aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add UPDATING entry and bump versionreleng/12.1Ed Maste2021-01-292-1/+14
| | | | Approved by: so
* xen: allow limiting the amount of duplicated pending xenstore watchesRoger Pau Monné2021-01-297-4/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xenstore watches received are queued in a list and processed in a deferred thread. Such queuing was done without any checking, so a guest could potentially trigger a resource starvation against the FreeBSD kernel if such kernel is watching any user-controlled xenstore path. Allowing limiting the amount of pending events a watch can accumulate to prevent a remote guest from triggering this resource starvation issue. For the PV device backends and frontends this limitation is only applied to the other end /state node, which is limited to 1 pending event, the rest of the watched paths can still have unlimited pending watches because they are either local or controlled by a privileged domain. The xenstore user-space device gets special treatment as it's not possible for the kernel to know whether the paths being watched by user-space processes are controlled by a guest domain. For this reason watches set by the xenstore user-space device are limited to 1000 pending events. Note this can be modified using the max_pending_watch_events sysctl of the device. This is XSA-349. Sponsored by: Citrix Systems R&D MFC after: 3 days (cherry picked from commit 4e4e43dc9e1afc863670a031cc5cc75eb5e668d6) (cherry picked from commit 2d194dc219892049dd03564c4083080cac1aa688) Approved by: so Security: XSA-349, CVE-2020-29568
* xen/xenstore: remove unused functionsRoger Pau Monné2021-01-292-98/+0
| | | | | | | | | | | | Those helpers are not used, so remove them. No functional change. Sponsored by: Citrix Systems R&D MFC after: 3 days (cherry picked from commit 2ae75536d370c238f77ad09e5e994d2b8bdf010c) (cherry picked from commit af4ed05c3dd25c957b657f92f953bd9f00f818a8) Approved by: so
* msdosfs: Fix a leak of dirent padding bytesMark Johnston2021-01-291-0/+1
| | | | | | | | | | | | | | This was missed in r340856 / commit 6d2e2df764199f0a15fd743e79599391959cc17d. Three bytes from the kernel stack may be leaked when reading directory entries. Reported by: Syed Faraz Abrar <faraz@elttam.com> (cherry picked from commit 599f90446376370eb365a0fde857ea2b5766873a) (cherry picked from commit 5ece34669c27a61f78cd0f6e0759c17f7787aebb) Approved by: so Security: CVE-2020-25579
* Ensure that dirent's d_off field is initializedMark Johnston2021-01-294-18/+36
| | | | | | | | | | | | | | | We have the d_off field in struct dirent for providing the seek offset of the next directory entry. Several filesystems were not initializing the field, which ends up being copied out to userland. Reported by: Syed Faraz Abrar <faraz@elttam.com> Reviewed by: kib (cherry picked from commit 90f580b954090e669da234f6c8e8d0379ff9d8bc) (cherry picked from commit acaac0eefa1f2675dfc49faa077e3fb10949d540) Approved by: so Security: CVE-2020-25578
* MFC r368237: if: Fix panic when destroying vnet and epair simultaneouslyKristof Provost2021-01-292-67/+104
| | | | | | | | | | | | | | | | When destroying a vnet and an epair (with one end in the vnet) we often panicked. This was the result of the destruction of the epair, which destroys both ends simultaneously, happening while vnet_if_return() was moving the struct ifnet to its home vnet. This can result in a freed ifnet being re-added to the home vnet V_ifnet list. That in turn panics the next time the ifnet is used. Prevent this race by ensuring that vnet_if_return() cannot run at the same time as if_detach() or epair_clone_destroy(). PR: 238870, 234985, 244703, 250870 Sponsored by: Modirum MDPay Approved by: so
* contrib/tzdata: import tzdata 2021aPhilip Paeps2021-01-295-10/+24
| | | | | | | | | | | Merge commit '4cd7e1071de16a7392b0e466287f13e9e6f2081a' Changes: https://github.com/eggert/tz/blob/2021a/NEWS (cherry picked from commit 8c5bef2eb24cb191c87712a56a9860d8c29415a0) (cherry picked from commit 085997e8f05e69c66a8ffc0804b275a386ba1ca8) Approved by: so
* MFC: contrib/tzdata: import tzdata 2020fPhilip Paeps2021-01-294-6/+18
| | | | | | | | | | | Merge commit '96b88ac701b35ce68425046d4be8f51cb75b5d5b' into main Changes: https://github.com/eggert/tz/blob/2020f/NEWS (cherry picked from commit e35a01eec6926bfb5c088ca8961079b51a067bf3) (cherry picked from commit ce87312019a18e6bd0c97c50e5762b38ffc21e76) Approved by: so
* MFC: contrib/tzdata: import tzdata 2020ePhilip Paeps2021-01-2916-171/+815
| | | | | | | | | Changes: https://github.com/eggert/tz/blob/2020e/NEWS (cherry picked from commit dc505d53dcc15636aea9df8c03298f8c32147fa9) (cherry picked from commit 1a8f8af03320165b33526d44de4f12360aa5440a) Approved by: so
* Fix OpenSSL NULL pointer de-reference.Gordon Tetlow2020-12-088-11/+94
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:33.openssl Security: CVE-2020-1971 Notes: svn path=/releng/12.1/; revision=368463
* Add UPDATING entries and bump version.Gordon Tetlow2020-12-012-1/+11
| | | | | | | Approved by: so Notes: svn path=/releng/12.1/; revision=368257
* Fix multiple vulnerabilities in rtsold.Gordon Tetlow2020-12-011-6/+18
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:32.rtsold Security: CVE-2020-25577 Notes: svn path=/releng/12.1/; revision=368256
* Fix ICMPv6 use-after-free in error message handling.Gordon Tetlow2020-12-011-9/+4
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:31.icmp6 Security: CVE-2020-7469 Notes: svn path=/releng/12.1/; revision=368255
* Fix race condition in callout CPU migration.Gordon Tetlow2020-12-011-2/+2
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:22.callout Notes: svn path=/releng/12.1/; revision=368254
* Update timezone database information.Gordon Tetlow2020-12-0119-336/+640
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:20.tzdata Notes: svn path=/releng/12.1/; revision=368251
* Fix execve/fexecve system call auditing.Gordon Tetlow2020-12-017-0/+27
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:19.audit Notes: svn path=/releng/12.1/; revision=368249
* Add UPDATING entries and bump version.Gordon Tetlow2020-09-152-1/+15
| | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Notes: svn path=/releng/12.1/; revision=365782
* Fix ftpd privilege escalation via ftpchroot.Gordon Tetlow2020-09-151-4/+11
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:30.ftpd Security: CVE-2020-7468 Notes: svn path=/releng/12.1/; revision=365781
* Fix bhyve SVM guest escape.Gordon Tetlow2020-09-151-2/+11
| | | | | | | | | | | | | This actually has a patch to sys/amd64/vmm/amd/svm.c that was accidentally committed as part of r365779. Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:29.bhyve_svm Security: CVE-2020-7467 Notes: svn path=/releng/12.1/; revision=365780
* Fix bhyve privilege escalation via VMCS access.Gordon Tetlow2020-09-152-36/+72
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:28.bhyve_vmcs Security: CVE-2020-24718 Notes: svn path=/releng/12.1/; revision=365779
* Fix ure device driver susceptible to packet-in-packet attack.Gordon Tetlow2020-09-151-3/+4
| | | | | | | | | | Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464 Notes: svn path=/releng/12.1/; revision=365778
* Add UPDATING entries and bump version.Gordon Tetlow2020-09-022-1/+11
| | | | | | | Approved by: so Notes: svn path=/releng/12.1/; revision=365258
* Fix dhclient heap overflow.Gordon Tetlow2020-09-021-0/+2
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:26.dhclient Security: CVE-2020-7461 Notes: svn path=/releng/12.1/; revision=365257
* Fix SCTP socket use-after-free.Gordon Tetlow2020-09-026-25/+56
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:25.sctp Security: CVE-2020-7463 Notes: svn path=/releng/12.1/; revision=365256
* Fix FreeBSD Linux ABI kernel panic.Gordon Tetlow2020-09-021-14/+26
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:17.linuxthread Notes: svn path=/releng/12.1/; revision=365253
* Add UPDATING entries and bump version.Gordon Tetlow2020-08-052-1/+14
| | | | | | | Approved by: so Notes: svn path=/releng/12.1/; revision=363924
* Fix sendmsg(2) privilege escalation.Gordon Tetlow2020-08-051-57/+69
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:23.sendmsg Security: CVE-2020-7460 Notes: svn path=/releng/12.1/; revision=363923
* Fix multiple vulnerabilities in sqlite3.Gordon Tetlow2020-08-0511-8628/+15508
| | | | | | | | | | | | | | | Approved by: so Security: FreeBSD-SA-20:22.sqlite Security: CVE-2020-11655 Security: CVE-2020-11656 Security: CVE-2020-13434 Security: CVE-2020-13435 Security: CVE-2020-13630 Security: CVE-2020-13631 Security: CVE-2020-13632 Notes: svn path=/releng/12.1/; revision=363922
* Fix memory corruption in USB network device drivers.Gordon Tetlow2020-08-053-8/+33
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:21.usb_net Security: CVE-2020-7459 Notes: svn path=/releng/12.1/; revision=363921
* Fix vmx driver packet loss and degraded performance.Gordon Tetlow2020-08-051-1/+1
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:16.vmx Notes: svn path=/releng/12.1/; revision=363920
* Add UPDATING entries and bump version.Gordon Tetlow2020-07-082-1/+17
| | | | | | | Approved by: so Notes: svn path=/releng/12.1/; revision=363030
* Fix multiple vulnerabilities in unbound.Gordon Tetlow2020-07-08168-3253/+12045
| | | | | | | | | | Approved by: so Security: FreeBSD-SA-20:19.unbound Security: CVE-2020-12662 Security: CVE-2020-12663 Notes: svn path=/releng/12.1/; revision=363029
* Fix IPv6 socket option race condition and use after free.Gordon Tetlow2020-07-081-2/+7
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:20.ipv6 Security: CVE-2020-7457 Notes: svn path=/releng/12.1/; revision=363026
* Fix kernel panic in mps(4) driver.Gordon Tetlow2020-07-081-3/+5
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:15.mps Notes: svn path=/releng/12.1/; revision=363024
* Fix kernel panic in LinuxKPI subsystem.Gordon Tetlow2020-07-081-0/+3
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:14.linuxpki Notes: svn path=/releng/12.1/; revision=363023
* Fix host crash in bhyve with PCI device passthrough.Gordon Tetlow2020-07-084-44/+132
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:13.bhyve Notes: svn path=/releng/12.1/; revision=363022
* Add UPDATING entries and bump version.Gordon Tetlow2020-06-092-1/+11
| | | | | | | | Approved by: so Approved by: re (implicit) Notes: svn path=/releng/12.1/; revision=361973
* Fix USB HID descriptor parsing error.Gordon Tetlow2020-06-092-42/+44
| | | | | | | | | | Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:17.usb Security: CVE-2020-7456 Notes: svn path=/releng/12.1/; revision=361972
* Fix iflib watchdog timeout resetting idle queues.Gordon Tetlow2020-06-091-1/+4
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:12.iflib Notes: svn path=/releng/12.1/; revision=361971
* Fix stability issues in ena(4) driver.Gordon Tetlow2020-06-092-7/+26
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:11.ena Notes: svn path=/releng/12.1/; revision=361970
* Add UPDATING entries and bump version.Gordon Tetlow2020-05-122-1/+23
| | | | | | | | Approved by: so Approved by: re (implicit) Notes: svn path=/releng/12.1/; revision=360978
* Fix insufficient cryptodev MAC key length check.Gordon Tetlow2020-05-121-2/+2
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:16.cryptodev Security: CVE-2019-15880 Notes: svn path=/releng/12.1/; revision=360977
* Fix use after free in cryptodev module.Gordon Tetlow2020-05-121-24/+36
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:15.cryptodev Security: CVE-2019-15879 Notes: svn path=/releng/12.1/; revision=360976
* Fix memory disclosure vulnerability in libalias.Gordon Tetlow2020-05-121-1/+2
| | | | | | | | | | Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455 Notes: svn path=/releng/12.1/; revision=360974
* Fix insufficient packet length validation in libalias.Gordon Tetlow2020-05-121-3/+34
| | | | | | | | | | Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:12.libalias Security: CVE-2020-7454 Notes: svn path=/releng/12.1/; revision=360972
* Fix igb interfaces failing to switch to inactive state.Gordon Tetlow2020-05-121-25/+25
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:09.igb Notes: svn path=/releng/12.1/; revision=360970
* Update to tzdata 2020a.Gordon Tetlow2020-05-1215-146/+420
| | | | | | | | Approved by: so Security: EN-20:08.tzdata Notes: svn path=/releng/12.1/; revision=360969
* MF10 r352637,r358076: correct Clang and lld version checksEd Maste2020-04-292-3/+3
| | | | | | | | | | | | | | | | | | | | | r352637 (mhorne): Allow for compiler versions >= 10 r358076 (dim): Correctly recognize linker versions greater than 10.0. These routines determine the host compiler and linker version, and caused attempts to build 12.1-RELEASE on 13-CURRENT to fail after the latter was updated to Clang 10. We don't guarantee such a build config to work, but it is used by FreeBSD ports build processes. As a result the fixes from stable/12 will be included with the next set of advisories, and are being committed to the branch now to unblock ports builds. PR: 245973 Reported by: sbruno, antoine Approved by: so Errata: EN-20:10.build Sponsored by: The FreeBSD Foundation Notes: svn path=/releng/12.1/; revision=360473
* Add UPDATING entries and bump version.Gordon Tetlow2020-04-212-1/+11
| | | | | | | Approved by: so Notes: svn path=/releng/12.1/; revision=360151
* Fix OpenSSL remote denial of service vulnerability.Gordon Tetlow2020-04-211-1/+1
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:11.openssl Security: CVE-2020-1967 Notes: svn path=/releng/12.1/; revision=360150
generated by cgit v1.3 (git 2.53.0) at 2026-05-30 13:17:24 +0000