| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Disabled ixgbe(4) flow-director support. [EN-15:14]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
|
|
|
|
|
|
| |
Security: CVE-2015-1283
Security: FreeBSD-SA-15:20.expat
Approved by: so
|
|
|
|
|
|
| |
Fix routed remote denial of service vulnerability. [SA-15:19]
Approved by: so
|
|
|
|
|
| |
Noticed by: Piotr Kubaj
Approved by: so
|
|
|
|
|
|
|
| |
Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: so
|
|
|
|
|
|
|
|
| |
[EN-15:09] Fix inconsistency between locale and rune locale states.
[EN-15:10] Improved iconv(3) UTF-7 support.
Approved by: so
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
|
|
|
|
|
| |
Security: FreeBSD-SA-15:10.openssl
Approved by: so
|
|
|
|
|
|
|
|
|
| |
service issues. [EN-15:06]
Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
[EN-15:07]
Approved by: so
|
|
|
|
|
|
|
|
| |
upgrade was completed. [EN-15:04]
Fix deadlock on reboot with UFS tuned with SU+J. [EN-15:05]
Approved by: so
|
|
|
|
|
|
|
|
|
|
| |
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
Approved by: so
|
|
|
|
|
|
|
|
|
| |
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
|
|
|
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
Approved by: so
|
|
|
|
|
|
|
|
|
|
| |
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
|
|
|
|
|
|
|
|
|
|
| |
and SCTP stream reset vulnerability.
Security: FreeBSD-SA-15:02.kmem
Security: CVE-2014-8612
Security: FreeBSD-SA-15:03.sctp
Security: CVE-2014-8613
Approved by: so
|
|
|
|
| |
Approved by: so
|
|
|
|
|
|
| |
[EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so
|
|
|
|
|
|
| |
Security: FreeBSD-SA-14:30.unbound
Security: CVE-2014-8602
Approved by: so
|
|
|
|
| |
Approved by: so
|
|
|
|
|
|
|
| |
for final 10.1-RELEASE builds.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
[SA-14:26] Fix remote command execution in ftp(1).
Approved by: re (gjb)
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware driver update from Mellanox Technologies, including:
- improved performance
- better stability
- new features
- bugfixes
Supported HCAs:
- ConnectX-2
- ConnectX-3
- ConnectX-3 Pro
NOTE:
- TSO feature needs r271946, which is not yet merged.
Sponsored by: Mellanox Technologies
Approved by: re, glebius
|
|
|
|
|
|
|
|
|
|
|
|
| |
Import HyperV Key-Value Pair (KVP) driver and daemon code by Microsoft,
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
Approved by: re (gjb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert changes to shared code of the ixl and ixlv drivers to allow
for easier long-term maintainability.
Restrict the drivers to building on amd64 for now as it is
only tested on that 64bit architecture.
Just depend on PCI and neither INET nor INET6; also make sure we
can build individual drivers and they do not depend on each other
anymore.
Reviewed by: gnn, eric.joyner intel.com
PR: 193824
Approved by: re (gjb)
|
|
|
|
|
| |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
| |
r272128 reversal.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
| |
Though this passes the buildworld test, this fails during
installworld with:
make[3]: "/releng/scripts-release/chroots/10/i386/release/etc/devd/Makefile"
line 13: Malformed conditional (${MK_HYPERV} != "no")
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
| |
cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
| |
Import HyperV Key-Value Pair (KVP) driver and daemon code by Microsoft,
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
Approved by: re (gjb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement most of timer_{create,settime,gettime,getoverrun,delete}
for amd64/linux32. Fix the entirely bogus (untested) version from
r161310 for i386/linux using the same shared code in compat/linux.
It is unclear to me if we could support more clock mappings but
the current set allows me to successfully run commercial
32bit linux software under linuxolator on amd64.
Reviewed by: jhb
Differential Revision: D784
Sponsored by: DARPA, AFRL
Approved by: re (gjb)
|
|
|
|
|
|
|
| |
cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
| |
cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
Add mrsas(4) to GENERIC for i386 and amd64.
Approved by: re (gjb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r269601 (nwhitehorn):
Add a simple unaccelerated vt(4) framebuffer driver for Sun
framebuffers handled by creator(4) (Sun Creator 3D, Elite 3D, etc.).
This provides vt(4) consoles on all devices currently supported by
syscons on sparc64. The driver should also be easily adaptable to
support newer Sun framebuffers such as the XVR-500 and higher.
Many thanks to dumbbell@ (Jean-Sebastien Pedron) for testing this
remotely during development.
r269783 (dumbbell):
vt(4): Colors are indexed against a console palette, not a VGA palette
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r265871 (nwhitehorn):
Move the PS3 framebuffer console to use vt instead of syscons and
adjust GENERIC64 for PowerPC to use vt with it.
Much to my chagrin, PS3 support seems to have bitrotted somewhat since
the last time I tried it. ehci panics on attach and interrupt handling
seems to be faulty. This should be fixed soon...
r269783 (dumbbell):
Fix two files forgotten in r269783 (vt_generate_cons_palette)
r268895 (nwhitehorn):
Enable X11 via xf86-video-scfb on the Playstation 3. This commit made
from an xterm running for the first time on said Playstation.
Approved by: nwhitehorn
Relnotes: yes
|
|
|
|
| |
Enable the build of the Intel XL710 drivers, and fixes for that build.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bring in the new automounter, similar to what's provided in most other
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
Relnotes: yes
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
| |
code slush is in effect. (Forgotten on the 22nd.)
- Set the 10.1 as the .Fx mdoc(7) default.
- Update the TARGET_TRIPLE and BUILD_TRIPLE for clang(1)
to reflect 10.1.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
| |
- It was decided to change the driver name to if_ixl for FreeBSD
- This release adds the VF Driver to the tree, it can be built into
the kernel or as the if_ixlv module
- The VF driver is independent for the first time, this will be
desireable when full SRIOV capability is added to the OS.
Submitted by: jack.vogel@intel.com and eric.joyner@intel.com
|
|
|
|
|
|
|
|
| |
Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS
socket options. This includes managing the correspoing stat counters.
Add the SCTP_DETAILED_STR_STATS kernel option to control per policy
counters on every stream. The default is off and only an aggregated
counter is available. This is sufficient for the RTCWeb usecase.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r269413, r269428, r269440, r269537, r269644, r269731, and the cxgbe
portion of r270063.
r266571:
cxgbe(4): Remove stray if_up from the code that creates the tracing ifnet.
r266757:
cxgbe(4): netmap support for Terminator 5 (T5) based 10G/40G cards.
Netmap gets its own hardware-assisted virtual interface and won't take
over or disrupt the "normal" interface in any way. You can use both
simultaneously.
For kernels with DEV_NETMAP, cxgbe(4) carves out an ncxl<N> interface
(note the 'n' prefix) in the hardware to accompany each cxl<N>
interface. These two ifnet's per port share the same wire but really
are separate interfaces in the hardware and software. Each gets its own
L2 MAC addresses (unicast and multicast), MTU, checksum caps, etc. You
should run netmap on the 'n' interfaces only, that's what they are for.
With this, pkt-gen is able to transmit > 45Mpps out of a single 40G port
of a T580 card. 2 port tx is at ~56Mpps total (28M + 28M) as of now.
Single port receive is at 33Mpps but this is very much a work in
progress. I expect it to be closer to 40Mpps once done. In any case
the current effort can already saturate multiple 10G ports of a T5 card
at the smallest legal packet size. T4 gear is totally untested.
trantor:~# ./pkt-gen -i ncxl0 -f tx -D 00:07:43:ab:cd:ef
881.952141 main [1621] interface is ncxl0
881.952250 extract_ip_range [275] range is 10.0.0.1:0 to 10.0.0.1:0
881.952253 extract_ip_range [275] range is 10.1.0.1:0 to 10.1.0.1:0
881.962540 main [1804] mapped 334980KB at 0x801dff000
Sending on netmap:ncxl0: 4 queues, 1 threads and 1 cpus.
10.0.0.1 -> 10.1.0.1 (00:00:00:00:00:00 -> 00:07:43:ab:cd:ef)
881.962562 main [1882] Sending 512 packets every 0.000000000 s
881.962563 main [1884] Wait 2 secs for phy reset
884.088516 main [1886] Ready...
884.088535 nm_open [457] overriding ifname ncxl0 ringid 0x0 flags 0x1
884.088607 sender_body [996] start
884.093246 sender_body [1064] drop copy
885.090435 main_thread [1418] 45206353 pps (45289533 pkts in 1001840 usec)
886.091600 main_thread [1418] 45322792 pps (45375593 pkts in 1001165 usec)
887.092435 main_thread [1418] 45313992 pps (45351784 pkts in 1000834 usec)
888.094434 main_thread [1418] 45315765 pps (45406397 pkts in 1002000 usec)
889.095434 main_thread [1418] 45333218 pps (45378551 pkts in 1001000 usec)
890.097434 main_thread [1418] 45315247 pps (45405877 pkts in 1002000 usec)
891.099434 main_thread [1418] 45326515 pps (45417168 pkts in 1002000 usec)
892.101434 main_thread [1418] 45333039 pps (45423705 pkts in 1002000 usec)
893.103434 main_thread [1418] 45324105 pps (45414708 pkts in 1001999 usec)
894.105434 main_thread [1418] 45318042 pps (45408723 pkts in 1002001 usec)
895.106434 main_thread [1418] 45332430 pps (45377762 pkts in 1001000 usec)
896.107434 main_thread [1418] 45338072 pps (45383410 pkts in 1001000 usec)
...
r268536:
cxgbe(4): Add an iSCSI softc to the adapter structure.
r269076:
Some hooks in cxgbe(4) for the offloaded iSCSI driver.
r269364:
Improve compliance with style.Makefile(5).
r269366:
List one file per line in the Makefiles. This makes it easier to read
diffs when a file is added or removed.
r269411:
cxgbe(4): minor optimizations in ingress queue processing.
Reorganize struct sge_iq. Make the iq entry size a compile time
constant. While here, eliminate RX_FL_ESIZE and use EQ_ESIZE directly.
r269413:
cxgbe(4): Fix an off by one error when looking for the BAR2 doorbell
address of an egress queue.
r269428:
cxgbe(4): some optimizations in freelist handling.
r269440:
cxgbe(4): Remove an unused version of t4_enable_vi.
r269537:
cxgbe(4): Do not run any sleepable code in the SIOCSIFFLAGS handler when
IFF_PROMISC or IFF_ALLMULTI is being flipped. bpf(4) holds its global
mutex around ifpromisc in at least the bpf_dtor path.
r269644:
cxgbe(4): Let caller specify whether it's ok to sleep in
t4_sched_config and t4_sched_params.
r269731:
cxgbe(4): Do not poke T4-only registers on a T5 (and vice versa).
Relnotes: Yes (native netmap support for Chelsio T4/T5 cards)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove aicasm as a build dependency. It made sense when the ahc and ahd
drivers and their firmware were under active development, but those days
have passed. The firmware now exists in pre-compiled form, no longer
dependent on it's sources or on aicasm. If you wish to rebuild the
firmware from source, the glue still exists under the 'make firmware'
target in sys/modules/aic7xxx.
This also fixes the problem introduced with r257777 et al with building
kernels the old fashioned way in sys/$arch/compile/$CONFIG when the
ahc/ahd drivers were included.
|
|
|
|
|
|
|
|
|
|
| |
Changes to how the aicasm tool is built. This series of changes results
in the aicasm tool being built as part of the tools stages of world and
kernel builds.
Most of these changes will ultimately be undone when r260401 is MFC'd,
but it will leave in place the new kernel-build-tool machinery (KTMAKE
stuff) in case a new special kernel tool ever comes along.
|
|
|
|
| |
(vtnet and cxgbe not merged yet because we need some other mfc first)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set ofwbus and simplebus to attach during BUS_PASS_BUS.
Define names that drivers can use to adjust their position relative to
other drivers within a BUS_PASS
Adjust ofwbus and simplebus to attach at BUS_PASS_ORDER_MIDDLE, so that
a platform can attach some other bus first if necessary.
Set the pl310 L2 cache driver to attach during the middle of BUS_PASS_CPU.
Attach arm generic interrupt and timer drivers in the middle of
BUS_PASS_INTERRUPT and BUS_PASS_TIMER, respectively.
Add an arm option, ARM_DEVICE_MULTIPASS, used to opt-in to multi-pass
device attachment on arm platforms. If this is defined, nexus attaches
early in BUS_PASS_BUS, and other busses and devices attach later, in the
pass number they are set up for. Without it defined, nexus attaches in
BUS_PASS_DEFAULT and thus so does everything else, which is status quo.
|
|
|
|
| |
Add new USB phone descriptor template for USB device side mode.
|