Revision
6055 -
Directory Listing
-
[select for diffs]
Modified
Fri Nov 29 22:11:16 2013 UTC
(10 years, 5 months ago)
by
laffer1
Diff to
previous 6036
Implement a compatibility fix for libc's iconv support to work with gettext and other GNU packages.
MidnightBSD 0.4-RELEASE-p5
Revision
6036 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 10 23:13:00 2013 UTC
(10 years, 7 months ago)
by
laffer1
Diff to
previous 6019
0.4-RELEASE-p3
nullfs(5)
The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
check whether the source and target of the link are both in the same
nullfs instance. It is therefore possible to create a hardlink from a
location in one nullfs instance to a file in another, as long as the
underlying (source) filesystem is the same.
ifioctl
As is commonly the case, the IPv6 and ATM network layer ioctl request
handlers are written in such a way that an unrecognized request is
passed on unmodified to the link layer, which will either handle it or
return an error code.
Network interface drivers, however, assume that the SIOCSIFADDR,
SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
handled at the network layer, and therefore do not perform input
validation or verify the caller's credentials. Typical link-layer
actions for these requests may include marking the interface as "up"
and resetting the underlying hardware.
Revision
5970 -
Directory Listing
-
[select for diffs]
Modified
Thu Aug 22 11:55:32 2013 UTC
(10 years, 8 months ago)
by
laffer1
Diff to
previous 5963
0.4-RELEASE-p2
Fix two security vulnerabilities.
Fix an integer overflow in IP_MSFILTER (IP MULTICAST). This could be exploited to read memory by a user process.
When initializing the SCTP state cookie being sent in INIT-ACK chunks,
a buffer allocated from the kernel stack is not completely initialized.
Patches obtained from: FreeBSD
Revision
5948 -
Directory Listing
-
[select for diffs]
Modified
Thu Aug 1 12:15:09 2013 UTC
(10 years, 9 months ago)
by
laffer1
Diff to
previous 5947
bump to p1 to cover the recent security issues.
Long term plan is to stop using p1, p2, p3, ... and increment release version like NetBSD does, but we'll "announce" that before making the change.
Revision
5919 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 3 10:54:46 2013 UTC
(10 years, 10 months ago)
by
laffer1
Diff to
previous 5918
dhclient will misinterpret the down/up cycle of fxp during init incorrectly and try to reconfigure the interface.
Revision
5916 -
Directory Listing
-
[select for diffs]
Modified
Tue Jun 18 12:32:37 2013 UTC
(10 years, 10 months ago)
by
laffer1
Diff to
previous 5915
Due to insufficient permission checks in the virtual memory system, a
tracing process (such as a debugger) may be able to modify portions of
the traced process's address space to which the traced process itself
does not have write access.
This error can be exploited to allow unauthorized modification of an
arbitrary file to which the attacker has read access, but not write
access. Depending on the file and the nature of the modifications,
this can result in privilege escalation.
To exploit this vulnerability, an attacker must be able to run
arbitrary code with user privileges on the target system.
Obtained from: FreeBSD
Revision
5042 -
Directory Listing
-
[select for diffs]
Modified
Thu Jul 19 02:27:26 2012 UTC
(11 years, 9 months ago)
by
laffer1
Diff to
previous 5028
Imported from FreeBSD 9-stable sources.
GNU binutils 2.17.50 (last GPLv2 release). Includes imporvements to x86 cpu support and new directives.
Revision
4897 -
Directory Listing
-
[select for diffs]
Modified
Wed May 30 22:06:51 2012 UTC
(11 years, 11 months ago)
by
laffer1
Diff to
previous 4895
MidnightBSD 0.3-RELEASE-p8
Fix a problem with cyrpt's DES implementation when used with non 7-bit ascii
passwords.
Revision
4885 -
Directory Listing
-
[select for diffs]
Modified
Thu May 3 18:25:44 2012 UTC
(12 years ago)
by
laffer1
Diff to
previous 4839
0.3-RELEASE-p6
OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer. This could include
sensitive contents of previously freed memory. [CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates
or RSA public keys. [CVE-2012-2110]
Revision
4200 -
Directory Listing
-
[select for diffs]
Modified
Wed Oct 5 02:08:00 2011 UTC
(12 years, 7 months ago)
by
laffer1
Diff to
previous 4167
Fix a problem with unix socket handling caused by the recent
patch to unix socket path handling. This allows network
apps to work under the linuxolator again.
Revision
3954 -
Directory Listing
-
[select for diffs]
Modified
Sat May 28 18:04:26 2011 UTC
(12 years, 11 months ago)
by
laffer1
Diff to
previous 3935
Fix a critical security hole in BIND 9.6.x with caching resolvers. Attackers can crash BIND.
CVE-2011-1910
MidnightBSD 0.3-RELEASE-p2
Revision
3675 -
Directory Listing
-
[select for diffs]
Modified
Thu Feb 3 14:43:49 2011 UTC
(13 years, 3 months ago)
by
laffer1
Diff to
previous 3674
While I'm at it, fix this. It was documented in the release notes, but it might as well be correct when someone does a source update using RELENG_0_3
Revision
3673 -
Directory Listing
-
[select for diffs]
Modified
Thu Feb 3 14:36:29 2011 UTC
(13 years, 3 months ago)
by
laffer1
Diff to
previous 3668
The version number reported in the .pc file for pkg-config is incorrect. This doesn't appear to affect any mports at this time, but it's not a good idea to falsly advertise in case there are version specific bugs.
this doesn't affect current as it's got a newer version of sqlite3.
Revision
3648 -
Directory Listing
-
[select for diffs]
Modified
Sun Jan 30 03:42:05 2011 UTC
(13 years, 3 months ago)
by
laffer1
Diff to
previous 3647
Add xfce4 to the packages on the cdroms and make sure a few things are on disc 1. while we're at it, add pidgin as it's rather useful on desktops.
Revision
3643 -
Directory Listing
-
[select for diffs]
Modified
Sat Jan 29 03:27:47 2011 UTC
(13 years, 3 months ago)
by
laffer1
Diff to
previous 3642
Disable the firewall and install xorg for all three cases.
While the user may have installed xorg from the installation media, some users did not during 0.2. Let's be sure x is there.
I'd like to setup .xinitrc files for each user (or modify the global xinitrc file) but that seems like something the installer should handle directly in the future during user creation. Just document it needs to be done for now.
Revision
3604 -
Directory Listing
-
[select for diffs]
Modified
Mon Jan 10 04:13:48 2011 UTC
(13 years, 4 months ago)
by
laffer1
Diff to
previous 3594
I suspect this won't work with destdir properly yet, but it does create a symlink for libperl.so so that applications can find it.
A better solution should be devised.
Revision
3577 -
Directory Listing
-
[select for diffs]
Modified
Fri Dec 10 00:53:34 2010 UTC
(13 years, 5 months ago)
by
laffer1
Diff to
previous 3574
MFC:
When reopening a stream backed by an open file descriptor, do not close
the existing file descriptor. Instead, let dup2() atomically close the
old file descriptor when assigning the newly opened file to the same
descriptor. This closes a race in a multithreaded application where a
concurrent open() could allocate the existing file descriptor in between
the calls to close() and dup2().
Revision
3573 -
Directory Listing
-
[select for diffs]
Modified
Tue Nov 30 14:03:18 2010 UTC
(13 years, 5 months ago)
by
laffer1
Diff to
previous 3569
A double free exists in the SSL client ECDH handling code, when
processing specially crafted public keys with invalid prime
numbers. [CVE-2010-2939]
Revision
3539 -
Directory Listing
-
[select for diffs]
Modified
Sun Oct 17 00:32:02 2010 UTC
(13 years, 6 months ago)
by
laffer1
Diff to
previous 3535
A problem was found with the cvstrac port related to the pkgconfig file for sqlite3. A library that does not exist was included.
Revision
3378 -
Directory Listing
-
[select for diffs]
Modified
Sun Mar 21 19:41:44 2010 UTC
(14 years, 1 month ago)
by
laffer1
Diff to
previous 3349
Remove "bootstrapping" check. We want to continue builds in tinderbox and this was a freebsd version not the new midnightbsd versions.
Revision
3035 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 29 15:38:00 2009 UTC
(14 years, 9 months ago)
by
laffer1
Diff to
previous 3025
Patch for Bind 9 security vulnerability. a dynmaic update packet can trigger an assertion and cause named to exit
Revision
3023 -
Directory Listing
-
[select for diffs]
Modified
Wed Jun 10 15:45:25 2009 UTC
(14 years, 11 months ago)
by
laffer1
Diff to
previous 3022
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check.
Don't let everyone on the planet (with local access) change the properties on the ipv6 interfaces.
Revision
2844 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 22 18:19:11 2009 UTC
(15 years ago)
by
laffer1
Diff to
previous 2717
MidnightBSD 0.2.1-RELEASE-p8
OpenSSL security update
The function ASN1_STRING_print_ex does not properly validate the lengths
of BMPString or UniversalString objects before attempting to print them.
Revision
2478 -
Directory Listing
-
[select for diffs]
Modified
Wed Dec 31 14:27:53 2008 UTC
(15 years, 4 months ago)
by
laffer1
Diff to
previous 2433
MidnightBSD security update: Correct a problem where bluetooth and netgraph sockets are not initialized properly.
Revision
1889 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 30 04:37:27 2008 UTC
(15 years, 7 months ago)
by
laffer1
Diff to
previous 1888
Bump patch level to signify ftp, icmp, .. patches.
We should start doing this until we're on the new mport tools. At that point, the os version won't impact nearly as much and we can start using version number increments like 0.2.2, 0.2.3, etc.
Revision
1864 -
Directory Listing
-
[select for diffs]
Modified
Mon Sep 29 12:29:56 2008 UTC
(15 years, 7 months ago)
by
laffer1
Diff to
previous 1808
Don't split large commands into multiple commands on a 512-byte
boundary but just fail on them. This prevents CSRF-like attacks,
when a web browser is used to access an ftp server.
Reported to OpenBSD by Maksymilian Arciemowicz <cxib@securityreason.com>
Also includes a command "500 Command too long" as part of a revised patch by Luke Mewburn.
http://web.nvd.nist.gov/view/vuln/detail;jsessionid=df97c3e18c5c787b6c316f886ad5?execution=e1s1
CVE-2008-4247
Revision
1778 -
Directory Listing
-
[select for diffs]
Modified
Sat Aug 30 20:00:56 2008 UTC
(15 years, 8 months ago)
by
laffer1
Diff to
previous 1777
The port asks you if you want to run it and we enable boot time reporting anyway. Just remove the explicit initialization of firstboot
Revision
1777 -
Directory Listing
-
[select for diffs]
Modified
Sat Aug 30 16:36:06 2008 UTC
(15 years, 8 months ago)
by
laffer1
Diff to
previous 1776
Build depends can be larger that our buffer for some of the larger situations. Allow us to ignore things we don't need to know about.
Revision
1776 -
Directory Listing
-
[select for diffs]
Modified
Sat Aug 30 16:33:16 2008 UTC
(15 years, 8 months ago)
by
laffer1
Diff to
previous 1775
Remove extra fields in device.c and update index.c to include new port categories added since the last release and remove some of the older tcl/tk categories.
Revision
1766 -
Directory Listing
-
[select for diffs]
Modified
Tue Aug 26 19:05:29 2008 UTC
(15 years, 8 months ago)
by
laffer1
Diff to
previous 1765
Add kdm enable code so anyone using the sysinstall to add KDE can get a gui desktop easier.
Add bsdstats enable and pkg_add -r bsdstats to fetch it if it's not installed after asking the user. This will let more installs get reported.
If a user selects a gui destkop and has not installed kde, slim + windowmaker are fetched.
Revision
1742 -
Directory Listing
-
[select for diffs]
Modified
Sun Jul 13 21:31:00 2008 UTC
(15 years, 9 months ago)
by
laffer1
Diff to
previous 1740
Work in progress. Modify the package-split to use 3 cds.
Add kde-lite (if svn is fixed, full kde can be used), wine, portupgrade, bash3, ...
Remove bash2
Revision
1722 -
Directory Listing
-
[select for diffs]
Modified
Thu Jul 3 23:56:06 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1720
We've been having problems creating live cds since I've connected pcc to the build. There are some subtle problems with the layout of the Makefile.inc files + paths in relation to setting DESTDIR. This results in a double destdir for some of pcc. This didn't seem to happen on tinderbox which is very strange.
Revision
1720 -
Directory Listing
-
[select for diffs]
Modified
Thu Jul 3 23:42:36 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1712
Bug 128.
The truncated output of dhcp was caused by using strlcpy. I didn't do a very good job of looking at the usages, and each of these fields is passed to the function as a char *, which explains the 3 character cutoff. The length is not passed with the char *'s.
Revision
1706 -
Directory Listing
-
[select for diffs]
Modified
Mon Jun 30 06:31:52 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1682
Add phk's macros for bus_read_x and bus_write_x. In combination with a few other things, this should make porting easier.
Revision
1667 -
Directory Listing
-
[select for diffs]
Modified
Fri Jun 27 16:06:32 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1666
Connect pcc to the build on i386. (we don't have an amd64 version in yet)
The path for the pcc binary was still pointed at /usr/local/, adjust it as necessary.
Revision
1666 -
Directory Listing
-
[select for diffs]
Modified
Fri Jun 27 07:29:58 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1665
Fix spacing of GEOM_LABEL option.
Add WEP/WPA support to GENERIC.
Enable firmware(9) for future use with wireless devices.
Revision
1660 -
Directory Listing
-
[select for diffs]
Modified
Wed Jun 25 19:33:24 2008 UTC
(15 years, 10 months ago)
by
laffer1
Diff to
previous 1659
install pcc into /usr/bin and /usr/libexec now. Do not install man pages as they conflict with gcc. programs: pcc, pccom, pcpp
Revision
1497 -
Directory Listing
-
[select for diffs]
Modified
Sun Apr 20 16:55:46 2008 UTC
(16 years ago)
by
laffer1
Diff to
previous 1496
Add a new macro, sx_xlocked(), that returns true if the current thread holds an exclusive lock on the specified sx lock.
Revision
1496 -
Directory Listing
-
[select for diffs]
Modified
Sun Apr 20 16:53:44 2008 UTC
(16 years ago)
by
laffer1
Diff to
previous 1495
Fix a problem with OpenSSH which allows remote authenitcated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Obtained from OpenBSD/DragonFly.
This only affects OpenSSH prior to 4.9 and thus does not affect CURRENT.
Revision
1414 -
Directory Listing
-
[select for diffs]
Modified
Sat Mar 8 03:20:27 2008 UTC
(16 years, 2 months ago)
by
laffer1
Diff to
previous 1401
The atheros driver should have had these options set as well. Fixes a tinderbox issue. This should never have hapened.
Revision
1266 -
Directory Listing
-
[select for diffs]
Modified
Wed Oct 3 23:47:52 2007 UTC
(16 years, 7 months ago)
by
laffer1
Diff to
previous 1233
Fix a security issue with openssl.
For applications using the SSL_get_shared_ciphers() function, the
buffer overflow could allow an attacker to crash or potentially
execute arbitrary code with the permissions of the user running the
application. (freebsd advisory text).
Revision
1229 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 11 22:37:48 2007 UTC
(16 years, 8 months ago)
by
laffer1
Diff to
previous 1225
Obtained from FreeBSD:
Add -Btime, -Bnewer, -Bmin, -newerB[Bacmt], -newer[acmt]B options to
work with the st_birthtime field of struct stat.
'B' has been chosen to match the format specifier from stat(1).
$MidnightBSD$
Revision
1146 -
Directory Listing
-
[select for diffs]
Modified
Tue Aug 7 01:06:17 2007 UTC
(16 years, 9 months ago)
by
ctriv
Diff to
previous 1145
0.1 was still using bsd.port.mk, instead of bsd.mport.mk. This caused breakages in ports because many ports have been updated to only work with bsd.mport.mk.
Revision
1145 -
Directory Listing
-
[select for diffs]
Modified
Mon Aug 6 20:11:49 2007 UTC
(16 years, 9 months ago)
by
laffer1
Diff to
previous 1140
Fix the tag so it checks out RELENG_0_1 instead of CURRENT. Someone might be infor a nasty surprise without this.
Revision
1132 -
Directory Listing
-
[select for diffs]
Modified
Thu Aug 2 08:30:37 2007 UTC
(16 years, 9 months ago)
by
laffer1
Diff to
previous 1131
Fix interaction with Windows 2000/XP servers. Directories with exactly 50 entries (newly created) can cause a weird error. This is noticable using rsync.
Revision
1007 -
Directory Listing
-
[select for diffs]
Modified
Fri May 25 18:45:56 2007 UTC
(16 years, 11 months ago)
by
laffer1
Diff to
previous 998
Apply FreeBSD-SA-07:04.file as it effects us as well.
Here is an excert from that advisory:
When writing data into a buffer in the file_printf function, the length
of the unused portion of the buffer is not correctly tracked, resulting
in a buffer overflow when processing certain files.
Revision
921 -
Directory Listing
-
[select for diffs]
Modified
Tue Apr 10 00:00:26 2007 UTC
(17 years, 1 month ago)
by
laffer1
Diff to
previous 919
Import cvs-1.11.22. The previous import included several security vulnerabilities and failed sanity-check.
Revision
919 -
Directory Listing
-
[select for diffs]
Modified
Tue Apr 10 00:00:25 2007 UTC
(17 years, 1 month ago)
by
laffer1
Diff to
previous 914
Import cvs-1.11.22. The previous import included several security vulnerabilities and failed sanity-check.