These files were intended to track version and perhaps maintainership
information for contrib software. However, they were never used beyond
bzip2, netcat, and OpenSSH, and generally haven't been kept up to date
recently (my OpenSSH 8.7p1 update notwithstanding). Just remove them to
avoid having confusing or outdated information.
Suggested by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
or --license as most apps would do, instead it waits for data to
compress on stdin. Because of that, if `bzip2 --version' is called,
bogus `bzip2: I won't write compressed data to a terminal' error
message will be displayed, and checking for bzip2 version in scripts
as in
bzip2 --version 2>&1 | grep -o "Version [^,]*"
will hand as bzip2 would wait for data to compress on stdin. Fix
this by exiting right after showing version/license text.
I've tried to push this upstream for more than a year, but author
is unresponsive, so upstream may be considered dead.
Ubuntu applies similar fix, for the note.
PR: 199443
Approved by: dim, bapt
MFC after: 2 weeks
Differential Revision: D8924
The ipfw tables lookup code caches the result of the last query. The
kernel may process multiple packets concurrently, performing several
concurrent table lookups. Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.
Submitted by: ru
Reviewed by: csjp, mlaier
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw
Correct bzip2 permission race condition vulnerability.
Obtained from: Steve Grubb via RedHat
Security: CAN-2005-0953
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien
Correct TCP connection stall denial of service vulnerability.
A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.
Submitted by: Noritoshi Demizu
Reviewed by: andre, Mohan Srinivasan
Security: CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp
Approved by: re (security blanket), cperciva
BZ_NO_COMPRESS support to the bzip2 sources directly (yes, this takes file
off the vendor branch, but looks like bzip2 maintainer doesn't care), so that
it will not be removed when the next upgrade is performed. Also, add a short
note on how to test bzip2 support.
Pointy hat to: obrien
Correct comment (libz -> libbz2) and remove useless full path to zutil.h
while I am here.