Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: releng/9.0
Commits on Apr 2, 2013
  1. @delphij

    Fix OpenSSL multiple vulnerabilities. [13:03]

    delphij authored
    Fix BIND remote denial of service. [13:04]
    
    Security:	CVE-2013-0166, CVE-2013-0169
    Security:	FreeBSD-SA-13:03.openssl
    Security:	CVE-2013-2266
    Security:	FreeBSD-SA-13:04.bind
    Approved by:	so
Commits on Feb 19, 2013
  1. Fix Denial of Service vulnerability in named(8) with DNS64. [13:01]

    bz authored
    Fix Denial of Service vulnerability in libc's glob(3) functionality.
    [13:02]
    
    Security:	CVE-2012-5688
    Security:	FreeBSD-SA-13:01.bind
    Security:	CVE-2010-2632
    Security:	FreeBSD-SA-13:02.libc
    Approved by:	so (simon, bz)
Commits on Nov 22, 2012
  1. @simonlbn

    Fix multiple Denial of Service vulnerabilities with named(8).

    simonlbn authored
    Fix insufficient message length validation for EAP-TLS messages.
    
    Fix Linux compatibility layer input validation error.
    
    Security:	FreeBSD-SA-12:06.bind
    Security:	FreeBSD-SA-12:07.hostapd
    Security:	FreeBSD-SA-12:08.linux
    Security:	CVE-2012-4244, CVE-2012-5166, CVE-2012-4445, CVE-2012-4576
    Approved by:	re
    Approved by:	security-officer
Commits on Aug 6, 2012
  1. @simonlbn

    Fix named(8) DNSSEC validation Denial of Service.

    simonlbn authored
    Security:	FreeBSD-SA-12:05.bind
    Security:	CVE-2012-3817
    Obtained from:	ISC
    Approved by:	so (simon)
Commits on Jun 12, 2012
  1. Fix a problem where zero-length RDATA fields can cause named(8) to cr…

    bz authored
    …ash.
    
    [12:03]
    
    Correct a privilege escalation when returning from kernel if
    running FreeBSD/amd64 on non-AMD processors. [12:04]
    
    Fix reference count errors in IPv6 code. [EN-12:02]
    
    Security:	CVE-2012-1667
    Security:	FreeBSD-SA-12:03.bind
    Security:	CVE-2012-0217
    Security:	FreeBSD-SA-12:04.sysret
    Security:	FreeBSD-EN-12:02.ipv6refcount
    Approved by:	so (simon, bz)
Commits on May 30, 2012
  1. Update the previous openssl fix. [12:01]

    bz authored
    Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
    
    Security:	FreeBSD-SA-12:01.openssl (revised)
    Security:	FreeBSD-SA-12:02.crypt
    Approved by:	so (bz, simon)
Commits on May 3, 2012
  1. Fix multiple OpenSSL vulnerabilities.

    bz authored
    Security:	CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
    Security:	CVE-2012-0884, CVE-2012-2110
    Security:	FreeBSD-SA-12:01.openssl
    Approved by:	so (bz,simon)
Commits on Jan 2, 2012
  1. MFC r229304:

    kensmith authored
    > The portion of r225757 that added the packages-9.0-release directory
    > was supposed to be MFCed closer to the release but that got missed.
    >
    > Pointy hat:   kensmith
    
    Approved by:	re (implicit)
  2. Ready to start the 9.0-RELEASE builds.

    kensmith authored
    Approved by:	re (implicit)
  3. Guess when we'll be ready to announce 9.0-RELEASE.

    kensmith authored
    Approved by:	re (implicit)
  4. Update branch target for 'make update'.

    kensmith authored
    Approved by:	re (implicit)
  5. MFC r229258:

    kensmith authored
    RELENG_9 exists now so updated commented out target branch.
    
    Approved by:	re (implicit)
Commits on Dec 31, 2011
  1. MFC r229067 (by obrien):

    bz authored
      Happy 2012 and may 9.0-RELEASE be a good one.
    
    Approved by:	re (kib)
Commits on Dec 30, 2011
  1. Clean up release/doc for 9.0R. Content updates will follow in

    hrs authored
    stable/9.
    
    Approved by:	re (kensmith)
Commits on Dec 23, 2011
  1. @cperciva

    Fix a problem whereby a corrupt DNS record can cause named to crash. …

    cperciva authored
    …[11:06]
    
    Add an API for alerting internal libc routines to the presence of
    "unsafe" paths post-chroot, and use it in ftpd. [11:07]
    
    Fix a buffer overflow in telnetd. [11:08]
    
    Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
    specified. [11:09]
    
    Add sanity checking of service names in pam_start. [11:10]
    
    Approved by:    so (cperciva)
    Approved by:    re (bz)
    Security:       FreeBSD-SA-11:06.bind
    Security:       FreeBSD-SA-11:07.chroot
    Security:       FreeBSD-SA-11:08.telnetd
    Security:       FreeBSD-SA-11:09.pam_ssh
    Security:       FreeBSD-SA-11:10.pam
Commits on Dec 19, 2011
  1. @glebius

    Merge r228472. For the sake of POLA for the whole 9.x timeline add

    glebius authored
    compatibility support for specifing IPv4 aliases in rc.conf without
    the "inet" keyword.
    
    Approved by:	re (bz)
  2. MFC r228457:

    ru authored
    The "inet" keyword in the "ifconfig_IF_aliasN" is mandatory for
    IPv4 aliases to work since network.subr@197139.
    
    Approved by:  re (bz)
Commits on Dec 13, 2011
  1. @dag-erling

    MFH r228384: validate the service name

    dag-erling authored
    Approved by:	re (kib)
    Security:	some poorly thought out programs allow the user to specify
    		the service name; this patch makes it harder to trick these
    		programs into loading and executing arbitrary code.
Commits on Dec 11, 2011
  1. @dag-erling

    MFH r228410: check for null passphrases, since openssl doesn't

    dag-erling authored
    Approved by:	re (kib)
    Security:	prevents users with unencrypted ssh keys (prohibited
    		unless the nullok option is specified) from logging in
    		by providing a bogus non-null passphrase.
Commits on Dec 3, 2011
  1. MFC r226649, 226651, 226652, 226653:

    hrs authored
    - Fix an issue that 127/8 is not configured when $ifconfig_DEFAULT is not empty.
    - Add description that IPv6 configuration will be ignored if $ifconfig_IF_ipv6
      is empty.
    - Move a configuration example "inet6 accept_rtadv" to just after the manual
      GUA configuration.
    - Add an example of $ipv6_prefix_IF.
    - Add support for removing addresses added by ipv6_prefix_hostid_addr_up()
      upon rc.d/netif stop.
    
    Approved by:	re (bz)
  2. MFC r226446:

    hrs authored
    Fix a problem that an interface unexpectedly becomes IFF_UP by
    just doing "ifconfing inet6 -ifdisabled" when the interface has
    ND6_IFF_AUTO_LINKLOCAL flag and no link-local address.
    
    Approved by:	re (bz)
  3. @nwhitehorn

    MFC r228194, MF9 r228240:

    nwhitehorn authored
    Prevent user astonishment by providing the shell option at the end, after
    any installer-provided configuration files have been copied. This allows
    users to edit their fstab, if desired, and to see what the installer has
    placed in rc.conf.
    
    Requested by:	phk
    Approved by:	re (kensmith)
  4. Ready for 9.0-RC3.

    kensmith authored
    Approved by:	re (implicit)
  5. MFC r228237:

    kensmith authored
    > Add a screen that asks if the user would like to enable crash dumps,
    > giving them a very brief description of the trade-offs.  Whether the
    > user opts in or out add an entry to what will become /etc/rc.conf
    > explaining what dumpdev is and how to turn on/off crash dumps.  The folks
    > who handle interacting with users submitting PRs have asked for this.
    >
    > Reviewed by:  nwhitehorn
    
    Approved by:	re (kib)
Commits on Dec 1, 2011
  1. Upgrade to BIND 9.8.1-P1 to address the following DDOS bug:

    dougb authored
    Recursive name servers are failing with an assertion:
    INSIST(! dns_rdataset_isassociated(sigrdataset))
    
    At this time it is not thought that authoritative-only servers
    are affected, but information about this bug is evolving rapidly.
    
    Because it may be possible to trigger this bug even on networks
    that do not allow untrusted users to access the recursive name
    servers (perhaps via specially crafted e-mail messages, and/or
    malicious web sites) it is recommended that ALL operators of
    recursive name servers upgrade immediately.
    
    For more information see:
    https://www.isc.org/software/bind/advisories/cve-2011-4313
    which will be updated as more information becomes available.
    
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
    
    Approved by:	re (kib)
  2. @bsdjhb

    MFC 227389: Remove some debugging printfs.

    bsdjhb authored
    Approved by:	re (bz)
  3. @glebius

    MFhead r228150:

    glebius authored
      Return value should be conditional on return value of pfsync_defer_ptr()
    
      PR:		kern/162947
      Submitted by:	Matthieu Kraus <matthieu.kraus s2008.tu-chemnitz.de>
    
    Approved by:	re (kib)
  4. MFC 228093

    gabor authored
      - Fix behavior of --null to match GNU grep
    
    MFC 228097
    
      - Call warnx() instead of errx() if a directory is not readable when using
        a recursive search.  This is the expected behavior instead of aborting.
    
    Approved by:	re (kib)
  5. MFC r228122:

    dougb authored
    If using DESTDIR we need to be sure to create a
    ${DESTDIR}/var/db/zoneinfo
    
    Approved by:	re (kensmith)
  6. MFC r227482:

    dougb authored
    The default setting, daily_accounting_compress="NO", was causing
    only 1 old file to be saved, so fix this.
    
    While I'm here, fix a very old off-by-one error causing 1 more
    file than specified in daily_accounting_save to be saved because
    acct.0 was not taken into account (pun intended). Change that, and
    use a more thorough method of finding old files to delete. Partly
    just because this is the right thing to do, but also to silently
    fix the extra log that would have been left behind forever with the
    previous method.
    
    Approved by:	re (kensmith)
Commits on Nov 29, 2011
  1. Adjust branch tag.

    pluknet authored
    This is a direct commit.
    
    Approved by:	re (kib)
  2. MFC: r228028

    marius authored
    - Based on a report on sparc64@ move V245 to the list of known working
      machines.
    - Mention that V480 with broken centerplanes have a chance of working with
      the WAR in the upcoming 8.3-RELEASE and 9.0-RELEASE.
    
    Approved by:	re (kib)
  3. MFC r225757,r225764:

    pluknet authored
    Update the default cvs tag for RELENG_9 by merging the following revisions:
    
    r225757 (by kensmith, partial):
     Shift head from 9.0-CURRENT to 10.0-CURRENT in preparation for releasing
     it from the 9.0-RELEASE release cycle code freeze.
    
    r225764 (by kensmith):
     Forgot to add "RELENG_8" to list of CVS tags.
    
    Reported by:	Milan Obuch <freebsd-current at dino sk> (cvs tag)
    Approved by:	re (kib)
  4. @cbrueffer

    MFC: r227666

    cbrueffer authored
    Add sfxge(4) to the hardware notes.
    
    Approved by:    re (bz)
  5. MFC: r227960

    marius authored
    Increase the CDMA sync timeout for Schizo bridges to 15 seconds as used by
    OpenSolaris. One second turned out to be not enough for certain loads while
    10 seconds were sufficient.
    Reported by: Peter Jeremy
    
    Approved by:	re (bz)
Something went wrong with that request. Please try again.