From owner-svn-src-releng@freebsd.org Tue Apr 21 15:50:58 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6824C2A9509; Tue, 21 Apr 2020 15:50:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4967MQ24xgz4Tbk; Tue, 21 Apr 2020 15:50:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 42CA73727; Tue, 21 Apr 2020 15:50:58 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LFowsc046155; Tue, 21 Apr 2020 15:50:58 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LFovIJ046153; Tue, 21 Apr 2020 15:50:57 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202004211550.03LFovIJ046153@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Apr 2020 15:50:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360148 - in releng: 11.3/usr.bin/quota 12.1/usr.bin/quota X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/usr.bin/quota 12.1/usr.bin/quota X-SVN-Commit-Revision: 360148 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 15:50:58 -0000 Author: gordon Date: Tue Apr 21 15:50:57 2020 New Revision: 360148 URL: https://svnweb.freebsd.org/changeset/base/360148 Log: Fix regression in rpc.rquotad with certain NFS servers. Approved by: so Security: FreeBSD-EN-20:07.quotad Modified: releng/11.3/usr.bin/quota/quota.c releng/12.1/usr.bin/quota/quota.c Modified: releng/11.3/usr.bin/quota/quota.c ============================================================================== --- releng/11.3/usr.bin/quota/quota.c Tue Apr 21 15:47:58 2020 (r360147) +++ releng/11.3/usr.bin/quota/quota.c Tue Apr 21 15:50:57 2020 (r360148) @@ -604,7 +604,7 @@ getnfsquota(struct statfs *fst, struct quotause *qup, call_stat = callaurpc(host, RQUOTAPROG, EXT_RQUOTAVERS, RQUOTAPROC_GETQUOTA, (xdrproc_t)xdr_ext_getquota_args, (char *)&gq_args, (xdrproc_t)xdr_getquota_rslt, (char *)&gq_rslt); - if (call_stat == RPC_PROGVERSMISMATCH) { + if (call_stat == RPC_PROGVERSMISMATCH || call_stat == RPC_PROGNOTREGISTERED) { if (quotatype == USRQUOTA) { old_gq_args.gqa_pathp = cp + 1; old_gq_args.gqa_uid = id; Modified: releng/12.1/usr.bin/quota/quota.c ============================================================================== --- releng/12.1/usr.bin/quota/quota.c Tue Apr 21 15:47:58 2020 (r360147) +++ releng/12.1/usr.bin/quota/quota.c Tue Apr 21 15:50:57 2020 (r360148) @@ -606,7 +606,7 @@ getnfsquota(struct statfs *fst, struct quotause *qup, call_stat = callaurpc(host, RQUOTAPROG, EXT_RQUOTAVERS, RQUOTAPROC_GETQUOTA, (xdrproc_t)xdr_ext_getquota_args, (char *)&gq_args, (xdrproc_t)xdr_getquota_rslt, (char *)&gq_rslt); - if (call_stat == RPC_PROGVERSMISMATCH) { + if (call_stat == RPC_PROGVERSMISMATCH || call_stat == RPC_PROGNOTREGISTERED) { if (quotatype == USRQUOTA) { old_gq_args.gqa_pathp = cp + 1; old_gq_args.gqa_uid = id; From owner-svn-src-releng@freebsd.org Tue Apr 21 15:52:23 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A69192A9B3D; Tue, 21 Apr 2020 15:52:23 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4967P32PK4z4V2b; Tue, 21 Apr 2020 15:52:23 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2CE8E38D6; Tue, 21 Apr 2020 15:52:23 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LFqNsn049319; Tue, 21 Apr 2020 15:52:23 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LFqMtY049317; Tue, 21 Apr 2020 15:52:22 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202004211552.03LFqMtY049317@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Apr 2020 15:52:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360149 - in releng: 11.3/sys/netpfil/ipfw 12.1/sys/netpfil/ipfw X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3/sys/netpfil/ipfw 12.1/sys/netpfil/ipfw X-SVN-Commit-Revision: 360149 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 15:52:23 -0000 Author: gordon Date: Tue Apr 21 15:52:22 2020 New Revision: 360149 URL: https://svnweb.freebsd.org/changeset/base/360149 Log: Fix ipfw invalid mbuf handling. Approved by: so Security: FreeBSD-SA-20:10.ipfw Security: CVE-2019-5614 Security: CVE-2019-15874 Modified: releng/11.3/sys/netpfil/ipfw/ip_fw2.c releng/12.1/sys/netpfil/ipfw/ip_fw2.c Modified: releng/11.3/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- releng/11.3/sys/netpfil/ipfw/ip_fw2.c Tue Apr 21 15:50:57 2020 (r360148) +++ releng/11.3/sys/netpfil/ipfw/ip_fw2.c Tue Apr 21 15:52:22 2020 (r360149) @@ -328,53 +328,74 @@ ipopts_match(struct ip *ip, ipfw_insn *cmd) return (flags_match(cmd, bits)); } +/* + * Parse TCP options. The logic copied from tcp_dooptions(). + */ static int -tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) +tcpopts_parse(const struct tcphdr *tcp, uint16_t *mss) { + const u_char *cp = (const u_char *)(tcp + 1); int optlen, bits = 0; - u_char *cp = (u_char *)(tcp + 1); - int x = (tcp->th_off << 2) - sizeof(struct tcphdr); + int cnt = (tcp->th_off << 2) - sizeof(struct tcphdr); - for (; x > 0; x -= optlen, cp += optlen) { + for (; cnt > 0; cnt -= optlen, cp += optlen) { int opt = cp[0]; if (opt == TCPOPT_EOL) break; if (opt == TCPOPT_NOP) optlen = 1; else { + if (cnt < 2) + break; optlen = cp[1]; - if (optlen <= 0) + if (optlen < 2 || optlen > cnt) break; } switch (opt) { - default: break; case TCPOPT_MAXSEG: + if (optlen != TCPOLEN_MAXSEG) + break; bits |= IP_FW_TCPOPT_MSS; + if (mss != NULL) + *mss = be16dec(cp + 2); break; case TCPOPT_WINDOW: - bits |= IP_FW_TCPOPT_WINDOW; + if (optlen == TCPOLEN_WINDOW) + bits |= IP_FW_TCPOPT_WINDOW; break; case TCPOPT_SACK_PERMITTED: + if (optlen == TCPOLEN_SACK_PERMITTED) + bits |= IP_FW_TCPOPT_SACK; + break; + case TCPOPT_SACK: - bits |= IP_FW_TCPOPT_SACK; + if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) + bits |= IP_FW_TCPOPT_SACK; break; case TCPOPT_TIMESTAMP: - bits |= IP_FW_TCPOPT_TS; + if (optlen == TCPOLEN_TIMESTAMP) + bits |= IP_FW_TCPOPT_TS; break; - } } - return (flags_match(cmd, bits)); + return (bits); } static int +tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) +{ + + return (flags_match(cmd, tcpopts_parse(tcp, NULL))); +} + +static int iface_match(struct ifnet *ifp, ipfw_insn_if *cmd, struct ip_fw_chain *chain, uint32_t *tablearg) { @@ -1419,17 +1440,31 @@ ipfw_chk(struct ip_fw_args *args) * this way). */ #define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) -#define PULLUP_LEN(_len, p, T) \ +#define _PULLUP_LOCKED(_len, p, T, unlock) \ do { \ int x = (_len) + T; \ if ((m)->m_len < x) { \ args->m = m = m_pullup(m, x); \ - if (m == NULL) \ + if (m == NULL) { \ + unlock; \ goto pullup_failed; \ + } \ } \ p = (mtod(m, char *) + (_len)); \ } while (0) +#define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) +#define PULLUP_LEN_LOCKED(_len, p, T) \ + _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ + UPDATE_POINTERS() +/* + * In case pointers got stale after pullups, update them. + */ +#define UPDATE_POINTERS() \ +do { \ + ip = mtod(m, struct ip *); \ +} while (0) + /* * if we have an ether header, */ @@ -2255,7 +2290,7 @@ do { \ case O_TCPOPTS: if (proto == IPPROTO_TCP && offset == 0 && ulp){ - PULLUP_LEN(hlen, ulp, + PULLUP_LEN_LOCKED(hlen, ulp, (TCP(ulp)->th_off << 2)); match = tcpopts_match(TCP(ulp), cmd); } @@ -3106,6 +3141,7 @@ do { \ } /* end of inner loop, scan opcodes */ #undef PULLUP_LEN +#undef PULLUP_LEN_LOCKED if (done) break; Modified: releng/12.1/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- releng/12.1/sys/netpfil/ipfw/ip_fw2.c Tue Apr 21 15:50:57 2020 (r360148) +++ releng/12.1/sys/netpfil/ipfw/ip_fw2.c Tue Apr 21 15:52:22 2020 (r360149) @@ -330,22 +330,27 @@ ipopts_match(struct ip *ip, ipfw_insn *cmd) return (flags_match(cmd, bits)); } +/* + * Parse TCP options. The logic copied from tcp_dooptions(). + */ static int -tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) +tcpopts_parse(const struct tcphdr *tcp, uint16_t *mss) { - u_char *cp = (u_char *)(tcp + 1); + const u_char *cp = (const u_char *)(tcp + 1); int optlen, bits = 0; - int x = (tcp->th_off << 2) - sizeof(struct tcphdr); + int cnt = (tcp->th_off << 2) - sizeof(struct tcphdr); - for (; x > 0; x -= optlen, cp += optlen) { + for (; cnt > 0; cnt -= optlen, cp += optlen) { int opt = cp[0]; if (opt == TCPOPT_EOL) break; if (opt == TCPOPT_NOP) optlen = 1; else { + if (cnt < 2) + break; optlen = cp[1]; - if (optlen <= 0) + if (optlen < 2 || optlen > cnt) break; } @@ -354,22 +359,31 @@ tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) break; case TCPOPT_MAXSEG: + if (optlen != TCPOLEN_MAXSEG) + break; bits |= IP_FW_TCPOPT_MSS; if (mss != NULL) *mss = be16dec(cp + 2); break; case TCPOPT_WINDOW: - bits |= IP_FW_TCPOPT_WINDOW; + if (optlen == TCPOLEN_WINDOW) + bits |= IP_FW_TCPOPT_WINDOW; break; case TCPOPT_SACK_PERMITTED: + if (optlen == TCPOLEN_SACK_PERMITTED) + bits |= IP_FW_TCPOPT_SACK; + break; + case TCPOPT_SACK: - bits |= IP_FW_TCPOPT_SACK; + if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) + bits |= IP_FW_TCPOPT_SACK; break; case TCPOPT_TIMESTAMP: - bits |= IP_FW_TCPOPT_TS; + if (optlen == TCPOLEN_TIMESTAMP) + bits |= IP_FW_TCPOPT_TS; break; } } @@ -1427,18 +1441,32 @@ ipfw_chk(struct ip_fw_args *args) * pointer might become stale after other pullups (but we never use it * this way). */ -#define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) -#define PULLUP_LEN(_len, p, T) \ +#define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) +#define _PULLUP_LOCKED(_len, p, T, unlock) \ do { \ int x = (_len) + T; \ if ((m)->m_len < x) { \ args->m = m = m_pullup(m, x); \ - if (m == NULL) \ + if (m == NULL) { \ + unlock; \ goto pullup_failed; \ + } \ } \ p = (mtod(m, char *) + (_len)); \ } while (0) +#define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) +#define PULLUP_LEN_LOCKED(_len, p, T) \ + _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ + UPDATE_POINTERS() +/* + * In case pointers got stale after pullups, update them. + */ +#define UPDATE_POINTERS() \ +do { \ + ip = mtod(m, struct ip *); \ +} while (0) + /* * if we have an ether header, */ @@ -2269,7 +2297,7 @@ do { \ case O_TCPOPTS: if (proto == IPPROTO_TCP && offset == 0 && ulp){ - PULLUP_LEN(hlen, ulp, + PULLUP_LEN_LOCKED(hlen, ulp, (TCP(ulp)->th_off << 2)); match = tcpopts_match(TCP(ulp), cmd); } @@ -2294,7 +2322,7 @@ do { \ uint16_t mss, *p; int i; - PULLUP_LEN(hlen, ulp, + PULLUP_LEN_LOCKED(hlen, ulp, (TCP(ulp)->th_off << 2)); if ((tcpopts_parse(TCP(ulp), &mss) & IP_FW_TCPOPT_MSS) == 0) @@ -3145,6 +3173,7 @@ do { \ } /* end of inner loop, scan opcodes */ #undef PULLUP_LEN +#undef PULLUP_LEN_LOCKED if (done) break; From owner-svn-src-releng@freebsd.org Tue Apr 21 15:53:08 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB38B2A9CBA; Tue, 21 Apr 2020 15:53:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4967Pw4gmVz4VJp; Tue, 21 Apr 2020 15:53:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9BCD038EA; Tue, 21 Apr 2020 15:53:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LFr8vK049401; Tue, 21 Apr 2020 15:53:08 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LFr8iC049400; Tue, 21 Apr 2020 15:53:08 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202004211553.03LFr8iC049400@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Apr 2020 15:53:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360150 - releng/12.1/crypto/openssl/ssl X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/12.1/crypto/openssl/ssl X-SVN-Commit-Revision: 360150 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 15:53:08 -0000 Author: gordon Date: Tue Apr 21 15:53:08 2020 New Revision: 360150 URL: https://svnweb.freebsd.org/changeset/base/360150 Log: Fix OpenSSL remote denial of service vulnerability. Approved by: so Security: FreeBSD-SA-20:11.openssl Security: CVE-2020-1967 Modified: releng/12.1/crypto/openssl/ssl/t1_lib.c Modified: releng/12.1/crypto/openssl/ssl/t1_lib.c ============================================================================== --- releng/12.1/crypto/openssl/ssl/t1_lib.c Tue Apr 21 15:52:22 2020 (r360149) +++ releng/12.1/crypto/openssl/ssl/t1_lib.c Tue Apr 21 15:53:08 2020 (r360150) @@ -2099,7 +2099,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int def sigalg = use_pc_sigalgs ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) : s->shared_sigalgs[i]; - if (sig_nid == sigalg->sigandhash) + if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; } return 0; From owner-svn-src-releng@freebsd.org Tue Apr 21 15:54:09 2020 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D77542A9DA0; Tue, 21 Apr 2020 15:54:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4967R55PBCz4VRQ; Tue, 21 Apr 2020 15:54:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9BD3738F1; Tue, 21 Apr 2020 15:54:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LFs9xO049490; Tue, 21 Apr 2020 15:54:09 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LFs8SK049487; Tue, 21 Apr 2020 15:54:08 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202004211554.03LFs8SK049487@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Apr 2020 15:54:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360151 - in releng: 11.3 11.3/sys/conf 12.1 12.1/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 11.3 11.3/sys/conf 12.1 12.1/sys/conf X-SVN-Commit-Revision: 360151 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 15:54:09 -0000 Author: gordon Date: Tue Apr 21 15:54:08 2020 New Revision: 360151 URL: https://svnweb.freebsd.org/changeset/base/360151 Log: Add UPDATING entries and bump version. Approved by: so Modified: releng/11.3/UPDATING releng/11.3/sys/conf/newvers.sh releng/12.1/UPDATING releng/12.1/sys/conf/newvers.sh Modified: releng/11.3/UPDATING ============================================================================== --- releng/11.3/UPDATING Tue Apr 21 15:53:08 2020 (r360150) +++ releng/11.3/UPDATING Tue Apr 21 15:54:08 2020 (r360151) @@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200421 p8 FreeBSD-EN-20:07.quotad + FreeBSD-SA-20:10.ipfw + + Fix regression in rpc.rquotad with certain NFS servers [EN-20:07.quotad] + + Fix ipfw invalid mbuf handling [SA-20:10.ipfw] + 20200319 p7 FreeBSD-EN-20:04.pfctl FreeBSD-EN-20:06.ipv6 FreeBSD-SA-20:04.tcp Modified: releng/11.3/sys/conf/newvers.sh ============================================================================== --- releng/11.3/sys/conf/newvers.sh Tue Apr 21 15:53:08 2020 (r360150) +++ releng/11.3/sys/conf/newvers.sh Tue Apr 21 15:54:08 2020 (r360151) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.3" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/12.1/UPDATING ============================================================================== --- releng/12.1/UPDATING Tue Apr 21 15:53:08 2020 (r360150) +++ releng/12.1/UPDATING Tue Apr 21 15:54:08 2020 (r360151) @@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200421 p4 FreeBSD-EN-20:07.quotad + FreeBSD-SA-20:10.ipfw + FreeBSD-SA-20:11.openssl + + Fix regression in rpc.rquotad with certain NFS servers [EN-20:07.quotad] + + Fix ipfw invalid mbuf handling [SA-20:10.ipfw] + + Fix OpenSSL remote denial of service vulnerability [SA-20:11.openssl] + 20200319 p3 FreeBSD-EN-20:03.sshd FreeBSD-EN-20:05.mlx5en FreeBSD-EN-20:06.ipv6 Modified: releng/12.1/sys/conf/newvers.sh ============================================================================== --- releng/12.1/sys/conf/newvers.sh Tue Apr 21 15:53:08 2020 (r360150) +++ releng/12.1/sys/conf/newvers.sh Tue Apr 21 15:54:08 2020 (r360151) @@ -46,7 +46,7 @@ TYPE="FreeBSD" REVISION="12.1" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi