svn commit: r201679 - releng/6.3 releng/6.3/contrib/bind9/bin/named
releng/6.3/contrib/bind9/lib/dns
releng/6.3/contrib/bind9/lib/dns/include/dns
releng/6.3/contrib/ntp/ntpd releng/6.3/sys/conf rel...
Simon L. Nielsen
simon at FreeBSD.org
Wed Jan 6 21:45:31 UTC 2010
Author: simon
Date: Wed Jan 6 21:45:30 2010
New Revision: 201679
URL: http://svn.freebsd.org/changeset/base/201679
Log:
Fix BIND named(8) cache poisoning with DNSSEC validation.
[SA-10:01]
Fix ntpd mode 7 denial of service. [SA-10:02]
Fix ZFS ZIL playback with insecure permissions. [SA-10:03]
Various FreeBSD 8.0-RELEASE improvements. [EN-10:01]
Security: FreeBSD-SA-10:01.bind
Security: FreeBSD-SA-10:02.ntpd
Security: FreeBSD-SA-10:03.zfs
Errata: FreeBSD-EN-10:01.freebsd
Approved by: so (simon)
Modified:
stable/7/contrib/ntp/ntpd/ntp_request.c
stable/7/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
Changes in other areas also in this revision:
Modified:
releng/6.3/UPDATING
releng/6.3/contrib/bind9/bin/named/query.c
releng/6.3/contrib/bind9/lib/dns/include/dns/types.h
releng/6.3/contrib/bind9/lib/dns/masterdump.c
releng/6.3/contrib/bind9/lib/dns/rbtdb.c
releng/6.3/contrib/bind9/lib/dns/resolver.c
releng/6.3/contrib/bind9/lib/dns/validator.c
releng/6.3/contrib/ntp/ntpd/ntp_request.c
releng/6.3/sys/conf/newvers.sh
releng/6.4/UPDATING
releng/6.4/contrib/bind9/bin/named/query.c
releng/6.4/contrib/bind9/lib/dns/include/dns/types.h
releng/6.4/contrib/bind9/lib/dns/masterdump.c
releng/6.4/contrib/bind9/lib/dns/rbtdb.c
releng/6.4/contrib/bind9/lib/dns/resolver.c
releng/6.4/contrib/bind9/lib/dns/validator.c
releng/6.4/contrib/ntp/ntpd/ntp_request.c
releng/6.4/sys/conf/newvers.sh
releng/7.1/UPDATING
releng/7.1/contrib/bind9/bin/named/query.c
releng/7.1/contrib/bind9/lib/dns/include/dns/types.h
releng/7.1/contrib/bind9/lib/dns/masterdump.c
releng/7.1/contrib/bind9/lib/dns/rbtdb.c
releng/7.1/contrib/bind9/lib/dns/resolver.c
releng/7.1/contrib/bind9/lib/dns/validator.c
releng/7.1/contrib/ntp/ntpd/ntp_request.c
releng/7.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
releng/7.1/sys/conf/newvers.sh
releng/7.2/UPDATING
releng/7.2/contrib/bind9/bin/named/query.c
releng/7.2/contrib/bind9/lib/dns/include/dns/types.h
releng/7.2/contrib/bind9/lib/dns/masterdump.c
releng/7.2/contrib/bind9/lib/dns/rbtdb.c
releng/7.2/contrib/bind9/lib/dns/resolver.c
releng/7.2/contrib/bind9/lib/dns/validator.c
releng/7.2/contrib/ntp/ntpd/ntp_request.c
releng/7.2/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
releng/7.2/sys/conf/newvers.sh
releng/8.0/UPDATING
releng/8.0/contrib/bind9/bin/named/query.c
releng/8.0/contrib/bind9/lib/dns/include/dns/types.h
releng/8.0/contrib/bind9/lib/dns/masterdump.c
releng/8.0/contrib/bind9/lib/dns/rbtdb.c
releng/8.0/contrib/bind9/lib/dns/resolver.c
releng/8.0/contrib/bind9/lib/dns/validator.c
releng/8.0/contrib/ntp/ntpd/ntp_request.c
releng/8.0/sys/cddl/compat/opensolaris/sys/vnode.h
releng/8.0/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
releng/8.0/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
releng/8.0/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
releng/8.0/sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h
releng/8.0/sys/conf/newvers.sh
releng/8.0/sys/kern/vfs_lookup.c
releng/8.0/sys/netinet/ip_mroute.c
releng/8.0/sys/netinet/raw_ip.c
releng/8.0/sys/netinet/sctp_input.c
releng/8.0/sys/netinet6/raw_ip6.c
releng/8.0/sys/rpc/clnt_vc.c
stable/6/contrib/bind9/bin/named/query.c
stable/6/contrib/bind9/lib/dns/include/dns/types.h
stable/6/contrib/bind9/lib/dns/masterdump.c
stable/6/contrib/bind9/lib/dns/rbtdb.c
stable/6/contrib/bind9/lib/dns/resolver.c
stable/6/contrib/bind9/lib/dns/validator.c
stable/6/contrib/ntp/ntpd/ntp_request.c
stable/8/contrib/ntp/ntpd/ntp_request.c
Modified: stable/7/contrib/ntp/ntpd/ntp_request.c
==============================================================================
--- stable/7/contrib/ntp/ntpd/ntp_request.c Wed Jan 6 21:36:33 2010 (r201678)
+++ stable/7/contrib/ntp/ntpd/ntp_request.c Wed Jan 6 21:45:30 2010 (r201679)
@@ -409,6 +409,7 @@ process_private(
int mod_okay
)
{
+ static u_long quiet_until;
struct req_pkt *inpkt;
struct req_pkt_tail *tailinpkt;
struct sockaddr_storage *srcadr;
@@ -444,8 +445,14 @@ process_private(
|| (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
|| (++ec, rbufp->recv_length < REQ_LEN_HDR)
) {
- msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
- req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+ NLOG(NLOG_SYSEVENT)
+ if (current_time >= quiet_until) {
+ msyslog(LOG_ERR,
+ "process_private: drop test %d"
+ " failed, pkt from %s",
+ ec, stoa(srcadr));
+ quiet_until = current_time + 60;
+ }
return;
}
Modified: stable/7/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
==============================================================================
--- stable/7/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c Wed Jan 6 21:36:33 2010 (r201678)
+++ stable/7/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c Wed Jan 6 21:45:30 2010 (r201679)
@@ -60,10 +60,14 @@ zfs_init_vattr(vattr_t *vap, uint64_t ma
{
VATTR_NULL(vap);
vap->va_mask = (uint_t)mask;
- vap->va_type = IFTOVT(mode);
- vap->va_mode = mode & MODEMASK;
- vap->va_uid = (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
- vap->va_gid = (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
+ if (mask & AT_TYPE)
+ vap->va_type = IFTOVT(mode);
+ if (mask & AT_MODE)
+ vap->va_mode = mode & MODEMASK;
+ if (mask & AT_UID)
+ vap->va_uid = (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
+ if (mask & AT_GID)
+ vap->va_gid = (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
vap->va_rdev = zfs_cmpldev(rdev);
vap->va_nodeid = nodeid;
}
More information about the svn-src-all
mailing list