MidnightBSD 0.7.2-RELEASE. Fix a security issue with bsnmpd configuration file installation.

bump os version

In rpcbind(8), netbuf structures are copied directly, which would result in
two netbuf structures that reference to one shared address buffer.  When one
of the two netbuf structures is freed, access to the other netbuf structure
would result in an undefined result that may crash the rpcbind(8) daemon.

 rename to flags

document build order change.

fix build with newer libarchive

mention security fixes

add the security patches for openssh w/ pam login and amd64 GS register handling

MidnightBSD 0.6.7 RELEASE

Fix security issues with amd64 register handling and OpenSSH /w pam enabled (default).

See UPDATING for details.

Create 0.7 stable branch.

MidnightBSD 0.6.5 release. Fix a security issue with routed.  If you do not use routed, you can skip this one.

TCP Resassemly resource exhaustion bug:

There is a mistake with the introduction of VNET, which converted the
global limit on the number of segments that could belong to reassembly
queues into a per-VNET limit.  Because mbufs are allocated from a
global pool, in the presence of a sufficient number of VNETs, the
total number of mbufs attached to reassembly queues can grow to the
total number of mbufs in the system, at which point all network
traffic would cease.

Obtained from: FreeBSD 8

MFC: Trim support for ZFS

bump version for OpenSSL patch

fix version number. we updated in 2014 to 5.19 but did not rebuild file

link mtree

0.5.11 RELEASE

Fix two security vulnerabilities:

The previous fix for IGMP had an overflow issue. This has been corrected.

ipv6: The Neighbor Discover Protocol allows a local router to advertise a
suggested Current Hop Limit value of a link, which will replace
Current Hop Limit on an interface connected to the link on the MidnightBSD
system.

Obtained from: FreeBSD

Update to OpenSSL security patch to include CVE-2015-0209 and CVE-2015-0288

MidnightBSD 0.5.10 RELEASE

Fixes several security issues with OpenSSL

See UPDATING for details.

An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.

This can result in a DOS attack.

        0.5.8 RELEASE

        Fix several security issues with OpenSSL.

        A carefully crafted DTLS message can cause a segmentation fault in OpenSSL
        due to a NULL pointer dereference. [CVE-2014-3571]

        A memory leak can occur in the dtls1_buffer_record function under certain
        conditions. [CVE-2015-0206]

        When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is
        received the ssl method would be set to NULL which could later result in
        a NULL pointer dereference.  [CVE-2014-3569]

        An OpenSSL client will accept a handshake using an ephemeral ECDH
        ciphersuite using an ECDSA certificate if the server key exchange message
        is omitted. [CVE-2014-3572]

        An OpenSSL client will accept the use of an RSA temporary key in a non-export
        RSA key exchange ciphersuite. [CVE-2015-0204]

        An OpenSSL server will accept a DH certificate for client authentication
        without the certificate verify message. [CVE-2015-0205]

        OpenSSL accepts several non-DER-variations of certificate signature
        algorithm and signature encodings.  OpenSSL also does not enforce a
        match between the signature algorithm between the signed and unsigned
        portions of the certificate. [CVE-2014-8275]

        Bignum squaring (BN_sqr) may produce incorrect results on some
        platforms, including x86_64. [CVE-2014-3570]

fix symlink on amd64

turn off gdbm file extension in perl so there arent issues building current with the gdbm port installed

Document recent security updates, although they will be rolled up

fix date of 0.5.4

0.5.5 RELEASE fixes an issue with tnftp by updating to the latest release 20141031. See CVE-2014-8517 for details

bump os version for mport fix

   0.5.3 RELEASE

        Fix several security vulnerabilities in OpenSSL, routed, rtsold,
        and namei with respect to Capsicum sandboxes looking up
        nonexistent path names and leaking memory.

        OpenSSL update adds some workarounds for the recent
        poodle vulnerability reported by Google.

        The input path in routed(8) will accept queries from any source and
        attempt to answer them.  However, the output path assumes that the
        destination address for the response is on a directly connected
        network.

        Due to a missing length check in the code that handles DNS parameters,
        a malformed router advertisement message can result in a stack buffer
        overflow in rtsold(8).

The input path in routed(8) will accept queries from any source and
attempt to answer them.  However, the output path assumes that the
destination address for the response is on a directly connected
network.

Obtained from: FreeBSD

A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak.  [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak.  [CVE-2014-3567].

The SSL protocol 3.0, as supported in OpenSSL and other products, supports
CBC mode encryption where it could not adequately check the integrity of
padding, because of the use of non-deterministic CBC padding.  This
protocol weakness makes it possible for an attacker to obtain clear text
data through a padding-oracle attack.

Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE [CVE-2014-3566].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade.

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them. [CVE-2014-3568].

Obtained from: OpenSSL, FreeBSD

0.5.2 - fix a regression with the mksh hotfix

MidnightBSD 0.5-RELEASE

20140916:
        Fix a security issue with TCP SYN.

        When a segment with the SYN flag for an already existing connection arrives,
        the TCP stack tears down the connection, bypassing a check that the
        sequence number in the segment is in the expected window.

Obtained from: FreeBSD

OpenSSL security patch:

        The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
        to consume large amounts of memory. [CVE-2014-3506]

        The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
        memory. [CVE-2014-3507]

        A flaw in OBJ_obj2txt may cause pretty printing functions such as
        X509_name_oneline, X509_name_print_ex et al. to leak some information from
        the stack. [CVE-2014-3508]

        OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
        a denial of service attack. [CVE-2014-3510]

mark as prerelease

note we're on prerelease.

Create 0.5 stable branch for upcoming 0.5-RELEASE

MidnightBSD 0.4-RELEASE-p12

MidnightBSD 0.4-RELEASE-p10

        Fix a TCP reassembly bug that could result in a DOS attack
        of the system. It may be possible to obtain portions
        of kernel memory as well.

0.4-p8 openssl fix.

remove cvs2svn:cvs-rev prop

-s flag missing from ssh-agent on startup. this causes a lot of duplicate ssh-agent

Move RELENG_0_1 to stable/0.1

Move RELENG_0_3 to stable/0.3

Create stable directory for storing RELENG_0_N branches, etc.