| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
a double free in the SSL client ECDH handling code.
Approved by: so (simon)
Security: CVE-2010-2939, CVE-2010-3864
Security: FreeBSD-SA-10:10.openssl
Notes:
svn path=/releng/7.1/; revision=216063
|
|
|
|
|
|
|
|
|
| |
PR: kern/137310
Approved by: so (cperciva)
Security: FreeBSD-SA-10:09.pseudofs
Notes:
svn path=/releng/7.1/; revision=215103
|
|
|
|
|
|
|
|
|
|
| |
corrupt bzip2 data.
Approved by: so (cperciva)
Security: FreeBSD-SA-10:08.bzip2
Notes:
svn path=/releng/7.1/; revision=212901
|
|
|
|
|
|
|
|
|
|
|
| |
to an mbuf external buffer.
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:07.mbuf
Notes:
svn path=/releng/7.1/; revision=209964
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
Notes:
svn path=/releng/7.1/; revision=208586
|
|
|
|
|
|
|
|
| |
Approved by: so (cperciva)
Errata: FreeBSD-EN-10:02.sched_ule
Notes:
svn path=/releng/7.1/; revision=204409
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[SA-10:01]
Fix ntpd mode 7 denial of service. [SA-10:02]
Fix ZFS ZIL playback with insecure permissions. [SA-10:03]
Various FreeBSD 8.0-RELEASE improvements. [EN-10:01]
Security: FreeBSD-SA-10:01.bind
Security: FreeBSD-SA-10:02.ntpd
Security: FreeBSD-SA-10:03.zfs
Errata: FreeBSD-EN-10:01.freebsd
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=201679
|
|
|
|
|
|
|
|
|
|
| |
accidentally left out of main commit for SA-09:15, SA-09:15, and
SA-09:17 in r200054.
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=200057
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
Notes:
svn path=/releng/7.1/; revision=200054
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add no zero mapping feature, disabled by default. [EN-09:05]
MFC 178913,178914,179242,179243,180336,180340 to 6.x:
- Fix kqueue pipe race conditions. [SA-09:13]
MFC r192301 to 7.x; 6.x has slightly different fix:
- Fix devfs / VFS NULL pointer race condition. [SA-09:14]
Security: FreeBSD-SA-09:13.pipe
Security: FreeBSD-SA-09:14.devfs
Errata: FreeBSD-EN-09:05.null
Submitted by: kib [SA-09:13] [SA-09:14]
Submitted by: bz [EN-09:05]
In collaboration with: jhb, kib, alc [EN-09:05]
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=197715
|
|
|
|
|
|
|
|
|
|
| |
Obtained from: ISC
Security: FreeBSD-SA-09:12.bind
Security: CVE-2009-0696
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=195935
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtual-to-physical page lookups. [09:09]
Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]
Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]
Approved by: so (cperciva)
Approved by: re (not really, but SVN wants this...)
Security: FreeBSD-SA-09:09.pipe
Security: FreeBSD-SA-09:10.ipv6
Security: FreeBSD-SA-09:11.ntpd
Notes:
svn path=/releng/7.1/; revision=193893
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sanity-check string lengths in order to stop OpenSSL crashing
when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc
Security: FreeBSD-SA-09:08.openssl
Security: CVE-2009-0590
Approved by: re (kensmith)
Approved by: so (cperciva)
Notes:
svn path=/releng/7.1/; revision=191381
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Limit the size of malloced buffer when dumping environment
variables. [EN-09:01]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-09:06.ktimer
Errata: FreeBSD-EN-09:01.kenv
Notes:
svn path=/releng/7.1/; revision=190301
|
|
|
|
|
|
|
|
| |
Approved by: so (cperciva)
Security: FreeBSD-SA-09:05.telnetd
Notes:
svn path=/releng/7.1/; revision=188699
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].
Security: FreeBSD-SA-09:03.ntpd
Security: FreeBSD-SA-09:04.bind
Obtained from: ISC [SA-09:04]
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=187194
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
Notes:
svn path=/releng/7.1/; revision=186872
|
|
|
|
|
|
|
|
| |
Spotted by: mtm
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186676
|
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186654
svn path=/release/7.1.0/; revision=186660; tag=release/7.1.0
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186653
|
|
|
|
|
|
|
|
|
|
|
|
| |
r181796 -> r186637 errata/article.sgml
r185258 -> r186206 hardware/article.sgml
r185258 -> r186643 relnotes/article.sgml
Submitted by: delphij
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186652
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186646
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186643
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186639
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186638
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186637
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SA-08:05.openssh,
SA-08:06.bind,
SA-08:07.amd64,
SA-08:08.nmount,
SA-08:09.icmp6,
SA-08:10.nd6,
SA-08:11.arc4random,
SA-08:12.ftpd,
SA-08:13.protosw,
clock id CLOCK_THREAD_CPUTIME_ID added,
cpuset(2) added,
DTrace framework and dtrace(1),
ddb(4) capture, ex /S command, show conifhk added,
fcntl F_DUP2FD,
linux(4) sched_setaffinity() and get_setaffinity(),
in-kernel NFSLOCKD,
textdump,
ULE enabled by default,
wait4(2) WNOWAIT and WSTOPPED added,
CPU binding of interrupts on amd64,i386,sparc64,
kern.features.compat_freebsd[456] sysctls,
BTX USB drive issue fixed,
gptboot boot loader,
kbdmux(4) on sparc64,
nvram(4) MPSAFE,
puc(4) PUC_FASTINTR option removed,
psm(4) Synaptics detection changed,
agp(4) G33/G45 support,
dpms(4) added for suspend/resume support,
DRM supports i915 GME devices,
hme(4) improved,
ixgbe(4) updated to 1.6.2,
auto-negotiation issue in some PHYs in miibus(4) fixed,
workaround of msk(4) checksum offload issue added,
ndis(4) improved,
sf(4) improved,
stge(4) WOL support,
vr(4) improved,
wpi(4) improved,
arp(8) reject/blackhole keywords added,
bpf(4) ioctl BIOCSETFNR added,
if_bridge(4) ifmaxaddr parameter added,
carp(4) stability fix,
dummynet(4) fast mode,
enc(4) inner/outer header selection for firewall or bpf(4) via sysctl,
gre(4) GRE key support,
ipsec(4) PMTU issue fixed,
netatm removed,
ng_nat(4) redirect support,
ng_pptpgre(4) multiple hook support,
resolver(3) underscore support,
TCP_CONGESTION socket option for TCP socket,
rwlock(9) now used in various network stack,
aac(4) >2TB array support,
ata(4) 80pin cable check sysctl added,
ata(4) ServerWorks HT1000 chipset issue fixed,
ciss(4) ADAPTER HEARTBEAT FAILED issue fixed,
geom_part kernel module support,
geom_linux_lvm kernel module support,
iir(4) stability fix,
mpt(4) mpt_user personality added,
rr232x(4) removed in favor of hptrr(4),
twa(4) stability fix,
fdescfs(5) MPSAFE,
gpart(8) BSD and VTOC8 support,
gvinum(8) volume parameter support when a plex created,
unionfs(7) pathname lookup issue of UNIX domain socket fixed,
atacontrol(8) spindown command added,
chflags(1) -v, -f, -h options added,
cp(1) -a added,
cp(1) ACL bug fixed,
cron(8) -m flag added,
dhclient(8) more options added,
dhclient(8) is_default_interface() function added,
dhclient(8) default route handling bug fixed,
environ(7) unsetting detection improved,
fdisk(8) -q flag added,
fetch(1) NO_PROXY added,
ffsll(3) and flsll(3) added,
fortune(6) FORTUNE_PATH added,
fortune(6) an issue of -e with multiple files fixed,
freebsd-update.conf(5) IDSIgnorePaths added,
fwcontrol(8) -f node option added,
gcc(1) -mcpu support on sparc64,
gpt(8) ZFS support,
ifconfig(8) WPS IE support,
kgdb(1) add-kld command, kld shared-lib backend support, tid command,
kvm_getcptime(3) added,
libalias PORT/EPRT of FTP command in lowercase support,
man(1) bzip2-compressed manual page support,
mdconfig(8) -v added,
memrchr(3) added,
morse(6) grammar fix,
mountd(8) -h added,
moused(8) -L added,
mv(1) POSIX comformance improved,
periodic(8) daily_status_mail_rejects_shorten added,
ping6(8) exit status change,
ping6(8) -o, -r, -R added,
ping6(8) minimum allowed interval changed,
rfcomm_pppd(8) -D added,
sdpd(8) NAP, GN, PANU profiles added,
setkey(8) esp keyword support,
telnetd(8) -a off bugfix,
top(1) and vmstat(8) -P flag added,
traceroute(8) -a for AS number lookup added,
uuid_{enc,dec}_{be,le}(3) functions added,
watch(8) >10 snp(4) devices support,
ypserv(8) -P added,
rc.d var dummynet_enable added,
a bug in rc.d/ntpd when no configuration has been fixed,
rc.d/ppp multiple instances support,
rc.d/sysctl /etc/sysctl.conf.local support,
rc.firewall setting in rc.conf,
am-utils 6.1.5,
ISC BIND 9.4.2-P2,
bzip2 1.0.5,
CVS 1.11.22.1,
hostapd 0.5.10 + radius ACL support,
libarchive 2.5.5,
ncurses 5.6-20080503,
NTP 4.2.4p5,
resolver library to ISC BIND 9.4.3,
timezone database tzdata2008h,
wpa_supplicant 0.5.10 + syslog support, and
KDE 3.5.10.
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186636
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186635
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186634
|
|
|
|
|
|
|
| |
Approved by: re@ (kensmith)
Notes:
svn path=/releng/7.1/; revision=186596
|
|
|
|
|
|
|
| |
Approved by: re@ (kensmith)
Notes:
svn path=/releng/7.1/; revision=186595
|
|
|
|
|
|
|
|
|
| |
support.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186552
|
|
|
|
|
|
|
|
|
| |
previous state due to some late problem reports on -stable@.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186551
|
|
|
|
|
|
|
| |
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186550
|
|
|
|
|
|
|
|
|
|
|
| |
- correct variable name
PR: docs/129448
Submitted by: Kenyon Ralph <kralph@gmail.com>
Approved by: re@ (kensmith)
Notes:
svn path=/releng/7.1/; revision=186548
|
|
|
|
|
|
|
|
|
| |
BCM5709/5716 support.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186534
|
|
|
|
|
|
|
|
|
|
|
|
| |
184826. Some pending reliability changes needs to be tested throughly and
it does not seem to be a good idea to ship the current state of bce(4)
with the release. Thanks for everyone who provided testing and sorry for
the mess.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186533
|
|
|
|
|
|
|
|
|
|
| |
Disable the pccard, parallel, GbE and wireless lan related devices
to decrease a kernel size.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186410
|
|
|
|
|
|
|
| |
Approved by: re (implicit)
Notes:
svn path=/releng/7.1/; revision=186408
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch
code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
Notes:
svn path=/releng/7.1/; revision=186405
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of FreeBSD.
These changes provide the following features:
Allow users of more than one Firewire board to execute commands
Allow users to pass more than one command line argument at a time
Provide NetBSD code support
Cleanup Mergeinfo and mark the branch in sync
Reviewed by: slong (scottl@samsco.org) Mentor
Approved by: re Ken (kensmith@cse.buffalo.edu)
Notes:
svn path=/releng/7.1/; revision=186388
|
|
|
|
|
|
|
|
|
|
|
| |
parent...
PR: kern/126850
Reviewed by: EvilSam
Approved by: re
Notes:
svn path=/releng/7.1/; revision=186377
|
|
|
|
|
|
|
| |
Approved by: re (kib)
Notes:
svn path=/releng/7.1/; revision=186369
|
|
|
|
|
|
|
|
| |
Approved by: re (kib)
Reminded by: kensmith
Notes:
svn path=/releng/7.1/; revision=186367
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we are maintaining the reference count on the route eliminating
another:
rtfree: 0xc841ee88 has 1 refs
Reviewed by: bz
Approved by: re@ (gnn)
Notes:
svn path=/releng/7.1/; revision=186364
|
|
|
|
|
|
|
|
|
|
|
| |
Do not segfault when procstat -f or procstat -v is called on a process not
owned by the current user. If kinfo_getfile() or kinfo_getvmmap() return
NULL, simply exit, and do not try and derefernce the memory.
Approved by: re (kib)
Notes:
svn path=/releng/7.1/; revision=186340
|
|
|
|
|
|
|
|
|
|
|
| |
Initialize the cntp pointer to 0 prior to doing any work so that callers
don't try to iterate through garbage or NULL memory. Additionally, return
NULL instead of 0 on error.
Approved by: re (kib)
Notes:
svn path=/releng/7.1/; revision=186339
|
|
|
|
|
|
|
|
|
|
| |
Reference the vmspace of the process being inspected by procfs, linprocfs
and sysctl kern_proc_vmmap handlers.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186329
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The userland_sysctl() function retries sysctl_root() until returned
error is not EAGAIN. Several sysctls that inspect another process use
p_candebug() for checking access right for the curproc. p_candebug()
returns EAGAIN for some reasons, in particular, for the process doing
exec() now. If execing process tries to lock Giant, we get a livelock,
because sysctl handlers are covered by Giant, and often do not sleep.
Break the livelock by dropping Giant and allowing other threads to
execute in the EAGAIN loop.
This commit does not merge the following change, as was discussed with jhb:
[Also, do not return EAGAIN from p_candebug() when process is executing,
use more appropriate EBUSY error.]
MFC r185987:
Uio_yield() already does DROP_GIANT/PICKUP_GIANT, no need to repeat this
around the call.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186328
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make two style changes to create new commit and document proper commit
message for r185765.
Commit message for r185765 should be:
In procfs map handler, and in linprocfs maps handler, do not call
vn_fullpath() while having vm map locked. This is done in anticipation
of the vop_vptocnp commit, that would make vn_fullpath sometime
acquire vnode lock.
Also, in linprocfs, maps handler already acquires vnode lock.
MFC r185864:
Relock user map earlier, to have the lock held when break leaves the
loop earlier due to sbuf error.
Approved by: re (kensmith)
Notes:
svn path=/releng/7.1/; revision=186327
|