| 783dd17 | Jung-uk Kim | 04 January 2018, 01:21:24 UTC | MFS: r295060, r296462, r296597-296598, r299053, r306229, r306335, r308200 Sync. OpenSSL with stable/9. r295060 (delphij): Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability. [SA-16:11] r296462, r296597-296598 (delphij): Fix multiple OpenSSL vulnerabilities. [SA-16:12] r299053 (delphij): Fix several OpenSSL vulnerabilities. [SA-16:17] r306229, r306335 (delphij): Fix multiple OpenSSL vulnerabilities. [SA-16:26] r308200 (delphij): Fix OpenSSL remote DoS vulnerability. [SA-16:35] Requested by: danfe | 04 January 2018, 01:21:24 UTC |
| 0f02348 | Jung-uk Kim | 04 January 2018, 00:58:30 UTC | Merge OpenSSL 0.9.8zh. Requested by: danfe | 04 January 2018, 00:58:30 UTC |
| 7b258dd | Alexey Dokuchaev | 12 December 2017, 12:59:04 UTC | MFC r301291: libiberty: prevent integer overflow. Take care of very old bug leading to heap-buffer overflow by processing certain file headers via bfd binary. PR: 200888 Obtained from: OpenBSD Approved by: pfg | 12 December 2017, 12:59:04 UTC |
| 5afa215 | Hans Petter Selasky | 08 December 2017, 15:37:36 UTC | MFC r326362: Disallow TUN and TAP character device IOCTLs to modify the network device type to any value. This can cause page faults and panics due to accessing uninitialized fields in the "struct ifnet" which are specific to the network device type. Found by: jau@iki.fi PR: 223767 Sponsored by: Mellanox Technologies | 08 December 2017, 15:37:36 UTC |
| fdba0ab | Hans Petter Selasky | 28 May 2017, 10:46:34 UTC | MFC r318860: Declare the "snd_fxdiv_table" once. This shaves around 24Kbytes of binary data from sound.ko and the kernel. | 28 May 2017, 10:46:34 UTC |
| d748404 | Hans Petter Selasky | 27 May 2017, 08:30:32 UTC | MFC r318820: Increase the allowed maximum number of audio channels from 31 to 127 in the PCM feeder mixer. Without this change a value of 32 channels is treated like zero, due to using a mask of 0x1f, causing a kernel assert when trying to playback bitperfect 32-channel audio. Also update the AWK script which is generating the division tables to handle more than 18 channels. This commit complements r282650. | 27 May 2017, 08:30:32 UTC |
| 924547b | Hans Petter Selasky | 16 May 2017, 07:24:09 UTC | MFC r317584: Correct manual page link to usbdi(9). | 16 May 2017, 07:24:09 UTC |
| 0b33370 | Ian Lepore | 06 May 2017, 16:06:33 UTC | MFC r230208, r230252, r234346: Add nfs export support to tmpfs(5) Return EOPNOTSUPP since we only support update mounts for NFS export. tmpfs: Allow update mounts only for certain options. Since r230208 update mounts were allowed if the list of mount options contained the "export" option. This is not correct as tmpfs doesn't really support updating all options. | 06 May 2017, 16:06:33 UTC |
| e1d0c68 | David C Somayajulu | 24 March 2017, 03:30:54 UTC | MFC r314365 1. state checks in bxe_tx_mq_start_locked() and bxe_tx_mq_start() to sync threads during interface down or detach. 2. add sysctl to set pause frame parameters 3. increase max segs for TSO packets to BXE_TSO_MAX_SEGMENTS (32) 4. add debug messages for PHY 5. HW LRO support restricted to FreeBSD versions 8.x and above. Submitted by: Vaishali.Kulkarni@cavium.com | 24 March 2017, 03:30:54 UTC |
| 9653bdc | Hans Petter Selasky | 14 March 2017, 15:58:01 UTC | MFC r314328: Fix startup race initialising ACPI CM battery structures on MacBookPro. During acpi_cmbat_attach() the acpi_cmbat_init_battery() notification handler is registered. It has been observed this notification handler can be called instantly, before the attach routine has returned. In the notification handler there is a call to device_is_attached() which returns false. Because the softc is set we know an attach is in progress and the fix is simply to wait and try again in this case. Reviewed by: avg @ | 14 March 2017, 15:58:01 UTC |
| 4d3773e | Hans Petter Selasky | 14 March 2017, 15:53:24 UTC | MFC r313941: Make sure the thread constructor and destructor eventhandlers are called for all threads belonging to a procedure. Currently the first thread in a procedure is kept around as an optimisation step and is never freed. Because the first thread in a procedure is never freed nor allocated, its destructor and constructor callbacks are never called which means per thread structures allocated by dtrace and the Linux emulation layers for example, might be present for threads which don't need these structures. This patch adds a thread construction and destruction call for the first thread in a procedure. Tested: dtrace, linux emulation Reviewed by: kib @ Sponsored by: Mellanox Technologies | 14 March 2017, 15:53:24 UTC |
| e07f31a | Martin Matuska | 05 March 2017, 21:44:29 UTC | MFC r314572: Fix null pointer dereference in zfs_freebsd_setacl(). Prevents unprivileged users from panicking the kernel by calling __acl_delete_*() on files or directories inside a ZFS mount. | 05 March 2017, 21:44:29 UTC |
| d451b94 | Hans Petter Selasky | 19 December 2016, 10:00:56 UTC | MFC r309400: Fix for endless recursion in the ACPI GPE handler during boot. When handling a GPE ACPI interrupt object the EcSpaceHandler() function can be called which checks the EC_EVENT_SCI bit and then recurse on the EcGpeQueryHandler() function. If there are multiple GPE events pending the EC_EVENT_SCI bit will be set at the next call to EcSpaceHandler() causing it to recurse again via the EcGpeQueryHandler() function. This leads to a slow never ending recursion during boot which prevents proper system startup, because the EC_EVENT_SCI bit never gets cleared in this scenario. The behaviour is reproducible with the ALASKA AMI in combination with a newer Skylake based mainboard in the following way: Enter BIOS and adjust the clock one hour forward. Save and exit the BIOS. System fails to boot due to the above mentioned bug in EcGpeQueryHandler() which was observed recursing multiple times. This patch adds a simple recursion guard to the EcGpeQueryHandler() function and also also adds logic to detect if new GPE events occurred during the execution of EcGpeQueryHandler() and then loop on this function instead of recursing. Reviewed by: jhb | 19 December 2016, 10:00:56 UTC |
| 7e3e5fd | Hans Petter Selasky | 12 November 2016, 17:36:28 UTC | MFC r308437 and r308461: Range check the jitter values to avoid bogus sample rate adjustments. The expected deviation should not be more than 1Hz per second. The USB v2.0 specification also mandates this requirement. Refer to chapter 5.12.4.2 about feedback. Allow higher sample rates to have more jitter than lower ones. PR: 208791 | 12 November 2016, 17:36:28 UTC |
| 6915932 | Hans Petter Selasky | 07 November 2016, 09:27:05 UTC | MFC r307518: Fix device delete child function. When detaching device trees parent devices must be detached prior to detaching its children. This is because parent devices can have pointers to the child devices in their softcs which are not invalidated by device_delete_child(). This can cause use after free issues and panic(). Device drivers implementing trees, must ensure its detach function detaches or deletes all its children before returning. While at it remove now redundant device_detach() calls before device_delete_child() and device_delete_children(), mostly in the USB controller drivers. Tested by: Jan Henrik Sylvester <me@janh.de> Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D8070 | 07 November 2016, 09:27:05 UTC |
| 21ab69c | Hans Petter Selasky | 07 November 2016, 08:18:51 UTC | MFC r308144 and r308165: Fixes for virtual T-axis buttons. Make sure the virtual T-axis buttons gets cleared for USB mice which has less than 6 buttons. Make sure the virtual T-axis buttons generate button release event(s) for continuous tilting. PR: 213919 PR: 213957 | 07 November 2016, 08:18:51 UTC |
| 905275e | Hans Petter Selasky | 10 October 2016, 11:49:43 UTC | MFC r306478: Add new USB ID. While at it remove some whitespaces. Submitted by: Jose Luis Duran <jlduran@gmail.com> PR: 213110 | 10 October 2016, 11:49:43 UTC |
| e858813 | Hans Petter Selasky | 15 September 2016, 08:38:53 UTC | MFC r305590: Correctly map the USB mouse tilt delta values into buttons 5 and 6 instead of 3 and 4 which is used for the scroll wheel, according to X.org. PR: 170358 | 15 September 2016, 08:38:53 UTC |
| 7e76b06 | Hans Petter Selasky | 12 September 2016, 10:23:24 UTC | MFC r305421: Resolve deadlock between device_detach() and usbd_do_request_flags() by reviving the SX control request lock and refining which lock protects the common scratch area in "struct usb_device". The SX control request lock was removed by r246759 because it caused a lock order reversal with the USB enumeration lock inside usbd_transfer_setup() as a function of r246616. It was thought that reducing the number of locks would resolve the LOR, but because some USB device drivers use usbd_do_request_flags() inside callback functions, like in taskqueues, a deadlock may occur when these are drained from device_detach(). By restoring the SX control request lock usbd_do_request_flags() is allowed to complete its execution when a USB device driver is detaching. By using the SX control request lock to protect the scratch area, the LOR introduced by r246616 is also resolved. Bump the FreeBSD version while at it to force recompilation of all USB kernel modules. Found by: avos@ | 12 September 2016, 10:23:24 UTC |
| 2d64521 | Hans Petter Selasky | 09 September 2016, 06:51:49 UTC | MFC r303765 and r304571: Keep a reference count on USB keyboard polling to allow recursive cngrab() during a panic for example, similar to what the AT-keyboard driver is doing. Make the UKBD USB transfers double buffered and set them up one by one, so they are memory independent which allows for handling panics triggered by the keyboard driver itself, typically via CTRL+ALT+ESC sequences. Or if the USB keyboard driver was processing a key at the moment of panic. Allow UKBD to be attached while keyboard polling is active. | 09 September 2016, 06:51:49 UTC |
| 61aad88 | Hans Petter Selasky | 09 September 2016, 06:33:56 UTC | MFC r305284: Fix array size issue when using the pre-scaling feature for ISOCHRONOUS USB transfers. Make sure enough length and buffer pointers are allocated when setting up the libusb transfer structure to support the maximum number of frames the kernel can handle. | 09 September 2016, 06:33:56 UTC |
| 0b559ce | Hans Petter Selasky | 29 August 2016, 08:55:59 UTC | MFC r304629: Don't separate the status stage of the XHCI USB control transfers into its own job because this breaks the simplified QEMU XHCI TRB parser, which expects the complete USB control transfer as a series of back to back TRBs. The old behaviour is kept under #ifdef in case this change breaks enumeration of any USB devices. PR: 212021 | 29 August 2016, 08:55:59 UTC |
| a4b4a47 | Hans Petter Selasky | 29 August 2016, 08:46:15 UTC | MFC r304597: Fix for invalid use of bits in input context. Basically split configuring of EP0 and non-EP0 into xhci_cmd_evaluate_ctx() and xhci_cmd_configure_ep() respectivly. This resolves some errors when using XHCI under QEMU and gets is more in line with the XHCI specification. PR: 212021 | 29 August 2016, 08:46:15 UTC |
| cbe7828 | John Baldwin | 20 August 2016, 00:22:39 UTC | MFC 298950: Fix an off by one error when remapping MSI-X vectors. pci_remap_msix() can be used to alter the mapping of allocated MSI-X vectors to the MSI-X table. The code had an off by one error when adding the IRQ resources after performing a remap. This was fatal for any vectors in the table that used the "last" valid IRQ as those vectors were assigned a garbage IRQ value. | 20 August 2016, 00:22:39 UTC |
| 3bd4237 | Hans Petter Selasky | 12 August 2016, 08:08:29 UTC | MFC r302371: Fix regression issue with XHCI on 32-bit ARMv7 Armada-38x. Make sure "struct xhci_dev_ctx_addr" fits into a single 4K page until further. | 12 August 2016, 08:08:29 UTC |
| 8c8f876 | Hans Petter Selasky | 12 August 2016, 08:03:31 UTC | MFC r301039: Add support for simplex USB MIDI devices, which only provide BULK or INTERRUPT endpoints for moving data in one direction, like the KeyRig 49 from M-Audio. Requested by: Ivan Klymenko <fidaj@ukr.net> | 12 August 2016, 08:03:31 UTC |
| caf780b | Hans Petter Selasky | 29 June 2016, 10:47:44 UTC | MFC r301842: Implement code to stop all USB endpoints before executing a USB device reset command, alternate setting command or set configuration command. Else LibUSB v1.0 will not re-open the endpoints which the kernel closes and the USB application might wait infinitely for transfers to complete. | 29 June 2016, 10:47:44 UTC |
| 11f059e | Hans Petter Selasky | 29 June 2016, 10:25:32 UTC | MFC r302076: Update the definition for number of scratch pages to match the latest version of the XHCI specification. Make sure the code can handle the maximum number of allowed scratch pages. Submitted by: Shichun_Ma@Dell.com | 29 June 2016, 10:25:32 UTC |
| 4194277 | Hans Petter Selasky | 03 June 2016, 08:58:26 UTC | MFC r300667: Check for signals when locking the USB enumeration thread from userspace, so that USB applications can be killed if an enumeration thread should be stuck for various reasons. | 03 June 2016, 08:58:26 UTC |
| a10264e | Hans Petter Selasky | 03 June 2016, 08:53:14 UTC | MFC r299060: Extend the UQ_NO_STRINGS quirk to also cover the USB language string descriptor. This fixes enumeration of some older Samsung Galaxy S3 phones. | 03 June 2016, 08:53:14 UTC |
| 9d957e1 | John Baldwin | 24 May 2016, 23:04:16 UTC | MFC 299310: Don't store generated firmware object files in the source directory. Trim the leading directory of a firmware source file from the resulting target object file name so the object file is stored in the object directory. Previously, using 'FIRMWS= /path/to/fw.bin:fw.bin' would store the generated 'fw.bin.fwo' file in the /path/to directory. Now it stores it in the object directory of the kernel module being built. | 24 May 2016, 23:04:16 UTC |
| b72a75d | David C Somayajulu | 10 May 2016, 03:11:37 UTC | MFC r298591 1. Removed -Wno-shift-negative-value from Makefile 2. Fixed warning its absence caused in bxe_elink.c | 10 May 2016, 03:11:37 UTC |
| 025b5c6 | David C Somayajulu | 10 May 2016, 03:04:14 UTC | MFC r298496 Remove Unused/Dead Code | 10 May 2016, 03:04:14 UTC |
| 3f63552 | David C Somayajulu | 10 May 2016, 02:58:52 UTC | MFC r298294 1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated and freed on as needed basis. 2. grcdump can be taken at failure points by invoking bxe_grc_dump() when trigger_grcdump sysctl flag is set. When grcdump is taken grcdump_done sysctl flag is set. 3. grcdump_done can be monitored by the user to retrieve the grcdump Submitted by:vaishali.kulkarni@qlogic.com | 10 May 2016, 02:58:52 UTC |
| b00481a | Alexey Dokuchaev | 29 April 2016, 13:58:01 UTC | MFC r270256, r298640: ed(1): switch two statements so we check the index before dereferencing. Approved by: pfg | 29 April 2016, 13:58:01 UTC |
| 4079d32 | David C Somayajulu | 19 April 2016, 19:14:04 UTC | MFC r297884 Add support for Flash Update Submitted by:nrapendra.singh@qlogic.com;vaishali.kulkarni@qlogic.com;davidcs@freebsd.org | 19 April 2016, 19:14:04 UTC |
| 2a24165 | David C Somayajulu | 19 April 2016, 19:08:44 UTC | MFC r297873 1. Process tx completions in bxe_periodic_callout_func() and restart transmissions if possible. 2. For SIOCSIFFLAGS call bxe_init_locked() only if !BXE_STATE_DISABLED 3. remove code not needed in bxe_init_internal_common() Submitted by:vaishali.kulkarni@qlogic.com;venkata.bhavaraju@qlogic.com | 19 April 2016, 19:08:44 UTC |
| e33f50f | Hans Petter Selasky | 07 April 2016, 07:19:30 UTC | MFC r296342: Allow for overlapping quirk device ranges. Prior to this patch only the first device entry matching the USB vendor, product and revision would be searched for quirks. After this patch all device entries will be searched for quirks. | 07 April 2016, 07:19:30 UTC |
| 6e89598 | David C Somayajulu | 06 April 2016, 21:45:31 UTC | MFC r297155 Modifications to achieve a common source base from FreeBSD7.x thru 10.x | 06 April 2016, 21:45:31 UTC |
| 7506ba6 | Ian Lepore | 15 March 2016, 04:03:15 UTC | When building on a newer host, boostrap using lex from the stable-8 source to match the yacc being used from that source. This avoids a build error caused by the newer lex emitting a yylex() decl that's already in the source. This is a direct commit to stable-8; there is no corresponding change in later branches to MFC from. For the record, the new lex came in at version 1000032, but slipping it into the 1000013 block makes more sense than creating a whole new .if block for it. | 15 March 2016, 04:03:15 UTC |
| 95adffe | Ian Lepore | 15 March 2016, 03:20:24 UTC | MFC r206424: (by rdivacky in 2010) Rename the ALIGN macro to LINT_ALIGN so it does not clash with machine/param.h Bump the alignment to 16bytes because lint1 memory allocator is used for objects that require 16bytes alignment on amd64 (ie. val_t). This makes lint1 work when compiled with compiler(s) that use SSE for memcpy on amd64. (e.g. clang). This allows me to compile stable-8 on a 64-bit build host running 10-stable, without dying during the xlint build. It should work fine on 11-current too. | 15 March 2016, 03:20:24 UTC |
| fda0d52 | David C Somayajulu | 14 March 2016, 23:43:09 UTC | MFC r296579 Fix code so that buf_ring allocation for Tx Queues and their mutexes is done during during bxe_attach() and freed during bxe_detach() | 14 March 2016, 23:43:09 UTC |
| 3f4b17e | David C Somayajulu | 09 March 2016, 21:45:09 UTC | MFC r296071 Upgrade the firmware carried in driver and loaded during hardware initialization (a.k.a STORM firmware) to version 7.13.1 (latest version) | 09 March 2016, 21:45:09 UTC |
| fd12d1b | Hans Petter Selasky | 07 March 2016, 10:07:01 UTC | MFC r295928: Configure the correct bMaxPacketSize for control endpoints before requesting the initial complete device descriptor and not as part of the subsequent babble error recovery. Babble means that the received USB packet was bigger than than configured maximum packet size. This only affects enumeration of FULL speed USB devices which use a bMaxPacketSize different from 8 bytes. This patch might help fix enumeration of USB devices which exhibit USB I/O errors in dmesg during boot. | 07 March 2016, 10:07:01 UTC |
| 13c9239 | Ian Lepore | 01 March 2016, 17:33:27 UTC | MFC r255949: Create /var/cache with mode 0755. pkg(8) expects this directory to exist, this allows using pkg on 8-stable. | 01 March 2016, 17:33:27 UTC |
| 920e91c | David C Somayajulu | 25 February 2016, 18:20:54 UTC | MFC r295830 Remove dead code. Code Cleanup. Improve clarity in debug messages | 25 February 2016, 18:20:54 UTC |
| 278bb3a | David C Somayajulu | 25 February 2016, 18:17:06 UTC | MFC r295823 Modified the use of bxe_grc_dump() function so that it can be invoked directly at any potential error path, where a fwdump is needed. The fwdump (a.k.a grcdump) is stored in a driver buffer. The sysctl grcdump_done indicates if a fwdump was taken and waiting to be retrieved. The sysctl trigger_grcdump can be used to manually trigger a fwdump. | 25 February 2016, 18:17:06 UTC |
| 70e8d74 | John Baldwin | 17 February 2016, 01:45:34 UTC | MFC 295418,295419: Fix hangs or panics when misbehaved kernel threads return from their main function. 295418: Mark proc0 as a kernel process via the P_KTHREAD flag. All other kernel processes have this flag set and all threads in proc0 (including thread0) have the similar TDP_KTHREAD flag set. 295419: Call kthread_exit() rather than kproc_exit() for a premature kthread exit. Kernel threads (and processes) are supposed to call kthread_exit() (or kproc_exit()) to terminate. However, the kernel includes a fallback in fork_exit() to force a kthread exit if a kernel thread's "main" routine returns. This fallback was added back when the kernel only had processes and was not updated to call kthread_exit() instead of kproc_exit() when threads were added to the kernel. This mistake was particularly exciting when the errant thread belonged to proc0. Due to the missing P_KTHREAD flag the fallback did not kick in and instead tried to return to userland via whatever garbage was in the trapframe. With P_KTHREAD set it tried to terminate proc0 resulting in other amusements. PR: 204999 | 17 February 2016, 01:45:34 UTC |
| 35c396d | Brooks Davis | 22 January 2016, 00:13:18 UTC | MFC r293856: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> Requested by: danfe | 22 January 2016, 00:13:18 UTC |
| a31b305 | Brooks Davis | 22 January 2016, 00:08:16 UTC | MFC r293855: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206177 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> Requested by: danfe | 22 January 2016, 00:08:16 UTC |
| cc975dc | Dimitry Andric | 19 January 2016, 18:35:22 UTC | MFC r294102: MFV r294101: 6527 Possible access beyond end of string in zpool comment Reviewed by: George Wilson <george.wilson@delphix.com> Reviewed by: Matthew Ahrens <mahrens@delphix.com> Reviewed by: Dan McDonald <danmcd@omniti.com> Approved by: Gordon Ross <gwr@nexenta.com> illumos/illumos-gate@2bd7a8d078223b122d65fea49bb8641f858b1409 This fixes erroneous double increments of the 'check' variable in a loop in spa_prop_validate(). I ran into this in the clang380-import branch, where clang 3.8.0 warns about it. (It is already fixed there.) | 19 January 2016, 18:35:22 UTC |
| 0e65a68 | David C Somayajulu | 13 January 2016, 00:34:16 UTC | MFC r292639 Add support for firmware dump (a.k.a grcdump) | 13 January 2016, 00:34:16 UTC |
| 78d9c2a | David C Somayajulu | 13 January 2016, 00:29:59 UTC | MFC r292638 Check for packet_length is greater than 60 bytes as well as packet_length is greater than len_on_bd, before invoking the routine to handle jumbo over SGL (bxe_service_rxsgl()). Add counters for number of jumbo_over_SGL packets (rx_bxe_service_rxsgl) and erroneous jumbo_over_SGL packets (rx_erroneous_jumbo_sge_pkts) Fix formatting in bxe_sysctl_state() | 13 January 2016, 00:29:59 UTC |
| 95607a6 | David C Somayajulu | 13 January 2016, 00:26:45 UTC | MFC r289199 Add support for reading device temperature | 13 January 2016, 00:26:45 UTC |
| a0431bf | Hans Petter Selasky | 04 January 2016, 07:30:49 UTC | MFC r291199: Fix compile warning about shifting signed negative constant. | 04 January 2016, 07:30:49 UTC |
| 5dfbc6a | Christian Brueffer | 14 December 2015, 13:38:05 UTC | MFH: r207615 by csjp Add a case to make sure that internal audit records get converted to BSM format for lpathconf(2) events. PR: 157946 | 14 December 2015, 13:38:05 UTC |
| f18a6fe | Hans Petter Selasky | 24 November 2015, 12:32:15 UTC | MFC r291146: Add support for Kana and Eisu keys to the USB keyboard driver. PR: 204709 | 24 November 2015, 12:32:15 UTC |
| 7d89387 | Hans Petter Selasky | 24 November 2015, 12:23:15 UTC | MFC r290326: Relax the BUS_DMA_KEEP_PG_OFFSET requirement to allow optimising allocation of DMA bounce buffers. Discussed with: ian @ | 24 November 2015, 12:23:15 UTC |
| ac9e7c3 | Hans Petter Selasky | 23 November 2015, 13:44:25 UTC | MFC r284722 and r284724: Fix endless recursion in ti(4)'s ti_ifmedia_upd(), found by clang 3.7.0. | 23 November 2015, 13:44:25 UTC |
| 43f048f | Edwin Groothuis | 12 November 2015, 03:29:36 UTC | MFC of 290697,tzdata8: Update to tzdata2015g: Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. Fiji's 2016 fall-back transition is scheduled for January 17, not 24. Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. New zone America/Fort_Nelson. | 12 November 2015, 03:29:36 UTC |
| e8028fd | Hans Petter Selasky | 09 November 2015, 11:29:54 UTC | MFC r290441: Fix for unaligned IP-header. The mbuf length fields must be set before m_adj() is called else m_adj() will not always adjust the mbuf and an unaligned read exception can trigger inside the network stack. This can happen on platforms where unaligned reads are not supported. Adjust a length check to include the 2-byte ethernet alignment while at it. | 09 November 2015, 11:29:54 UTC |
| 3c075d3 | Tai-hwa Liang | 24 October 2015, 19:05:19 UTC | MFC r287698: Fixing a memory leak on module unloading. | 24 October 2015, 19:05:19 UTC |
| 3725f92 | Tai-hwa Liang | 07 October 2015, 09:39:45 UTC | MFC r238980: Just like the other file systems found in /sys/fs, g_vfs_open() should be paried with g_vfs_close(). Though g_vfs_close() is a wrapper around g_wither_geom_close(), r206130 added the following test in g_vfs_open(): if (bo->bo_private != vp) return (EBUSY); Which will cause a 'Device busy' error inside reiserfs_mountfs() if the same file system is re-mounted again after umount or mounting failure: (case 1, /dev/ad4s3 is not a valid REISERFS partition) # mount -t reiserfs -o ro /dev/ad4s3 /mnt mount: /dev/ad4s3: Invalid argument # mount -t msdosfs -o ro /dev/ad4s3 /mnt mount: /dev/ad4s3: Device busy (case 2, /dev/ad4s3 is a valid REISERFS partition) # mount -t reiserfs -o ro /dev/ad4s3 /mnt # umount /mnt # mount -t reiserfs -o ro /dev/ad4s3 /mnt mount: /dev/ad4s3: Device busy On the other hand, g_vfs_close() 'fixed' the above cases by doing an extra step to keep 'sc->sc_bo->bo_private' and 'cp->private' pointers synchronised. Reviewed by: kib | 07 October 2015, 09:39:45 UTC |
| c720236 | Steven Hartland | 24 September 2015, 10:31:39 UTC | MFC r287886: Fix kqueue write events for files > 2GB Relnotes: YES Sponsored by: Multiplay | 24 September 2015, 10:31:39 UTC |
| 014297b | Tai-hwa Liang | 14 September 2015, 15:47:25 UTC | MFC r286888: Using consistent coding style to deal with error inside the loop. | 14 September 2015, 15:47:25 UTC |
| bace659 | Tai-hwa Liang | 14 September 2015, 15:44:03 UTC | MFC r286887: Using the error return code documented in the comment. Though there is no direct midi_uninit() caller amongst existing drivers at this moment, a quick experiment indicates that EBUSY gives users more precise error message once drivers start to honour this result. For example, emu_midi_detach() should check the result of mpu401_uninit() and block module unloading if there is any MIDI I/O in progress. | 14 September 2015, 15:44:03 UTC |
| 04dfda0 | Tai-hwa Liang | 09 September 2015, 04:16:55 UTC | MFC r286886: Fixing typo as well as improving readability of a few comments. | 09 September 2015, 04:16:55 UTC |
| 77ba10b | Hans Petter Selasky | 29 August 2015, 06:28:48 UTC | MFC r286799: Fix race in USB PF which can happen if we stop tracing exactly when the kernel is tapping an USB transfer. This leads to a NULL pointer access. The solution is to only trace while the USB bus lock is locked. | 29 August 2015, 06:28:48 UTC |
| c0f2ba0 | Edwin Groothuis | 14 August 2015, 00:00:50 UTC | MFC of 286750,tzdata8: Update to tzdata2015f: Changes affecting future time stamps North Korea switches to +0830 on 2015-08-15. (Thanks to Steffen Thorsen.) The abbreviation remains "KST". (Thanks to Robert Elz.) Uruguay no longer observes DST. (Thanks to Steffen Thorsen and Pablo Camargo.) Changes affecting past and future time stamps Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. (Thanks to Roman Tudos.) | 14 August 2015, 00:00:50 UTC |
| 816919a | Dimitry Andric | 12 August 2015, 19:18:54 UTC | MFC r286519: In GNU as, avoid left-shifting negative integers, which is undefined. | 12 August 2015, 19:18:54 UTC |
| a8606fc | Dimitry Andric | 12 August 2015, 19:06:35 UTC | MFC r286515: In libm's exp2(3), avoid left-shifting a negative integer, which is undefined. Replace it with the intended value, in a defined way. Reviewed by: bde | 12 August 2015, 19:06:35 UTC |
| 1c00354 | Gregory Shapiro | 08 August 2015, 16:35:42 UTC | MFC: Reminder to check tools/build/mk/OptionalObsoleteFiles.inc on new version imports. | 08 August 2015, 16:35:42 UTC |
| 1b3d049 | David C Somayajulu | 05 August 2015, 02:08:42 UTC | MFC r285973 - Avoid lock contention in the if_transmit callback by using trylock and enqueueing the frames when it fails. This way there is some latency removed from the transmitting path. - If IFF_DRV_OACTIVE is set (and also if IFF_DRV_RUNNING is not) just enqueue the desired frames and return successful transmit. This way we avoid to return errors on transmit side and resulting in possible out-of-order frames. Please note that IFF_DRV_OACTIVE is set everytime we get the threshold ring hit, so this can be happening quite often. Submitted by: Attilio.Rao@isilon.com | 05 August 2015, 02:08:42 UTC |
| a5f1b2b | Xin Li | 30 July 2015, 10:09:07 UTC | Fix a regression introduced with previous OpenSSH by explicitly initializing devices_done. Submitted by: jkim | 30 July 2015, 10:09:07 UTC |
| 8f0ca93 | Glen Barber | 28 July 2015, 20:38:52 UTC | Document SA-15:14 through SA-15:17. Sponsored by: The FreeBSD Foundation | 28 July 2015, 20:38:52 UTC |
| 1f47165 | Xin Li | 28 July 2015, 19:58:54 UTC | Fix resource exhaustion in TCP reassembly. [SA-15:15] Fix OpenSSH multiple vulnerabilities. [SA-15:16] Fix BIND remote denial of service vulnerability. [SA-15:17] | 28 July 2015, 19:58:54 UTC |
| a9d0ca9 | Dimitry Andric | 28 July 2015, 09:19:04 UTC | MFC r285340: Fix swapped copyin(9) arguments in cxgb's iwch_arm_cq() function. Detected by clang 3.7.0 with the warning: sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c:309:18: error: variable 'rptr' is uninitialized when used here [-Werror,-Wuninitialized] chp->cq.rptr = rptr; ^~~~ | 28 July 2015, 09:19:04 UTC |
| a010837 | Glen Barber | 22 July 2015, 16:38:07 UTC | Document FreeBSD-SA-15:13. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation | 22 July 2015, 16:38:07 UTC |
| 6ea9081 | Xin Li | 21 July 2015, 23:42:20 UTC | Fix resource exhaustion due to sessions stuck in LAST_ACK state. Security: CVE-2015-5358 Security: SA-15:13.tcp Submitted by: Jonathan Looney (Juniper SIRT) Reviewed by: lstewart | 21 July 2015, 23:42:20 UTC |
| 97f70b7 | Gregory Shapiro | 11 July 2015, 04:55:01 UTC | Note merge of sendmail 8.15.2 | 11 July 2015, 04:55:01 UTC |
| 1f30672 | Gregory Shapiro | 11 July 2015, 03:57:36 UTC | Previous MFC to trigger new .cf builds didn't catch freebsd.mc. | 11 July 2015, 03:57:36 UTC |
| 05dc626 | Gregory Shapiro | 11 July 2015, 03:53:03 UTC | MFC: Update for sendmail 8.15.2 import | 11 July 2015, 03:53:03 UTC |
| 175834f | Gregory Shapiro | 11 July 2015, 03:50:17 UTC | MFC: Minor changes to force commit these files so new freebsd*.cf files are built to use the new sendmail-8.15.2/cf tree. | 11 July 2015, 03:50:17 UTC |
| 6de0630 | Gregory Shapiro | 11 July 2015, 03:46:36 UTC | MFC: Merge sendmail 8.15.2 | 11 July 2015, 03:46:36 UTC |
| 73cbccb | Gregory Shapiro | 11 July 2015, 03:34:57 UTC | MFC: Temporarily disable WARNS while addressing a non-issue with the upstream code | 11 July 2015, 03:34:57 UTC |
| 4ebe0d5 | Gregory Shapiro | 11 July 2015, 03:32:22 UTC | By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep current FreeBSD 10 and earlier behavior of using compressed IPv6 addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and later will use the new default of uncompressed IPv6 addresses.) | 11 July 2015, 03:32:22 UTC |
| 06fb39b | Gregory Shapiro | 11 July 2015, 03:29:04 UTC | MFC: libsm/path.c is about to disappear in the merge of sendmail 8.15.2. It is an empty file now so it is safe to remove before the merge. | 11 July 2015, 03:29:04 UTC |
| 8370b52 | Glen Barber | 07 July 2015, 23:37:16 UTC | Document SA-15:11.bind. Sponsored by: The FreeBSD Foundation | 07 July 2015, 23:37:16 UTC |
| b2a2fb6 | Xin Li | 07 July 2015, 21:43:23 UTC | Fix BIND resolver remote denial of service when validating. Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind | 07 July 2015, 21:43:23 UTC |
| 6be8974 | Marius Strobl | 05 July 2015, 20:16:51 UTC | MFC: r281337 Don't enable RX and TX before their initial configuration is done, i. e. after setting up interrupt moderation but before turning interrupts on. This matches what Realtek's r8168 Linux driver does as of version 8.039.00 and fixes problems with certain incarnations of certain MAC revisions like the interface requiring an extra up/down-cycle after boot to start working or DMA configuration not being adhered to. PR: 193743, 197535 | 05 July 2015, 20:16:51 UTC |
| 953f2f0 | Marius Strobl | 05 July 2015, 19:34:45 UTC | MFC: r281751 Refine the workaround for Intel HSD131 [1] added in r269052 (MFCed to stable/8 in r269595): - Use the full mask described by the erratum as with a sufficiently high number of these false-positives, the overflow bit (bit 62) additionally gets set [7]. - HSD131 has been brought into several other Haswell-derived CPUs including to the next generation, i. e. Intel Broadwell. Thus, also skip reporting of these benign errors by default on CPU models affected by HSM142, HSW131 and BDM48 [2 - 5], describing the HSD131 silicon bug for additional models. Also, Celeron 2955U with a CPU ID of 0x45 have been reported to be covered by this fault [6], with the specification update concerned with HSM142 [2] only referring to 0x3c and 0x46. Submitted by: David Froehlich [7] Approved by: re (kib) http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-desktop-specification-update.pdf [1] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-mobile-specification-update.pdf [2] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/5th-gen-core-family-spec-update.pdf [3] http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/core-m-processor-family-spec-update.pdf [4] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e3-1200v3-spec-update.pdf [5] https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046878.html [6] | 05 July 2015, 19:34:45 UTC |
| 7b5b92a | Glen Barber | 02 July 2015, 20:41:50 UTC | Document EN-15:08 (revised), EN-15:09, EN-15:10. Sponsored by: The FreeBSD Foundation | 02 July 2015, 20:41:50 UTC |
| 0fedfd7 | David C Somayajulu | 30 June 2015, 20:31:00 UTC | MFC r284739 tx_mtx should be grabbed before calling buf_ring_dequeue_sc() Submitted by: Attilio.Rao@isilon.com | 30 June 2015, 20:31:00 UTC |
| 988d84f | David C Somayajulu | 30 June 2015, 20:28:07 UTC | MFC r284470 In bxe_set_mc_list(): added missing BXE_MCAST_UNLOCK() In __ecore_vlan_mac_h_exec_pending(): need to check for ECORE_PENDING Submitted by: gary.zambrano@qlogic.com | 30 June 2015, 20:28:07 UTC |
| b06edf8 | David C Somayajulu | 30 June 2015, 20:24:23 UTC | MFC r284335 PHY LOCK acquires the hardware lock via bxe_acquire_phy_lock() and releases it via bxe_release_phy_lock(). It was simply acquiring a mutex earlier which can cause the PHY to use bogus values. Fixes intermittent link failures. bxe_ioctl() completes all functions within its context as opposed to a taskqueue earlier. bxe_handle_rx_mode_tq() no longer required. bxe_set_rx_mode() handles the functionality within its context Submitted by:gary.zambrano@qlogic.com | 30 June 2015, 20:24:23 UTC |
| 834b0e8 | Glen Barber | 25 June 2015, 20:01:27 UTC | Document FreeBSD-EN-15:06.file, FreeBSD-EN-15:07.zfs, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl. Sponsored by: The FreeBSD Foundation | 25 June 2015, 20:01:27 UTC |
| 5278035 | Gregory Shapiro | 25 June 2015, 01:57:47 UTC | Add a note on the second sendmail fix for WeakDH interoperability. | 25 June 2015, 01:57:47 UTC |
| a82f99b | Gregory Shapiro | 25 June 2015, 01:56:36 UTC | MFC: An additional fix for the openssl Weak DH remediation: The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. The first fix committed last week changed the default to 1024 bits. This commit fixes the case where the DHParameters option is set to a file which doesn't exist, which is the case on newer versions of FreeBSD which enable STARTTLS by default by auto-creating TLS certificates. | 25 June 2015, 01:56:36 UTC |
| f71f4d5 | Xin Li | 24 June 2015, 23:05:17 UTC | MFC r284237,r284277: file 5.23. | 24 June 2015, 23:05:17 UTC |
| 8ae73bb | Dimitry Andric | 20 June 2015, 13:30:09 UTC | MFC r284346: Fix the following clang 3.7.0 warnings in lib/libfetch/http.c: lib/libfetch/http.c:1628:26: error: address of array 'purl->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = purl->user ? ~~~~~~^~~~ ~ lib/libfetch/http.c:1630:30: error: address of array 'purl->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = purl->pwd? ~~~~~~^~~~ lib/libfetch/http.c:1657:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1659:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ lib/libfetch/http.c:1669:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1671:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ Since url->user and url->pwd are arrays, they can never be NULL, so the checks can be removed. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D2673 | 20 June 2015, 13:30:09 UTC |
