| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-EN-18:14.tzdata
|
| |
|
|
|
|
| |
Approved by: so
Security: FreeBSD-EN-18:13.icmp
Security: CVE-2018-17156
|
| |
|
|
|
|
|
|
|
| |
Reported by: Jakub Jirasek, Secunia Research at Flexera
Approved by: so
Security: FreeBSD-SA-18:13.nfs
Security: CVE-2018-17157
Security: CVE-2018-17158
Security: CVE-2018-17159
|
| |
|
|
|
|
|
| |
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:12.mem
Security: CVE-2018-17155
|
| |
|
|
|
|
|
| |
Reported by: Jakub Jirasek, Secunia Research at Flexera
Approved by: so
Security: FreeBSD-EN-18:11.listen
Security: CVE-2018-6925
|
| |
|
|
|
|
|
| |
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:10.syscall
Security: CVE-2018-17154
|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-EN-18:09.ip
|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-EN-18:08.lazyfpu
|
| |
|
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-18:12.elf
Security: CVE-2018-6924
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix L1 Terminal Fault (L1TF) kernel information disclosure.
[SA-18:09.l1tf]
Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip]
Fix unauthenticated EAPOL-Key decryption vulnerability.
[SA-18:11.hostapd]
Approved by: so
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the per-queue limit is a function of the receive buffer
size and the MSS. In certain cases (such as connections with large
receive buffers), the per-queue segment limit can be quite large.
Because we process segments as a linked list, large queues may not
perform acceptably.
The better long-term solution is to make the queue more efficient.
But, in the short-term, we can provide a way for a system
administrator to set the maximum queue size.
We set the default queue limit to 100. This is an effort to balance
performance with a sane resource limit. Depending on their
environment, goals, etc., an administrator may choose to modify this
limit in either direction.
Approved by: so
Security: FreeBSD-SA-18:08.tcp
Security: CVE-2018-6922
|
| |
|
|
|
|
|
|
| |
- Add the anticipated 11.2-RELEASE date to UPDATING.
- Set a static __FreeBSD_version.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Remove an empty section that was left over from a previous commit
to prune empty sections.
- Add a note about a late discovered issue with zfsd(8) (Bugzilla
228750). Fix a sentence stop while here.
- Document SA-18:07, which had been included in RC3.
- Fix FreeBSD versions in the installation.html page.
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Enable eager FPU context switch on i386 and amd64.
CVE: CVE-2018-3665
MFC r335131
Remove printf() in #NM handler.
MFC r335132:
Reorganize code flow in fpudna()/npxdna().
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
| |
MFC rr334886:
Add missed libc++ entries to (Optional)ObsoleteFiles.inc
Some of these were removed during the libc++ 5.0.0 import, others
were added in the libc++ 6.0.0 import.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
| |
MFC r334657:
Issue: Utility hangs when OCS_IOCTL_CMD_MGMT_GET_ALL called in
parallel on port 0 and port 1.
Fix: Using static structure for results is corrupting the second
ioctl request. Removed static for results structure.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
r334860.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
| |
variable setting, which was moved around as part of prior
commits that were subsequently reverted.
This is a direct commit to releng/11.2.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
for amd64 ISOs is required.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
r334839.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
part of r333006, which was reverted in r334735.
r332345 fixes makefs(8) invocation after head revision r331843,
where makefs(8) was updated to be in sync with NetBSD.
r332346 fixes the $bootable variable position so the platformid
option is correctly applied.
This is a direct commit to releng/11.2, as these two revisions
were part of a total of four revisions merge to stable/11 (at
the time) in r333006.
Approved by: re (bdrewery)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
amd64 ISOs, pending a fix to be committed shortly.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve compliance with RFC 4895 and RFC 6458.
Silently dicard SCTP chunks which have been requested to be
authenticated but are received unauthenticated no matter if support
for SCTP authentication has been negotiated. This improves compliance
with RFC 4895.
When the application uses the SCTP_AUTH_CHUNK socket option to
request a chunk to be received in an authenticated way, enable
the SCTP authentication extension for the end-point. This improves
compliance with RFC 6458.
Discussed with: Peter Lei
Approved by: re (marius@)
|
| |
|
|
|
|
| |
Spotted by: adamw
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
Update the release version in installation/article.xml.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
| |
- Remove empty sections.
- Move the 'hardware support' section, containing only
driver information, to the 'device drivers' section.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Prune stale entries from 11.1-RELEASE.
- Add an xml:id for diff reduction.
hardware/article.xml:
- Add an xml:id for diff reduction.
installation/article.xml:
- Add an xml:id for diff reduction.
readme/article.xml:
- Fix a malformed URL and mailing list reference.
readme/article.xml:
- Update the xml:id to match that used by readme/article.xml
for consistency.
release.ent:
- Update versions, and switch from 'snapshot' to 'release'.
security.xml:
- Remove reference to 10.x.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dhclient(8): allow to supersede interface-mtu option
In some cases broken DHCP servers might send invalid MTU value, so allow to
use 'supersede' in dhclient.conf to override this. When superseded value is
0, MTU value is not updated at all.
PR: 206721
Submitted by: novel@
Reported by: <jimp AT pfsense.org>
Approved by: re (gjb)
Relnotes: yes (potentially surprising behavior change w/ broken dhcpd mtu)
Differential Revision: https://reviews.freebsd.org/D15484
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't overflow a buffer if we receive an INIT or INIT-ACK chunk
without a RANDOM parameter but with a CHUNKS or HMAC-ALGO parameter.
Please note that sending this combination violates the specification.
Thanks to Ronald E. Crane for reporting the issue for the userland
stack.
Approved by: re (gjb@)
|
| |
|
|
|
|
|
|
|
|
| |
Limit the retransmission timer for SYN-ACKs by TCPTV_REXMTMAX.
Use the same logic to handle the SYN-ACK retransmission when sent from
the syn cache code as when sent from the main code.
Approved by: re (gjb@)
Sponsored by: Netflix, Inc.
|
| |
|
|
|
|
|
|
|
|
|
| |
Ensure net.inet.tcp.syncache.rexmtlimit is limited by TCP_MAXRXTSHIFT.
If the sysctl variable is set to a value larger than TCP_MAXRXTSHIFT+1,
the array tcp_syn_backoff[] is accessed out of bounds.
Discussed with: jtl@
Approved by: re (gjb)
Sponsored by: Netflix, Inc.
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This revision implemented hybrid ISOs for the amd64
architecture, however it was discovered to have caused
a regression in booting legacy-mode (BIOS/CSM).
This restores the way ISOs were previously created, as
the cause (and differences between head and stable/11
and releng/11.2) have not been entirely identified.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
Ensure we are not dereferencing a NULL pointer.
CID: 1385266
Approved by: re (marius@)
|
| |
|
|
|
|
| |
Reported by: adamw
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
the relnotes page.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
for i386 memstick images.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
