| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Boot compatibility improvements with Azure VMs. [EN-17:06]
Approved by: so
|
|
|
|
|
| |
Security: FreeBSD-SA-17:04.ipfilter
Approved by: so
|
|
|
|
|
|
| |
Xen migration enhancements. [EN-17:05]
Approved by: so
|
|
|
|
| |
Approved by: so
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-17:01.openssh
Security: CVE-2016-10009
Security: CVE-2016-10010
Approved by: so
|
|
|
|
| |
Approved by: so
|
|
|
|
|
|
| |
PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so
|
|
|
|
|
|
|
|
| |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:33.openssh
Security: FreeBSD-SA-16:35.openssl
Approved by: so
|
|
|
|
|
|
|
| |
based on passing incorrect parameters to sysarch(2).
Security: SA-16:15
Approved by: so
|
|
|
|
|
|
|
|
| |
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
|
|
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
|
|
|
|
| |
Submitted by: Dexuan Cui <decui microsoft.com>, gjb
Approved by: so
|
|
|
|
|
|
|
| |
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
|
|
|
|
|
| |
Security: FreeBSD-SA-16:24.ntp
Approved by: so
|
|
|
|
|
|
|
|
| |
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
|
|
|
|
|
|
|
|
|
|
| |
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
|
|
|
|
| |
Approved by: so
|
|
|
|
| |
Approved by: re (implicit)
|
|
|
|
| |
Remove the HPN and None cipher patches.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There have been .local version of each for user modifications for some time
This allows users to receive future updates to these files
PR: 183765
Differential Revision: https://reviews.freebsd.org/D3176
Submitted by: Bertram Scharpf, Nikolai Lifanov (patch)
Reviewed by: dteske, loos, eadler
Approved by: bapt (mentor)
Relnotes: yes
Sponsored by: ScaleEngine Inc.
|
|
|
|
|
| |
between the nfsd.ko and nfscommon.ko modules such that they need
to be upgraded to-gether.
|
|
|
|
|
| |
Fix errors being ignored in many phases of the build since the bmake
integration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-15:25.ntp
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
|
|
|
|
|
|
| |
Remove ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support from atf.test.mk
The legacy atf tools were removed in atf 0.20
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide the tty-layer mutex when initializing the pps api. This allows
time_pps_fetch() to be used in blocking mode.
Allow the choice of PPS signal captured by uart(4) to be runtime-configured,
eliminating the need to build a custom kernel to use the CTS signal.
Correct the polarity of the PPS assert and clear events with respect to the
electrical signals on the serial port.
Document the change in polarity of the uart(4) PPS capture.
Style fix -- do the braces for switches correctly.
Relnotes: yes
|
|
|
|
|
|
|
| |
Remove from legacy ata(4) driver support for hardware, supported by newer
and more functional drivers ahci(4), siis(4) and mvs(4).
This removes about 3400 lines of code, unused since FreeBSD 9.0 release.
|
|
|
|
|
| |
Submitted by: junovitch
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
Add warning about low KSTACK_PAGES for ZFS use.
Sponsored by: Multiplay
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH (r276699, r276702, r277057): local control socket
MFH (r276599, r276612, r282087, r282088): build fixes
This brings in Unbound 1.5.3 from head. Local control sockets are now
supported and will be used by default for new installations. Existing
systems will continue to use TCP control sockets until the automated
setup script is re-run ("service local_unbound setup") and the service
restarted ("service local_unbound restart").
Approved by: re (kib)
Relnotes: yes
|
| |
|
|
|
|
| |
been been committed in revision 284485..
|
|
|
|
|
|
|
| |
interoperability issues
due to the recent (FreeBSD-SA-15:10.openssl) OpenSSL change to reject 512 bit
DH parameters. Affects 11-CURRENT and 10-STABLE.
|
|
|
|
|
|
|
| |
Standardise chmod, chflags, chown and chgrp recursive symlink processing
Relnotes: Yes
Sponsored by: Multiplay
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix incorrect type of "invalids" argument in __iconv() prototype.
MFC r281550,281591:
Remove the const qualifier from iconv(3) to comply with POSIX:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/iconv.html
Adjust all code that calls iconv.
PR: 199099
|
|
|
|
|
|
| |
ports/UPDATING
note.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r272057:
Import pjdfstest from ^/vendor/pjdfstest/abf03c3a47745d4521b0e4aa141317553ca48f91
- Remove tools/regression/pjdfstest
- Add upgrade directions for contrib/pjdfstest
- Add a note to UPDATING for the move (the reachover Makefiles are coming
soon)
Functional differences:
- ftruncate testcases are added from upstream (github)
Non-functional differences:
- The copyright for the project has been updated to 2012
- pjd's contact information has been updated
Discussed with: -testing, jmmv, pjd
Sponsored by: EMC / Isilon Storage Division
r272083:
Expect ELOOP on Darwin/Linux with "O_NOFOLLOW was specified and the target is a
symbolic link" case. Assume EMLINK on the rest of the OSes (FreeBSD, Solaris,
etc)
Sponsored by: EMC / Isilon Storage Division
r272084:
Fix the executed testplan count
Sponsored by: EMC / Isilon Storage Division
r272087:
Increase the memory disk size in the following testcases to avoid mount
failures, which would cause cascade failures in the rest of the test
run:
link/15.t, open/19.t, mkdir/11.t, mkfifo/11.t, symlink/11.t
Fail quickly in all of the testcases if mdconfig, mount, umount, etc
fails to avoid issues similar to this in the future
Submitted by: Casey Peel <cpeel@isilon.com>
Sponsored by: EMC / Isilon Storage Division
r274016:
Integrate pjdfstest test suite execution into kyua
pjdfstest execution is opt-in and must be done as root due to some of the
assumptions made by the test suite and lack of error checking in the non-root
case
A description of how to execute pjdfstest with kyua is provided in
share/pjdfstest/README
Phabric: D824 (an earlier prototype patch)
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Phabric: https://reviews.freebsd.org/D706
Approved by: rpaulo (mentor)
Approved by: re (gjb)
Reviewed by: jmmv
Sponsored by: EMC / Isilon Storage Division
r267176:
Add the *_TESTS_SH_SED_* functionality to atf.test.mk.
This exists already in plain.test.mk and tap.test.mk and should have been
added to atf.test.mk too when the feature was first introduced.
(It is probably time to address the related TODOs but I will do that
separately.)
r267181:
Move atf-sh from /usr/bin/ to /usr/libexec/
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.
This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/. Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".
Committing this now to ride the UPDATING notice added with r267172 today.
r268445:
Fix atf-sh's integration_test
With the move of atf-sh into /usr/libexec in r267181, some of the
tests in the integration_test program broke because they could not
execute atf-sh from the path any longer.
This slipped through because I do have a local atf installation in
my home directory that appears in my path, hence the tests could
still execute my own version.
Fix this by forcing /usr/libexec to appear at the beginning of the
path when attempting to execute atf-sh.
To make upgrading easy (and to avoid an unnecessary entry in UPDATING),
make integration_test depend on the Makefile so that a rebuild of the
shell script is triggered. This requires a hack in the *.test.mk files
to ensure the Makefile is not treated as a source to the generated
program. Ugly, I know, but I don't have a better way of doing this at
the moment. Will think of one once I address the TODO in the *.test.mk
files that suggests generalizing the file generation functionality.
PR: 191052
Reviewed by: Garrett Cooper
|
|
|
|
| |
Noticed by: nwhitehorn
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r266650:
Change libatf-c and libatf-c++ to be private libraries.
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.
As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system. Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build. The offending ports have been fixed to depend on
devel/atf explicitly.
Reviewed by: bapt
r267172:
Homogenize libatf-* version numbers with upstream.
The libatf-* major version numbers in FreeBSD were one version ahead of
upstream because, when atf was first imported into FreeBSD, the upstream
numbers were not respected. This is just confusing and bound to cause
problems down the road.
Fix this by taking advantage of the fact that libatf-* are now private
and that atf is not yet built by default. However, and unfortunately, a
clean build is needed for tests to continue working once "make
delete-old-libs" has been run; hence the note in UPDATING.
Phabric: D701
Approved by: jmmv (maintainer, mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the tunables and sysctls had different names for example:
hw.ixgbe.enable_aim => hw.ix.enable_aim
Anyone using ixgbe tunables should ensure they update /boot/loader.conf.
This is a direct commit to stable as the changes to sysctls in head
already fix this issue in a different way.
Sponsored by: Multiplay
|
|
|
|
| |
to r269398.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
>r267146 | imp | 2014-06-05 22:08:55 -0600 (Thu, 05 Jun 2014) | 4 lines
>Restore comments accidentally removed.
>r263749 | imp | 2014-03-25 16:08:31 -0600 (Tue, 25 Mar 2014) | 18 lines
>Rather than require a makeoptions DEBUG to get debug correct,
>add it in kern.mk, but only if we're using clang. While this
>option is supported by both clang and gcc, in the future there
>may be changes to clang which change the defaults that require
>a tweak to build our kernel such that other tools in our tree
>will work. Set a good example by forcing -gdwarf-2 only for
>clang builds, and only if the user hasn't specified another
>dwarf level already. Update UPDATING to reflect the changed
>state of affairs. This also keeps us from having to update
>all the ARM kernels to add this, and also keeps us from
>in the future having to update all the MIPS kernels and is
>one less place the user will have to know to do something
>special for clang and one less thing developers will need
>to do when moving an architecture to clang.
|
| |
|