FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F10.2 2015-05-21T07:34:08Z 2015-05-21T07:34:08Z Hans Petter Selasky hselasky@FreeBSD.org 2015-05-21T07:34:08Z urn:sha1:11805b5f211e9d97ee9ed914fc98fbdb34b805a0 * Prevent switching to NULL or own window in the "vt_proc_window_switch" function. This fixes an issue where X11 keyboard input can appear stuck. The cause of the problem is a duplicate TTY device window switch IOCTL during boot, which leaves the "vt_switch_timer" running, because the current window is already selected. While at it factor out some NULL checks. * The "SYSCTL_INT()" default value is only used for read only SYSCTLs and is not applicable unless the integer pointer is NULL. Set it to zero to avoid confusion. While at it remove extra semicolon at the end of the "VT_SYSCTL_INT()" macro. * Ensure the result from signed subtraction under modulus does not become negative. PR: 200032 2015-05-12T18:09:54Z Ed Maste emaste@FreeBSD.org 2015-05-12T18:09:54Z urn:sha1:5acdb024a4aa46c7dac2f5a51538ce6f0989ebb8 vt_is_cursor_in_area needs to return true if any part of the mouse cursor is visible in the rectangle area. Replace the existing test with a simpler version of a test for overlapping rectangles. Sponsored by: The FreeBSD Foundation 2015-05-12T18:08:07Z Ed Maste emaste@FreeBSD.org 2015-05-12T18:08:07Z urn:sha1:2a90b298420bb86d1cc3bc778d50dba9684e6294 Previously the mask wrapped when one or more of the mask bytes extended past the right edge of the window. Simplify the logic and use the same byte offset and bit in both the pattern and mask. PR: 199648 Sponsored by: The FreeBSD Foundation 2015-05-11T08:16:33Z Andriy Gapon avg@FreeBSD.org 2015-05-11T08:16:33Z urn:sha1:8ca0170b851857844ee56a43e22a7c7cab200b14 2015-05-11T08:00:16Z Andriy Gapon avg@FreeBSD.org 2015-05-11T08:00:16Z urn:sha1:ec951dc8e086e26e1d75c7babd8d70cad6b53242 2015-04-24T15:32:12Z Ed Maste emaste@FreeBSD.org 2015-04-24T15:32:12Z urn:sha1:dbfeca42d6b8712e21eb26a610d861cc4752cde8 PR: 199438 Sponsored by: The FreeBSD Foundation 2015-02-02T18:48:49Z Xin LI delphij@FreeBSD.org 2015-02-02T18:48:49Z urn:sha1:5f2c3481dff3aedd7d0c13d3e38f09d600451225 Use unsigned int for index value. Without this change a local attacker could trigger a panic by tricking the kernel into accessing undefined kernel memory. We would like to acknowledge Francisco Falcon from CORE Security Technologies who discovered the issue and reported to the FreeBSD Security Team. More information can be found at CORE Security's advisory at: http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities This is an errata candidate for releng/10.1 and releng/9.3. Earlier releases are not affected. Reported by: Francisco Falcon from CORE Security Technologies Security: CVE-2014-0998 Reviewed by: dumbbell 2015-01-11T12:25:10Z Hans Petter Selasky hselasky@FreeBSD.org 2015-01-11T12:25:10Z urn:sha1:c60bf12408c2cfce5952ff6decb8473a868f5519 The "vt_suspend_flush_timer()" function is sometimes called locked which prevents us from doing a "callout_drain()" call. The callout in question has a lock associated with it and we are not freeing the callout. That means we can use the "callout_stop()" function to atomically stop the callback iff the "callout_stop()" function is called locked. This patch applies proper locking to "callout_stop()" and replaces a "callout_drain()" with a "callout_stop()". 2014-11-22T17:47:03Z Jean-Sébastien Pédron dumbbell@FreeBSD.org 2014-11-22T17:47:03Z urn:sha1:2a6c45643d84c21ff473f881f136500558ea7503 Therefore, to set histry size to 2000 lines, add the following line to your kernel configuration file: options SC_HISTORY_SIZE=2000 The default history remains at 500 lines. MFC of: r274117 2014-11-22T17:10:57Z Jean-Sébastien Pédron dumbbell@FreeBSD.org 2014-11-22T17:10:57Z urn:sha1:00209a1f9946ebd067dfe0ee1fdff90495a494c1 The problem was that only the kbdmux keyboard index was saved in vd->vd_keyboard. This index is -1 when kbdmux isn't used. In this case, the keyboard was correctly allocated, but the returned index was discarded. PR: 194718 MFC of: r273973