revision 1.4
date: 2005/11/01 21:16:39; author: trhodes; state: Exp; lines: +0 -6
Quick kill links to the nsmb(8) manual page, there is no such
utility that I can find.
Add an rc.d script to start the pfsync interface after all
the conventional network interfaces have been started so that
pfsync can be attached to any of the latter.
Record the dependency of rc.d/pf on the newly added rc.d/pfsync.
Also make rc.d/pf start as early as before rc.d/routing to improve
system security.
Document rc.d/pfsync on pfsync(4) and rc.conf(5).
Approved by: re (scottl), mlaier
Take this opportunity to note that glebius indicated
that the initial work in this area was done by
Igor Sysoev <is rambler-co.ru>
Approved by: re (kensmith)
- Remove MLINKS to nonexistant manpages
- Change some section numbers to match reality
- For MLINKS to manpages from ports, mention which port installs them
Approved by: re (hrs)
(Note this makes the vendor branch not represent Binutils in the vendor's
CVS repository at any point in time. Portmgr did not like the state of
Binutils on Sparc that represented the point in time the vendor fixed this
issue. I'd rather have fixed this on RELENG_6.)
Approved by: re
This allows FreeBSD/PPC to build and run out of stock CVS sources. This
also takes the file off of the vendor branch.
Submitted by: kan, grehan
Approved by: re, kan
The ipfw tables lookup code caches the result of the last query. The
kernel may process multiple packets concurrently, performing several
concurrent table lookups. Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.
Submitted by: ru
Reviewed by: csjp, mlaier
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw
Correct bzip2 permission race condition vulnerability.
Obtained from: Steve Grubb via RedHat
Security: CAN-2005-0953
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien
Correct TCP connection stall denial of service vulnerability.
A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.
Submitted by: Noritoshi Demizu
Reviewed by: andre, Mohan Srinivasan
Security: CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp
Approved by: re (security blanket), cperciva
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
