Skip to content
Commits on Nov 18, 2004
  1. @cperciva

    FreeBSD-SA-04:16.fetch:

    cperciva committed
    MFC revision 1.75 of src/usr.bin/fetch/fetch.c
    Bump newvers.sh and document in UPDATING.
    
    Approved by:	so
Commits on May 20, 2004
  1. @dag-erling

    Merge updated patch from vendor branch (1.1.1.17)

    dag-erling committed
    Approved by:	so
Commits on May 19, 2004
  1. @dag-erling

    Bump and document patch level.

    dag-erling committed
    Approved by:	so
  2. @dag-erling

    Merge parser fix from vendor branch (rev 1.1.1.16)

    dag-erling committed
    Approved by:	so
Commits on Feb 5, 2004
Commits on Nov 27, 2003
Commits on Oct 10, 2003
  1. Repair build. sys/limits.h -> machine/limits.h

    nectar committed
    This should have been committed along with kern_subr.c 1.63.2.2.
    
    Noticed by:	Chris Grijzen <chrisgrijzen@hotmail.com>
Commits on Oct 3, 2003
  1. Correct vulnerabilities in OpenSSL ASN.1 parsing.

    nectar committed
    Obtained from:	openssl.org CVS
  2. Oops, FreeBSD 5.0 needs <machine/limits.h>, not <sys/limits.h>.

    nectar committed
    Noticed by:	LOD Billing Department <billing@lod.com>
  3. MFC procfs_dbregs.c 1.23, procfs_fpregs.c 1.29, procfs_regs.c 1.28,

    nectar committed
        pseudofs_vnops.c 1.42, kern_subr.c 1.77, uio.h 1.28:
    Correct several integer underflows/overflows in procfs and linprocfs.
Commits on Sep 25, 2003
  1. Fixed the update target to follow the correct CVS branch.

    ru committed
    Approved by:	nectar
  2. Bump patch level for updated arplookup fix.

    nectar committed
Commits on Sep 24, 2003
  1. @bms

    Fix a logic error in the check to see if arplookup() should free the …

    bms committed
    …route.
    
    Noticed by:	Mike Hogsett
    Reviewed by:	ru
Commits on Sep 23, 2003
  1. @bms

    Fix a bug in arplookup(), whereby a hostile party on a locally

    bms committed
    attached network could exhaust kernel memory, and cause a system
    panic, by sending a flood of spoofed ARP requests.
    
    Approved by:	security-officer, jake (mentor)
    Reported by:	Apple Product Security <product-security@apple.com>
Commits on Sep 17, 2003
  1. @gshapiro

    MFC: sendmail address parsing bug fix

    gshapiro committed
    Approved by:	so (nectar)
  2. MFC buffer.c 1.2, channels.c 1.16, deattack.c 1.1.1.6, misc.c 1.1.1.5,

    nectar committed
        session.c 1.41, ssh-agent.c 1.19:
    Correct more cases of allocation size bookkeeping errors.
Commits on Sep 16, 2003
  1. MFC buffer.c 1.1.1.7: Do not record expanded size before attempting to

    nectar committed
    reallocate associated memory.
  2. MFC buffer.c 1.1.1.7: Do not record expanded size before attempting to

    nectar committed
    reallocate associated memory.
Commits on Aug 25, 2003
Commits on Aug 10, 2003
  1. MFC sys_process.c 1.113, spigot.c 1.60:

    nectar committed
    Add or correct range checking of signal numbers in system calls and
    ioctls.
    
    MFC kern_sig.c 1.257:
    panic() if we try to handle an out-of-range signal number in psignal()/
    tdsignal().
Commits on Aug 3, 2003
  1. realpath(3) bug fix: There was an off-by-one error in computing the

    nectar committed
    size of the resulting canonical path.
Commits on Apr 22, 2003
  1. back out the previous patch (rev 1.11.2.1)

    suz committed
    (sorry for my wrong commit)
  2. MFC rev 1.15

    suz committed
      - fixed byte order of route lifetimes in route info options.
      - corrected wording in a log message.
    
    Obtained from: KAME
Commits on Mar 29, 2003
  1. @gshapiro

    Update FreeBSD Security Advisory Number

    gshapiro committed
    Approved by:	so (nectar)
  2. @gshapiro

    sendmail parsing buffer overflow fix

    gshapiro committed
    Advisory number to be filled in later
    
    Approved by:	so (nectar)
Commits on Mar 21, 2003
  1. MFC: crypto/openssl/ssl/s3_srvr.c 1.1.1.11

    jedgar committed
         Import of PKCS #1 security fix.
           http://www.openssl.org/news/secadv_20030319.txt
    
    MFC: crypto/openssl/crypto/rsa/rsa_eay.c 1.11
         crypto/openssl/crypto/rsa/rsa_lib.c  1.9
         Enable RSA blinding by default.
           http://www.openssl.org/news/secadv_20030317.txt
Commits on Mar 20, 2003
  1. MFC:

    jedgar committed
      src/lib/libc/xdr/xdr_mem.c 1.12
      src/include/rpc/xdr.h      1.23
    
    Clean up some signed/unsigned issues in the XDR code.
Commits on Mar 3, 2003
  1. @gshapiro

    FreeBSD-SA-03:04.sendmail: sendmail header parsing buffer overflow

    gshapiro committed
    Approved by:	security-officer (nectar)
Commits on Feb 23, 2003
Commits on Feb 22, 2003
  1. Merge the following from the English version:

    hrs committed
    	1.9.2.3 -> 1.9.2.4	errata/article.sgml
    	1.119.2.2 -> 1.119.2.3	hardware/common/dev.sgml
    	1.467.2.7 -> 1.467.2.8	relnotes/common/new.sgml
    
    Approved by:	security-officer (nectar)
Commits on Feb 20, 2003
  1. Update to OpenSSL 0.9.6i.

    nectar committed
Commits on Feb 14, 2003
  1. Correct lines incorrectly added to the copyright message. Add missing…

    mckusick committed
    … period.
    
    Submitted by:	Bruce Evans <bde@zeta.org.au>
    Sponsored by:   DARPA & NAI Labs.
  2. Correct lines incorrectly added to the copyright message.

    mckusick committed
    Submitted by:	Frank van der Linden <fvdl@wasabisystems.com>
    Sponsored by:   DARPA & NAI Labs.
Commits on Feb 4, 2003
  1. Document a fix in xe(4) (src/sys/dev/xe/if_xe.c revision 1.32.2.1)

    nectar committed
    which was slipped in accidently.  (This is not a security fix.)
Something went wrong with that request. Please try again.