The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so
delphij [Tue, 13 May 2014 23:24:14 +0000 (23:24 +0000)]
Add pkg bootstrapping, configuration and public keys. [EN-14:03]
Improve build repeatability for kldxref(8). [EN-14:04]
Fix data corruption with ciss(4). [EN-14:05]
delphij [Thu, 28 Nov 2013 22:12:48 +0000 (22:12 +0000)]
MFC r257879:
Fix typo in r256646: We want to generate lists of directories in
INDEX-OLD and INDEX-NEW and compare them, not generate the same
list of directories from INDEX-OLD twice...
Pointy hats to: cperciva & everybody who didn't proofread
EN-13:04 enough
Errata Notice: FreeBSD-EN-13:05.freebsd-update
Approved by: so
delphij [Sat, 26 Oct 2013 20:01:00 +0000 (20:01 +0000)]
MFC r256646, r256767, r257038:
When installing updates, install new directories first and remove old
directories last.
Allow ~ in file names so libtool droppings in contrib don't break updates.
It has happened twice now, and is likely to happen again.
Be more selective when filtering for lib*.so.N files. These are deleted
at the end of the upgrade process, after warning users to upgrade any
3rd party software (e.g., from the ports tree) which might link to the
libraries being removed.
Errata Notice: FreeBSD-EN-13:04.freebsd-update
Approved by: so
des [Tue, 10 Sep 2013 10:15:33 +0000 (10:15 +0000)]
In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK at the socket layer rather than pass them on to the
link layer without validation or credential checks. [SA-13:12]
Prevent cross-mount hardlinks between different nullfs mounts of the
same underlying filesystem. [SA-13:13]
Fix Denial of Service vulnerability in named(8). [13:07]
Fix a bug that allows remote client bypass the normal
access checks when when -network or -host restrictions
are used at the same time with -mapall. [13:08]
des [Tue, 18 Jun 2013 07:05:51 +0000 (07:05 +0000)]
Fix a bug that allowed a tracing process (e.g. gdb) to write
to a memory-mapped file in the traced process's address space
even if neither the traced process nor the tracing process had
write access to that file.
Security: CVE-2013-2171
Security: FreeBSD-SA-13:06.mmap
Approved by: so
hrs [Fri, 30 Nov 2012 16:15:35 +0000 (16:15 +0000)]
- Bump versions and revert XML migration of the release documents in
releng/9.1 branch. The doc tree release/9.1.0 for this release still uses
SGML toolchain[1].
- Add SVNROOT{BASE,SRC,DOC,PORTS} for subversion repository URLs and
BRANCH{SRC,DOC,PORTS} for the branches to generate-release.sh, and
remove -p, -r, -d options. The revision to be built should be specified
in the URL.
- Add {WORLD,KERNEL}_FLAGS to generate-release.sh. These were supported in
the old release build framework.
- Disable to use binary package for docproj port during a release build.
This package should be built successfully.
Pointy hat to: hrs [1]
Approved by: re (implicitly)
eadler [Sat, 10 Nov 2012 06:05:04 +0000 (06:05 +0000)]
MFC r242514:
Revert the change that makes less default.
Since I've committed this I've receieved roughly an equal
amount of email thanking me for making this change
and asking me to revert it.
I've resisted making this change because
new users tend to prefer less over more
and these users are the least likely to know
how to change the PAGER on their own.
Approved by: cperciva (implicit)
Approved by: re (kib)
marius [Sun, 21 Oct 2012 12:53:33 +0000 (12:53 +0000)]
MFC: r241679
It turns out that as documented, PCF8563_R_SECOND_VL (i.e. battery low)
doesn't automatically clear when VDD rises above Vlow again and needs to be
cleared manually. However, apparently this needs all of the time registers
to be set, i.e. pcf8563_settime(), and not just PCF8563_R_SECOND in order
for PCF8563_R_SECOND_VL to stick. Thus, we just issue a warning during
pcf8563_attach() rather than failing with ENXIO in case it is set.
glebius [Tue, 2 Oct 2012 13:03:11 +0000 (13:03 +0000)]
Merge r240985 from head:
Fix bug in TCP_KEEPCNT setting, which slipped in in the last round
of reviewing of r231025.
Unlike other options from this family TCP_KEEPCNT doesn't specify
time interval, but a count, thus parameter supplied doesn't need
to be multiplied by hz.
mav [Mon, 1 Oct 2012 10:52:10 +0000 (10:52 +0000)]
MFC r240917:
Reduce delays in several wait loops from 10ms to 10us, same is it is
done in Linux. This substantially increases graphics performance on Ivy
Bridge.
Submitted by: avg@
Reviewed by: kib@
Approved by: re (kib)
Prevents a crash when queried for a record whose RDATA exceeds
65535 bytes.
Prevents a crash when validating caused by using "Bad cache" data
before it has been initialized.
ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries.
A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process.
For more information: https://kb.isc.org/article/AA-00788
- Fix release notes build on releng/9.1 [1]
- MFC r240508, r240516, r240519 (gabor):
o Update releng/9.1/release/doc files post-XML conversion.
o This commit fixes most of the 9-STABLE release build problems.
- Close colspec tags to conform to XML standards. [1]
- Convert installation article to XML stanards. [1]
Do not change owner, group, or mode when package database directory
and its contents are created with pkg_add(1). It may happen when the
packing list contains @owner, @group, or @mode.
According to a clarification at http://austingroupbugs.net/view.php?id=503
ptsname may set errno, so avoid saving and restoring errno across the
function.
PR: standards/171572
Approved by: re
Sponsored by: ADARA Networks
Avoid mapping ENOENT to ENOTDIR for non-existent path components.
The ENOTDIR mapping was introduced in r235266 for kern/128933 based on
an interpretation of the somewhat ambiguous language in the POSIX realpath
specification. The interpretation is inconsistent with Solaris and Linux,
a regression from 9.0, and does not appear to be permitted by the
description of ENOTDIR:
20 ENOTDIR Not a directory. A component of the specified pathname
existed, but it was not a directory, when a directory was
expected.
PR: standards/171577
Approved by: re
Sponsored by: ADARA Networks
isci(4): Fix SCSI/ATA translation for SCSI_WRITE_BUFFER w/ mode==0x7
(download microcode with offsets, save, and activate).
SATI translation layer was incorrectly using allocation length instead
of blocks, and was constructing the ATA command incorrectly.
Also change #define to specify that the 512 block size here is
specific for DOWNLOAD_MICROCODE, and does not relate to the device's
logical block size.
MFC r240465:
Add global and per-module sysctls/tunables to enable/disable metadata taste.
That should help to handle some cases when disk has some RAID metadata that
should be ignored, especially during boot.
MFC r240286:
At least from A70M FCH chipsets AMD started to use their real vendor ID
(1022) in HPET. But according to report they still haven't fixed problem
with level-triggered interrupts.
Make workaround used for earlier chipsets apply to this new ID also.
Add TRIM support, enabled by default.
Fix a bug installing components from a localPath.
Allow autosizing of any partition, not just the last partition.
Adjust how ZFS is laid out to work with Boot Environments.
Submitted by: kmoore
Approved by: re (kib)
Obtained from: PC-BSD
change ALWAYS_ASSUME_YES to ASSUME_ALWAYS_YES for consistency with pkg(8)
if not on a tty prompt about the missing pkg(8) but default on 'no' except if
ASSUME_ALWAYS_YES is set
MFC r230454 (pjd):
Use provided name when allocating ksid domain. It isn't really used
on FreeBSD, but should fix a panic when pool is imported from another OS
that is using this.
MFC r240162 (mm):
Make r230454 more readable and vendor-like.
MFC r239125:
Do not apply errata 721 workaround when under hypervisor, since
typical hypervisor does not implement access to the required MSR,
causing #GP on boot.
Properly apply #ifdef INET and leave a comment that we are (will) apply
delayed IPv6 checksum processing in ip6_output.c when doing IPsec.
In case of IPsec he have to do delayed checksum calculations before
adding any extension header, or rather before calling into IPsec
processing as we may send the packet and not return to IPv6 output
processing here.
MFC r238877-238878:
Fix a comment that we do not have an SA yet but need to acquire one.
For consistency put the IPsec comment iside the #fidef section.
MFC r238934
Improve the should-never-hit printf to ease debugging in case we'd ever hit
it again when doing the delayed IPv6 checksum calculations.
MFS r240157 (MFC r235638,r239348):
- Work around failure to compile on FreeBSD 7.x machines.
- Correct a regression introduced during the import of file(1) 5.11.
PR: 170415
Reviewed by: obrien
Approved by: re (kib)
Remember that I'm using length-defined strings in parameters:
Don't include the null terminator when recomputing the parameter
length when stripping the netmask from IP addresses. This was
causing later addresses in a comma-separated string to disappear.
Use memcpy instead of strcpy. This could just cause Bad Things.
Add a null byte when comma-combining array parameters.
Pre-separate IP addresses passed on the command line, so they can be
properly parsed for interface prefixes and netmask suffixes. This was
already done for the old-style (fixed) command line, but missed for
the new-style.
fjoe [Tue, 28 Aug 2012 17:09:34 +0000 (17:09 +0000)]
MFC: r238933
- Change back "d_ofs" to int8_t to not pessimize padding and size of "struct puc_cfg".
- Use "puc_config_moxa" for Moxa boards that need d_ofs greater than 0x7f
jimharris [Mon, 27 Aug 2012 18:12:08 +0000 (18:12 +0000)]
MFC r239655:
Fix scsi_da's BIO_DELETE->SCSI_UNMAP translation to use correct local
variable when determining various sizes related to SCSI UNMAP block
descriptor lists.
jimharris [Mon, 27 Aug 2012 18:10:25 +0000 (18:10 +0000)]
MFC r239545:
Fix/add isci(4) support for SCSI UNMAP to ATA DSM translation.
This addresses kernel panic observed when sending SCSI UNMAP
commands to SATA disks attached to isci(4).
1) Flesh out callback routines to allocate/free buffers needed for
translating SCSI UNMAP data to ATA DSM data.
2) Add controller-level pool for storing buffers previously allocated
for UNMAP translation, to lessen chance of no buffer available
under memory pressure.
3) Ensure driver properly handles case where buffer pool is empty
and contigmalloc returns NULL.
This change fixes the binary compatibility problems with additions to
the disk(9) API. Disk drivers compiled against 9.0 will not work on
9.1-RC1, but should start working after this change or in 9.1-RC2 and
later. Disk drivers should not be linked against 9.1-RC1 for
distribution, except specifically for testing on RC1. This was
planned for RC1, but it was delayed due to circumstancs beyond my
control.
bschmidt [Fri, 24 Aug 2012 06:56:44 +0000 (06:56 +0000)]
MFC r231187:
Update the 802.11s IE numbers to represent the latest 802.11 amendment
standard.
This update breaks compatibility with older mesh setups but is necessary as
the previous IDs are used by another amendment leading to unexpected results
when trying to associate with an accesspoint using the affected IDs.
lstewart [Wed, 22 Aug 2012 01:28:16 +0000 (01:28 +0000)]
MFC r239346:
The TCP PAWS fix for kernels with fast tick rates (r231767) changed the TCP
timestamp related stack variables to reference ms directly instead of ticks. The
h_ertt(4) Khelp module relies on TCP timestamp information in order to calculate
its enhanced RTT estimates, but was not updated as part of r231767.
Consequently, h_ertt has not been calculating correct RTT estimates since
r231767 was comitted, which in turn broke all delay-based congestion control
algorithms because they rely on the h_ertt RTT estimates.
Fix the breakage by switching h_ertt to use tcp_ts_getticks() in place of all
previous uses of the ticks variable. This ensures all timestamp related
variables in h_ertt use the same units as the TCP stack and therefore results in
meaningful comparisons and RTT estimate calculations.
Reported & tested by: Naeem Khademi (naeemk at ifi uio no)
Discussed with: bz
Approved by: re (kib)
kan [Tue, 21 Aug 2012 22:42:46 +0000 (22:42 +0000)]
MFC r239470: Do not call process_nodelete with NULL object pointer.
The place where the function is called can be reached if object loading
and relocation fails too, in which case obj pointer will be NULL. Do not
call process_nodelete then, or crash will follow.
emaste [Tue, 21 Aug 2012 11:35:54 +0000 (11:35 +0000)]
MFC r232844: Remove extraneous log message
When ntp switched between PLL and FLL mode it produced a log message
"kernel time sync status change %04x". This issue is reported in ntp
bug 452[1] which claims that this behaviour is normal and the log
message isn't necessary. I'm not sure exactly when it was removed, but
it's gone in the latest ntp release (4.2.6p5).
emaste [Tue, 21 Aug 2012 11:34:40 +0000 (11:34 +0000)]
MFC r238718: Quirk MS keyboard so that function keys work
The function keys on a Microsoft Natural Egronomic Keyboard 4000 have been
repurposed as "Help", "Undo", "Redo" etc., and a special "F Lock" key is
required to return them to their normal purpose.
This change enables the UQ_KBD_BOOTPROTO quirk for the MS Natural 4000
keyboard to get the keys working again. More extensive changes to the USB
keyboard infrastructure would be needed to fully support the "F Lock" mode
and the extended keys on this keyboard.
marius [Tue, 21 Aug 2012 09:43:03 +0000 (09:43 +0000)]
MFC: r239089
- Merge from NetBSD:
When issuing a non-DMA command, make sure to set the "remaining length of
command to be transferred via DMA" (sc_cmdlen) to zero up-front, otherwise
we might get confused on command competition interrupt (no DMA active but
still data left to transfer).
- Implement handling of MSG_IGN_WIDE_RESIDUE which some targets produce, as
just rejecting these leads to a resend and disconnect loop.
Reported and tested by: mjacob
delphij [Tue, 21 Aug 2012 09:05:23 +0000 (09:05 +0000)]
MFC r239169:
RFC 2289 requires all hashes be stored in little endian format before
folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32
is required before using the value.
Without this change, the implementation does not conform to test vector
found in RFC 2289.
PR: bin/170519
Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes)
Approved by: re (kib)
tuexen [Mon, 20 Aug 2012 17:06:50 +0000 (17:06 +0000)]
MFC r239041:
Fix a bug reported by Simon L. B. Nielsen:
If an SCTP endpoint receives an ASCONF with a wildcard
lookup address and incorrect verification tag, the system
crashes.
This bug was found by Shaun Colley.
kan [Mon, 20 Aug 2012 15:19:34 +0000 (15:19 +0000)]
MFC r239095: Do not add handler to event handlers list until ithread
is created.
In rare event when fast and ithread interrupts share the same vector
and the fast handler was registered first, we can end up trying to
schedule the ithread that is not created yet. The kernel built with
INVARIANTS then triggers an assertion.
Change the order to create the ithread first and only then add the
handler that needs it to the interrupt event handlers list.