[Midnightbsd-cvs] [MidnightBSD/src] aa0701: Create 0.7 stable branch.
Lucas Holt
noreply at github.com
Mon Mar 16 11:52:03 EDT 2020
Branch: refs/heads/stable/0.7
Home: https://github.com/MidnightBSD/src
Commit: aa07011fdda980511e81dfd067ca4cfe9abe93a9
https://github.com/MidnightBSD/src/commit/aa07011fdda980511e81dfd067ca4cfe9abe93a9
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-23 (Sun, 23 Aug 2015)
Changed paths:
Log Message:
-----------
Create 0.7 stable branch.
Commit: 841d4b118e589c4d6165a62dbf2c34b6d6ca8905
https://github.com/MidnightBSD/src/commit/841d4b118e589c4d6165a62dbf2c34b6d6ca8905
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-25 (Tue, 25 Aug 2015)
Changed paths:
M crypto/openssh/monitor.c
M crypto/openssh/monitor_wrap.c
M crypto/openssh/mux.c
M sys/amd64/amd64/exception.S
M sys/amd64/amd64/machdep.c
M sys/amd64/amd64/trap.c
Log Message:
-----------
add the security patches for openssh w/ pam login and amd64 GS register handling
Commit: c1aacd1c0f83d8d5985f77b0a400d813474a8956
https://github.com/MidnightBSD/src/commit/c1aacd1c0f83d8d5985f77b0a400d813474a8956
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-25 (Tue, 25 Aug 2015)
Changed paths:
M UPDATING
Log Message:
-----------
fix the dates. copy and paste can go wrong
Commit: 4bcb297cd8de1bd97693cc4923717a31db95371c
https://github.com/MidnightBSD/src/commit/4bcb297cd8de1bd97693cc4923717a31db95371c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-25 (Tue, 25 Aug 2015)
Changed paths:
M UPDATING
Log Message:
-----------
mention security fixes
Commit: 242879da963d6265ff3443a375c7951ab8004a93
https://github.com/MidnightBSD/src/commit/242879da963d6265ff3443a375c7951ab8004a93
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-25 (Tue, 25 Aug 2015)
Changed paths:
M UPDATING
Log Message:
-----------
document stable branch creation
Commit: 9eaab95ba7c57de38b477455ad8087abbdfdb719
https://github.com/MidnightBSD/src/commit/9eaab95ba7c57de38b477455ad8087abbdfdb719
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-30 (Sun, 30 Aug 2015)
Changed paths:
M usr.sbin/bsdinstall/distextract/distextract.c
Log Message:
-----------
fix build with newer libarchive
Commit: 1910048524e4087841901a4d08f5cdb7a5284357
https://github.com/MidnightBSD/src/commit/1910048524e4087841901a4d08f5cdb7a5284357
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-30 (Sun, 30 Aug 2015)
Changed paths:
M Makefile.inc1
Log Message:
-----------
fix bootstrap to include kerberos tools and m4
Commit: 18977d99ed0381105f351734519b7ed5052ab7d8
https://github.com/MidnightBSD/src/commit/18977d99ed0381105f351734519b7ed5052ab7d8
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-08-30 (Sun, 30 Aug 2015)
Changed paths:
M UPDATING
Log Message:
-----------
document build order change.
Commit: 91c114e2e05abeacb45972c20e232403a47c30d7
https://github.com/MidnightBSD/src/commit/91c114e2e05abeacb45972c20e232403a47c30d7
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-09-04 (Fri, 04 Sep 2015)
Changed paths:
M sys/dev/usb/quirk/usb_quirk.c
M sys/dev/usb/quirk/usb_quirk.h
M sys/dev/usb/serial/uftdi.c
Log Message:
-----------
sync usb with current
Commit: de3d99d4503d2c51c524fdccc3e0655604a7342c
https://github.com/MidnightBSD/src/commit/de3d99d4503d2c51c524fdccc3e0655604a7342c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-09-04 (Fri, 04 Sep 2015)
Changed paths:
M sys/i386/ibcs2/ibcs2_fcntl.c
M sys/i386/ibcs2/syscalls.master
Log Message:
-----------
rename to flags
Commit: 26945597d33c1917b4acbb152c74f0cd2f8e601b
https://github.com/MidnightBSD/src/commit/26945597d33c1917b4acbb152c74f0cd2f8e601b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-09-05 (Sat, 05 Sep 2015)
Changed paths:
M UPDATING
Log Message:
-----------
document annoyance
Commit: 2a09589514064a1e36130435b84a003d651d13ed
https://github.com/MidnightBSD/src/commit/2a09589514064a1e36130435b84a003d651d13ed
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-09-30 (Wed, 30 Sep 2015)
Changed paths:
M UPDATING
M usr.sbin/rpcbind/rpcb_svc_com.c
Log Message:
-----------
patch rpcbind in 0.7
Commit: 77a80826c064d7480560444db6ddf0455c07bcd7
https://github.com/MidnightBSD/src/commit/77a80826c064d7480560444db6ddf0455c07bcd7
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-09-30 (Wed, 30 Sep 2015)
Changed paths:
M sys/conf/newvers.sh
Log Message:
-----------
bump os version
Commit: 1f9391bb68f8980feec434520669dd2181d77194
https://github.com/MidnightBSD/src/commit/1f9391bb68f8980feec434520669dd2181d77194
Author: Lucas Holt <luke at foolishgames.com>
Date: 2015-10-03 (Sat, 03 Oct 2015)
Changed paths:
M UPDATING
M usr.sbin/rpcbind/rpcb_svc_com.c
Log Message:
-----------
Revised rpcbind(8) patch to fix issues with NIS
Commit: 0661770a3755e0f4b6e3ecfa35105547fe8714fa
https://github.com/MidnightBSD/src/commit/0661770a3755e0f4b6e3ecfa35105547fe8714fa
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-14 (Thu, 14 Jan 2016)
Changed paths:
M UPDATING
M etc/Makefile
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.2-RELEASE. Fix a security issue with bsnmpd configuration file installation.
Commit: 4376d61e9014d133c8e00b08197372bf3ffcd4c3
https://github.com/MidnightBSD/src/commit/4376d61e9014d133c8e00b08197372bf3ffcd4c3
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-14 (Thu, 14 Jan 2016)
Changed paths:
M UPDATING
M sys/netinet/tcp_output.c
Log Message:
-----------
TCP MD5 signature denial of service fix
Commit: 09800b75bf8d3cf4d3c74264e0640335347daf75
https://github.com/MidnightBSD/src/commit/09800b75bf8d3cf4d3c74264e0640335347daf75
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-14 (Thu, 14 Jan 2016)
Changed paths:
M sys/netinet6/sctp6_usrreq.c
Log Message:
-----------
A lack of proper input checks in the ICMPv6 processing in the SCTP stack
can lead to either a failed kernel assertion or to a NULL pointer
dereference. In either case, a kernel panic will follow.
Obtained from: FreeBSD
Commit: 6808a3ab84da96ba153b5ebd75377589bab29e4e
https://github.com/MidnightBSD/src/commit/6808a3ab84da96ba153b5ebd75377589bab29e4e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-14 (Thu, 14 Jan 2016)
Changed paths:
M UPDATING
Log Message:
-----------
document SCTP update
Commit: 52b2324006f92e55421030e69c3043a12ae80af3
https://github.com/MidnightBSD/src/commit/52b2324006f92e55421030e69c3043a12ae80af3
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-15 (Fri, 15 Jan 2016)
Changed paths:
M UPDATING
M sys/amd64/linux32/linux32_proto.h
M sys/amd64/linux32/linux32_systrace_args.c
M sys/amd64/linux32/syscalls.master
M sys/compat/linux/linux_futex.c
M sys/compat/linux/linux_misc.c
M sys/conf/newvers.sh
M sys/i386/linux/syscalls.master
M sys/kern/kern_prot.c
M sys/sys/ucred.h
Log Message:
-----------
MidnightBSD 0.7.3. Fix two issues with linuxolator
Commit: 2ffc05681afd639f96127a41a5a2834d00e734da
https://github.com/MidnightBSD/src/commit/2ffc05681afd639f96127a41a5a2834d00e734da
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-15 (Fri, 15 Jan 2016)
Changed paths:
M UPDATING
M crypto/openssl/crypto/asn1/tasn_dec.c
M crypto/openssl/crypto/rsa/rsa_ameth.c
Log Message:
-----------
Fix 3 issues in OpenSSL
Commit: 4b1e3757b5dd9d6f619c0fb085a21ed624f4a23e
https://github.com/MidnightBSD/src/commit/4b1e3757b5dd9d6f619c0fb085a21ed624f4a23e
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-15 (Fri, 15 Jan 2016)
Changed paths:
M crypto/openssh/ssh_config
Log Message:
-----------
turn off roaming.
Commit: bdbca5679f61acf59e7716206255423ca1cd5f9b
https://github.com/MidnightBSD/src/commit/bdbca5679f61acf59e7716206255423ca1cd5f9b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-15 (Fri, 15 Jan 2016)
Changed paths:
M UPDATING
M crypto/openssh/readconf.c
M crypto/openssh/ssh.c
Log Message:
-----------
Disable roaming to prevent OpenSSH security issue in the client
Commit: 530387d023c6e111822b12f2e2208ac0d7e45602
https://github.com/MidnightBSD/src/commit/530387d023c6e111822b12f2e2208ac0d7e45602
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-01-30 (Sat, 30 Jan 2016)
Changed paths:
M UPDATING
M crypto/openssl/ssl/s2_srvr.c
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.4 RELEASE
OpenSSL CVE-2015-3197
A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
Commit: 49e82699c84ecc2f60fc6f5654d8ff3d0f52d640
https://github.com/MidnightBSD/src/commit/49e82699c84ecc2f60fc6f5654d8ff3d0f52d640
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths:
M sys/amd64/linux32/linux32_sysvec.c
M sys/i386/linux/linux_sysvec.c
Log Message:
-----------
A programming error in the Linux compatibility layer could cause the
issetugid(2) system call to return incorrect information.
Obtained from: FreeBSD
Commit: 46908f4cd64e1b12ec82da5b8a55111d11f5c80b
https://github.com/MidnightBSD/src/commit/46908f4cd64e1b12ec82da5b8a55111d11f5c80b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths:
M UPDATING
Log Message:
-----------
linuxolator security update
Commit: 1d06b94778a92589a43b67f30ef830c588ab7549
https://github.com/MidnightBSD/src/commit/1d06b94778a92589a43b67f30ef830c588ab7549
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-02-26 (Fri, 26 Feb 2016)
Changed paths:
M lib/libmport/index.c
M lib/libmport/mport.h
Log Message:
-----------
MFC: add mport_list_index function needed by the new mport-manager
Commit: af9b1cb835048d30a16e590ec115579e52a68192
https://github.com/MidnightBSD/src/commit/af9b1cb835048d30a16e590ec115579e52a68192
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-10 (Thu, 10 Mar 2016)
Changed paths:
M crypto/openssl/apps/s_server.c
M crypto/openssl/crypto/bio/b_print.c
M crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
M crypto/openssl/crypto/bn/bn.h
M crypto/openssl/crypto/bn/bn_exp.c
M crypto/openssl/crypto/bn/bn_print.c
M crypto/openssl/crypto/dsa/dsa_ameth.c
M crypto/openssl/crypto/perlasm/x86_64-xlate.pl
M crypto/openssl/crypto/srp/srp.h
M crypto/openssl/crypto/srp/srp_vfy.c
M crypto/openssl/ssl/s2_lib.c
M crypto/openssl/ssl/s3_lib.c
M crypto/openssl/ssl/ssl_lib.c
M crypto/openssl/util/libeay.num
M secure/lib/libcrypto/amd64/x86_64-mont5.S
Log Message:
-----------
OpenSSL security patch for DROWN
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP
or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability
is known as DROWN. [CVE-2016-0800]
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare. [CVE-2016-0705]
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. [CVE-2016-0798]
In the BN_hex2bn function, the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL pointer dereference. For very large values of
|i|, the calculation |i * 4| could be a positive value smaller than |i|. In
this case memory is allocated to the internal BIGNUM data field, but it is
insufficiently sized leading to heap corruption. A similar issue exists in
BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is
ever called by user applications with very large untrusted hex/dec data. This
is anticipated to be a rare occurrence. [CVE-2016-0797]
The internal |fmtstr| function used in processing a "%s" formatted string in
the BIO_*printf functions could overflow while calculating the length of
a string and cause an out-of-bounds read when printing very long strings.
[CVE-2016-0799]
A side-channel attack was found which makes use of cache-bank conflicts on the
Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA
keys. [CVE-2016-0702]
s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they displace encrypted-key
bytes. [CVE-2016-0703]
s2_srvr.c overwrites the wrong bytes in the master key when applying
Bleichenbacher protection for export cipher suites. [CVE-2016-0704]
Obtained from: OpenSSL & FreeBSD
Commit: fa86bb4abc64d4bed3f7d546d821de1c314bba6b
https://github.com/MidnightBSD/src/commit/fa86bb4abc64d4bed3f7d546d821de1c314bba6b
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-10 (Thu, 10 Mar 2016)
Changed paths:
M UPDATING
Log Message:
-----------
mention openssl patch
Commit: 289d114e1e328150937e023d1a8ab0fd259543ba
https://github.com/MidnightBSD/src/commit/289d114e1e328150937e023d1a8ab0fd259543ba
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-10 (Thu, 10 Mar 2016)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.5 RELEASE
Commit: 743a696b0f9e327a88203cdfdb19e24a7363a1a5
https://github.com/MidnightBSD/src/commit/743a696b0f9e327a88203cdfdb19e24a7363a1a5
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-17 (Thu, 17 Mar 2016)
Changed paths:
M UPDATING
M crypto/openssh/session.c
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.6 RELEASE
OpenSSH doesn't have the luck of the Irish.
Fix a security issue with OpenSSH X11 forwarding that can allow an attacker
run shell commands on the call to xauth.
Commit: c2c55895ff2ed542439133f6dba6e09103b237bd
https://github.com/MidnightBSD/src/commit/c2c55895ff2ed542439133f6dba6e09103b237bd
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-17 (Thu, 17 Mar 2016)
Changed paths:
M UPDATING
M sys/amd64/amd64/sys_machdep.c
Log Message:
-----------
Incorrect argument validation in sysarch(2)
A special combination of sysarch(2) arguments, specify a request to
uninstall a set of descriptors from the LDT. The start descriptor
is cleared and the number of descriptors are provided. Due to invalid
use of a signed intermediate value in the bounds checking during argument
validity verification, unbound zero'ing of the process LDT and adjacent
memory can be initiated from usermode.
Patch obtained from FreeBSD.
Commit: 49a20a89dcc611f6211a4f5b3a4d0d73fe72f8c7
https://github.com/MidnightBSD/src/commit/49a20a89dcc611f6211a4f5b3a4d0d73fe72f8c7
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-03-24 (Thu, 24 Mar 2016)
Changed paths:
M usr.sbin/mport/mport.c
Log Message:
-----------
fix some warnings
Commit: 05c9884fcc73b6e9d93d1c956cd3b7c14d415c07
https://github.com/MidnightBSD/src/commit/05c9884fcc73b6e9d93d1c956cd3b7c14d415c07
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-05 (Thu, 05 May 2016)
Changed paths:
M crypto/openssl/crypto/asn1/a_type.c
M crypto/openssl/crypto/asn1/tasn_dec.c
M crypto/openssl/crypto/asn1/tasn_enc.c
M crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
M crypto/openssl/crypto/evp/encode.c
M crypto/openssl/crypto/evp/evp_enc.c
M crypto/openssl/crypto/x509/x509_obj.c
Log Message:
-----------
OpenSSL security patch
The padding check in AES-NI CBC MAC was rewritten to be in constant time
by making sure that always the same bytes are read and compared against
either the MAC or padding bytes. But it no longer checked that there was
enough data to have both the MAC and padding bytes. [CVE-2016-2107]
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. [CVE-2016-2105]
An overflow can occur in the EVP_EncryptUpdate() function, however it is
believed that there can be no overflows in internal code due to this problem.
[CVE-2016-2106]
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
[CVE-2016-2109]
Commit: f17b3f51b21ab283eeed8d8d196d2d4325369f0d
https://github.com/MidnightBSD/src/commit/f17b3f51b21ab283eeed8d8d196d2d4325369f0d
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-05 (Thu, 05 May 2016)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.7-RELEASE
Commit: f0a1587e31e4d0072ab636683cfa837030af7f90
https://github.com/MidnightBSD/src/commit/f0a1587e31e4d0072ab636683cfa837030af7f90
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-19 (Thu, 19 May 2016)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.8
Commit: c6491472b3a51d6e0964d63d57c211faeb8fcfd2
https://github.com/MidnightBSD/src/commit/c6491472b3a51d6e0964d63d57c211faeb8fcfd2
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-31 (Tue, 31 May 2016)
Changed paths:
M sys/compat/linux/linux_ioctl.c
M sys/compat/linux/linux_misc.c
Log Message:
-----------
fix a security vulnerability with linux emulation layer. the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland.
Commit: e2bce8909a5a6cca440992f5c3b46b58a099d259
https://github.com/MidnightBSD/src/commit/e2bce8909a5a6cca440992f5c3b46b58a099d259
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-31 (Tue, 31 May 2016)
Changed paths:
M sys/kern/vfs_syscalls.c
Log Message:
-----------
Legacy stat(2) system call for compat bsd43 does not clear the output struct before copying it out to userland.
Commit: 99becfa1de64b1e76ce75cbfb81bcfefeda9fc1a
https://github.com/MidnightBSD/src/commit/99becfa1de64b1e76ce75cbfb81bcfefeda9fc1a
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-31 (Tue, 31 May 2016)
Changed paths:
M contrib/libarchive/cpio/bsdcpio.1
M contrib/libarchive/cpio/cpio.c
M contrib/libarchive/libarchive/archive.h
M contrib/libarchive/libarchive/archive_write.c
M contrib/libarchive/libarchive/archive_write_disk.3
M contrib/libarchive/libarchive/archive_write_disk.c
M contrib/libarchive/libarchive/test/test_write_disk_secure.c
Log Message:
-----------
Fix two security issues with libarchive. The first affects cpio and prevents directory traversal. The second is an integer signedness error
Commit: 90ccf9ca2b924c72d91e52cebb3192d30a23c713
https://github.com/MidnightBSD/src/commit/90ccf9ca2b924c72d91e52cebb3192d30a23c713
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-05-31 (Tue, 31 May 2016)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
MidnightBSD 0.7.9 RELEASE
Commit: 5b33731475500a1c0415b45c52365dfeea65c3cb
https://github.com/MidnightBSD/src/commit/5b33731475500a1c0415b45c52365dfeea65c3cb
Author: Lucas Holt <luke at foolishgames.com>
Date: 2016-07-25 (Mon, 25 Jul 2016)
Changed paths:
M usr.bin/bsdiff/bspatch/bspatch.c
Log Message:
-----------
security patch to prevent attackers from modifying a file
Compare: https://github.com/MidnightBSD/src/compare/aa07011fdda9%5E...5b3373147550
More information about the Midnightbsd-cvs
mailing list