From owner-cvs-all@FreeBSD.ORG Wed Jun 29 21:41:04 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4235516A41C; Wed, 29 Jun 2005 21:41:04 +0000 (GMT) (envelope-from simon@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C56443D4C; Wed, 29 Jun 2005 21:41:04 +0000 (GMT) (envelope-from simon@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5TLf4h5046670; Wed, 29 Jun 2005 21:41:04 GMT (envelope-from simon@repoman.freebsd.org) Received: (from simon@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5TLf33C046669; Wed, 29 Jun 2005 21:41:04 GMT (envelope-from simon) Message-Id: <200506292141.j5TLf33C046669@repoman.freebsd.org> From: "Simon L. Nielsen" Date: Wed, 29 Jun 2005 21:41:03 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_5_4 Cc: Subject: cvs commit: src UPDATING src/contrib/bzip2 bzip2.c bzlib.c compress.c decompress.c huffman.c src/sys/conf newvers.sh src/sys/netinet ip_fw2.c tcp_input.c tcp_seq.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 21:41:04 -0000 simon 2005-06-29 21:41:03 UTC FreeBSD src repository (doc,ports committer) Modified files: (Branch: RELENG_5_4) . UPDATING contrib/bzip2 bzip2.c bzlib.c compress.c decompress.c huffman.c sys/conf newvers.sh sys/netinet ip_fw2.c tcp_input.c tcp_seq.h Log: Correct ipfw packet matching errors with address tables. Security: CAN-2005-2019 Security: FreeBSD-SA-05:13.ipfw Correct bzip2 denial of service and permission race vulnerabilities. Obtained from: Redhat, Steve Grubb via RedHat Security: CAN-2005-0953, CAN-2005-1260 Security: FreeBSD-SA-05:14.bzip2 Approved by: obrien Correct TCP connection stall denial-of-service vulnerabilities. MFC: rev 1.270 of tcp_input.c, rev 1.25 of tcp_seq.h by ps: When a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. A TCP packets with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options. Security: CAN-2005-0356, CAN-2005-2068 Security: FreeBSD-SA-05:15.tcp Approved by: so (cperciva) Revision Changes Path 1.342.2.24.2.12 +8 -0 src/UPDATING 1.1.1.2.12.1 +34 -9 src/contrib/bzip2/bzip2.c 1.1.1.2.12.1 +37 -14 src/contrib/bzip2/bzlib.c 1.1.1.2.12.1 +7 -5 src/contrib/bzip2/compress.c 1.1.1.2.12.1 +11 -5 src/contrib/bzip2/decompress.c 1.1.1.2.12.1 +18 -1 src/contrib/bzip2/huffman.c 1.62.2.18.2.8 +1 -1 src/sys/conf/newvers.sh 1.70.2.10.2.1 +20 -17 src/sys/netinet/ip_fw2.c 1.252.2.14.2.1 +24 -4 src/sys/netinet/tcp_input.c 1.22.2.1.2.1 +1 -0 src/sys/netinet/tcp_seq.h