| @@ -1,620 +1,625 @@ | | | @@ -1,620 +1,625 @@ |
1 | # $NetBSD: CHANGES-7.1.3,v 1.1.2.63 2019/12/05 16:24:46 bouyer Exp $ | | 1 | # $NetBSD: CHANGES-7.1.3,v 1.1.2.64 2019/12/08 10:27:05 martin Exp $ |
2 | | | 2 | |
3 | A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 | | 3 | A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 |
4 | release: | | 4 | release: |
5 | | | 5 | |
6 | doc/README.files patched by hand | | 6 | doc/README.files patched by hand |
7 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand | | 7 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand |
8 | sys/sys/param.h patched by hand | | 8 | sys/sys/param.h patched by hand |
9 | | | 9 | |
10 | Welcome to 7.1.2_PATCH. | | 10 | Welcome to 7.1.2_PATCH. |
11 | [snj] | | 11 | [snj] |
12 | | | 12 | |
13 | sys/dev/ppbus/if_plip.c 1.28 | | 13 | sys/dev/ppbus/if_plip.c 1.28 |
14 | | | 14 | |
15 | Fix an spl(9) leak. | | 15 | Fix an spl(9) leak. |
16 | [msaitoh, ticket #1579] | | 16 | [msaitoh, ticket #1579] |
17 | | | 17 | |
18 | sys/sys/bitops.h 1.12-1.14 | | 18 | sys/sys/bitops.h 1.12-1.14 |
19 | | | 19 | |
20 | Fix sign issues. | | 20 | Fix sign issues. |
21 | Avoid undefined behaviour when a left shift may be greater than | | 21 | Avoid undefined behaviour when a left shift may be greater than |
22 | the size of the bitmap type. | | 22 | the size of the bitmap type. |
23 | [mrg, ticket #1582] | | 23 | [mrg, ticket #1582] |
24 | | | 24 | |
25 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.1 | | 25 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.1 |
26 | external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.5 | | 26 | external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.5 |
27 | external/public-domain/tz/dist/Makefile up to 1.1.1.20 | | 27 | external/public-domain/tz/dist/Makefile up to 1.1.1.20 |
28 | external/public-domain/tz/dist/NEWS up to 1.1.1.21 | | 28 | external/public-domain/tz/dist/NEWS up to 1.1.1.21 |
29 | external/public-domain/tz/dist/README up to 1.1.1.6 | | 29 | external/public-domain/tz/dist/README up to 1.1.1.6 |
30 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.11 | | 30 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.11 |
31 | external/public-domain/tz/dist/africa up to 1.1.1.14 | | 31 | external/public-domain/tz/dist/africa up to 1.1.1.14 |
32 | external/public-domain/tz/dist/antarctica up to 1.1.1.10 | | 32 | external/public-domain/tz/dist/antarctica up to 1.1.1.10 |
33 | external/public-domain/tz/dist/asia up to 1.1.1.19 | | 33 | external/public-domain/tz/dist/asia up to 1.1.1.19 |
34 | external/public-domain/tz/dist/australasia up to 1.1.1.14 | | 34 | external/public-domain/tz/dist/australasia up to 1.1.1.14 |
35 | external/public-domain/tz/dist/backzone up to 1.1.1.14 | | 35 | external/public-domain/tz/dist/backzone up to 1.1.1.14 |
36 | external/public-domain/tz/dist/checktab.awk up to 1.1.1.9 | | 36 | external/public-domain/tz/dist/checktab.awk up to 1.1.1.9 |
37 | external/public-domain/tz/dist/europe up to 1.1.1.20 | | 37 | external/public-domain/tz/dist/europe up to 1.1.1.20 |
38 | external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.9 | | 38 | external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.9 |
39 | external/public-domain/tz/dist/leapseconds up to 1.1.1.10 | | 39 | external/public-domain/tz/dist/leapseconds up to 1.1.1.10 |
40 | external/public-domain/tz/dist/northamerica up to 1.1.1.19 | | 40 | external/public-domain/tz/dist/northamerica up to 1.1.1.19 |
41 | external/public-domain/tz/dist/southamerica up to 1.1.1.14 | | 41 | external/public-domain/tz/dist/southamerica up to 1.1.1.14 |
42 | external/public-domain/tz/dist/theory.html up to 1.1.1.3 | | 42 | external/public-domain/tz/dist/theory.html up to 1.1.1.3 |
43 | external/public-domain/tz/dist/version up to 1.1.1.8 | | 43 | external/public-domain/tz/dist/version up to 1.1.1.8 |
44 | external/public-domain/tz/dist/zishrink.awk up to 1.1.1.3 | | 44 | external/public-domain/tz/dist/zishrink.awk up to 1.1.1.3 |
45 | external/public-domain/tz/dist/zone.tab up to 1.1.1.14 | | 45 | external/public-domain/tz/dist/zone.tab up to 1.1.1.14 |
46 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.16 | | 46 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.16 |
47 | doc/3RDPARTY 1.1506 (patch) | | 47 | doc/3RDPARTY 1.1506 (patch) |
48 | | | 48 | |
49 | Updated tzdata to 2018d. | | 49 | Updated tzdata to 2018d. |
50 | [kre, ticket #1589] | | 50 | [kre, ticket #1589] |
51 | | | 51 | |
52 | sys/netinet6/ip6_forward.c 1.91 (patch) | | 52 | sys/netinet6/ip6_forward.c 1.91 (patch) |
53 | | | 53 | |
54 | Fix two IPv6 ipsec use-after-free issues. | | 54 | Fix two IPv6 ipsec use-after-free issues. |
55 | [maxv, ticket #1590] | | 55 | [maxv, ticket #1590] |
56 | | | 56 | |
57 | sys/netinet6/raw_ip6.c 1.161 | | 57 | sys/netinet6/raw_ip6.c 1.161 |
58 | | | 58 | |
59 | Fix use-after-free. | | 59 | Fix use-after-free. |
60 | [maxv, ticket #1591] | | 60 | [maxv, ticket #1591] |
61 | | | 61 | |
62 | sys/net/npf/npf.h 1.55 | | 62 | sys/net/npf/npf.h 1.55 |
63 | | | 63 | |
64 | Fix an integer overflow that allows incoming IPv6 packets | | 64 | Fix an integer overflow that allows incoming IPv6 packets |
65 | to bypass a certain number of filtering rules. | | 65 | to bypass a certain number of filtering rules. |
66 | [maxv, ticket #1593] | | 66 | [maxv, ticket #1593] |
67 | | | 67 | |
68 | sys/kern/uipc_mbuf.c 1.182 | | 68 | sys/kern/uipc_mbuf.c 1.182 |
69 | sys/netinet/ip_reass.c 1.14 | | 69 | sys/netinet/ip_reass.c 1.14 |
70 | sys/netinet6/frag6.c 1.67 | | 70 | sys/netinet6/frag6.c 1.67 |
71 | sys/sys/mbuf.h 1.179 | | 71 | sys/sys/mbuf.h 1.179 |
72 | | | 72 | |
73 | Remove M_PKTHDR from secondary mbufs when reassembling packets. | | 73 | Remove M_PKTHDR from secondary mbufs when reassembling packets. |
74 | [maxv, ticket #1594] | | 74 | [maxv, ticket #1594] |
75 | | | 75 | |
76 | external/gpl3/binutils/dist/bfd/elflink.c 1.14 | | 76 | external/gpl3/binutils/dist/bfd/elflink.c 1.14 |
77 | | | 77 | |
78 | When trying to decide the status of a weak symbol, resolve any | | 78 | When trying to decide the status of a weak symbol, resolve any |
79 | indirectness first. | | 79 | indirectness first. |
80 | [joerg, ticket #1595] | | 80 | [joerg, ticket #1595] |
81 | | | 81 | |
82 | bin/ed/ed.1 1.32 | | 82 | bin/ed/ed.1 1.32 |
83 | bin/ed/main.c 1.29 | | 83 | bin/ed/main.c 1.29 |
84 | usr.bin/patch/pch.c 1.29 | | 84 | usr.bin/patch/pch.c 1.29 |
85 | | | 85 | |
86 | patch: Pass -S to ed(1) so that patches containing ! commands | | 86 | patch: Pass -S to ed(1) so that patches containing ! commands |
87 | don't run commands. | | 87 | don't run commands. |
88 | ed: add -S to disable ! commands. | | 88 | ed: add -S to disable ! commands. |
89 | [christos, ticket #1596] | | 89 | [christos, ticket #1596] |
90 | | | 90 | |
91 | sys/arch/amiga/amiga/cc.c 1.27 | | 91 | sys/arch/amiga/amiga/cc.c 1.27 |
92 | | | 92 | |
93 | Fix a spl(9) leak. | | 93 | Fix a spl(9) leak. |
94 | [msaitoh, ticket #1597] | | 94 | [msaitoh, ticket #1597] |
95 | | | 95 | |
96 | sys/kern/uipc_mbuf.c 1.190 | | 96 | sys/kern/uipc_mbuf.c 1.190 |
97 | | | 97 | |
98 | m_pkthdr_remove(): if the mbuf is shared leave M_PKTHDR | | 98 | m_pkthdr_remove(): if the mbuf is shared leave M_PKTHDR |
99 | in place. | | 99 | in place. |
100 | [maxv, ticket #1598] | | 100 | [maxv, ticket #1598] |
101 | | | 101 | |
102 | sys/netipsec/ipsec_mbuf.c 1.23,1.24 (patch) | | 102 | sys/netipsec/ipsec_mbuf.c 1.23,1.24 (patch) |
103 | | | 103 | |
104 | Don't assume M_PKTHDR is set only on the first mbuf of the chain. | | 104 | Don't assume M_PKTHDR is set only on the first mbuf of the chain. |
105 | Fix a pretty bad mistake (IPsec DoS). | | 105 | Fix a pretty bad mistake (IPsec DoS). |
106 | [maxv, ticket #1599] | | 106 | [maxv, ticket #1599] |
107 | | | 107 | |
108 | sys/netipsec/ipsec_output.c 1.67,1.75 (patch) | | 108 | sys/netipsec/ipsec_output.c 1.67,1.75 (patch) |
109 | | | 109 | |
110 | compute_ipsec_pos: strengthen checks to avoid overruns, | | 110 | compute_ipsec_pos: strengthen checks to avoid overruns, |
111 | allow the function to fail (and drop the misformed packet). | | 111 | allow the function to fail (and drop the misformed packet). |
112 | [maxv, ticket #1600] | | 112 | [maxv, ticket #1600] |
113 | | | 113 | |
114 | crypto/external/bsd/heimdal/dist/kdc/connect.c 1.3 | | 114 | crypto/external/bsd/heimdal/dist/kdc/connect.c 1.3 |
115 | | | 115 | |
116 | Avoid busy-waiting on a dead child. | | 116 | Avoid busy-waiting on a dead child. |
117 | [spz, ticket #1601] | | 117 | [spz, ticket #1601] |
118 | | | 118 | |
119 | sys/kern/uipc_mbuf.c 1.211 (patch) | | 119 | sys/kern/uipc_mbuf.c 1.211 (patch) |
120 | | | 120 | |
121 | Modify m_defrag, so that it never frees the first mbuf of | | 121 | Modify m_defrag, so that it never frees the first mbuf of |
122 | the chain. | | 122 | the chain. |
123 | [maxv, ticket #1602] | | 123 | [maxv, ticket #1602] |
124 | | | 124 | |
125 | sys/net/npf/npf_alg_icmp.c 1.27-1.29 | | 125 | sys/net/npf/npf_alg_icmp.c 1.27-1.29 |
126 | sys/net/npf/npf_inet.c 1.45 | | 126 | sys/net/npf/npf_inet.c 1.45 |
127 | | | 127 | |
128 | Fix use-after-free. | | 128 | Fix use-after-free. |
129 | [maxv, ticket #1605] | | 129 | [maxv, ticket #1605] |
130 | | | 130 | |
131 | sys/kern/uipc_mbuf.c 1.214 | | 131 | sys/kern/uipc_mbuf.c 1.214 |
132 | | | 132 | |
133 | Revert ticket #1598: | | 133 | Revert ticket #1598: |
134 | remove the M_READONLY check. The initial code was correct. | | 134 | remove the M_READONLY check. The initial code was correct. |
135 | [maxv, ticket #1606] | | 135 | [maxv, ticket #1606] |
136 | | | 136 | |
137 | sys/netinet/udp_usrreq.c 1.237 (patch) | | 137 | sys/netinet/udp_usrreq.c 1.237 (patch) |
138 | | | 138 | |
139 | Fix bad/wrong memory deallocations and dangling pointer | | 139 | Fix bad/wrong memory deallocations and dangling pointer |
140 | issues in NAT-T. | | 140 | issues in NAT-T. |
141 | [maxv, ticket #1607] | | 141 | [maxv, ticket #1607] |
142 | | | 142 | |
143 | sbin/fsck_lfs/bufcache.c 1.20 | | 143 | sbin/fsck_lfs/bufcache.c 1.20 |
144 | sbin/fsck_lfs/bufcache.h 1.14 | | 144 | sbin/fsck_lfs/bufcache.h 1.14 |
145 | | | 145 | |
146 | Fix incore(), use a 64bit logical block number. | | 146 | Fix incore(), use a 64bit logical block number. |
147 | [maya, ticket #1612] | | 147 | [maya, ticket #1612] |
148 | | | 148 | |
149 | usr.sbin/makefs/ffs.c 1.70 | | 149 | usr.sbin/makefs/ffs.c 1.70 |
150 | | | 150 | |
151 | Fix makefs UFS2 lazy inode initialization. | | 151 | Fix makefs UFS2 lazy inode initialization. |
152 | [maya, ticket #1615] | | 152 | [maya, ticket #1615] |
153 | | | 153 | |
154 | share/i18n/esdb/ISO-8859/ISO-8859.alias 1.4 | | 154 | share/i18n/esdb/ISO-8859/ISO-8859.alias 1.4 |
155 | | | 155 | |
156 | Add more aliases for Hebrew and Arabic ISO-8859-... encodings. | | 156 | Add more aliases for Hebrew and Arabic ISO-8859-... encodings. |
157 | [maya, ticket #1616] | | 157 | [maya, ticket #1616] |
158 | | | 158 | |
159 | xsrc/xfree/xc/programs/mkfontscale/ident.c (apply patch) | | 159 | xsrc/xfree/xc/programs/mkfontscale/ident.c (apply patch) |
160 | | | 160 | |
161 | Pass gzFile, not gzFile * to gzio functions. | | 161 | Pass gzFile, not gzFile * to gzio functions. |
162 | [mrg, ticket #1618] | | 162 | [mrg, ticket #1618] |
163 | | | 163 | |
164 | usr.bin/printf/printf.c 1.37-1.39 | | 164 | usr.bin/printf/printf.c 1.37-1.39 |
165 | | | 165 | |
166 | Fix some error handling. | | 166 | Fix some error handling. |
167 | Avoid running off into oblivion when a format string, | | 167 | Avoid running off into oblivion when a format string, |
168 | or arg to a %b conversion ends in an unescaped backslash. | | 168 | or arg to a %b conversion ends in an unescaped backslash. |
169 | Avoid printing error messages twice when an invalid | | 169 | Avoid printing error messages twice when an invalid |
170 | escape sequence (\ sequence) is present in an arg to a %b | | 170 | escape sequence (\ sequence) is present in an arg to a %b |
171 | conversion. | | 171 | conversion. |
172 | [kre, ticket #1619] | | 172 | [kre, ticket #1619] |
173 | | | 173 | |
174 | sys/netinet6/frag6.c 1.64 | | 174 | sys/netinet6/frag6.c 1.64 |
175 | | | 175 | |
176 | Ignore zero-sized fragments. | | 176 | Ignore zero-sized fragments. |
177 | [maxv, ticket #1630] | | 177 | [maxv, ticket #1630] |
178 | | | 178 | |
179 | xsrc/external/mit/libX11/dist/src/FontNames. (patch) | | 179 | xsrc/external/mit/libX11/dist/src/FontNames. (patch) |
180 | xsrc/external/mit/libX11/dist/src/GetFPath.c (patch) | | 180 | xsrc/external/mit/libX11/dist/src/GetFPath.c (patch) |
181 | xsrc/external/mit/libX11/dist/src/LiHosts.c (patch) | | 181 | xsrc/external/mit/libX11/dist/src/LiHosts.c (patch) |
182 | xsrc/external/mit/libX11/dist/src/ListExt.c (patch) | | 182 | xsrc/external/mit/libX11/dist/src/ListExt.c (patch) |
183 | | | 183 | |
184 | Apply fixes from libX11 1.6.5 for the following vulnerabilities: | | 184 | Apply fixes from libX11 1.6.5 for the following vulnerabilities: |
185 | Fixed off-by-one writes (CVE-2018-14599) | | 185 | Fixed off-by-one writes (CVE-2018-14599) |
186 | Validation of server response in XListHosts | | 186 | Validation of server response in XListHosts |
187 | Fixed out of boundary write (CVE-2018-14600) | | 187 | Fixed out of boundary write (CVE-2018-14600) |
188 | Fixed crash on invalid reply (CVE-2018-14598) | | 188 | Fixed crash on invalid reply (CVE-2018-14598) |
189 | [mrg, ticket #1635] | | 189 | [mrg, ticket #1635] |
190 | | | 190 | |
191 | external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.6 | | 191 | external/public-domain/tz/dist/CONTRIBUTING up to 1.1.1.6 |
192 | external/public-domain/tz/dist/Makefile up to 1.1.1.22 | | 192 | external/public-domain/tz/dist/Makefile up to 1.1.1.22 |
193 | external/public-domain/tz/dist/NEWS up to 1.1.1.24 | | 193 | external/public-domain/tz/dist/NEWS up to 1.1.1.24 |
194 | external/public-domain/tz/dist/README up to 1.1.1.7 | | 194 | external/public-domain/tz/dist/README up to 1.1.1.7 |
195 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.14 | | 195 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.14 |
196 | external/public-domain/tz/dist/africa up to 1.1.1.17 | | 196 | external/public-domain/tz/dist/africa up to 1.1.1.17 |
197 | external/public-domain/tz/dist/antarctica up to 1.1.1.11 | | 197 | external/public-domain/tz/dist/antarctica up to 1.1.1.11 |
198 | external/public-domain/tz/dist/asia up to 1.1.1.21 | | 198 | external/public-domain/tz/dist/asia up to 1.1.1.21 |
199 | external/public-domain/tz/dist/australasia up to 1.1.1.16 | | 199 | external/public-domain/tz/dist/australasia up to 1.1.1.16 |
200 | external/public-domain/tz/dist/backward up to 1.1.1.9 | | 200 | external/public-domain/tz/dist/backward up to 1.1.1.9 |
201 | external/public-domain/tz/dist/backzone up to 1.1.1.15 | | 201 | external/public-domain/tz/dist/backzone up to 1.1.1.15 |
202 | external/public-domain/tz/dist/etcetera up to 1.1.1.3 | | 202 | external/public-domain/tz/dist/etcetera up to 1.1.1.3 |
203 | external/public-domain/tz/dist/europe up to 1.1.1.23 | | 203 | external/public-domain/tz/dist/europe up to 1.1.1.23 |
204 | external/public-domain/tz/dist/factory up to 1.1.1.3 | | 204 | external/public-domain/tz/dist/factory up to 1.1.1.3 |
205 | external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.10 | | 205 | external/public-domain/tz/dist/leap-seconds.list up to 1.1.1.10 |
206 | external/public-domain/tz/dist/leapseconds up to 1.1.1.11 | | 206 | external/public-domain/tz/dist/leapseconds up to 1.1.1.11 |
207 | external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.7 | | 207 | external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.7 |
208 | external/public-domain/tz/dist/northamerica up to 1.1.1.21 | | 208 | external/public-domain/tz/dist/northamerica up to 1.1.1.21 |
209 | external/public-domain/tz/dist/pacificnew up to 1.1.1.2 | | 209 | external/public-domain/tz/dist/pacificnew up to 1.1.1.2 |
210 | external/public-domain/tz/dist/southamerica up to 1.1.1.15 | | 210 | external/public-domain/tz/dist/southamerica up to 1.1.1.15 |
211 | external/public-domain/tz/dist/systemv up to 1.1.1.2 | | 211 | external/public-domain/tz/dist/systemv up to 1.1.1.2 |
212 | external/public-domain/tz/dist/theory.html up to 1.1.1.6 | | 212 | external/public-domain/tz/dist/theory.html up to 1.1.1.6 |
213 | external/public-domain/tz/dist/version up to 1.1.1.11 | | 213 | external/public-domain/tz/dist/version up to 1.1.1.11 |
214 | external/public-domain/tz/dist/yearistype.sh up to 1.1.1.2 | | 214 | external/public-domain/tz/dist/yearistype.sh up to 1.1.1.2 |
215 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.3 | | 215 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.3 |
216 | external/public-domain/tz/dist/zishrink.awk up to 1.1.1.5 | | 216 | external/public-domain/tz/dist/zishrink.awk up to 1.1.1.5 |
217 | external/public-domain/tz/dist/zone.tab up to 1.1.1.15 | | 217 | external/public-domain/tz/dist/zone.tab up to 1.1.1.15 |
218 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.17 | | 218 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.17 |
219 | external/public-domain/tz/dist/zoneinfo2tdf.pl up to 1.1.1.2 | | 219 | external/public-domain/tz/dist/zoneinfo2tdf.pl up to 1.1.1.2 |
220 | doc/3RDPARTY (apply patch) | | 220 | doc/3RDPARTY (apply patch) |
221 | | | 221 | |
222 | Updated tzdata to 2018g. | | 222 | Updated tzdata to 2018g. |
223 | [kre, ticket #1644] | | 223 | [kre, ticket #1644] |
224 | | | 224 | |
225 | sys/compat/netbsd32/netbsd32_socket.c 1.48 (patch) | | 225 | sys/compat/netbsd32/netbsd32_socket.c 1.48 (patch) |
226 | | | 226 | |
227 | Fix a buffer overflow. | | 227 | Fix a buffer overflow. |
228 | [maxv, ticket #1652] | | 228 | [maxv, ticket #1652] |
229 | | | 229 | |
230 | sys/kern/kern_event.c 1.104 | | 230 | sys/kern/kern_event.c 1.104 |
231 | | | 231 | |
232 | Fix kernel info leak. | | 232 | Fix kernel info leak. |
233 | [maxv, ticket #1653] | | 233 | [maxv, ticket #1653] |
234 | | | 234 | |
235 | libexec/httpd/testsuite/data/.bzremap up to 1.1 | | 235 | libexec/httpd/testsuite/data/.bzremap up to 1.1 |
236 | libexec/httpd/testsuite/t12.out up to 1.1 | | 236 | libexec/httpd/testsuite/t12.out up to 1.1 |
237 | libexec/httpd/testsuite/t12.in up to 1.1 | | 237 | libexec/httpd/testsuite/t12.in up to 1.1 |
238 | libexec/httpd/testsuite/t13.out up to 1.1 | | 238 | libexec/httpd/testsuite/t13.out up to 1.1 |
239 | libexec/httpd/testsuite/t13.in up to 1.1 | | 239 | libexec/httpd/testsuite/t13.in up to 1.1 |
240 | libexec/httpd/testsuite/t14.out up to 1.1 | | 240 | libexec/httpd/testsuite/t14.out up to 1.1 |
241 | libexec/httpd/testsuite/t14.in up to 1.1 | | 241 | libexec/httpd/testsuite/t14.in up to 1.1 |
242 | libexec/httpd/testsuite/t15.out up to 1.1 | | 242 | libexec/httpd/testsuite/t15.out up to 1.1 |
243 | libexec/httpd/testsuite/t15.in up to 1.1 | | 243 | libexec/httpd/testsuite/t15.in up to 1.1 |
244 | libexec/httpd/CHANGES up to 1.28 | | 244 | libexec/httpd/CHANGES up to 1.28 |
245 | libexec/httpd/Makefile up to 1.27 | | 245 | libexec/httpd/Makefile up to 1.27 |
246 | libexec/httpd/auth-bozo.c up to 1.22 | | 246 | libexec/httpd/auth-bozo.c up to 1.22 |
247 | libexec/httpd/bozohttpd.8 up to 1.74 | | 247 | libexec/httpd/bozohttpd.8 up to 1.74 |
248 | libexec/httpd/bozohttpd.c up to 1.96 | | 248 | libexec/httpd/bozohttpd.c up to 1.96 |
249 | libexec/httpd/bozohttpd.h up to 1.56 | | 249 | libexec/httpd/bozohttpd.h up to 1.56 |
250 | libexec/httpd/cgi-bozo.c up to 1.44 | | 250 | libexec/httpd/cgi-bozo.c up to 1.44 |
251 | libexec/httpd/content-bozo.c up to 1.16 | | 251 | libexec/httpd/content-bozo.c up to 1.16 |
252 | libexec/httpd/daemon-bozo.c up to 1.19 | | 252 | libexec/httpd/daemon-bozo.c up to 1.19 |
253 | libexec/httpd/dir-index-bozo.c up to 1.28 | | 253 | libexec/httpd/dir-index-bozo.c up to 1.28 |
254 | libexec/httpd/lua-bozo.c up to 1.15 | | 254 | libexec/httpd/lua-bozo.c up to 1.15 |
255 | libexec/httpd/main.c up to 1.21 | | 255 | libexec/httpd/main.c up to 1.21 |
256 | libexec/httpd/ssl-bozo.c up to 1.25 | | 256 | libexec/httpd/ssl-bozo.c up to 1.25 |
257 | libexec/httpd/tilde-luzah-bozo.c up to 1.16 | | 257 | libexec/httpd/tilde-luzah-bozo.c up to 1.16 |
258 | libexec/httpd/libbozohttpd/Makefile up to 1.3 | | 258 | libexec/httpd/libbozohttpd/Makefile up to 1.3 |
259 | libexec/httpd/lua/bozo.lua up to 1.3 | | 259 | libexec/httpd/lua/bozo.lua up to 1.3 |
260 | libexec/httpd/lua/glue.c up to 1.5 | | 260 | libexec/httpd/lua/glue.c up to 1.5 |
261 | libexec/httpd/lua/optparse.lua up to 1.2 | | 261 | libexec/httpd/lua/optparse.lua up to 1.2 |
262 | libexec/httpd/testsuite/Makefile up to 1.11 | | 262 | libexec/httpd/testsuite/Makefile up to 1.11 |
263 | libexec/httpd/testsuite/html_cmp up to 1.6 | | 263 | libexec/httpd/testsuite/html_cmp up to 1.6 |
264 | libexec/httpd/testsuite/t3.out up to 1.4 | | 264 | libexec/httpd/testsuite/t3.out up to 1.4 |
265 | libexec/httpd/testsuite/t5.out up to 1.4 | | 265 | libexec/httpd/testsuite/t5.out up to 1.4 |
266 | libexec/httpd/testsuite/t6.out up to 1.4 | | 266 | libexec/httpd/testsuite/t6.out up to 1.4 |
267 | libexec/httpd/testsuite/test-bigfile up to 1.5 | | 267 | libexec/httpd/testsuite/test-bigfile up to 1.5 |
268 | libexec/httpd/testsuite/test-simple up to 1.5 | | 268 | libexec/httpd/testsuite/test-simple up to 1.5 |
269 | | | 269 | |
270 | Sync with HEAD as of 2018-11-24. Includes various changes: | | 270 | Sync with HEAD as of 2018-11-24. Includes various changes: |
271 | Cosmetic changes to Lua binding in bozohttpd. | | 271 | Cosmetic changes to Lua binding in bozohttpd. |
272 | Fix -C scripts execution and document restrictions. | | 272 | Fix -C scripts execution and document restrictions. |
273 | Add support for remapping requested paths via a .bzredirect file. | | 273 | Add support for remapping requested paths via a .bzredirect file. |
274 | Handle redirections for any protocol, not just http:. | | 274 | Handle redirections for any protocol, not just http:. |
275 | Fix a denial of service attack against header contents, which | | 275 | Fix a denial of service attack against header contents, which |
276 | is now bounded at 16KiB. | | 276 | is now bounded at 16KiB. |
277 | Fix access checks for special files. | | 277 | Fix access checks for special files. |
278 | [mrg, ticket #1655] | | 278 | [mrg, ticket #1655] |
279 | | | 279 | |
280 | sys/net/rtsock.c 1.244 (adapted) | | 280 | sys/net/rtsock.c 1.244 (adapted) |
281 | | | 281 | |
282 | Fix kernel info leak (2 bytes of padding in struct if_msghdr) | | 282 | Fix kernel info leak (2 bytes of padding in struct if_msghdr) |
283 | [maxv, ticket #1657] | | 283 | [maxv, ticket #1657] |
284 | | | 284 | |
285 | sys/kern/kern_exec.c 1.462 | | 285 | sys/kern/kern_exec.c 1.462 |
286 | | | 286 | |
287 | Fix stack info leak. | | 287 | Fix stack info leak. |
288 | [maxv, ticket #1658] | | 288 | [maxv, ticket #1658] |
289 | | | 289 | |
290 | libexec/httpd/CHANGES 1.29,1.30 | | 290 | libexec/httpd/CHANGES 1.29,1.30 |
291 | libexec/httpd/bozohttpd.c 1.97-1.99 | | 291 | libexec/httpd/bozohttpd.c 1.97-1.99 |
292 | libexec/httpd/bozohttpd.h 1.57 | | 292 | libexec/httpd/bozohttpd.h 1.57 |
293 | libexec/httpd/cgi-bozo.c 1.45 | | 293 | libexec/httpd/cgi-bozo.c 1.45 |
294 | libexec/httpd/main.c 1.22 | | 294 | libexec/httpd/main.c 1.22 |
295 | | | 295 | |
296 | Fix -X option parsing and miscelaneous cleanup. | | 296 | Fix -X option parsing and miscelaneous cleanup. |
297 | [mrg, ticket #1659] | | 297 | [mrg, ticket #1659] |
298 | | | 298 | |
299 | sys/compat/linux/common/linux_misc_notalpha.c 1.110 | | 299 | sys/compat/linux/common/linux_misc_notalpha.c 1.110 |
300 | sys/kern/kern_time.c 1.192,1.193 | | 300 | sys/kern/kern_time.c 1.192,1.193 |
301 | | | 301 | |
302 | Fix kernel info leak. | | 302 | Fix kernel info leak. |
303 | [maxv, ticket #1660] | | 303 | [maxv, ticket #1660] |
304 | | | 304 | |
305 | sys/kern/kern_sig.c 1.350 | | 305 | sys/kern/kern_sig.c 1.350 |
306 | | | 306 | |
307 | Fix kernel info leak. | | 307 | Fix kernel info leak. |
308 | [maxv, ticket #1661] | | 308 | [maxv, ticket #1661] |
309 | | | 309 | |
310 | sys/arch/amd64/amd64/machdep.c 1.321 | | 310 | sys/arch/amd64/amd64/machdep.c 1.321 |
311 | | | 311 | |
312 | Fix stack info leak. | | 312 | Fix stack info leak. |
313 | [maxv, ticket #1662] | | 313 | [maxv, ticket #1662] |
314 | | | 314 | |
315 | sys/kern/sys_sig.c 1.47 | | 315 | sys/kern/sys_sig.c 1.47 |
316 | | | 316 | |
317 | Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. | | 317 | Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. |
318 | [maxv, ticket #1664] | | 318 | [maxv, ticket #1664] |
319 | | | 319 | |
320 | usr.bin/telnet/telnet.c 1.37 | | 320 | usr.bin/telnet/telnet.c 1.37 |
321 | usr.bin/telnet/utilities.c 1.24 | | 321 | usr.bin/telnet/utilities.c 1.24 |
322 | | | 322 | |
323 | Switch some sprintf to snprintf. | | 323 | Switch some sprintf to snprintf. |
324 | [maya, ticket #1665] | | 324 | [maya, ticket #1665] |
325 | | | 325 | |
326 | sys/uvm/uvm_swap.c 1.178 (patch, adapted) | | 326 | sys/uvm/uvm_swap.c 1.178 (patch, adapted) |
327 | sys/compat/netbsd32/netbsd32_netbsd.c (patch) | | 327 | sys/compat/netbsd32/netbsd32_netbsd.c (patch) |
328 | | | 328 | |
329 | Fix kernel info leak in swapctl(2). | | 329 | Fix kernel info leak in swapctl(2). |
330 | [maxv, ticket #1666] | | 330 | [maxv, ticket #1666] |
331 | | | 331 | |
332 | sys/kern/kern_time.c 1.191 | | 332 | sys/kern/kern_time.c 1.191 |
333 | | | 333 | |
334 | Fix kernel info leak. | | 334 | Fix kernel info leak. |
335 | [maxv, ticket #1667] | | 335 | [maxv, ticket #1667] |
336 | | | 336 | |
337 | sys/compat/netbsd32/netbsd32_compat_14.c 1.27 | | 337 | sys/compat/netbsd32/netbsd32_compat_14.c 1.27 |
338 | sys/compat/netbsd32/netbsd32_conv.h 1.37 | | 338 | sys/compat/netbsd32/netbsd32_conv.h 1.37 |
339 | sys/compat/sys/msg.h 1.5 | | 339 | sys/compat/sys/msg.h 1.5 |
340 | sys/compat/sys/time_types.h 1.3 | | 340 | sys/compat/sys/time_types.h 1.3 |
341 | | | 341 | |
342 | Fix kernel info leaks. | | 342 | Fix kernel info leaks. |
343 | [maxv, ticket #1668] | | 343 | [maxv, ticket #1668] |
344 | | | 344 | |
345 | sys/conf/copyright 1.17 | | 345 | sys/conf/copyright 1.17 |
346 | | | 346 | |
347 | Welcome to 2019! | | 347 | Welcome to 2019! |
348 | [jnemeth, ticket #1669] | | 348 | [jnemeth, ticket #1669] |
349 | | | 349 | |
350 | external/public-domain/tz/dist/Makefile up to 1.1.1.23 | | 350 | external/public-domain/tz/dist/Makefile up to 1.1.1.23 |
351 | external/public-domain/tz/dist/NEWS up to 1.1.1.26 | | 351 | external/public-domain/tz/dist/NEWS up to 1.1.1.26 |
352 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.16 | | 352 | external/public-domain/tz/dist/TZDATA_VERSION up to 1.16 |
353 | external/public-domain/tz/dist/africa up to 1.1.1.19 | | 353 | external/public-domain/tz/dist/africa up to 1.1.1.19 |
354 | external/public-domain/tz/dist/asia up to 1.1.1.22 | | 354 | external/public-domain/tz/dist/asia up to 1.1.1.22 |
355 | external/public-domain/tz/dist/australasia up to 1.1.1.17 | | 355 | external/public-domain/tz/dist/australasia up to 1.1.1.17 |
356 | external/public-domain/tz/dist/leapseconds up to 1.1.1.12 | | 356 | external/public-domain/tz/dist/leapseconds up to 1.1.1.12 |
357 | external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.8 | | 357 | external/public-domain/tz/dist/leapseconds.awk up to 1.1.1.8 |
358 | external/public-domain/tz/dist/northamerica up to 1.1.1.22 | | 358 | external/public-domain/tz/dist/northamerica up to 1.1.1.22 |
359 | external/public-domain/tz/dist/theory.html up to 1.1.1.7 | | 359 | external/public-domain/tz/dist/theory.html up to 1.1.1.7 |
360 | external/public-domain/tz/dist/version up to 1.1.1.13 | | 360 | external/public-domain/tz/dist/version up to 1.1.1.13 |
361 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.4 | | 361 | external/public-domain/tz/dist/ziguard.awk up to 1.1.1.4 |
362 | external/public-domain/tz/dist/zone.tab up to 1.1.1.16 | | 362 | external/public-domain/tz/dist/zone.tab up to 1.1.1.16 |
363 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.18 | | 363 | external/public-domain/tz/dist/zone1970.tab up to 1.1.1.18 |
364 | distrib/sets/lists/base/mi (patch) | | 364 | distrib/sets/lists/base/mi (patch) |
365 | doc/3RDPARTY (patch) | | 365 | doc/3RDPARTY (patch) |
366 | | | 366 | |
367 | Updated tzdata to 2018i. | | 367 | Updated tzdata to 2018i. |
368 | [kre, ticket #1670] | | 368 | [kre, ticket #1670] |
369 | | | 369 | |
370 | sys/arch/sparc/sparc/pmap.c 1.366 | | 370 | sys/arch/sparc/sparc/pmap.c 1.366 |
371 | | | 371 | |
372 | Fix deadlocks on machines with more than two cpus. | | 372 | Fix deadlocks on machines with more than two cpus. |
373 | [mrg, ticket #1672] | | 373 | [mrg, ticket #1672] |
374 | | | 374 | |
375 | regress/sys/arch/m68k/060sp/Makefile 1.15 | | 375 | regress/sys/arch/m68k/060sp/Makefile 1.15 |
376 | | | 376 | |
377 | Replace manual realdepend dependency with DPSRCS. | | 377 | Replace manual realdepend dependency with DPSRCS. |
378 | [msaitoh, ticket #1674] | | 378 | [msaitoh, ticket #1674] |
379 | | | 379 | |
380 | sys/kern/kern_ntptime.c 1.60 | | 380 | sys/kern/kern_ntptime.c 1.60 |
381 | | | 381 | |
382 | Zero out the ntptimeval structure to prevent a 4 byte kernel stack | | 382 | Zero out the ntptimeval structure to prevent a 4 byte kernel stack |
383 | disclosure. | | 383 | disclosure. |
384 | [maxv, ticket #1675] | | 384 | [maxv, ticket #1675] |
385 | | | 385 | |
386 | sys/net/link_proto.c 1.37 | | 386 | sys/net/link_proto.c 1.37 |
387 | sys/netatalk/ddp_usrreq.c 1.72 | | 387 | sys/netatalk/ddp_usrreq.c 1.72 |
388 | sys/netbt/hci_socket.c 1.46 | | 388 | sys/netbt/hci_socket.c 1.46 |
389 | sys/netbt/l2cap_socket.c 1.36 | | 389 | sys/netbt/l2cap_socket.c 1.36 |
390 | sys/netbt/rfcomm_socket.c 1.38 | | 390 | sys/netbt/rfcomm_socket.c 1.38 |
391 | sys/netbt/sco_socket.c 1.38 | | 391 | sys/netbt/sco_socket.c 1.38 |
392 | sys/netinet/tcp_usrreq.c 1.223 via patch | | 392 | sys/netinet/tcp_usrreq.c 1.223 via patch |
393 | sys/netinet6/raw_ip6.c 1.173 | | 393 | sys/netinet6/raw_ip6.c 1.173 |
394 | sys/netinet6/udp6_usrreq.c 1.146 | | 394 | sys/netinet6/udp6_usrreq.c 1.146 |
395 | sys/netmpls/mpls_proto.c 1.32 | | 395 | sys/netmpls/mpls_proto.c 1.32 |
396 | sys/netnatm/natm.c patch | | 396 | sys/netnatm/natm.c patch |
397 | | | 397 | |
398 | Fix memory leaks pointed out by Ilja Van Sprundel: all | | 398 | Fix memory leaks pointed out by Ilja Van Sprundel: all |
399 | sendoob() functions are expected to free both passed | | 399 | sendoob() functions are expected to free both passed |
400 | mbuf chains. | | 400 | mbuf chains. |
401 | [martin, ticket #1676] | | 401 | [martin, ticket #1676] |
402 | | | 402 | |
403 | sys/arch/alpha/alpha/machdep.c 1.352 | | 403 | sys/arch/alpha/alpha/machdep.c 1.352 |
404 | sys/arch/amd64/amd64/netbsd32_machdep.c 1.117 | | 404 | sys/arch/amd64/amd64/netbsd32_machdep.c 1.117 |
405 | sys/arch/arm/arm/sig_machdep.c 1.51 | | 405 | sys/arch/arm/arm/sig_machdep.c 1.51 |
406 | sys/arch/hppa/hppa/sig_machdep.c 1.26 | | 406 | sys/arch/hppa/hppa/sig_machdep.c 1.26 |
407 | sys/arch/i386/i386/machdep.c 1.813 | | 407 | sys/arch/i386/i386/machdep.c 1.813 |
408 | sys/arch/m68k/m68k/sig_machdep.c 1.50 | | 408 | sys/arch/m68k/m68k/sig_machdep.c 1.50 |
409 | sys/arch/mips/mips/netbsd32_machdep.c 1.16 | | 409 | sys/arch/mips/mips/netbsd32_machdep.c 1.16 |
410 | sys/arch/mips/mips/sig_machdep.c 1.24 | | 410 | sys/arch/mips/mips/sig_machdep.c 1.24 |
411 | sys/arch/powerpc/powerpc/sig_machdep.c 1.46 | | 411 | sys/arch/powerpc/powerpc/sig_machdep.c 1.46 |
412 | sys/arch/sh3/sh3/sh3_machdep.c 1.106 | | 412 | sys/arch/sh3/sh3/sh3_machdep.c 1.106 |
413 | sys/arch/sparc64/sparc64/machdep.c 1.289 | | 413 | sys/arch/sparc64/sparc64/machdep.c 1.289 |
414 | sys/arch/sparc64/sparc64/netbsd32_machdep.c 1.111 | | 414 | sys/arch/sparc64/sparc64/netbsd32_machdep.c 1.111 |
415 | sys/arch/usermode/target/i386/cpu_i386.c 1.8 | | 415 | sys/arch/usermode/target/i386/cpu_i386.c 1.8 |
416 | sys/arch/usermode/target/x86_64/cpu_x86_64.c 1.7 | | 416 | sys/arch/usermode/target/x86_64/cpu_x86_64.c 1.7 |
417 | sys/arch/vax/vax/sig_machdep.c 1.23 | | 417 | sys/arch/vax/vax/sig_machdep.c 1.23 |
418 | | | 418 | |
419 | Fix widespread leak in the sendsig_siginfo() functions. | | 419 | Fix widespread leak in the sendsig_siginfo() functions. |
420 | [maxv, ticket #1677] | | 420 | [maxv, ticket #1677] |
421 | | | 421 | |
422 | sys/kern/kern_time.c 1.190,1.194 | | 422 | sys/kern/kern_time.c 1.190,1.194 |
423 | | | 423 | |
424 | Fix kernel info leaks. | | 424 | Fix kernel info leaks. |
425 | [maxv, ticket #1678] | | 425 | [maxv, ticket #1678] |
426 | | | 426 | |
427 | sys/compat/linux/common/linux_ipc.c 1.56 | | 427 | sys/compat/linux/common/linux_ipc.c 1.56 |
428 | sys/compat/linux32/common/linux32_ipccall.c 1.12 | | 428 | sys/compat/linux32/common/linux32_ipccall.c 1.12 |
429 | sys/compat/netbsd32/netbsd32_compat_14.c 1.28 | | 429 | sys/compat/netbsd32/netbsd32_compat_14.c 1.28 |
430 | sys/compat/netbsd32/netbsd32_compat_14.c 1.29 | | 430 | sys/compat/netbsd32/netbsd32_compat_14.c 1.29 |
431 | sys/compat/netbsd32/netbsd32_conv.h 1.38 | | 431 | sys/compat/netbsd32/netbsd32_conv.h 1.38 |
432 | sys/compat/sys/ipc.h 1.6 | | 432 | sys/compat/sys/ipc.h 1.6 |
433 | sys/compat/sys/ipc.h 1.7 | | 433 | sys/compat/sys/ipc.h 1.7 |
434 | sys/compat/sys/msg.h 1.6 | | 434 | sys/compat/sys/msg.h 1.6 |
435 | sys/compat/sys/sem.h 1.7 | | 435 | sys/compat/sys/sem.h 1.7 |
436 | sys/compat/sys/shm.h 1.8 | | 436 | sys/compat/sys/shm.h 1.8 |
437 | sys/kern/sysv_msg.c 1.73 | | 437 | sys/kern/sysv_msg.c 1.73 |
438 | sys/kern/sysv_sem.c 1.96 | | 438 | sys/kern/sysv_sem.c 1.96 |
439 | sys/kern/sysv_shm.c 1.133 | | 439 | sys/kern/sysv_shm.c 1.133 |
440 | | | 440 | |
441 | Fix kernel stack and kernel adddress leaks in msgctl, semctl, and | | 441 | Fix kernel stack and kernel adddress leaks in msgctl, semctl, and |
442 | shmctl system calls, for native as well as for the netbsd32, linux, | | 442 | shmctl system calls, for native as well as for the netbsd32, linux, |
443 | and linux32 compatibility calls. | | 443 | and linux32 compatibility calls. |
444 | [mrg, ticket #1679] | | 444 | [mrg, ticket #1679] |
445 | | | 445 | |
446 | sys/net/rtsock.c (patch) | | 446 | sys/net/rtsock.c (patch) |
447 | | | 447 | |
448 | Fix locking for sysctl_rtable. | | 448 | Fix locking for sysctl_rtable. |
449 | [sborrill, ticket #1680] | | 449 | [sborrill, ticket #1680] |
450 | | | 450 | |
451 | sys/kern/kern_time.c 1.196 | | 451 | sys/kern/kern_time.c 1.196 |
452 | | | 452 | |
453 | Avoid panic from setitimer(2) for CLOCK_MONOTONIC. | | 453 | Avoid panic from setitimer(2) for CLOCK_MONOTONIC. |
454 | [mlelstv, ticket #1196] | | 454 | [mlelstv, ticket #1196] |
455 | | | 455 | |
456 | sys/dev/scsipi/files.scsipi 1.42 | | 456 | sys/dev/scsipi/files.scsipi 1.42 |
457 | sys/dev/scsipi/st.c 1.236 (patch), 1.237 | | 457 | sys/dev/scsipi/st.c 1.236 (patch), 1.237 |
458 | | | 458 | |
459 | PR kern/53949: fix file mark handling. | | 459 | PR kern/53949: fix file mark handling. |
460 | st(4): Fix (but disable by default) SUN compatibility mode. | | 460 | st(4): Fix (but disable by default) SUN compatibility mode. |
461 | [kardel, ticket #1682] | | 461 | [kardel, ticket #1682] |
462 | | | 462 | |
463 | external/bsd/bzip2/dist/bzip2recover.c 1.4 | | 463 | external/bsd/bzip2/dist/bzip2recover.c 1.4 |
464 | | | 464 | |
465 | Apply fix for CVE-2016-3189 bzip2: heap use after free in bzip2recover | | 465 | Apply fix for CVE-2016-3189 bzip2: heap use after free in bzip2recover |
466 | [martin, ticket #1684] | | 466 | [martin, ticket #1684] |
467 | | | 467 | |
468 | sys/kern/sys_mqueue.c 1.44 | | 468 | sys/kern/sys_mqueue.c 1.44 |
469 | | | 469 | |
470 | mq_send1: fix argument validation and reject too large lengths early. | | 470 | mq_send1: fix argument validation and reject too large lengths early. |
471 | Discovered by Andy Nguyen. | | 471 | Discovered by Andy Nguyen. |
472 | [martin, ticket #1688] | | 472 | [martin, ticket #1688] |
473 | | | 473 | |
474 | sys/compat/common/uipc_syscalls_40.c 1.19 (patch) | | 474 | sys/compat/common/uipc_syscalls_40.c 1.19 (patch) |
475 | sys/compat/linux/common/linux_socket.c 1.145 (patch) | | 475 | sys/compat/linux/common/linux_socket.c 1.145 (patch) |
476 | sys/compat/linux32/common/linux32_socket.c 1.30 (patch) | | 476 | sys/compat/linux32/common/linux32_socket.c 1.30 (patch) |
477 | sys/net/if.c 1.449 (patch) | | 477 | sys/net/if.c 1.449 (patch) |
478 | | | 478 | |
479 | Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes | | 479 | Zero out the ifreq struct for SIOCGIFCONF to avoid up to 127 bytes |
480 | of stack disclosure. | | 480 | of stack disclosure. |
481 | [christos, ticket #1689] | | 481 | [christos, ticket #1689] |
482 | | | 482 | |
483 | external/bsd/dhcpcd/dist/src/auth.c (apply patch) | | 483 | external/bsd/dhcpcd/dist/src/auth.c (apply patch) |
484 | external/bsd/dhcpcd/dist/src/dhcp.c (apply patch) | | 484 | external/bsd/dhcpcd/dist/src/dhcp.c (apply patch) |
485 | external/bsd/dhcpcd/dist/src/dhcpcd.h (apply patch) | | 485 | external/bsd/dhcpcd/dist/src/dhcpcd.h (apply patch) |
486 | | | 486 | |
487 | Security fixes for dhcpcd: | | 487 | Security fixes for dhcpcd: |
488 | Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED. | | 488 | Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED. |
489 | Use consttime_memequal(3) to compare hashes. | | 489 | Use consttime_memequal(3) to compare hashes. |
490 | [roy, ticket #1690] | | 490 | [roy, ticket #1690] |
491 | | | 491 | |
492 | sys/arch/amd64/amd64/copy.S 1.33 | | 492 | sys/arch/amd64/amd64/copy.S 1.33 |
493 | sys/arch/i386/i386/copy.S 1.31 | | 493 | sys/arch/i386/i386/copy.S 1.31 |
494 | | | 494 | |
495 | Don't forget to clear the direction flag if kcopy fails. | | 495 | Don't forget to clear the direction flag if kcopy fails. |
496 | [maxv, ticket #1693] | | 496 | [maxv, ticket #1693] |
497 | | | 497 | |
498 | external/bsd/dhcpcd/dist/src/dhcp6.c (apply patch) | | 498 | external/bsd/dhcpcd/dist/src/dhcp6.c (apply patch) |
499 | | | 499 | |
500 | DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE. | | 500 | DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE. |
501 | [roy, ticket #1694] | | 501 | [roy, ticket #1694] |
502 | | | 502 | |
503 | sys/netsmb/smb_conn.c 1.30 | | 503 | sys/netsmb/smb_conn.c 1.30 |
504 | | | 504 | |
505 | Prevent a NULL pointer dereference when the local endpoint is not | | 505 | Prevent a NULL pointer dereference when the local endpoint is not |
506 | defined. | | 506 | defined. |
507 | [christos, ticket #1696] | | 507 | [christos, ticket #1696] |
508 | | | 508 | |
509 | sys/ufs/ffs/ffs_alloc.c 1.164 | | 509 | sys/ufs/ffs/ffs_alloc.c 1.164 |
510 | | | 510 | |
511 | PR 53990, PR 52380, PR 52102: | | 511 | PR 53990, PR 52380, PR 52102: |
512 | Fix rare allocation botch in ffs_nodealloccg(). | | 512 | Fix rare allocation botch in ffs_nodealloccg(). |
513 | [kardel, ticket #1697] | | 513 | [kardel, ticket #1697] |
514 | | | 514 | |
515 | sys/dev/scsipi/scsipi_ioctl.c 1.72 (patch) | | 515 | sys/dev/scsipi/scsipi_ioctl.c 1.72 (patch) |
516 | | | 516 | |
517 | Use correct size when copying outgoing sense data. | | 517 | Use correct size when copying outgoing sense data. |
518 | [mlelstv, ticket #1698] | | 518 | [mlelstv, ticket #1698] |
519 | | | 519 | |
520 | libexec/httpd/CHANGES 1.31-1.40 | | 520 | libexec/httpd/CHANGES 1.31-1.40 |
521 | libexec/httpd/Makefile 1.28 | | 521 | libexec/httpd/Makefile 1.28 |
522 | libexec/httpd/auth-bozo.c 1.23-1.24 | | 522 | libexec/httpd/auth-bozo.c 1.23-1.24 |
523 | libexec/httpd/bozohttpd.8 1.75-1.79 | | 523 | libexec/httpd/bozohttpd.8 1.75-1.79 |
524 | libexec/httpd/bozohttpd.c 1.100-1.113 | | 524 | libexec/httpd/bozohttpd.c 1.100-1.113 |
525 | libexec/httpd/bozohttpd.h 1.58-1.60 | | 525 | libexec/httpd/bozohttpd.h 1.58-1.60 |
526 | libexec/httpd/cgi-bozo.c 1.46-1.48 | | 526 | libexec/httpd/cgi-bozo.c 1.46-1.48 |
527 | libexec/httpd/daemon-bozo.c 1.20-1.21 | | 527 | libexec/httpd/daemon-bozo.c 1.20-1.21 |
528 | libexec/httpd/dir-index-bozo.c 1.29-1.32 | | 528 | libexec/httpd/dir-index-bozo.c 1.29-1.32 |
529 | libexec/httpd/ssl-bozo.c 1.26 | | 529 | libexec/httpd/ssl-bozo.c 1.26 |
530 | libexec/httpd/testsuite/Makefile 1.12-1.13 | | 530 | libexec/httpd/testsuite/Makefile 1.12-1.13 |
531 | libexec/httpd/testsuite/t11.out 1.2 | | 531 | libexec/httpd/testsuite/t11.out 1.2 |
532 | libexec/httpd/testsuite/test-bigfile 1.6 | | 532 | libexec/httpd/testsuite/test-bigfile 1.6 |
533 | libexec/httpd/testsuite/test-simple 1.6 | | 533 | libexec/httpd/testsuite/test-simple 1.6 |
534 | | | 534 | |
535 | Don't display special files in the directory index. | | 535 | Don't display special files in the directory index. |
536 | Use html tables for directory index. | | 536 | Use html tables for directory index. |
537 | Don't include "index.html" in html headers. | | 537 | Don't include "index.html" in html headers. |
538 | Fix CGI '+' param and error handling. | | 538 | Fix CGI '+' param and error handling. |
539 | Remove unused parameter to daemon_poll_err(). | | 539 | Remove unused parameter to daemon_poll_err(). |
540 | Avoid sign extension in % handling | | 540 | Avoid sign extension in % handling |
541 | Fix a few problems pointed out by clang static analyzer. | | 541 | Fix a few problems pointed out by clang static analyzer. |
542 | Add ssl specific timeout value (30s).--- | | 542 | Add ssl specific timeout value (30s).--- |
543 | Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing). | | 543 | Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing). |
544 | Avoid .htpasswd exposure to authenticated users when .htpasswd is | | 544 | Avoid .htpasswd exposure to authenticated users when .htpasswd is |
545 | in the slashdir too. | | 545 | in the slashdir too. |
546 | Avoid possible NULL dereference when sending a big request that timeout. | | 546 | Avoid possible NULL dereference when sending a big request that timeout. |
547 | Avoid an assertion failure when using cgihandler (-C option). | | 547 | Avoid an assertion failure when using cgihandler (-C option). |
548 | [mrg, ticket #1699] | | 548 | [mrg, ticket #1699] |
549 | | | 549 | |
550 | sys/miscfs/kernfs/kernfs_vnops.c 1.161 | | 550 | sys/miscfs/kernfs/kernfs_vnops.c 1.161 |
551 | sys/miscfs/procfs/procfs_vnops.c 1.207 | | 551 | sys/miscfs/procfs/procfs_vnops.c 1.207 |
552 | | | 552 | |
553 | Add missing operation VOP_GETPAGES() returning EFAULT. | | 553 | Add missing operation VOP_GETPAGES() returning EFAULT. |
554 | [hannken, ticket #1703] | | 554 | [hannken, ticket #1703] |
555 | | | 555 | |
556 | sys/conf/files 1.1238 | | 556 | sys/conf/files 1.1238 |
557 | sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete | | 557 | sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete |
558 | sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete | | 558 | sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete |
559 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete | | 559 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete |
560 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete | | 560 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete |
561 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete | | 561 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete |
562 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete | | 562 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete |
563 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete | | 563 | sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete |
564 | sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 | | 564 | sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 |
565 | sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 | | 565 | sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 |
566 | sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 | | 566 | sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 |
567 | sys/dev/rndpseudo.c 1.38 | | 567 | sys/dev/rndpseudo.c 1.38 |
568 | sys/kern/subr_cprng.c 1.31 | | 568 | sys/kern/subr_cprng.c 1.31 |
569 | sys/rump/kern/lib/libcrypto/Makefile 1.5 | | 569 | sys/rump/kern/lib/libcrypto/Makefile 1.5 |
570 | sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 | | 570 | sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 |
571 | sys/sys/cprng.h 1.13-1.15 | | 571 | sys/sys/cprng.h 1.13-1.15 |
572 | | | 572 | |
573 | cprng.h: use static __inline for consistency with other include | | 573 | cprng.h: use static __inline for consistency with other include |
574 | headers and remove an unused function. | | 574 | headers and remove an unused function. |
575 | | | 575 | |
576 | Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. | | 576 | Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. |
577 | [riastradh, ticket #1705] | | 577 | [riastradh, ticket #1705] |
578 | | | 578 | |
579 | lib/libc/nameser/ns_name.c 1.12 | | 579 | lib/libc/nameser/ns_name.c 1.12 |
580 | | | 580 | |
581 | Fix buffer overrun. | | 581 | Fix buffer overrun. |
582 | [maya, ticket #1706] | | 582 | [maya, ticket #1706] |
583 | | | 583 | |
584 | sys/netinet/ip_input.c 1.390 (patch) | | 584 | sys/netinet/ip_input.c 1.390 (patch) |
585 | sys/netinet6/ip6_input.c 1.209 (patch) | | 585 | sys/netinet6/ip6_input.c 1.209 (patch) |
586 | | | 586 | |
587 | Packet filters can return an mbuf chain with fragmented headers, so | | 587 | Packet filters can return an mbuf chain with fragmented headers, so |
588 | m_pullup() when needed. | | 588 | m_pullup() when needed. |
589 | [bouyer, ticket #1708] | | 589 | [bouyer, ticket #1708] |
590 | | | 590 | |
591 | sys/netbt/hci.h 1.46 | | 591 | sys/netbt/hci.h 1.46 |
592 | sys/netbt/hci_event.c 1.26 | | 592 | sys/netbt/hci_event.c 1.26 |
593 | | | 593 | |
594 | When encrypted connections are configured, verify that the encryption | | 594 | When encrypted connections are configured, verify that the encryption |
595 | key length has a minimum size when the adaptor supports that. | | 595 | key length has a minimum size when the adaptor supports that. |
596 | This addresses the 'Key Negotiation of Bluetooth' attack, | | 596 | This addresses the 'Key Negotiation of Bluetooth' attack, |
597 | CVE-2019-9506. | | 597 | CVE-2019-9506. |
598 | [plunky, ticket #1709] | | 598 | [plunky, ticket #1709] |
599 | | | 599 | |
600 | distrib/sets/lists/modules/mi 1.127 | | 600 | distrib/sets/lists/modules/mi 1.127 |
601 | distrib/sets/lists/modules/md.amd64 (manually adjusted) | | 601 | distrib/sets/lists/modules/md.amd64 (manually adjusted) |
602 | distrib/sets/lists/modules/md.evbppc.powerpc (manually adjusted) | | 602 | distrib/sets/lists/modules/md.evbppc.powerpc (manually adjusted) |
603 | distrib/sets/lists/modules/md.i386 (manually adjusted) | | 603 | distrib/sets/lists/modules/md.i386 (manually adjusted) |
604 | sys/modules/Makefile 1.229,1.230 | | 604 | sys/modules/Makefile 1.229,1.230 |
605 | sys/modules/filemon/Makefile 1.4 (manually adjusted) | | 605 | sys/modules/filemon/Makefile 1.4 (manually adjusted) |
606 | | | 606 | |
607 | Do not install the filemon module. | | 607 | Do not install the filemon module. |
608 | [maya, ticket #1710] | | 608 | [maya, ticket #1710] |
609 | | | 609 | |
610 | sys/kern/subr_cprng.c 1.33 | | 610 | sys/kern/subr_cprng.c 1.33 |
611 | | | 611 | |
612 | Use cprng_strong, not cprng_fast, for sysctl kern.arnd. | | 612 | Use cprng_strong, not cprng_fast, for sysctl kern.arnd. |
613 | [riastradh, ticket #1714] | | 613 | [riastradh, ticket #1714] |
614 | | | 614 | |
615 | share/man/man4/rnd.4 1.25 - 1.28 | | 615 | share/man/man4/rnd.4 1.25 - 1.28 |
616 | | | 616 | |
617 | Update man page to reflect switch from CTR_DRBG to Hash_DRBG. | | 617 | Update man page to reflect switch from CTR_DRBG to Hash_DRBG. |
618 | Update NIST SP800-90A reference. | | 618 | Update NIST SP800-90A reference. |
619 | [riastradh, ticket #1715] | | 619 | [riastradh, ticket #1715] |
620 | | | 620 | |
| | | 621 | sys/dev/cons.c 1.76,1.77 |
| | | 622 | |
| | | 623 | Fix reference count leak in cons(4). |
| | | 624 | [riastradh, ticket #1717] |
| | | 625 | |