d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys
History
kp c674ede188 pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or cause a panic 
We mistakenly used the extoff value from the last packet to patch the
next_header field. If a malicious host sends a chain of fragmented packets
where the first packet and the final packet have different lengths or number of
extension headers we'd patch the next_header at the wrong offset.
This can potentially lead to panics or rule bypasses.

Security:       CVE-2019-5597
Obtained from:  OpenBSD
Reported by:    Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv
2019-03-01 07:37:45 +00:00
..
amd64
Add kernel support for Intel userspace protection keys feature on
2019-02-20 09:51:13 +00:00
arm
Fix armv6/armv7 build after the move from xhci_mv to generic_xhci
2019-02-27 22:01:39 +00:00
arm64
Add the hw.ncpu tunable to arm64.
2019-02-28 14:40:43 +00:00
bsm
Create new EINTEGRITY error with message "Integrity check failed".
2019-01-17 06:35:45 +00:00
cam
Refactor command ordering/blocking mechanism in CTL.
2019-02-27 21:29:21 +00:00
cddl
Improve readability of the code by making it explicit where the 'c' variable
2019-03-01 05:54:13 +00:00
compat
import linux debugfs support
2019-02-23 20:56:41 +00:00
conf
powerpc/powernv: Add OPAL flash device driver
2019-03-01 04:36:55 +00:00
contrib
Modularize xz.
2019-02-26 19:55:03 +00:00
crypto
Regularize the Netflix copyright
2019-02-04 21:28:25 +00:00
ddb
ddb: Print the thread's pcb in 'show thread'
2019-02-09 21:08:19 +00:00
dev
cxgbe(4): Don't forget to report link state to the kernel if the link is
2019-03-01 02:43:30 +00:00
dts
Adapt FreeBSD specific DT stub for Jetson TK1 board to be consistent with
2019-02-06 06:03:44 +00:00
fs
fuse: Fix a regression introduced in r337165
2019-02-21 02:41:57 +00:00
gdb
geom
Modularize xz.
2019-02-26 19:55:03 +00:00
gnu
gcov support
2019-02-23 21:14:00 +00:00
i386
Invalidate cache for the PDPTE page when using PAE paging but PAT is
2019-02-28 19:19:02 +00:00
isa
Reapply, with minor tweaks, r338025, from the original commit:
2018-09-26 17:12:14 +00:00
kern
Prevent detaching driver if the attach is not finished
2019-03-01 01:18:39 +00:00
kgssapi
* Handle SIGPIPE in gssd
2019-02-21 01:30:37 +00:00
libkern
Add non-sleepable strdup variant strdup_flags
2019-02-20 20:48:10 +00:00
mips
Modularize xz.
2019-02-26 19:55:03 +00:00
modules
Add another required header file.
2019-03-01 04:17:43 +00:00
net
iflib: Improve return values of interrupt handlers.
2019-02-15 18:51:43 +00:00
net80211
net80211(4): hide casts for 'i_seq' field offset calculation inside
2019-02-10 23:58:56 +00:00
netgraph
Remove remnants of byte order manipulation, back when FreeBSD stack
2019-02-09 03:00:00 +00:00
netinet
Various cleanups to the management of multiple TCP stacks.
2019-02-27 20:24:23 +00:00
netinet6
When dropping a fragment queue count the number of fragments in the queue
2019-02-19 19:57:55 +00:00
netipsec
Remove unused argument to priv_check_cred.
2018-12-11 19:32:16 +00:00
netpfil
pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or cause a panic
2019-03-01 07:37:45 +00:00
netsmb
Remove unused argument to priv_check_cred.
2018-12-11 19:32:16 +00:00
nfs
nfsclient
nfsserver
nlm
ofed
Mechanical cleanup of epoch(9) usage in network stack.
2019-01-09 01:11:19 +00:00
opencrypto
Fix another bug introduced during the review process of r344140:
2019-02-25 19:14:16 +00:00
powerpc
powerpc/powernv: Add OPAL flash device driver
2019-03-01 04:36:55 +00:00
riscv
Add kernel support for Intel userspace protection keys feature on
2019-02-20 09:51:13 +00:00
rpc
Bump the default kern.rpc.gss.client_max from 128 to 1024.
2019-02-19 11:07:02 +00:00
security
Create new EINTEGRITY error with message "Integrity check failed".
2019-01-17 06:35:45 +00:00
sparc64
Add kernel support for Intel userspace protection keys feature on
2019-02-20 09:51:13 +00:00
sys
Remove references to pdwait4(2) and CAP_PDWAIT from rights(4)
2019-02-28 18:12:14 +00:00
teken
Attempt to complete fixing programmable function keys for syscons.
2019-02-20 02:14:41 +00:00
tests
Regularize the Netflix copyright
2019-02-04 21:28:25 +00:00
tools
make_dtb.sh: Use $CPP instead of assuming that cpp is in $PATH
2018-12-14 23:53:28 +00:00
ufs
FFS: allow sendfile(2) to work with block sizes greater than the page size
2019-02-26 04:56:10 +00:00
vm
vm: remove seq.h inclusion made obsolete by NUMA rewrite
2019-02-27 22:42:29 +00:00
x86
Add usermode helpers for for Intel userspace protection keys feature.
2019-02-20 09:56:23 +00:00
xdr
xen
xen: introduce a new way to setup event channel upcall
2019-01-30 11:34:52 +00:00
Makefile