../
|
amd64/
|
3775
(13 years ago)
by laffer1:
add igb(4)
|
boot/
|
3959
(12 years ago)
by laffer1:
Use real mode to invoke BIOS routines rather than virtual 86 mode.
Obtained from: FreeBSD 7.1 circa Aug 2008
|
bsm/
|
2333
(15 years ago)
by laffer1:
$MidnightBSD$
|
cam/
|
3914
(13 years ago)
by laffer1:
knlist_* is defined in event.h. Fix lint build
|
cddl/
|
3221
(14 years ago)
by laffer1:
ZFS is a file-system originally developed by Sun Microsystems.
The ZFS Intent Log ("ZIL") is a mechanism that gathers together in memory
transactions of writes, and is flushed onto disk when synchronous
semantics is necessary. In the event of crash or power failure, the
log is examined and the uncommitted transaction would be replayed to
maintain the synchronous semantics.
When replaying setattr transaction, the replay code would set the
attributes with certain insecure defaults, when the logged
transaction did not touch these attributes.
A system crash or power fail would leave some file with mode set
to 07777. This could leak sensitive information or cause privilege
escalation.
Based on FreeBSD security advisory SA-10:03.zfs (freebsd 7.x)
|
compat/
|
3993
(12 years ago)
by laffer1:
mostly cosmetic changes
|
conf/
|
3781
(13 years ago)
by laffer1:
Add tcp lro
|
contrib/
|
2975
(14 years ago)
by laffer1:
Wow this was foobar
|
crypto/
|
2196
(15 years ago)
by laffer1:
merge
|
ddb/
|
2333
(15 years ago)
by laffer1:
$MidnightBSD$
|
dev/
|
3903
(13 years ago)
by laffer1:
Remove extra version checks we don't need.
|
fs/
|
3909
(13 years ago)
by laffer1:
Handle the special ruleset 0 in devfs_ruleset_use(). An attempt set the
current ruleset to 0 with command "devfs ruleset 0" triggered a KASSERT
in devfs_ruleset_create().
|
gdb/
|
2333
(15 years ago)
by laffer1:
$MidnightBSD$
|
geom/
|
2333
(15 years ago)
by laffer1:
$MidnightBSD$
|
gnu/
|
2594
(15 years ago)
by laffer1:
Forced commit to note the patch came from Jaakko Heinonen
|
i386/
|
3775
(13 years ago)
by laffer1:
add igb(4)
|
isa/
|
2333
(15 years ago)
by laffer1:
$MidnightBSD$
|
kern/
|
3910
(13 years ago)
by laffer1:
Add a wrapper around knlist_init
|
libkern/
|
2607
(15 years ago)
by laffer1:
remove arm/ia64 cruft
|
modules/
|
3888
(13 years ago)
by laffer1:
tag
|
net/
|
3921
(13 years ago)
by laffer1:
Fix a 16 year old bug in the sorting routine for non-contiguous netmasks.
For masks of identical length rn_lexobetter() did not stop on the
first non-equal byte. This leads rn_addroute() to not detecting
duplicate entries and thus we might create a very long list of masks
to check for each node.
This can have a huge impact on IPsec performance, where non-contiguous
masks are used for the flow lookup. In a setup with 1300 flows we
saw 400 duplicate masks and only a third of the expected throughput.
Obtained from: OpenBSD (revision 1.28 src/sys/net/radix.c)
|
net80211/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netatalk/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netatm/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netgraph/
|
2224
(15 years ago)
by laffer1:
This commit was generated by cvs2svn to compensate for changes in r2223,
which included commits to RCS files with non-trunk default branches.
|
netinet/
|
3965
(12 years ago)
by laffer1:
IPFW has two flaws in its handling of IPv6 packets that arrive in
fragments. First, it will deny an IPv6 packet that arrives with
a fragmentation header which has an offset of zero, but no
further fragments. This type of packet is explicitly allowed in
RFC 2460:
In response to an IPv6 packet that is sent to an IPv4 destination
(i.e., a packet that undergoes translation from IPv6 to IPv4),
the originating IPv6 node may receive an ICMP Packet Too Big
message reporting a Next-Hop MTU less than 1280. In that
case, the IPv6 node is not required to reduce the size of
subsequent packets to less than 1280, but must include a
Fragment header in those packets so that the IPv6-to-IPv4
translating router can obtain a suitable Identification value
to use in resulting IPv4 fragments. Note that this means the
payload may have to be reduced to 1232 octets (1280 minus 40
for the IPv6 header and 8 for the Fragment header), and
smaller still if additional extension headers are used.
The second flaw is that the code allows IPv6 packets that arrive in
fragments to avoid transport-layer rules. For example, consider this
ruleset:
00001 deny tcp from 2607:f0b0:0:6:209:87:239:67 80 to 2404:138:4002:4000:205:1cff:fe11:beff dst-port 37822
65534 allow ip from any to any
65535 deny ip from any to any
Rule 1 will not be applied to the fragment with offset zero
because the MF bit is intentionally included in the offset
variable used in ipfw_chk, so the check to see if the transport
header is found in fragment zero will fail. Instead, the rule
will be skipped over, and the next rule which in this example is
an allow will accept the fragment. Where an administrator might
have expected the traffic to be blocked it will instead be
allowed through the firewall.
Attached is a revised patch fixing a third flaw. ipfw will reject
very small IPv6 fragments when it tries to pullup the transport
header. This relaxes the code to be consistent with the IPv4 path
where it only tries to pull up the transport header on fragments with
offset zero.
Reported to FreeBSD by Matthew Luckie , pr 145733.
|
netinet6/
|
3020
(14 years ago)
by laffer1:
The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check.
Don't let everyone on the planet (with local access) change the properties on the ipv6 interfaces.
|
netipsec/
|
3923
(12 years ago)
by laffer1:
Release SP's refcount in key_get_spdbyid().
|
netipx/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netnatm/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netncp/
|
2334
(15 years ago)
by laffer1:
*** empty log message ***
|
netsmb/
|
2325
(15 years ago)
by laffer1:
$MidnightBSD$
|
nfs/
|
1907
(15 years ago)
by laffer1:
*** empty log message ***
|
nfs4client/
|
2320
(15 years ago)
by laffer1:
$MidnightBSD$
|
nfsclient/
|
3406
(13 years ago)
by laffer1:
The nfsclient didn't validate the length of the path passed to it. This could cause code execution particularly when users are allowed to mount file systems.
|
nfsserver/
|
3747
(13 years ago)
by laffer1:
Properly close a socket for a tcp nfs client if the nfs server notices that the client has disconnected while attempting to fetch a request.
Obtained from: FreeBSD revision 218456
|
opencrypto/
|
2332
(15 years ago)
by laffer1:
$MidnightBSD$
|
pccard/
|
2332
(15 years ago)
by laffer1:
$MidnightBSD$
|
pci/
|
3595
(13 years ago)
by laffer1:
Add support for the 8103E a hardware revision of the 8169.
Follow the lead of vendor's interrupt moderation mechanism.
It seems RTL8169/RTL8168/RTL810xE has a kind of interrupt
moderation mechanism but it is not documented at all. The magic
value dramatically reduced number of interrupts without noticeable
performance drops so apply it to all RTL8169/RTL8169 controllers.
Obtained from FreeBSD & Realtek FreeBSD driver.
|
rpc/
|
2332
(15 years ago)
by laffer1:
$MidnightBSD$
|
security/
|
2332
(15 years ago)
by laffer1:
$MidnightBSD$
|
sparc64/
|
3749
(13 years ago)
by laffer1:
Enable ufs gjournal
|
sys/
|
3953
(12 years ago)
by laffer1:
Document and bump midnightbsd version for bind 9 fix
|
tools/
|
1822
(15 years ago)
by laffer1:
Bring in new tools
|
ufs/
|
3565
(13 years ago)
by laffer1:
Several portions of the kernel and userland code related to UFS file
systems (and UFS2) cannot properly handle inode counts above 2^31 due
to use of int types. Based on a patch from FreeBSD, I've modified
our UFS2 implementation to handle unsigned values for inode counts
which should allow for file systems greater than 16TB.
newfs and growfs was also modified.
|
vm/
|
3612
(13 years ago)
by laffer1:
Explicitly set PQ_NONE instead of relying on it being zero.
|
Makefile
|
1907
(15 years ago)
by laffer1:
*** empty log message ***
|