summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* pf: Fix possible incorrect IPv6 fragmentationRELENG_2_3_3kp2017-04-202-0/+6
| | | | | | | | | | | | | | | | | | | When forwarding pf tracks the size of the largest fragment in a fragmented packet, and refragments based on this size. It failed to ensure that this size was a multiple of 8 (as is required for all but the last fragment), so it could end up generating incorrect fragments. For example, if we received an 8 byte and 12 byte fragment pf would emit a first fragment with 12 bytes of payload and the final fragment would claim to be at offset 8 (not 12). We now assert that the fragment size is a multiple of 8 in ip6_fragment(), so other users won't make the same mistake. Reported by: Antonios Atlasis <aatlasis at secfu net> MFC after: 3 days (cherry picked from commit 4f3397263b95a45dd58e2be3a566029f8841cace)
* Revert "Enable IXGBE_LEGACY_TX when ALTQ is enabled."Renato Botelho2017-03-171-3/+0
| | | | This reverts commit d1a714394f6070ba7c8ce7226c33fa117f2f9c7e.
* Enable IXGBE_LEGACY_TX when ALTQ is enabled.Luiz Otavio O Souza2017-03-161-0/+3
| | | | | | Ticket #7378 (cherry picked from commit f2504b01d55b5cd3c625058869c4b9df1cf4525e)
* Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3_3Renato Botelho2017-02-233-1/+7
|\
| * Fix OpenSSL RC4_MD5 cipher vulnerability.delphij2017-02-233-1/+7
| | | | | | | | Approved by: so
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2017-02-095-10/+54
|\ \ | |/
| * Fix multiple vulnerabilities of OpenSSH.delphij2017-01-115-10/+54
| | | | | | | | | | | | | | Security: FreeBSD-SA-17:01.openssh Security: CVE-2016-10009 Security: CVE-2016-10010 Approved by: so
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2017-01-09215-4769/+15666
|\ \ | |/
| * Fix multiple vulnerabilities of ntp.delphij2016-12-22184-3780/+7378
| | | | | | | | Approved by: so
| * Merge r309688: address regressions in SA-16:37.libc.glebius2016-12-073-7/+10
| | | | | | | | | | | | PR: 215105 Submitted by: <jtd2004a sbcglobal.net> Approved by: so
| * Fix possible login(1) argument injection in telnetd(8). [SA-16:36]glebius2016-12-065-24/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20] Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so
| * Update tzdata to 2016i.glebius2016-12-0526-932/+8215
| | | | | | | | | | | | | | | | | | | | | | | | Note: because of what appears to be a missing MFC to stable branches, these patches were generated by doing: % rsync -av stable/10/contrib/tzdata releng/10.x/contrib/tzdata % svn add releng/10.x/contrib/tzdata Errata Notice: EN-16:19 Submitted by: gjb Approved by: so
| * Merge r307359 from stable/10:glebius2016-12-052-33/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Incorporate a change from OpenBSD by millert@OpenBSD.org Don't warn about valid time zone abbreviations. POSIX through 2000 says that an abbreviation cannot start with ':', and cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001 on changes this rule to say that an abbreviation can contain only '-', '+', and alphanumeric characters from the portable character set in the current locale. To be portable to both sets of rules, an abbreviation must therefore use only ASCII letters." Adapted from tzcode2015f. Errata Notice: EN-16:19.tzcode Submitted by: bapt Approved by: so
* | Import oce driver fix from [1]Renato Botelho2016-11-211-1/+1
| | | | | | | | [1] https://lists.freebsd.org/pipermail/freebsd-net/2015-June/042530.html
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-11-0214-53/+119
|\ \ | |/
| * Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]delphij2016-11-028-1/+44
| | | | | | | | | | | | | | | | Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:33.openssh Security: FreeBSD-SA-16:35.openssl Approved by: so
| * Revised SA-16:15. The initial patch didn't cover all possible overflowsglebius2016-10-253-2/+11
| | | | | | | | | | | | | | based on passing incorrect parameters to sysarch(2). Security: SA-16:15 Approved by: so
| * EN-16:17: virtual memory issues.glebius2016-10-255-51/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to increased parallelism and optimizations in several parts of the system, the previously latent bugs in VM become much easier to trigger, affecting a significant number of the FreeBSD users. The exact technical details of the issues are provided in the commit messages of the merged revisions, which are listed below with short summaries. r301184 prevent parallel object collapses, fixes object lifecycle r301436 do not leak the vm object lock, fixes overcommit disable r302243 avoid the active object marking for vm.vmtotal sysctl, fixes "vodead" hangs r302513 vm_fault() race with the vm_object_collapse(), fixes spurious SIGSEGV r303291 postpone BO_DEAD, fixes panic on fast vnode reclaim Approved by: so
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-10-193-303/+0
|\ \ | |/
| * Remove duplicate file content from patch misapplication in r306941emaste2016-10-143-303/+0
| | | | | | | | | | | | | | The three files affected were tests and aren't normally built so this had no user-facing effect in the normal case. Approved by: so
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-10-1214-203/+1255
|\ \ | |/
| * Fix bspatch heap overflow vulnerability. [SA-16:29]delphij2016-10-1014-203/+1255
| | | | | | | | | | | | | | | | Fix multiple portsnap vulnerabilities. [SA-16:30] Fix multiple libarchive vulnerabilities. [SA-16:31] Approved by: so
* | bridge: Fix fragment handling and memory leakkp2016-09-261-31/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted packet problem and the panic (triggered easly with low RAM) as explain in PR 185633. bridge_pfil and bridge_fragment relationship: bridge_pfil() receive (IN direction) packets and sent it to the firewall The firewall can be configured for reassembling fragmented packet (like pf'scrubing) in one mbuf chain when bridge_pfil() need to send this reassembled packet to the outgoing interface, it needs to re-fragment it by using bridge_fragment() bridge_fragment() had to split this mbuf (using ip_fragment) first then had to M_PREPEND each packet in the mbuf chain for adding Ethernet header. But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain, then the "main" pointer of this mbuf chain should be updated and this case is tottaly forgotten. The original bridge_fragment code (Revision 158140, 2006 April 29) came from OpenBSD, and the call to bridge_enqueue was embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(), then the original OpenBSD code can't work as-it of FreeBSD. PR: 185633 Submitted by: Olivier Cochard-Labbé Differential Revision: https://reviews.freebsd.org/D7780 (cherry picked from commit a8a1202774e288fb88de8422397f7ff398f7e3fb)
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-09-263-4/+7
|\ \ | |/
| * Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:delphij2016-09-263-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so
* | Add the ID for the Huawei ME909S LTE modem.loos2016-09-232-0/+2
| | | | | | | | | | | | | | | | Submitted by: svenauhagen at github MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate) (cherry picked from commit aa0f947239bb1137e935d123012dedab216cca27)
* | MFC r302497:kp2016-09-231-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | pf: Map hook returns onto the correct error values pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers expect to get E<foo> error codes. Map the returns values. A pass is 0 (everything is OK), anything else means pf ate the packet, so return EACCES, which tells the stack not to emit an ICMP error message. PR: 207598 (cherry picked from commit 26d31e281678303d3071eb6fbac74b22036f44c5)
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-09-2318-92/+223
|\ \ | |/
| * Fix multiple OpenSSL vulnerabilitites.delphij2016-09-2318-92/+223
| | | | | | | | | | Approved by: so Security: FreeBSD-SA-16:26.openssl
* | Move pkg repo templates to main repoRenato Botelho2016-09-204-36/+0
| |
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-08-1210-153/+332
|\ \ | |/
| * Release 6 errata notices for 10.3-RELEASE, all related to Microsoft Hyper-V.glebius2016-08-1210-153/+332
| | | | | | | | | | Submitted by: Dexuan Cui <decui microsoft.com>, gjb Approved by: so
* | Revert "Import patch from FreeBSD D5778 to fix "runtime went backwards" in ↵Renato Botelho2016-08-121-12/+2
| | | | | | | | | | | | Hyper-V. Ticket #6446" This reverts commit 95be4fb0378e88b4a64a2da93e8ef4611475a916.
* | Back default repo pointing to 2.3.3 snapshots, users had time to move from ↵Renato Botelho2016-08-051-2/+2
| | | | | | | | 2.3.2-devel to 2.3.2-rel
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-07-264-2/+14
|\ \ | |/
| * Fix bspatch heap overflow vulnerability. [SA-16:25]delphij2016-07-254-2/+14
| | | | | | | | | | | | | | Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so
* | pfSense: Import patch from bugzilla 210286Renato Botelho2016-07-071-0/+4
| |
* | Merge fix from FreeBSD for fragment states not being removed. Ticket #6499Chris Buechler2016-06-171-1/+1
| |
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-06-06170-3090/+4363
|\ \ | |/
| * Fix multiple ntp vulnerabilities.delphij2016-06-04161-3086/+4306
| | | | | | | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so
| * Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]glebius2016-05-315-1/+14
| | | | | | | | | | | | | | | | Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21] Security: SA-16:20 Security: SA-16:21 Approved by: so
| * Merge r300361 by mm@:glebius2016-05-316-4/+44
| | | | | | | | | | | | | | | | | | Backport security fix for absolute path traversal vulnerability in bsdcpio. Security: CVE-2015-2304 Security: SA-16:22 Approved by: so
* | Import patch from FreeBSD D5778 to fix "runtime went backwards" in Hyper-V. ↵Chris Buechler2016-06-041-2/+12
| | | | | | | | Ticket #6446
* | pf: Fix more ICMP mistranslationkp2016-05-231-1/+1
| | | | | | | | | | | | | | | | | | | | In the default case fix the substitution of the destination address. PR: 201519 Submitted by: Max <maximos@als.nnov.ru> MFC after: 1 week (cherry picked from commit 7ddccc27cd3b8cf9bef3dd5b7b71c8b82e914386)
* | pf: Fix ICMP translationkp2016-05-231-10/+5
| | | | | | | | | | | | | | | | | | | | Fix ICMP source address rewriting in rdr scenarios. PR: 201519 Submitted by: Max <maximos@als.nnov.ru> MFC after: 1 week (cherry picked from commit e155a36ec0418be0b8147484b0644e5e50ab7d25)
* | Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3Renato Botelho2016-05-174-2/+12
|\ \ | |/
| * - Use unsigned version of min() when handling arguments of SETFKEY ioctl.glebius2016-05-174-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | - Validate that user supplied control message length in sendmsg(2) is not negative. Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so
* | Point repo to RELEASE to lead users direct to 2.3.1Renato Botelho2016-05-161-2/+2
| |
* | MFC r298676:Luiz Otavio O Souza2016-05-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | netipsec: Don't leak memory when deep copy fails Reported by: Coverity CID: 1331693 Sponsored by: EMC / Isilon Storage Division TAG: IPSEC-HEAD (cherry picked from commit 736b7527cfdc5c4f0f0a91ddfaef07ea86ea0e58)
* | MFC r298535, r298536 and r298549:Luiz Otavio O Souza2016-05-124-18/+233
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle non-compressed packets for IPComp in tunnel mode. RFC3173 says that the IP datagram MUST be sent in the original non-compressed form, when the total size of a compressed payload and the IPComp header is not smaller than the size of the original payload. In tunnel mode for small packets IPComp will send encapsulated IP datagrams without IPComp header. Add ip_encap handler for IPPROTO_IPV4 and IPPROTO_IPV6 to handle these datagrams. The handler does lookup for SA related to IPComp protocol and given from mbuf source and destination addresses as tunnel endpoints. It decapsulates packets only when corresponding SA is found. Reported by: gnn Reviewed by: gnn Differential Revision: https://reviews.freebsd.org/D6062 r298536: Use ipsec_address() function to print IP addresses. r298549: Fix build for NOINET and NOINET6 kernels. Use own protosw structures for both address families. Check proto in encapcheck function and use -1 as proto argument in encap_attach_func(), both address families can have IPPROTO_IPV4 and IPPROTO_IPV6 protocols. Reported by: bz TAG: IPSEC-HEAD (cherry picked from commit a1d2523e7f503ed719420848cc61de12bdf8ab4f)
OpenPOWER on IntegriCloud