Fix bsnmpd remote denial of service vulnerability. [SA-14:01] Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix OpenSSL multiple vulnerabilities. [SA-14:03] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02]
		
			
				
	
	
		
			27 lines
		
	
	
	
		
			792 B
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			27 lines
		
	
	
	
		
			792 B
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Index: sys/dev/random/probe.c
 | |
| ===================================================================
 | |
| --- sys/dev/random/probe.c	(revision 260523)
 | |
| +++ sys/dev/random/probe.c	(working copy)
 | |
| @@ -30,6 +30,8 @@ __FBSDID("$FreeBSD$");
 | |
|  
 | |
|  #include <sys/types.h>
 | |
|  #include <sys/param.h>
 | |
| +#include <sys/systm.h>
 | |
| +#include <sys/kernel.h>
 | |
|  #include <sys/malloc.h>
 | |
|  #include <sys/random.h>
 | |
|  #include <sys/selinfo.h>
 | |
| @@ -57,7 +59,12 @@ random_ident_hardware(struct random_systat *systat
 | |
|  	/* Then go looking for hardware */
 | |
|  #if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
 | |
|  	if (via_feature_rng & VIA_HAS_RNG) {
 | |
| -		*systat = random_nehemiah;
 | |
| +		int enable;
 | |
| +
 | |
| +		enable = 0;
 | |
| +		TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
 | |
| +		if (enable)
 | |
| +			*systat = random_nehemiah;
 | |
|  	}
 | |
|  #endif
 | |
|  }
 |