| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:33.openssh
Security: FreeBSD-SA-16:35.openssl
Approved by: so
|
| |
| |
| |
| |
| |
| |
| | |
based on passing incorrect parameters to sysarch(2).
Security: SA-16:15
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to increased parallelism and optimizations in several parts of the
system, the previously latent bugs in VM become much easier to trigger,
affecting a significant number of the FreeBSD users. The exact technical
details of the issues are provided in the commit messages of the merged
revisions, which are listed below with short summaries.
r301184 prevent parallel object collapses, fixes object lifecycle
r301436 do not leak the vm object lock, fixes overcommit disable
r302243 avoid the active object marking for vm.vmtotal sysctl, fixes
"vodead" hangs
r302513 vm_fault() race with the vm_object_collapse(), fixes spurious
SIGSEGV
r303291 postpone BO_DEAD, fixes panic on fast vnode reclaim
Approved by: so
|
| |
| |
| |
| |
| |
| |
| | |
The three files affected were tests and aren't normally built so this
had no user-facing effect in the normal case.
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted
packet problem and the panic (triggered easly with low RAM) as explain in PR
185633.
bridge_pfil and bridge_fragment relationship:
bridge_pfil() receive (IN direction) packets and sent it to the firewall The
firewall can be configured for reassembling fragmented packet (like pf'scrubing)
in one mbuf chain when bridge_pfil() need to send this reassembled packet to the
outgoing interface, it needs to re-fragment it by using bridge_fragment()
bridge_fragment() had to split this mbuf (using ip_fragment) first then
had to M_PREPEND each packet in the mbuf chain for adding Ethernet
header.
But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain,
then the "main" pointer of this mbuf chain should be updated and this case is
tottaly forgotten. The original bridge_fragment code (Revision 158140,
2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(),
then the original OpenBSD code can't work as-it of FreeBSD.
PR: 185633
Submitted by: Olivier Cochard-Labbé
Differential Revision: https://reviews.freebsd.org/D7780
(cherry picked from commit a8a1202774e288fb88de8422397f7ff398f7e3fb)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pf: Map hook returns onto the correct error values
pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers
expect to get E<foo> error codes.
Map the returns values. A pass is 0 (everything is OK), anything else means
pf ate the packet, so return EACCES, which tells the stack not to emit an ICMP
error message.
PR: 207598
(cherry picked from commit 26d31e281678303d3071eb6fbac74b22036f44c5)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| | |
Submitted by: svenauhagen at github
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
(cherry picked from commit aa0f947239bb1137e935d123012dedab216cca27)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
| |
| |
| |
| |
| | |
Submitted by: Dexuan Cui <decui microsoft.com>, gjb
Approved by: so
|
| |
| |
| |
| |
| |
| |
| | |
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
|
| |
| |
| |
| |
| |
| | |
Hyper-V. Ticket #6446"
This reverts commit 95be4fb0378e88b4a64a2da93e8ef4611475a916.
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
Security: FreeBSD-SA-16:24.ntp
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Backport security fix for absolute path traversal
vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
|
| |
| |
| |
| | |
Ticket #6446
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the default case fix the substitution of the destination address.
PR: 201519
Submitted by: Max <maximos@als.nnov.ru>
MFC after: 1 week
(cherry picked from commit 7ddccc27cd3b8cf9bef3dd5b7b71c8b82e914386)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix ICMP source address rewriting in rdr scenarios.
PR: 201519
Submitted by: Max <maximos@als.nnov.ru>
MFC after: 1 week
(cherry picked from commit e155a36ec0418be0b8147484b0644e5e50ab7d25)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
netipsec: Don't leak memory when deep copy fails
Reported by: Coverity
CID: 1331693
Sponsored by: EMC / Isilon Storage Division
TAG: IPSEC-HEAD
(cherry picked from commit 736b7527cfdc5c4f0f0a91ddfaef07ea86ea0e58)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Handle non-compressed packets for IPComp in tunnel mode.
RFC3173 says that the IP datagram MUST be sent in the original
non-compressed form, when the total size of a compressed payload
and the IPComp header is not smaller than the size of the original
payload. In tunnel mode for small packets IPComp will send
encapsulated IP datagrams without IPComp header.
Add ip_encap handler for IPPROTO_IPV4 and IPPROTO_IPV6 to handle
these datagrams. The handler does lookup for SA related to IPComp
protocol and given from mbuf source and destination addresses as
tunnel endpoints. It decapsulates packets only when corresponding SA
is found.
Reported by: gnn
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D6062
r298536:
Use ipsec_address() function to print IP addresses.
r298549:
Fix build for NOINET and NOINET6 kernels.
Use own protosw structures for both address families.
Check proto in encapcheck function and use -1 as proto argument in
encap_attach_func(), both address families can have IPPROTO_IPV4
and IPPROTO_IPV6 protocols.
Reported by: bz
TAG: IPSEC-HEAD
(cherry picked from commit a1d2523e7f503ed719420848cc61de12bdf8ab4f)
|
| |
| |
| |
| |
| |
| |
| | |
Remove stale function declaration
TAG: IPSEC-HEAD
(cherry picked from commit 7ff0706b79fc0d3f97d53c00e0cbd6e90a9c4204)
|
| |
| |
| |
| |
| |
| |
| | |
Constify mbuf pointer for IPSEC functions where mbuf isn't modified.
TAG: IPSEC-HEAD
(cherry picked from commit 9570d79d4a30dcd428dd55f2f996c1090c777c52)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
aesni(4): Initialize error before use
Reported by: Coverity
CID: 1331554
Sponsored by: EMC / Isilon Storage Division
TAG: IPSEC-HEAD
(cherry picked from commit 0bfe8f207817729d5666bdea8fee38f24eacf67e)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
aesni(4): Initialize error before use
Reported by: Coverity
CID: 1331554
Sponsored by: EMC / Isilon Storage Division
TAG: IPSEC-HEAD
(cherry picked from commit 0bfe8f207817729d5666bdea8fee38f24eacf67e)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix handling of net.inet.ipsec.dfbit=2 variable.
IP_DF macro is in host bytes order, but ip_off field is in network bytes
order. So, use htons() for correct check.
TAG: IPSEC-HEAD
(cherry picked from commit a7ce017c2848df1f6ccac912b14d32c38a74c3b8)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Put IPSec's anouncement of its successful intialisation under bootverbose:
now that it's a default kernel option, we don't really need to tell the
world about it on every boot, especially as it won't be used by most users.
TAG: IPSEC-HEAD
(cherry picked from commit 16348e7e1c1d4fb0de01bf45b6646f8a258b613b)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Set tres to NULL to avoid a double free if the m_pullup() below fails.
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5497
TAG: IPSEC-HEAD
(cherry picked from commit b2f9e794c95db742bed25781e3287d5f53111edb)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Break up opencrypto/xform.c so it can be reused piecemeal
Keep xform.c as a meta-file including the broken out bits
existing code that includes xform.c continues to work as normal
Individual algorithms can now be reused elsewhere, including outside
of the kernel
Reviewed by: bapt (previous version), gnn, delphij
Approved by: secteam
MFC after: 1 week
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D4674
TAG: IPSEC-HEAD
(cherry picked from commit 271bb86c6bc2052797fce3ea16d42b3a60ec388c)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement the sadb_x_policy_priority field as it is done in Linux:
lower priority policies are inserted first.
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae
Sponsored by: Stormshield
TAG: IPSEC-HEAD
(cherry picked from commit 25996276a907484d8fc26a6a9a79827367bfcfc0)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use explicitly specified ivsize instead of blocksize when we mean IV size.
Set zero ivsize for enc_xform_null and remove special handling from
xform_esp.c.
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D1503
TAG: IPSEC-HEAD
(cherry picked from commit c23a05e2de0834d542caafe185dcb440b47051a5)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Take extra reference to security policy before calling crypto_dispatch().
Currently we perform crypto requests for IPSEC synchronous for most of
crypto providers (software, aesni) and only VIA padlock calls crypto
callback asynchronous. In synchronous mode it is possible, that security
policy will be removed during the processing crypto request. And crypto
callback will release the last reference to SP. Then upon return into
ipsec[46]_process_packet() IPSECREQUEST_UNLOCK() will be called to already
freed request. To prevent this we will take extra reference to SP.
PR: 201876
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
(cherry picked from commit 3e1742ed6cd844d82787f2fa5cd57652805c6b34)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove now unneded KEY_FREESP() for case when ipsec[46]_process_packet()
returns EJUSTRETURN.
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
(cherry picked from commit 197b7eb2f8155f5426a8399ee2316bc6363484bc)
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is mainly provided for debug aid and should not be used in common cases.
The fastforward sysctl is enabled by default.
(cherry picked from commit 15f18a5ce3e8c7bc5a9604d5378609441f680b10)
|
|\ \
| |/ |
|
| |
| |
| |
| | |
Approved by: so
|
| | |
|
| | |
|