laffer1 | 29 Jul 02:47 2015

src [7200] trunk/UPDATING: document patch change

Revision: 7200
          http://svnweb.midnightbsd.org/src/?rev=7200
Author:   laffer1
Date:     2015-07-28 20:47:57 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
document patch change

Modified Paths:
--------------
    trunk/UPDATING

Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING	2015-07-29 00:45:52 UTC (rev 7199)
+++ trunk/UPDATING	2015-07-29 00:47:57 UTC (rev 7200)
 <at>  <at>  -27,6 +27,9  <at>  <at> 
 	using PAM (default) would allow many password attempts. A bug allows
 	MaxAuthTries to be bypassed. [CVE-2015-5600]

+
+	Switch to bsdpatch (from FreeBSD & OpenBSD)
+
 20160726:
 	BSD Sort updated

laffer1 | 29 Jul 02:45 2015

src [7199] trunk/gnu/usr.bin: get rid of gnu patch

Revision: 7199
          http://svnweb.midnightbsd.org/src/?rev=7199
Author:   laffer1
Date:     2015-07-28 20:45:52 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
get rid of gnu patch

Modified Paths:
--------------
    trunk/gnu/usr.bin/Makefile

Removed Paths:
-------------
    trunk/gnu/usr.bin/patch/

Modified: trunk/gnu/usr.bin/Makefile
===================================================================
--- trunk/gnu/usr.bin/Makefile	2015-07-29 00:45:20 UTC (rev 7198)
+++ trunk/gnu/usr.bin/Makefile	2015-07-29 00:45:52 UTC (rev 7199)
 <at>  <at>  -13,7 +13,6  <at>  <at> 
 	${_gperf} \
 	grep \
 	${_groff} \
-	patch \
 	${_rcs} \
 	sort \
 	${_texinfo}

(Continue reading)

laffer1 | 29 Jul 02:45 2015

src [7198] trunk/usr.bin: add bsd patch

Revision: 7198
          http://svnweb.midnightbsd.org/src/?rev=7198
Author:   laffer1
Date:     2015-07-28 20:45:20 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
add bsd patch

Modified Paths:
--------------
    trunk/usr.bin/Makefile

Added Paths:
-----------
    trunk/usr.bin/patch/
    trunk/usr.bin/patch/Makefile
    trunk/usr.bin/patch/backupfile.c
    trunk/usr.bin/patch/backupfile.h
    trunk/usr.bin/patch/common.h
    trunk/usr.bin/patch/inp.c
    trunk/usr.bin/patch/inp.h
    trunk/usr.bin/patch/mkpath.c
    trunk/usr.bin/patch/patch.1
    trunk/usr.bin/patch/patch.c
    trunk/usr.bin/patch/pathnames.h
    trunk/usr.bin/patch/pch.c
    trunk/usr.bin/patch/pch.h
    trunk/usr.bin/patch/util.c
    trunk/usr.bin/patch/util.h

(Continue reading)

laffer1 | 29 Jul 02:40 2015

src [7197] release/0.6.4/: MidnightBSD 0.6.4 RELEASE

Revision: 7197
          http://svnweb.midnightbsd.org/src/?rev=7197
Author:   laffer1
Date:     2015-07-28 20:40:03 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
MidnightBSD 0.6.4 RELEASE

Added Paths:
-----------
    release/0.6.4/

laffer1 | 29 Jul 02:38 2015

src [7196] stable/0.6: MidnightBSD 0.6.4

Revision: 7196
          http://svnweb.midnightbsd.org/src/?rev=7196
Author:   laffer1
Date:     2015-07-28 20:38:43 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
MidnightBSD 0.6.4

        OpenSSH

        Fix two security vulnerabilities:
        OpenSSH clients does not correctly verify DNS SSHFP records when a server
        offers a certificate. [CVE-2014-2653]

        OpenSSH servers which are configured to allow password authentication
        using PAM (default) would allow many password attempts. A bug allows
        MaxAuthTries to be bypassed. [CVE-2015-5600]

Modified Paths:
--------------
    stable/0.6/UPDATING
    stable/0.6/crypto/openssh/auth2-chall.c
    stable/0.6/crypto/openssh/sshconnect.c
    stable/0.6/sys/conf/newvers.sh

Modified: stable/0.6/UPDATING
===================================================================
--- stable/0.6/UPDATING	2015-07-29 00:37:33 UTC (rev 7195)
+++ stable/0.6/UPDATING	2015-07-29 00:38:43 UTC (rev 7196)
 <at>  <at>  -1,5 +1,28  <at>  <at> 
(Continue reading)

laffer1 | 29 Jul 02:37 2015

src [7195] trunk/UPDATING: mention security patches

Revision: 7195
          http://svnweb.midnightbsd.org/src/?rev=7195
Author:   laffer1
Date:     2015-07-28 20:37:33 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
mention security patches

Modified Paths:
--------------
    trunk/UPDATING

Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING	2015-07-29 00:35:21 UTC (rev 7194)
+++ trunk/UPDATING	2015-07-29 00:37:33 UTC (rev 7195)
 <at>  <at>  -17,6 +17,16  <at>  <at> 
 	traffic would cease.
 	Obtained from: FreeBSD 8

+	OpenSSH
+
+	Fix two security vulnerabilities:
+	OpenSSH clients does not correctly verify DNS SSHFP records when a server
+	offers a certificate. [CVE-2014-2653]
+
+	OpenSSH servers which are configured to allow password authentication
+	using PAM (default) would allow many password attempts. A bug allows
+	MaxAuthTries to be bypassed. [CVE-2015-5600]
+
(Continue reading)

laffer1 | 29 Jul 02:35 2015

src [7194] trunk/crypto/openssh: Fix two OpenSSH security issues:

Revision: 7194
          http://svnweb.midnightbsd.org/src/?rev=7194
Author:   laffer1
Date:     2015-07-28 20:35:21 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
Fix two OpenSSH security issues:

CVE-2014-2653 and CVE-2015-5600

Attackers can bypass MaxAuthTries and brute force passwords. Clients will
not properly validate DNS SSHFP records that offer a certificate. (rarely used)

Modified Paths:
--------------
    trunk/crypto/openssh/auth2-chall.c
    trunk/crypto/openssh/sshconnect.c

Modified: trunk/crypto/openssh/auth2-chall.c
===================================================================
--- trunk/crypto/openssh/auth2-chall.c	2015-07-29 00:31:36 UTC (rev 7193)
+++ trunk/crypto/openssh/auth2-chall.c	2015-07-29 00:35:21 UTC (rev 7194)
 <at>  <at>  -82,6 +82,7  <at>  <at> 
 	void *ctxt;
 	KbdintDevice *device;
 	u_int nreq;
+	u_int devices_done;
 };

 #ifdef USE_PAM
(Continue reading)

laffer1 | 29 Jul 02:31 2015

src [7193] stable/0.6/sys/netinet: TCP Resassemly resource exhaustion bug:

Revision: 7193
          http://svnweb.midnightbsd.org/src/?rev=7193
Author:   laffer1
Date:     2015-07-28 20:31:36 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
TCP Resassemly resource exhaustion bug:

There is a mistake with the introduction of VNET, which converted the
global limit on the number of segments that could belong to reassembly
queues into a per-VNET limit.  Because mbufs are allocated from a
global pool, in the presence of a sufficient number of VNETs, the
total number of mbufs attached to reassembly queues can grow to the
total number of mbufs in the system, at which point all network
traffic would cease.

Obtained from: FreeBSD 8

Modified Paths:
--------------
    stable/0.6/sys/netinet/tcp_reass.c
    stable/0.6/sys/netinet/tcp_subr.c
    stable/0.6/sys/netinet/tcp_var.h

Modified: stable/0.6/sys/netinet/tcp_reass.c
===================================================================
--- stable/0.6/sys/netinet/tcp_reass.c	2015-07-29 00:31:09 UTC (rev 7192)
+++ stable/0.6/sys/netinet/tcp_reass.c	2015-07-29 00:31:36 UTC (rev 7193)
 <at>  <at>  -80,29 +80,25  <at>  <at> 
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
(Continue reading)

laffer1 | 29 Jul 02:31 2015

src [7192] trunk/UPDATING: tcp resassembly bug

Revision: 7192
          http://svnweb.midnightbsd.org/src/?rev=7192
Author:   laffer1
Date:     2015-07-28 20:31:09 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
tcp resassembly bug

Modified Paths:
--------------
    trunk/UPDATING

Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING	2015-07-29 00:30:12 UTC (rev 7191)
+++ trunk/UPDATING	2015-07-29 00:31:09 UTC (rev 7192)
 <at>  <at>  -7,6 +7,16  <at>  <at> 

 	cpucontrol(8) now supports VIA CPUs. Synced with FreeBSD 9.2.

+	TCP Resassemly resource exhaustion bug:
+	There is a mistake with the introduction of VNET, which converted the
+	global limit on the number of segments that could belong to reassembly
+	queues into a per-VNET limit.  Because mbufs are allocated from a
+	global pool, in the presence of a sufficient number of VNETs, the
+	total number of mbufs attached to reassembly queues can grow to the
+	total number of mbufs in the system, at which point all network
+	traffic would cease.
+	Obtained from: FreeBSD 8
+
(Continue reading)

laffer1 | 29 Jul 02:30 2015

src [7191] trunk/sys/netinet: TCP Resassemly resource exhaustion bug:

Revision: 7191
          http://svnweb.midnightbsd.org/src/?rev=7191
Author:   laffer1
Date:     2015-07-28 20:30:12 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
TCP Resassemly resource exhaustion bug:

There is a mistake with the introduction of VNET, which converted the
global limit on the number of segments that could belong to reassembly
queues into a per-VNET limit.  Because mbufs are allocated from a
global pool, in the presence of a sufficient number of VNETs, the
total number of mbufs attached to reassembly queues can grow to the
total number of mbufs in the system, at which point all network
traffic would cease.

Obtained from: FreeBSD 8

Modified Paths:
--------------
    trunk/sys/netinet/tcp_reass.c
    trunk/sys/netinet/tcp_subr.c
    trunk/sys/netinet/tcp_var.h

Modified: trunk/sys/netinet/tcp_reass.c
===================================================================
--- trunk/sys/netinet/tcp_reass.c	2015-07-28 11:57:01 UTC (rev 7190)
+++ trunk/sys/netinet/tcp_reass.c	2015-07-29 00:30:12 UTC (rev 7191)
 <at>  <at>  -80,29 +80,25  <at>  <at> 
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
(Continue reading)

laffer1 | 29 Jul 00:07 2015

mports [19617] trunk/dns/libbind: update plist

Revision: 19617
          http://svnweb.midnightbsd.org/mports/?rev=19617
Author:   laffer1
Date:     2015-07-28 18:07:01 -0400 (Tue, 28 Jul 2015)
Log Message:
-----------
update plist

Modified Paths:
--------------
    trunk/dns/libbind/Makefile
    trunk/dns/libbind/pkg-plist

Modified: trunk/dns/libbind/Makefile
===================================================================
--- trunk/dns/libbind/Makefile	2015-07-28 22:06:18 UTC (rev 19616)
+++ trunk/dns/libbind/Makefile	2015-07-28 22:07:01 UTC (rev 19617)
 <at>  <at>  -2,7 +2,7  <at>  <at> 

 PORTNAME=	libbind
 PORTVERSION=	6.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	libbind/${PORTVERSION}

Modified: trunk/dns/libbind/pkg-plist
===================================================================
--- trunk/dns/libbind/pkg-plist	2015-07-28 22:06:18 UTC (rev 19616)
(Continue reading)


Gmane