summaryrefslogtreecommitdiffstats
path: root/UPDATING
Commit message (Collapse)AuthorAgeFilesLines
* Fix heimdal KDC-REP service name validation vulnerability [SA-17:05]delphij2017-07-121-0/+7
| | | | | | Boot compatibility improvements with Azure VMs. [EN-17:06] Approved by: so
* Fix ipfilter(4) fragment handling panic.delphij2017-04-271-0/+4
| | | | | Security: FreeBSD-SA-17:04.ipfilter Approved by: so
* Fix multiple vulnerabilities of ntp. [SA-17:03]delphij2017-04-121-0/+7
| | | | | | Xen migration enhancements. [EN-17:05] Approved by: so
* Fix OpenSSL RC4_MD5 cipher vulnerability.delphij2017-02-231-0/+4
| | | | Approved by: so
* Fix multiple vulnerabilities of OpenSSH.delphij2017-01-111-0/+4
| | | | | | | Security: FreeBSD-SA-17:01.openssh Security: CVE-2016-10009 Security: CVE-2016-10010 Approved by: so
* Fix multiple vulnerabilities of ntp.delphij2016-12-221-0/+4
| | | | Approved by: so
* Merge r309688: address regressions in SA-16:37.libc.glebius2016-12-071-0/+4
| | | | | | PR: 215105 Submitted by: <jtd2004a sbcglobal.net> Approved by: so
* Fix possible login(1) argument injection in telnetd(8). [SA-16:36]glebius2016-12-061-0/+12
| | | | | | | | | | | | | | Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20] Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so
* Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]delphij2016-11-021-0/+7
| | | | | | | | Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:33.openssh Security: FreeBSD-SA-16:35.openssl Approved by: so
* Revised SA-16:15. The initial patch didn't cover all possible overflowsglebius2016-10-251-0/+6
| | | | | | | based on passing incorrect parameters to sysarch(2). Security: SA-16:15 Approved by: so
* Fix bspatch heap overflow vulnerability. [SA-16:29]delphij2016-10-101-0/+10
| | | | | | | | Fix multiple portsnap vulnerabilities. [SA-16:30] Fix multiple libarchive vulnerabilities. [SA-16:31] Approved by: so
* Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:delphij2016-09-261-0/+4
| | | | | | | | | | | | Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so
* Fix multiple OpenSSL vulnerabilitites.delphij2016-09-231-0/+4
| | | | | Approved by: so Security: FreeBSD-SA-16:26.openssl
* Release 6 errata notices for 10.3-RELEASE, all related to Microsoft Hyper-V.glebius2016-08-121-0/+16
| | | | | Submitted by: Dexuan Cui <decui microsoft.com>, gjb Approved by: so
* Fix bspatch heap overflow vulnerability. [SA-16:25]delphij2016-07-251-0/+8
| | | | | | | Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so
* Fix multiple ntp vulnerabilities.delphij2016-06-041-0/+4
| | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so
* Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]glebius2016-05-311-0/+9
| | | | | | | | Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21] Security: SA-16:20 Security: SA-16:21 Approved by: so
* - Use unsigned version of min() when handling arguments of SETFKEY ioctl.glebius2016-05-171-0/+7
| | | | | | | | | | | | - Validate that user supplied control message length in sendmsg(2) is not negative. Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so
* Fix multiple OpenSSL vulnerabilitites. [SA-16:17]delphij2016-05-041-1/+14
| | | | | | | | | | Fix performance regression in libc hash(3). [EN-16:06] Fix excessive latency in x86 IPI delivery. [EN-16:07] Fix memory leak in ZFS. [EN-16:08] Approved by: so
* Fix ntp multiple vulnerabilities.delphij2016-04-291-0/+4
| | | | Approved by: so
* Anticipate the expected 10.3-RELEASE date.marius2016-03-251-0/+3
| | | | Approved by: re (implicit)
* MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)des2016-01-241-0/+4
| | | | Remove the HPN and None cipher patches.
* MFC r286368: Remove guards around overwriting loader.rc and menu.rcdteske2016-01-071-0/+5
| | | | | | | | | | | | | There have been .local version of each for user modifications for some time This allows users to receive future updates to these files PR: 183765 Differential Revision: https://reviews.freebsd.org/D3176 Submitted by: Bertram Scharpf, Nikolai Lifanov (patch) Reviewed by: dteske, loos, eadler Approved by: bapt (mentor) Relnotes: yes Sponsored by: ScaleEngine Inc.
* Bump __FreeBSD_version since r292223 changed the internal interfacermacklem2015-12-141-0/+5
| | | | | between the nfsd.ko and nfscommon.ko modules such that they need to be upgraded to-gether.
* MFC r291605:bdrewery2015-12-081-8/+0
| | | | | Fix errors being ignored in many phases of the build since the bmake integration.
* MFC r289643: Document isp_*_multi firmware kernel modules removal.mav2015-11-131-0/+5
|
* Upgrade NTP to 4.2.8p4.glebius2015-10-261-0/+3
| | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
* MFC r284405:ngie2015-10-251-0/+6
| | | | | | Remove ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support from atf.test.mk The legacy atf tools were removed in atf 0.20
* MFC r286469, r286591, r286595, r286596, r286613:ian2015-08-231-0/+14
| | | | | | | | | | | | | | | | | Provide the tty-layer mutex when initializing the pps api. This allows time_pps_fetch() to be used in blocking mode. Allow the choice of PPS signal captured by uart(4) to be runtime-configured, eliminating the need to build a custom kernel to use the CTS signal. Correct the polarity of the PPS assert and clear events with respect to the electrical signals on the serial port. Document the change in polarity of the uart(4) PPS capture. Style fix -- do the braces for switches correctly. Relnotes: yes
* MFC r280451:mav2015-08-221-0/+6
| | | | | | | Remove from legacy ata(4) driver support for hardware, supported by newer and more functional drivers ahci(4), siis(4) and mvs(4). This removes about 3400 lines of code, unused since FreeBSD 9.0 release.
* Add 10.2-RELEASE to UPDATING, forgotten with prior related commits.gjb2015-08-191-0/+3
| | | | | Submitted by: junovitch Sponsored by: The FreeBSD Foundation
* MFC: r285946 and r285947smh2015-07-311-0/+8
| | | | | | Add warning about low KSTACK_PAGES for ZFS use. Sponsored by: Multiplay
* MFH (r276605, r282089): upgrade to latest Unbounddes2015-07-061-0/+6
| | | | | | | | | | | | | | MFH (r276699, r276702, r277057): local control socket MFH (r276599, r276612, r282087, r282088): build fixes This brings in Unbound 1.5.3 from head. Local control sockets are now supported and will be used by default for new installations. Existing systems will continue to use TCP control sockets until the automated setup script is re-run ("service local_unbound setup") and the service restarted ("service local_unbound restart"). Approved by: re (kib) Relnotes: yes
* Add a note on the second sendmail fix for WeakDH interoperability.gshapiro2015-06-251-0/+4
|
* MFC: The fix for the issue described in the 20150614 sendmail entry hasgshapiro2015-06-171-0/+7
| | | | been been committed in revision 284485..
* MFC: Add a quick (?) note for users who may be having sendmail ↵gshapiro2015-06-151-0/+24
| | | | | | | interoperability issues due to the recent (FreeBSD-SA-15:10.openssl) OpenSSL change to reject 512 bit DH parameters. Affects 11-CURRENT and 10-STABLE.
* MFC r282208:smh2015-06-011-0/+4
| | | | | | | Standardise chmod, chflags, chown and chgrp recursive symlink processing Relnotes: Yes Sponsored by: Multiplay
* MFC r275805:tijl2015-04-301-0/+4
| | | | | | | | | | | | | Fix incorrect type of "invalids" argument in __iconv() prototype. MFC r281550,281591: Remove the const qualifier from iconv(3) to comply with POSIX: http://pubs.opengroup.org/onlinepubs/9699919799/functions/iconv.html Adjust all code that calls iconv. PR: 199099
* Correct to the stable/10 commit in UPDATING and specify the correct ↵sbruno2014-12-151-2/+2
| | | | | | ports/UPDATING note.
* MFC r271982 and r271990 to support CentOS 6 ports.sbruno2014-12-151-0/+10
|
* MFC r272057,r272083,r272084,r272087,r274016:ngie2014-12-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r272057: Import pjdfstest from ^/vendor/pjdfstest/abf03c3a47745d4521b0e4aa141317553ca48f91 - Remove tools/regression/pjdfstest - Add upgrade directions for contrib/pjdfstest - Add a note to UPDATING for the move (the reachover Makefiles are coming soon) Functional differences: - ftruncate testcases are added from upstream (github) Non-functional differences: - The copyright for the project has been updated to 2012 - pjd's contact information has been updated Discussed with: -testing, jmmv, pjd Sponsored by: EMC / Isilon Storage Division r272083: Expect ELOOP on Darwin/Linux with "O_NOFOLLOW was specified and the target is a symbolic link" case. Assume EMLINK on the rest of the OSes (FreeBSD, Solaris, etc) Sponsored by: EMC / Isilon Storage Division r272084: Fix the executed testplan count Sponsored by: EMC / Isilon Storage Division r272087: Increase the memory disk size in the following testcases to avoid mount failures, which would cause cascade failures in the rest of the test run: link/15.t, open/19.t, mkdir/11.t, mkfifo/11.t, symlink/11.t Fail quickly in all of the testcases if mdconfig, mount, umount, etc fails to avoid issues similar to this in the future Submitted by: Casey Peel <cpeel@isilon.com> Sponsored by: EMC / Isilon Storage Division r274016: Integrate pjdfstest test suite execution into kyua pjdfstest execution is opt-in and must be done as root due to some of the assumptions made by the test suite and lack of error checking in the non-root case A description of how to execute pjdfstest with kyua is provided in share/pjdfstest/README Phabric: D824 (an earlier prototype patch) Relnotes: yes Sponsored by: EMC / Isilon Storage Division
* Anticipate when we'll be ready to announce 10.1-RELEASE.gjb2014-11-111-0/+3
| | | | | Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* MFC r267176, r267181, r268445 (ATF-related commits):ngie2014-09-091-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Phabric: https://reviews.freebsd.org/D706 Approved by: rpaulo (mentor) Approved by: re (gjb) Reviewed by: jmmv Sponsored by: EMC / Isilon Storage Division r267176: Add the *_TESTS_SH_SED_* functionality to atf.test.mk. This exists already in plain.test.mk and tap.test.mk and should have been added to atf.test.mk too when the feature was first introduced. (It is probably time to address the related TODOs but I will do that separately.) r267181: Move atf-sh from /usr/bin/ to /usr/libexec/ In r266650, we made libatf-c and libatf-c++ private libraries so that no components outside of the source tree could unintendedly depend on them. This change does the same for the "atf-sh library" by moving the atf-sh interpreter from its public location in /usr/bin/ to the private location in /usr/libexec/. Our build system will ensure that our own test programs use the right binary, but users won't be able to depend on atf-sh by "mistake". Committing this now to ride the UPDATING notice added with r267172 today. r268445: Fix atf-sh's integration_test With the move of atf-sh into /usr/libexec in r267181, some of the tests in the integration_test program broke because they could not execute atf-sh from the path any longer. This slipped through because I do have a local atf installation in my home directory that appears in my path, hence the tests could still execute my own version. Fix this by forcing /usr/libexec to appear at the beginning of the path when attempting to execute atf-sh. To make upgrading easy (and to avoid an unnecessary entry in UPDATING), make integration_test depend on the Makefile so that a rebuild of the shell script is triggered. This requires a hack in the *.test.mk files to ensure the Makefile is not treated as a source to the generated program. Ugly, I know, but I don't have a better way of doing this at the moment. Will think of one once I address the TODO in the *.test.mk files that suggests generalizing the file generation functionality. PR: 191052 Reviewed by: Garrett Cooper
* Add UPDATING entry for r271116emaste2014-09-041-0/+7
| | | | Noticed by: nwhitehorn
* MFC r266650, r267172 (both by jmmv):ngie2014-08-311-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r266650: Change libatf-c and libatf-c++ to be private libraries. We should not be leaking these interfaces to the outside world given that it's much easier for third-party components to use the devel/atf package from ports. As a side-effect, we can also drop the ATF pkgconfig and aclocal files from the base system. Nothing in the base system needs these, and it was quite ugly to have to get them installed only so that a few ports could build. The offending ports have been fixed to depend on devel/atf explicitly. Reviewed by: bapt r267172: Homogenize libatf-* version numbers with upstream. The libatf-* major version numbers in FreeBSD were one version ahead of upstream because, when atf was first imported into FreeBSD, the upstream numbers were not respected. This is just confusing and bound to cause problems down the road. Fix this by taking advantage of the fact that libatf-* are now private and that atf is not yet built by default. However, and unfortunately, a clean build is needed for tests to continue working once "make delete-old-libs" has been run; hence the note in UPDATING. Phabric: D701 Approved by: jmmv (maintainer, mentor)
* MFH (r268864): document local_unbound changes (forgotten in r269257)des2014-08-231-0/+8
|
* Make the ixgbe tunables now match their sysctl counterparts.smh2014-08-141-0/+5
| | | | | | | | | | | | Previously the tunables and sysctls had different names for example: hw.ixgbe.enable_aim => hw.ix.enable_aim Anyone using ixgbe tunables should ensure they update /boot/loader.conf. This is a direct commit to stable as the changes to sysctls in head already fix this issue in a different way. Sponsored by: Multiplay
* Add an UPDATING entry for the __FreeBSD_version bump relatedrmacklem2014-08-011-0/+5
| | | | to r269398.
* MFC r263749,267146:imp2014-07-171-0/+7
| | | | | | | | | | | | | | | | | | | | | >r267146 | imp | 2014-06-05 22:08:55 -0600 (Thu, 05 Jun 2014) | 4 lines >Restore comments accidentally removed. >r263749 | imp | 2014-03-25 16:08:31 -0600 (Tue, 25 Mar 2014) | 18 lines >Rather than require a makeoptions DEBUG to get debug correct, >add it in kern.mk, but only if we're using clang. While this >option is supported by both clang and gcc, in the future there >may be changes to clang which change the defaults that require >a tweak to build our kernel such that other tools in our tree >will work. Set a good example by forcing -gdwarf-2 only for >clang builds, and only if the user hasn't specified another >dwarf level already. Update UPDATING to reflect the changed >state of affairs. This also keeps us from having to update >all the ARM kernels to add this, and also keeps us from >in the future having to update all the MIPS kernels and is >one less place the user will have to know to do something >special for clang and one less thing developers will need >to do when moving an architecture to clang.
* Document CTL and iSCSI ABI breakages.mav2014-07-151-0/+5
|
OpenPOWER on IntegriCloud