svn commit: r271669 - in releng: 10.0 10.0/sys/conf 10.0/sys/netinet 8.4 8.4/sys/conf 8.4/sys/netinet 9.1 9.1/sys/conf 9.1/sys/netinet 9.2 9.2/sys/conf 9.2/sys/netinet 9.3 9.3/sys/conf 9.3/sys/netinet
Xin LI
delphij at FreeBSD.org
Tue Sep 16 09:50:23 UTC 2014
Author: delphij
Date: Tue Sep 16 09:50:19 2014
New Revision: 271669
URL: http://svnweb.freebsd.org/changeset/base/271669
Log:
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp
Approved by: so
Modified:
releng/10.0/UPDATING
releng/10.0/sys/conf/newvers.sh
releng/10.0/sys/netinet/tcp_input.c
releng/8.4/UPDATING
releng/8.4/sys/conf/newvers.sh
releng/8.4/sys/netinet/tcp_input.c
releng/9.1/UPDATING
releng/9.1/sys/conf/newvers.sh
releng/9.1/sys/netinet/tcp_input.c
releng/9.2/UPDATING
releng/9.2/sys/conf/newvers.sh
releng/9.2/sys/netinet/tcp_input.c
releng/9.3/UPDATING
releng/9.3/sys/conf/newvers.sh
releng/9.3/sys/netinet/tcp_input.c
Modified: releng/10.0/UPDATING
==============================================================================
--- releng/10.0/UPDATING Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/10.0/UPDATING Tue Sep 16 09:50:19 2014 (r271669)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20140916: p9 FreeBSD-SA-14:19.tcp
+ Fix Denial of Service in TCP packet processing. [SA-14:19]
+
20140909: p8 FreeBSD-SA-14:18.openssl
Fix OpenSSL multiple vulnerabilities. [SA-14:18]
Modified: releng/10.0/sys/conf/newvers.sh
==============================================================================
--- releng/10.0/sys/conf/newvers.sh Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/10.0/sys/conf/newvers.sh Tue Sep 16 09:50:19 2014 (r271669)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.0"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.0/sys/netinet/tcp_input.c
==============================================================================
--- releng/10.0/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/10.0/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014 (r271669)
@@ -2202,11 +2202,7 @@ tcp_do_segment(struct mbuf *m, struct tc
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/8.4/UPDATING Tue Sep 16 09:50:19 2014 (r271669)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
debugging tools present in HEAD were left in place because
sun4v support still needs work to become production ready.
+20140916: p16 FreeBSD-SA-14:19.tcp
+ Fix Denial of Service in TCP packet processing. [SA-14:19]
+
20140909: p15 FreeBSD-SA-14:18.openssl
Fix OpenSSL multiple vulnerabilities. [SA-14:18]
Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/8.4/sys/conf/newvers.sh Tue Sep 16 09:50:19 2014 (r271669)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="8.4"
-BRANCH="RELEASE-p15"
+BRANCH="RELEASE-p16"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/8.4/sys/netinet/tcp_input.c
==============================================================================
--- releng/8.4/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/8.4/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014 (r271669)
@@ -2092,11 +2092,7 @@ tcp_do_segment(struct mbuf *m, struct tc
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
Modified: releng/9.1/UPDATING
==============================================================================
--- releng/9.1/UPDATING Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.1/UPDATING Tue Sep 16 09:50:19 2014 (r271669)
@@ -9,6 +9,9 @@ handbook.
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20140916: p19 FreeBSD-SA-14:19.tcp
+ Fix Denial of Service in TCP packet processing. [SA-14:19]
+
20140909: p18 FreeBSD-SA-14:18.openssl
Fix OpenSSL multiple vulnerabilities. [SA-14:18]
Modified: releng/9.1/sys/conf/newvers.sh
==============================================================================
--- releng/9.1/sys/conf/newvers.sh Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.1/sys/conf/newvers.sh Tue Sep 16 09:50:19 2014 (r271669)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.1"
-BRANCH="RELEASE-p18"
+BRANCH="RELEASE-p19"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/9.1/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.1/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.1/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014 (r271669)
@@ -2161,11 +2161,7 @@ tcp_do_segment(struct mbuf *m, struct tc
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
Modified: releng/9.2/UPDATING
==============================================================================
--- releng/9.2/UPDATING Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.2/UPDATING Tue Sep 16 09:50:19 2014 (r271669)
@@ -11,6 +11,9 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20140916: p12 FreeBSD-SA-14:19.tcp
+ Fix Denial of Service in TCP packet processing. [SA-14:19]
+
20140909: p11 FreeBSD-SA-14:18.openssl
Fix OpenSSL multiple vulnerabilities. [SA-14:18]
Modified: releng/9.2/sys/conf/newvers.sh
==============================================================================
--- releng/9.2/sys/conf/newvers.sh Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.2/sys/conf/newvers.sh Tue Sep 16 09:50:19 2014 (r271669)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.2"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/9.2/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.2/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.2/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014 (r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.3/UPDATING Tue Sep 16 09:50:19 2014 (r271669)
@@ -11,6 +11,9 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20140916: p2 FreeBSD-SA-14:19.tcp
+ Fix Denial of Service in TCP packet processing. [SA-14:19]
+
20140909: p1 FreeBSD-SA-14:18.openssl
Fix OpenSSL multiple vulnerabilities. [SA-14:18]
Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.3/sys/conf/newvers.sh Tue Sep 16 09:50:19 2014 (r271669)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.3"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/9.3/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.3/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014 (r271668)
+++ releng/9.3/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014 (r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
More information about the svn-src-releng
mailing list