| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
| |
Noticed by: gordon
Approved by: so
|
| |
|
|
|
|
| |
Boot compatibility improvements with Azure VMs. [EN-17:06]
Approved by: so
|
| |
|
|
|
| |
Security: FreeBSD-SA-17:04.ipfilter
Approved by: so
|
| |
|
|
|
|
| |
Xen migration enhancements. [EN-17:05]
Approved by: so
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
|
| |
Security: FreeBSD-SA-17:01.openssh
Security: CVE-2016-10009
Security: CVE-2016-10010
Approved by: so
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
| |
PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Note: because of what appears to be a missing MFC to stable branches,
these patches were generated by doing:
% rsync -av stable/10/contrib/tzdata releng/10.x/contrib/tzdata
% svn add releng/10.x/contrib/tzdata
Errata Notice: EN-16:19
Submitted by: gjb
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Incorporate a change from OpenBSD by millert@OpenBSD.org
Don't warn about valid time zone abbreviations. POSIX
through 2000 says that an abbreviation cannot start with ':', and
cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001
on changes this rule to say that an abbreviation can contain only
'-', '+', and alphanumeric characters from the portable character
set in the current locale. To be portable to both sets of rules,
an abbreviation must therefore use only ASCII letters." Adapted
from tzcode2015f.
Errata Notice: EN-16:19.tzcode
Submitted by: bapt
Approved by: so
|
| |
|
|
|
|
|
|
| |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:33.openssh
Security: FreeBSD-SA-16:35.openssl
Approved by: so
|
| |
|
|
|
|
|
| |
based on passing incorrect parameters to sysarch(2).
Security: SA-16:15
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to increased parallelism and optimizations in several parts of the
system, the previously latent bugs in VM become much easier to trigger,
affecting a significant number of the FreeBSD users. The exact technical
details of the issues are provided in the commit messages of the merged
revisions, which are listed below with short summaries.
r301184 prevent parallel object collapses, fixes object lifecycle
r301436 do not leak the vm object lock, fixes overcommit disable
r302243 avoid the active object marking for vm.vmtotal sysctl, fixes
"vodead" hangs
r302513 vm_fault() race with the vm_object_collapse(), fixes spurious
SIGSEGV
r303291 postpone BO_DEAD, fixes panic on fast vnode reclaim
Approved by: so
|
| |
|
|
|
|
|
| |
The three files affected were tests and aren't normally built so this
had no user-facing effect in the normal case.
Approved by: so
|
| |
|
|
|
|
|
|
| |
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
| |
|
|
|
| |
Submitted by: Dexuan Cui <decui microsoft.com>, gjb
Approved by: so
|
| |
|
|
|
|
|
| |
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
|
| |
|
|
|
| |
Security: FreeBSD-SA-16:24.ntp
Approved by: so
|
| |
|
|
|
|
|
|
| |
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
|
| |
|
|
|
|
|
|
|
| |
Backport security fix for absolute path traversal
vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
|
| |
|
|
|
|
|
|
|
|
| |
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
| |
10.3-RELEASE builds.
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grdc(6) 12-hour mode fixed,
inetd(8) crash with IPv6 address fixed,
netstat(1) statistics counter divided by 1024 fixed,
rc.d/netif now updates only static routes,
vt(4) kern.vt.bell_enable,
puc(4) MSI support,
epair(4) and lagg(4) cloner vnet jail support,
epair(4) panic fixed,
lagg(4) per-interface sysctl nodes replaced with ifconfig flags,
lagg(4) panic fixed,
SIOCGDRLST_IN6 and SIOCGPRLST_IN6 ioctls removed.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
| |
reword description about ar -D/-U option,
camcontrol(8) fwdonwload improvements,
pkill -j jailname support,
timeout(1) added,
ypinit(8) eui64 NIS map,
kern.features.invariants sysctl added.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
last reboot now works again,
mv(1) return value has been fixed,
mkimg(1) dynamic VHD format fixed,
pw(8) userdel/usermod -y option,
watchdogd(8) -x option added,
rc.firewall now uses ipfw tables when firewall_type="SIMPLE",
imxwdt driver fixed,
uart(4) PPS polarity fixed,
user(4) dev.uart.pps_mode added,
uftdi(4) new ioctls to read/write eeprom,
legacy ata(4) drivers removed.
Approved by: re (implicit)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix typos.
- Update relnotes items:
ctladm(8) return value bugfix,
ifconfig -v now displays SFP/SFP+ data,
add updstream changeset id to the libarchive(3) improvement,
vt(4) ALT_BREAK_TO_DEBUGGER support added,
thread_create() API added,
pms(4) removed from GENERIC for amd64/i386,
kern.racct.enable fixed,
cxgbe(4) firmware updated to 1.14.4.0,
pf(4) logging issue fixed,
LLENTRY_DELETED event in NDP fixed.
- Edit items:
s/Timezone data files/Time zone database/,
-manage-gids flag is for nfsuserd, not nfsd.
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r296416 (head) and r296969 (stable/10) respectively. With SAVESIGVEC
enabled, csh(1) and tcsh(1) leak signal masks after spawning external
commands. This causes strange effects like for example SIGTERM not
being delivered to rc(8) scripts on shutdown albeit these use sh(1),
if csh(1) or tcsh(1) are used as login shell of root. As such r296976
causes way more problems than it solves.
It is anticipated that a proper changeset for the original problem
will be issued as an Errata Notice post-10.3-RELEASE.
PR: 208132
Approved by: re (gjb)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
| |
Remove 50% ZFS conditional from bsdinstall/zfsboot
PR: 208094
Approved by: re (marius)
|
| |
|
|
| |
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
|
|
|
| |
Signal handling within tcsh vfork code path will conflict with some system
libraries (such as libthr) which maintain their own signal state. This
change adds the tcsh SAVESIGVEC option to save and restore the sigvecs for
the signals the child modifies before it execs.
Reviewed by: kib, rwatson
Reported by: kib
Approved by: re
|
| |
|
|
|
|
|
|
|
|
|
| |
Due to invalid use of a signed intermediate value in the bounds checking
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.
Submitted by: CORE Security
Patch by: kib
Security: SA-16:15
Approved by: re (implicit)
|
| |
|
|
|
|
|
|
| |
Require firewall setup before running rc.d/netwait, otherwise the ping
packets sent by netwait may not get through.
PR: 207916
Approved by: re (marius)
|
| |
|
|
|
|
| |
Force the desired alignment of the user save area.
Approved by: re (marius)
|
| |
|
|
|
|
|
| |
Filemon: Attach from the child to avoid racing with the parent attach.
Relnotes: yes
Approved by: re (marius)
|
| |
|
|
|
|
|
|
| |
MFC r296542: Load linux64 module for amd64 if Linux abi enabled.
Reviewed by: emaste@
Approved by: re (marius)
Differential Revision: https://reviews.freebsd.org/D5567
|
| |
|
|
|
|
|
|
| |
Adjust _callout_stop_safe() return value for the subr_sleepqueue.c needs
when migrating callout was blocked, but running one was not.
PR: 200992
Approved by: re (marius)
|
| |
|
|
|
|
| |
Submitted by: Harald Schmalzbauer
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
