summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* UPDATING and newvers entries for 11.2-p9emaste2019-02-052-1/+6
| | | | | Approved by: so Security: FreeBSD-SA-19:01.syscall
* amd64: clear callee-preserved registers on syscall exitemaste2019-02-051-2/+4
| | | | | | | Submitted by: kib Approved by: so Security: CVE-2019-5595 Security: FreeBSD-SA-19:01.syscall
* UPDATING and newvers entries for 11.2-p8emaste2019-01-092-1/+12
| | | | | | | Approved by: so Security: FreeBSD-EN-19:03.sqlite Security: FreeBSD-EN-19:04.tzdata Security: FreeBSD-EN-19:05.kqueue
* MFS11 r340904: Avoid unsynchronized updates to kn_status.emaste2019-01-091-8/+13
| | | | | Approved by: so Security: FreeBSD-EN-19:05.kqueue
* MFS11 r342668: Import tzdata 2018h, 2018iemaste2019-01-0913-168/+841
| | | | | Approved by: so Security: FreeBSD-EN-19:04.tzdata
* MFS11 r342292: MFC r333352 & r342183:emaste2019-01-0913-14091/+39085
| | | | | | | | | r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1 r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000) PR: 234113 Approved by: so Security: FreeBSD-EN-19:03.sqlite
* 11.2-RELEASE-p7 UPDATINGemaste2018-12-192-1/+15
| | | | | | | | Approved by: so Security: FreeBSD-SA-18:15.bootpd Security: FreeBSD-EN-18:16.ptrace Security: FreeBSD-EN-18:17.vm Security: FreeBSD-EN-18:18.zfs
* MFS11 r342229: bootpd: validate hardware typeemaste2018-12-191-0/+4
| | | | | | | | | | | | | Due to insufficient validation of network-provided data it may have been possible for a malicious actor to craft a bootp packet which could cause a stack buffer overflow. admbugs: 850 Reported by: Reno Robert Reviewed by: markj Approved by: so Security: FreeBSD-SA-18:15.bootpd Sponsored by: The FreeBSD Foundation
* MFS11 r341828: Resolve a hang in ZFS during vnode reclaimationemaste2018-12-191-6/+18
| | | | | | | | | | | This is caused by a deadlock between zil_commit() and zfs_zget() Add a way for zfs_zget() to break out of the retry loop in the common case PR: 229614, 231117 Submitted by: allanjude Approved by: so Security: FreeBSD-EN-18:18.zfs Sponsored by: Klara Systems, The FreeBSD Foundation
* MFS11 r341401: Update the free page count when blacklisting pages.emaste2018-12-191-1/+3
| | | | | | | | PR: 231296 Submitted by: markj Approved by: so Security: FreeBSD-EN-18:17.vm Sponsored by: The FreeBSD Foundation
* MFS11 r340290: Only clear a pending thread event if one is pending.emaste2018-12-191-49/+53
| | | | | | | | | | | This fixes a panic when attaching to an already-stopped process. Also do some other clean ups for control flow of sendsig section. Submitted by: markj Approved by: so Security: FreeBSD-EN-18:16.ptrace Sponsored by: The FreeBSD Foundation
* Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]gordon2018-12-043-15/+21
| | | | | | | | Submitted by: jhb Reported by: Reno Robert Approved by: so Security: FreeBSD-SA-18:14.bhyve Security: CVE-2018-17160
* Fix deferred kernel loading breaks loader password. [EN-18:15.loader]gordon2018-11-271-1/+2
| | | | | | Submitted by: dteske Approved by: so Security: FreeBSD-EN-18:15.loader
* Timezone database information update. [EN-18:14.tzdata]gordon2018-11-2728-535/+1348
| | | | | Approved by: so Security: FreeBSD-EN-18:14.tzdata
* Fix ICMP buffer underwrite. [EN-18:13.icmp]gordon2018-11-271-1/+4
| | | | | | Approved by: so Security: FreeBSD-EN-18:13.icmp Security: CVE-2018-17156
* Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]gordon2018-11-275-9/+32
| | | | | | | | | Reported by: Jakub Jirasek, Secunia Research at Flexera Approved by: so Security: FreeBSD-SA-18:13.nfs Security: CVE-2018-17157 Security: CVE-2018-17158 Security: CVE-2018-17159
* Fix small kernel memory disclosures. [EN-18:12.mem]gordon2018-09-271-0/+2
| | | | | | | Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:12.mem Security: CVE-2018-17155
* Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]gordon2018-09-273-11/+63
| | | | | | | Reported by: Jakub Jirasek, Secunia Research at Flexera Approved by: so Security: FreeBSD-EN-18:11.listen Security: CVE-2018-6925
* Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]gordon2018-09-271-0/+2
| | | | | | | Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:10.syscall Security: CVE-2018-17154
* Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]gordon2018-09-273-2/+17
| | | | | Approved by: so Security: FreeBSD-EN-18:09.ip
* Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]gordon2018-09-124-35/+43
| | | | | Approved by: so Security: FreeBSD-EN-18:08.lazyfpu
* Fix improper elf header parsing. [SA-18:12.elf]gordon2018-09-124-2/+17
| | | | | | Approved by: so Security: FreeBSD-SA-18:12.elf Security: CVE-2018-6924
* Revis manual pages. [SA-18:08.tcp]delphij2018-08-1516-165/+575
| | | | | | | | | | | | Fix L1 Terminal Fault (L1TF) kernel information disclosure. [SA-18:09.l1tf] Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip] Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd] Approved by: so
* Bump patch level and document them.delphij2018-08-062-1/+5
| | | | Approved by: so
* Address concerns about CPU usage while doing TCP reassembly.jtl2018-08-062-1/+25
| | | | | | | | | | | | | | | | | | | | | Currently, the per-queue limit is a function of the receive buffer size and the MSS. In certain cases (such as connections with large receive buffers), the per-queue segment limit can be quite large. Because we process segments as a linked list, large queues may not perform acceptably. The better long-term solution is to make the queue more efficient. But, in the short-term, we can provide a way for a system administrator to set the maximum queue size. We set the default queue limit to 100. This is an effort to balance performance with a sane resource limit. Depending on their environment, goals, etc., an administrator may choose to modify this limit in either direction. Approved by: so Security: FreeBSD-SA-18:08.tcp Security: CVE-2018-6922
* - Switch releng/11.2 to -RELEASE.gjb2018-06-213-2/+5
| | | | | | | | - Add the anticipated 11.2-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Final touches to 11.2-RELEASE release notes:gjb2018-06-214-10/+28
| | | | | | | | | | | | - Remove an empty section that was left over from a previous commit to prune empty sections. - Add a note about a late discovered issue with zfsd(8) (Bugzilla 228750). Fix a sentence stop while here. - Document SA-18:07, which had been included in RC3. - Fix FreeBSD versions in the installation.html page. Approved by: re (implicit, relnotes) Sponsored by: The FreeBSD Foundation
* Update releng/11.2 to RC3 as part of the 11.2-RELEASE cycle.gjb2018-06-151-1/+1
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFC rr335072, r335089:kib2018-06-154-90/+156
| | | | | | | | | | | | | Enable eager FPU context switch on i386 and amd64. CVE: CVE-2018-3665 MFC r335131 Remove printf() in #NM handler. MFC r335132: Reorganize code flow in fpudna()/npxdna(). Approved by: re (gjb)
* MFS11 r335088 (dim):gjb2018-06-142-3/+8
| | | | | | | | | | | MFC rr334886: Add missed libc++ entries to (Optional)ObsoleteFiles.inc Some of these were removed during the libc++ 5.0.0 import, others were added in the libc++ 6.0.0 import. Approved by: re (marius) Sponsored by: The FreeBSD Foundation
* MFS11 r334872 (ram):gjb2018-06-141-2/+2
| | | | | | | | | | | | MFC r334657: Issue: Utility hangs when OCS_IOCTL_CMD_MGMT_GET_ALL called in parallel on port 0 and port 1. Fix: Using static structure for results is corrupting the second ioctl request. Removed static for results structure. Approved by: re (marius) Sponsored by: The FreeBSD Foundation
* Switch releng/11.2 to RC2 as part of the 11.2-RELEASE cycle, followinggjb2018-06-081-1/+1
| | | | | | | r334860. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Fix the ordering of where '$bootable' is set in the secondgjb2018-06-081-1/+1
| | | | | | | | | | variable setting, which was moved around as part of prior commits that were subsequently reverted. This is a direct commit to releng/11.2. Approved by: re (kib) Sponsored by: The FreeBSD Foundation
* Revert releng/11.2 back to RC1 temporarily, as an additional fixgjb2018-06-081-1/+1
| | | | | | | for amd64 ISOs is required. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Rename releng/11.2 to RC2 as part of the 11.2-RELEASE cycle, followinggjb2018-06-081-1/+1
| | | | | | | r334839. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Restore r332345 and r332346 from head, merged to stable/11 asgjb2018-06-081-1/+1
| | | | | | | | | | | | | | | | | part of r333006, which was reverted in r334735. r332345 fixes makefs(8) invocation after head revision r331843, where makefs(8) was updated to be in sync with NetBSD. r332346 fixes the $bootable variable position so the platformid option is correctly applied. This is a direct commit to releng/11.2, as these two revisions were part of a total of four revisions merge to stable/11 (at the time) in r333006. Approved by: re (bdrewery) Sponsored by: The FreeBSD Foundation
* Revert releng/11.2 back to RC1 due to an issue discovered withgjb2018-06-081-1/+1
| | | | | | | amd64 ISOs, pending a fix to be committed shortly. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Update releng/11.2 to RC2 as part of the 11.2-RELEASE cycle.gjb2018-06-071-1/+1
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFstable/11 334801tuexen2018-06-072-3/+2
| | | | | | | | | | | | | | | | | Improve compliance with RFC 4895 and RFC 6458. Silently dicard SCTP chunks which have been requested to be authenticated but are received unauthenticated no matter if support for SCTP authentication has been negotiated. This improves compliance with RFC 4895. When the application uses the SCTP_AUTH_CHUNK socket option to request a chunk to be received in an authenticated way, enable the SCTP authentication extension for the end-point. This improves compliance with RFC 6458. Discussed with: Peter Lei Approved by: re (marius@)
* Fix a typo.gjb2018-06-071-1/+1
| | | | | | Spotted by: adamw Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Add xml:id attributes for diff reduction.gjb2018-06-071-9/+9
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Fix a grammatical error.gjb2018-06-071-1/+1
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Connect the installation page to the build.gjb2018-06-072-1/+2
| | | | | | | Update the release version in installation/article.xml. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Document pkg(8) version.gjb2018-06-071-1/+2
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* relnotes/article.xml:gjb2018-06-071-140/+26
| | | | | | | | | - Remove empty sections. - Move the 'hardware support' section, containing only driver information, to the 'device drivers' section. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Document r334789, dhclient(8) allow to superscede interface-mtugjb2018-06-071-0/+5
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* errata/article.xml:gjb2018-06-076-79/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Prune stale entries from 11.1-RELEASE. - Add an xml:id for diff reduction. hardware/article.xml: - Add an xml:id for diff reduction. installation/article.xml: - Add an xml:id for diff reduction. readme/article.xml: - Fix a malformed URL and mailing list reference. readme/article.xml: - Update the xml:id to match that used by readme/article.xml for consistency. release.ent: - Update versions, and switch from 'snapshot' to 'release'. security.xml: - Remove reference to 10.x. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFC: r334443 (by cem@) MF stable/11: r334787marius2018-06-072-4/+24
| | | | | | | | | | | | | | | dhclient(8): allow to supersede interface-mtu option In some cases broken DHCP servers might send invalid MTU value, so allow to use 'supersede' in dhclient.conf to override this. When superseded value is 0, MTU value is not updated at all. PR: 206721 Submitted by: novel@ Reported by: <jimp AT pfsense.org> Approved by: re (gjb) Relnotes: yes (potentially surprising behavior change w/ broken dhcpd mtu) Differential Revision: https://reviews.freebsd.org/D15484
* MFstable/11 334732:tuexen2018-06-062-0/+4
| | | | | | | | | | | Don't overflow a buffer if we receive an INIT or INIT-ACK chunk without a RANDOM parameter but with a CHUNKS or HMAC-ALGO parameter. Please note that sending this combination violates the specification. Thanks to Ronald E. Crane for reporting the issue for the userland stack. Approved by: re (gjb@)
* MFstable/11 334731tuexen2018-06-061-2/+8
| | | | | | | | | | Limit the retransmission timer for SYN-ACKs by TCPTV_REXMTMAX. Use the same logic to handle the SYN-ACK retransmission when sent from the syn cache code as when sent from the main code. Approved by: re (gjb@) Sponsored by: Netflix, Inc.
OpenPOWER on IntegriCloud