glebius [Tue, 6 Dec 2016 18:50:06 +0000 (18:50 +0000)]
Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
glebius [Mon, 5 Dec 2016 22:43:24 +0000 (22:43 +0000)]
Merge r307360 from stable/9:
Incorporate a change from OpenBSD by millert@OpenBSD.org
Don't warn about valid time zone abbreviations. POSIX
through 2000 says that an abbreviation cannot start with ':', and
cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001
on changes this rule to say that an abbreviation can contain only
'-', '+', and alphanumeric characters from the portable character
set in the current locale. To be portable to both sets of rules,
an abbreviation must therefore use only ASCII letters." Adapted
from tzcode2015f.
glebius [Tue, 17 May 2016 22:28:36 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
glebius [Thu, 14 Jan 2016 09:11:26 +0000 (09:11 +0000)]
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
glebius [Wed, 4 Nov 2015 11:27:30 +0000 (11:27 +0000)]
o Fix regressions related to SA-15:25 upgrade of NTP. [1]
o Fix kqueue write events never fired for files greater 2GB. [2]
o Fix kpplications exiting due to segmentation violation on a correct
memory address. [3]
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Approved by: so
delphij [Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)]
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
delphij [Fri, 20 Mar 2015 07:12:02 +0000 (07:12 +0000)]
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so
In errata/article.xml, update the document will be maintained
until the EoL of the stable/9 branch.
In share/xml/release.xsl update the recommended mailing list
from -current to -stable.
In share/examples/Makefile.relnotesng, update the branch name
convention from CVS-style to SVN-style.
In installation/article.xml:
- Use descriptive text for the synching.html and the
makeworld.html pages to fix how the URLs are displayed.
- Remove a reference to 7.x.
- Change a reference from 8.2-RELEASE to 8.4-RELEASE.
In readme/article.xml:
- Change the recommended mailing list from -current
to -stable.
- Replace send-pr(1) references to Bugzilla equivalents.
- Note that send-pr(1) is a stub shell script now.
- Use descriptive text in a link to fix the URL.
In share/xml/release.ent:
- Update release.type from 'snapshot' to 'release.'
- Set IGNORE on release.type.snapshot, and INCLUDE on
release.type.release.
- Update release.manpath.freebsd to 9.3-RELEASE.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
MFC r268221 and r268222:
- Remove some unused variables.
- Add proper rangechecks in "axge_rx_frame()" function and
fix receive loop header parsing.
- Add new USB IDs.
MFS9 r268171 (MFC r267680):
Fix a code typo that prevented mkdir from firing (unnoticed usually
because another part of the code succeeded in making the same
directory).
Retooling addrconfig() to exclude addresses on loopback interfaces
when looking for configured addresses.
This change is based upon the code from the submitter, and made
following changes:
- Exclude addresses assigned on interfaces which are down, like NetBSD
does.
- Exclude addresses assigned on interfaces which are ifdisabled.
PR: 190824
Submitted by: Justin McOmie
Approved by: re (marius)
rodrigc [Mon, 30 Jun 2014 23:39:13 +0000 (23:39 +0000)]
MFC r267821:
Strict value checking will cause problem.
Bay trail DN2820FYKH is supported on Linux but does not work on FreeBSD.
This behaviour is bug-compatible with Linux-3.13.5.
delphij [Mon, 30 Jun 2014 16:16:35 +0000 (16:16 +0000)]
MFS r267944 (MFC r258941,267839):
Apply vendor improvements to oce(4) driver:
- Add support to 20Gbps, 25Gbps, 40Gbps devices;
- Add support to control adaptive interrupt coalescing (AIC)
via sysctl;
- Improve support of BE3 devices;
- Big endian support fixes;
Many thanks to Emulex for their continued support of FreeBSD.
Submitted by: Venkata Duvvuru <VenkatKumar.Duvvuru Emulex.Com>
Approved by: re (gjb)
marius [Mon, 30 Jun 2014 12:20:25 +0000 (12:20 +0000)]
MFC: r267967, r267968
- SC_NO_SYSMOUSE isn't currently supported by vt(4), so nuke it from vt.4.
- vt_vga(4) is a driver rather than a function so reference it accordingly.
- Uncomment HISTORY section given that vt(4) will first appear in 9.3.
Reviewed by: emaste (modulo last part)
Approved by: re (gjb)
Sponsored by: Bally Wulff Games & Entertainment GmbH
gjb [Thu, 26 Jun 2014 03:27:12 +0000 (03:27 +0000)]
MFS9 r267683 (dteske):
- Replace pkg-tools with pkgng
- Fix cosmetic typos
- Use `pkg -vv' to obtain ABI
- Unbreak the installer
- Remove the env(1) but keep the var
- Remove an unused variable
- Improve debugging with f_eval_catch()
- Fix package installation from physical media such as DVD
- Fix PKG_ABI detection after pkg-1.2
- Fix failed attempt to send pkg(8) stderr to /dev/null
- Export 'REPOS_DIR' when selected source medium is cdrom
Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation
gjb [Wed, 25 Jun 2014 19:22:40 +0000 (19:22 +0000)]
MFS9 r267879:
Fix a bug in bsdgrep(1) where patterns are not correctly
detected.
Certain criteria must be met for this bug to show up:
* the -w flag is specified, and
* neither -o or --color are specified, and
* the pattern is part of another word in the line, and
* the other word that contains the pattern occurs first
PR: 181973
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
jhb [Tue, 24 Jun 2014 20:35:20 +0000 (20:35 +0000)]
MFC 253392:
Workaround some broken BIOSes that specify edge-sensitive but active-low
settings for ACPI-enumerated serial ports by forcing any IRQs that use
an ISA IRQ value with these settings to active-high instead of active-low.
This is known to occur with the BIOS on an Intel D2500CCE motherboard.
tuexen [Mon, 23 Jun 2014 15:04:32 +0000 (15:04 +0000)]
MFC r267780:
Honor jails for unbound SCTP sockets when selecting source addresses,
reporting IP-addresses to the peer during the handshake, adding
addresses to the host, reporting the addresses via the sysctl
interface (used by netstat, for example) and reporting the
addresses to the application via socket options.
This issue was reported by Bernd Walter.