summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple small kernel memory disclosures. [EN-18:04.mem]gordon2018-04-047-7/+10
| | | | | | | Reported by: Ilja van Sprundel Approved by: so Security: CVE-2018-6919 Security: FreeBSD-EN-18:04.mem
* Update timezone database information. [EN-18:03.tzdata]gordon2018-04-0418-1207/+1889
| | | | | | Submitted by: philip Approved by: so Security: FreeBSD-EN-18:03.tzdata
* Fix ipsec crash or denial of service. [SA-18:05.ipsec]gordon2018-04-041-44/+28
| | | | | | | Reported by: Maxime Villard Approved by: so Security: CVE-2018-6918 Security: FreeBSD-SA-18:05.ipsec
* Fix vt console memory disclosure. [SA-18:04.vt]gordon2018-04-043-2/+17
| | | | | | | | | | | Bump newvers.sh and UPDATING for today's patches. Submitted by: emaste Reported by: Dr Silvio Cesare of InfoSect Approved by: so Security: CVE-2018-6917 Security: FreeBSD-SA-18:04.vt Sponsored by: The FreeBSD Foundation
* Add mitigations for two classes of speculative execution vulnerabilitiesgordon2018-03-1453-591/+2141
| | | | | | | | | on amd64. [FreeBSD-SA-18:03.speculative_execution] Approved by: so Security: FreeBSD-SA-18:03.speculative_execution Security: CVE-2017-5715 Security: CVE-2017-5754
* Update file(1) to new version with security update. [EN-18:02.file]gordon2018-03-07145-1848/+3231
| | | | | | Approved by: so Security: FreeBSD-EN-18:02.file Security: CVE-2017-1000249
* Update timezone database information. [EN-18:01.tzdata]gordon2018-03-0717-201/+557
| | | | | Approved by: so Security: FreeBSD-EN-18:01.tzdata
* Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]gordon2018-03-07252-11264/+18567
| | | | | | | | | | Approved by: so Security: FreeBSD-SA-18:02.ntp Security: CVE-2018-7182 Security: CVE-2018-7170 Security: CVE-2018-7184 Security: CVE-2018-7185 Security: CVE-2018-7183
* Fix ipsec validation and use-after-free. [SA-18:01.ipsec]gordon2018-03-073-2/+28
| | | | | | Approved by: so Security: FreeBSD-SA-18:01.ipsec Security: CVE-2018-6916
* Fix multiple OpenSSL vulnerabilities.gordon2017-12-095-15/+19
| | | | | | | Approved by: so Security: CVE-2017-3737 Security: CVE-2017-3738 Security: FreeBSD-SA-17:12.openssl
* Bump patch level.delphij2017-11-291-1/+1
| | | | | Reported by: Franco Fichtner <franco lastsummer de> Approved by: so
* Fix multiple vulnerabilities of OpenSSL.delphij2017-11-294-8/+30
| | | | | Security: FreeBSD-SA-17:11 Approved by: so
* Correct patch level.gordon2017-11-151-1/+1
| | | | | Approved by: so X-Pointy-Hat: gordon@
* Properly bzero kldstat structure to prevent information leak. [SA-17:10]gordon2017-11-154-19/+33
| | | | | | Approved by: so Security: FreeBSD-SA-17:10.kldstat Security: CVE-2017-1088
* Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]gordon2017-11-151-2/+2
| | | | | | Approved by: so Security: FreeBSD-SA-17:08.ptrace Security: CVE-2017-1086
* Update timezone database information. [EN-17:09]gordon2017-11-0226-1229/+2154
| | | | Approved by: so
* Correct copy-paste. 11.1 is p2, not p13.gordon2017-10-171-1/+1
| | | | | X-Pointy-Hat-To: gordon Approved by: so
* Fix WPA2 protocol vulnerability. [SA-17:07]gordon2017-10-1715-54/+245
| | | | Approved by: so
* Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.1delphij2017-08-105-1/+26
| | | | | | | | Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Fix pf(4) housekeeping thread causes kernel panic. [EN-17:08] Approved by: so
* - Switch releng/11.1 to -RELEASE.gjb2017-07-203-2/+5
| | | | | | | | - Add the anticipated 11.1-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Document r307265, vfs.zfs.compressed_arc_enabled.gjb2017-07-161-0/+7
| | | | | | Proxied by: allanjude, emaste Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Rename releng/11.1 to RC3 as part of the 11.1-RELEASE cycle.gjb2017-07-132-2/+2
| | | | | | | Use the 'release_1' package set to populate the dvd1.iso packages. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Document r320954, deprecation of digi(4), ie(4), mcd(4), scd(4),gjb2017-07-131-0/+7
| | | | | | | si(4), spic(4), wl(4), sicontrol(8), and wlconfig(8). Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFS11 320921:jhb2017-07-1316-9/+68
| | | | | | Add deprecation notices for various device drivers removed in 12.0. Approved by: re (kib)
* Document pkg(8) version 1.10.1.gjb2017-07-131-41/+2
| | | | | | | | Prune empty sections. Remove a stale comment. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Document SA-17:05.heimdal.gjb2017-07-131-0/+8
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MF11 r320947; MFC r320876:hselasky2017-07-131-1/+7
| | | | | | | | | Make sure the mlx4en RX DMA ring gets stamped with software ownership in order to prevent the flow of QP to error in the firmware once UPDATE_QP is called. Approved by: re (marius) Sponsored by: Mellanox Technologies
* MFS 320891grehan2017-07-133-4/+4
| | | | | | | | | | MFC r317542, r317543, r317543 317542 comment fix 317543 set rfb default port 317543 listen on localhost by default for rfb Approved by: re (kib)
* MFS 320866grehan2017-07-1313-2/+321
| | | | | | | | | | | | MFC 313727, 317483 In addition, replace the missing caph routines with small helper functions (bhyverun.c) or an open-coded replacement (uart_emul.c) 313727 Capsicumize bhyve 317483 Allow CAP_MMAP_RW on memfd for PCI passthru Approved by: re (kib)
* MFS r320855grehan2017-07-131-8/+19
| | | | | | ps2 mouse fixes, found by plan9/9front. Approved by: re (kib)
* MF11: r320898; MFC: r320577, r320620marius2017-07-121-2/+14
| | | | | | | | | Retry up to 2 ms to enable bus power as at least with some Intel SDHCI/eMMC controllers the first attempt after a D3 to D0 transition, i. e. when the firmware has put the devices into D3 state before, can fail. Approved by: re (gjb)
* MFS r320907: MFC r320906: MFV r320905: Import upstream fix fordelphij2017-07-121-2/+2
| | | | | | | | | | | | | | | CVE-2017-11103. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Submitted by: hrs Obtained from: Heimdal Security: FreeBSD-SA-17:05.heimdal Security: CVE-2017-11103 Approved by: re (kib)
* MFS r320889:kib2017-07-121-0/+1
| | | | | | Restore layout of struct vm_map_entry. Approved by: re (delphij)
* MFC r320843 MFS r320903:kib2017-07-121-1/+1
| | | | | | Fix loop termination in vm_map_find_min(). Approved by: re (delphij)
* MFC r320801 MFS r320887:kib2017-07-111-3/+5
| | | | | | Simplify language. Approved by: re (delphij)
* Document r320874, gdb(1) and kgdb(1) deprecation.gjb2017-07-101-0/+6
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFS11 320824: Add deprecation notices for gdb and kgdb.jhb2017-07-102-1/+16
| | | | | | | | | | Even though gdb and kgdb may not be removed for 12.0 on some architectures, the notice is unconditional as these tools will likely be removed at some point in the future when adequate replacements are available (gdb in ports or lldb in base). Approved by: re (gjb) Relnotes: yes
* MFS11 r320870:gjb2017-07-101-0/+1
| | | | | | | | MFC r320785: Connect ena(4) to the build. Approved by: re (kib) Sponsored by: The FreeBSD Foundation
* MFC r320619 MFS r320863:kib2017-07-101-9/+8
| | | | | | Resolve confusion between different error code spaces. Approved by: re (delphij)
* MFC r320570 MFS r320822:kib2017-07-091-4/+5
| | | | | | Correct signatures of several pthreads stubs. Approved by: re (gjb)
* MFS r320799: MFC r320665:delphij2017-07-081-3/+3
| | | | | | | In open_binary_fd: when using buffer size for strl* and snprintf, always use >= instead of > to avoid truncation. Approved by: re (kib)
* Document r320760, ena(4) addition.gjb2017-07-073-0/+9
| | | | | | | | Add the ena(4) manual page. Add Amazon.com to the sponsors.ent file. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Rename releng/11.1 to RC2 as part of the 11.1-RELEASE cycle.gjb2017-07-071-1/+1
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFS11 r320753:gjb2017-07-071-1/+1
| | | | | | | | | MFC r320748: Allow passing NOPKG= to make(1) to enable the pkg-stage target from getting executed when NOPKG is defined but empty. Approved by: re (kib) Sponsored by: The FreeBSD Foundation
* Add MAP_GUARD and use it for stack grow area protection.kib2017-07-079-250/+311
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump __FreeBSD_version. This is an MFS of stable/11 r320666. MFC r320317: Implement address space guards. MFC r320338: Remove stale part of the comment. MFC r320339: Correctly handle small MAP_STACK requests. MFC r320344: For now, allow mprotect(2) over the guards to succeed regardless of the requested protection. MFC r320430: Treat the addr argument for mmap(2) request without MAP_FIXED flag as a hint. MFC r320560 (by alc): Modify vm_map_growstack() to protect itself from the possibility of the gap entry in the vm map being smaller than the sysctl-derived stack guard size. Approved by: re (delphij)
* MF11 r320731,320749,320759: Add Amazon Elastic Network Adapter drivercperciva2017-07-0719-1/+12317
| | | | | | | | | and turn it on in EC2 AMI builds Approved by: re (gjb) Relnotes: FreeBSD now supports "next generation" Enhanced Networking in the Amazon EC2 cloud Sponsored by: Amazon.com Inc. (original work)
* MF11 r320685: Update to ELF Tool Chain snapshot at r3561emaste2017-07-065-192/+620
| | | | | | | | | | | | | | | | | | | | | | | This update is primarily bug fixes in C++ symbol demangling, including: - rvalue reference - builtin type auto and decltype(auto) - revamped support for function return types - formatting fixes - omit void when its the only param - ref-qualifiers and others in function types - type qualifiers in pointer-to-member function types - incorrect handling regarding CV-qualifiers in function types - ref-qualifier found in nested-name - properly handle <name> ::= <substitute><template-args> - make sure that nested function name is not a substitute candidate - correctly handle expression in template args - skip unknown substitution abbreviations Also r320663 libelftc: bump version, tracking import in r320343 Approved by: re (gjb) Sponsored by: The FreeBSD Foundation
* MFS r320744: MFC r320690:markj2017-07-061-1/+1
| | | | | | | Defer ACPI taskqueue creation to SI_SUB_KICK_SCHEDULER. PR: 220277 Approved by: re (gjb)
* Update the pkg(8) configuration for the default installation andgjb2017-07-062-2/+2
| | | | | | | | | | | the dvd1.iso to use the quarterly set, now that the new quarterly branch exists and packages have built. This commit was deferred when branching releng/11.1, since the 2017Q3 branch did not exist yet. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFS11 r320697:gjb2017-07-061-19/+19
| | | | | | | | | | | | | MFC r320599: Fix Vagrant image upload after recent API changes. - Update ATLAS_UPLOAD_URL to avoid various regular expressions from failing to match due to redirections. - Use ATLAS_UPLOAD_URL throughout the script. - Adjust several regular expression patterns. Approved by: re (kib) Sponsored by: The FreeBSD Foundation
OpenPOWER on IntegriCloud