| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| | |
config with rrddata takes up a lot of space and does not work when backed
up from a USB. This data will now be removed when restoring a config
from usb during install.
|
| | |
|
| | |
|
| |
| |
| |
| | |
memstick image
|
| |
| |
| |
| |
| |
| | |
installer in the future"
This reverts commit bf7098bbfdbcb7d495276054f9afa50ed61b8e25.
|
| |
| |
| |
| | |
the future
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r339585:
Do not drop UDP traffic when TXCSUM_IPV6 flag is on
PR: 231797
Submitted by: whu
Reviewed by: dexuan
Obtained from: Kevin Morse
Sponsored by: Microsoft
Differential Revision: https://bugs.freebsd.org/bugzilla/attachment.cgi?id=198333&action=diff
(cherry picked from commit a3c2e0b86eeebc0b685c74ba2318413d71b526a6)
|
| |
| |
| |
| |
| |
| | |
Fix broken ALTQ support on hn0
This reverts commit 74acc5b16c2f2a31aef02e84914301a738a54a92.
|
| |
| |
| |
| | |
(cherry picked from commit b9a4da2d9f212606e04cf8a7a1f74fc9a65f8c3a)
|
| | |
|
| |
| |
| |
| | |
(cherry picked from commit 2d47c84a295e615ff5006eb4558480f6f1d907af)
|
| |
| |
| |
| | |
(cherry picked from commit 33976174adbd3f9d8ba61b2dbe904adb4a16f4ae)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:12.mem
Security: CVE-2018-17155
|
| |
| |
| |
| |
| |
| |
| | |
Reported by: Jakub Jirasek, Secunia Research at Flexera
Approved by: so
Security: FreeBSD-EN-18:11.listen
Security: CVE-2018-6925
|
| |
| |
| |
| |
| |
| |
| | |
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:10.syscall
Security: CVE-2018-17154
|
| |
| |
| |
| |
| | |
Approved by: so
Security: FreeBSD-EN-18:09.ip
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
Approved by: so
Security: FreeBSD-EN-18:08.lazyfpu
|
| |
| |
| |
| |
| |
| | |
Approved by: so
Security: FreeBSD-SA-18:12.elf
Security: CVE-2018-6924
|
| |
| |
| |
| | |
(cherry picked from commit 3c4cc37c1aece09f8bb98e14ea935e267180cced)
|
| |
| |
| |
| | |
(cherry picked from commit b10063a67560e2ed80f0847b06e88d76bc3f8660)
|
| |
| |
| |
| |
| |
| | |
They will be used by the x86 Thoth provisioning VM image.
(cherry picked from commit 014c937442a9c374488c4616ab6984f4d7a6f1bf)
|
| |
| |
| |
| | |
(cherry picked from commit 97bfd2e8785a1f315fa820c6726e4c20fdfcd3c6)
|
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the use of VLAN PCP in dhclient.
Ticket #7425
(cherry picked from commit f22c29d90e15667cd92c3a0b7b99fdb7c482014a)
|
| |
| |
| |
| |
| |
| |
| | |
Extend ranges of the critical sections to ensure that context switch
code never sees FPU pcb flags not consistent with the hardware state.
(cherry picked from commit e0245aeafd4d0ab7073f8d616840077f69e15a2a)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Similar to the network stack issue fixed in r337782 pf did not limit the number
of fragments per packet, which could be exploited to generate high CPU loads
with a crafted series of packets.
Limit each packet to no more than 64 fragments. This should be sufficient on
typical networks to allow maximum-sized IP frames.
This addresses the issue for both IPv4 and IPv6.
MFC after: 3 days
Security: CVE-2018-5391
Sponsored by: Klara Systems
(cherry picked from commit 282d17bf4b021cbee621d435f9b0f2722208585c)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
74287f5df9966a0648b4a68417451dd18f079ab8
delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Michał Sajdak; ok deraadt
(cherry picked from commit 1a0a92b8e0a7b260e4efe28cb3a417a3188194b4)
(cherry picked from commit 541de26ca237556b457420f18724599e3f791c52)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
in-band signaling for correct operation.
Submitted by: Dmitry
Ticket: #7532
(cherry picked from commit 35353c79953ab3dd45435737adeff4396e8121e9)
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a crash in ip6_forward() caused by a NULL m->m_pkthdr.rcvif.
Issue: #5428
(cherry picked from commit 4204c9f01d2ab439f6e0b9454ab22d4ffcca8cc4)
(cherry picked from commit 6fecd5e077c8d9964b59cd632e3028e398e80900)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
netgraph node.
Fixes the search (and use) of VLANs with dot notation.
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate)
(cherry picked from commit 81979a6755f342a76754a21e9530630abfdb11b1)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix L1 Terminal Fault (L1TF) kernel information disclosure.
[SA-18:09.l1tf]
Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip]
Fix unauthenticated EAPOL-Key decryption vulnerability.
[SA-18:11.hostapd]
Approved by: so
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| | |
Approved by: so
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, the per-queue limit is a function of the receive buffer
size and the MSS. In certain cases (such as connections with large
receive buffers), the per-queue segment limit can be quite large.
Because we process segments as a linked list, large queues may not
perform acceptably.
The better long-term solution is to make the queue more efficient.
But, in the short-term, we can provide a way for a system
administrator to set the maximum queue size.
We set the default queue limit to 100. This is an effort to balance
performance with a sane resource limit. Depending on their
environment, goals, etc., an administrator may choose to modify this
limit in either direction.
Approved by: so
Security: FreeBSD-SA-18:08.tcp
Security: CVE-2018-6922
|
| |
| |
| |
| |
| |
| | |
motherboards""
This reverts commit 19b31289ee2c5a37cf6545693734a4f7dc792e9a.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Fixes the loading as module.
(cherry picked from commit 1256b30394ef9765ec4345c9155b76bed155b37a)
(cherry picked from commit 5c20c6c7afd7572658311bc1173def97c49349b2)
|
| |
| |
| |
| | |
(cherry picked from commit 57393411cdc509145e77aaefa57b642252125a49)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Add the anticipated 11.2-RELEASE date to UPDATING.
- Set a static __FreeBSD_version.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Remove an empty section that was left over from a previous commit
to prune empty sections.
- Add a note about a late discovered issue with zfsd(8) (Bugzilla
228750). Fix a sentence stop while here.
- Document SA-18:07, which had been included in RC3.
- Fix FreeBSD versions in the installation.html page.
Approved by: re (implicit, relnotes)
Sponsored by: The FreeBSD Foundation
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enable eager FPU context switch on i386 and amd64.
CVE: CVE-2018-3665
MFC r335131
Remove printf() in #NM handler.
MFC r335132:
Reorganize code flow in fpudna()/npxdna().
Approved by: re (gjb)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC rr334886:
Add missed libc++ entries to (Optional)ObsoleteFiles.inc
Some of these were removed during the libc++ 5.0.0 import, others
were added in the libc++ 6.0.0 import.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC r334657:
Issue: Utility hangs when OCS_IOCTL_CMD_MGMT_GET_ALL called in
parallel on port 0 and port 1.
Fix: Using static structure for results is corrupting the second
ioctl request. Removed static for results structure.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|