summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Bump patch level.delphij2017-11-291-1/+1
| | | | | | | | | | Reported by: Franco Fichtner <franco lastsummer de> Approved by: so
| * Fix multiple vulnerabilities of OpenSSL.delphij2017-11-294-8/+30
| | | | | | | | | | Security: FreeBSD-SA-17:11 Approved by: so
* | Add support to IF_ALLMULTI which enable the reception of all the multicast ↵Luiz Souza2017-11-162-9/+13
| | | | | | | | | | | | | | | | frames in a interface. Ticket #7710 (cherry picked from commit d292b5ce7adecee7f57cee347735bc336ec225ee)
* | Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4Renato Botelho2017-11-165-21/+35
|\ \ | |/
| * Correct patch level.gordon2017-11-151-1/+1
| | | | | | | | | | Approved by: so X-Pointy-Hat: gordon@
| * Properly bzero kldstat structure to prevent information leak. [SA-17:10]gordon2017-11-154-19/+33
| | | | | | | | | | | | Approved by: so Security: FreeBSD-SA-17:10.kldstat Security: CVE-2017-1088
| * Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]gordon2017-11-151-2/+2
| | | | | | | | | | | | Approved by: so Security: FreeBSD-SA-17:08.ptrace Security: CVE-2017-1086
* | Revert "Increase the EFI staging area to better fit the pfSense installer ↵Renato Botelho2017-11-161-1/+1
| | | | | | | | | | | | mfsroot." This reverts commit f7a77d2d71fe340b36e1bb10a73639d463c88e52.
* | pfctl: teach route-to to deal with interfaces with multiple addresseskp2017-11-151-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The route_host parsing code set the interface name, but only for the first node_host in the list. If that one happened to be the inet6 address and the rule wanted an inet address it'd get removed by remove_invalid_hosts() later on, and we'd have no interface name. We must set the interface name for all node_host entries in the list, not just the first one. PR: 223208 MFC after: 2 weeks (cherry picked from commit aba79e1cd8a16d326ebbf21cf6ed4ab2cb7c384e)
* | MFC: r325328jkim2017-11-13510-744/+3028
| | | | | | | | | | | | Merge OpenSSL 1.0.2m. (cherry picked from commit a88f0513c4cf81f98bab740e4f112f1a6d7f4d42)
* | MFC: r318899jkim2017-11-13502-1827/+2759
| | | | | | | | | | | | Merge OpenSSL 1.0.2l. (cherry picked from commit ffd1bb8c599181e0733f8e00d8d8198b4ea6a73b)
* | MFC r325355:ae2017-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use correct pointer in key_updateaddresses() when updating NAT-T config. key_updateaddresses() is used to update SA addresses and NAT-T configuration in SADB_UPDATE message. This is done using cloning SA content from old SA into new one. But addresses and NAT-T configuration are taking from SADB_UPDATE message. Use newsa pointer to set NAT-T properties into cloned SA. PR: 223382 (cherry picked from commit 847b00824ed795d29b483918686c7855f47b7297)
* | Add options IPSEC_SUPPORT to pfSense ARM kernel config.Luiz Souza2017-11-031-1/+3
| | | | | | | | (cherry picked from commit f0f1a6be4b54350ffc82b68d5f62afb46801ce70)
* | Fix indentation for r323068jpaetzel2017-11-035-5/+5
| | | | | | | | | | | | | | | | | | | | PR: 220170 Reported by: lidl MFC after: 3 days Pointyhat to: jpaetzel (cherry picked from commit b35131985ba34d195fcd9e25a16a979fff5c628d) (cherry picked from commit 957e5fdfa90fae8e3fe1ab547e91a0991c94f784)
* | Allow kldload tcpmd5jpaetzel2017-11-036-0/+6
| | | | | | | | | | | | | | | | PR: 220170 MFC after: 2 weeks (cherry picked from commit f7739d7e092d8732c6f89f4b3e8df007d620552c) (cherry picked from commit 221df4835e8b41b4615c2bbdc6d95fa804755b9c)
* | Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4Renato Botelho2017-11-0226-1229/+2154
|\ \ | |/
| * Update timezone database information. [EN-17:09]gordon2017-11-0226-1229/+2154
| | | | | | | | Approved by: so
* | Fix a use after free in arptimer().Luiz Souza2017-11-021-0/+3
| | | | | | | | | | | | | | | | | | | | Call callout_stop() to cancel any pending callout run in in_lltable_delete_entry(). Cloned interfaces can detach between the time the llentry is unlinked and the time when arptimer() will run and, as the llentry is already unlinked it cannot be properly freed anymore by clone detach. Ticket #7940 - Just a note: this issue affects all cloned interfaces and not just LAGG. (cherry picked from commit b4cd76cbbee9906ea6963b3e3dfb31dc97961d0d)
* | Make a small improvement in if_lagg.Luiz Souza2017-10-311-3/+7
| | | | | | | | | | | | When the lagg is being destroyed it is not necessary update the lladdr of all the lagg members every time we update the primary interface. (cherry picked from commit 256df827458c3e4e6719fae34999e3d7b9064b42)
* | Convert if_bridge.c back to if_start() to re-add the ALTQ support.Luiz Souza2017-10-301-32/+24
| | | | | | | | | | | | Ticket #7936 (cherry picked from commit 50319f09eeed57085eb665ce6f82de3c12ba18ee)
* | bridge: Set module versionkp2017-10-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | This ensures that the loader will not load the module if it's also built in to the kernel. PR: 220860 Submitted by: Eugene Grosbein <eugen@freebsd.org> Reported by: Marie Helene Kvello-Aune <marieheleneka@gmail.com> (cherry picked from commit deed61f436ecad351fabada7d9d0a80d9cd37b25)
* | Make if_bridge complain if it can't disable some capabilities.mav2017-10-271-2/+6
| | | | | | | | | | | | | | MFC after: 2 weeks Sponsored by: iXsystems, Inc. (cherry picked from commit 08f5e30a7cf6b3be2f5b82b2780940b8299cd1ea)
* | Remove excess CTLFLAG_VNETbdrewery2017-10-271-1/+1
| | | | | | | | | | | | Sponsored by: Dell EMC Isilon (cherry picked from commit 271abc089d73da5713a474e89b4150bf6f14326c)
* | Make the bandwidth internal storage an unsigned int in IPFW dummynet.Luiz Souza2017-10-264-9/+11
| | | | | | | | | | | | | | | | This allows the maximum value of 4294967295 (~4Gb/s) instead of previous value of 2147483647 (~2Gb/s). Ticket #7979 (cherry picked from commit e626f15967f568082f91c7caa2c76f262e34d8cb)
* | ipfw: dummynet: Add 'G' and 'g' suffix for bandwidth configuration/displaymanu2017-10-261-0/+5
| | | | | | | | | | | | | | MFC after: 2 weeks Sponsored by: Gandi.net (cherry picked from commit 72d95f352159d5294bd8a5a2bacf9a336403cdba)
* | Enable VTNET_LEGACY_TX when ALTQ is enabled.Luiz Souza2017-10-251-0/+4
| | | | | | | | | | | | Ticket #7594 (cherry picked from commit 8b0b143c0ec03cfbae87eab6a5f9d532be3ab357)
* | Do not count the input and output bytes, they are already accounted in the ↵Luiz Souza2017-10-251-2/+2
| | | | | | | | | | | | | | | | upper layers. Ticket #323 (cherry picked from commit cab33d82e0c871d7707432180c71bf0bd7d05533)
* | Look for the correct netgraph name when looking for VLANs in dot notation.Luiz Souza2017-10-241-2/+2
| | | | | | | | (cherry picked from commit b704d195464446419da88f4580ebaa5b2f8d7ac7)
* | Use the single byte FIFO, the correct implementation of the two bytes FIFO ↵Luiz Souza2017-10-201-69/+32
| | | | | | | | | | | | in FreeBSD would require more work (command and data buffers had both to be aligned). (cherry picked from commit 3dd92b2120658589d5b8c1f38012189e748b1ce9)
* | Zero the dummy bytes sent in reads.Luiz Souza2017-10-191-0/+1
| | | | | | | | (cherry picked from commit e12e2b20dc451e4110d925e5b6b372c51a420759)
* | White space fixes.Luiz Souza2017-10-191-4/+4
| | | | | | | | (cherry picked from commit 7caa01716bd9aac311a92814158ef328fcd40676)
* | Revert "Disable the SPI driver in pfSense for now."Luiz Souza2017-10-191-4/+0
| | | | | | | | This reverts commit 8022527ae5f593071041bc01d5dbd242af4711fb.
* | Disable the SPI driver in pfSense for now.Luiz Souza2017-10-191-0/+4
| |
* | Disable the two bytes FIFO after the transfer to keep the controller in a ↵Luiz Souza2017-10-191-0/+3
| | | | | | | | | | | | consistent state for the next boot. (cherry picked from commit bd6ea3220b0fc802a963ef22e362238a9969457a)
* | net/vlan: Revert 305177sephe2017-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | Miss read the parentheses. Reported by: oleg@ Reviewed by: hps@ MFC after: 3 days Sponsored by: Microsoft (cherry picked from commit bd9a963c1666164c8a15c436307497019ba41da4)
* | Speed up the SPI driver.Luiz Souza2017-10-181-1/+1
| | | | | | | | (cherry picked from commit 4f1e4b82cbc3dc3722e3c85eca3cdb87397b5227)
* | Enable the two bytes FIFO when possible.Luiz Souza2017-10-181-29/+75
| | | | | | | | | | | | Change to polling mode as the interrupt mode generates too many interrupts even using two bytes at time. (cherry picked from commit c0a2357e7ddfb919847cc341ea56f3b9b9783664)
* | Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4Renato Botelho2017-10-1815-54/+245
|\ \ | |/
| * Correct copy-paste. 11.1 is p2, not p13.gordon2017-10-171-1/+1
| | | | | | | | | | X-Pointy-Hat-To: gordon Approved by: so
| * Fix WPA2 protocol vulnerability. [SA-17:07]gordon2017-10-1715-54/+245
| | | | | | | | Approved by: so
* | ofw_spi: Parse property for the SPI mode and CS polarity.manu2017-10-1713-0/+46
| | | | | | | | | | | | | | | | | | | | | | As cs is stored in a uint32_t, use the last bit to store the active high flag as it's unlikely that we will have that much CS. Reviewed by: loos MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D8614 (cherry picked from commit f5f9058ccaec11fccc18817f45fff8859798a317)
* | Add config_intrhook_oneshot(): schedule an intrhook function and unregisterian2017-10-174-6/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it automatically after it runs. The config_intrhook mechanism allows a driver to stall the boot process until device(s) required for booting are available, by not allowing system inits to proceed until all intrhook functions have been unregistered. Virtually all existing code simply unregisters from within the hook function when it gets called. This new function makes that common usage more convenient. Instead of allocating and filling in a struct, passing it to a function that might (in theory) fail, and checking the return code, now a driver can simply call this cannot-fail routine, passing just the intrhook function and its arg. Differential Revision: https://reviews.freebsd.org/D11963 (cherry picked from commit 3dabf0d77785be405b3aa27de0590c5addd533dc)
* | Enable the SPI driver and the SPI flash on ARMADA38X kernel.Luiz Souza2017-10-181-0/+5
| | | | | | | | (cherry picked from commit a3d4f012dd055711ac32b2722a09e8a7baf371a5)
* | Add the SPI driver for the Marvell Armada 38x/Orion.Luiz Souza2017-10-182-0/+340
| | | | | | | | (cherry picked from commit 26b8b1dd71d1229bcd6f61ab1ae7f048fcf79675)
* | Add the ID for the Numonyx N25Q128 SPI Flash.Luiz Souza2017-10-181-0/+1
| | | | | | | | (cherry picked from commit 1cd8c69a847781eb61d8fcff93a77be1280bc303)
* | fix image alignmentJared Dillard2017-10-171-2/+2
| |
* | Import patch to fix hostres high CPU usageRenato Botelho2017-10-161-1/+2
| | | | | | | | Imported from: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209368
* | Add ATU dump routine, useful for switch state debugging.Luiz Souza2017-10-141-0/+51
| | | | | | | | (cherry picked from commit ea5e55e11b0fc0f5d14bd1b37687ccaaff0fa67d)
* | Fix a panic during boot caused by inadequate locking of some vt(4) driverjtl2017-10-111-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | data structures. vt_change_font() calls vtbuf_grow() to change some vt driver data structures. It uses TF_MUTE to prevent the console from trying to use those data structures while it changes them. During the early stage of the boot process, the vt driver's tc_done routine uses those data structures; however, it is currently called outside the TF_MUTE check. Move the tc_done routine inside the locked TF_MUTE check. PR: 217282 Reviewed by: ed, ray Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D9709 (cherry picked from commit 0f9beefcb0a50b15c03a0c62dc0f82cbaa001850)
* | Increase the EFI staging area to better fit the pfSense installer mfsroot.Luiz Souza2017-10-111-1/+1
| | | | | | | | (cherry picked from commit a98694e891ecb4b6a4eebd75ddffb6c56266fdec)
OpenPOWER on IntegriCloud