summaryrefslogtreecommitdiffstats
path: root/UPDATING
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]delphij2016-11-021-0/+7
| | | | | | | | Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:33.openssh Security: FreeBSD-SA-16:35.openssl Approved by: so
* Revised SA-16:15. The initial patch didn't cover all possible overflowsglebius2016-10-251-0/+6
| | | | | | | based on passing incorrect parameters to sysarch(2). Security: SA-16:15 Approved by: so
* Fix bspatch heap overflow vulnerability. [SA-16:29]delphij2016-10-101-0/+10
| | | | | | | | Fix multiple portsnap vulnerabilities. [SA-16:30] Fix multiple libarchive vulnerabilities. [SA-16:31] Approved by: so
* Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:delphij2016-09-261-0/+4
| | | | | | | | | | | | Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so
* Fix multiple OpenSSL vulnerabilitites.delphij2016-09-231-0/+4
| | | | | Approved by: so Security: FreeBSD-SA-16:26.openssl
* Release 6 errata notices for 10.3-RELEASE, all related to Microsoft Hyper-V.glebius2016-08-121-0/+16
| | | | | Submitted by: Dexuan Cui <decui microsoft.com>, gjb Approved by: so
* Fix bspatch heap overflow vulnerability. [SA-16:25]delphij2016-07-251-0/+8
| | | | | | | Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so
* Fix multiple ntp vulnerabilities.delphij2016-06-041-0/+4
| | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so
* Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]glebius2016-05-311-0/+9
| | | | | | | | Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21] Security: SA-16:20 Security: SA-16:21 Approved by: so
* - Use unsigned version of min() when handling arguments of SETFKEY ioctl.glebius2016-05-171-0/+7
| | | | | | | | | | | | - Validate that user supplied control message length in sendmsg(2) is not negative. Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so
* Fix multiple OpenSSL vulnerabilitites. [SA-16:17]delphij2016-05-041-1/+14
| | | | | | | | | | Fix performance regression in libc hash(3). [EN-16:06] Fix excessive latency in x86 IPI delivery. [EN-16:07] Fix memory leak in ZFS. [EN-16:08] Approved by: so
* Fix ntp multiple vulnerabilities.delphij2016-04-291-0/+4
| | | | Approved by: so
* Anticipate the expected 10.3-RELEASE date.marius2016-03-251-0/+3
| | | | Approved by: re (implicit)
* MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)des2016-01-241-0/+4
| | | | Remove the HPN and None cipher patches.
* MFC r286368: Remove guards around overwriting loader.rc and menu.rcdteske2016-01-071-0/+5
| | | | | | | | | | | | | There have been .local version of each for user modifications for some time This allows users to receive future updates to these files PR: 183765 Differential Revision: https://reviews.freebsd.org/D3176 Submitted by: Bertram Scharpf, Nikolai Lifanov (patch) Reviewed by: dteske, loos, eadler Approved by: bapt (mentor) Relnotes: yes Sponsored by: ScaleEngine Inc.
* Bump __FreeBSD_version since r292223 changed the internal interfacermacklem2015-12-141-0/+5
| | | | | between the nfsd.ko and nfscommon.ko modules such that they need to be upgraded to-gether.
* MFC r291605:bdrewery2015-12-081-8/+0
| | | | | Fix errors being ignored in many phases of the build since the bmake integration.
* MFC r289643: Document isp_*_multi firmware kernel modules removal.mav2015-11-131-0/+5
|
* Upgrade NTP to 4.2.8p4.glebius2015-10-261-0/+3
| | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
* MFC r284405:ngie2015-10-251-0/+6
| | | | | | Remove ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support from atf.test.mk The legacy atf tools were removed in atf 0.20
* MFC r286469, r286591, r286595, r286596, r286613:ian2015-08-231-0/+14
| | | | | | | | | | | | | | | | | Provide the tty-layer mutex when initializing the pps api. This allows time_pps_fetch() to be used in blocking mode. Allow the choice of PPS signal captured by uart(4) to be runtime-configured, eliminating the need to build a custom kernel to use the CTS signal. Correct the polarity of the PPS assert and clear events with respect to the electrical signals on the serial port. Document the change in polarity of the uart(4) PPS capture. Style fix -- do the braces for switches correctly. Relnotes: yes
* MFC r280451:mav2015-08-221-0/+6
| | | | | | | Remove from legacy ata(4) driver support for hardware, supported by newer and more functional drivers ahci(4), siis(4) and mvs(4). This removes about 3400 lines of code, unused since FreeBSD 9.0 release.
* Add 10.2-RELEASE to UPDATING, forgotten with prior related commits.gjb2015-08-191-0/+3
| | | | | Submitted by: junovitch Sponsored by: The FreeBSD Foundation
* MFC: r285946 and r285947smh2015-07-311-0/+8
| | | | | | Add warning about low KSTACK_PAGES for ZFS use. Sponsored by: Multiplay
* MFH (r276605, r282089): upgrade to latest Unbounddes2015-07-061-0/+6
| | | | | | | | | | | | | | MFH (r276699, r276702, r277057): local control socket MFH (r276599, r276612, r282087, r282088): build fixes This brings in Unbound 1.5.3 from head. Local control sockets are now supported and will be used by default for new installations. Existing systems will continue to use TCP control sockets until the automated setup script is re-run ("service local_unbound setup") and the service restarted ("service local_unbound restart"). Approved by: re (kib) Relnotes: yes
* Add a note on the second sendmail fix for WeakDH interoperability.gshapiro2015-06-251-0/+4
|
* MFC: The fix for the issue described in the 20150614 sendmail entry hasgshapiro2015-06-171-0/+7
| | | | been been committed in revision 284485..
* MFC: Add a quick (?) note for users who may be having sendmail ↵gshapiro2015-06-151-0/+24
| | | | | | | interoperability issues due to the recent (FreeBSD-SA-15:10.openssl) OpenSSL change to reject 512 bit DH parameters. Affects 11-CURRENT and 10-STABLE.
* MFC r282208:smh2015-06-011-0/+4
| | | | | | | Standardise chmod, chflags, chown and chgrp recursive symlink processing Relnotes: Yes Sponsored by: Multiplay
* MFC r275805:tijl2015-04-301-0/+4
| | | | | | | | | | | | | Fix incorrect type of "invalids" argument in __iconv() prototype. MFC r281550,281591: Remove the const qualifier from iconv(3) to comply with POSIX: http://pubs.opengroup.org/onlinepubs/9699919799/functions/iconv.html Adjust all code that calls iconv. PR: 199099
* Correct to the stable/10 commit in UPDATING and specify the correct ↵sbruno2014-12-151-2/+2
| | | | | | ports/UPDATING note.
* MFC r271982 and r271990 to support CentOS 6 ports.sbruno2014-12-151-0/+10
|
* MFC r272057,r272083,r272084,r272087,r274016:ngie2014-12-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r272057: Import pjdfstest from ^/vendor/pjdfstest/abf03c3a47745d4521b0e4aa141317553ca48f91 - Remove tools/regression/pjdfstest - Add upgrade directions for contrib/pjdfstest - Add a note to UPDATING for the move (the reachover Makefiles are coming soon) Functional differences: - ftruncate testcases are added from upstream (github) Non-functional differences: - The copyright for the project has been updated to 2012 - pjd's contact information has been updated Discussed with: -testing, jmmv, pjd Sponsored by: EMC / Isilon Storage Division r272083: Expect ELOOP on Darwin/Linux with "O_NOFOLLOW was specified and the target is a symbolic link" case. Assume EMLINK on the rest of the OSes (FreeBSD, Solaris, etc) Sponsored by: EMC / Isilon Storage Division r272084: Fix the executed testplan count Sponsored by: EMC / Isilon Storage Division r272087: Increase the memory disk size in the following testcases to avoid mount failures, which would cause cascade failures in the rest of the test run: link/15.t, open/19.t, mkdir/11.t, mkfifo/11.t, symlink/11.t Fail quickly in all of the testcases if mdconfig, mount, umount, etc fails to avoid issues similar to this in the future Submitted by: Casey Peel <cpeel@isilon.com> Sponsored by: EMC / Isilon Storage Division r274016: Integrate pjdfstest test suite execution into kyua pjdfstest execution is opt-in and must be done as root due to some of the assumptions made by the test suite and lack of error checking in the non-root case A description of how to execute pjdfstest with kyua is provided in share/pjdfstest/README Phabric: D824 (an earlier prototype patch) Relnotes: yes Sponsored by: EMC / Isilon Storage Division
* Anticipate when we'll be ready to announce 10.1-RELEASE.gjb2014-11-111-0/+3
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFC r267176, r267181, r268445 (ATF-related commits):ngie2014-09-091-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Phabric: https://reviews.freebsd.org/D706 Approved by: rpaulo (mentor) Approved by: re (gjb) Reviewed by: jmmv Sponsored by: EMC / Isilon Storage Division r267176: Add the *_TESTS_SH_SED_* functionality to atf.test.mk. This exists already in plain.test.mk and tap.test.mk and should have been added to atf.test.mk too when the feature was first introduced. (It is probably time to address the related TODOs but I will do that separately.) r267181: Move atf-sh from /usr/bin/ to /usr/libexec/ In r266650, we made libatf-c and libatf-c++ private libraries so that no components outside of the source tree could unintendedly depend on them. This change does the same for the "atf-sh library" by moving the atf-sh interpreter from its public location in /usr/bin/ to the private location in /usr/libexec/. Our build system will ensure that our own test programs use the right binary, but users won't be able to depend on atf-sh by "mistake". Committing this now to ride the UPDATING notice added with r267172 today. r268445: Fix atf-sh's integration_test With the move of atf-sh into /usr/libexec in r267181, some of the tests in the integration_test program broke because they could not execute atf-sh from the path any longer. This slipped through because I do have a local atf installation in my home directory that appears in my path, hence the tests could still execute my own version. Fix this by forcing /usr/libexec to appear at the beginning of the path when attempting to execute atf-sh. To make upgrading easy (and to avoid an unnecessary entry in UPDATING), make integration_test depend on the Makefile so that a rebuild of the shell script is triggered. This requires a hack in the *.test.mk files to ensure the Makefile is not treated as a source to the generated program. Ugly, I know, but I don't have a better way of doing this at the moment. Will think of one once I address the TODO in the *.test.mk files that suggests generalizing the file generation functionality. PR: 191052 Reviewed by: Garrett Cooper
* Add UPDATING entry for r271116emaste2014-09-041-0/+7
| | | | Noticed by: nwhitehorn
* MFC r266650, r267172 (both by jmmv):ngie2014-08-311-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r266650: Change libatf-c and libatf-c++ to be private libraries. We should not be leaking these interfaces to the outside world given that it's much easier for third-party components to use the devel/atf package from ports. As a side-effect, we can also drop the ATF pkgconfig and aclocal files from the base system. Nothing in the base system needs these, and it was quite ugly to have to get them installed only so that a few ports could build. The offending ports have been fixed to depend on devel/atf explicitly. Reviewed by: bapt r267172: Homogenize libatf-* version numbers with upstream. The libatf-* major version numbers in FreeBSD were one version ahead of upstream because, when atf was first imported into FreeBSD, the upstream numbers were not respected. This is just confusing and bound to cause problems down the road. Fix this by taking advantage of the fact that libatf-* are now private and that atf is not yet built by default. However, and unfortunately, a clean build is needed for tests to continue working once "make delete-old-libs" has been run; hence the note in UPDATING. Phabric: D701 Approved by: jmmv (maintainer, mentor)
* MFH (r268864): document local_unbound changes (forgotten in r269257)des2014-08-231-0/+8
|
* Make the ixgbe tunables now match their sysctl counterparts.smh2014-08-141-0/+5
| | | | | | | | | | | | Previously the tunables and sysctls had different names for example: hw.ixgbe.enable_aim => hw.ix.enable_aim Anyone using ixgbe tunables should ensure they update /boot/loader.conf. This is a direct commit to stable as the changes to sysctls in head already fix this issue in a different way. Sponsored by: Multiplay
* Add an UPDATING entry for the __FreeBSD_version bump relatedrmacklem2014-08-011-0/+5
| | | | to r269398.
* MFC r263749,267146:imp2014-07-171-0/+7
| | | | | | | | | | | | | | | | | | | | | >r267146 | imp | 2014-06-05 22:08:55 -0600 (Thu, 05 Jun 2014) | 4 lines >Restore comments accidentally removed. >r263749 | imp | 2014-03-25 16:08:31 -0600 (Tue, 25 Mar 2014) | 18 lines >Rather than require a makeoptions DEBUG to get debug correct, >add it in kern.mk, but only if we're using clang. While this >option is supported by both clang and gcc, in the future there >may be changes to clang which change the defaults that require >a tweak to build our kernel such that other tools in our tree >will work. Set a good example by forcing -gdwarf-2 only for >clang builds, and only if the user hasn't specified another >dwarf level already. Update UPDATING to reflect the changed >state of affairs. This also keeps us from having to update >all the ARM kernels to add this, and also keeps us from >in the future having to update all the MIPS kernels and is >one less place the user will have to know to do something >special for clang and one less thing developers will need >to do when moving an architecture to clang.
* Document CTL and iSCSI ABI breakages.mav2014-07-151-0/+5
|
* MFC r268022: Rename the WITHOUT_VT_SUPPORT knob to WITHOUT_VTemaste2014-07-081-0/+5
| | | | | | The _SUPPORT knobs have a consistent meaning which differs from the behaviour controlled by this knob. As the knob is opt-out and has not appeared in a release the impact should be low.
* MFC r260913,266895:nwhitehorn2014-06-081-0/+7
| | | | | | | | | | Add a new flag to /etc/ttys: onifconsole. This is equivalent to "on" if the device is an active kernel console and "off" otherwise. This is designed to allow serial-booting x86 systems to provide a login prompt on the serial line by default without providing one on all systems by default. Set this flag on x86 systems for ttyu0. Comments and suggestions by: grehan, dteske, jilles
* MFC r265925:dim2014-05-261-0/+3
| | | | | | | | | | | | | | Upgrade our copy of llvm/clang to 3.4.1 release. This release contains mostly fixes, for the following upstream bugs: http://llvm.org/PR16365 http://llvm.org/PR17473 http://llvm.org/PR18000 http://llvm.org/PR18068 http://llvm.org/PR18102 http://llvm.org/PR18165 http://llvm.org/PR18260 http://llvm.org/PR18290 http://llvm.org/PR18316 http://llvm.org/PR18460 http://llvm.org/PR18473 http://llvm.org/PR18515 http://llvm.org/PR18526 http://llvm.org/PR18600 http://llvm.org/PR18762 http://llvm.org/PR18773 http://llvm.org/PR18860 http://llvm.org/PR18994 http://llvm.org/PR19007 http://llvm.org/PR19010 http://llvm.org/PR19033 http://llvm.org/PR19059 http://llvm.org/PR19144 http://llvm.org/PR19326
* MFC r264345:dim2014-04-141-11/+1
| | | | | | | | | | | Amend r263891, by making clang default to DWARF2 debug info format for all FreeBSD versions, not just 10.x and earlier. Apparently too many people seem to have trouble with post-1993 formats. Also remove the related notes about messing with kernel configuration files from UPDATING, which are now superfluous. Requested by: many
* MFC r263692:dim2014-03-271-1/+10
| | | | | | | Add a note to UPDATING about customized kernel configuration files now requiring -gdwarf-2 for debug info, when using clang 3.4. Suggested by: adrian
* MFC 261991:dim2014-03-211-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade our copy of llvm/clang to 3.4 release. This version supports all of the features in the current working draft of the upcoming C++ standard, provisionally named C++1y. The code generator's performance is greatly increased, and the loop auto-vectorizer is now enabled at -Os and -O2 in addition to -O3. The PowerPC backend has made several major improvements to code generation quality and compile time, and the X86, SPARC, ARM32, Aarch64 and SystemZ backends have all seen major feature work. Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.4/docs/ReleaseNotes.html> <http://llvm.org/releases/3.4/tools/clang/docs/ReleaseNotes.html> MFC 262121 (by emaste): Update lldb for clang/llvm 3.4 import This commit largely restores the lldb source to the upstream r196259 snapshot with the addition of threaded inferior support and a few bug fixes. Specific upstream lldb revisions restored include: SVN git 181387 779e6ac 181703 7bef4e2 182099 b31044e 182650 f2dcf35 182683 0d91b80 183862 15c1774 183929 99447a6 184177 0b2934b 184948 4dc3761 184954 007e7bc 186990 eebd175 Sponsored by: DARPA, AFRL MFC 262186 (by emaste): Fix mismerge in r262121 A break statement was lost in the merge. The error had no functional impact, but restore it to reduce the diff against upstream. MFC 262303: Pull in r197521 from upstream clang trunk (by rdivacky): Use the integrated assembler by default on FreeBSD/ppc and ppc64. Requested by: jhibbits MFC 262611: Pull in r196874 from upstream llvm trunk: Fix a crash that occurs when PWD is invalid. MCJIT needs to be able to run in hostile environments, even when PWD is invalid. There's no need to crash MCJIT in this case. The obvious fix is to simply leave MCContext's CompilationDir empty when PWD can't be determined. This way, MCJIT clients, and other clients that link with LLVM don't need a valid working directory. If we do want to guarantee valid CompilationDir, that should be done only for clients of getCompilationDir(). This is as simple as checking for an empty string. The only current use of getCompilationDir is EmitGenDwarfInfo, which won't conceivably run with an invalid working dir. However, in the purely hypothetically and untestable case that this happens, the AT_comp_dir will be omitted from the compilation_unit DIE. This should help fix assertions occurring with ports-mgmt/tinderbox, when it is using jails, and sometimes invalidates clang's current working directory. Reported by: decke MFC 262809: Pull in r203007 from upstream clang trunk: Don't produce an alias between destructors with different calling conventions. Fixes pr19007. (Please note that is an LLVM PR identifier, not a FreeBSD one.) This should fix Firefox and/or libxul crashes (due to problems with regparm/stdcall calling conventions) on i386. Reported by: multiple users on freebsd-current PR: bin/187103 MFC 263048: Repair recognition of "CC" as an alias for the C++ compiler, since it was silently broken by upstream for a Windows-specific use-case. Apparently some versions of CMake still rely on this archaic feature... Reported by: rakuco MFC 263049: Garbage collect the old way of adding the libstdc++ include directories in clang's InitHeaderSearch.cpp. This has been superseded by David Chisnall's commit in r255321. Moreover, if libc++ is used, the libstdc++ include directories should not be in the search path at all. These directories are now only used if you pass -stdlib=libstdc++.
* MFC various fixes for the ATF tests.jmmv2014-03-061-0/+8
| | | | | | | | | - r260505 Allow tests to provide a Kyuafile when they relied on auto-generation. - r260525 Respect the original layout of the atf-{c,c++} tests. - r260526 Fix path to the process_helpers for the libatf-c++ tests. - r260576 Generate and install pkg-config files for atf. - r260577 Add atf pkg-config files from the vendor branch. - r260584 Prevent misc_helpers from running as a test.
* (not quite, due to date difference) MFC r262719:delphij2014-03-031-0/+10
| | | | | | | | Document the fact that OpenSSH default configuration requires Capsicum capability mode support in kernel, which have been worked around later but it's still recommended to have it enabled. Reported by: many
OpenPOWER on IntegriCloud