src-test, branch releng/6.3

src-test, branch releng/6.3 FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=releng%2F6.3 2010-01-06T21:45:30Z Fix BIND named(8) cache poisoning with DNSSEC validation. 2010-01-06T21:45:30Z Simon L. B. Nielsen simon@FreeBSD.org 2010-01-06T21:45:30Z urn:sha1:1a707c0e67da562b02571106a36b14538caa6783 [SA-10:01] Fix ntpd mode 7 denial of service. [SA-10:02] Fix ZFS ZIL playback with insecure permissions. [SA-10:03] Various FreeBSD 8.0-RELEASE improvements. [EN-10:01] Security: FreeBSD-SA-10:01.bind Security: FreeBSD-SA-10:02.ntpd Security: FreeBSD-SA-10:03.zfs Errata: FreeBSD-EN-10:01.freebsd Approved by: so (simon) Bump the patch level in the kernel version number, which was 2009-12-03T12:59:39Z Simon L. B. Nielsen simon@FreeBSD.org 2009-12-03T12:59:39Z urn:sha1:3bcabf8f98591dc2c38dcb7eaf591d9954d296db accidentally left out of main commit for SA-09:15, SA-09:15, and SA-09:17 in r200054. Approved by: so (simon) Disable SSL renegotiation in order to protect against a serious 2009-12-03T09:18:40Z Colin Percival cperciva@FreeBSD.org 2009-12-03T09:18:40Z urn:sha1:d9ee9f36b89abf39ed9b02b8b5533dcd264be7b8 protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate MFC r197711 (partial) to 6.x and 7.x: 2009-10-02T18:09:56Z Simon L. B. Nielsen simon@FreeBSD.org 2009-10-02T18:09:56Z urn:sha1:482acad57332f5ff6f288860c5b7a1e820bddb95 - Add no zero mapping feature, disabled by default. [EN-09:05] MFC 178913,178914,179242,179243,180336,180340 to 6.x: - Fix kqueue pipe race conditions. [SA-09:13] MFC r192301 to 7.x; 6.x has slightly different fix: - Fix devfs / VFS NULL pointer race condition. [SA-09:14] Security: FreeBSD-SA-09:13.pipe Security: FreeBSD-SA-09:14.devfs Errata: FreeBSD-EN-09:05.null Submitted by: kib [SA-09:13] [SA-09:14] Submitted by: bz [EN-09:05] In collaboration with: jhb, kib, alc [EN-09:05] Approved by: so (simon) Fix BIND named(8) dynamic update message remote DoS. 2009-07-29T00:14:14Z Simon L. B. Nielsen simon@FreeBSD.org 2009-07-29T00:14:14Z urn:sha1:e8c0497d6897110bc83bda93cc1eb51d54d45dc1 Obtained from: ISC Security: FreeBSD-SA-09:12.bind Security: CVE-2009-0696 Approved by: so (simon) Prevent integer overflow in direct pipe write code from circumventing 2009-06-10T10:31:11Z Colin Percival cperciva@FreeBSD.org 2009-06-10T10:31:11Z urn:sha1:57bbdcd90887aa47cd123bf1200be30ae299356d virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd Don't leak information via uninitialized space in db(3) records. [09:07] 2009-04-22T14:07:14Z Colin Percival cperciva@FreeBSD.org 2009-04-22T14:07:14Z urn:sha1:5186ccc403b38db31bf42f14e5c68ca8142200b2 Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva) Correct ntpd(8) cryptographic signature bypass [SA-09:04]. 2009-01-13T21:19:27Z Simon L. B. Nielsen simon@FreeBSD.org 2009-01-13T21:19:27Z urn:sha1:a554d42eab4d4e7f72c1718676f2d6183820a607 Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon) Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07T20:17:55Z Simon L. B. Nielsen simon@FreeBSD.org 2009-01-07T20:17:55Z urn:sha1:58c30e69b0f01372bee2b4cdd158d7f0629b23b2 long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) Prevent cross-site forgery attacks on ftpd(8) due to splitting 2008-12-23T01:23:09Z Colin Percival cperciva@FreeBSD.org 2008-12-23T01:23:09Z urn:sha1:09ac114e66d5478c6a3e980d343d4199e2e238eb long commands into multiple requests. [08:12] Avoid calling uninitialized function pointers in protocol switch code. [08:13] Merry Christmas everybody... Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw