diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index ccb6c58848..1df4d90a44 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2539 +1,2559 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-21:17.openssl"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:16.openssl"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:15.libfetch"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:14.ggatec"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:13.bhyve"
+date = "2021-08-24"
+
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index bd86fb8b01..4cc5b7ccfa 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,691 +1,703 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-21:25.bhyve"
+date = "2021-08-24"
+
+[[notices]]
+name = "FreeBSD-EN-21:24.libcrypto"
+date = "2021-08-24"
+
+[[notices]]
+name = "FreeBSD-EN-21:23.virtio_blk"
+date = "2021-08-24"
+
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc
new file mode 100644
index 0000000000..11c7933a4b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:23.virtio_blk Errata Notice
+ The FreeBSD Project
+
+Topic: virtio_blk(4) fails to attach on some hypervisors
+
+Category: core
+Module: virtio_blk
+Announced: 2021-08-24
+Affects: FreeBSD 13.0
+Corrected: 2021-06-28 15:16:29 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 16:36:55 UTC (releng/13.0, 13.0-RELEASE-p4)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+VirtIO is a specification for para-virtualized I/O in a virtual machine
+(VM). It defines an interface for efficient I/O between the hypervisor
+and VM. virtio_blk(4) is a driver handling VirtIO block devices.
+
+II. Problem Description
+
+The virtio_blk(4) driver sends commands to the host to query disk
+identifiers before acknowledging to the host that the driver is ready.
+
+III. Impact
+
+Affected versions of FreeBSD will not boot under some hypervisors, or
+under the presence of modern and non-transitional VirtIO block devices.
+
+IV. Workaround
+
+No workaround is available. FreeBSD running in QEMU emulator is not
+affected by this issue.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch.asc
+# gpg --verify virtio_blk.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 6fd5a4a6f3ac stable/13-n246114
+releng/13.0/ f66e34809906 releng/13.0-n244753
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV04ACgkQ05eS9J6n
+5cK9NQ//cT8k06JwzqJ1rh09OK/XM9GWxXDuI/YHV4bQ8zc15aSM+PoS2FHgpcDy
+BaoyDBp1pFgvx/QxbWdHUYam1SZac3vqbe7qfw/QKQopC8sjgdbqTxcCPmk8qh/r
+upfqaLmtlxYBxxKEPtr1DUVUzt+qqT6jWK6cCR6KjXKFGQNh0DiYGopmiwPbQzYQ
+s2nLnQqX5UwgSLNPgY95Aam1RsKiQcSgPkegmKvbhHdgYoal7EDJ8htMnSHBYkhV
+K/tQ98572xKwpywpQEXvDehaGgov7XQellvA9LchKnONfrRDu23I3Ud7WmA/APwk
+YFRQs6S2kQGjmUIOLYb+Ey+xROOSmiIePA7e1/hVOtdkhkaeUNqXbBVyQKmHBv6k
+oipHzgnDQ87wlCV9NT77TevvGc7uzJ4iI9nwvecnLDeLEL8Fuuy7QaBd3KGgbEaN
+p2C4jBWkfjppvNovR4bCIj6uhgwKuxR6m/IH9oM38I/vtIsr03/ozX6fJT5SGrk3
+XbxhXC7suolWZcKKlIQc+ReZnHOrR/4p1sHG3DcKYzP3Y9NjBUYwR+uf6WCB+v+y
+/jADR/Co88bEkKTK7Dexfz8cK9QQO8NvK6jkNkx7Q46ZagHgQaNVYKASsYeLcW13
+ns3qKL8E7lOgJtcSX+1l39iJ9nYGdERMP7BwkuFO3iSAQP5e1mM=
+=Cc2A
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc
new file mode 100644
index 0000000000..d2ce462e26
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:24.libcrypto Errata Notice
+ The FreeBSD Project
+
+Topic: OpenSSL 1.1.1e API functions not exported
+
+Category: core
+Module: libcrypto
+Announced: 2021-08-24
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+libcrypto is part of the OpenSSL distribution and provides APIs to
+various low-level cryptographic services.
+
+II. Problem Description
+
+New API functions added in OpenSSL 1.1.1e and later were not publicly
+exported to applications.
+
+III. Impact
+
+Applications trying to use new API functions added in OpenSSL 1.1.1e
+or later would fail to build with a link error.
+
+IV. Workaround
+
+No workaround is available. However, the APIs added in OpenSSL 1.1.1e
+and later are obscure and not used by many applications. In particular,
+none of the affected APIs are used by applications using libssl from
+OpenSSL for Transport Layer Security (TLS).
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc
+# gpg --verify libcrypto.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ f8edb3f9c725 stable/13-n245963
+releng/13.0/ 3ef67fed446a releng/13.0-n244754
+stable/12/ r369974
+releng/12.2/ r370391
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cLiZxAAlg4s2mnbSDWTcyyDFSiriek2RFyqT6SR0FkHAod+zYzIrZNfLGM5431N
+0Wr15eSkLqUKpbG88eE44N3aqVQSDnhmgGw5R4v+n//y4M8YywiW78inIB09Wpvl
+XvfckpBgj8hAHvh2P54nP52m5Vxo0/WUHCNXi7VQFfjWyFxwUxcUnlumC/CpEqGI
+GWNB9ZzVg9x7U7ykDd+MtRFRoURYHzZyTUlfpcJD0eS9bWi4JzYWmJElkwehSvI2
+Ey0Mf2ynslbhEmUlFrnBRMmFVg1D12aVQApfn69+AB2twYyScjZXMoz6P1vwAEmg
+wrNE1yVb27MB1MK9+t6yuRVgd/S7BFrQ7NLnl/jOa21eAHBE1Ac21BvifrYiJr3I
+D2BH859RxUXzer/MU1vGGoTdZkujubaDsVWJqobFcnHC+flnfkzTLNiJxT65eI7n
+fqwz1UoeHdeDs6hpkGH5uecsae3GOZSNW307eEvJKeQg6JbzaREKh4cth+0fCA32
+xzxVD4BiMgjdCkRe0mESQUSrW3jsHqNm0L721iY71TqF4/FRylkvHIseIljEW1cp
+zmt37+buvEtHuYHsmhNRvdJLJVPRnA6Lhn+VQ0IKObZW5WVxo3dbqSITPg/SuzLu
+CWjUVXb3uUFc1xM3CtSQL+6k3cy6EYIw713rbrq+hApnCEf2/UE=
+=T9UL
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc
new file mode 100644
index 0000000000..558de1b971
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:25.bhyve Errata Notice
+ The FreeBSD Project
+
+Topic: Fix NVMe iovec construction for large IOs
+
+Category: core
+Module: bhyve
+Announced: 2021-08-24
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-07-09 14:24:14 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-07-09 14:25:45 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:11 UTC (releng/12.2, 12.2-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest
+operating systems in virtual machines. Newer UEFI code in Red Hat
+Enterprise Linux (RHEL) 8.4 and later (as well as applicable variants)
+will not boot in newly installed guests.
+
+II. Problem Description
+
+By default, NVMe data transfer operations use a scatter-gather list in
+which all entries point to a fixed-size memory region. For example, if
+the memory page size is 4KB, a 2MB IO requires 512 entries. Lists
+themselves are also fixed in size (default is 512 entries).
+
+Because the list size is fixed, the last entry is special. If the IO
+requires more than 512 entries, the last entry in the list contains the
+address of the next list of entries. But if the IO requires exactly 512
+entries, the last entry points to data.
+
+The NVMe emulation missed this logic and unconditionally treated the
+last entry as a pointer to the next list.
+
+III. Impact
+
+When a RHEL 8.4 and later (or variants) are installed as guests within
+bhyve(8) on emulated NVMe storage, the system will not boot due to a
+newer UEFI driver that is included with these distributions.
+
+IV. Workaround
+
+Installation of a RHEL 8.3 guest and performing an in-place upgrade.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ a7761d19dacd stable/13-n246220
+releng/13.0/ 4f590ee3ed7e releng/13.0-n244755
+stable/12/ r370107
+releng/12.2/ r370392
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cJQ6A//ad84xTf/SfMMEqlFaQbNtuh4egvTgWRIt8JkkzpTyO+VRMhJ9pJIW0LP
+G23xBQYOkUjjb8WvZpQ0iP4PsMHaKzzwiVO2qUZ10IgIJbxjyIbSo/LJxFSUl50K
+zwuxtM2LKIc6VDasMsg5B3FkCojlZEckN4HykzK1HHV9PvwCOGMQXdFDklmdKdwx
+kGr4tk5r3yG3sgfY98+TdT34Y1jioWzT6LFscXfEWhQQXFa02m+AKPFsXOl+eSVt
+O3mgaazyTT4LWiT9ZEj9dN6yJ3aseG4bpq/FIO4bXBOU35ttdsMxtn87muDvXRE3
+rYHALHYhsgpNlP1Pa0FD0/syZ8VVV+L5hQ9+n7oPlHOmMVxoDIC/TireyCNtHM0C
+yEPWu3rWRBsK0YTuP57ezSRnnaAXqInSmLX1IkmzBSwAoySEED8ONlypPB4qh19M
+oUcOE661JAWA84ZP02gZsjjRaZOihv0BVmC0RXkCSe3VGAMuxCKYSLcupwFn34pA
+gEe+IL6WpR2fCiR3ncLjvhZrGlBfGDEfGmTRD5ceVMLaZKly8D9IpCuXK62Gi1DA
+pjAHJ9T6BmWW5Cxx5eJJESuhRldREf6KAVifB8K/DtWtp2BquILWj9pd4vuUYhz9
+eYva+/shAJE5PGKva9k0Erk++bE3Cephnjh9SgnWlZnoeSLcJ3k=
+=1wKt
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc
new file mode 100644
index 0000000000..5f0cefc4fc
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:13.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Missing error handling in bhyve(8) device models
+
+Category: core
+Module: bhyve
+Announced: 2021-08-24
+Credits: Agustin Gianni (GitHub Security Lab)
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 18:29:48 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:33:35 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:33:04 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:13 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:33:02 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:27 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-29631
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest
+operating systems in virtual machines. It implements a number of device
+models using the VirtIO interface to exchange data between the guest and
+the host.
+
+II. Problem Description
+
+Certain VirtIO-based device models failed to handle errors when fetching
+I/O descriptors. Such errors could be triggered by a malicious guest.
+As a result, the device model code could be tricked into operating on
+uninitialized I/O vectors, leading to memory corruption.
+
+III. Impact
+
+A malicious guest may be able to crash the bhyve process. It may be
+possible to exploit the memory corruption bugs to achieve arbitrary code
+execution in the bhyve process.
+
+IV. Workaround
+
+No workaround is available. Virtual machines are unaffected unless they
+use one or more of the following device models:
+
+* virtio-console
+* virtio-rnd
+* virtio-scsi (available starting in FreeBSD 12.0)
+* virtio-9p (available starting in FreeBSD 13.0)
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch.asc
+# gpg --verify bhyve.13.patch.asc
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch.asc
+# gpg --verify bhyve.12.patch.asc
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch.asc
+# gpg --verify bhyve.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 20f96f215562 stable/13-n246941
+releng/13.0/ ec08bc89d4b3 releng/13.0-n244756
+stable/12/ r370400
+releng/12.2/ r370393
+stable/11/ r370399
+releng/11.4/ r370386
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cLrsw//SuInBQjVhNXa1OkC7FcBve+vQCmgThGAxJVrFpRdHxg/q3Vfyza3/V1w
+FGUiPPhAsF3wYwK9UqMS5a3dOI3WbaUvH8dDeLd3BLj4AfFE3uTOFC0xzmdBQcm0
+2mFbTRkL0Wqb6FpDiswdu1s9jp1JggIa+SGuajl4XaoIyM/tek3PFuEOeE2v2N7E
+djKciPwFnsRneFQIOTHVqa0mut5AilNI9WwKZgv3qzqQNnAasBpbiZKG/BhA2mZm
+GLm0NtI40BdnIW3mfGYqK3r/tXUi/tcMSHzV2NDOGToB5wHj6Ah1lQ8pUEVnLo0d
+TeDrioK/z53wqLhHUSsxdifST6JX0CQ2kf7qb256mE3o9brRyD2s6AM2Bld3r/ov
+wzPTIzIGmtaxezCJhZpEPfaul/B2mCTjWkGrxOMROAzeocrIY4pJ5cGmH8XYfGA+
+WQOwe+OKHb33qak3mrgGxECv72R/h2PUH5PV14HEj+PW5S03qIHm3iisvGWo6+3C
+efqZ9tsiWbPvbF3CFuECOgjUIu5YDf6K83H5/Lnaw9SnANuTj8t8I1yg/RmByWlx
+9ucposBVht9h9TcFKNm+REfNCaYwQ3FukfGn/s3ih/iHNcGn1rGjh1t+vN4DNnLl
+Ew3GTlSzJqzeO3QvstdrRDvvBNFGDZV6yyZBu3ogPaZc4WAHnHQ=
+=suTg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc
new file mode 100644
index 0000000000..578a09c26a
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc
@@ -0,0 +1,154 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:14.ggatec Security Advisory
+ The FreeBSD Project
+
+Topic: Remote code execution in ggatec(8)
+
+Category: core
+Module: ggatec
+Announced: 2021-08-24
+Credits: Johannes Totz
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 17:50:50 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:37:45 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:30:13 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:15 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:29:35 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:29 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-29630
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+GEOM Gate is a GEOM module that reflects I/O requests into user mode where
+the ggatec(8) daemon fowards those requests to ggated(8), possibly over the
+network to another machine.
+
+II. Problem Description
+
+The ggatec(8) daemon does not validate the size of a response before writing
+it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
+
+III. Impact
+
+A malicious ggated(8) or an attacker in a priviledged network position can
+overwrite the stack with crafted content and potentially execute arbitrary
+code.
+
+IV. Workaround
+
+No workaround is available but systems not using ggatec(8) are not affected.
+Neither ggatec(8) nor ggated(8) are enabled by default and need explicit
+configuration by the super-user.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart any ggatec(8) instances. Existing ggate devices can be kept alive
+and restarted with `ggatec rescue`.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch.asc
+# gpg --verify ggatec.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 0729ba2f49c9 stable/13-n246938
+releng/13.0/ c8a2cc4ba845 releng/13.0-n244757
+stable/12/ r370383
+releng/12.2/ r370394
+stable/11/ r370381
+releng/11.4/ r370387
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cKyqBAAi7eHUJ5Ud4dNJac8zbaj5uIlYF1XUPBfm5XlevfW1b1vgrfrs0QM3Sw5
+9efTVTESFUC+T9wVMYO3s9POEwiu3x0A/eRsH2tq9oaZPQKdpAhkEEQ/uqnNRKfm
+qHZ8YuSJGT+EWEFp1ib5O4Y78TvjL7ST0+IG/O5vBMKqgsxy29o6tOAy3q9+RVqj
+hNQNo7KbXBXEns/I7HN4JssQSjeWOmK65Ty5YAp1VsNGbD/7rSqsCp4P/CatvRQ7
+0kzVMb/hkaDn1G7jYOXbAPk+XrUr9cFriChjLuAAyZRBfWcNlPmoxRgNoDVDY44x
+elnBAEmSPD9adwy2hoHeusiiUnN7Vrz6DJeox7BSnbQx1lbU+j6qev0EBaMAmEUJ
+POxn9wjfth3hdfRSx5p2jSVaD/086BBpMQ9KXojVONgqE7hFF402+ooCnorA2XTh
+s08cIy38TEyHoW/rqr3SoXwyvkM3vAjQBmYzocDqocfufQ7UCH+SDFSsORuof+4N
+9T2j/UvGqmrQvnMhAsRfbdFImvwUut+ZLJzNqTEjYWlZv58QEKocU0OOvrd2Wb5i
+ok2CRIhCy08UnDItFSYI28TaMv8ZiCoWLx7H0+20mQeLaPF45dQWXz1o4FrFHVjx
+EdMZpmh9tFU8j5bm0J5l8CpoiTZsqZ41gTrFyEdSnOnS1uvT8jQ=
+=6Z2C
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc
new file mode 100644
index 0000000000..8ab5289d51
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc
@@ -0,0 +1,158 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:15.libfetch Security Advisory
+ The FreeBSD Project
+
+Topic: libfetch out of bounds read
+
+Category: core
+Module: libfetch
+Announced: 2021-08-24
+Credits: Samanta Navarro
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 17:59:43 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 18:00:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:30:16 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:17 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:29:40 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:31 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-36159
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+libfetch(3) is a multi-protocol file transfer library included with FreeBSD
+and used by the fetch(1) command-line tool, pkg(8) package manager, and
+others.
+
+II. Problem Description
+
+The passive mode in FTP communication allows an out of boundary read while
+libfetch uses strtol to parse the relevant numbers into address bytes. It
+does not check if the line ends prematurely. If it does, the for-loop
+condition checks for *p == '\0' one byte too late because p++ was already
+performed.
+
+III. Impact
+
+The connection buffer size can be controlled by a malicious FTP server
+because the size is increased until a newline is encountered (or no more
+characters are read). This also allows to move the buffer into more
+interesting areas within the address space, potentially parsing relevant
+numbers for the attacker. Since these bytes become available to the server
+in form of a new TCP connection to a constructed port number or even part of
+the IPv6 address this is a potential information leak.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch.asc
+# gpg --verify libfetch.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ a75324d674f5 stable/13-n246939
+releng/13.0/ 060510ba8bfb releng/13.0-n244758
+stable/12/ r370384
+releng/12.2/ r370395
+stable/11/ r370382
+releng/11.4/ r370388
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cJpVBAApBRBKwxTpmLfH+JJP8JwDwpop407/A54uPFRXzl7ri6D0wlvlHgMb70T
+OPnD2pco3gI56GOvRLipnbtrkGZJT0ijsXHMqMK+3O44yoMP8BMNOZauPUVia6FW
+6P0aLXqjiJDYZ8N2k+MnnsXQFJKvFt/Vv0D7aHOUettfgyx5YIQX2urjB/hGZIfM
+93VMRCsLruixIRgsL6Jt2PvS004HxqJOsaNMg6unp0JWa/vrcCcr4AMzJmu+k0lg
+/XtUpNBWdClKSYvDFikNrCz9x8ae6V9wosz5gfeKL+1tctBMxhrMLwBEaWtB7YIc
+4Vu9+ZsGRLBpapEE8aLRyApY1xFP0xcDutf1G/tuuz5zK8gObaTrxTcRm6fbyf8C
+ejspPabgM3lgKrWjGiI0T3WzYPWJKTZqtGEAtyMAutjpv9+N/p0YEDsCWkvG/zlt
+BZ+TbT33oL2N1odzLBNOlJkiR2LQnTcjBgci+jqCVx7CdnYmV2laGF1kIttBCcRN
+TOJoOJ1pbK1UXqek77+cCSeTKrlocU6oH3+1W68oLeWtemvzCTxlxLsT/pU/TetC
+2fibVyN9P1PMI0VbaktjSN8HX8QWtr1u5kp2AIZPmq5RqL+S7+o90GVFr5f41D7M
+QjHGddO+DG77lGyd+KC7zMuG6p8OcDBkdy9Tc0aTVW4JPhnIeyA=
+=QN3R
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:16.openssl.asc b/website/static/security/advisories/FreeBSD-SA-21:16.openssl.asc
new file mode 100644
index 0000000000..1d8f0e3e29
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:16.openssl.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:16.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple OpenSSL vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2021-08-24
+Credits: See OpenSSL advisory in references.
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-08-24 18:05:48 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 18:08:04 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:30:22 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:19 UTC (releng/12.2, 12.2-RELEASE-p10)
+CVE Name: CVE-2021-3711, CVE-2021-3712
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+There are two issues fixed in this security advisory:
+
+A bug in the SM2 decryption implementation incorrectly calculates a buffer
+needed to hold the plaintext leading to a potential buffer overflow.
+[CVE-2021-3711]
+
+ASN1_STRING structures directly constructed, instead of using library
+functions, may not be NULL-terminated resulting in library functions causing
+a read buffer overrun. [CVE-2021-3712]
+
+III. Impact
+
+Specially crafted decrypted SM2 content could cause attacker chosen data to
+overflow the buffer changing application behavior or causing the application
+to crash. [CVE-2021-3711]
+
+A specially crafted malicious string can cause an application that directly
+constructs the ASN1_STRING structure to crash or disclose memory contents.
+[CVE-2021-3712]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.13.patch.asc
+# gpg --verify openssl.13.patch.asc
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.12.patch.asc
+# gpg --verify openssl.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 9d31ae318711 stable/13-n246940
+releng/13.0/ 2261c814b7fa releng/13.0-n244759
+stable/12/ r370385
+releng/12.2/ r370396
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cLnrA//XoiClJmvm+5GKDzP6IbDIxRyS7NkDxMWY/7Q/QvPs8fFrFdXiD4qJOcz
+VTElfioKTv2X7j+X5TO4zRKjg86Lb94gSXtgOLeK2tWticksZ3o5WPLXXjI0ohBo
+M1VhMJoJc3p2Oam9yPOdfnllCTJYV5ZqmcBL2FZCYWdkebZWkpHgrImZ53yQ87jm
+IK4fy+El47l3Jb2K6P5S1eeW3e3CElbkUgNkSIJsl5Z9hdrTrd3We6FSE8QQjXn+
+OsQw5s6VDhHzFG34x9CIhqpjWQTX5izdlaeSunMXHwe3Vp5CoRpl/sq1r53PJG1j
+nnY7X4Csgbv48rRm6KXOCHDzEatNvmdnBmEzcanIUXer//tra97Zd/wlWepV0hwK
+T4TcJly/74DH+tW6TQ78/UC0EkxeTqc/I1Qu41jBIH1KDfDs7OqKiftHo2wOJjQa
+43DlAr6eEbRAZ2l1e+ATJs0r6ao1BCUnB+Fpc4cnBLaft9G3DYCAmWI4wUKRSRAU
+n880U3kjSTtVDfLTkUQ33QSg0uqduVEjt9XWe/SV9RoL8xHqtvk/CIS+aFAqPbR4
+62yaTQCrUdidkeqn7/XVScCuZ27bWCJpqWHGtihTnm3yfM09NtYIjozyngf2duaJ
+0RFuewl1kvYo5Xsu54TuO36dQQdmJU0qayKEpWZ1+NadgJUMAJY=
+=8I/t
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:17.openssl.asc b/website/static/security/advisories/FreeBSD-SA-21:17.openssl.asc
new file mode 100644
index 0000000000..7e317b1662
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:17.openssl.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:17.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in OpenSSL
+
+Category: contrib
+Module: openssl
+Announced: 2021-08-24
+Affects: FreeBSD 12.2 and FreeBSD 11.4
+Corrected: 2021-02-18 23:55:09 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:22 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-02-19 16:21:03 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:34 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-23840, CVE-2021-23841
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+This advisory covers two distinct OpenSSL issues:
+
+Calls to EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()
+may overflow the output length argument in some cases where the input
+length is close to the maximum permissable length for an integer on the
+platform. In such cases the return value from the function call will be
+1 (indicating success), but the output length value will be negative.
+[CVE-2021-23840]
+
+The OpenSSL public API function X509_issuer_and_serial_hash() attempts
+to create a unique hash value based on the issuer and serial number data
+contained within an X509 certificate. However it fails to correctly
+handle any errors that may occur while parsing the issuer field (which
+might occur if the issuer field is maliciously constructed).
+[CVE-2021-23841]
+
+III. Impact
+
+The integer overflow in EVP_*Update() could cause applications to behave
+incorrectly or crash leading to a potential denial of service attack.
+
+The X509_issuer_and_serial_hash() issue may result in a NULL pointer
+dereference and a crash leading to a potential denial of service attack.
+
+IV. Workaround
+
+No workaround is available.
+
+The function X509_issuer_and_serial_hash() is never directly called by
+OpenSSL itself so applications are only vulnerable if they use this
+function directly and they use it on certificates that may have been
+obtained from untrusted sources.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch.asc
+# gpg --verify openssl.12.patch.asc
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch.asc
+# gpg --verify openssl.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/12/ r369284
+releng/12.2/ r370397
+stable/11/ r369299
+releng/11.4/ r370389
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cIngA/9Hncs91cNHSVTuvNvrATmpxpnCyiphivR297oiDKRCOoHxA7W8AAigSQH
+gNM8XGZ8aANmoGfh7M86V5Dvlq0qeRn0Pe8cEus53OumEqpbSkMu97ftv7gFkM/S
++uEEoNA+pK/lrupQQ7gAHwWbzaNumJwGXpH/FLh865TjngvI2hFW41TfMxHQvymf
+tAIzRdg/QYASnXTXBn56ad0i34v+/Z4Cz6XFJ4bBkqPJpiCvzJPWB37CSxw1D6YM
+4w5yBhu7db1VJKLP89/YnRnsB4ryOE5cCGtg086pa2DdacB63XTEgc/m90UtfHYl
+Dk6LVr79SqFPDRukNCTBozcwkHr8aKSg1eR4o2vV3yfq5OUhHmCA9FXstyxXPYe+
+DjtSG8X9m/XKiz4Eok2EIv3PwBT29M3lVnKG20kvpxoguOUTg4VLtyyDIZxKmNpY
+XC3OAmUViDS9iEA8uqKjUEt5YEsNvs6qIKasZHdznST04nuEimIiMUOD57odwL7M
+rAeJu4GBPHJqNQsfFPRddjrVimnUtGHFDW5r4JtqPP5sZZCIBplWuMzay875EYCL
+amYGuewZhsacUSgUktsFPrM9z8rd24k86IPn3PEIwsVbubDDz40Q1/v1McgquZ0n
+boUnhYSRG5qVgOItsikahk1OpQMQhsXDRo6RotGdl90pqdngNjQ=
+=T3/+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:23/virtio_blk.patch b/website/static/security/patches/EN-21:23/virtio_blk.patch
new file mode 100644
index 0000000000..011ad7ab7e
--- /dev/null
+++ b/website/static/security/patches/EN-21:23/virtio_blk.patch
@@ -0,0 +1,50 @@
+--- sys/dev/virtio/block/virtio_blk.c.orig
++++ sys/dev/virtio/block/virtio_blk.c
+@@ -126,6 +126,7 @@
+ static int vtblk_suspend(device_t);
+ static int vtblk_resume(device_t);
+ static int vtblk_shutdown(device_t);
++static int vtblk_attach_completed(device_t);
+ static int vtblk_config_change(device_t);
+
+ static int vtblk_open(struct disk *);
+@@ -255,6 +256,7 @@
+ DEVMETHOD(device_shutdown, vtblk_shutdown),
+
+ /* VirtIO methods. */
++ DEVMETHOD(virtio_attach_completed, vtblk_attach_completed),
+ DEVMETHOD(virtio_config_change, vtblk_config_change),
+
+ DEVMETHOD_END
+@@ -378,8 +380,6 @@
+ goto fail;
+ }
+
+- vtblk_create_disk(sc);
+-
+ virtqueue_enable_intr(sc->vtblk_vq);
+
+ fail:
+@@ -461,6 +461,22 @@
+ return (0);
+ }
+
++static int
++vtblk_attach_completed(device_t dev)
++{
++ struct vtblk_softc *sc;
++
++ sc = device_get_softc(dev);
++
++ /*
++ * Create disk after attach as VIRTIO_BLK_T_GET_ID can only be
++ * processed after the device acknowledged
++ * VIRTIO_CONFIG_STATUS_DRIVER_OK.
++ */
++ vtblk_create_disk(sc);
++ return (0);
++}
++
+ static int
+ vtblk_config_change(device_t dev)
+ {
diff --git a/website/static/security/patches/EN-21:23/virtio_blk.patch.asc b/website/static/security/patches/EN-21:23/virtio_blk.patch.asc
new file mode 100644
index 0000000000..41e75d3111
--- /dev/null
+++ b/website/static/security/patches/EN-21:23/virtio_blk.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV1wACgkQ05eS9J6n
+5cKwrQ/9HYxg0kT5aBLboq6lRLOs8uB4f1JQ5yj2Hko5rWEw+bQyDNwgzNwi0Lbl
+TA+VFswRCKczFX68HKwv4keOhCmd568L+vCEirffNbqlMrjjb4qiytraHTNApLP+
+mawiH0uxlJxvOSPGG7FMQksTi++EEt0JLU3HGrF4qV91Z0XJiW8/G8NqYzqr9OYK
+zSdoCO26HKnrbnqi+EhsuRmlZvjqWJJRFx7XDdV1FSXkHF4E/pVjdx3+RXJd2TqP
+H2rXO6BbuqbLhaCA1Rv2Q5EC3opW4umoR6T0TFJGJWCcGPzESuG5OeB2oN+6/mbu
+M4YvqbEgzh7lYEi4cTVmFqkfUH11NK5ZmPfThD/2zbg/ScbS8u1WaTccfH/VsOqK
+t4ISVotPBoxyfXTy0aZbhJf6Dw5AavlOYFyBK70ZGTwse12ot/++aC6UWH/tV+wS
+l6skw8v68tNbxfPMAgzqafOK6FHkQZd4Q3xAVKoe194NZf4MCKoO8RynI38rrigE
+Sud/2SSkB2M4cPNnRKIO1Eoz+zTjJeV2vu0oGeVyIveQbv2v38CByS9kGqTGwuRW
+IVwUAhrnbgEa2zs4DCNSKkK/ad2C97LGjWR3KC60YmWbo8BQjRPzneV+FSrGJ4aI
+GTh2ISv8mU+5Z2/j9uITBI+DO4IhWwH6SM8Znm2HSMUwfwF7Dps=
+=jMPQ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:24/libcrypto.patch b/website/static/security/patches/EN-21:24/libcrypto.patch
new file mode 100644
index 0000000000..97aff90878
--- /dev/null
+++ b/website/static/security/patches/EN-21:24/libcrypto.patch
@@ -0,0 +1,37 @@
+--- secure/lib/libcrypto/Version.map.orig
++++ secure/lib/libcrypto/Version.map
+@@ -4450,7 +4450,22 @@
+ global:
+ X509_get0_authority_issuer;
+ X509_get0_authority_serial;
+- local: *;
+ } OPENSSL_1_1_1c;
+
++OPENSSL_1_1_1e {
++ global:
++ EVP_PKEY_meth_get_digestsign;
++ EVP_PKEY_meth_get_digestverify;
++ EVP_PKEY_meth_set_digestsign;
++ EVP_PKEY_meth_set_digestverify;
++ RSA_get0_pss_params;
++} OPENSSL_1_1_1d;
+
++OPENSSL_1_1_1h {
++ global:
++ EC_KEY_decoded_from_explicit_params;
++ X509_ALGOR_copy;
++ X509_REQ_set0_signature;
++ X509_REQ_set1_signature_algo;
++ local: *;
++} OPENSSL_1_1_1e;
+--- secure/lib/libssl/Version.map.orig
++++ secure/lib/libssl/Version.map
+@@ -512,7 +512,6 @@
+ OPENSSL_1_1_1a {
+ global:
+ SSL_get_signature_type_nid;
+- local: *;
+ } OPENSSL_1_1_1;
+
+ OPENSSL_1_1_1e {
+--
diff --git a/website/static/security/patches/EN-21:24/libcrypto.patch.asc b/website/static/security/patches/EN-21:24/libcrypto.patch.asc
new file mode 100644
index 0000000000..33761a5532
--- /dev/null
+++ b/website/static/security/patches/EN-21:24/libcrypto.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cI6Kw//XcIv4eo3VaXOY1wE1sVBccRPWcpuWOQ0midcgNkWhs1ktQaHdeCJ3bKa
+wu9/52J8ipm7k7WN7sMNC8WXruXEA/SRCwGpm7l84UThHcTHH8qFdg2QRUNS4j1l
+DyR2hzyu8DojULqUV3Iy0/Qu9XXjnRSSMvk2A96A5QCdDq8ocljNu0yNm8B5JVv7
+56uLycamB5OxGNW61w4JXyOe2Mi6li4AVO9D1lG+n5s0InWgkzm40JEy3G29Dkqp
+Cj7LQ4CZ4AHLTgtPjq1hwedjVsz4kmpd6BZzpdheeZFi0vqcpMaUIJtNL8vTQ37Z
+5WmbtfH30DspHHUVZINFeCrHAfpZYvKHfUkIqnJXiRkI706je48c6q8p2BI7FN17
+rXmUWlV8OnUKdvJY+RfNBexwX8JONjk12eoo/HAumJEaJdzDRzHwy+WHuWKoUDzZ
+mln6rU/cDg2PIj++llTSFac9ZSXUi869cROp3iqTp6cEcaN88UPmMywu/n+qchMk
+r90kVCLx577QvjzpkuPwRkK9GoMb576/UVfCoGlPXV2Y317+0kclVskyCSFpFJTV
+k6C9dJIh8pv9Fnd0ExPtn2iHrAhVIRDeM1ehcKymi1MeHA3vPwbRB68lLOC0fQNz
+192Lmro5PRmP3Md7DaetUViLUXRw5kpy9+MI6A1tJKAHKjYMtI0=
+=MU1L
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:25/bhyve.patch b/website/static/security/patches/EN-21:25/bhyve.patch
new file mode 100644
index 0000000000..815cd4e537
--- /dev/null
+++ b/website/static/security/patches/EN-21:25/bhyve.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/bhyve/pci_nvme.c.orig
++++ usr.sbin/bhyve/pci_nvme.c
+@@ -1976,7 +1976,7 @@
+ /* PRP2 is pointer to a physical region page list */
+ while (bytes) {
+ /* Last entry in list points to the next list */
+- if (prp_list == last) {
++ if ((prp_list == last) && (bytes > PAGE_SIZE)) {
+ uint64_t prp = *prp_list;
+
+ prp_list = paddr_guest2host(vmctx, prp,
diff --git a/website/static/security/patches/EN-21:25/bhyve.patch.asc b/website/static/security/patches/EN-21:25/bhyve.patch.asc
new file mode 100644
index 0000000000..592cc97745
--- /dev/null
+++ b/website/static/security/patches/EN-21:25/bhyve.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cLCnw/9GZg9vePoQO+ApIIBr7BLAkS5RC0qSH/5lRm6dsWc3J2Qo7wHI30/SUoi
+noXh4gNAnTFTNThQWacpFR8T936aW/smWyVjl+aXLrtbwQGCx2xj3Rvs5b57fX6R
+ml6MO3qjd14kWc425tTnGx39BGe3UXTLJQ7/URCAwYD4D1ANt24We1Wv70LKBAf6
+q32yb5b6fiW+cS0uHgbPHIgxfjmhz04boejjX2bF9vleXFuKg/NJ0+f2kWj8LQo6
+6OnaN9f6ANQB5vIfmscL7DyIkakd2KWkhGMf2UrlnhZ9v65LQP/I6KwT2co4Jg0C
+bOs868qXn2j9BBbMspRU+PuTRzg8auXgGyUiqbwr5Sz6RzGp2aGjG3S8nV5fS3Uq
+u8XzFDKW43nMlPMkdlTCXAbvRNN2t++43N4AoU7WDR5HAEZ3Zk/qqofPpi+Ig8X4
+4Ja6lUYc+7qCK5zLtw8hz73i2Q9MFSBlWk2mDEIfaMnnY/yFnocZvc8obiQ2bavm
+DvIgwPx1dPeyE9nnpTc7nSnGCXMJNizyV3TeSBZzHHGKQ6ypHGGTqvYmMtZtuWJU
+UZiperiQ37kg8iCrZWDdWNsyOk8eATHAMmgME6icoNC7QqfoDszSewwbfm6RD53v
+m+UQh0HRDIN7e+Jx8LlDFPJgOjy9ftYzsAQ7ES9uHp2zu2LqtBg=
+=qQlH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:13/bhyve.11.patch b/website/static/security/patches/SA-21:13/bhyve.11.patch
new file mode 100644
index 0000000000..ffb2659358
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.11.patch
@@ -0,0 +1,58 @@
+--- usr.sbin/bhyve/pci_virtio_console.c.orig
++++ usr.sbin/bhyve/pci_virtio_console.c
+@@ -404,6 +404,7 @@
+
+ do {
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+ len = readv(sock->vss_conn_fd, &iov, n);
+
+ if (len == 0 || (len < 0 && errno == EWOULDBLOCK)) {
+@@ -544,7 +545,6 @@
+ return;
+
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
+-
+ assert(n == 1);
+
+ memcpy(iov.iov_base, ctrl, sizeof(struct pci_vtcon_control));
+@@ -563,7 +563,8 @@
+ struct pci_vtcon_softc *sc;
+ struct pci_vtcon_port *port;
+ struct iovec iov[1];
+- uint16_t idx, n;
++ int n;
++ uint16_t idx;
+ uint16_t flags[8];
+
+ sc = vsc;
+@@ -571,7 +572,7 @@
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, 1, flags);
+- assert(n >= 1);
++ assert(n == 1);
+ if (port != NULL)
+ port->vsp_cb(port, port->vsp_arg, iov, 1);
+
+--- usr.sbin/bhyve/pci_virtio_rnd.c.orig
++++ usr.sbin/bhyve/pci_virtio_rnd.c
+@@ -109,7 +109,7 @@
+ {
+ struct iovec iov;
+ struct pci_vtrnd_softc *sc;
+- int len;
++ int len, n;
+ uint16_t idx;
+
+ sc = vsc;
+@@ -120,7 +120,8 @@
+ }
+
+ while (vq_has_descs(vq)) {
+- vq_getchain(vq, &idx, &iov, 1, NULL);
++ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+
+ len = read(sc->vrsc_fd, iov.iov_base, iov.iov_len);
+
diff --git a/website/static/security/patches/SA-21:13/bhyve.11.patch.asc b/website/static/security/patches/SA-21:13/bhyve.11.patch.asc
new file mode 100644
index 0000000000..01066e23d0
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.11.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cJDBQ//R6T43ffyv9TYJ7P1FLp4VzfQ08grTN8IpifplKEJGwDTxzX244xO0cum
+kkjsu2kMWSX5PDQWzrSyRKJDK6KicIELJ4UojbwHM+gBhgW8rZjoQaYIehcveRua
+nRAWdHpM/shk18IogVYT9HY3LKvgrbaIR3hlc1nymlHoN2tAywLJDeky5vkge9Rl
+75DdbhqI5BhC94YtzkeukWFuTolYgz2tTUA4I4BKNPANUZOgRUbbbSBA4QAr6gJC
+u4XTi63PvGSXzuN4+uz0CADnEISf6ozG6wuXPre55Q22ucJY1rWkLAL+5W8FoETs
+REmznNJUqmCLlrpFr5OpY2Fd2B3+h00fNIG+B3l9XIW76T+5eqLipbGJjVAA1Ldj
+P8SPW0NKg6QAax/2XFvkWVJXXhJfy7na9PNCoglOmAWEecaz3gmnMaVescn9L+7z
+BArCMqN0YWEWs+wEbz+3OpifrqZFtoHie4Tgqw3/Yi6xO6isfCEc4Io5it4DDO/4
+vRfOywhPi5AHYFEBRVhXt1jogiXOSklPBRbI2pPWdy9/cb+SuPeeUmFieboai1VQ
+StElNYfJfC0iu8Y6LrAHCVljj/myUd553xhPLE/OEXPJKi/MiOXg0hfjHnB4CZyu
+slPMudYVzY8yztTiRRuj9ESa6D5tUYtZ4RNfHtau8VGMBnN1NsU=
+=gwtE
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:13/bhyve.12.patch b/website/static/security/patches/SA-21:13/bhyve.12.patch
new file mode 100644
index 0000000000..57c6e16f42
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.12.patch
@@ -0,0 +1,98 @@
+--- usr.sbin/bhyve/pci_virtio_console.c.orig
++++ usr.sbin/bhyve/pci_virtio_console.c
+@@ -418,6 +418,7 @@
+
+ do {
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+ len = readv(sock->vss_conn_fd, &iov, n);
+
+ if (len == 0 || (len < 0 && errno == EWOULDBLOCK)) {
+@@ -558,7 +559,6 @@
+ return;
+
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
+-
+ assert(n == 1);
+
+ memcpy(iov.iov_base, ctrl, sizeof(struct pci_vtcon_control));
+@@ -577,7 +577,8 @@
+ struct pci_vtcon_softc *sc;
+ struct pci_vtcon_port *port;
+ struct iovec iov[1];
+- uint16_t idx, n;
++ int n;
++ uint16_t idx;
+ uint16_t flags[8];
+
+ sc = vsc;
+@@ -585,7 +586,7 @@
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, 1, flags);
+- assert(n >= 1);
++ assert(n == 1);
+ if (port != NULL)
+ port->vsp_cb(port, port->vsp_arg, iov, 1);
+
+--- usr.sbin/bhyve/pci_virtio_rnd.c.orig
++++ usr.sbin/bhyve/pci_virtio_rnd.c
+@@ -113,7 +113,7 @@
+ {
+ struct iovec iov;
+ struct pci_vtrnd_softc *sc;
+- int len;
++ int len, n;
+ uint16_t idx;
+
+ sc = vsc;
+@@ -124,7 +124,8 @@
+ }
+
+ while (vq_has_descs(vq)) {
+- vq_getchain(vq, &idx, &iov, 1, NULL);
++ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+
+ len = read(sc->vrsc_fd, iov.iov_base, iov.iov_len);
+
+--- usr.sbin/bhyve/pci_virtio_scsi.c.orig
++++ usr.sbin/bhyve/pci_virtio_scsi.c
+@@ -556,15 +556,16 @@
+ {
+ struct pci_vtscsi_softc *sc;
+ struct iovec iov[VTSCSI_MAXSEG];
+- uint16_t idx, n;
++ uint16_t idx;
+ void *buf = NULL;
+ size_t bufsize;
+- int iolen;
++ int iolen, n;
+
+ sc = vsc;
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, VTSCSI_MAXSEG, NULL);
++ assert(n >= 1 && n <= VTSCSI_MAXSEG);
+ bufsize = iov_to_buf(iov, n, &buf);
+ iolen = pci_vtscsi_control_handle(sc, buf, bufsize);
+ buf_to_iov(buf + bufsize - iolen, iolen, iov, n,
+@@ -594,8 +595,8 @@
+ struct pci_vtscsi_request *req;
+ struct iovec iov[VTSCSI_MAXSEG];
+ uint16_t flags[VTSCSI_MAXSEG];
+- uint16_t idx, n, i;
+- int readable;
++ uint16_t idx, i;
++ int readable, n;
+
+ sc = vsc;
+ q = &sc->vss_queues[vq->vq_num - 2];
+@@ -603,6 +604,7 @@
+ while (vq_has_descs(vq)) {
+ readable = 0;
+ n = vq_getchain(vq, &idx, iov, VTSCSI_MAXSEG, flags);
++ assert(n >= 1 && n <= VTSCSI_MAXSEG);
+
+ /* Count readable descriptors */
+ for (i = 0; i < n; i++) {
diff --git a/website/static/security/patches/SA-21:13/bhyve.12.patch.asc b/website/static/security/patches/SA-21:13/bhyve.12.patch.asc
new file mode 100644
index 0000000000..140a938575
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cJkLg//V2LfDK1QTO15+gYapZqU24H14CqtcDpZr1KUZh9LJz0cz3HeTUyLtBUg
+kzWvRTHNlfrDxikoLEM0EE+lZAsdnDQBgTP2vc0AaSuz5ugeb6mlBZq8TFyvsEwE
+ahLqWn5dgDF7TKHmtNy3TlYOobLpvgPXX4xx1VnnVhjUuGQFKrSqurmTSC5o8X8A
+3G5Rq7Pjikz0DHjIcR+1jibq5YO5SPsT6ZN9run9YWaKAhGLAitL/mkP2Zgdf6l5
+Puck0A08CN4+MG20DlsByyGY+8k40ZxPu0rN75BnBDk2QjPIb5DagbTTeXJnDIaj
+ZRhOc68Qd7ct2ZfoUDr4zDYn6cFqDTkqUMTWwggv887my34knySHQZTMsAWSqJd6
+Ag7VotQBsIy0RW/oYFFVZOZl7LNlHrya7G9Cx6m/tVDIifnOP5VbwOtvFMYEywQP
+66iChjUPCVO4PapzIPWem+ia6jcgrk4xgjtm2xCzgrHls6F/qBFrMHBI8+p4QIyR
+kaZWgWPPNEjeQ2DW+OmHsQLdBtj5yGh3U4I4zdwJoShWgh3J+OYkyOMLMY3wSyqC
+dcvXsJQtSsJjvF3WVL5/0NnK6BK8O4yMjE1lbgdYm5AHcP+NWo5r1adjVwRnWjNN
+uEqjjNCWp4llDk6bT5jC2wUcUnx0gQT0RWC68UpCC/TQ/QT/7VY=
+=eLQ4
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:13/bhyve.13.patch b/website/static/security/patches/SA-21:13/bhyve.13.patch
new file mode 100644
index 0000000000..dac2c70c04
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.13.patch
@@ -0,0 +1,117 @@
+--- usr.sbin/bhyve/pci_virtio_9p.c.orig
++++ usr.sbin/bhyve/pci_virtio_9p.c
+@@ -195,13 +195,15 @@
+ struct iovec iov[VT9P_MAX_IOV];
+ struct pci_vt9p_softc *sc;
+ struct pci_vt9p_request *preq;
+- uint16_t idx, n, i;
++ int n;
++ uint16_t idx, i;
+ uint16_t flags[VT9P_MAX_IOV];
+
+ sc = vsc;
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, VT9P_MAX_IOV, flags);
++ assert(n >= 1 && n <= VT9P_MAX_IOV);
+ preq = calloc(1, sizeof(struct pci_vt9p_request));
+ preq->vsr_sc = sc;
+ preq->vsr_idx = idx;
+--- usr.sbin/bhyve/pci_virtio_console.c.orig
++++ usr.sbin/bhyve/pci_virtio_console.c
+@@ -421,6 +421,7 @@
+
+ do {
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+ len = readv(sock->vss_conn_fd, &iov, n);
+
+ if (len == 0 || (len < 0 && errno == EWOULDBLOCK)) {
+@@ -561,7 +562,6 @@
+ return;
+
+ n = vq_getchain(vq, &idx, &iov, 1, NULL);
+-
+ assert(n == 1);
+
+ memcpy(iov.iov_base, ctrl, sizeof(struct pci_vtcon_control));
+@@ -580,7 +580,8 @@
+ struct pci_vtcon_softc *sc;
+ struct pci_vtcon_port *port;
+ struct iovec iov[1];
+- uint16_t idx, n;
++ int n;
++ uint16_t idx;
+ uint16_t flags[8];
+
+ sc = vsc;
+@@ -588,7 +589,7 @@
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, 1, flags);
+- assert(n >= 1);
++ assert(n == 1);
+ if (port != NULL)
+ port->vsp_cb(port, port->vsp_arg, iov, 1);
+
+--- usr.sbin/bhyve/pci_virtio_rnd.c.orig
++++ usr.sbin/bhyve/pci_virtio_rnd.c
+@@ -113,7 +113,7 @@
+ {
+ struct iovec iov;
+ struct pci_vtrnd_softc *sc;
+- int len;
++ int len, n;
+ uint16_t idx;
+
+ sc = vsc;
+@@ -124,7 +124,8 @@
+ }
+
+ while (vq_has_descs(vq)) {
+- vq_getchain(vq, &idx, &iov, 1, NULL);
++ n = vq_getchain(vq, &idx, &iov, 1, NULL);
++ assert(n == 1);
+
+ len = read(sc->vrsc_fd, iov.iov_base, iov.iov_len);
+
+--- usr.sbin/bhyve/pci_virtio_scsi.c.orig
++++ usr.sbin/bhyve/pci_virtio_scsi.c
+@@ -557,15 +557,16 @@
+ {
+ struct pci_vtscsi_softc *sc;
+ struct iovec iov[VTSCSI_MAXSEG];
+- uint16_t idx, n;
++ uint16_t idx;
+ void *buf = NULL;
+ size_t bufsize;
+- int iolen;
++ int iolen, n;
+
+ sc = vsc;
+
+ while (vq_has_descs(vq)) {
+ n = vq_getchain(vq, &idx, iov, VTSCSI_MAXSEG, NULL);
++ assert(n >= 1 && n <= VTSCSI_MAXSEG);
+ bufsize = iov_to_buf(iov, n, &buf);
+ iolen = pci_vtscsi_control_handle(sc, buf, bufsize);
+ buf_to_iov(buf + bufsize - iolen, iolen, iov, n,
+@@ -595,8 +596,8 @@
+ struct pci_vtscsi_request *req;
+ struct iovec iov[VTSCSI_MAXSEG];
+ uint16_t flags[VTSCSI_MAXSEG];
+- uint16_t idx, n, i;
+- int readable;
++ uint16_t idx, i;
++ int readable, n;
+
+ sc = vsc;
+ q = &sc->vss_queues[vq->vq_num - 2];
+@@ -604,6 +605,7 @@
+ while (vq_has_descs(vq)) {
+ readable = 0;
+ n = vq_getchain(vq, &idx, iov, VTSCSI_MAXSEG, flags);
++ assert(n >= 1 && n <= VTSCSI_MAXSEG);
+
+ /* Count readable descriptors */
+ for (i = 0; i < n; i++) {
diff --git a/website/static/security/patches/SA-21:13/bhyve.13.patch.asc b/website/static/security/patches/SA-21:13/bhyve.13.patch.asc
new file mode 100644
index 0000000000..830e34a6bf
--- /dev/null
+++ b/website/static/security/patches/SA-21:13/bhyve.13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cLL2RAAhv23vkRIvICmnRe7GjwxAoJhjTrWfV85iHAG9CnMAL2n2+1AGPUOmcwN
+h+5XMVkF6y8N7VlMO2JNWwmfTRhEMWGbQp0HFI7AWc9WCN2ZaDylvqO6iZ/CMvND
+fRguHjJgUkwMaHVRHIEE56oF1EvHXI0XBEaqHC+4l4c7FPy6NXomDG94qXlcFhqp
++JoSw1YmT1kn3S5cYMq/RED5yPcoz1/SsGMssOCiY1rf6S9GhYA+ZqMUvdPe4hV8
+/uA7w12qurSRoDUlucfCQrqH0uhfqKsIRu4C2l6N2+STu64HaZfjqzDzQBPwYNoG
+pncexn2v0zByYfg01YELNDdAxOJLQ56v6XgjPMQCbzobBoVawX/jkXhwfm4tnro0
+mKIzmWj9DERNgSx3bZTToZ8DrOPP79nFc9IKcCsCA2yiaDG5gE1dLlngvo7fcy6O
+Wc1vAHpp8o2ecW5H5EWzEkVVE1WC3HxrEQmSezI0WetXaTsjpc8HCE4j4mUj80OT
+ciyQrnu5F90qs8FKa8fzluD7SYSyhUGRK6CGWTHwhVDpvQFIFnoer8yPmb8GCB3l
+08MK2FL+ktWwe/VLKgxZUblVGLcqlvcxBT45qVfeXRyxMobyHpk+EYeCSNJ+LcMl
+T/vVllaS1K0xhFIFwIcmtk9Ks9P5LdZhsDMsvMdlNJ9aAUjqy+U=
+=bt6/
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:14/ggatec.patch b/website/static/security/patches/SA-21:14/ggatec.patch
new file mode 100644
index 0000000000..5c5978b23a
--- /dev/null
+++ b/website/static/security/patches/SA-21:14/ggatec.patch
@@ -0,0 +1,37 @@
+--- sbin/ggate/ggatec/ggatec.c.orig
++++ sbin/ggate/ggatec/ggatec.c
+@@ -145,7 +145,21 @@
+ case BIO_WRITE:
+ hdr.gh_cmd = GGATE_CMD_WRITE;
+ break;
++ default:
++ g_gate_log(LOG_NOTICE, "Unknown gctl_cmd: %i", ggio.gctl_cmd);
++ ggio.gctl_error = EOPNOTSUPP;
++ g_gate_ioctl(G_GATE_CMD_DONE, &ggio);
++ continue;
++ }
++
++ /* Don't send requests for more data than we can handle the response for! */
++ if (ggio.gctl_length > MAXPHYS) {
++ g_gate_log(LOG_ERR, "Request too big: %zd", ggio.gctl_length);
++ ggio.gctl_error = EOPNOTSUPP;
++ g_gate_ioctl(G_GATE_CMD_DONE, &ggio);
++ continue;
+ }
++
+ hdr.gh_seq = ggio.gctl_seq;
+ hdr.gh_offset = ggio.gctl_offset;
+ hdr.gh_length = ggio.gctl_length;
+@@ -219,6 +233,12 @@
+ ggio.gctl_length = hdr.gh_length;
+ ggio.gctl_error = hdr.gh_error;
+
++ /* Do not overflow our buffer if there is a bogus response. */
++ if (ggio.gctl_length > (off_t) sizeof(buf)) {
++ g_gate_log(LOG_ERR, "Received too big response: %zd", ggio.gctl_length);
++ break;
++ }
++
+ if (ggio.gctl_error == 0 && ggio.gctl_cmd == GGATE_CMD_READ) {
+ data = g_gate_recv(recvfd, ggio.gctl_data,
+ ggio.gctl_length, MSG_WAITALL);
diff --git a/website/static/security/patches/SA-21:14/ggatec.patch.asc b/website/static/security/patches/SA-21:14/ggatec.patch.asc
new file mode 100644
index 0000000000..4ec445a3d0
--- /dev/null
+++ b/website/static/security/patches/SA-21:14/ggatec.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cI2zRAAnvW+uh6FHmUzpXXnYwFbMGeD9q2YOMiELXXbc1L8UOKWn/Tkh2JyD498
+B54TNAAHpgSlb5wasQmq57TeFH4WKJhVfX465gfmJt8/HF5OksryRy02+dF52NfU
+DYbvUsHuvHrC+xcLCpP4x55hO9ORU6wOVegCCWDsHfbuApXylSaI1pk3fAlpCNL5
+Z9Ez+s1Th0EFB7/tOnvrIOKuGW5JSSyK7F4KBT2HuI3PKDETIctcm7AWO+rRk5B6
+49lzPswXkwMnMWEqhUk7UxPC8u1tM99n4ztss0zTSXGi0fmUVUnq/nwk8eHMNoW0
+xJYwCGzaBhTOxQglk4FIV1Bo7BkOi7GvGGMMje74Jl/JXJSUMVWZV9/4a5/AO/Ot
+Z0IN61zFuRkLRDUUtadshYFgOMLnm5c74OOAhvwLnITerMVyZYafA7anh945qqIr
+vNtdCtgymGhCVWo1RQcOhU6eMg10i8f7+7JeKeYbV9de/FgPCbysbt/iWanlMSIh
+EsBpb3x8isbiwgyeiYWPye58BWzz6w7n5P4/8UP69rWWcaAGlNafmjXNqrlejYTY
+h3AyYLqDyB6WvOf9x3OswIAdu6kipaNkj3oo+bu9jzYoUBGihx51jrC3rH0o+Tyc
+eYDqJkxhfNQE1u49eB+UaHEZ3QT0Yhos5E03V5ARbswFmIMw1tY=
+=PBcZ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:15/libfetch.patch b/website/static/security/patches/SA-21:15/libfetch.patch
new file mode 100644
index 0000000000..8833a76c00
--- /dev/null
+++ b/website/static/security/patches/SA-21:15/libfetch.patch
@@ -0,0 +1,15 @@
+--- lib/libfetch/ftp.c.orig
++++ lib/libfetch/ftp.c
+@@ -704,8 +704,11 @@
+ goto ouch;
+ }
+ l = (e == FTP_PASSIVE_MODE ? 6 : 21);
+- for (i = 0; *p && i < l; i++, p++)
++ for (i = 0; *p && i < l; i++, p++) {
+ addr[i] = strtol(p, &p, 10);
++ if (*p == '\0' && i < l - 1)
++ break;
++ }
+ if (i < l) {
+ e = FTP_PROTOCOL_ERROR;
+ goto ouch;
diff --git a/website/static/security/patches/SA-21:15/libfetch.patch.asc b/website/static/security/patches/SA-21:15/libfetch.patch.asc
new file mode 100644
index 0000000000..c3c1184a5f
--- /dev/null
+++ b/website/static/security/patches/SA-21:15/libfetch.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cK4Fg//Z3i9ktCwYwUDS/4FWDNyKqXIiyqcc6kKodcJ4DVkij4IHY+HdVGvwMFj
+NovjacI0Bm0HhFoqsjFZQl6XQWwQDatsNOjzDmW7uS7FoS98r9ZXN8vSFF0q6xa/
+eSV/hE7JaM6EOKv8NMB2VsjyupLSUCr6TPRRDBsMgtB8CWFa5BL6Jf7LeqBhoCVi
+d8vCotkx6aWUWvdEmGdV1teloBd42CZp7li+xgrZ8M+QXI1YbKw3FtXg6w208KJu
+Zbpx8zGqqZLvRaLhhp2ZKiT7QJ7WoZTe0VZlXmiHOBcadHN0qRpvSCY6inUSBIjp
+6j8Ttx7gmegWSwlII6wd60HArbUYaODS7C3RXmOJI9Ru9N8PnnBDzfZA1oVgif0W
+59fSYpHnTbLb0iuaik8pd4Xviuw4NAMqGHTEe+Pgk2N4Nv2ZMyVAQk7UxE2h6Kl9
+h7rrEULOaY8URjsF9GLb5xI22nwDFVqTumdGm1rt8vavQLSy1OgwQdPWas0WUlH+
+InOj+1UhSksHmSLrGnQ8v1u6kfZOqbghei7YiQC7V9w8fz7oWndP+nipOgi7Q07i
+A6X8CqoYv7xyRH5hknprxVydS6MZf8oW3ERIIg4D24GX8O6z2noCPYW644cUNCXs
+mh2EDPDyKSyfykBoWHFSQpkM1P7C00LE41JNn1SIMXFhvD4a3po=
+=h9sF
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:16/openssl.12.patch b/website/static/security/patches/SA-21:16/openssl.12.patch
new file mode 100644
index 0000000000..fc931892c2
--- /dev/null
+++ b/website/static/security/patches/SA-21:16/openssl.12.patch
@@ -0,0 +1,559 @@
+--- crypto/openssl/crypto/asn1/asn1_lib.c.orig
++++ crypto/openssl/crypto/asn1/asn1_lib.c
+@@ -292,7 +292,12 @@
+ }
+ if ((size_t)str->length <= len || str->data == NULL) {
+ c = str->data;
++#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
++ /* No NUL terminator in fuzzing builds */
++ str->data = OPENSSL_realloc(c, len);
++#else
+ str->data = OPENSSL_realloc(c, len + 1);
++#endif
+ if (str->data == NULL) {
+ ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+ str->data = c;
+@@ -302,8 +307,13 @@
+ str->length = len;
+ if (data != NULL) {
+ memcpy(str->data, data, len);
+- /* an allowance for strings :-) */
++#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
++ /*
++ * Add a NUL terminator. This should not be necessary - but we add it as
++ * a safety precaution
++ */
+ str->data[len] = '\0';
++#endif
+ }
+ return 1;
+ }
+--- crypto/openssl/crypto/asn1/t_spki.c.orig
++++ crypto/openssl/crypto/asn1/t_spki.c
+@@ -38,7 +38,7 @@
+ }
+ chal = spki->spkac->challenge;
+ if (chal->length)
+- BIO_printf(out, " Challenge String: %s\n", chal->data);
++ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
+ i = OBJ_obj2nid(spki->sig_algor.algorithm);
+ BIO_printf(out, " Signature Algorithm: %s",
+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+--- crypto/openssl/crypto/ec/ec_asn1.c.orig
++++ crypto/openssl/crypto/ec/ec_asn1.c
+@@ -761,7 +761,10 @@
+ ret->seed_len = params->curve->seed->length;
+ }
+
+- if (!params->order || !params->base || !params->base->data) {
++ if (params->order == NULL
++ || params->base == NULL
++ || params->base->data == NULL
++ || params->base->length == 0) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+ goto err;
+ }
+--- crypto/openssl/crypto/sm2/sm2_crypt.c.orig
++++ crypto/openssl/crypto/sm2/sm2_crypt.c
+@@ -61,29 +61,20 @@
+ return field_size;
+ }
+
+-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+- size_t *pt_size)
++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+ {
+- const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+- const int md_size = EVP_MD_size(digest);
+- size_t overhead;
++ struct SM2_Ciphertext_st *sm2_ctext = NULL;
+
+- if (md_size < 0) {
+- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
+- return 0;
+- }
+- if (field_size == 0) {
+- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
+- return 0;
+- }
++ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+
+- overhead = 10 + 2 * field_size + (size_t)md_size;
+- if (msg_len <= overhead) {
++ if (sm2_ctext == NULL) {
+ SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+ return 0;
+ }
+
+- *pt_size = msg_len - overhead;
++ *pt_size = sm2_ctext->C2->length;
++ SM2_Ciphertext_free(sm2_ctext);
++
+ return 1;
+ }
+
+@@ -303,6 +294,10 @@
+ C2 = sm2_ctext->C2->data;
+ C3 = sm2_ctext->C3->data;
+ msg_len = sm2_ctext->C2->length;
++ if (*ptext_len < (size_t)msg_len) {
++ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
++ goto done;
++ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+--- crypto/openssl/crypto/sm2/sm2_pmeth.c.orig
++++ crypto/openssl/crypto/sm2/sm2_pmeth.c
+@@ -151,7 +151,7 @@
+ const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+ if (out == NULL) {
+- if (!sm2_plaintext_size(ec, md, inlen, outlen))
++ if (!sm2_plaintext_size(in, inlen, outlen))
+ return -1;
+ else
+ return 1;
+--- crypto/openssl/crypto/x509v3/v3_akey.c.orig
++++ crypto/openssl/crypto/x509v3/v3_akey.c
+@@ -39,20 +39,48 @@
+ STACK_OF(CONF_VALUE)
+ *extlist)
+ {
+- char *tmp;
++ char *tmp = NULL;
++ STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;
++
+ if (akeyid->keyid) {
+ tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
+- X509V3_add_value("keyid", tmp, &extlist);
++ if (tmp == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++ if (!X509V3_add_value("keyid", tmp, &extlist)) {
++ OPENSSL_free(tmp);
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
+ OPENSSL_free(tmp);
+ }
+- if (akeyid->issuer)
+- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
++ if (akeyid->issuer) {
++ tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
++ if (tmpextlist == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
++ extlist = tmpextlist;
++ }
+ if (akeyid->serial) {
+ tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+- X509V3_add_value("serial", tmp, &extlist);
++ if (tmp == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ if (!X509V3_add_value("serial", tmp, &extlist)) {
++ OPENSSL_free(tmp);
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
+ OPENSSL_free(tmp);
+ }
+ return extlist;
++ err:
++ if (origextlist == NULL)
++ sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
++ return NULL;
+ }
+
+ /*-
+--- crypto/openssl/crypto/x509v3/v3_alt.c.orig
++++ crypto/openssl/crypto/x509v3/v3_alt.c
+@@ -9,6 +9,7 @@
+
+ #include
+ #include "internal/cryptlib.h"
++#include "crypto/x509.h"
+ #include
+ #include
+ #include "ext_dat.h"
+@@ -99,17 +100,20 @@
+ break;
+
+ case GEN_EMAIL:
+- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+ case GEN_DNS:
+- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+ case GEN_URI:
+- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+--- crypto/openssl/crypto/x509v3/v3_cpols.c.orig
++++ crypto/openssl/crypto/x509v3/v3_cpols.c
+@@ -422,7 +422,8 @@
+ qualinfo = sk_POLICYQUALINFO_value(quals, i);
+ switch (OBJ_obj2nid(qualinfo->pqualid)) {
+ case NID_id_qt_cps:
+- BIO_printf(out, "%*sCPS: %s\n", indent, "",
++ BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
++ qualinfo->d.cpsuri->length,
+ qualinfo->d.cpsuri->data);
+ break;
+
+@@ -447,7 +448,8 @@
+ if (notice->noticeref) {
+ NOTICEREF *ref;
+ ref = notice->noticeref;
+- BIO_printf(out, "%*sOrganization: %s\n", indent, "",
++ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
++ ref->organization->length,
+ ref->organization->data);
+ BIO_printf(out, "%*sNumber%s: ", indent, "",
+ sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+@@ -470,7 +472,8 @@
+ BIO_puts(out, "\n");
+ }
+ if (notice->exptext)
+- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
++ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
++ notice->exptext->length,
+ notice->exptext->data);
+ }
+
+--- crypto/openssl/crypto/x509v3/v3_ncons.c.orig
++++ crypto/openssl/crypto/x509v3/v3_ncons.c
+@@ -63,8 +63,31 @@
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
++
++#define IA5_OFFSET_LEN(ia5base, offset) \
++ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
++
++/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
++ * starting point to search from
++ */
++# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
++
++/* Like memrrchr but for ASN1_IA5STRING */
++static char *ia5memrchr(ASN1_IA5STRING *str, int c)
++{
++ int i;
++
++ for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
++
++ if (i == 0)
++ return NULL;
++
++ return (char *)&str->data[i - 1];
++}
++
+ /*
+- * We cannot use strncasecmp here because that applies locale specific rules.
++ * We cannot use strncasecmp here because that applies locale specific rules. It
++ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
+ * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
+ * do a simple ASCII case comparison ignoring the locale (that is why we use
+ * numeric constants below).
+@@ -89,20 +112,12 @@
+
+ /* c1 > c2 */
+ return 1;
+- } else if (*s1 == 0) {
+- /* If we get here we know that *s2 == 0 too */
+- return 0;
+ }
+ }
+
+ return 0;
+ }
+
+-static int ia5casecmp(const char *s1, const char *s2)
+-{
+- return ia5ncasecmp(s1, s2, SIZE_MAX);
+-}
+-
+ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+ {
+@@ -337,7 +352,7 @@
+ --utf8_length;
+
+ /* Reject *embedded* NULs */
+- if ((size_t)utf8_length != strlen((char *)utf8_value)) {
++ if (memchr(utf8_value, 0, utf8_length) != NULL) {
+ OPENSSL_free(utf8_value);
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ }
+@@ -536,9 +551,14 @@
+ {
+ char *baseptr = (char *)base->data;
+ char *dnsptr = (char *)dns->data;
++
+ /* Empty matches everything */
+- if (!*baseptr)
++ if (base->length == 0)
+ return X509_V_OK;
++
++ if (dns->length < base->length)
++ return X509_V_ERR_PERMITTED_VIOLATION;
++
+ /*
+ * Otherwise can add zero or more components on the left so compare RHS
+ * and if dns is longer and expect '.' as preceding character.
+@@ -549,7 +569,7 @@
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
+
+- if (ia5casecmp(baseptr, dnsptr))
++ if (ia5ncasecmp(baseptr, dnsptr, base->length))
+ return X509_V_ERR_PERMITTED_VIOLATION;
+
+ return X509_V_OK;
+@@ -560,16 +580,17 @@
+ {
+ const char *baseptr = (char *)base->data;
+ const char *emlptr = (char *)eml->data;
++ const char *baseat = ia5memrchr(base, '@');
++ const char *emlat = ia5memrchr(eml, '@');
++ size_t basehostlen, emlhostlen;
+
+- const char *baseat = strchr(baseptr, '@');
+- const char *emlat = strchr(emlptr, '@');
+ if (!emlat)
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ /* Special case: initial '.' is RHS match */
+- if (!baseat && (*baseptr == '.')) {
++ if (!baseat && base->length > 0 && (*baseptr == '.')) {
+ if (eml->length > base->length) {
+ emlptr += eml->length - base->length;
+- if (ia5casecmp(baseptr, emlptr) == 0)
++ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
+ return X509_V_OK;
+ }
+ return X509_V_ERR_PERMITTED_VIOLATION;
+@@ -589,8 +610,10 @@
+ baseptr = baseat + 1;
+ }
+ emlptr = emlat + 1;
++ basehostlen = IA5_OFFSET_LEN(base, baseptr);
++ emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
+ /* Just have hostname left to match: case insensitive */
+- if (ia5casecmp(baseptr, emlptr))
++ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
+ return X509_V_ERR_PERMITTED_VIOLATION;
+
+ return X509_V_OK;
+@@ -601,10 +624,14 @@
+ {
+ const char *baseptr = (char *)base->data;
+ const char *hostptr = (char *)uri->data;
+- const char *p = strchr(hostptr, ':');
++ const char *p = ia5memchr(uri, (char *)uri->data, ':');
+ int hostlen;
++
+ /* Check for foo:// and skip past it */
+- if (!p || (p[1] != '/') || (p[2] != '/'))
++ if (p == NULL
++ || IA5_OFFSET_LEN(uri, p) < 3
++ || p[1] != '/'
++ || p[2] != '/')
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ hostptr = p + 3;
+
+@@ -612,13 +639,13 @@
+
+ /* Look for a port indicator as end of hostname first */
+
+- p = strchr(hostptr, ':');
++ p = ia5memchr(uri, hostptr, ':');
+ /* Otherwise look for trailing slash */
+- if (!p)
+- p = strchr(hostptr, '/');
++ if (p == NULL)
++ p = ia5memchr(uri, hostptr, '/');
+
+- if (!p)
+- hostlen = strlen(hostptr);
++ if (p == NULL)
++ hostlen = IA5_OFFSET_LEN(uri, hostptr);
+ else
+ hostlen = p - hostptr;
+
+@@ -626,7 +653,7 @@
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+ /* Special case: initial '.' is RHS match */
+- if (*baseptr == '.') {
++ if (base->length > 0 && *baseptr == '.') {
+ if (hostlen > base->length) {
+ p = hostptr + hostlen - base->length;
+ if (ia5ncasecmp(p, baseptr, base->length) == 0)
+--- crypto/openssl/crypto/x509v3/v3_pci.c.orig
++++ crypto/openssl/crypto/x509v3/v3_pci.c
+@@ -77,7 +77,8 @@
+ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+ BIO_puts(out, "\n");
+ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
++ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
++ pci->proxyPolicy->policy->length,
+ pci->proxyPolicy->policy->data);
+ return 1;
+ }
+--- crypto/openssl/crypto/x509v3/v3_utl.c.orig
++++ crypto/openssl/crypto/x509v3/v3_utl.c
+@@ -12,6 +12,7 @@
+ #include "e_os.h"
+ #include "internal/cryptlib.h"
+ #include
++#include
+ #include "crypto/ctype.h"
+ #include
+ #include
+@@ -34,17 +35,23 @@
+
+ /* Add a CONF_VALUE name value pair to stack */
+
+-int X509V3_add_value(const char *name, const char *value,
+- STACK_OF(CONF_VALUE) **extlist)
++static int x509v3_add_len_value(const char *name, const char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
+ {
+ CONF_VALUE *vtmp = NULL;
+ char *tname = NULL, *tvalue = NULL;
+ int sk_allocated = (*extlist == NULL);
+
+- if (name && (tname = OPENSSL_strdup(name)) == NULL)
+- goto err;
+- if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
++ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
+ goto err;
++ if (value != NULL) {
++ /* We don't allow embeded NUL characters */
++ if (memchr(value, 0, vallen) != NULL)
++ goto err;
++ tvalue = OPENSSL_strndup(value, vallen);
++ if (tvalue == NULL)
++ goto err;
++ }
+ if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
+ goto err;
+ if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+@@ -67,10 +74,26 @@
+ return 0;
+ }
+
++int X509V3_add_value(const char *name, const char *value,
++ STACK_OF(CONF_VALUE) **extlist)
++{
++ return x509v3_add_len_value(name, value,
++ value != NULL ? strlen((const char *)value) : 0,
++ extlist);
++}
++
+ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+ STACK_OF(CONF_VALUE) **extlist)
+ {
+- return X509V3_add_value(name, (const char *)value, extlist);
++ return x509v3_add_len_value(name, (const char *)value,
++ value != NULL ? strlen((const char *)value) : 0,
++ extlist);
++}
++
++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
++{
++ return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
+ }
+
+ /* Free function for STACK_OF(CONF_VALUE) */
+@@ -502,18 +525,26 @@
+ /* First some sanity checks */
+ if (email->type != V_ASN1_IA5STRING)
+ return 1;
+- if (!email->data || !email->length)
++ if (email->data == NULL || email->length == 0)
++ return 1;
++ if (memchr(email->data, 0, email->length) != NULL)
+ return 1;
+ if (*sk == NULL)
+ *sk = sk_OPENSSL_STRING_new(sk_strcmp);
+ if (*sk == NULL)
+ return 0;
++
++ emtmp = OPENSSL_strndup((char *)email->data, email->length);
++ if (emtmp == NULL)
++ return 0;
++
+ /* Don't add duplicates */
+- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
++ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
++ OPENSSL_free(emtmp);
+ return 1;
+- emtmp = OPENSSL_strdup((char *)email->data);
+- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+- OPENSSL_free(emtmp); /* free on push failure */
++ }
++ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
++ OPENSSL_free(emtmp); /* free on push failure */
+ X509_email_free(*sk);
+ *sk = NULL;
+ return 0;
+--- crypto/openssl/include/crypto/sm2.h.orig
++++ crypto/openssl/include/crypto/sm2.h
+@@ -60,8 +60,7 @@
+ int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+ size_t *ct_size);
+
+-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+- size_t *pt_size);
++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size);
+
+ int sm2_encrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+--- crypto/openssl/include/crypto/x509.h.orig
++++ crypto/openssl/include/crypto/x509.h
+@@ -8,6 +8,8 @@
+ */
+
+ #include "internal/refcount.h"
++#include
++#include
+
+ /* Internal X509 structures and functions: not for application use */
+
+@@ -284,3 +286,6 @@
+ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+ void x509_init_sig_info(X509 *x);
++
++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist);
+--- crypto/openssl/include/openssl/opensslv.h.orig
++++ crypto/openssl/include/openssl/opensslv.h
+@@ -40,7 +40,7 @@
+ * major minor fix final patch/beta)
+ */
+ # define OPENSSL_VERSION_NUMBER 0x1010108fL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h-freebsd 22 Sep 2020"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h-freebsd 24 Aug 2021"
+
+ /*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/website/static/security/patches/SA-21:16/openssl.12.patch.asc b/website/static/security/patches/SA-21:16/openssl.12.patch.asc
new file mode 100644
index 0000000000..76d74ebb9c
--- /dev/null
+++ b/website/static/security/patches/SA-21:16/openssl.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cJgkRAAjypd0a9kFaLbkHD3IsZdH1S8qoQIZT6fsS/9CKoE2LiV+eE2yc4cf/rl
+X5niZI5lMIU699LN0pkoQftEEX0aSVx9g+Heff81iZHSyoEPvQmIToWdsrBVaZ+m
+1nd3qRojoprPEVUh1g7W+xbrtjT+US15YotslQo2O+lnvodfsBpuP11QgI7DixLQ
+Ys/huAZh1ybTfrL1GGg659AE5xn41hXUIXF2rjWVWQP6vK9wAbjMnOUQRWoH4ec9
+xmh8T62YgPq2JKHGiHoPSqc7EZAUFUWS12ToQdYmSc6cR850x8IVIJO2dt9gxcTR
+bWFKPYdY0hV2bBlJD3d4L2nNH5itPaJ0Wj8pPMBKi+4MRHw/ccB18hu9o0tCgv3c
+SOL4f8W6z1l/n9jE9hcu1O0iGTIoYuBffoEdH9gMAVcQs0JD9QwXJQZSXUrW/okS
+J/1DlYJZUNkTTZ6GE2ZFUJVhXciTFWR8rFKFj7W476Mj8CWy1D0QJWZaJY/xRt4Z
+ptlLwxBz64tbyS5KPQiJAUFvzzTR0x9aHX2e0YnQ9U3KSiVLVS/DVHP6j9VCwnQ0
+bVXev1kC5hS5Kq+PcVzTMsW1TfhLTBvrwv7dVt1EIry40l5g5NvKec5xkQ5ZiQYz
+y/EvF5YFAj/AxuQjocjBZoEAWq7aHO+4PVDJhFD5t+t9V1SsL+I=
+=nOvv
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:16/openssl.13.patch b/website/static/security/patches/SA-21:16/openssl.13.patch
new file mode 100644
index 0000000000..ea444ef920
--- /dev/null
+++ b/website/static/security/patches/SA-21:16/openssl.13.patch
@@ -0,0 +1,559 @@
+--- crypto/openssl/crypto/asn1/asn1_lib.c.orig
++++ crypto/openssl/crypto/asn1/asn1_lib.c
+@@ -292,7 +292,12 @@
+ }
+ if ((size_t)str->length <= len || str->data == NULL) {
+ c = str->data;
++#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
++ /* No NUL terminator in fuzzing builds */
++ str->data = OPENSSL_realloc(c, len);
++#else
+ str->data = OPENSSL_realloc(c, len + 1);
++#endif
+ if (str->data == NULL) {
+ ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+ str->data = c;
+@@ -302,8 +307,13 @@
+ str->length = len;
+ if (data != NULL) {
+ memcpy(str->data, data, len);
+- /* an allowance for strings :-) */
++#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
++ /*
++ * Add a NUL terminator. This should not be necessary - but we add it as
++ * a safety precaution
++ */
+ str->data[len] = '\0';
++#endif
+ }
+ return 1;
+ }
+--- crypto/openssl/crypto/asn1/t_spki.c.orig
++++ crypto/openssl/crypto/asn1/t_spki.c
+@@ -38,7 +38,7 @@
+ }
+ chal = spki->spkac->challenge;
+ if (chal->length)
+- BIO_printf(out, " Challenge String: %s\n", chal->data);
++ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
+ i = OBJ_obj2nid(spki->sig_algor.algorithm);
+ BIO_printf(out, " Signature Algorithm: %s",
+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+--- crypto/openssl/crypto/ec/ec_asn1.c.orig
++++ crypto/openssl/crypto/ec/ec_asn1.c
+@@ -761,7 +761,10 @@
+ ret->seed_len = params->curve->seed->length;
+ }
+
+- if (!params->order || !params->base || !params->base->data) {
++ if (params->order == NULL
++ || params->base == NULL
++ || params->base->data == NULL
++ || params->base->length == 0) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+ goto err;
+ }
+--- crypto/openssl/crypto/sm2/sm2_crypt.c.orig
++++ crypto/openssl/crypto/sm2/sm2_crypt.c
+@@ -61,29 +61,20 @@
+ return field_size;
+ }
+
+-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+- size_t *pt_size)
++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+ {
+- const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+- const int md_size = EVP_MD_size(digest);
+- size_t overhead;
++ struct SM2_Ciphertext_st *sm2_ctext = NULL;
+
+- if (md_size < 0) {
+- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
+- return 0;
+- }
+- if (field_size == 0) {
+- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
+- return 0;
+- }
++ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+
+- overhead = 10 + 2 * field_size + (size_t)md_size;
+- if (msg_len <= overhead) {
++ if (sm2_ctext == NULL) {
+ SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+ return 0;
+ }
+
+- *pt_size = msg_len - overhead;
++ *pt_size = sm2_ctext->C2->length;
++ SM2_Ciphertext_free(sm2_ctext);
++
+ return 1;
+ }
+
+@@ -303,6 +294,10 @@
+ C2 = sm2_ctext->C2->data;
+ C3 = sm2_ctext->C3->data;
+ msg_len = sm2_ctext->C2->length;
++ if (*ptext_len < (size_t)msg_len) {
++ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
++ goto done;
++ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+--- crypto/openssl/crypto/sm2/sm2_pmeth.c.orig
++++ crypto/openssl/crypto/sm2/sm2_pmeth.c
+@@ -151,7 +151,7 @@
+ const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+ if (out == NULL) {
+- if (!sm2_plaintext_size(ec, md, inlen, outlen))
++ if (!sm2_plaintext_size(in, inlen, outlen))
+ return -1;
+ else
+ return 1;
+--- crypto/openssl/crypto/x509v3/v3_akey.c.orig
++++ crypto/openssl/crypto/x509v3/v3_akey.c
+@@ -39,20 +39,48 @@
+ STACK_OF(CONF_VALUE)
+ *extlist)
+ {
+- char *tmp;
++ char *tmp = NULL;
++ STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;
++
+ if (akeyid->keyid) {
+ tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
+- X509V3_add_value("keyid", tmp, &extlist);
++ if (tmp == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++ if (!X509V3_add_value("keyid", tmp, &extlist)) {
++ OPENSSL_free(tmp);
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
+ OPENSSL_free(tmp);
+ }
+- if (akeyid->issuer)
+- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
++ if (akeyid->issuer) {
++ tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
++ if (tmpextlist == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
++ extlist = tmpextlist;
++ }
+ if (akeyid->serial) {
+ tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+- X509V3_add_value("serial", tmp, &extlist);
++ if (tmp == NULL) {
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ if (!X509V3_add_value("serial", tmp, &extlist)) {
++ OPENSSL_free(tmp);
++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
++ goto err;
++ }
+ OPENSSL_free(tmp);
+ }
+ return extlist;
++ err:
++ if (origextlist == NULL)
++ sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
++ return NULL;
+ }
+
+ /*-
+--- crypto/openssl/crypto/x509v3/v3_alt.c.orig
++++ crypto/openssl/crypto/x509v3/v3_alt.c
+@@ -9,6 +9,7 @@
+
+ #include
+ #include "internal/cryptlib.h"
++#include "crypto/x509.h"
+ #include
+ #include
+ #include "ext_dat.h"
+@@ -99,17 +100,20 @@
+ break;
+
+ case GEN_EMAIL:
+- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+ case GEN_DNS:
+- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+ case GEN_URI:
+- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
++ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
++ gen->d.ia5->length, &ret))
+ return NULL;
+ break;
+
+--- crypto/openssl/crypto/x509v3/v3_cpols.c.orig
++++ crypto/openssl/crypto/x509v3/v3_cpols.c
+@@ -422,7 +422,8 @@
+ qualinfo = sk_POLICYQUALINFO_value(quals, i);
+ switch (OBJ_obj2nid(qualinfo->pqualid)) {
+ case NID_id_qt_cps:
+- BIO_printf(out, "%*sCPS: %s\n", indent, "",
++ BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
++ qualinfo->d.cpsuri->length,
+ qualinfo->d.cpsuri->data);
+ break;
+
+@@ -447,7 +448,8 @@
+ if (notice->noticeref) {
+ NOTICEREF *ref;
+ ref = notice->noticeref;
+- BIO_printf(out, "%*sOrganization: %s\n", indent, "",
++ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
++ ref->organization->length,
+ ref->organization->data);
+ BIO_printf(out, "%*sNumber%s: ", indent, "",
+ sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+@@ -470,7 +472,8 @@
+ BIO_puts(out, "\n");
+ }
+ if (notice->exptext)
+- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
++ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
++ notice->exptext->length,
+ notice->exptext->data);
+ }
+
+--- crypto/openssl/crypto/x509v3/v3_ncons.c.orig
++++ crypto/openssl/crypto/x509v3/v3_ncons.c
+@@ -63,8 +63,31 @@
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
++
++#define IA5_OFFSET_LEN(ia5base, offset) \
++ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
++
++/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
++ * starting point to search from
++ */
++# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
++
++/* Like memrrchr but for ASN1_IA5STRING */
++static char *ia5memrchr(ASN1_IA5STRING *str, int c)
++{
++ int i;
++
++ for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
++
++ if (i == 0)
++ return NULL;
++
++ return (char *)&str->data[i - 1];
++}
++
+ /*
+- * We cannot use strncasecmp here because that applies locale specific rules.
++ * We cannot use strncasecmp here because that applies locale specific rules. It
++ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
+ * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
+ * do a simple ASCII case comparison ignoring the locale (that is why we use
+ * numeric constants below).
+@@ -89,20 +112,12 @@
+
+ /* c1 > c2 */
+ return 1;
+- } else if (*s1 == 0) {
+- /* If we get here we know that *s2 == 0 too */
+- return 0;
+ }
+ }
+
+ return 0;
+ }
+
+-static int ia5casecmp(const char *s1, const char *s2)
+-{
+- return ia5ncasecmp(s1, s2, SIZE_MAX);
+-}
+-
+ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+ {
+@@ -337,7 +352,7 @@
+ --utf8_length;
+
+ /* Reject *embedded* NULs */
+- if ((size_t)utf8_length != strlen((char *)utf8_value)) {
++ if (memchr(utf8_value, 0, utf8_length) != NULL) {
+ OPENSSL_free(utf8_value);
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ }
+@@ -536,9 +551,14 @@
+ {
+ char *baseptr = (char *)base->data;
+ char *dnsptr = (char *)dns->data;
++
+ /* Empty matches everything */
+- if (!*baseptr)
++ if (base->length == 0)
+ return X509_V_OK;
++
++ if (dns->length < base->length)
++ return X509_V_ERR_PERMITTED_VIOLATION;
++
+ /*
+ * Otherwise can add zero or more components on the left so compare RHS
+ * and if dns is longer and expect '.' as preceding character.
+@@ -549,7 +569,7 @@
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
+
+- if (ia5casecmp(baseptr, dnsptr))
++ if (ia5ncasecmp(baseptr, dnsptr, base->length))
+ return X509_V_ERR_PERMITTED_VIOLATION;
+
+ return X509_V_OK;
+@@ -560,16 +580,17 @@
+ {
+ const char *baseptr = (char *)base->data;
+ const char *emlptr = (char *)eml->data;
++ const char *baseat = ia5memrchr(base, '@');
++ const char *emlat = ia5memrchr(eml, '@');
++ size_t basehostlen, emlhostlen;
+
+- const char *baseat = strchr(baseptr, '@');
+- const char *emlat = strchr(emlptr, '@');
+ if (!emlat)
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ /* Special case: initial '.' is RHS match */
+- if (!baseat && (*baseptr == '.')) {
++ if (!baseat && base->length > 0 && (*baseptr == '.')) {
+ if (eml->length > base->length) {
+ emlptr += eml->length - base->length;
+- if (ia5casecmp(baseptr, emlptr) == 0)
++ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
+ return X509_V_OK;
+ }
+ return X509_V_ERR_PERMITTED_VIOLATION;
+@@ -589,8 +610,10 @@
+ baseptr = baseat + 1;
+ }
+ emlptr = emlat + 1;
++ basehostlen = IA5_OFFSET_LEN(base, baseptr);
++ emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
+ /* Just have hostname left to match: case insensitive */
+- if (ia5casecmp(baseptr, emlptr))
++ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
+ return X509_V_ERR_PERMITTED_VIOLATION;
+
+ return X509_V_OK;
+@@ -601,10 +624,14 @@
+ {
+ const char *baseptr = (char *)base->data;
+ const char *hostptr = (char *)uri->data;
+- const char *p = strchr(hostptr, ':');
++ const char *p = ia5memchr(uri, (char *)uri->data, ':');
+ int hostlen;
++
+ /* Check for foo:// and skip past it */
+- if (!p || (p[1] != '/') || (p[2] != '/'))
++ if (p == NULL
++ || IA5_OFFSET_LEN(uri, p) < 3
++ || p[1] != '/'
++ || p[2] != '/')
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ hostptr = p + 3;
+
+@@ -612,13 +639,13 @@
+
+ /* Look for a port indicator as end of hostname first */
+
+- p = strchr(hostptr, ':');
++ p = ia5memchr(uri, hostptr, ':');
+ /* Otherwise look for trailing slash */
+- if (!p)
+- p = strchr(hostptr, '/');
++ if (p == NULL)
++ p = ia5memchr(uri, hostptr, '/');
+
+- if (!p)
+- hostlen = strlen(hostptr);
++ if (p == NULL)
++ hostlen = IA5_OFFSET_LEN(uri, hostptr);
+ else
+ hostlen = p - hostptr;
+
+@@ -626,7 +653,7 @@
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+ /* Special case: initial '.' is RHS match */
+- if (*baseptr == '.') {
++ if (base->length > 0 && *baseptr == '.') {
+ if (hostlen > base->length) {
+ p = hostptr + hostlen - base->length;
+ if (ia5ncasecmp(p, baseptr, base->length) == 0)
+--- crypto/openssl/crypto/x509v3/v3_pci.c.orig
++++ crypto/openssl/crypto/x509v3/v3_pci.c
+@@ -77,7 +77,8 @@
+ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+ BIO_puts(out, "\n");
+ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
++ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
++ pci->proxyPolicy->policy->length,
+ pci->proxyPolicy->policy->data);
+ return 1;
+ }
+--- crypto/openssl/crypto/x509v3/v3_utl.c.orig
++++ crypto/openssl/crypto/x509v3/v3_utl.c
+@@ -12,6 +12,7 @@
+ #include "e_os.h"
+ #include "internal/cryptlib.h"
+ #include
++#include
+ #include "crypto/ctype.h"
+ #include
+ #include
+@@ -34,17 +35,23 @@
+
+ /* Add a CONF_VALUE name value pair to stack */
+
+-int X509V3_add_value(const char *name, const char *value,
+- STACK_OF(CONF_VALUE) **extlist)
++static int x509v3_add_len_value(const char *name, const char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
+ {
+ CONF_VALUE *vtmp = NULL;
+ char *tname = NULL, *tvalue = NULL;
+ int sk_allocated = (*extlist == NULL);
+
+- if (name && (tname = OPENSSL_strdup(name)) == NULL)
+- goto err;
+- if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
++ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
+ goto err;
++ if (value != NULL) {
++ /* We don't allow embeded NUL characters */
++ if (memchr(value, 0, vallen) != NULL)
++ goto err;
++ tvalue = OPENSSL_strndup(value, vallen);
++ if (tvalue == NULL)
++ goto err;
++ }
+ if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
+ goto err;
+ if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+@@ -67,10 +74,26 @@
+ return 0;
+ }
+
++int X509V3_add_value(const char *name, const char *value,
++ STACK_OF(CONF_VALUE) **extlist)
++{
++ return x509v3_add_len_value(name, value,
++ value != NULL ? strlen((const char *)value) : 0,
++ extlist);
++}
++
+ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+ STACK_OF(CONF_VALUE) **extlist)
+ {
+- return X509V3_add_value(name, (const char *)value, extlist);
++ return x509v3_add_len_value(name, (const char *)value,
++ value != NULL ? strlen((const char *)value) : 0,
++ extlist);
++}
++
++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
++{
++ return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
+ }
+
+ /* Free function for STACK_OF(CONF_VALUE) */
+@@ -502,18 +525,26 @@
+ /* First some sanity checks */
+ if (email->type != V_ASN1_IA5STRING)
+ return 1;
+- if (!email->data || !email->length)
++ if (email->data == NULL || email->length == 0)
++ return 1;
++ if (memchr(email->data, 0, email->length) != NULL)
+ return 1;
+ if (*sk == NULL)
+ *sk = sk_OPENSSL_STRING_new(sk_strcmp);
+ if (*sk == NULL)
+ return 0;
++
++ emtmp = OPENSSL_strndup((char *)email->data, email->length);
++ if (emtmp == NULL)
++ return 0;
++
+ /* Don't add duplicates */
+- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
++ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
++ OPENSSL_free(emtmp);
+ return 1;
+- emtmp = OPENSSL_strdup((char *)email->data);
+- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+- OPENSSL_free(emtmp); /* free on push failure */
++ }
++ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
++ OPENSSL_free(emtmp); /* free on push failure */
+ X509_email_free(*sk);
+ *sk = NULL;
+ return 0;
+--- crypto/openssl/include/crypto/sm2.h.orig
++++ crypto/openssl/include/crypto/sm2.h
+@@ -60,8 +60,7 @@
+ int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+ size_t *ct_size);
+
+-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+- size_t *pt_size);
++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size);
+
+ int sm2_encrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+--- crypto/openssl/include/crypto/x509.h.orig
++++ crypto/openssl/include/crypto/x509.h
+@@ -8,6 +8,8 @@
+ */
+
+ #include "internal/refcount.h"
++#include
++#include
+
+ /* Internal X509 structures and functions: not for application use */
+
+@@ -284,3 +286,6 @@
+ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+ void x509_init_sig_info(X509 *x);
++
++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
++ size_t vallen, STACK_OF(CONF_VALUE) **extlist);
+--- crypto/openssl/include/openssl/opensslv.h.orig
++++ crypto/openssl/include/openssl/opensslv.h
+@@ -40,7 +40,7 @@
+ * major minor fix final patch/beta)
+ */
+ # define OPENSSL_VERSION_NUMBER 0x101010bfL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 25 Mar 2021"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 24 Aug 2021"
+
+ /*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/website/static/security/patches/SA-21:16/openssl.13.patch.asc b/website/static/security/patches/SA-21:16/openssl.13.patch.asc
new file mode 100644
index 0000000000..5456ea8df3
--- /dev/null
+++ b/website/static/security/patches/SA-21:16/openssl.13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cKN+A/+PVJQvSTkPrb9WCVSafAsfEo09uqZMaEx5fwDq37g2v4B9jnBAnwiz/CH
+v4kuGNCJvTuY1wdSHdNPy45urWjqwX9IKHiw7dCJjvPO1pbPkUx4aUD/BvXvD1HJ
+4ux0O54NFOP3JQDIvMERB7JEwS03AxEnN7sL0FOHwoKQM5SO0KjXYyoh0Xa9+D+c
+ub/Wb7RCddpQ7V5tD8b3yc3yNyWCMxmasktFeHkvMX7fOIL0l3CGYNFDrtPyD2Lw
+otZda/xTpV5/Uti/2mS3q+pTLXVtwvsSo41FUnSXKHJYLPbrsJsLMjG5g6OvLohw
+ihLwbnxYXrdksSEXoSueV/xNnbCLMXt6+P/OHYL75jvBTs62zI+b9uAeAbPfg6Gi
+qMq/bkqrmgd9aql7ZNcbL1g6m/bgGK/+IbJAGaJhGq3mwICW6UzlnQIV61eWPZ1d
+QWAQo3mK38d7j80+Xb+3eiQ2bRQ8lzm2tRBeQuqHliU5x7Zq9h0qnGaY0rF34WD7
+ujCmkhQkhANbGBjyLF09CYgIgWRs3t8UvB75jrUBxEhRE3U8U11w93TmwyYbdqae
+izjkBIwH2YvjsdIZkoOKw/SOryMpSm6cmkr4CKr6GJi196Q9uWpJk2NAn44hv3pF
+Cskw79AEamRhjgLPUf0JeACCkwjCkITyloZuJrN+oy4eoH4jW+g=
+=dHU8
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:17/openssl.11.patch b/website/static/security/patches/SA-21:17/openssl.11.patch
new file mode 100644
index 0000000000..53e99dca53
--- /dev/null
+++ b/website/static/security/patches/SA-21:17/openssl.11.patch
@@ -0,0 +1,94 @@
+--- crypto/openssl/crypto/evp/evp.h.orig
++++ crypto/openssl/crypto/evp/evp.h
+@@ -1491,6 +1491,7 @@
+ # define EVP_F_EVP_DECRYPTFINAL_EX 101
+ # define EVP_F_EVP_DECRYPTUPDATE 181
+ # define EVP_F_EVP_DIGESTINIT_EX 128
++# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 182
+ # define EVP_F_EVP_ENCRYPTFINAL_EX 127
+ # define EVP_F_EVP_ENCRYPTUPDATE 180
+ # define EVP_F_EVP_MD_CTX_COPY_EX 110
+@@ -1602,6 +1603,7 @@
+ # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
+ # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
+ # define EVP_R_OPERATON_NOT_INITIALIZED 151
++# define EVP_R_OUTPUT_WOULD_OVERFLOW 172
+ # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
+ # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
+ # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
+--- crypto/openssl/crypto/evp/evp_enc.c.orig
++++ crypto/openssl/crypto/evp/evp_enc.c
+@@ -57,6 +57,7 @@
+ */
+
+ #include
++#include
+ #include "cryptlib.h"
+ #include
+ #include
+@@ -357,6 +358,19 @@
+ return 1;
+ } else {
+ j = bl - i;
++
++ /*
++ * Once we've processed the first j bytes from in, the amount of
++ * data left that is a multiple of the block length is:
++ * (inl - j) & ~(bl - 1)
++ * We must ensure that this amount of data, plus the one block that
++ * we process from ctx->buf does not exceed INT_MAX
++ */
++ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
++ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
++ EVP_R_OUTPUT_WOULD_OVERFLOW);
++ return 0;
++ }
+ memcpy(&(ctx->buf[i]), in, j);
+ if (!M_do_cipher(ctx, out, ctx->buf, bl))
+ return 0;
+@@ -482,6 +496,19 @@
+ OPENSSL_assert(b <= sizeof(ctx->final));
+
+ if (ctx->final_used) {
++ /*
++ * final_used is only ever set if buf_len is 0. Therefore the maximum
++ * length output we will ever see from evp_EncryptDecryptUpdate is
++ * the maximum multiple of the block length that is <= inl, or just:
++ * inl & ~(b - 1)
++ * Since final_used has been set then the final output length is:
++ * (inl & ~(b - 1)) + b
++ * This must never exceed INT_MAX
++ */
++ if ((inl & ~(b - 1)) > INT_MAX - b) {
++ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
++ return 0;
++ }
+ memcpy(out, ctx->final, b);
+ out += b;
+ fix_len = 1;
+--- crypto/openssl/crypto/evp/evp_err.c.orig
++++ crypto/openssl/crypto/evp/evp_err.c
+@@ -1,6 +1,6 @@
+ /* crypto/evp/evp_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2021 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -94,6 +94,7 @@
+ {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
++ {ERR_FUNC(EVP_F_EVP_ENCRYPTDECRYPTUPDATE), "EVP_ENCRYPTDECRYPTUPDATE"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+@@ -215,6 +216,7 @@
+ {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+ "operation not supported for this keytype"},
+ {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
++ {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"},
+ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
+ "pkcs8 unknown broken type"},
+ {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
diff --git a/website/static/security/patches/SA-21:17/openssl.11.patch.asc b/website/static/security/patches/SA-21:17/openssl.11.patch.asc
new file mode 100644
index 0000000000..5b965a352b
--- /dev/null
+++ b/website/static/security/patches/SA-21:17/openssl.11.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cKsbA//THN7VFzk73Erd5trATdwlSzLYMLz5ceizJ/PEaPUu2bZEhbr4HOhcfrM
+b1wBZ9KXjbVq02aadsWJIwdIZtRyFoqdqNlHf0Ovbd7WOXq/fP0mh1nWoNgIPo5T
+ktGToEC452hXBonC2e6Z3ILPP35W9EMDX+a1lN1M8/g4jprCNKywZ6NQzftq4MQZ
+0L493hbWBttXp5caxnNlW2IzLrCs9bzw8C4DA35dwSSxJ+LajweJozKKisXiulDo
+iqQ/I701hyp3ONdUfrdasf3IMPpBhONhXCQA8fi6hbtF3fUao9d7YaG4DFGkUzXQ
+aYaZES3nFnehMsHSMIsbCE/RV9nRjBlPVi9Dd++CDfLF9dT4JLz/4xRPxNgpEkMt
+Nsa2JCyZPM5hgRi53279g5MaBdWHWYg65YvlbEPhox52eShxj50Co4es3dWL+B0k
+hZTTtkr33GDSAv5YU65Ajsy//YRFZoI5Y8HgoQGkZjDjJ629JGvgag5Cpe7OeyFB
+rPxM0oDaQLLdtaqoUvkZukZMU3jowuNi36pcCAvvTiDWk2qY64DmhxuD8k2FH3N/
+AoCbR+WlmiIgPnlf9kO/3rTqnF5y/vcqSDWsFlhP9a4ZNwkK2Q8NU0AqC1qEjkDF
+m+l2BndDYR+KQxQ9vv1qV7pNXFp808XFMIbeQtAe5EqDD0g0ee8=
+=cOlR
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:17/openssl.12.patch b/website/static/security/patches/SA-21:17/openssl.12.patch
new file mode 100644
index 0000000000..c49bdcf19d
--- /dev/null
+++ b/website/static/security/patches/SA-21:17/openssl.12.patch
@@ -0,0 +1,125 @@
+--- crypto/openssl/crypto/err/openssl.txt.orig
++++ crypto/openssl/crypto/err/openssl.txt
+@@ -1,4 +1,4 @@
+-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
++# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ #
+ # Licensed under the OpenSSL license (the "License"). You may not use
+ # this file except in compliance with the License. You can obtain a copy
+@@ -2283,6 +2283,7 @@
+ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+ operation not supported for this keytype
+ EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
++EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
+ EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+ EVP_R_PBKDF2_ERROR:181:pbkdf2 error
+ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
+--- crypto/openssl/crypto/evp/evp_enc.c.orig
++++ crypto/openssl/crypto/evp/evp_enc.c
+@@ -8,6 +8,7 @@
+ */
+
+ #include
++#include
+ #include
+ #include "internal/cryptlib.h"
+ #include
+@@ -355,6 +356,19 @@
+ return 1;
+ } else {
+ j = bl - i;
++
++ /*
++ * Once we've processed the first j bytes from in, the amount of
++ * data left that is a multiple of the block length is:
++ * (inl - j) & ~(bl - 1)
++ * We must ensure that this amount of data, plus the one block that
++ * we process from ctx->buf does not exceed INT_MAX
++ */
++ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
++ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
++ EVP_R_OUTPUT_WOULD_OVERFLOW);
++ return 0;
++ }
+ memcpy(&(ctx->buf[i]), in, j);
+ inl -= j;
+ in += j;
+@@ -502,6 +516,19 @@
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
++ /*
++ * final_used is only ever set if buf_len is 0. Therefore the maximum
++ * length output we will ever see from evp_EncryptDecryptUpdate is
++ * the maximum multiple of the block length that is <= inl, or just:
++ * inl & ~(b - 1)
++ * Since final_used has been set then the final output length is:
++ * (inl & ~(b - 1)) + b
++ * This must never exceed INT_MAX
++ */
++ if ((inl & ~(b - 1)) > INT_MAX - b) {
++ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
++ return 0;
++ }
+ memcpy(out, ctx->final, b);
+ out += b;
+ fix_len = 1;
+--- crypto/openssl/crypto/evp/evp_err.c.orig
++++ crypto/openssl/crypto/evp/evp_err.c
+@@ -1,6 +1,6 @@
+ /*
+ * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -239,6 +239,8 @@
+ "operation not supported for this keytype"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+ "operaton not initialized"},
++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
++ "output would overflow"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+ "partially overlapping buffers"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+--- crypto/openssl/crypto/x509/x509_cmp.c.orig
++++ crypto/openssl/crypto/x509/x509_cmp.c
+@@ -39,6 +39,8 @@
+ if (ctx == NULL)
+ goto err;
+ f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
++ if (f == NULL)
++ goto err;
+ if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
+ goto err;
+ if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+--- crypto/openssl/include/openssl/evperr.h.orig
++++ crypto/openssl/include/openssl/evperr.h
+@@ -1,6 +1,6 @@
+ /*
+ * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -11,9 +11,7 @@
+ #ifndef HEADER_EVPERR_H
+ # define HEADER_EVPERR_H
+
+-# ifndef HEADER_SYMHACKS_H
+-# include
+-# endif
++# include
+
+ # ifdef __cplusplus
+ extern "C"
+@@ -179,6 +177,7 @@
+ # define EVP_R_ONLY_ONESHOT_SUPPORTED 177
+ # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
+ # define EVP_R_OPERATON_NOT_INITIALIZED 151
++# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
+ # define EVP_R_PARTIALLY_OVERLAPPING 162
+ # define EVP_R_PBKDF2_ERROR 181
+ # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
diff --git a/website/static/security/patches/SA-21:17/openssl.12.patch.asc b/website/static/security/patches/SA-21:17/openssl.12.patch.asc
new file mode 100644
index 0000000000..c6abca5269
--- /dev/null
+++ b/website/static/security/patches/SA-21:17/openssl.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
+5cJWjw//ctvKcrZa+xcnqOrVY4Zzr70Uh0WBAYqcuKFnFiAFdNJzDM2rsUwU9TL8
+RCNicyqCq9NCXdXFGBXR1FZ2Qbpis/maFYbQovW84FXTtTNDaFwfXhdq0XYKSnDO
+Ww2LNh0CniCBHr6ExY0XdYr3CH+PTPZm/6ODIsFOHZZ+ZnHN1573G+ulCQ7jOZCp
+MdmLthz2Gyj763Vh5e//8z7EkMwT0EZuVW9bRKIBsqfKUnpNA8Qrb+cgMlWBC/ri
+j/2PCUOMhFJEdnTG6nFeNOFyZyEKJ3ZmzJ7o22JMvlZtDEuI8qu+mM8KiAERDquJ
+krCMDZZt+SzqCfIq8tJY60VXBhujOo5scZEjo5rwAHwR/1zipRh1UmfMrN6yPo45
+qwdRMGdd9Kr+2+Mcu/SlTCPoJUW+EvLohTQVcDFy3qpmx8NW97YABCUhz8TkZdx4
+LhS7V3D04+yGuKK6zIBZJiY1Nqq7LFf7YfZ/wfvwXkOhJaGJ3Ev1B6NH6puYgB6w
+PKB0j2POYivYpeM6bRPXBh62WoN6puPXQS8JBCG6KO1++y/xKCRDaWbWlsss1YU1
+0alj4xyRPp3+LesrxhVKOLiloJ7yal8kiuNjrAzpcGAPYqCd7vvY7dqKwSiv5EVR
+muTvyG44BM8sFCvLXB41EHMhTTjbsH1OdBk2x2NUOEd8QaniMUs=
+=lD+N
+-----END PGP SIGNATURE-----