From owner-cvs-all@FreeBSD.ORG  Wed Jun 29 21:36:49 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DA28916A41C;
	Wed, 29 Jun 2005 21:36:49 +0000 (GMT)
	(envelope-from simon@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C705F43D1F;
	Wed, 29 Jun 2005 21:36:49 +0000 (GMT)
	(envelope-from simon@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5TLanhB046259;
	Wed, 29 Jun 2005 21:36:49 GMT
	(envelope-from simon@repoman.freebsd.org)
Received: (from simon@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5TLanel046258;
	Wed, 29 Jun 2005 21:36:49 GMT (envelope-from simon)
Message-Id: <200506292136.j5TLanel046258@repoman.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Wed, 29 Jun 2005 21:36:49 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/contrib/bzip2 bzip2.c src/sys/netinet ip_fw2.c
 tcp_input.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2005 21:36:50 -0000

simon       2005-06-29 21:36:49 UTC

  FreeBSD src repository (doc,ports committer)

  Modified files:
    contrib/bzip2        bzip2.c 
    sys/netinet          ip_fw2.c tcp_input.c 
  Log:
  Fix ipfw packet matching errors with address tables.
  
  The ipfw tables lookup code caches the result of the last query.  The
  kernel may process multiple packets concurrently, performing several
  concurrent table lookups.  Due to an insufficient locking, a cached
  result can become corrupted that could cause some addresses to be
  incorrectly matched against a lookup table.
  
  Submitted by:   ru
  Reviewed by:    csjp, mlaier
  Security:       CAN-2005-2019
  Security:       FreeBSD-SA-05:13.ipfw
  
  Correct bzip2 permission race condition vulnerability.
  
  Obtained from:  Steve Grubb via RedHat
  Security:       CAN-2005-0953
  Security:       FreeBSD-SA-05:14.bzip2
  Approved by:    obrien
  
  Correct TCP connection stall denial of service vulnerability.
  
  A TCP packets with the SYN flag set is accepted for established
  connections, allowing an attacker to overwrite certain TCP options.
  
  Submitted by:   Noritoshi Demizu
  Reviewed by:    andre, Mohan Srinivasan
  Security:       CAN-2005-2068
  Security:       FreeBSD-SA-05:15.tcp
  
  Approved by:    re (security blanket), cperciva
  
  Revision  Changes    Path
  1.2       +329 -244  src/contrib/bzip2/bzip2.c
  1.105     +20 -17    src/sys/netinet/ip_fw2.c
  1.278     +1 -1      src/sys/netinet/tcp_input.c