5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash. A source code patch exists which remedies this problem for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash. A source code patch exists which remedies this problem for 5.8 and 5.9.
In the installer, back out the automatic pkg.conf(5) installpath changes.
In dhclient(8), back out the change that narrowed the BPF read filter rules so only packets sent to the interface's LLADDR pass. Some DHCP servers send frames to the ethernet broadcast address.
In imxuart(4/armv7), re-create the i.MX6 console with the correct minor number on attach.
@@ -182,14 +188,14 @@
In ssh(1), reduce the syslog level of some relatively common protocol events from LOG_CRIT (bz#2585).
Add a ProxyJump ssh_config(5) option and a corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host".
-
5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin. A source code patch is available for 5.8 and 5.9.
-
5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. A source code patch is available for 5.8 and 5.9.
-
5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system. A source code patch is available for 5.8 and 5.9.
-
5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash. A source code patch is available for 5.8 and 5.9.
-
5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash. A source code patch is available for 5.8 and 5.9.
-
5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic. A source code patch is available for 5.8 and 5.9.
-
5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system. A source code patch is available for 5.9.
-
5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference. A source code patch is available for 5.9.
+
5.8 and 5.9 RELIABILITY FIX: Splicing sockets in a loop could cause a kernel spin. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: ufs_readdir failed to limit size of memory allocation, leading to panics. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 SECURITY FIX: The mmap extension __MAP_NOFAULT could overcommit resources and crash the system. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: Tick counting overflows could cause a kernel crash. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: Invalid file descriptor use with kevent(2) could lead to a kernel crash. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: Unchecked parameters and integer overflows in the amap allocation routines could cause malloc(9) to either not allocate enough memory, leading to memory corruption, or to trigger a "malloc: allocation too large" panic. A source code patch is available for 5.8 and 5.9.
+
5.9 RELIABILITY FIX: Multiple processes exiting with a fd-passing control message on a shared socket could crash the system. A source code patch is available for 5.9.
+
5.9 RELIABILITY FIX: A race occuring in the unlocked ARP input path can lead to a kernel NULL dereference. A source code patch is available for 5.9.
Ensure that amap slot calculation does not overflow. This prevents from too small amaps being allocated by forcing the allocation of a large number of slots.
Ignore the kern.usermount sysctl(8). It is unsafe, because it allows any non-pledge(2)'d program to call the mount/umount system calls. The sysctl will be completely removed in 6.1.
In ip6(4), drop received packets with an IPv4-compatible address as source or destination as per RFC4213.
@@ -293,7 +299,7 @@
On vmm(4/amd64), fix a panic when CPUs fail to spin up for other reasons during boot.
On amd64 and i386, enable the UMIP feature if present.
Enable ure(4) on the architectures where url(4) already is.
-
5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages. A source code patch is available for 5.9.
+
5.9 SECURITY FIX: Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages. A source code patch is available for 5.9.
In ldpd(8), fix a logic bug causing the advertised transport connection preference (LDPoIPv4 or LDPoIPv6) not to be respected.
In iwn(4), revert the implementation of iwn_update_htprot(). We are still seeing links dropping upon HT protection updates with some iwn chips.
@@ -575,7 +581,7 @@
In libc on i386, do setjmp cookies for eip, esp, and ebp.
In libc on mips64, do setjmp cookies for gp, sp, and ra.
-
5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 RELIABILITY FIX: Bug in the libcrypto library when parsing certain ASN.1 elements. A source code patch is available for 5.8 and 5.9.
Update to xserver 1.18.3.
Update to freetype 2.6.3.
In smu(4/macppc), add support for new smu-firmware fan commands.
@@ -653,7 +659,7 @@
On i386, split the ACPI resume trampoline into code and data pages, and protect with proper permissions.
5.9 RELIABILITY FIX: Possible data corruption in bnx(4). A source code patch is available for 5.9.
+
5.9 RELIABILITY FIX: Possible data corruption in bnx(4). A source code patch is available for 5.9.
In ieee80211(9), in hostap mode, don't re-use association IDs (AIDs) of nodes which are still lingering in the node cache. This could cause an AID to be assigned twice.
Split the i386 mp hatch trampoline into code and data pages, and protect each with proper W^X policy.
@@ -662,13 +668,13 @@
In regex(3), fix a one-byte buffer underflow (read access only).
Change the random event buffer from a queue to an endless ring so that no events are dropped when the queue is full. They are instead mixed into previous events.
5.8 and 5.9 SECURITY FIX: Insufficient checks in the uvideo(4) V4L2 ioctl(2) handling leak kernel memory contents to a local user. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 SECURITY FIX: Insufficient checks in the uvideo(4) V4L2 ioctl(2) handling leak kernel memory contents to a local user. A source code patch is available for 5.8 and 5.9.
Completely skip link-layer address resolution and NUD on gif(4).
In uvideo(4), plug some holes in the V4L2 ioctl(2) interfaces that would leak kernel memory to a local user. Also fix a potential integer overflow issue.
Fix a logic issue in the SMTP state machine that can lead to an invalid state and result in a crash.
@@ -734,7 +740,7 @@
In ssh(1), fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks.
Stop using a soft-interrupt context to process incoming network packets. Use a new task that runs holding the KERNEL_LOCK to execute MP-unsafe code.
-
5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the advisory. A source code patch is available for 5.8 and 5.9.
+
5.8 and 5.9 SECURITY FIX: Issues in the libcrypto library (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 and CVE-2016-2109). Refer to the advisory. A source code patch is available for 5.8 and 5.9.
In libssl, fix several issues: missing padding check in aesni functions, overflow in evp encode functions, and use of invalid negative asn.1 types.
Reduce the number of lookups to 1 for non-multicast traffic when pf(4) is disabled.
In ssh, implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.
@@ -753,7 +759,7 @@
Add support for changing the bus width to the sdmmc(4) subsystem and the sdhc(4) controller. Use this to switch SD cards to a 4-bit bus if they support it.
In sppp(4), fix a bug causing breakage with LCP echoes.
-
5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with carp(4). A source code patch is available for 5.9.
+
5.9 RELIABILITY FIX: A problem in m_dup_pkt() can result in kernel crashes with carp(4). A source code patch is available for 5.9.
In file(1), fix the default type to work properly.
@@ -1006,8 +1012,8 @@
Update to tzdata2016b from ftp.iana.org.
Allocate amap slots for a virtual memory range reserved with sbrk(2) lazily. This avoids wasting kernel memory if the user process does not make use of the allocated memory.
For amaps with only a few slots, allocate the slots via pool(9). This saves some memory and reduces kmem pressure.
-
5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs. A source code patch is available for 5.9.
-
5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user. A source code patch is available for 5.7, 5.8 and 5.9.
+
5.9 RELIABILITY FIX: Incorrect path processing in pledge_namei() could result in unexpected program termination of pledge(2)'d programs. A source code patch is available for 5.9.
+
5.7, 5.8 and 5.9 SECURITY FIX: Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user. A source code patch is available for 5.7, 5.8 and 5.9.
In puc(4), add support for the Exar XR17V354 device.
Remove the legacy uiomovei(3) function. It has been replaced by uiomove(9).
@@ -1022,7 +1028,7 @@
In sd(4), avoid a kernel panic when unplugging an USB umass stick because of a use after free.
Avoid corrupt mount points without a valid device when unmounting.
-
5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to xauth(1). A source code patch is available for 5.7, 5.8 and 5.9.
+
5.7, 5.8 and 5.9 SECURITY FIX: Lack of credential sanitization allows injection of commands to xauth(1). A source code patch is available for 5.7, 5.8 and 5.9.