:29 +0000 (17:58 +0000)]
Merge r267757, which was MFC'd to stable/9 as r267882:

cxgbe(4): Update the bundled T4 and T5 firmwares to versions 1.11.27.0.

Approved by: re (glebius)
Obtained from: Chelsio

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267926 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMerge r267738 from stable/9:
gavin [Thu, 26 Jun 2014 11:02:51 +0000 (11:02 +0000)]
Merge r267738 from stable/9:

  Remove send-pr and fix up all references to it.  Replace it with a
  stub send-pr directing people towards the web site.

Approved by: re (gjb), bugmeister

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267911 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFS9 r267683 (dteske):
gjb [Thu, 26 Jun 2014 03:27:12 +0000 (03:27 +0000)]
MFS9 r267683 (dteske):
  - Replace pkg-tools with pkgng
  - Fix cosmetic typos
  - Use `pkg -vv' to obtain ABI
  - Unbreak the installer
  - Remove the env(1) but keep the var
  - Remove an unused variable
  - Improve debugging with f_eval_catch()
  - Fix package installation from physical media such as DVD
  - Fix PKG_ABI detection after pkg-1.2
  - Fix failed attempt to send pkg(8) stderr to /dev/null
  - Export 'REPOS_DIR' when selected source medium is cdrom

Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267892 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFS9 r267879:
gjb [Wed, 25 Jun 2014 19:22:40 +0000 (19:22 +0000)]
MFS9 r267879:
  Fix a bug in bsdgrep(1) where patterns are not correctly
  detected.

  Certain criteria must be met for this bug to show up:

   * the -w flag is specified, and
   * neither -o or --color are specified, and
   * the pattern is part of another word in the line, and
   * the other word that contains the pattern occurs first

PR: 181973
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267881 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC: r267145
marius [Wed, 25 Jun 2014 10:27:17 +0000 (10:27 +0000)]
MFC: r267145

Fix the keyfile being cleared prematurely after r259428 (MFCed to stable/9
in r266750).

PR: 185084
Submitted by: fk@fabiankeil.de
Reviewed by: pjd
Approved by: re (glebius)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267862 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoDocument FreeBSD-SA-14:16.file.
gjb [Wed, 25 Jun 2014 00:33:30 +0000 (00:33 +0000)]
Document FreeBSD-SA-14:16.file.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267848 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC 253392:
jhb [Tue, 24 Jun 2014 20:35:20 +0000 (20:35 +0000)]
MFC 253392:
Workaround some broken BIOSes that specify edge-sensitive but active-low
settings for ACPI-enumerated serial ports by forcing any IRQs that use
an ISA IRQ value with these settings to active-high instead of active-low.

This is known to occur with the BIOS on an Intel D2500CCE motherboard.

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267841 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoFix multiple vulnerabilities in file(1) and libmagic(3).
delphij [Tue, 24 Jun 2014 19:05:19 +0000 (19:05 +0000)]
Fix multiple vulnerabilities in file(1) and libmagic(3).
[SA-14:16]

Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
Security: FreeBSD-SA-14:16.file
Approved by: re (implicit)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267830 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r267781:
tuexen [Mon, 23 Jun 2014 19:47:25 +0000 (19:47 +0000)]
MFC r267781:
Fix a bug in the setsockopt()-handling of the SCTP
specific option SCTP_PEER_ADDR_THLDS: Use the
provided address as intended.

MFC r267781:
Fix a bug which incorrectly allowed two listening SCTP sockets on
the same port bound to the wildcard address.

Approved by: re (gjb@)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267806 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoPackages for KDE4 will not immediately be available for
gjb [Mon, 23 Jun 2014 19:37:11 +0000 (19:37 +0000)]
Packages for KDE4 will not immediately be available for
9.3-RELEASE, so include XFCE4 on the DVD in its place.

This is a direct commit to releng/9.3.

Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267805 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoSwitch the DVD pkg(8) repository to 'release_3' now that
gjb [Mon, 23 Jun 2014 19:36:57 +0000 (19:36 +0000)]
Switch the DVD pkg(8) repository to 'release_3' now that
the 9.3-RELEASE package builds are complete.

This is a direct commit to releng/9.3.

Approved by: re (marius)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267804 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMFC r267780:
tuexen [Mon, 23 Jun 2014 15:04:32 +0000 (15:04 +0000)]
MFC r267780:

Honor jails for unbound SCTP sockets when selecting source addresses,
reporting IP-addresses to the peer during the handshake, adding
addresses to the host, reporting the addresses via the sysctl
interface (used by netstat, for example) and reporting the
addresses to the application via socket options.
This issue was reported by Bernd Walter.

Approved by: re (glebius@)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267799 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoReword the compatibility note regarding earlier versions of
gjb [Sat, 21 Jun 2014 23:35:11 +0000 (23:35 +0000)]
Reword the compatibility note regarding earlier versions of
FreeBSD prior to 9.0.

Submitted by: wblock
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267707 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoSpell '14' correctly.
gjb [Sat, 21 Jun 2014 01:11:59 +0000 (01:11 +0000)]
Spell '14' correctly.

Submitted by: delphij
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267699 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoMerge r267600, which was MFC'd to stable/9 as r267695.
np [Sat, 21 Jun 2014 01:05:46 +0000 (01:05 +0000)]
Merge r267600, which was MFC'd to stable/9 as r267695.

cxgbe(4):  Fix bug in the fast rx buffer recycle path.  In some cases rx
buffers were getting recycled when they should have been left alone.

Approved by: re (gjb)

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267698 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoRemove the '<?ignore ?>' surrounding the 9.3R installation
gjb [Fri, 20 Jun 2014 21:35:39 +0000 (21:35 +0000)]
Remove the '<?ignore ?>' surrounding the 9.3R installation
documentation.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267691 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoUpdate __FreeBSD_version now that releng/9.3 is branched.
gjb [Fri, 20 Jun 2014 00:18:25 +0000 (00:18 +0000)]
Update __FreeBSD_version now that releng/9.3 is branched.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267656 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

8 years agoRemove svn:mergeinfo carried over from stable/9.
gjb [Fri, 20 Jun 2014 00:13:56 +0000 (00:13 +0000)]
Remove svn:mergeinfo carried over from stable/9.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@267655 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f