| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
| |
|
|
|
| |
Submitted by: Dexuan Cui <decui microsoft.com>, gjb
Approved by: so
|
| |
|
|
|
|
|
| |
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
|
| |
|
|
|
| |
Security: FreeBSD-SA-16:24.ntp
Approved by: so
|
| |
|
|
|
|
|
|
| |
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
|
| |
|
|
|
|
|
|
|
| |
Backport security fix for absolute path traversal
vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
|
| |
|
|
|
|
|
|
|
|
| |
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
| |
10.3-RELEASE builds.
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grdc(6) 12-hour mode fixed,
inetd(8) crash with IPv6 address fixed,
netstat(1) statistics counter divided by 1024 fixed,
rc.d/netif now updates only static routes,
vt(4) kern.vt.bell_enable,
puc(4) MSI support,
epair(4) and lagg(4) cloner vnet jail support,
epair(4) panic fixed,
lagg(4) per-interface sysctl nodes replaced with ifconfig flags,
lagg(4) panic fixed,
SIOCGDRLST_IN6 and SIOCGPRLST_IN6 ioctls removed.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
| |
reword description about ar -D/-U option,
camcontrol(8) fwdonwload improvements,
pkill -j jailname support,
timeout(1) added,
ypinit(8) eui64 NIS map,
kern.features.invariants sysctl added.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
last reboot now works again,
mv(1) return value has been fixed,
mkimg(1) dynamic VHD format fixed,
pw(8) userdel/usermod -y option,
watchdogd(8) -x option added,
rc.firewall now uses ipfw tables when firewall_type="SIMPLE",
imxwdt driver fixed,
uart(4) PPS polarity fixed,
user(4) dev.uart.pps_mode added,
uftdi(4) new ioctls to read/write eeprom,
legacy ata(4) drivers removed.
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix typos.
- Update relnotes items:
ctladm(8) return value bugfix,
ifconfig -v now displays SFP/SFP+ data,
add updstream changeset id to the libarchive(3) improvement,
vt(4) ALT_BREAK_TO_DEBUGGER support added,
thread_create() API added,
pms(4) removed from GENERIC for amd64/i386,
kern.racct.enable fixed,
cxgbe(4) firmware updated to 1.14.4.0,
pf(4) logging issue fixed,
LLENTRY_DELETED event in NDP fixed.
- Edit items:
s/Timezone data files/Time zone database/,
-manage-gids flag is for nfsuserd, not nfsd.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r296416 (head) and r296969 (stable/10) respectively. With SAVESIGVEC
enabled, csh(1) and tcsh(1) leak signal masks after spawning external
commands. This causes strange effects like for example SIGTERM not
being delivered to rc(8) scripts on shutdown albeit these use sh(1),
if csh(1) or tcsh(1) are used as login shell of root. As such r296976
causes way more problems than it solves.
It is anticipated that a proper changeset for the original problem
will be issued as an Errata Notice post-10.3-RELEASE.
PR: 208132
Approved by: re (gjb)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
| |
Remove 50% ZFS conditional from bsdinstall/zfsboot
PR: 208094
Approved by: re (marius)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
| |
Signal handling within tcsh vfork code path will conflict with some system
libraries (such as libthr) which maintain their own signal state. This
change adds the tcsh SAVESIGVEC option to save and restore the sigvecs for
the signals the child modifies before it execs.
Reviewed by: kib, rwatson
Reported by: kib
Approved by: re
|
| |
|
|
|
|
|
|
|
|
|
| |
Due to invalid use of a signed intermediate value in the bounds checking
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.
Submitted by: CORE Security
Patch by: kib
Security: SA-16:15
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
| |
Require firewall setup before running rc.d/netwait, otherwise the ping
packets sent by netwait may not get through.
PR: 207916
Approved by: re (marius)
|
| |
|
|
|
|
| |
Force the desired alignment of the user save area.
Approved by: re (marius)
|
| |
|
|
|
|
|
| |
Filemon: Attach from the child to avoid racing with the parent attach.
Relnotes: yes
Approved by: re (marius)
|
| |
|
|
|
|
|
|
| |
MFC r296542: Load linux64 module for amd64 if Linux abi enabled.
Reviewed by: emaste@
Approved by: re (marius)
Differential Revision: https://reviews.freebsd.org/D5567
|
| |
|
|
|
|
|
|
| |
Adjust _callout_stop_safe() return value for the subr_sleepqueue.c needs
when migrating callout was blocked, but running one was not.
PR: 200992
Approved by: re (marius)
|
| |
|
|
|
|
| |
Submitted by: Harald Schmalzbauer
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
| |
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
