FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F8.3 2014-04-30T04:05:47Z 2014-04-30T04:05:47Z Xin LI delphij@FreeBSD.org 2014-04-30T04:05:47Z urn:sha1:4ff0eebe6394759f3658bfdb1623149ebbd810ea Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Approved by: so 2014-04-08T23:16:05Z Xin LI delphij@FreeBSD.org 2014-04-08T23:16:05Z urn:sha1:a6ec1268220db10ca6e5843572ba73d1a24b88fa Fix ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so 2014-01-14T19:42:28Z Xin LI delphij@FreeBSD.org 2014-01-14T19:42:28Z urn:sha1:b7f8c89c6acfbc5d217329d395fa168a037f6c45 Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02] Approved by: so 2013-11-28T22:12:48Z Xin LI delphij@FreeBSD.org 2013-11-28T22:12:48Z urn:sha1:a57976ab1274f11075cb35020a7729c9a675bb44 Fix typo in r256646: We want to generate lists of directories in INDEX-OLD and INDEX-NEW and compare them, not generate the same list of directories from INDEX-OLD twice... Pointy hats to: cperciva & everybody who didn't proofread EN-13:04 enough Errata Notice: FreeBSD-EN-13:05.freebsd-update Approved by: so 2013-10-26T20:01:00Z Xin LI delphij@FreeBSD.org 2013-10-26T20:01:00Z urn:sha1:f90bf372e7310ab1d65419edb107387236d3e5c0 When installing updates, install new directories first and remove old directories last. Allow ~ in file names so libtool droppings in contrib don't break updates. It has happened twice now, and is likely to happen again. Be more selective when filtering for lib*.so.N files. These are deleted at the end of the upgrade process, after warning users to upgrade any 3rd party software (e.g., from the ports tree) which might link to the libraries being removed. Errata Notice: FreeBSD-EN-13:04.freebsd-update Approved by: so 2013-09-10T10:13:14Z Dag-Erling Smørgrav des@FreeBSD.org 2013-09-10T10:13:14Z urn:sha1:7a0109492beceecbaa84a70be78e95fcd2caf6e2 and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] Security: CVE-2013-5691 Security: FreeBSD-SA-13:12.ifioctl Security: CVE-2013-5710 Security: FreeBSD-SA-13:13.nullfs Approved by: so 2013-08-22T00:51:56Z Xin LI delphij@FreeBSD.org 2013-08-22T00:51:56Z urn:sha1:e72a33b081cc5ff2ccfbeb6eb899e5cd3112528b can result in a buffer which is too small for the requested operation. [13:09] Fix a bug that could lead to kernel memory disclosure with SCTP state cookie. [13:10] Security: CVE-2013-3077 Security: FreeBSD-SA-13:09.ip_multicast Security: CVE-2013-5209 Security: FreeBSD-SA-13:10.sctp Approved by: so 2013-07-29T19:50:30Z Xin LI delphij@FreeBSD.org 2013-07-29T19:50:30Z urn:sha1:4a5eb317bb06df4148335a805dd4b0fce1e27437 Pointy hat to: delphij Approved by: so 2013-07-26T22:40:29Z Xin LI delphij@FreeBSD.org 2013-07-26T22:40:29Z urn:sha1:9657f3ce711ebb8bea05edb9d6e7dc6efa718c31 access checks when when -network or -host restrictions are used at the same time with -mapall. [13:08] Security: CVE-2013-4851 Security: FreeBSD-SA-13:08.nfsserver Approved by: so 2013-04-29T21:10:53Z Dag-Erling Smørgrav des@FreeBSD.org 2013-04-29T21:10:53Z urn:sha1:7b2279e03171c5117beda22b3fc1cae65d6a6f56 (files missing from previous commit) PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so