Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 19, 2013
  1. Fix Denial of Service vulnerability in named(8) with DNS64. [13:01]

    bz committed
    Fix Denial of Service vulnerability in libc's glob(3) functionality.
    Security:	CVE-2012-5688
    Security:	FreeBSD-SA-13:01.bind
    Security:	CVE-2010-2632
    Security:	FreeBSD-SA-13:02.libc
    Approved by:	so (simon, bz)
Commits on Nov 22, 2012
  1. @simonlbn

    Fix multiple Denial of Service vulnerabilities with named(8).

    simonlbn committed
    Fix insufficient message length validation for EAP-TLS messages.
    Fix Linux compatibility layer input validation error.
    Security:	FreeBSD-SA-12:06.bind
    Security:	FreeBSD-SA-12:07.hostapd
    Security:	FreeBSD-SA-12:08.linux
    Security:	CVE-2012-4244, CVE-2012-5166, CVE-2012-4445, CVE-2012-4576
    Approved by:	re
    Approved by:	security-officer
Commits on Aug 6, 2012
  1. @simonlbn

    Fix named(8) DNSSEC validation Denial of Service.

    simonlbn committed
    Security:	FreeBSD-SA-12:05.bind
    Security:	CVE-2012-3817
    Obtained from:	ISC
    Approved by:	so (simon)
Commits on Jun 12, 2012
  1. Fix a problem where zero-length RDATA fields can cause named(8) to cr…

    bz committed
    Correct a privilege escalation when returning from kernel if
    running FreeBSD/amd64 on non-AMD processors. [12:04]
    Fix reference count errors in IPv6 code. [EN-12:02]
    Security:	CVE-2012-1667
    Security:	FreeBSD-SA-12:03.bind
    Security:	CVE-2012-0217
    Security:	FreeBSD-SA-12:04.sysret
    Security:	FreeBSD-EN-12:02.ipv6refcount
    Approved by:	so (simon, bz)
Commits on May 30, 2012
  1. Update the previous openssl fix. [12:01]

    bz committed
    Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
    Security:	FreeBSD-SA-12:01.openssl (revised)
    Security:	FreeBSD-SA-12:02.crypt
    Approved by:	so (bz, simon)
Commits on May 3, 2012
  1. Fix multiple OpenSSL vulnerabilities.

    bz committed
    Security:	CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
    Security:	CVE-2012-0884, CVE-2012-2110
    Security:	FreeBSD-SA-12:01.openssl
    Approved by:	so (bz,simon)
Commits on Jan 4, 2012
  1. @cperciva

    Extend the character set accepted by freebsd-update(8) in file

    cperciva committed
    names in order to allow upgrades to FreeBSD 9.0-RELEASE.
    Approved by:	so (cperciva)
    Errata Notice:	FreeBSD-EN-12:01.freebsd-update
Commits on Dec 23, 2011
  1. @cperciva

    Fix a problem whereby a corrupt DNS record can cause named to crash. …

    cperciva committed
    Add an API for alerting internal libc routines to the presence of
    "unsafe" paths post-chroot, and use it in ftpd. [11:07]
    Fix a buffer overflow in telnetd. [11:08]
    Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
    specified. [11:09]
    Add sanity checking of service names in pam_start. [11:10]
    Approved by:    so (cperciva)
    Approved by:    re (bz)
    Security:       FreeBSD-SA-11:06.bind
    Security:       FreeBSD-SA-11:07.chroot
    Security:       FreeBSD-SA-11:08.telnetd
    Security:       FreeBSD-SA-11:09.pam_ssh
    Security:       FreeBSD-SA-11:10.pam
Commits on Oct 4, 2011
  1. @cperciva

    Fix a bug in UNIX socket handling in the linux emulator which was

    cperciva committed
    exposed by the security fix in FreeBSD-SA-11:05.unix.
    Approved by:	so (cperciva)
    Approved by:	re (kib)
    Security:	Related to FreeBSD-SA-11:05.unix, but not actually
    		a security fix.
Commits on Sep 28, 2011
  1. Fix handling of corrupt compress(1)ed data. [11:04]

    bz committed
    Add missing length checks on unix socket addresses. [11:05]
    Approved by:	so (cperciva)
    Approved by:	re (kensmith)
    Security:	FreeBSD-SA-11:04.compress
    Security:	CVE-2011-2895 [11:04]
    Security:	FreeBSD-SA-11:05.unix
Commits on May 28, 2011
  1. @simonlbn

    Fix an off by one which can result in a assertion failure in BIND

    simonlbn committed
    related to large RRSIG RRsets and Negative Caching. This can cause
    named to crash.
    Security:	FreeBSD-SA-11:02.bind
    Security:	CVE-2011-1910
    Obtained from:	ISC
    Approved by:	so (simon)
Commits on Apr 20, 2011
  1. @cperciva

    Fix CIDR parsing bug in mountd ACLs.

    cperciva committed
    Approved by:	so (cperciva)
    Security:	FreeBSD-SA-11:01.mountd
Commits on Feb 16, 2011
  1. Ready for 7.4-RELEASE builds to start.

    kensmith committed
    Approved by:	re (implicit)
  2. Guess when all the bits will be in place for announcing 7.4-RELEASE.

    kensmith committed
    Approved by:	re (implicit)
Commits on Feb 13, 2011
  1. @simonlbn

    MFS 218634:

    simonlbn committed
    Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could
    cause OpenSSL to parse past the end of the message.
    Note: Applications are only affected if they act as a server and call
    SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
    Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
    The very quick merge is done to get this fix into 7.4 / 8.2.
    Approved by:	re (bz)
    Obtained from:	OpenSSL CVS
    Security:	CVE-2011-0014
Commits on Feb 11, 2011
  1. @bsdjhb

    MFC 218271:

    bsdjhb committed
    When turning off TCP_NOPUSH, only call tcp_output() to immediately flush
    any pending data if the connection is established.
    Approved by:	re (kib)
Commits on Jan 31, 2011
  1. MFC r218134:

    kensmith committed
    	Update to reflect the package layout for 7.4-RELEASE.
    Approved by:	re (implicit)
Commits on Jan 28, 2011
  1. Ready for 7.4-RC3 builds.

    kensmith committed
    Approved by:	re (implicit)
Commits on Jan 27, 2011
  1. @cperciva

    MFC r217872: Unbreak .Dd line.

    cperciva committed
    Approved by:    re (kib)
  2. @cperciva

    MFC r217869,217870: Fix .Dd lines in re(4) and nfe(4).

    cperciva committed
    Approved by:	re (kib)
Commits on Jan 25, 2011
  1. MFC stable/7 r217724

    jfv committed
    	Fix to kern/152853, misplaced pullup
    	in em_xmit breaks UDP tx, thanks to
    	Petr Lampa for the patch.
    Approved by: re (bz)
  2. MFC stable/7 r217723

    jfv committed
    	- Pieces of the failure path in em_xmit got
    	  mangled, correct it.
    	- local_timer had a leftover TX_UNLOCK without
    	  a matching TX_LOCK in the error path, remove it.
    Approved by: re (bz)
Commits on Jan 24, 2011
  1. MFC r217548:

    yongari committed
      Rework RX filter programming by providing separate handler for
      DP8381[56] and SiS 900/7016 controllers.  After r212119, sis(4) no
      longer reinitializes controller if ALLMULTI/PROMISC was changed.
      However, RX filter handling code assumed some bits of the RX filter
      is programmed by driver initialization. This caused ALLMULTI/PROMISC
      configuration is ignored under certain conditions.
      Fix that issue by reprogramming all bits of RX filter register.
      While I'm here follow recommended RX filter programming steps
      recommended by National DP8381[56] data sheet(RX filter should be
      is disabled before programming).
      Reported by:	Paul Schenkeveld < freebsd () psconsult dot nl >
      Tested by:	Paul Schenkeveld < freebsd () psconsult dot nl >
      Approved by:	re (bz)
Commits on Jan 22, 2011
  1. @kostikbel

    MFC r217383:

    kostikbel committed
    The (%esp & 0xf) == 0 should be true before the call instruction is
    executed, for the properly aligned stack.
    Approved by:	re (bz)
Commits on Jan 21, 2011
  1. MFC: r217464, r217468, r217475

    marius committed
    Add a manual page for rgephy(4) and reference it as appropriate. The
    motivation for having rgephy.4 is to document the special media option
    added in r217415 (MFC'ed to releng/7.4 in r217667).
    Approved by:	re (kib)
  2. MFC: r217415

    marius committed
    - Allow IFM_FLAG0 to be set indicating that auto-negotiation with manual
      configuration, which is used to work around issues with certain setups
      (see r161237) by default, should not be triggered as it may in turn
      cause harm in some edge cases.
    - Even after masking the media with IFM_GMASK the result may have bits
      besides the duplex ones set so just comparing it with IFM_FDX may lead
      to false negatives.
    - Announce PAUSE support also for manually selected 1000BASE-T, but for
      all manually selected media types only in full-duplex mode. Announce
      asymmetric PAUSE support only for manually selected 1000BASE-T.
    - Simplify setting the manual configuration bits to only once after we
      have figured them all out. This also means we no longer unnecessarily
      update the hardware along the road.
    - Remove a stale comment.
    Reviewed by:	yongari (plus additional testing)
    Approved by:	re (bz)
Commits on Jan 20, 2011
  1. MFC r217296:

    yongari committed
      For re(4) controllers that uses new jumbo frame scheme(RTL8168C/D/E),
      limit maximum RX buffer size to RE_RX_DESC_BUFLEN instead of
      blindly configuring it to 16KB. Due to lack of documentation, re(4)
      didn't allow jumbo frame on these controllers. However it seems
      controller is confused with jumbo frame such that it can DMA the
      received frame to wrong address instead of splitting it into
      multiple RX buffers. Of course, this caused panic.
      Since re(4) does not support jumbo frames on these controllers,
      make controller drop frame that is longer than RE_RX_DESC_BUFLEN
      sized frame. Fortunately RTL810x controllers, which do not support
      jumbo frame, have no such issues but this change also limited
      maximum RX buffer size allowed to RTL810x controllers. Allowing
      16KB RX buffer for controllers that have no such capability is
    Approved by:	re (bz)
Commits on Jan 19, 2011
  1. @simonlbn

    MFS7 r217562:

    simonlbn committed
     Decrease the libcrypto and libssl shared object version numbers from 6
     to 5. They were accidentally bumped in r215997 (on 2010-11-28) with the
     merge of OpenSSL 0.9.8p, but unfortunately this was not caught until
     Also add compat links for / (pointing to
     their .5 counterparts) in case any users have compiled any third party
     during the time stable/7 (and releng/7.4) were broken.
     This is deemed the last poor of bad options.  Had the number bump not
     been reverted binary packages for stable/7 would not have worked on the
     still supported 7.3 and 7.1 releases.
    Approved by:	re (kensmith)
Commits on Jan 11, 2011
  1. Ready for 7.4-RC2.

    kensmith committed
    Approved by:	re (implicit)
Commits on Jan 10, 2011
  1. MFC r217226:

    yongari committed
      Apply DMA address space restriction to controllers that have 4GB
      DMA boundary bug and runs with PCI-X mode.  watchdog timeout was
      observed on BCM5704 which lives behind certain PCI-X bridge(e.g.
      AMD 8131 PCI-X bridge).  It's still not clear whether the root
      cause came from that PCI-X bridge or not. The watchdog timeout
      indicates the issue is in TX path. If the bridge reorders TX
      mailbox write accesses it would generate all kinds of problems but
      I'm not sure.  This should be revisited.
      Early MFC requested by re@ for inclusion in 8.2-RC2/7.4-RC2.
      Tested by:	Michael L. Squires (mikes <> siralan dot org)
      Approved by:	re (kensmith)
  2. - Bump version numbers for the upcoming release.

    hrs committed
    - Clean-up old entries.
    Approved by:	re (implicit)
Commits on Jan 7, 2011
  1. MFC r216832: Make -S functional

    brian committed
    Approved by:	re (kib)
  2. MFC r210144 (originally committed by imp):

    lstewart committed
    Put warnings out to stderr rather than stdout.
    Approved by:	re (kib)
Commits on Jan 5, 2011
  1. MFC: r216891

    marius committed
    Extend the section in which interrupts are disabled in the TLB demap
    functions, otherwise if we get preempted after checking whether a certain
    pmap is active on the current CPU but before disabling interrupts we might
    operate on an outdated state as the pmap might have been deactivated in
    the meantime. As the same issue may arises when the TLB demap function is
    interrupted by a TLB demap IPI, just entering a critical section before
    the check isn't sufficient so we have to fully disable interrupts instead.
    Approved by:	re (kib)
Commits on Dec 31, 2010
  1. MFC r216848:

    bz committed
      Happy New Year 2011.
      Approved by:	core (kib)
    Approved by:	re (kib)
Something went wrong with that request. Please try again.