The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
If a multithreaded client connects to a malicious server using a resumed
session and the server sends an ec point format extension it could write
up to 255 bytes to freed memory. [CVE-2014-3509]
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message
is badly fragmented. [CVE-2014-3511]
A malicious client or server can send invalid SRP parameters and overrun
an internal buffer. [CVE-2014-3512]
A malicious server can crash the client with a NULL pointer dereference by
specifying a SRP ciphersuite even though it was not properly negotiated
with the client. [CVE-2014-5139]
r259582 (reverted):
Set PACKAGESITE to 'release/0' for the pkg-stage target to pull
the release set of packages. (Required to eliminate conflicts.)
r259491:
Prevent release build errors found during snapshot builds where if
NOPORTS=1, pkg-stage.sh cannot build the ports-mgmt/pkg port if
WITH_DVD=1.
r259492:
Add NOPKG to disable pkg-stage.
r260781:
Update the pkg-stage target to be more compatible with pkg-1.2:
- Add a release-dvd.conf pkg(8) configuration file to override
the default FreeBSD.conf configuration.
- Remove architecture-specific pkg-stage.conf files, consolidate,
and move their contents to scripts/pkg-stage.sh.
- Use 'pkg -vv' to determine the ABI, which is used as the
cache directory.
Prior to these changes, it would be possible for pkg-stage to fetch
conflicting binary packages from multiple repositories.
A change local to releng/10.0 sets the package fetch URL to
'release/0'.
Approved by: re (delphij)
Sponsored by: The FreeBSD Foundation
hrs [Tue, 14 Jan 2014 23:58:50 +0000 (23:58 +0000)]
- MFC 260656:
* Purge old translations.
* Add missing footer due to DSSSL->XSLT migration and use XML catalog to
resolve URI.
* Add missing arch= and revision= support.
* Update release.ent and fix release number in Errata.
- Trim copyright year.
- Trim merged= attr. It is useless for release branch.
- Move entities into release.ent.
- Update footer for a release.
- Document rc.d/sendmail certification support[1].
- Update BIND removal entry to mention NLnet Labs[2].
Submitted by: jmg[1]
Suggested by: erwin[2]
Approved by: re (implicitly)
mjg [Tue, 7 Jan 2014 20:36:15 +0000 (20:36 +0000)]
MFC r260232:
Don't check for fd limits in fdgrowtable_exp.
Callers do that already and additional check races with process
decreasing limits and can result in not growing the table at all, which
is currently not handled.
pjd [Tue, 7 Jan 2014 20:12:02 +0000 (20:12 +0000)]
MFstable/10 r260402:
Bring back the old size of the kinfo_file structure to preserve ABI.
Keep only one uint64_t spare for further cap_rights_t expension.
Add a comment clarifying that if the size of this structure changes,
a new sysctl MIB has to be allocate for it and the old structure has
to be returned by the old sysctl MIB.
delphij [Tue, 7 Jan 2014 20:06:20 +0000 (20:06 +0000)]
MFS r260404 (MFC r260403 (MFV r260399)):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
Approved by: re (gjb)
hrs [Mon, 23 Dec 2013 01:24:21 +0000 (01:24 +0000)]
MFS r249447:
Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random()
function for the krb5 mechanism (and the C bindings therein).
The implementation uses a PRF+ function that concatenates the output
of individual krb5 pseudo-random operations produced with a counter
and seed. The original implementation of this function in Heimdal
incorrectly encoded the counter as a little-endian integer, but the
RFC specifies the counter encoding as big-endian. The implementation
initializes the counter to zero, so the first block of output (16 octets,
for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies
that the counter should begin at 1, but both existing implementations
begin with zero and it looks like the standard will be re-issued, with
test vectors, to begin at zero.)
This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6,
from 13 October, 2013:
% Fix krb5's gss_pseudo_random() (n is big-endian)
%
% The first enctype RFC3961 prf output length's bytes are correct because
% the little- and big-endian representations of unsigned zero are the
% same. The second block of output was wrong because the counter was not
% being encoded as big-endian.
%
% This change could break applications. But those applications would not
% have been interoperating with other implementations anyways (in
% particular: MIT's).
dumbbell [Sun, 22 Dec 2013 23:52:11 +0000 (23:52 +0000)]
Merge from stable/10, r259745:
drm: Lower priority of "EDID checksum is invalid" message
The priority goes from "error" to "debug".
Connectors are polled every 10 seconds. Reading EDID is part of this
polling. However, when an invalid EDID is returned, this error message
is logged. When using Newcons for instance, having a kernel message
every 10 seconds is getting annoying.
Now that it's a debug message, it'll be logged only if hw.dri.debug is
enabled. This fix console spamming for some users.
Tested by: Larry Rosenman <ler@lerctr.org>
Approved by: re (gjb)
dumbbell [Sun, 22 Dec 2013 23:41:14 +0000 (23:41 +0000)]
Merge from stable/10, r259742:
drm/ttm, drm/radeon: Replace EINTR/ERESTART by ERESTARTSYS...
... for msleep/cv_*wait() return values, where wait_event*() is used
on Linux. ERESTARTSYS is the return code expected by callers when the
operation was interrupted.
For instance, this is the case of radeon_cs_ioctl() (radeon_cs.c): if
an error occurs, and the code isn't ERESTARTSYS (eg. EINTR), it logs an
error.
Note that ERESTARTSYS is defined as ERESTART, but this keeps callers'
code close to Linux.
Submitted by: avg@ (previous version)
Approved by: re (gjb)
dumbbell [Sun, 22 Dec 2013 23:31:04 +0000 (23:31 +0000)]
Merge from stable/10, r259741:
vga_pci: Improve boot display detection
The previous code was checking the "VGA Enable" bit on the video card's
parent PCI-to-PCI bridge only. This didn't work for the case where the
video card is attached to the root PCI bus (ie. the card has no parent
PCI-to-PCI bridge).
Now, the new code:
1. checks the "VGA Enable" bit on the parent bridge only if it's a
PCI-to-PCI bridge;
2. always checks the "I/O" and "Memory address space decoding" bits
on the video card itself.
However, vendor-specific bits are not used.
This fixes the use of many integrated Radeon cards: without this patch,
we fail to detect them as the boot display and, when radeonkms looks for
the Video BIOS, it skips the shadow copy made by the System BIOS. It
then fails to fully initialize the card, because the shadow copy is the
only way to read the Video BIOS in these situations. A workaround was to
force the boot display selection using the "hw.pci.default_vgapci_unit"
tunable.
A previous version of this patch added a new function doing the checks.
Now, the vga_pci_is_boot_display() function is used to perform the
checks (only until the boot display is found) and return if the given
device is the boot display or not.
Furthermore, vga_pci_attach() logs "Boot video device" if the card being
attached it the Chosen One:
vgapci0: <VGA-compatible display> [...]
vgapci0: Boot video device
imp [Sun, 22 Dec 2013 22:31:39 +0000 (22:31 +0000)]
Direct commit: not relevant to other branches.
Fix mountroot> prompt eating most of the characters by not enabling
RXRDY interrupts in the attach routine. Instead, defer this until the
first interrupt we see after the device is opened. Given the console
use case, we're guaranteed to get a TXRDY interrupt before any reads
are posted due to boot messages, which makes this work.
The real fix is to use cngrab/cnungrab function pointers to disable
RXRDY interrupts while grabbed. However, that touches the MI uart
code, so was disallowed for 10.0 due to the lateness of the hour this
fix was proposed. It works for mountroot, the most common atmel kernel
prompt use cases, but wouldn't work for GELI since it prompts later in
the boot process.
imp [Sun, 22 Dec 2013 22:24:17 +0000 (22:24 +0000)]
Merge from stable/10 r259381:
MFC r259212, r259220:
Fix one race and one fence post error. When the TX buffer was
completely full, we'd not complete any of the mbufs due to the fence
post error (this creates a large leak). When this is fixed, we still
leak, but at a much smaller rate due to a race between ateintr and
atestart_locked as well as an asymmetry where atestart_locked is
called from elsewhere. Ensure that we free in-flight packets that
have completed there as well. Also remove needless check for NULL on
mb, checked earlier in the loop and simplify a redundant if.
imp [Sun, 22 Dec 2013 22:20:17 +0000 (22:20 +0000)]
Merge from stable/10 r259380:
MFC r259038, r259039:
Bump the maximum VM space from 3 * memory size to a fixed
256MB. That's all we have room for since we map the hardware registers
starting at 0xd0000000. This allows my 64MB AT91SAM9G20 to boot again
after the unmmaped I/O changes were MFC'd at r251897. Other
subplatforms may need similar treatment.
Although not strictly required to boot a 64MB board, bump
vm_max_virtual_address to be KERNVIRTADDR + 256MB. This allows some
future shock protection since the KVA requirements have gone up since
the unmapped changes have gone in, as well as preventing us from
overlapping with the hardware devices, which we map at 0xd0000000,
which we'd hit with anything more than 85MB...
dteske [Fri, 20 Dec 2013 15:46:24 +0000 (15:46 +0000)]
MFS10 SVN r259621:
MFC r259276,259468-259470,259472,259474,259476-259478,259480-259481,259570,
259572, and 259597-259598...
r259276: Fix bug in `services' script in adding dumpdev comment to rc.conf
r259468: Ignore spurious escape generated by VMware's Ctrl-Cmd combination
r259469: Mask errors in `config' script from newaliases(1) about non-FQHN
r259470: Set atime=on for /var/mail zfsboot dataset to support mail server
r259472: Accept NULL input for zfsboot SWAP to indicate SWAP of zero bytes
r259474: Multiple changes, including bug-fixes and debugging improvements
r259476: Change default ZFS disk layout, making it easier to resize
r259477: fletcher4 is now the default (zfsboot related)
r259478: De-uglify the geli(8)-setup infobox (zfsboot related)
r259480: Fix ghosted zroot issue by always performing labelclear on swap
r259481: Auto-enable 4k sector alignmet when geli(8) is enabled (zfsboot)
r259570: Fix numerical comparison error (zfsboot)
r259572: Mask spurious rm error in bsdinstall_log from `auto' script
r259597: Fix zfsboot regression when installing to 3+ disks
r259598: Set cachefile property of bootpool so it imports to new system
bdrewery [Thu, 19 Dec 2013 13:44:07 +0000 (13:44 +0000)]
MFS r259613:
Fix multi-repository support by properly respecting 'enabled' flag.
This will read the REPOS_DIR env/config setting (default is /etc/pkg
and /usr/local/etc/pkg/repos) and use the last enabled repository.
This can be changed in the environment using a comma-separated list,
or in /usr/local/etc/pkg.conf with JSON array syntax of:
REPOS_DIR: ["/etc/pkg", "/usr/local/etc/pkg/repos"]
gjb [Wed, 18 Dec 2013 01:27:30 +0000 (01:27 +0000)]
MFC r259426, r259427:
r259426:
Add a pkg(8) repository configuration file for cdrom-based package
installation.
As part of the 'pkg-stage' target, copy the configuration file
to the 'packages/repos/' directory on the DVD filesystem.
r259427:
Export 'REPOS_DIR' when the selected source medium for package
installation is cdrom. This enables bsdconfig(8) to make use
of the on-disc pkg(8) repository configuration, which fixes
package selection and installation from the dvd installer.
Approved by: re (delphij, glebius)
Sponsored by: The FreeBSD Foundation
nwhitehorn [Tue, 17 Dec 2013 14:55:23 +0000 (14:55 +0000)]
MF10 259465:
Add new sysctl, kern.supported_archs, containing the list of FreeBSD
MACHINE_ARCH values whose binaries this kernel can run. This patch provides
a feature requested for implementing pkgng ABI identifiers in a robust
way.
The list is designed to indicate whether, say, an i386 package can be run on
the current system. If kern.supported_abis contains "i386", then the answer
is yes. Otherwise, the answer is no.
At the moment, this only supports MACHINE_ARCH and MACHINE_ARCH32. As we
gain support for more interesting combinations, this needs to become more
flexible, possibily through the sysent framework, along with the
hw.machine_arch emulation immediately preceding this code in kern_mib.c.
gjb [Sun, 15 Dec 2013 03:20:01 +0000 (03:20 +0000)]
MFC r259113, r259115, r259144, r259148:
r259113 (dteske):
Fix failed attempt to send pkg(8) stderr to /dev/null
r259115 (dteske):
Prevent truncating /tmp/bsdinstall_log each time we
exec a module.
r259144 (dteske):
Fix a regression after successfully installing to encrypted
ZFS root, the passphrase is not accepted and a message about
"incorrect key" is displayed.
r259148 (dteske):
Fix a regression resulting in mountroot prompt after attempting
to install to encrypted ZFS root (caused by a typo in a
variable name -- ZFSBOOT_BOOT_FSNAME -> ZFSBOOT_BOOTFS_NAME).
Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation
dumbbell [Sat, 14 Dec 2013 00:40:47 +0000 (00:40 +0000)]
MFC r259236:
drm/radeon: radeon_dp_i2c_aux_ch() must return 0 on FreeBSD
The code was unmodified compared to Linux and returned the amount of
received bytes from the i2c bus. This led to non-working i2c bus and
failure to eg. read monitor's EDID, if connected to DisplayPort.
Tested by: Mikaƫl Urankar <mikael.urankar@gmail.com>
Approved by: re (gjb)
dumbbell [Sat, 14 Dec 2013 00:25:25 +0000 (00:25 +0000)]
MFC r259234:
drm/radeon: agp_info->ai_aperture_size is in bytes, not Mbytes
This fixes radeon_agp_init() and gtt_size is now correct. However, this
is not enough to make Radeon AGP cards work: ttm_agp_backend.c isn't
implemented yet.
trasz [Fri, 13 Dec 2013 21:27:16 +0000 (21:27 +0000)]
MFC r259182:
Fix handling for empty auth-groups. Without it, ctld child process
would either exit on assertion, or, if assertions are not enabled,
fail to authenticate the target.
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
dim [Thu, 12 Dec 2013 22:04:47 +0000 (22:04 +0000)]
Merge r259216 from stable/10 (head r259111):
Use correct casts in gcc's emmintrin.h for the first arguments of the
following builtin functions:
* __builtin_ia32_pslldi128() takes __v4si instead of __v8hi
* __builtin_ia32_psllqi128() takes __v2di instead of __v8hi
* __builtin_ia32_psradi128() takes __v4si instead of __v8hi
This should fix the following errors when building the LINT kernel with
gcc:
sys/crypto/aesni/aesni_wrap.c:191: error: incompatible type for argument 1 of
'__builtin_ia32_psradi128'
sys/crypto/aesni/aesni_wrap.c:195: error: incompatible type for argument 1 of
'__builtin_ia32_pslldi128'
dim [Thu, 12 Dec 2013 22:01:42 +0000 (22:01 +0000)]
Merge r259214 from stable/10 (head r259100):
Pull in r196658 from upstream clang trunk:
CodeGen: Don't emit linkage on thunks that aren't emitted because they're
vararg.
This can happen when we're trying to emit a thunk with available_externally
linkage with optimization enabled but bail because it doesn't make sense for
vararg functions.
[LLVM] PR18098.
This should fix clang "Broken module found, compilation aborted" errors when
building the qt4-based dvbcut port.
gjb [Sat, 7 Dec 2013 12:57:38 +0000 (12:57 +0000)]
When stable/10 was branched from head/, __FreeBSD_version was bumped
to 1000500 from 1000055 when it should not have been bumped yet.
At the risk of having non-standard '5XX' __FreeBSD_version suffix
in a -RELEASE, bump __FreeBSD_version in releng/10.0 from 1000100
to 1000510 to prevent the value from going backwards as part of the
stable/10 -> releng/10.0 branch.
A commit to bump __FreeBSD_version in stable/10 will follow.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation