Skip to content
Snippets Groups Projects
Select Git revision
0 result
Search by author
  • Any Author
0 authors
  1. Jan 16, 2017
    • Franco Fichtner's avatar
      netmap: manually backport multiple fixes · 17588645
      Franco Fichtner authored 
      o Restore netmap emulation mode to working order, including
  fixing the destructor panics on detach.
o Omit pipe additions to these fixes, likely problematic for
  Suricata to pass traffic like it does on 11.0 without this
  patch.
o Allow to build the module without errors in the tree.

Many thanks to Vincenzo Maffione for assistance and review!  :)

From b497fe34fd275da6b850bf271f510d02b888b8bc Mon Sep 17 00:00:00 2001
From: Giuseppe Lettieri <g.lettieri@iet.unipi.it>
Date: Thu, 2 Jun 2016 00:21:40 +0200
Subject: [PATCH] allocate only the rings requested by the user

From 09936864fa5b67b82ef4a9907819b7018e9a38f2 Mon Sep 17 00:00:00 2001
From: Giuseppe Lettieri <g.lettieri@iet.unipi.it>
Date: Wed, 20 Jul 2016 20:35:12 +0000
Subject: [PATCH] freebsd: fix const-related warning

From ab90c6c10224fefbb6a6c6e0b92e6ba80e5b694d Mon Sep 17 00:00:00 2001
From: Vincenzo Maffione <v.maffione@gmail.com>
Date: Wed, 28 Sep 2016 18:39:55 +0200
Subject: [PATCH] freebsd: generic: change mbuf allocation management

From fe811e11b2c37fc274a1134e1c10b2f6ada1a91c Mon Sep 17 00:00:00 2001
From: Vincenzo Maffione <v.maffione@gmail.com>
Date: Thu, 29 Sep 2016 08:54:52 +0200
Subject: [PATCH] freebsd: generic: call m_extadd() only once for each mbuf
      17.1.r1
      17588645
  3. Jan 12, 2017
    • Shawn Webb's avatar
      HBSD: Force -fPIC when building PIEs · 33c11a6a
      Shawn Webb authored 
      Help mitigate against CoReV attack[1]. We already force shared libraries
to be compiled with -fPIC.

[1]: https://sourceware.org/ml/libc-alpha/2016-12/msg00914.html



Signed-off-by: default avatarShawn Webb <shawn.webb@hardenedbsd.org>
MFC-to:		10-STABLE
MFC-to:		11-STABLE
(cherry picked from commit 19d38259535dbc6705d8ca3a8d644e4cc87bbf38)
      33c11a6a
    • rstone's avatar
      MFC r308580: · b85c1e36
      rstone authored 
        Don't read if_counters with if_addr_lock held

  Calling into an ifnet implementation with the if_addr_lock already
  held can cause a LOR and potentially a deadlock, as ifnet
  implementations typically can take the if_addr_lock after their
  own locks during configuration.  Refactor a sysctl handler that
  was violating this to read if_counter data in a temporary buffer
  before the if_addr_lock is taken, and then copying the data
  in its final location later, when the if_addr_lock is held.

  PR: 194109
  Reported by: Jean-Sebastien Pedron
  MFC after: 2 weeks
  Differential Revision:        https://reviews.freebsd.org/D8498
  Reviewed by: sbruno
      b85c1e36
  5. Jan 10, 2017
    • Franco Fichtner's avatar
      pf/ipfw/netinet[6]: IP forwarding rework, fixes IPv4 in pf(4) · e92bed1a
      Franco Fichtner authored 
      Based on feedback by countless users, this removes the if_output
calls in the pf code that escape pfil processing in IPv4 by going
the long way.  This is only partially applicable to FreeBSD and
we are working on fixing this in a full fashion in 12-CURRENT.

It also disables ip_tryforward() as that does not seem trivial
to convert as it is missing 12-CURRENT's nhop4/nhop6.  Maybe we
will see that in 11.1.

Many thanks to Andrey V. Elsukov (ae@) for giving this direction
and review.

Also see: https://reviews.freebsd.org/D8877
      e92bed1a
  7. Jan 11, 2017
  9. Jan 04, 2017
    • asomers's avatar
      Fix panic during lagg destruction with simultaneous status check · 939a6f97
      asomers authored 
      If you run "ifconfig lagg0 destroy" and "ifconfig lagg0" at the same time a
page fault may result. The first process will destroy ifp->if_lagg in
lagg_clone_destroy (called by if_clone_destroy). Then the second process
will observe that ifp->if_lagg is NULL at the top of lagg_port_ioctl and
goto fallback: where it will promptly dereference ifp->if_lagg anyway.

The solution is to repeat the NULL check for ifp->if_lagg

MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8512

Remove stray debugging code from r310180

Reported by:	rstone
Pointy hat to:	asomers
MFC after:	3 weeks
X-MFC-with:	310180
Sponsored by:	Spectra Logic Corp
      939a6f97
  11. Jan 03, 2017
  13. Dec 22, 2016
  15. Dec 18, 2016
    • marcel's avatar
      Improve upon r309394 · 2a899d3a
      marcel authored 
      Instead of taking an extra reference to deal with pfsync_q_ins()
and pfsync_q_del() taken and dropping a reference (resp,) make
it optional of those functions to take or drop a reference by
passing an extra argument.

Submitted by:	glebius@
      2a899d3a
  17. Dec 08, 2016
  19. Dec 07, 2016
  21. Dec 06, 2016
    • glebius's avatar
      Fix possible login(1) argument injection in telnetd(8). [SA-16:36] · 98fe4468
      glebius authored 
      Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Fix incorrectly defined unicode character(s). [EN-16:21]

Security:	FreeBSD-SA-16:36.telnetd
Security:	FreeBSD-SA-16:37.libc
Security:	FreeBSD-SA-16:38.bhyve
Errata Notice:	FreeBSD-EN-16:19.tzcode
Errata Notice:	FreeBSD-EN-16:20.tzdata
Errata Notice:	FreeBSD-EN-16:21.localedef
Approved by:	so
      98fe4468
    • glebius's avatar
      Merge r308330 by bapt: · bc28f716
      glebius authored 
        localedef: Fix ctype dump (fixed wide spread errors)

See original commit for longer description.

Errata Notice:	EN-16:21
Approved by:	so
      bc28f716
    • glebius's avatar
      Merge r307358 from stable/11: · 81ef9b08
      glebius authored 
          Incorporate a change from OpenBSD by millert@OpenBSD.org

    Don't warn about valid time zone abbreviations.  POSIX
    through 2000 says that an abbreviation cannot start with ':', and
    cannot contain ',', '-', '+', NUL, or a digit.  POSIX from 2001
    on changes this rule to say that an abbreviation can contain only
    '-', '+', and alphanumeric characters from the portable character
    set in the current locale.  To be portable to both sets of rules,
    an abbreviation must therefore use only ASCII letters."  Adapted
    from tzcode2015f.

Errata Notice:	EN-16:19.tzcode
Submitted by:	bapt
Approved by:	so
      81ef9b08
  23. Dec 03, 2016
    • marcel's avatar
      Fix use-after-free bugs in pfsync(4) · 4cb78e48
      marcel authored 
      Use after free happens for state that is deleted. The reference
count is what prevents the state from being freed. When the
state is dequeued, the reference count is dropped and the memory
freed. We can't dereference the next pointer or re-queue the
state.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8671
      4cb78e48
  25. Nov 24, 2016
  27. Nov 23, 2016
  29. Nov 09, 2016
  31. Nov 03, 2016
  33. Nov 02, 2016
  35. Oct 28, 2016
  37. Oct 25, 2016
  39. Oct 21, 2016
  41. Oct 13, 2016
  43. Oct 12, 2016
  45. Oct 11, 2016
  47. Oct 10, 2016
  49. Oct 08, 2016