[Midnightbsd-cvs] [MidnightBSD/src] fa1e48: Create 0.5 stable branch for upcoming 0.5-RELEASE
Lucas Holt
noreply at github.com
Mon Mar 16 11:48:41 EDT 2020
Branch: refs/heads/stable/0.5
Home: https://github.com/MidnightBSD/src
Commit: fa1e48e832274369fc954088836c1dcac52737e4
https://github.com/MidnightBSD/src/commit/fa1e48e832274369fc954088836c1dcac52737e4
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-02 (Tue, 02 Sep 2014)
Changed paths:
Log Message:
-----------
Create 0.5 stable branch for upcoming 0.5-RELEASE
Commit: 5e30eecc73be96fdcac8b826d42337e4c51b2d4d
https://github.com/MidnightBSD/src/commit/5e30eecc73be96fdcac8b826d42337e4c51b2d4d
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-03 (Wed, 03 Sep 2014)
Changed paths:
M UPDATING
Log Message:
-----------
note we're on prerelease.
Commit: 188678f9f0c84499aa34cb32e1a97caff276f4a8
https://github.com/MidnightBSD/src/commit/188678f9f0c84499aa34cb32e1a97caff276f4a8
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-09 (Tue, 09 Sep 2014)
Changed paths:
M lib/libc/stdlib/getenv.c
Log Message:
-----------
MFC: fix clearenv(3)
Commit: 57455ff11dd189359ff0aab00426df8097a2057e
https://github.com/MidnightBSD/src/commit/57455ff11dd189359ff0aab00426df8097a2057e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-09 (Tue, 09 Sep 2014)
Changed paths:
M sys/conf/newvers.sh
Log Message:
-----------
mark as prerelease
Commit: cb061f03d908e6060a93cfebaef982850be645ea
https://github.com/MidnightBSD/src/commit/cb061f03d908e6060a93cfebaef982850be645ea
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-09 (Tue, 09 Sep 2014)
Changed paths:
M UPDATING
Log Message:
-----------
note clearenv(3)
Commit: b8503b67c59f6d34d12854a616f676dce82621bf
https://github.com/MidnightBSD/src/commit/b8503b67c59f6d34d12854a616f676dce82621bf
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-09 (Tue, 09 Sep 2014)
Changed paths:
M UPDATING
M crypto/openssl/crypto/asn1/a_object.c
M crypto/openssl/crypto/objects/obj_dat.c
M crypto/openssl/ssl/d1_both.c
M crypto/openssl/ssl/d1_clnt.c
M crypto/openssl/ssl/s23_srvr.c
M crypto/openssl/ssl/s3_clnt.c
Log Message:
-----------
OpenSSL security patch:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Commit: 40d0b28948335737f80a18403d2bb6ad80520c1e
https://github.com/MidnightBSD/src/commit/40d0b28948335737f80a18403d2bb6ad80520c1e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-16 (Tue, 16 Sep 2014)
Changed paths:
M UPDATING
M sys/netinet/tcp_input.c
M sys/sys/param.h
Log Message:
-----------
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Obtained from: FreeBSD
Commit: a8198b7412229638f9cb6e52d508ce4acbb2b4de
https://github.com/MidnightBSD/src/commit/a8198b7412229638f9cb6e52d508ce4acbb2b4de
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-09-19 (Fri, 19 Sep 2014)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
M sys/sys/param.h
Log Message:
-----------
MidnightBSD 0.5-RELEASE
Commit: 3f63935d6daeb7994245ff45509947550a74c8b4
https://github.com/MidnightBSD/src/commit/3f63935d6daeb7994245ff45509947550a74c8b4
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-04 (Sat, 04 Oct 2014)
Changed paths:
M .gitattributes
M UPDATING
M bin/mksh/Makefile
M contrib/mksh/Build.sh
R contrib/mksh/alloc.c
M contrib/mksh/check.pl
M contrib/mksh/check.t
R contrib/mksh/copyright
M contrib/mksh/dot.mkshrc
M contrib/mksh/edit.c
M contrib/mksh/eval.c
M contrib/mksh/exec.c
M contrib/mksh/funcs.c
M contrib/mksh/jobs.c
M contrib/mksh/main.c
M contrib/mksh/mirhash.h
M contrib/mksh/mksh.1
R contrib/mksh/setmode.c
M contrib/mksh/sh.h
M contrib/mksh/var.c
M sys/conf/newvers.sh
Log Message:
-----------
0.5.1-RELEASE is a security update for mksh
Commit: df5b33abdef24682e6b51a68505b2687dd6a42ea
https://github.com/MidnightBSD/src/commit/df5b33abdef24682e6b51a68505b2687dd6a42ea
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-11 (Sat, 11 Oct 2014)
Changed paths:
M UPDATING
M bin/mksh/Makefile
M contrib/mksh/Build.sh
M contrib/mksh/check.t
M contrib/mksh/eval.c
M contrib/mksh/mksh.1
M contrib/mksh/sh.h
M contrib/mksh/var.c
M sys/conf/newvers.sh
Log Message:
-----------
0.5.2 - fix a regression with the mksh hotfix
Commit: e71df2399b0348c2921def270f1a28e052b35b76
https://github.com/MidnightBSD/src/commit/e71df2399b0348c2921def270f1a28e052b35b76
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-11 (Sat, 11 Oct 2014)
Changed paths:
M usr.bin/find/function.c
Log Message:
-----------
MFC: fix units for terabyte suffix with find
Commit: 99216b786199d177c6b46d418c5d5d0a5830f107
https://github.com/MidnightBSD/src/commit/99216b786199d177c6b46d418c5d5d0a5830f107
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-21 (Tue, 21 Oct 2014)
Changed paths:
M crypto/openssl/apps/s_cb.c
M crypto/openssl/apps/s_client.c
M crypto/openssl/crypto/err/openssl.ec
M crypto/openssl/doc/apps/s_client.pod
M crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
M crypto/openssl/ssl/d1_lib.c
M crypto/openssl/ssl/dtls1.h
M crypto/openssl/ssl/s23_clnt.c
M crypto/openssl/ssl/s23_srvr.c
M crypto/openssl/ssl/s2_lib.c
M crypto/openssl/ssl/s3_enc.c
M crypto/openssl/ssl/s3_lib.c
M crypto/openssl/ssl/ssl.h
M crypto/openssl/ssl/ssl3.h
M crypto/openssl/ssl/ssl_err.c
M crypto/openssl/ssl/ssl_lib.c
M crypto/openssl/ssl/ssl_stat.c
M crypto/openssl/ssl/t1_enc.c
M crypto/openssl/ssl/t1_lib.c
M crypto/openssl/ssl/tls1.h
Log Message:
-----------
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports
CBC mode encryption where it could not adequately check the integrity of
padding, because of the use of non-deterministic CBC padding. This
protocol weakness makes it possible for an attacker to obtain clear text
data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them. [CVE-2014-3568].
Obtained from: OpenSSL, FreeBSD
Commit: e839665c71565965e461f74ec7224e843d5e170b
https://github.com/MidnightBSD/src/commit/e839665c71565965e461f74ec7224e843d5e170b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-21 (Tue, 21 Oct 2014)
Changed paths:
M usr.sbin/rtsold/rtsol.c
Log Message:
-----------
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Obtained from: FreeBSD
Commit: 2a2bf79dcfb10f518a9cbb8aff6cd296130cd034
https://github.com/MidnightBSD/src/commit/2a2bf79dcfb10f518a9cbb8aff6cd296130cd034
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-21 (Tue, 21 Oct 2014)
Changed paths:
M sbin/routed/input.c
Log Message:
-----------
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Obtained from: FreeBSD
Commit: a6966ca93bebcde6b1bb19e59cf4e30406a81c00
https://github.com/MidnightBSD/src/commit/a6966ca93bebcde6b1bb19e59cf4e30406a81c00
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-21 (Tue, 21 Oct 2014)
Changed paths:
M sys/kern/vfs_lookup.c
Log Message:
-----------
The namei facility will leak a small amount of kernel memory every
time a sandboxed process looks up a nonexistent path name.
Obtained from: FreeBSD
Commit: 454f71bfaa59b217685f5927289637044816944a
https://github.com/MidnightBSD/src/commit/454f71bfaa59b217685f5927289637044816944a
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-21 (Tue, 21 Oct 2014)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
0.5.3 RELEASE
Fix several security vulnerabilities in OpenSSL, routed, rtsold,
and namei with respect to Capsicum sandboxes looking up
nonexistent path names and leaking memory.
OpenSSL update adds some workarounds for the recent
poodle vulnerability reported by Google.
The input path in routed(8) will accept queries from any source and
attempt to answer them. However, the output path assumes that the
destination address for the response is on a directly connected
network.
Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8).
Commit: 0362c8c08d6e4a1ed781ca8caf332682836eb98e
https://github.com/MidnightBSD/src/commit/0362c8c08d6e4a1ed781ca8caf332682836eb98e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-27 (Mon, 27 Oct 2014)
Changed paths:
M lib/libmport/util.c
Log Message:
-----------
only do major version for mport tool
Commit: 12d8647470c11ce1ab7ac706e4d4b27ba9583cb8
https://github.com/MidnightBSD/src/commit/12d8647470c11ce1ab7ac706e4d4b27ba9583cb8
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-27 (Mon, 27 Oct 2014)
Changed paths:
M sys/conf/newvers.sh
Log Message:
-----------
bump os version for mport fix
Commit: dc6a85402821da523a7c7c9a19ea873d5bddf2d8
https://github.com/MidnightBSD/src/commit/dc6a85402821da523a7c7c9a19ea873d5bddf2d8
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-30 (Thu, 30 Oct 2014)
Changed paths:
M usr.bin/perl/BSDmakefile
Log Message:
-----------
ignore gdbm
Commit: 472f2c858e27d7069b085e14a7814014420e6a2c
https://github.com/MidnightBSD/src/commit/472f2c858e27d7069b085e14a7814014420e6a2c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-10-31 (Fri, 31 Oct 2014)
Changed paths:
M .gitattributes
M UPDATING
M contrib/tnftp/ChangeLog
M contrib/tnftp/Makefile.am
M contrib/tnftp/Makefile.in
M contrib/tnftp/NEWS
M contrib/tnftp/THANKS
A contrib/tnftp/aclocal.m4
A contrib/tnftp/buildaux/ax_check_openssl.m4
A contrib/tnftp/buildaux/config.guess
A contrib/tnftp/buildaux/config.sub
A contrib/tnftp/buildaux/depcomp
A contrib/tnftp/buildaux/install-sh
A contrib/tnftp/buildaux/libtool.m4
A contrib/tnftp/buildaux/ltmain.sh
A contrib/tnftp/buildaux/ltoptions.m4
A contrib/tnftp/buildaux/ltsugar.m4
A contrib/tnftp/buildaux/ltversion.m4
A contrib/tnftp/buildaux/lt~obsolete.m4
A contrib/tnftp/buildaux/missing
A contrib/tnftp/configure
A contrib/tnftp/configure.ac
A contrib/tnftp/libedit/Makefile.am
A contrib/tnftp/libedit/Makefile.in
A contrib/tnftp/libedit/chared.c
A contrib/tnftp/libedit/chared.h
A contrib/tnftp/libedit/common.c
A contrib/tnftp/libedit/editline.3
A contrib/tnftp/libedit/editrc.5
A contrib/tnftp/libedit/el.c
A contrib/tnftp/libedit/el.h
A contrib/tnftp/libedit/emacs.c
A contrib/tnftp/libedit/filecomplete.c
A contrib/tnftp/libedit/filecomplete.h
A contrib/tnftp/libedit/hist.c
A contrib/tnftp/libedit/hist.h
A contrib/tnftp/libedit/histedit.h
A contrib/tnftp/libedit/history.c
A contrib/tnftp/libedit/key.c
A contrib/tnftp/libedit/key.h
A contrib/tnftp/libedit/makelist.in
A contrib/tnftp/libedit/map.c
A contrib/tnftp/libedit/map.h
A contrib/tnftp/libedit/parse.c
A contrib/tnftp/libedit/parse.h
A contrib/tnftp/libedit/prompt.c
A contrib/tnftp/libedit/prompt.h
A contrib/tnftp/libedit/read.c
A contrib/tnftp/libedit/read.h
A contrib/tnftp/libedit/readline.c
A contrib/tnftp/libedit/readline/readline.h
A contrib/tnftp/libedit/refresh.c
A contrib/tnftp/libedit/refresh.h
A contrib/tnftp/libedit/search.c
A contrib/tnftp/libedit/search.h
A contrib/tnftp/libedit/sig.c
A contrib/tnftp/libedit/sig.h
A contrib/tnftp/libedit/sys.h
A contrib/tnftp/libedit/term.c
A contrib/tnftp/libedit/term.h
A contrib/tnftp/libedit/tokenizer.c
A contrib/tnftp/libedit/tty.c
A contrib/tnftp/libedit/tty.h
A contrib/tnftp/libedit/vi.c
A contrib/tnftp/libnetbsd/Makefile.am
A contrib/tnftp/libnetbsd/Makefile.in
A contrib/tnftp/libnetbsd/dirname.c
A contrib/tnftp/libnetbsd/err.c
A contrib/tnftp/libnetbsd/fgetln.c
A contrib/tnftp/libnetbsd/fseeko.c
A contrib/tnftp/libnetbsd/ftpglob.h
A contrib/tnftp/libnetbsd/ftpvis.h
A contrib/tnftp/libnetbsd/getaddrinfo.c
A contrib/tnftp/libnetbsd/getnameinfo.c
A contrib/tnftp/libnetbsd/glob.c
A contrib/tnftp/libnetbsd/inet_ntop.c
A contrib/tnftp/libnetbsd/inet_pton.c
A contrib/tnftp/libnetbsd/mkstemp.c
A contrib/tnftp/libnetbsd/setprogname.c
A contrib/tnftp/libnetbsd/sl_init.c
A contrib/tnftp/libnetbsd/snprintf.c
A contrib/tnftp/libnetbsd/strdup.c
A contrib/tnftp/libnetbsd/strerror.c
A contrib/tnftp/libnetbsd/strlcat.c
A contrib/tnftp/libnetbsd/strlcpy.c
A contrib/tnftp/libnetbsd/strptime.c
A contrib/tnftp/libnetbsd/strsep.c
A contrib/tnftp/libnetbsd/strtoll.c
A contrib/tnftp/libnetbsd/strunvis.c
A contrib/tnftp/libnetbsd/strvis.c
A contrib/tnftp/libnetbsd/timegm.c
A contrib/tnftp/libnetbsd/usleep.c
A contrib/tnftp/libnetbsd/utimes.c
M contrib/tnftp/src/Makefile.am
M contrib/tnftp/src/Makefile.in
M contrib/tnftp/src/cmds.c
M contrib/tnftp/src/cmdtab.c
M contrib/tnftp/src/extern.h
M contrib/tnftp/src/fetch.c
M contrib/tnftp/src/ftp.1
M contrib/tnftp/src/ftp.c
M contrib/tnftp/src/ftp_var.h
M contrib/tnftp/src/main.c
M contrib/tnftp/src/progressbar.c
A contrib/tnftp/src/ssl.c
A contrib/tnftp/src/ssl.h
M contrib/tnftp/src/util.c
M contrib/tnftp/src/version.h
M contrib/tnftp/tnftp.h
A contrib/tnftp/tnftp_config.h.in
M contrib/tnftp/todo
M sys/conf/newvers.sh
M usr.bin/ftp/Makefile
M usr.bin/ftp/tnftp_config.h
Log Message:
-----------
0.5.5 RELEASE fixes an issue with tnftp by updating to the latest release 20141031. See CVE-2014-8517 for details
Commit: eb3673f3bac71073465dbe94a0633b0b131bc812
https://github.com/MidnightBSD/src/commit/eb3673f3bac71073465dbe94a0633b0b131bc812
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-01 (Sat, 01 Nov 2014)
Changed paths:
M usr.bin/perl/BSDmakefile
Log Message:
-----------
false
Commit: 0d2680ba09786c82ff0ca6b3f74c81a4e4d221cc
https://github.com/MidnightBSD/src/commit/0d2680ba09786c82ff0ca6b3f74c81a4e4d221cc
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-01 (Sat, 01 Nov 2014)
Changed paths:
M UPDATING
Log Message:
-----------
fix date of 0.5.4
Commit: 481f30ce607d1967d8fa56bb45de3299885c0674
https://github.com/MidnightBSD/src/commit/481f30ce607d1967d8fa56bb45de3299885c0674
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-05 (Wed, 05 Nov 2014)
Changed paths:
M secure/usr.sbin/sshd/Makefile
M sys/kern/kern_prot.c
Log Message:
-----------
Fix two security issues:
1. sshd may link libpthread in the wrong order, shadowing libc functions and causing a possible DOS attack for connecting clients.
2. getlogin may leak kernel memory via a buffer that is copied without clearing.
Commit: 2289b1b9316cc062d26edc78c11a8b111cda026c
https://github.com/MidnightBSD/src/commit/2289b1b9316cc062d26edc78c11a8b111cda026c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-05 (Wed, 05 Nov 2014)
Changed paths:
M UPDATING
Log Message:
-----------
Document recent security updates, although they will be rolled up
Commit: 1539d1cfbbf0c77aac22dd638a207ca760ccdcde
https://github.com/MidnightBSD/src/commit/1539d1cfbbf0c77aac22dd638a207ca760ccdcde
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-06 (Thu, 06 Nov 2014)
Changed paths:
M .gitattributes
M UPDATING
A contrib/tzdata/CONTRIBUTING
M contrib/tzdata/Makefile
A contrib/tzdata/NEWS
A contrib/tzdata/README
A contrib/tzdata/Theory
M contrib/tzdata/africa
M contrib/tzdata/antarctica
M contrib/tzdata/asia
M contrib/tzdata/australasia
M contrib/tzdata/backward
A contrib/tzdata/backzone
A contrib/tzdata/checktab.awk
M contrib/tzdata/etcetera
M contrib/tzdata/europe
M contrib/tzdata/factory
M contrib/tzdata/iso3166.tab
A contrib/tzdata/leap-seconds.list
M contrib/tzdata/leapseconds
A contrib/tzdata/leapseconds.awk
M contrib/tzdata/northamerica
M contrib/tzdata/pacificnew
M contrib/tzdata/southamerica
M contrib/tzdata/systemv
M contrib/tzdata/yearistype.sh
M contrib/tzdata/zone.tab
A contrib/tzdata/zone1970.tab
A contrib/tzdata/zoneinfo2tdf.pl
M sys/conf/newvers.sh
Log Message:
-----------
0.5.6 includes sshd and getlogin security fixes plus updated timezone data (2014i)
Commit: 7442bf366cf7dc1c7e3f3019903000785e2558a6
https://github.com/MidnightBSD/src/commit/7442bf366cf7dc1c7e3f3019903000785e2558a6
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-09 (Sun, 09 Nov 2014)
Changed paths:
M .gitattributes
M contrib/perl/Configure
M contrib/perl/MANIFEST
R contrib/perl/ext/GDBM_File/GDBM_File.pm
R contrib/perl/ext/GDBM_File/GDBM_File.xs
R contrib/perl/ext/GDBM_File/Makefile.PL
R contrib/perl/ext/GDBM_File/hints/sco.pl
R contrib/perl/ext/GDBM_File/t/fatal.t
R contrib/perl/ext/GDBM_File/t/gdbm.t
R contrib/perl/ext/GDBM_File/typemap
M usr.bin/perl/BSDmakefile
Log Message:
-----------
turn off gdbm file extension in perl so there arent issues building current with the gdbm port installed
Commit: 1e46e71568eb19eaab9b067dc36b0934167e8cee
https://github.com/MidnightBSD/src/commit/1e46e71568eb19eaab9b067dc36b0934167e8cee
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-09 (Sun, 09 Nov 2014)
Changed paths:
M UPDATING
Log Message:
-----------
document perl fix
Commit: e9a7011f89698e46c5fc82d0b4ab9f4998c4073c
https://github.com/MidnightBSD/src/commit/e9a7011f89698e46c5fc82d0b4ab9f4998c4073c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-11-10 (Mon, 10 Nov 2014)
Changed paths:
M usr.bin/perl/BSDmakefile
Log Message:
-----------
fix symlink on amd64
Commit: fdbac52edc0b54eb04467d87dd9de48e4afa8795
https://github.com/MidnightBSD/src/commit/fdbac52edc0b54eb04467d87dd9de48e4afa8795
Author: Lucas Holt <luke at foolishgames.com>
Date: 2014-12-11 (Thu, 11 Dec 2014)
Changed paths:
M UPDATING
M contrib/file/elfclass.h
M contrib/file/readelf.c
M contrib/file/softmagic.c
M sys/conf/newvers.sh
Log Message:
-----------
0.5.7 RELEASE
Fix a security issue with file and libmagic that can allow
an attacker to create a denial of service attack on any
program that uses libmagic.
Commit: a792db2b51d37d55380eb45b305c6db879abf90f
https://github.com/MidnightBSD/src/commit/a792db2b51d37d55380eb45b305c6db879abf90f
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-01-14 (Wed, 14 Jan 2015)
Changed paths:
M COPYRIGHT
M UPDATING
M crypto/openssl/crypto/asn1/a_bitstr.c
M crypto/openssl/crypto/asn1/a_type.c
M crypto/openssl/crypto/asn1/a_verify.c
M crypto/openssl/crypto/asn1/asn1.h
M crypto/openssl/crypto/asn1/asn1_err.c
M crypto/openssl/crypto/asn1/tasn_dec.c
M crypto/openssl/crypto/asn1/x_algor.c
M crypto/openssl/crypto/bn/asm/mips3.s
M crypto/openssl/crypto/bn/asm/x86_64-gcc.c
M crypto/openssl/crypto/bn/bn_asm.c
M crypto/openssl/crypto/bn/bntest.c
M crypto/openssl/crypto/dsa/dsa_asn1.c
M crypto/openssl/crypto/ecdsa/ecs_vrf.c
M crypto/openssl/crypto/x509/x509.h
M crypto/openssl/crypto/x509/x_all.c
M crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
M crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
M crypto/openssl/ssl/d1_pkt.c
M crypto/openssl/ssl/d1_srvr.c
M crypto/openssl/ssl/s23_srvr.c
M crypto/openssl/ssl/s3_clnt.c
M crypto/openssl/ssl/s3_pkt.c
M crypto/openssl/ssl/s3_srvr.c
M crypto/openssl/ssl/ssl.h
M crypto/openssl/util/libeay.num
M crypto/openssl/util/ssleay.num
M sys/conf/newvers.sh
Log Message:
-----------
0.5.8 RELEASE
Fix several security issues with OpenSSL.
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL
due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference. [CVE-2014-3569]
An OpenSSL client will accept a handshake using an ephemeral ECDH
ciphersuite using an ECDSA certificate if the server key exchange message
is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. [CVE-2014-3570]
Commit: 6c9005f4c685a683b980ece866932c3c47d5a675
https://github.com/MidnightBSD/src/commit/6c9005f4c685a683b980ece866932c3c47d5a675
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-02-25 (Wed, 25 Feb 2015)
Changed paths:
M contrib/bind98/lib/dns/zone.c
Log Message:
-----------
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.
CVE-2015-1349
Commit: 7ad134f3108cc0a77064907a0ed45b0036f38b6d
https://github.com/MidnightBSD/src/commit/7ad134f3108cc0a77064907a0ed45b0036f38b6d
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-02-25 (Wed, 25 Feb 2015)
Changed paths:
M sys/netinet/igmp.c
Log Message:
-----------
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.
This can result in a DOS attack.
Commit: f71339b1535b6cf815ac695d2d77e9e261dd653e
https://github.com/MidnightBSD/src/commit/f71339b1535b6cf815ac695d2d77e9e261dd653e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-02-25 (Wed, 25 Feb 2015)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
0.5.9 RELEASE
Commit: 794fa3bc7a6ec01c5f27118a6d004665b2b8052b
https://github.com/MidnightBSD/src/commit/794fa3bc7a6ec01c5f27118a6d004665b2b8052b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-03-19 (Thu, 19 Mar 2015)
Changed paths:
M UPDATING
M crypto/openssl/crypto/asn1/a_type.c
M crypto/openssl/crypto/asn1/tasn_dec.c
M crypto/openssl/crypto/pkcs7/pk7_doit.c
M crypto/openssl/crypto/pkcs7/pk7_lib.c
M crypto/openssl/doc/crypto/d2i_X509.pod
M crypto/openssl/ssl/s2_lib.c
M crypto/openssl/ssl/s2_srvr.c
M secure/lib/libcrypto/man/d2i_X509.3
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.5.10 RELEASE
Fixes several security issues with OpenSSL
See UPDATING for details.
Commit: 2e57c3c83d59a5b6caac9701980a84b78952f2ae
https://github.com/MidnightBSD/src/commit/2e57c3c83d59a5b6caac9701980a84b78952f2ae
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-03-20 (Fri, 20 Mar 2015)
Changed paths:
M crypto/openssl/crypto/asn1/tasn_dec.c
M crypto/openssl/crypto/ec/ec_asn1.c
M crypto/openssl/crypto/x509/x509_req.c
Log Message:
-----------
Update to OpenSSL security patch to include CVE-2015-0209 and CVE-2015-0288
Commit: a1ad3012ee1b13996844b885254f5aa5b8d2760c
https://github.com/MidnightBSD/src/commit/a1ad3012ee1b13996844b885254f5aa5b8d2760c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-03-20 (Fri, 20 Mar 2015)
Changed paths:
M UPDATING
Log Message:
-----------
Update to OpenSSL security patch to include CVE-2015-0209 and CVE-2015-0288
Commit: 630bfb5a8b765133f22439d4e4d9dc4f498c0a7b
https://github.com/MidnightBSD/src/commit/630bfb5a8b765133f22439d4e4d9dc4f498c0a7b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-03-20 (Fri, 20 Mar 2015)
Changed paths:
M UPDATING
M bin/mksh/Makefile
M contrib/mksh/Build.sh
M contrib/mksh/check.t
M contrib/mksh/dot.mkshrc
M contrib/mksh/edit.c
M contrib/mksh/eval.c
M contrib/mksh/exec.c
M contrib/mksh/expr.c
M contrib/mksh/funcs.c
M contrib/mksh/histrap.c
M contrib/mksh/jobs.c
M contrib/mksh/lalloc.c
M contrib/mksh/lex.c
M contrib/mksh/main.c
M contrib/mksh/misc.c
M contrib/mksh/mksh.1
M contrib/mksh/sh.h
M contrib/mksh/shf.c
M contrib/mksh/syn.c
M contrib/mksh/var.c
Log Message:
-----------
update mksh to R50e as there are a number of regression bugs in the previous release that could cause users issues
Commit: f973953f6e93626e7f7655affb0a29e4415593a2
https://github.com/MidnightBSD/src/commit/f973953f6e93626e7f7655affb0a29e4415593a2
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-04-08 (Wed, 08 Apr 2015)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
M sys/netinet/igmp.c
M sys/netinet6/nd6_rtr.c
Log Message:
-----------
0.5.11 RELEASE
Fix two security vulnerabilities:
The previous fix for IGMP had an overflow issue. This has been corrected.
ipv6: The Neighbor Discover Protocol allows a local router to advertise a
suggested Current Hop Limit value of a link, which will replace
Current Hop Limit on an interface connected to the link on the MidnightBSD
system.
Obtained from: FreeBSD
Compare: https://github.com/MidnightBSD/src/compare/fa1e48e83227%5E...f973953f6e93
More information about the Midnightbsd-cvs
mailing list