summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix a race condition exists in the OpenSSL TLS server extension code andreleng/7.1Simon L. B. Nielsen2010-11-293-1/+5
| | | | | | | | | | | a double free in the SSL client ECDH handling code. Approved by: so (simon) Security: CVE-2010-2939, CVE-2010-3864 Security: FreeBSD-SA-10:10.openssl Notes: svn path=/releng/7.1/; revision=216063
* Don't unlock a mutex which wasn't locked.Colin Percival2010-11-103-2/+4
| | | | | | | | | PR: kern/137310 Approved by: so (cperciva) Security: FreeBSD-SA-10:09.pseudofs Notes: svn path=/releng/7.1/; revision=215103
* Fix an integer overflow in RLE length parsing when decompressingColin Percival2010-09-203-1/+12
| | | | | | | | | | corrupt bzip2 data. Approved by: so (cperciva) Security: FreeBSD-SA-10:08.bzip2 Notes: svn path=/releng/7.1/; revision=212901
* Correctly copy the M_RDONLY flag when duplicating a referenceColin Percival2010-07-133-1/+6
| | | | | | | | | | | to an mbuf external buffer. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:07.mbuf Notes: svn path=/releng/7.1/; revision=209964
* Change the current working directory to be inside the jail created byColin Percival2010-05-273-4/+5
| | | | | | | | | | | | | | | | | the jail(8) command. [10:04] Fix a one-NUL-byte buffer overflow in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient Notes: svn path=/releng/7.1/; revision=208586
* MFC r197223: Fix a deadlock in the ULE scheduler.Colin Percival2010-02-273-10/+19
| | | | | | | | Approved by: so (cperciva) Errata: FreeBSD-EN-10:02.sched_ule Notes: svn path=/releng/7.1/; revision=204409
* Fix BIND named(8) cache poisoning with DNSSEC validation.Simon L. B. Nielsen2010-01-0610-49/+149
| | | | | | | | | | | | | | | | | | | [SA-10:01] Fix ntpd mode 7 denial of service. [SA-10:02] Fix ZFS ZIL playback with insecure permissions. [SA-10:03] Various FreeBSD 8.0-RELEASE improvements. [EN-10:01] Security: FreeBSD-SA-10:01.bind Security: FreeBSD-SA-10:02.ntpd Security: FreeBSD-SA-10:03.zfs Errata: FreeBSD-EN-10:01.freebsd Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=201679
* Bump the patch level in the kernel version number, which wasSimon L. B. Nielsen2009-12-031-1/+1
| | | | | | | | | | accidentally left out of main commit for SA-09:15, SA-09:15, and SA-09:17 in r200054. Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=200057
* Disable SSL renegotiation in order to protect against a seriousColin Percival2009-12-037-11/+31
| | | | | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Notes: svn path=/releng/7.1/; revision=200054
* MFC r197711 (partial) to 6.x and 7.x:Simon L. B. Nielsen2009-10-024-4/+19
| | | | | | | | | | | | | | | | | | | | | | | - Add no zero mapping feature, disabled by default. [EN-09:05] MFC 178913,178914,179242,179243,180336,180340 to 6.x: - Fix kqueue pipe race conditions. [SA-09:13] MFC r192301 to 7.x; 6.x has slightly different fix: - Fix devfs / VFS NULL pointer race condition. [SA-09:14] Security: FreeBSD-SA-09:13.pipe Security: FreeBSD-SA-09:14.devfs Errata: FreeBSD-EN-09:05.null Submitted by: kib [SA-09:13] [SA-09:14] Submitted by: bz [EN-09:05] In collaboration with: jhb, kib, alc [EN-09:05] Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=197715
* Fix BIND named(8) dynamic update message remote DoS.Simon L. B. Nielsen2009-07-293-2/+9
| | | | | | | | | | Obtained from: ISC Security: FreeBSD-SA-09:12.bind Security: CVE-2009-0696 Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=195935
* Prevent integer overflow in direct pipe write code from circumventingColin Percival2009-06-105-19/+35
| | | | | | | | | | | | | | | | | virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd Notes: svn path=/releng/7.1/; revision=193893
* Don't leak information via uninitialized space in db(3) records. [09:07]Colin Percival2009-04-228-6/+32
| | | | | | | | | | | | | | Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva) Notes: svn path=/releng/7.1/; revision=191381
* Correctly sanity-check timer IDs. [SA-09:06]Colin Percival2009-03-234-5/+16
| | | | | | | | | | | | | Limit the size of malloced buffer when dumping environment variables. [EN-09:01] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-09:06.ktimer Errata: FreeBSD-EN-09:01.kenv Notes: svn path=/releng/7.1/; revision=190301
* Correctly scrub telnetd's environment.Colin Percival2009-02-163-5/+23
| | | | | | | | Approved by: so (cperciva) Security: FreeBSD-SA-09:05.telnetd Notes: svn path=/releng/7.1/; revision=188699
* Correct ntpd(8) cryptographic signature bypass [SA-09:04].Simon L. B. Nielsen2009-01-135-4/+10
| | | | | | | | | | | | | Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=187194
* Prevent cross-site forgery attacks on lukemftpd(8) due to splittingSimon L. B. Nielsen2009-01-0714-25/+59
| | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) Notes: svn path=/releng/7.1/; revision=186872
* Fix a typo (s/get_setaffinity/sched_getaffinity/).Hiroki Sato2009-01-012-2/+2
| | | | | | | | Spotted by: mtm Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186676
* Ready to do one final test build and then start the release build process.release/7.1.0Ken Smith2008-12-311-1/+1
| | | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186654 svn path=/release/7.1.0/; revision=186660; tag=release/7.1.0
* Predict when we'll be ready to do the 7.1-RELEASE announcement.Ken Smith2008-12-311-0/+3
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186653
* Merge the following changes from the English version:Hiroki Sato2008-12-313-288/+672
| | | | | | | | | | | | r181796 -> r186637 errata/article.sgml r185258 -> r186206 hardware/article.sgml r185258 -> r186643 relnotes/article.sgml Submitted by: delphij Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186652
* Fix $RDIR (installation directory) of relnotes.Hiroki Sato2008-12-311-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186646
* Fix a typo.Hiroki Sato2008-12-311-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186643
* Fix order in arch="".Hiroki Sato2008-12-311-3/+3
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186639
* Remove old (unmaintained) translations.Hiroki Sato2008-12-31234-41095/+0
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186638
* Trim 7.1R Errata.Hiroki Sato2008-12-312-63/+5
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186637
* Update release notes for 7.1R:Hiroki Sato2008-12-311-310/+824
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SA-08:05.openssh, SA-08:06.bind, SA-08:07.amd64, SA-08:08.nmount, SA-08:09.icmp6, SA-08:10.nd6, SA-08:11.arc4random, SA-08:12.ftpd, SA-08:13.protosw, clock id CLOCK_THREAD_CPUTIME_ID added, cpuset(2) added, DTrace framework and dtrace(1), ddb(4) capture, ex /S command, show conifhk added, fcntl F_DUP2FD, linux(4) sched_setaffinity() and get_setaffinity(), in-kernel NFSLOCKD, textdump, ULE enabled by default, wait4(2) WNOWAIT and WSTOPPED added, CPU binding of interrupts on amd64,i386,sparc64, kern.features.compat_freebsd[456] sysctls, BTX USB drive issue fixed, gptboot boot loader, kbdmux(4) on sparc64, nvram(4) MPSAFE, puc(4) PUC_FASTINTR option removed, psm(4) Synaptics detection changed, agp(4) G33/G45 support, dpms(4) added for suspend/resume support, DRM supports i915 GME devices, hme(4) improved, ixgbe(4) updated to 1.6.2, auto-negotiation issue in some PHYs in miibus(4) fixed, workaround of msk(4) checksum offload issue added, ndis(4) improved, sf(4) improved, stge(4) WOL support, vr(4) improved, wpi(4) improved, arp(8) reject/blackhole keywords added, bpf(4) ioctl BIOCSETFNR added, if_bridge(4) ifmaxaddr parameter added, carp(4) stability fix, dummynet(4) fast mode, enc(4) inner/outer header selection for firewall or bpf(4) via sysctl, gre(4) GRE key support, ipsec(4) PMTU issue fixed, netatm removed, ng_nat(4) redirect support, ng_pptpgre(4) multiple hook support, resolver(3) underscore support, TCP_CONGESTION socket option for TCP socket, rwlock(9) now used in various network stack, aac(4) >2TB array support, ata(4) 80pin cable check sysctl added, ata(4) ServerWorks HT1000 chipset issue fixed, ciss(4) ADAPTER HEARTBEAT FAILED issue fixed, geom_part kernel module support, geom_linux_lvm kernel module support, iir(4) stability fix, mpt(4) mpt_user personality added, rr232x(4) removed in favor of hptrr(4), twa(4) stability fix, fdescfs(5) MPSAFE, gpart(8) BSD and VTOC8 support, gvinum(8) volume parameter support when a plex created, unionfs(7) pathname lookup issue of UNIX domain socket fixed, atacontrol(8) spindown command added, chflags(1) -v, -f, -h options added, cp(1) -a added, cp(1) ACL bug fixed, cron(8) -m flag added, dhclient(8) more options added, dhclient(8) is_default_interface() function added, dhclient(8) default route handling bug fixed, environ(7) unsetting detection improved, fdisk(8) -q flag added, fetch(1) NO_PROXY added, ffsll(3) and flsll(3) added, fortune(6) FORTUNE_PATH added, fortune(6) an issue of -e with multiple files fixed, freebsd-update.conf(5) IDSIgnorePaths added, fwcontrol(8) -f node option added, gcc(1) -mcpu support on sparc64, gpt(8) ZFS support, ifconfig(8) WPS IE support, kgdb(1) add-kld command, kld shared-lib backend support, tid command, kvm_getcptime(3) added, libalias PORT/EPRT of FTP command in lowercase support, man(1) bzip2-compressed manual page support, mdconfig(8) -v added, memrchr(3) added, morse(6) grammar fix, mountd(8) -h added, moused(8) -L added, mv(1) POSIX comformance improved, periodic(8) daily_status_mail_rejects_shorten added, ping6(8) exit status change, ping6(8) -o, -r, -R added, ping6(8) minimum allowed interval changed, rfcomm_pppd(8) -D added, sdpd(8) NAP, GN, PANU profiles added, setkey(8) esp keyword support, telnetd(8) -a off bugfix, top(1) and vmstat(8) -P flag added, traceroute(8) -a for AS number lookup added, uuid_{enc,dec}_{be,le}(3) functions added, watch(8) >10 snp(4) devices support, ypserv(8) -P added, rc.d var dummynet_enable added, a bug in rc.d/ntpd when no configuration has been fixed, rc.d/ppp multiple instances support, rc.d/sysctl /etc/sysctl.conf.local support, rc.firewall setting in rc.conf, am-utils 6.1.5, ISC BIND 9.4.2-P2, bzip2 1.0.5, CVS 1.11.22.1, hostapd 0.5.10 + radius ACL support, libarchive 2.5.5, ncurses 5.6-20080503, NTP 4.2.4p5, resolver library to ISC BIND 9.4.3, timezone database tzdata2008h, wpa_supplicant 0.5.10 + syslog support, and KDE 3.5.10. Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186636
* Bump version numbers and update descriptions for 7.1R.Hiroki Sato2008-12-312-25/+11
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186635
* Add arch="" attr support.Hiroki Sato2008-12-311-35/+137
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186634
* Bump year.Warner Losh2008-12-301-2/+2
| | | | | | | Approved by: re@ (kensmith) Notes: svn path=/releng/7.1/; revision=186596
* Merge bump of copyright.Warner Losh2008-12-301-1/+1
| | | | | | | Approved by: re@ (kensmith) Notes: svn path=/releng/7.1/; revision=186595
* Revert partially manual page changes as we reveted ICH10 and IT8213FXin LI2008-12-291-3/+3
| | | | | | | | | support. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186552
* Revert r184442 (ata(4) changes to support ICH10 and ITE8213F chips) toXin LI2008-12-292-208/+103
| | | | | | | | | previous state due to some late problem reports on -stable@. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186551
* Reflect what is actually being supported by bce(4) in RELENG_7_1.Xin LI2008-12-291-1/+11
| | | | | | | Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186550
* MFC r185692Daniel Gerzo2008-12-281-1/+1
| | | | | | | | | | | - correct variable name PR: docs/129448 Submitted by: Kenyon Ralph <kralph@gmail.com> Approved by: re@ (kensmith) Notes: svn path=/releng/7.1/; revision=186548
* Revert MFC of 185574 in response of changeset 186533 which removedXin LI2008-12-281-20/+3
| | | | | | | | | BCM5709/5716 support. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186534
* Revert the bce(4) MFC and restore the state of code as of before changesetXin LI2008-12-283-19816/+7041
| | | | | | | | | | | | 184826. Some pending reliability changes needs to be tested throughly and it does not seem to be a good idea to ship the current state of bce(4) with the release. Thanks for everyone who provided testing and sorry for the mess. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186533
* MFH: part of 186372Yoshihiro Takahashi2008-12-231-31/+31
| | | | | | | | | | Disable the pccard, parallel, GbE and wireless lan related devices to decrease a kernel size. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186410
* Prepare for 7.1-RC2 builds.Ken Smith2008-12-231-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/7.1/; revision=186408
* Prevent cross-site forgery attacks on ftpd(8) due to splittingColin Percival2008-12-235-8/+41
| | | | | | | | | | | | | | | | long commands into multiple requests. [08:12] Avoid calling uninitialized function pointers in protocol switch code. [08:13] Merry Christmas everybody... Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw Notes: svn path=/releng/7.1/; revision=186405
* MFC 182911,182948,185996 from HEAD to syncronize fwcontrol between all branchesSean Bruno2008-12-223-149/+462
| | | | | | | | | | | | | | | | of FreeBSD. These changes provide the following features: Allow users of more than one Firewire board to execute commands Allow users to pass more than one command line argument at a time Provide NetBSD code support Cleanup Mergeinfo and mark the branch in sync Reviewed by: slong (scottl@samsco.org) Mentor Approved by: re Ken (kensmith@cse.buffalo.edu) Notes: svn path=/releng/7.1/; revision=186388
* Fix to bug kern/126850. Only dispatch event hander if the interface had a ↵VANHULLEBUS Yvan2008-12-212-22/+29
| | | | | | | | | | | parent... PR: kern/126850 Reviewed by: EvilSam Approved by: re Notes: svn path=/releng/7.1/; revision=186377
* Merge head 185728 via 186368: initialize dummy argument to umtx_op()Peter Wemm2008-12-211-1/+1
| | | | | | | Approved by: re (kib) Notes: svn path=/releng/7.1/; revision=186369
* Merge rev 185725 (184996 in head): Use correct names in END() macros.Peter Wemm2008-12-213-3/+3
| | | | | | | | Approved by: re (kib) Reminded by: kensmith Notes: svn path=/releng/7.1/; revision=186367
* MFC revision 185713 from head.Christian S.J. Peron2008-12-201-4/+4
| | | | | | | | | | | | | Make sure we are maintaining the reference count on the route eliminating another: rtfree: 0xc841ee88 has 1 refs Reviewed by: bz Approved by: re@ (gnn) Notes: svn path=/releng/7.1/; revision=186364
* MFC r186315:Joe Marcus Clarke2008-12-192-0/+4
| | | | | | | | | | | Do not segfault when procstat -f or procstat -v is called on a process not owned by the current user. If kinfo_getfile() or kinfo_getvmmap() return NULL, simply exit, and do not try and derefernce the memory. Approved by: re (kib) Notes: svn path=/releng/7.1/; revision=186340
* MFC r186314:Joe Marcus Clarke2008-12-192-8/+10
| | | | | | | | | | | Initialize the cntp pointer to 0 prior to doing any work so that callers don't try to iterate through garbage or NULL memory. Additionally, return NULL instead of 0 on error. Approved by: re (kib) Notes: svn path=/releng/7.1/; revision=186339
* MFC r185984:Konstantin Belousov2008-12-193-5/+31
| | | | | | | | | | Reference the vmspace of the process being inspected by procfs, linprocfs and sysctl kern_proc_vmmap handlers. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186329
* MFC r185983:Konstantin Belousov2008-12-191-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | The userland_sysctl() function retries sysctl_root() until returned error is not EAGAIN. Several sysctls that inspect another process use p_candebug() for checking access right for the curproc. p_candebug() returns EAGAIN for some reasons, in particular, for the process doing exec() now. If execing process tries to lock Giant, we get a livelock, because sysctl handlers are covered by Giant, and often do not sleep. Break the livelock by dropping Giant and allowing other threads to execute in the EAGAIN loop. This commit does not merge the following change, as was discussed with jhb: [Also, do not return EAGAIN from p_candebug() when process is executing, use more appropriate EBUSY error.] MFC r185987: Uio_yield() already does DROP_GIANT/PICKUP_GIANT, no need to repeat this around the call. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186328
* MFC r185765, r185766:Konstantin Belousov2008-12-192-20/+53
| | | | | | | | | | | | | | | | | | | | | Make two style changes to create new commit and document proper commit message for r185765. Commit message for r185765 should be: In procfs map handler, and in linprocfs maps handler, do not call vn_fullpath() while having vm map locked. This is done in anticipation of the vop_vptocnp commit, that would make vn_fullpath sometime acquire vnode lock. Also, in linprocfs, maps handler already acquires vnode lock. MFC r185864: Relock user map earlier, to have the lock held when break leaves the loop earlier due to sbuf error. Approved by: re (kensmith) Notes: svn path=/releng/7.1/; revision=186327
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 01:55:15 +0000