diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 1df4d90a44..bfacfbf277 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2559 +1,2563 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-22:01.vt"
+date = "2022-01-11"
+
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index c74f581696..913e1dc6df 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,719 +1,743 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:06.libalias"
+date = "2022-01-11"
+
+[[notices]]
+name = "FreeBSD-EN-22:05.tail"
+date = "2022-01-11"
+
+[[notices]]
+name = "FreeBSD-EN-22:04.pcid"
+date = "2022-01-11"
+
+[[notices]]
+name = "FreeBSD-EN-22:03.hyperv"
+date = "2022-01-11"
+
+[[notices]]
+name = "FreeBSD-EN-22:02.xsave"
+date = "2022-01-11"
+
+[[notices]]
+name = "FreeBSD-EN-22:01.fsck_ffs"
+date = "2022-01-11"
+
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:01.fsck_ffs.asc b/website/static/security/advisories/FreeBSD-EN-22:01.fsck_ffs.asc
new file mode 100644
index 0000000000..7d3979b5a9
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:01.fsck_ffs.asc
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:01.fsck_ffs Errata Notice
+ The FreeBSD Project
+
+Topic: fsck_ffs fails to correct certain errors
+
+Category: base
+Module: fsck_ffs
+Announced: 2022-01-11
+Affects: FreeBSD 13.0
+Corrected: 2021-05-19 21:38:21 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:14:57 UTC (releng/13.0, 13.0-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The fsck_ffs(8) program checks and corrects errors in the UFS/FFS
+filesystem. One error that it detects and corrects is when two
+different files both claim the same block on the disk. This error
+occurs rarely and is usually caused by hardware failure.
+
+II. Problem Description
+
+fsck_ffs(8) was not able to correct blocks claimed by multiple files.
+
+III. Impact
+
+When duplicate block allocation has occurred, the filesystem is
+unusable until it is corrected.
+
+IV. Workaround
+
+No practical workaround is available.
+
+Duplicate blocks can be eliminated using the fsdb(8) program, but
+requires hours of work by a filesystem expert.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+arm64 platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:01/fsck_ffs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:01/fsck_ffs.patch.asc
+# gpg --verify fsck_ffs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ e198c1dc8f6f stable/13-n245745
+releng/13.0/ 3286a8dc8382 releng/13.0-n244768
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1fMACgkQ05eS9J6n
+5cKY0hAAhYQC9fvksfYxoWdsDW8KQX2LdTRVPZ9zfZ/Y1AAPfDU46C41SI1sTIn9
+0AunPHMVqnku5H8dh+TrL2o9PAW1CktxoTnHA+sFZX0/2hbox6UB/Spr/Iq/auzB
+iyAZ/9jskb4YQuh1HPHp7P4uCdAKfY5lHFE9bn4nLNpH+05AwIc6AFCQ8xilTaRK
+K6eu++DuxJ4p3WLJmRERjuBFK0HAIEnV72diPfZvJH6HOpgTqRTsvURai4GkAsH8
+zyexLlHNUGWY+Kbl2t915i7Fu8ApIQV1HJ1sxi5NwyRwm4e/Azif5kjtAlgFOUws
+gwOfsbqEfGqmzopFSaCk1d7DcjhAnH0GkZ/SGO/WFCiQYV58rXoqs8q8GLpTBenF
+fwQ4IZakrjz/2qlUxNTMM2YbSyf35GpxuvV0jnigHlzXhN+I11yHS3r/GycTUJ1s
+z+Hk0JrV6f6fBxCDqC8hrthaxbf9jqcSsrYKRcaIUkcCB/gJ6wz3AApCkW9Z0ii+
+7sRpnNlvPQYJm2PhDTegCfASGRPd0GamXZNVwzohn+c8u+AVUQ5IiPabd7JNfbXD
+BhPnMj14/1uFuj1TtQ6c9/g+dtLvM7r0p9W/pbPFh1+PRkpyTGWyN5WWCjY3e7wa
+VOkMVapFXnfe0VLK5VFOCcb7lLbd2uDeaxkGRyP+4rBNqd4MC6s=
+=J7Og
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:02.xsave.asc b/website/static/security/advisories/FreeBSD-EN-22:02.xsave.asc
new file mode 100644
index 0000000000..4547cf8c8b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:02.xsave.asc
@@ -0,0 +1,162 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:02.xsave Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect XSAVE state size
+
+Category: core
+Module: kernel
+Announced: 2022-01-11
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-12-12 02:49:50 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:14:58 UTC (releng/13.0, 13.0-RELEASE-p6)
+ 2021-12-12 02:49:50 UTC (stable/12, 12.3-STABLE)
+ 2022-01-11 18:19:21 UTC (releng/12.3, 12.3-RELEASE-p1)
+ 2022-01-11 18:33:11 UTC (releng/12.2, 12.2-RELEASE-p12)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Contemporary x86 CPUs support the XSAVE instruction, "Save Processor Extended
+tates." Some but not all CPUs support the so-called init optimization for
+XSAVE. The optimization means that the CPU may not write all of the state on
+XSAVE, and indicates that it did not in xstate_bv. Whether or not this
+happens depends on "complex internal microarchitectural conditions."
+
+On signal delivery, the OS provides the saved context interrupted by the
+signal to the signal handler. The context includes all CPU state available to
+userspace, including FPU registers (XSAVE area). Also, upon return from the
+signal handler, the saved context is restored, which allows the handler to
+modify the main program flow. When the init optimization kicks in, the OS
+tries to hide the effects of the init state optimization from the signal
+handler by filling in parts of the XSAVE area.
+
+The CPU reports sizes of some of the XSAVE state regions, but two of them
+are fixed and must be hard-coded by the kernel.
+
+II. Problem Description
+
+The hard-coded size for state region 1 (SSE/XMM) was incorrect, effectively
+filling the xmm8 through xmm15 registers with arbitrary values on signal
+return when the init optimization occurred.
+
+III. Impact
+
+On amd64 and i386 systems, application memory may become corrupted, leading to
+incorrect behaviour. Other platforms are not affected.
+
+IV. Workaround
+
+Use of XSAVEOPT may be disabled by adding the following line to loader.conf:
+
+ hw.cpu_stdext_disable=0x1
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:02/xsave.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:02/xsave.patch.asc
+# gpg --verify xsave.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 1d6ebddb62bc stable/13-n248578
+releng/13.0/ f2caded7f590 releng/13.0-n244769
+stable/12/ r371242
+releng/12.3/ r371483
+releng/12.2/ r371488
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd2CUACgkQ05eS9J6n
+5cKE+w//bOsl0ry/Vx4OaIFzX52Blp6iu5nYoSwFu9wipTq5d07xL+UhXT3bbnRN
+yzxJz4KLkBlBaorwN0OX9N3/bjErOq10QMzzcX2jQnvixgIhV9oxqZoOoMcehfVp
+9L2yo1JNhXkn0ysKU2ysxpi1F/9t9xATcqxxC1PuSbl1N143qTnmRB5EWDi9Ygan
+sjFgBhcTmfz3gATxwKP0hz25KaXO+/0WwZzYHCnGYncPnfh12OgKCkMDi6H2v54R
+7+Rl0JtbycK257UIACki/s1FgbiIXkQuPLILD3YBn1kuXFPDhlIBKeK4NLu0G5DQ
+6vqYHKrP5RssGsXdROVpjTe4eO1VkKQAkMI9NHCo6SOStbHcOqiB0bdz0TuGYyQN
+uhI5we2tqDb6uhZBi0az4c+yKp58d+2dF8DizRKGelDjDNby/1L09XAiybnR8liN
+YcHPV/v0Sx/QPjX9sfutMkhtpw28OdPeqoAQyzW9+VSeTC4z61CDmFi9qrN7Vpne
+KIvLbgaBYFMSsN4oeG5CfZzlemLNkk8R+5JKmPCxoewX9r7jj2gr9yMqXcmQhjyR
+46z0Xp9JL0ovYzvfA9g0nV9tPxmRsAuOL2k7C4nPI38kXbCUlOuCjcNc7EP/gdfi
+e7sNXtXwzRDWgO4ipHfLeqzmAnxXy42vFpD2Be5RjbsqXdcH+6I=
+=ejFK
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:03.hyperv.asc b/website/static/security/advisories/FreeBSD-EN-22:03.hyperv.asc
new file mode 100644
index 0000000000..75ef7ff404
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:03.hyperv.asc
@@ -0,0 +1,154 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:03.hyperv Errata Notice
+ The FreeBSD Project
+
+Topic: vPCI compatibility improvements with certain Hyper-V releases
+
+Category: core
+Module: hyperv
+Announced: 2022-01-11
+Credits: Microsoft OSTC
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-11-30 07:43:32 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:14:59 UTC (releng/13.0, 13.0-RELEASE-p6)
+ 2021-12-14 12:20:17 UTC (stable/12, 12.3-STABLE)
+ 2022-01-11 18:19:26 UTC (releng/12.3, 12.3-RELEASE-p1)
+ 2022-01-11 18:33:14 UTC (releng/12.2, 12.2-RELEASE-p12)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Hyper-V is a hypervisor provided on Windows server by Microsoft. It
+supports vPCI, which is a virtualized bus driver used to expose hardware
+devices to virtual machines. FreeBSD provides drivers
+
+II. Problem Description
+
+A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O
+Virtualization) and DDA (Discrete Device Assignment) devices to fail to
+operate correctly under Hyper-V.
+
+In recent Hyper-V releases on Windows Server 2022, the vPCI code does
+not initialize the last 4 bit of device registers. This behavior change
+could result in failure to initialize guest drivers for SR-IOV or DDA
+devices.
+
+III. Impact
+
+SR-IOV and DDA devices may not work in FreeBSD running under certain
+Hyper-V releases.
+
+IV. Workaround
+
+No workaround is available, however systems not running within Hyper-V
+or Azure are unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+A reboot is required.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is required.
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:03/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:03/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ d11e9de955ea stable/13-n248279
+releng/13.0/ dfca965af4e1 releng/13.0-n244770
+stable/12/ r371235
+releng/12.3/ r371484
+releng/12.2/ r371489
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f0ACgkQ05eS9J6n
+5cJOLw//UcDfEZpVJqRvHm3e5B5c/rXCFLUWSS8NOQ7c4ioAOFZdOIs2D4u17Mbf
+EJwiYLTdknv1mT2BkE8hr1fgPb/m1+FLyyEuhfaIRpJuqzn2l4YW4v9lwpBNl0I7
+neuKqK4/j3SIjgdq7HZeiBEAyhIq5BGzzjnkPSbtW+RvGI8TCaAM7MgJYzCk1GKs
+kaIHyc0tyFIkoW0RDTjWt3g6UD+VVn7VU6/8xfiBBF9WUBKOay8MtgjAQMpNXcLK
+SZY2gLM9SMcdHZaKN0M5C0uly1bsXYn8eGOTy+dwGVOiJU2J0rFkcPdFjAIiWARb
+c9fotcunUzv53dy2ZiP0VWv4chdqv8Yel9wm6D0jkqZ1QKTq3jFnHzaPCmcWPII5
+92+YyGF5Yg+pm/s42AqVaMblN0vH/y8GlwOsp9zQBn4jjIhgUENYRdJMfY0KBopH
+7SqWtC9C9yUli0PQHN79z6/u7ZIzEPugsGk19WAZUktcWIj+kTkRq7PGBSm3CL/E
+tSpfRkhx1nMWa6c2ujZkFVCW7+HBaGtv9rlCb450g6Uzv6/7aYPGvxh7RCT8mQYK
+9ao05vSkdCrbdGSTlCDG7iSjGTGPVLj7LH2eGp6mfXiZo9UmfItwu24J88QfRhmO
+nUW3NY9Ff5dYKRLUw7G1nNIynzWsEz8NKyV/HwY2bkd53090CrI=
+=wXdl
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:04.pcid.asc b/website/static/security/advisories/FreeBSD-EN-22:04.pcid.asc
new file mode 100644
index 0000000000..4d06d51527
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:04.pcid.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:04.pcid Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect PCID mode invalidations
+
+Category: core
+Module: kernel
+Announced: 2022-01-11
+Affects: FreeBSD 12.x
+Corrected: 2021-12-14 14:46:07 UTC (stable/12, 12.3-STABLE)
+ 2022-01-11 18:19:29 UTC (releng/12.3, 12.3-RELEASE-p1)
+ 2022-01-11 18:33:17 UTC (releng/12.2, 12.2-RELEASE-p12)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+When switching address spaces the kernel must flush stale Translation
+Lookaside Buffer (TLB) entries to ensure that correct data is visible to the
+CPU. An Inter Processor Interrupt (IPI) is used to signal other CPUs of the
+need to flush TLB entries.
+
+PCID is an optimization that associates each page table with an identifier
+(i.e., Process ID) to allow for efficient context switching.
+
+II. Problem Description
+
+Operations specific to TLB invalidation in PCID mode were misordered with
+respect to IPI transmission.
+
+III. Impact
+
+This issue may cause stale TLB translation entries (and hence invalid data)
+in multithreaded applications, leading to application misbehaviour.
+
+IV. Workaround
+
+PCID may be disabled by adding the following line to /boot/loader.conf:
+
+ vm.pmap.pcid_enabled=0
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:04/pcid.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:04/pcid.patch.asc
+# gpg --verify pcid.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/12/ r371237
+releng/12.3/ r371485
+releng/12.2/ r371490
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f0ACgkQ05eS9J6n
+5cKgjQ//QW16Hxk3gfCvYOKk1PAxDmov2RlSENPrIT/LaHq6UVjGOsB/xaRGFK7U
+peWDMtyIQHboTG2RW819xAuB0ZRk7tLzZU9oOIQlQBWwV9qugre9pBLOHhbr98wX
+D4tZ1nFN3Yz55I2RWPzyT+ncF2NdsXAJLuBtmb4Uj+MPqMl7dhj01X82vPaFvjJH
+tJDMyWTgWHGJlGRk8ZcQ48gF3/G5p3xV6oD0axCQ+RXz9Sx8y4xX+uW2IUskTFkD
+ukbRHiNG+Mh1Jt4R9TC92AIvIvFhODts8+R1/1BtARQ76exfYDw6mIf+JC2oCX5+
+TrUmk7G8/cxCMyafVNU5+qqVx2qQBcJ8MG/4JwjlEl1kYy9w4ehhB1R7jJtJdfkr
+CD92bhJcPnS4zB7M90qTanPA+B7QlBWsbxXEaYmy1jyPZFl7KWLNxME6Ywf9BTpW
+oNE6Jnc77EkWWEMpYAk9i5udRCmxDDnYVFaMWuJR3GaSi4yKNxz4P1jsqOYWLR0v
+M+fjV6/PJnzn1xZBAWyCHrNT2gUbHxSrjEuHA1r6BKXt59lRFw5VEjwE05T9R7nd
+gSi12DEkzvz2ijq5iDFblKmW4B6f8jZsnLpaH/c+U5JfaiEotxb+fg2XCyBzxot5
+teHqbyKYYKGWmwRl09HyVB9rSawKibmQqCvhGSpxqSjJTInHLpM=
+=1FCm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:05.tail.asc b/website/static/security/advisories/FreeBSD-EN-22:05.tail.asc
new file mode 100644
index 0000000000..c680737c00
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:05.tail.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:05.tail Errata Notice
+ The FreeBSD Project
+
+Topic: tail -F fails to follow some types of log rotation
+
+Category: core
+Module: tail
+Announced: 2022-01-11
+Affects: FreeBSD 13.0
+Corrected: 2021-03-18 20:12:24 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:15:01 UTC (releng/13.0, 13.0-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+tail(1) displays the last part of a file, and can wait for and print any data
+appended to the file. As of FreeBSD 13.0, tail(1) runs in capability mode
+via Capsicum.
+
+II. Problem Description
+
+When comparing the inode number of the current file to the file tail(1) has
+open (in order to detect log rotation), tail(1) compared the inode number of
+the already open file descriptor, rather than the file that currently has the
+filename that was passed to tail(1).
+
+III. Impact
+
+When using tail(1)'s -F flag to follow a log file through log rotation,
+depending on the type of log rotation performed, tail(1) may continue to
+follow the original file after it is renamed, rather than detecting the
+rotation and re-opening the original filename, and then following the new log
+file.
+
+The rotated log is usually never written to after it is rotated, causing
+tail(1)'s -F flag to not perform its intended function.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or arm64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:05/tail.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:05/tail.patch.asc
+# gpg --verify tail.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 8c59e863e2c0 stable/13-n244979
+releng/13.0/ 60cacd2e41e1 releng/13.0-n244771
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f0ACgkQ05eS9J6n
+5cKySw/8DUfeI4ku+36DJjnqTt+SGSqP7CLon8tNneD3MeuXxHewHfF9quVqlW5C
+9qaCAJZztpinCvg9u2YXXZbbaZ6FPJKwjrOspo85/ZkodbXXtNkzfIHHVauE0+AH
+BbHYAMcAUjDgvUaApKRVkUUYODRtzlra2qqpA3ITzK4+vo3WYMmFA78uR6j6TYvN
+CWkXOEXPGjcMfmaLFtO7udfOs7//0+RaE4X15Ep+tWD+XZlgBF9kNqQ0jLOE6Dio
+mgJmlmHBNXPNAKud8VjLiEaJ0fhgy5q+9E+UEwol+XW/1HTH4ZMgXyPVenl7O1wH
+jyZhygc+sV3RK1P3ZC6Ecrm7Ktugtx9urmCOC8/isg/SVBbi1fj+hSeTY3tIrUHr
+yxtHS7aelPVENxHaRbHW1bJI5O4G0FH0KiLIMHkCg8/9LmDvdozpGqozLijXVaaf
+KGJ5Xt3qT3udbQP0T0yrmd5yusO75FLS/NnOrrCinQj8gB+355gaEeB58lWH2ndT
+EqfhS4ey4MM86nrxJrzxBymVlqfGmdNtfkl/HubsBy0qnJ6OWKwom3OCnf8rc9VW
+534GFt6BIYM8Ixqc5oOy6pGwzA3vuQ6V3kKOiTNNCvTar5YU9biayf2KI5TTtOo3
+vneWtb2fsOSuOdySNBR4k8LxDvefpS36MSgEV4TYiixXx+fRVRg=
+=nu3N
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:06.libalias.asc b/website/static/security/advisories/FreeBSD-EN-22:06.libalias.asc
new file mode 100644
index 0000000000..61d2c1055c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:06.libalias.asc
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:06.libalias Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect fragmented IPv4 packet handling in libalias
+
+Category: core
+Module: libalias
+Announced: 2022-01-11
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-01-09 22:04:56 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:15:02 UTC (releng/13.0, 13.0-RELEASE-p6)
+ 2022-01-09 23:06:52 UTC (stable/12, 12.3-STABLE)
+ 2022-01-11 18:19:32 UTC (releng/12.3, 12.3-RELEASE-p1)
+
+Note: This errata notice does not update FreeBSD 12.2. FreeBSD 12.2
+users affected by this update should upgrade to FreeBSD 12.3.
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The libalias(3) library is a collection of functions for aliasing and
+dealiasing of IPv4 packets, intended for masquerading and network
+address translation (NAT). Additionally, libalias(3) includes modules
+to support protocols that require additional logic to support address
+translation.
+
+libalias(3) is used by several FreeBSD networking components: ng_nat(4),
+ipfw(4) and natd(8).
+
+II. Problem Description
+
+The patch committed for SA-20:12.libalias introduced additional
+validation of TCP, UDP and ICMP protocol headers. This validation
+failed to take into account the possibility of IP packet fragmentation,
+and could cause libalias(3) to return the PKT_ALIAS_IGNORED status code
+for the first fragment of a packet, rather than applying aliasing rules.
+
+III. Impact
+
+Depending on the configuration of the consumer, this bug may cause
+fragmented packets to be dropped, or may cause further processing of
+fragments without aliasing rules applied. For example, if the
+NG_NAT_DENY_INCOMING flag is set on an ng_nat(4) node, fragments will be
+unconditionally dropped. Similarly, if the "deny_in" flag is set for an
+ipfw(4) NAT rule, fragments will be unconditionally dropped.
+
+IV. Workaround
+
+No workaround is available. Only systems using NAT via ng_nat(4),
+ipfw(4) NAT rules, or natd(8) are affected. Systems leveraging pf(4) or
+ipf(4) to perform NAT are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/EN-22:06/libalias.13.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:06/libalias.13.patch.asc
+# gpg --verify libalias.13.patch.asc
+
+[FreeBSD 12.3]
+# fetch https://security.FreeBSD.org/patches/EN-22:06/libalias.12.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:06/libalias.12.patch.asc
+# gpg --verify libalias.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ ec746e619578 stable/13-n248913
+releng/13.0/ 4378aee9f82f releng/13.0-n244772
+stable/12/ r371477
+releng/12.3/ r371486
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cLW2xAAjuMj68hzBt5aSxuRliu4wT+NdXMq/M5VWH9kHSZw2HrMfQuDY25ecwWE
+VAkeQoIAV/+Uz8OrVKBBqlTgxZyFxmM8a2pNBURPSeY508o7X5h8HMHECaUndqMJ
+dXfa2YgpUm36RQZfaKCGbBCIXUj4V+fmSFkoq87U0EXexrCim6m5tzMoBsWV7Eob
+KWbZObwR2PrvYSoHvdbPNWrGF/6CDu/38x9TBxPU+sT3dVa4qJyUD3D/7hhe3Onb
+VscwvebHNKZwaxxEJJma4xbUcOXJpOUVA/JRjphkzeX5B1Fgix1N4ae8C3ATXiZT
+H9OhB+AU/EtTU5rbcWjEiNckIh/icGV9lkEuqX4AXKmQHeYJEVCctY+IgcZfppzq
+MpY1OuDhjObvQtyuBv6up0EN/Lv2AAN8sooXIwwy00DX6ISnjtynP81huCpHLRE9
+3xntY/y1JHDlNN5tFOBc+z3YNYRo5ha36UXuhi5IQvxGeN5gonW+cK3BUluK3U+Q
+9ibXXaHPZ6V1nowksU1A72RGR2B+axYb7KrNzg+20I/rmjl0t2ZBtULMq1WWks/w
+nLGY/Wb0uaK7GUiUte8l4ggm0oISGIa0ICCV3OogBeaytsWB0fi2atKJxvMuMvPT
+XXj+zrqPw33nMu9mf0ClWQwiXWD8AKi3kFgfi6o9aC5zWd1LlCY=
+=qTdA
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:01.vt.asc b/website/static/security/advisories/FreeBSD-SA-22:01.vt.asc
new file mode 100644
index 0000000000..40d30d2aec
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:01.vt.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:01.vt Security Advisory
+ The FreeBSD Project
+
+Topic: vt console buffer overflow
+
+Category: kernel
+Module: vt
+Announced: 2022-01-11
+Credits: Oleg Bulyzhin
+Affects: FreeBSD 12.2 and FreeBSD 13.0
+Corrected: 2021-09-22 18:41:00 UTC (stable/13, 13.0-STABLE)
+ 2022-01-11 18:15:03 UTC (releng/13.0, 13.0-RELEASE-p6)
+ 2021-09-25 18:15:49 UTC (stable/12, 12.2-STABLE)
+ 2022-01-11 18:33:21 UTC (releng/12.2, 12.2-RELEASE-p12)
+CVE Name: CVE-2021-29632
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD's system console is provided by the vt(4) virtual terminal console
+driver.
+
+II. Problem Description
+
+Under certain conditions involving use of the highlight buffer while
+text is scrolling on the console, console data may overwrite data
+structures associated with the system console or other kernel memory.
+
+III. Impact
+
+Users with access to the system console may be able to cause system
+misbehaviour.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:01/vt.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:01/vt.patch.asc
+# gpg --verify vt.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 9352de39c3dc stable/13-n247428
+releng/13.0/ 3e0a1e124169 releng/13.0-n244773
+stable/12/ r370674
+releng/12.2/ r371491
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cIgEBAAkXpnKSElsT96dj4RYWJLkqB4+OBkGoOGrsZj8zd5Ei85oohhL38xiYAE
+jQpSwblgYCqmOxRL4hGgKN6fBPMnc/zXCdZhJzAfgkKXsn4eY5mObN1jus7owsmC
+RnFNOLSr1VVJZs8H1RAeAjJT2I6DF0oLb/f1u3ik+bPFJ8Y4hvPEliSH7rpzVBq7
+hpmiH1HxAArVwtJ15N+7u6vNUce57dWSh4NzPHLduzMRpatPKVqtkC7UJIvqisxl
+bQTK46MYo454SgbZjRPistwnV9NFKjuKy5Rh38/FURbnBxg8w2HVkabidMy5lJyU
+geSOvV4wc2LraRdSvJHZlNXu1BJKnPpTpsl6XNr8ePzAl9rRPjZKo8cEBMmTlqK0
+KdMeKsf1OfspA/8L6mCpg4NDeOoHktCrICWTi4/E6nGX/e1hZrCXKcxf0KYbhcfO
+xNvrYtKkCtCbEnbzZbW6rjY/RAmRwwMNngVw2FWRuSWU6BCmfKZndUXFO7aghj6Q
+JKISfctwtcHWn/QzI2BN9pNWZlzAJ8BfxR+/bV6VJNuRILOhrvgjnUzpies1xv7z
+GRN9JlpxzqihhlX8JED7jDOm99YflEG0Ep7Cr1OYXLDVx1xxh8dQLCOwl5qjnKgd
+ELae8IKnUn5pI1Og44AsjY9xWOvxxz28luwFxsbYf+3UMo6M4eE=
+=hcWy
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:01/fsck_ffs.patch b/website/static/security/patches/EN-22:01/fsck_ffs.patch
new file mode 100644
index 0000000000..3df9653f5a
--- /dev/null
+++ b/website/static/security/patches/EN-22:01/fsck_ffs.patch
@@ -0,0 +1,24 @@
+--- sbin/fsck_ffs/pass1b.c.orig
++++ sbin/fsck_ffs/pass1b.c
+@@ -60,7 +60,6 @@
+ memset(&idesc, 0, sizeof(struct inodesc));
+ idesc.id_func = pass1bcheck;
+ duphead = duplist;
+- inumber = 0;
+ for (c = 0; c < sblock.fs_ncg; c++) {
+ if (got_siginfo) {
+ printf("%s: phase 1b: cyl group %d of %d (%d%%)\n",
+@@ -77,9 +76,12 @@
+ if (inosused == 0)
+ continue;
+ setinodebuf(c, inosused);
++ inumber = c * sblock.fs_ipg;
+ for (i = 0; i < inosused; i++, inumber++) {
+- if (inumber < UFS_ROOTINO)
++ if (inumber < UFS_ROOTINO) {
++ (void)getnextinode(inumber, 0);
+ continue;
++ }
+ dp = getnextinode(inumber, 0);
+ idesc.id_number = inumber;
+ idesc.id_type = inoinfo(inumber)->ino_idtype;
diff --git a/website/static/security/patches/EN-22:01/fsck_ffs.patch.asc b/website/static/security/patches/EN-22:01/fsck_ffs.patch.asc
new file mode 100644
index 0000000000..59528680ff
--- /dev/null
+++ b/website/static/security/patches/EN-22:01/fsck_ffs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1fwACgkQ05eS9J6n
+5cLOAQ//XUNVBACssFCowAPzdrB0W+ANzyqUyssvSREO3D3kooB/HIgx6iYT7JWb
+IY2KtUkjpwyiwtEWiAYtPscYp4MmdAOFf/4OQFaNmq3v0Pg32EHFOdfEMYeLMVIN
+sVcaEgv7HOjvYlVXB90yk6+7JUaHhRig6Ef1sYaVkpSXwa7KGlRvpy/e2Ym1z+3K
+7ZuWvXsx0wH5bac3YVmJ9ZPivVVY0tsyA6XXCxgfT6tVojIs4D6vONtfYHh6CR1p
+8OgK/DnhLPuXoQtsR9e8elcst5nn0hb9FmQSwQtJutEfDEHNbwDpdPYeuYaqul1E
+cE+7uznGgSMsQh37FSvOT5xz/DLeZMqlvwO6crE2j4fNCPIgREq8UdTrMjrjM+OX
+9Q1C1jxEboMFxvP64YFuOgxuXvm6rnUYTyaJd9nBdq4ZSE1KSv8vYdGBrLy+N0r0
+6tW4myiTVMALaRAm3RCPQsYw68IYJdytNSaAL/QRljQlc4frQF5qNNdHKUNZ9U8o
+/lKEF0Y0bJIpIgdUMkMaewQ6J7t+n/2dSs4IWY8+Vo/lIm///d0Qq9E40n0lUziz
+kNDjvuZblMgmyQmSayLWbl8nPzL/J0BPrkefLF+KqOezYuXRRwonLKXOqpUSAvLy
+QJPABpsD09dUFNYTfSVx5+5EtfOQc3kdySXJe5eKQUQSRWsXzqU=
+=dLuP
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:02/xsave.patch b/website/static/security/patches/EN-22:02/xsave.patch
new file mode 100644
index 0000000000..3bc5e82839
--- /dev/null
+++ b/website/static/security/patches/EN-22:02/xsave.patch
@@ -0,0 +1,11 @@
+--- sys/amd64/amd64/fpu.c.orig
++++ sys/amd64/amd64/fpu.c
+@@ -482,7 +482,7 @@
+ xsave_area_desc[0].size = 160;
+ /* XMM */
+ xsave_area_desc[1].offset = 160;
+- xsave_area_desc[1].size = 288 - 160;
++ xsave_area_desc[1].size = 416 - 160;
+
+ for (i = 2; i < max_ext_n; i++) {
+ cpuid_count(0xd, i, cp);
diff --git a/website/static/security/patches/EN-22:02/xsave.patch.asc b/website/static/security/patches/EN-22:02/xsave.patch.asc
new file mode 100644
index 0000000000..bb952241a0
--- /dev/null
+++ b/website/static/security/patches/EN-22:02/xsave.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd2CgACgkQ05eS9J6n
+5cK4Jw//df/oi8ezHHLVKEMBeVT5euGkA9ANbXETzfuwuLlOS53eu1Ocpe70v1wd
+7Z7H0f2hBnnBF93bVXPXkzm3rJrsAXK0zushL/DEhZH1i7vYDUo2rHLb4dbEc190
+9lVhEdWIxbDP4wnm+/vrI4to1TMJ9P45ciqSh0081zJ+YWsV0avgUw+rLHZZ8fH8
+T3YRtxURjteIHa1/eO6mW6mTNnT7/xf4NTE496yK6lrelI+Jq5VRM3cH1g4cgy6O
+tIuhB9fuelfEOxUrKMdI7+iZoxx8ROXlOTjGqLwS1KvpOWCTe2TkMr6Ct5zKjR/H
+vhsh8xvko5BEQhrI+EN90wB8MJQOSwQyaJ5OMqelLUiNBaIPB1uiHKHUEdOstCr+
+kG3m2obyXR3r+hem/fZxBhNwyrRTyGyhhi+4FXnvI9F41w331xEsgJYaiibez/0o
+3fFY897Recay+jEbKO6AgZQFeof8cSA46s7azQrNTQwdhssgUl80p7v8JGCGZTr3
+sDHaQCZwz/wF6ivLCikUuCyNPmTe/CNWHR85XiLoybVtdiSKOss61tQ23VQgjkA9
+oETz632S1EMiBpBdK0tGHDQoUVjQ1uruVV4ohnnEJqobPiKNukf4sszaabQ6PWPl
+3FNIE8wLWUv/6qgq4mredA4L0gNIULDiznKF72EGEgMfidNOKkU=
+=jIuv
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:03/hyperv.patch b/website/static/security/patches/EN-22:03/hyperv.patch
new file mode 100644
index 0000000000..38985feb77
--- /dev/null
+++ b/website/static/security/patches/EN-22:03/hyperv.patch
@@ -0,0 +1,59 @@
+--- sys/dev/hyperv/pcib/vmbus_pcib.c.orig
++++ sys/dev/hyperv/pcib/vmbus_pcib.c
+@@ -1356,6 +1356,47 @@
+ }
+ }
+
++/*
++ * The vPCI in some Hyper-V releases do not initialize the last 4
++ * bit of BAR registers. This could result weird problems causing PCI
++ * code fail to configure BAR correctly.
++ *
++ * Just write all 1's to those BARs whose probed values are not zero.
++ * This seems to make the Hyper-V vPCI and pci_write_bar() to cooperate
++ * correctly.
++ */
++
++static void
++vmbus_pcib_prepopulate_bars(struct hv_pcibus *hbus)
++{
++ struct hv_pci_dev *hpdev;
++ int i;
++
++ mtx_lock(&hbus->device_list_lock);
++ TAILQ_FOREACH(hpdev, &hbus->children, link) {
++ for (i = 0; i < 6; i++) {
++ /* Ignore empty bar */
++ if (hpdev->probed_bar[i] == 0)
++ continue;
++
++ uint32_t bar_val = 0;
++
++ _hv_pcifront_read_config(hpdev, PCIR_BAR(i),
++ 4, &bar_val);
++
++ if (hpdev->probed_bar[i] != bar_val) {
++ if (bootverbose)
++ printf("vmbus_pcib: initialize bar %d "
++ "by writing all 1s\n", i);
++
++ _hv_pcifront_write_config(hpdev, PCIR_BAR(i),
++ 4, 0xffffffff);
++ }
++ }
++ }
++ mtx_unlock(&hbus->device_list_lock);
++}
++
+ static void
+ vmbus_pcib_set_detaching(void *arg, int pending __unused)
+ {
+@@ -1479,6 +1520,8 @@
+ if (ret)
+ goto vmbus_close;
+
++ vmbus_pcib_prepopulate_bars(hbus);
++
+ hbus->pci_bus = device_add_child(dev, "pci", -1);
+ if (!hbus->pci_bus) {
+ device_printf(dev, "failed to create pci bus\n");
diff --git a/website/static/security/patches/EN-22:03/hyperv.patch.asc b/website/static/security/patches/EN-22:03/hyperv.patch.asc
new file mode 100644
index 0000000000..26ad2d441a
--- /dev/null
+++ b/website/static/security/patches/EN-22:03/hyperv.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f0ACgkQ05eS9J6n
+5cLuuRAAhho5ps35aydIvu9F2y3meJAO3AORJ2RQVNuUGOam70hoKPLimHnACW/O
+rv7IIhByDFvn5U2vFn5xd8XfccoKfnDxlyEUrm4bTBqaPivmkaETf38iKaTnoUzq
+1R9fcqTHp31kL8fVJvCU3RG92rJrI1DoaS9dK8jf3xLH8UeIY64mIH3tBXZRc69P
+zmRgf1S4vHa8mdFGf47mFO+VttRR7aB2ebyGyXrQqgOEHK4BmrEYNmfHXsKDJ3vw
+8cpqMvePDWNaucF3AtoFxJeL0piXPNa3z15v/G44hEktr3tlTsB3SxAEKCiG9WRC
++OOhTko39VSPPFkH/sSi392tlPV0KUrvb7cCakWF/nb/0Jb2HD/RpOOW/fsRRzp5
+ylVyxU2ja4xX7PKY/98m/c3nN6ZPIADe4JZn7/TruPl+Nlvgfb0AXKKz0/ekiuIw
+lumAbij7c/ZTq+i1eF9ZOXL9BWINln7QDwttpe7vTLc+q+/14MWW+U46kEltPcGA
+VfM+kK6HHAza9q8FLETn9rLQrdlmCTO+ySrVSh5Gc0IuQmzCxWV+XKHRRYz2Ql3u
+rqgUTcMk299AeNkc1ixN27yqyLYNoU1+LqLM6+yaAn206I7ol+hTmTyqRXpCEQn7
+YNWmu1h6rvWXn7m9Rv4HCwm5yIA8Bgw2mPDH7DE2zQRbvkT68GM=
+=hFf5
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:04/pcid.patch b/website/static/security/patches/EN-22:04/pcid.patch
new file mode 100644
index 0000000000..eba325661d
--- /dev/null
+++ b/website/static/security/patches/EN-22:04/pcid.patch
@@ -0,0 +1,537 @@
+--- sys/amd64/amd64/pmap.c.orig
++++ sys/amd64/amd64/pmap.c
+@@ -2329,45 +2329,19 @@
+ static cpuset_t
+ pmap_invalidate_cpu_mask(pmap_t pmap)
+ {
+-
+ return (pmap == kernel_pmap ? all_cpus : pmap->pm_active);
+ }
+
+ static inline void
+-pmap_invalidate_page_pcid(pmap_t pmap, vm_offset_t va,
+- const bool invpcid_works1)
++pmap_invalidate_preipi_pcid(pmap_t pmap)
+ {
+- struct invpcid_descr d;
+- uint64_t kcr3, ucr3;
+- uint32_t pcid;
+ u_int cpuid, i;
+
++ sched_pin();
++
+ cpuid = PCPU_GET(cpuid);
+- if (pmap == PCPU_GET(curpmap)) {
+- if (pmap->pm_ucr3 != PMAP_NO_CR3) {
+- /*
+- * Because pm_pcid is recalculated on a
+- * context switch, we must disable switching.
+- * Otherwise, we might use a stale value
+- * below.
+- */
+- critical_enter();
+- pcid = pmap->pm_pcids[cpuid].pm_pcid;
+- if (invpcid_works1) {
+- d.pcid = pcid | PMAP_PCID_USER_PT;
+- d.pad = 0;
+- d.addr = va;
+- invpcid(&d, INVPCID_ADDR);
+- } else {
+- kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
+- ucr3 = pmap->pm_ucr3 | pcid |
+- PMAP_PCID_USER_PT | CR3_PCID_SAVE;
+- pmap_pti_pcid_invlpg(ucr3, kcr3, va);
+- }
+- critical_exit();
+- }
+- } else
+- pmap->pm_pcids[cpuid].pm_gen = 0;
++ if (pmap != PCPU_GET(curpmap))
++ cpuid = 0xffffffff; /* An impossible value */
+
+ CPU_FOREACH(i) {
+ if (cpuid != i)
+@@ -2388,52 +2362,96 @@
+ }
+
+ static void
+-pmap_invalidate_page_pcid_invpcid(pmap_t pmap, vm_offset_t va)
++pmap_invalidate_preipi_nopcid(pmap_t pmap __unused)
+ {
++ sched_pin();
++}
+
+- pmap_invalidate_page_pcid(pmap, va, true);
++DEFINE_IFUNC(static, void, pmap_invalidate_preipi, (pmap_t), static)
++{
++ return (pmap_pcid_enabled ? pmap_invalidate_preipi_pcid :
++ pmap_invalidate_preipi_nopcid);
++}
++
++static inline void
++pmap_invalidate_page_pcid_cb(pmap_t pmap, vm_offset_t va,
++ const bool invpcid_works1)
++{
++ struct invpcid_descr d;
++ uint64_t kcr3, ucr3;
++ uint32_t pcid;
++ u_int cpuid;
++
++ /*
++ * Because pm_pcid is recalculated on a context switch, we
++ * must ensure there is no preemption, not just pinning.
++ * Otherwise, we might use a stale value below.
++ */
++ CRITICAL_ASSERT(curthread);
++
++ /*
++ * No need to do anything with user page tables invalidation
++ * if there is no user page table.
++ */
++ if (pmap->pm_ucr3 == PMAP_NO_CR3)
++ return;
++
++ cpuid = PCPU_GET(cpuid);
++
++ pcid = pmap->pm_pcids[cpuid].pm_pcid;
++ if (invpcid_works1) {
++ d.pcid = pcid | PMAP_PCID_USER_PT;
++ d.pad = 0;
++ d.addr = va;
++ invpcid(&d, INVPCID_ADDR);
++ } else {
++ kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
++ ucr3 = pmap->pm_ucr3 | pcid | PMAP_PCID_USER_PT | CR3_PCID_SAVE;
++ pmap_pti_pcid_invlpg(ucr3, kcr3, va);
++ }
+ }
+
+ static void
+-pmap_invalidate_page_pcid_noinvpcid(pmap_t pmap, vm_offset_t va)
++pmap_invalidate_page_pcid_invpcid_cb(pmap_t pmap, vm_offset_t va)
+ {
++ pmap_invalidate_page_pcid_cb(pmap, va, true);
++}
+
+- pmap_invalidate_page_pcid(pmap, va, false);
++static void
++pmap_invalidate_page_pcid_noinvpcid_cb(pmap_t pmap, vm_offset_t va)
++{
++ pmap_invalidate_page_pcid_cb(pmap, va, false);
+ }
+
+ static void
+-pmap_invalidate_page_nopcid(pmap_t pmap, vm_offset_t va)
++pmap_invalidate_page_nopcid_cb(pmap_t pmap __unused, vm_offset_t va __unused)
+ {
+ }
+
+-DEFINE_IFUNC(static, void, pmap_invalidate_page_mode, (pmap_t, vm_offset_t),
++DEFINE_IFUNC(static, void, pmap_invalidate_page_cb, (pmap_t, vm_offset_t),
+ static)
+ {
+-
+ if (pmap_pcid_enabled)
+- return (invpcid_works ? pmap_invalidate_page_pcid_invpcid :
+- pmap_invalidate_page_pcid_noinvpcid);
+- return (pmap_invalidate_page_nopcid);
++ return (invpcid_works ? pmap_invalidate_page_pcid_invpcid_cb :
++ pmap_invalidate_page_pcid_noinvpcid_cb);
++ return (pmap_invalidate_page_nopcid_cb);
+ }
+
+ static void
+ pmap_invalidate_page_curcpu_cb(pmap_t pmap, vm_offset_t va,
+ vm_offset_t addr2 __unused)
+ {
+-
+ if (pmap == kernel_pmap) {
+ invlpg(va);
+- } else {
+- if (pmap == PCPU_GET(curpmap))
+- invlpg(va);
+- pmap_invalidate_page_mode(pmap, va);
++ } else if (pmap == PCPU_GET(curpmap)) {
++ invlpg(va);
++ pmap_invalidate_page_cb(pmap, va);
+ }
+ }
+
+ void
+ pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
+ {
+-
+ if (pmap_type_guest(pmap)) {
+ pmap_invalidate_ept(pmap);
+ return;
+@@ -2442,6 +2460,7 @@
+ KASSERT(pmap->pm_type == PT_X86,
+ ("pmap_invalidate_page: invalid type %d", pmap->pm_type));
+
++ pmap_invalidate_preipi(pmap);
+ smp_masked_invlpg(pmap_invalidate_cpu_mask(pmap), va, pmap,
+ pmap_invalidate_page_curcpu_cb);
+ }
+@@ -2450,73 +2469,62 @@
+ #define PMAP_INVLPG_THRESHOLD (4 * 1024 * PAGE_SIZE)
+
+ static void
+-pmap_invalidate_range_pcid(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
++pmap_invalidate_range_pcid_cb(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
+ const bool invpcid_works1)
+ {
+ struct invpcid_descr d;
+ uint64_t kcr3, ucr3;
+ uint32_t pcid;
+- u_int cpuid, i;
++ u_int cpuid;
++
++ CRITICAL_ASSERT(curthread);
++
++ if (pmap != PCPU_GET(curpmap) ||
++ pmap->pm_ucr3 == PMAP_NO_CR3)
++ return;
+
+ cpuid = PCPU_GET(cpuid);
+- if (pmap == PCPU_GET(curpmap)) {
+- if (pmap->pm_ucr3 != PMAP_NO_CR3) {
+- critical_enter();
+- pcid = pmap->pm_pcids[cpuid].pm_pcid;
+- if (invpcid_works1) {
+- d.pcid = pcid | PMAP_PCID_USER_PT;
+- d.pad = 0;
+- d.addr = sva;
+- for (; d.addr < eva; d.addr += PAGE_SIZE)
+- invpcid(&d, INVPCID_ADDR);
+- } else {
+- kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
+- ucr3 = pmap->pm_ucr3 | pcid |
+- PMAP_PCID_USER_PT | CR3_PCID_SAVE;
+- pmap_pti_pcid_invlrng(ucr3, kcr3, sva, eva);
+- }
+- critical_exit();
+- }
+- } else
+- pmap->pm_pcids[cpuid].pm_gen = 0;
+
+- CPU_FOREACH(i) {
+- if (cpuid != i)
+- pmap->pm_pcids[i].pm_gen = 0;
++ pcid = pmap->pm_pcids[cpuid].pm_pcid;
++ if (invpcid_works1) {
++ d.pcid = pcid | PMAP_PCID_USER_PT;
++ d.pad = 0;
++ for (d.addr = sva; d.addr < eva; d.addr += PAGE_SIZE)
++ invpcid(&d, INVPCID_ADDR);
++ } else {
++ kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
++ ucr3 = pmap->pm_ucr3 | pcid | PMAP_PCID_USER_PT | CR3_PCID_SAVE;
++ pmap_pti_pcid_invlrng(ucr3, kcr3, sva, eva);
+ }
+- /* See the comment in pmap_invalidate_page_pcid(). */
+- atomic_thread_fence_seq_cst();
+ }
+
+ static void
+-pmap_invalidate_range_pcid_invpcid(pmap_t pmap, vm_offset_t sva,
++pmap_invalidate_range_pcid_invpcid_cb(pmap_t pmap, vm_offset_t sva,
+ vm_offset_t eva)
+ {
+-
+- pmap_invalidate_range_pcid(pmap, sva, eva, true);
++ pmap_invalidate_range_pcid_cb(pmap, sva, eva, true);
+ }
+
+ static void
+-pmap_invalidate_range_pcid_noinvpcid(pmap_t pmap, vm_offset_t sva,
++pmap_invalidate_range_pcid_noinvpcid_cb(pmap_t pmap, vm_offset_t sva,
+ vm_offset_t eva)
+ {
+-
+- pmap_invalidate_range_pcid(pmap, sva, eva, false);
++ pmap_invalidate_range_pcid_cb(pmap, sva, eva, false);
+ }
+
+ static void
+-pmap_invalidate_range_nopcid(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
++pmap_invalidate_range_nopcid_cb(pmap_t pmap __unused, vm_offset_t sva __unused,
++ vm_offset_t eva __unused)
+ {
+ }
+
+-DEFINE_IFUNC(static, void, pmap_invalidate_range_mode, (pmap_t, vm_offset_t,
++DEFINE_IFUNC(static, void, pmap_invalidate_range_cb, (pmap_t, vm_offset_t,
+ vm_offset_t), static)
+ {
+-
+ if (pmap_pcid_enabled)
+- return (invpcid_works ? pmap_invalidate_range_pcid_invpcid :
+- pmap_invalidate_range_pcid_noinvpcid);
+- return (pmap_invalidate_range_nopcid);
++ return (invpcid_works ? pmap_invalidate_range_pcid_invpcid_cb :
++ pmap_invalidate_range_pcid_noinvpcid_cb);
++ return (pmap_invalidate_range_nopcid_cb);
+ }
+
+ static void
+@@ -2527,19 +2535,16 @@
+ if (pmap == kernel_pmap) {
+ for (addr = sva; addr < eva; addr += PAGE_SIZE)
+ invlpg(addr);
+- } else {
+- if (pmap == PCPU_GET(curpmap)) {
+- for (addr = sva; addr < eva; addr += PAGE_SIZE)
+- invlpg(addr);
+- }
+- pmap_invalidate_range_mode(pmap, sva, eva);
++ } else if (pmap == PCPU_GET(curpmap)) {
++ for (addr = sva; addr < eva; addr += PAGE_SIZE)
++ invlpg(addr);
++ pmap_invalidate_range_cb(pmap, sva, eva);
+ }
+ }
+
+ void
+ pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
+ {
+-
+ if (eva - sva >= PMAP_INVLPG_THRESHOLD) {
+ pmap_invalidate_all(pmap);
+ return;
+@@ -2553,17 +2558,18 @@
+ KASSERT(pmap->pm_type == PT_X86,
+ ("pmap_invalidate_range: invalid type %d", pmap->pm_type));
+
++ pmap_invalidate_preipi(pmap);
+ smp_masked_invlpg_range(pmap_invalidate_cpu_mask(pmap), sva, eva, pmap,
+ pmap_invalidate_range_curcpu_cb);
+ }
+
+ static inline void
+-pmap_invalidate_all_pcid(pmap_t pmap, bool invpcid_works1)
++pmap_invalidate_all_pcid_cb(pmap_t pmap, bool invpcid_works1)
+ {
+ struct invpcid_descr d;
+ uint64_t kcr3, ucr3;
+ uint32_t pcid;
+- u_int cpuid, i;
++ u_int cpuid;
+
+ if (pmap == kernel_pmap) {
+ if (invpcid_works1) {
+@@ -2572,87 +2578,72 @@
+ } else {
+ invltlb_glob();
+ }
+- } else {
++ } else if (pmap == PCPU_GET(curpmap)) {
++ CRITICAL_ASSERT(curthread);
+ cpuid = PCPU_GET(cpuid);
+- if (pmap == PCPU_GET(curpmap)) {
+- critical_enter();
+- pcid = pmap->pm_pcids[cpuid].pm_pcid;
+- if (invpcid_works1) {
+- d.pcid = pcid;
+- d.pad = 0;
+- d.addr = 0;
++
++ pcid = pmap->pm_pcids[cpuid].pm_pcid;
++ if (invpcid_works1) {
++ d.pcid = pcid;
++ d.pad = 0;
++ d.addr = 0;
++ invpcid(&d, INVPCID_CTX);
++ if (pmap->pm_ucr3 != PMAP_NO_CR3) {
++ d.pcid |= PMAP_PCID_USER_PT;
+ invpcid(&d, INVPCID_CTX);
+- if (pmap->pm_ucr3 != PMAP_NO_CR3) {
+- d.pcid |= PMAP_PCID_USER_PT;
+- invpcid(&d, INVPCID_CTX);
+- }
++ }
++ } else {
++ kcr3 = pmap->pm_cr3 | pcid;
++ ucr3 = pmap->pm_ucr3;
++ if (ucr3 != PMAP_NO_CR3) {
++ ucr3 |= pcid | PMAP_PCID_USER_PT;
++ pmap_pti_pcid_invalidate(ucr3, kcr3);
+ } else {
+- kcr3 = pmap->pm_cr3 | pcid;
+- ucr3 = pmap->pm_ucr3;
+- if (ucr3 != PMAP_NO_CR3) {
+- ucr3 |= pcid | PMAP_PCID_USER_PT;
+- pmap_pti_pcid_invalidate(ucr3, kcr3);
+- } else {
+- load_cr3(kcr3);
+- }
++ load_cr3(kcr3);
+ }
+- critical_exit();
+- } else
+- pmap->pm_pcids[cpuid].pm_gen = 0;
+- CPU_FOREACH(i) {
+- if (cpuid != i)
+- pmap->pm_pcids[i].pm_gen = 0;
+ }
+ }
+- /* See the comment in pmap_invalidate_page_pcid(). */
+- atomic_thread_fence_seq_cst();
+ }
+
+ static void
+-pmap_invalidate_all_pcid_invpcid(pmap_t pmap)
++pmap_invalidate_all_pcid_invpcid_cb(pmap_t pmap)
+ {
+-
+- pmap_invalidate_all_pcid(pmap, true);
++ pmap_invalidate_all_pcid_cb(pmap, true);
+ }
+
+ static void
+-pmap_invalidate_all_pcid_noinvpcid(pmap_t pmap)
++pmap_invalidate_all_pcid_noinvpcid_cb(pmap_t pmap)
+ {
+-
+- pmap_invalidate_all_pcid(pmap, false);
++ pmap_invalidate_all_pcid_cb(pmap, false);
+ }
+
+ static void
+-pmap_invalidate_all_nopcid(pmap_t pmap)
++pmap_invalidate_all_nopcid_cb(pmap_t pmap)
+ {
+-
+ if (pmap == kernel_pmap)
+ invltlb_glob();
+ else if (pmap == PCPU_GET(curpmap))
+ invltlb();
+ }
+
+-DEFINE_IFUNC(static, void, pmap_invalidate_all_mode, (pmap_t), static)
++DEFINE_IFUNC(static, void, pmap_invalidate_all_cb, (pmap_t), static)
+ {
+-
+ if (pmap_pcid_enabled)
+- return (invpcid_works ? pmap_invalidate_all_pcid_invpcid :
+- pmap_invalidate_all_pcid_noinvpcid);
+- return (pmap_invalidate_all_nopcid);
++ return (invpcid_works ? pmap_invalidate_all_pcid_invpcid_cb :
++ pmap_invalidate_all_pcid_noinvpcid_cb);
++ return (pmap_invalidate_all_nopcid_cb);
+ }
+
+ static void
+ pmap_invalidate_all_curcpu_cb(pmap_t pmap, vm_offset_t addr1 __unused,
+ vm_offset_t addr2 __unused)
+ {
+-
+- pmap_invalidate_all_mode(pmap);
++ pmap_invalidate_all_cb(pmap);
+ }
+
+ void
+ pmap_invalidate_all(pmap_t pmap)
+ {
+-
+ if (pmap_type_guest(pmap)) {
+ pmap_invalidate_ept(pmap);
+ return;
+@@ -2661,6 +2652,7 @@
+ KASSERT(pmap->pm_type == PT_X86,
+ ("pmap_invalidate_all: invalid type %d", pmap->pm_type));
+
++ pmap_invalidate_preipi(pmap);
+ smp_masked_invltlb(pmap_invalidate_cpu_mask(pmap), pmap,
+ pmap_invalidate_all_curcpu_cb);
+ }
+@@ -2669,14 +2661,13 @@
+ pmap_invalidate_cache_curcpu_cb(pmap_t pmap __unused, vm_offset_t va __unused,
+ vm_offset_t addr2 __unused)
+ {
+-
+ wbinvd();
+ }
+
+ void
+ pmap_invalidate_cache(void)
+ {
+-
++ sched_pin();
+ smp_cache_flush(pmap_invalidate_cache_curcpu_cb);
+ }
+
+--- sys/x86/x86/mp_x86.c.orig
++++ sys/x86/x86/mp_x86.c
+@@ -1649,13 +1649,16 @@
+ * Used by pmap to request invalidation of TLB or cache on local and
+ * remote processors. Mask provides the set of remote CPUs which are
+ * to be signalled with the IPI specified by vector. The curcpu_cb
+- * callback is invoked on the calling CPU while waiting for remote
+- * CPUs to complete the operation.
++ * callback is invoked on the calling CPU in a critical section while
++ * waiting for remote CPUs to complete the operation.
+ *
+ * The callback function is called unconditionally on the caller's
+ * underlying processor, even when this processor is not set in the
+ * mask. So, the callback function must be prepared to handle such
+ * spurious invocations.
++ *
++ * This function must be called with the thread pinned, and it unpins on
++ * completion.
+ */
+ static void
+ smp_targeted_tlb_shootdown(cpuset_t mask, u_int vector, pmap_t pmap,
+@@ -1670,23 +1673,21 @@
+ * It is not necessary to signal other CPUs while booting or
+ * when in the debugger.
+ */
+- if (kdb_active || panicstr != NULL || !smp_started) {
+- curcpu_cb(pmap, addr1, addr2);
+- return;
+- }
++ if (kdb_active || panicstr != NULL || !smp_started)
++ goto local_cb;
+
+- sched_pin();
++ KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
+
+ /*
+ * Check for other cpus. Return if none.
+ */
+ if (CPU_ISFULLSET(&mask)) {
+ if (mp_ncpus <= 1)
+- goto nospinexit;
++ goto local_cb;
+ } else {
+ CPU_CLR(PCPU_GET(cpuid), &mask);
+ if (CPU_EMPTY(&mask))
+- goto nospinexit;
++ goto local_cb;
+ }
+
+ if (!(read_eflags() & PSL_I))
+@@ -1718,13 +1719,22 @@
+ while (*p_cpudone != generation)
+ ia32_pause();
+ }
+- mtx_unlock_spin(&smp_ipi_mtx);
++
++ /*
++ * Unpin before unlocking smp_ipi_mtx. If the thread owes
++ * preemption, this allows scheduler to select thread on any
++ * CPU from its cpuset.
++ */
+ sched_unpin();
++ mtx_unlock_spin(&smp_ipi_mtx);
++
+ return;
+
+-nospinexit:
++local_cb:
++ critical_enter();
+ curcpu_cb(pmap, addr1, addr2);
+ sched_unpin();
++ critical_exit();
+ }
+
+ void
diff --git a/website/static/security/patches/EN-22:04/pcid.patch.asc b/website/static/security/patches/EN-22:04/pcid.patch.asc
new file mode 100644
index 0000000000..6d6ace6a10
--- /dev/null
+++ b/website/static/security/patches/EN-22:04/pcid.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f0ACgkQ05eS9J6n
+5cLfEA//XOgVhJhzIoRofdTZ13OhodqXZOWLVsEoa0m8JdmNPQqZlMl1E+WJ5EPp
+tdJOiVPubefNKR2nQBWzL+eFn7i0wBlm+UhCV/tFTYIXsi8GdxriZXvHKyinEwGj
+hKAisZxNkkTnlis07ugSgXOhgf7JjGka1RI9NLL6eS1qOyRA79Zjhm65TTQ2eTYY
+4xLgQJkUOuTeHm8C4fa9P+FSQzWR+sDkxZ1b84ssKmZ2IXrSkgzPtvR5Vqs3HouO
+40GwFo02cjG7/5ZQm6VH+1RMtkYxKhu/ZJAjPlqzkt93XMSuZvZaJbHqB9FtE7aJ
+MK8C9Z9+3krqnUviSGimRdcE4vcuuPxJ6Gjn8NqtZDek7EuthXZ6dlZr9IeGBgIM
+iT4PWpr3WdaA4bZIX1OucitWv3P6baz2ThEm3t+j8QE7aldj7uzOUHwpu7INmOu9
+toUhzwrMs28RTB+8Ca3esB6CyYNJecJ3NLCB7pMK74KbrFwhzS/4zlDv5Rk0MH82
+SyX7pT4gdUHVvE8bl3Hzz6kbZZCnkGbcpi8cQoz5nOIxGfxTzKrA+2ldDcNOTjaJ
+mzElrgnb64NZRfj+GZY7kZG2hOW3e0TRGckNnERWHXa05SihJVUK6jf8eebuknPJ
+bpnQQcaEOSmOKTZs8NKJDrD63URFiwHtFjLZ1gcfJPArD6BhLNs=
+=wX7m
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:05/tail.patch b/website/static/security/patches/EN-22:05/tail.patch
new file mode 100644
index 0000000000..604d7b32da
--- /dev/null
+++ b/website/static/security/patches/EN-22:05/tail.patch
@@ -0,0 +1,11 @@
+--- usr.bin/tail/forward.c.orig
++++ usr.bin/tail/forward.c
+@@ -367,7 +367,7 @@
+ continue;
+ ftmp = fileargs_fopen(fa, file->file_name, "r");
+ if (ftmp == NULL ||
+- fstat(fileno(file->fp), &sb2) == -1) {
++ fstat(fileno(ftmp), &sb2) == -1) {
+ if (errno != ENOENT)
+ ierr(file->file_name);
+ show(file);
diff --git a/website/static/security/patches/EN-22:05/tail.patch.asc b/website/static/security/patches/EN-22:05/tail.patch.asc
new file mode 100644
index 0000000000..ec11f6480c
--- /dev/null
+++ b/website/static/security/patches/EN-22:05/tail.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cLIwA/+JYlMB/hzhN/Ks3A+0OT2LbjaANCIx1q/w47/0mC4BYPq7q4XqCsoNr2W
+XkPfSORuAJYuerDtGdzjUqBggko4MmCOKZ7CUGr7TZiRiod5++1ZM5PbQbQU5fh9
++TWhb++OvRcNI4/m+cb7lBEGWt57L1AUzNkRNBIeJlJ1r5gnV/zGxOA2njpXQGh7
+grm39HtO3OQpnYLXdaTx/mYFOXPEJeTj4Tey2fGOq68ji7XzD7nnl0xWuM9yIY02
+gMKbcQywWHqDrmQMDhm2iGAzwz2Qhz79PYL4zWGHrPzObUXsFXVG5H5ikBLJIC2l
+rWUnJwBkZtSNYMsOlex7V1/sjXbVy+g/sXGLjiSmExN3fr5nNOcHymxj1Bj86W7V
+U2vw8LVegEjPhEHMDNqaalmt4PReVzXUHu9pGX0vn9ko01dG+RIwPvBw5mZRz/Uj
+VYPQxGthex5BDhbM5W9zYoovSHgOd5nJ+D8CABIwF9S2QDGA3guM38ww/7mJBuxa
+b9TAWi4DzNWImDVkG2CGr9at5WqVJauweoXn7mkS0d97MdR0cXoCwrs0zn5s93JQ
+OHJJP0r0wW4F5deD5LKOwyOCWLNTaeG2lxZIjtBWhc7qA97R4+iYX4PrJ2IsRr0b
+5It3ml8vftNEpPCD0SPQIX/3bJgH3WUGcOktnxuMPSmxrVVWEEg=
+=vBTy
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:06/libalias.12.patch b/website/static/security/patches/EN-22:06/libalias.12.patch
new file mode 100644
index 0000000000..f457db2ecb
--- /dev/null
+++ b/website/static/security/patches/EN-22:06/libalias.12.patch
@@ -0,0 +1,282 @@
+--- sys/netinet/libalias/alias.c.orig
++++ sys/netinet/libalias/alias.c
+@@ -720,21 +720,37 @@
+ return (PKT_ALIAS_IGNORED);
+ }
+
++#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF)
++#define FRAG_NO_HDR(_pip) (ntohs((_pip)->ip_off) & IP_OFFMASK)
++
++static struct udphdr *
++ValidateUdpLength(struct ip *pip)
++{
++ struct udphdr *ud;
++ size_t dlen;
++
++#ifdef _KERNEL
++ KASSERT(!FRAG_NO_HDR(pip), ("header-less fragment isn't expected here"));
++#endif
++ dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++ if (dlen < sizeof(struct udphdr))
++ return (NULL);
++ ud = (struct udphdr *)ip_next(pip);
++ if (!MF_ISSET(pip) && dlen < ntohs(ud->uh_ulen))
++ return (NULL);
++ return (ud);
++}
++
+ static int
+ UdpAliasIn(struct libalias *la, struct ip *pip)
+ {
+ struct udphdr *ud;
+ struct alias_link *lnk;
+- size_t dlen;
+
+ LIBALIAS_LOCK_ASSERT(la);
+
+- dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
+- if (dlen < sizeof(struct udphdr))
+- return (PKT_ALIAS_IGNORED);
+-
+- ud = (struct udphdr *)ip_next(pip);
+- if (dlen < ntohs(ud->uh_ulen))
++ ud = ValidateUdpLength(pip);
++ if (ud == NULL)
+ return (PKT_ALIAS_IGNORED);
+
+ lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
+@@ -827,19 +843,14 @@
+ u_short proxy_server_port;
+ int proxy_type;
+ int error;
+- size_t dlen;
+
+ LIBALIAS_LOCK_ASSERT(la);
+
+- /* Return if proxy-only mode is enabled and not proxyrule found.*/
+- dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
+- if (dlen < sizeof(struct udphdr))
+- return (PKT_ALIAS_IGNORED);
+-
+- ud = (struct udphdr *)ip_next(pip);
+- if (dlen < ntohs(ud->uh_ulen))
++ ud = ValidateUdpLength(pip);
++ if (ud == NULL)
+ return (PKT_ALIAS_IGNORED);
+
++ /* Return if proxy-only mode is enabled and not proxyrule found.*/
+ proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port,
+ pip->ip_src, pip->ip_dst, ud->uh_dport, pip->ip_p);
+ if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY))
+@@ -1338,64 +1349,65 @@
+ goto getout;
+ }
+
++ if (FRAG_NO_HDR(pip)) {
++ iresult = FragmentIn(la, pip->ip_src, pip, pip->ip_id,
++ &pip->ip_sum);
++ goto getout;
++ }
++
+ iresult = PKT_ALIAS_IGNORED;
+- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {
+- switch (pip->ip_p) {
+- case IPPROTO_ICMP:
+- iresult = IcmpAliasIn(la, pip);
+- break;
+- case IPPROTO_UDP:
+- iresult = UdpAliasIn(la, pip);
+- break;
+- case IPPROTO_TCP:
+- iresult = TcpAliasIn(la, pip);
+- break;
++ switch (pip->ip_p) {
++ case IPPROTO_ICMP:
++ iresult = IcmpAliasIn(la, pip);
++ break;
++ case IPPROTO_UDP:
++ iresult = UdpAliasIn(la, pip);
++ break;
++ case IPPROTO_TCP:
++ iresult = TcpAliasIn(la, pip);
++ break;
+ #ifdef _KERNEL
+- case IPPROTO_SCTP:
+- iresult = SctpAlias(la, pip, SN_TO_LOCAL);
+- break;
++ case IPPROTO_SCTP:
++ iresult = SctpAlias(la, pip, SN_TO_LOCAL);
++ break;
+ #endif
+- case IPPROTO_GRE: {
+- int error;
+- struct alias_data ad = {
+- .lnk = NULL,
+- .oaddr = NULL,
+- .aaddr = NULL,
+- .aport = NULL,
+- .sport = NULL,
+- .dport = NULL,
+- .maxpktsize = 0
+- };
+-
+- /* Walk out chain. */
+- error = find_handler(IN, IP, la, pip, &ad);
+- if (error == 0)
+- iresult = PKT_ALIAS_OK;
+- else
+- iresult = ProtoAliasIn(la, pip->ip_src,
+- pip, pip->ip_p, &pip->ip_sum);
+- break;
+- }
+- default:
+- iresult = ProtoAliasIn(la, pip->ip_src, pip,
+- pip->ip_p, &pip->ip_sum);
+- break;
+- }
++ case IPPROTO_GRE: {
++ int error;
++ struct alias_data ad = {
++ .lnk = NULL,
++ .oaddr = NULL,
++ .aaddr = NULL,
++ .aport = NULL,
++ .sport = NULL,
++ .dport = NULL,
++ .maxpktsize = 0
++ };
+
+- if (ntohs(pip->ip_off) & IP_MF) {
+- struct alias_link *lnk;
++ /* Walk out chain. */
++ error = find_handler(IN, IP, la, pip, &ad);
++ if (error == 0)
++ iresult = PKT_ALIAS_OK;
++ else
++ iresult = ProtoAliasIn(la, pip->ip_src,
++ pip, pip->ip_p, &pip->ip_sum);
++ break;
++ }
++ default:
++ iresult = ProtoAliasIn(la, pip->ip_src, pip,
++ pip->ip_p, &pip->ip_sum);
++ break;
++ }
+
+- lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
+- if (lnk != NULL) {
+- iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
+- SetFragmentAddr(lnk, pip->ip_dst);
+- } else {
+- iresult = PKT_ALIAS_ERROR;
+- }
++ if (MF_ISSET(pip)) {
++ struct alias_link *lnk;
++
++ lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
++ if (lnk != NULL) {
++ iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
++ SetFragmentAddr(lnk, pip->ip_dst);
++ } else {
++ iresult = PKT_ALIAS_ERROR;
+ }
+- } else {
+- iresult = FragmentIn(la, pip->ip_src, pip, pip->ip_id,
+- &pip->ip_sum);
+ }
+
+ getout:
+@@ -1491,52 +1503,55 @@
+ } else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) {
+ SetDefaultAliasAddress(la, pip->ip_src);
+ }
++
++ if (FRAG_NO_HDR(pip)) {
++ iresult = FragmentOut(la, pip, &pip->ip_sum);
++ goto getout_restore;
++ }
++
+ iresult = PKT_ALIAS_IGNORED;
+- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {
+- switch (pip->ip_p) {
+- case IPPROTO_ICMP:
+- iresult = IcmpAliasOut(la, pip, create);
+- break;
+- case IPPROTO_UDP:
+- iresult = UdpAliasOut(la, pip, maxpacketsize, create);
+- break;
+- case IPPROTO_TCP:
+- iresult = TcpAliasOut(la, pip, maxpacketsize, create);
+- break;
++ switch (pip->ip_p) {
++ case IPPROTO_ICMP:
++ iresult = IcmpAliasOut(la, pip, create);
++ break;
++ case IPPROTO_UDP:
++ iresult = UdpAliasOut(la, pip, maxpacketsize, create);
++ break;
++ case IPPROTO_TCP:
++ iresult = TcpAliasOut(la, pip, maxpacketsize, create);
++ break;
+ #ifdef _KERNEL
+- case IPPROTO_SCTP:
+- iresult = SctpAlias(la, pip, SN_TO_GLOBAL);
+- break;
++ case IPPROTO_SCTP:
++ iresult = SctpAlias(la, pip, SN_TO_GLOBAL);
++ break;
+ #endif
+- case IPPROTO_GRE: {
+- int error;
+- struct alias_data ad = {
+- .lnk = NULL,
+- .oaddr = NULL,
+- .aaddr = NULL,
+- .aport = NULL,
+- .sport = NULL,
+- .dport = NULL,
+- .maxpktsize = 0
+- };
+- /* Walk out chain. */
+- error = find_handler(OUT, IP, la, pip, &ad);
+- if (error == 0)
+- iresult = PKT_ALIAS_OK;
+- else
+- iresult = ProtoAliasOut(la, pip,
+- pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+- break;
+- }
+- default:
++ case IPPROTO_GRE: {
++ int error;
++ struct alias_data ad = {
++ .lnk = NULL,
++ .oaddr = NULL,
++ .aaddr = NULL,
++ .aport = NULL,
++ .sport = NULL,
++ .dport = NULL,
++ .maxpktsize = 0
++ };
++ /* Walk out chain. */
++ error = find_handler(OUT, IP, la, pip, &ad);
++ if (error == 0)
++ iresult = PKT_ALIAS_OK;
++ else
+ iresult = ProtoAliasOut(la, pip,
+ pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+- break;
++ break;
+ }
+- } else {
+- iresult = FragmentOut(la, pip, &pip->ip_sum);
++ default:
++ iresult = ProtoAliasOut(la, pip,
++ pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
++ break;
+ }
+
++getout_restore:
+ SetDefaultAliasAddress(la, addr_save);
+ getout:
+ return (iresult);
diff --git a/website/static/security/patches/EN-22:06/libalias.12.patch.asc b/website/static/security/patches/EN-22:06/libalias.12.patch.asc
new file mode 100644
index 0000000000..8573b9e95f
--- /dev/null
+++ b/website/static/security/patches/EN-22:06/libalias.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cKScg//U8XZRBF2qi2NACZJTWg32KhUPtV+RBrtOKduaKZVqXl00s9RkqdBrhsS
+BMWJJOZGYlCr/mO+D2n/xJHkiiETziKpPqlwxJhprfL9HH7cuGYqyJBvnT7tRTow
++iebs69LphCHQS7ZPHda8JI+Efl4lDETPp0VHuYYGH/O6B8BKCHfNClW9yB/4cRN
+f9Z24MBWd15K3NNaUZUBK199YSI5B1x8QbH8cpLOT1uEK6Bu7ADk+iJfhtKHCoFx
+nlyTDNGoRwUvxKBkpEYlmA6kpx89Y5g7qJlwcYt0xQeqJ5x/5cP25Vp2+evlHxH6
+0yT9VLO6RDlaQBNADra5V3TSydMEV1gLADXjFWB52jDuAtwBndIDSAiz/+AmeSiX
+CUurh2ijsNHJ6Y/gZkLm/OqOz6OHAUBXkqs9Sn2MGx0N/CTmGKwIn5kdRmuTEUn4
+gtMry5jh4Kjgg1rNcRM+drjnBdHAjnWUF16b1fZP0MhlAZXrHOi1fBstfvyzn+jM
+7TcDJu0cYsQeNnnyqwlXGGn2tKTwniQUZThNmH/vxWHFtLJGkTDraSxew7Lj1V7q
+PLhhDZ0mx6FPlZC0zUBdMwU/lbT81GntTBeHBjO3mhGA/czX+xumYHCZctcvMc/9
+1lnjDxl6JrNSrt2a2TRUJNl882g0UTKA+bD6VpsvVZFz0TnT6bs=
+=YCoB
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:06/libalias.13.patch b/website/static/security/patches/EN-22:06/libalias.13.patch
new file mode 100644
index 0000000000..1e56abf7be
--- /dev/null
+++ b/website/static/security/patches/EN-22:06/libalias.13.patch
@@ -0,0 +1,479 @@
+--- sys/netinet/libalias/alias.c.orig
++++ sys/netinet/libalias/alias.c
+@@ -724,21 +724,37 @@
+ return (PKT_ALIAS_IGNORED);
+ }
+
++#define MF_ISSET(_pip) (ntohs((_pip)->ip_off) & IP_MF)
++#define FRAG_NO_HDR(_pip) (ntohs((_pip)->ip_off) & IP_OFFMASK)
++
++static struct udphdr *
++ValidateUdpLength(struct ip *pip)
++{
++ struct udphdr *ud;
++ size_t dlen;
++
++#ifdef _KERNEL
++ KASSERT(!FRAG_NO_HDR(pip), ("header-less fragment isn't expected here"));
++#endif
++ dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++ if (dlen < sizeof(struct udphdr))
++ return (NULL);
++ ud = (struct udphdr *)ip_next(pip);
++ if (!MF_ISSET(pip) && dlen < ntohs(ud->uh_ulen))
++ return (NULL);
++ return (ud);
++}
++
+ static int
+ UdpAliasIn(struct libalias *la, struct ip *pip)
+ {
+ struct udphdr *ud;
+ struct alias_link *lnk;
+- size_t dlen;
+
+ LIBALIAS_LOCK_ASSERT(la);
+
+- dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
+- if (dlen < sizeof(struct udphdr))
+- return (PKT_ALIAS_IGNORED);
+-
+- ud = (struct udphdr *)ip_next(pip);
+- if (dlen < ntohs(ud->uh_ulen))
++ ud = ValidateUdpLength(pip);
++ if (ud == NULL)
+ return (PKT_ALIAS_IGNORED);
+
+ lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
+@@ -753,8 +769,8 @@
+ int accumulate;
+ int error;
+ struct alias_data ad = {
+- .lnk = lnk,
+- .oaddr = &original_address,
++ .lnk = lnk,
++ .oaddr = &original_address,
+ .aaddr = &alias_address,
+ .aport = &alias_port,
+ .sport = &ud->uh_sport,
+@@ -769,46 +785,48 @@
+ ud->uh_dport = GetOriginalPort(lnk);
+ proxy_port = GetProxyPort(lnk);
+
+- /* Walk out chain. */
++ /* Walk out chain. */
+ error = find_handler(IN, UDP, la, pip, &ad);
+ /* If we cannot figure out the packet, ignore it. */
+ if (error < 0)
+ return (PKT_ALIAS_IGNORED);
+
+-/* If UDP checksum is not zero, then adjust since destination port */
+-/* is being unaliased and destination address is being altered. */
++ /* If UDP checksum is not zero, then adjust since
++ * destination port is being unaliased and
++ * destination address is being altered. */
+ if (ud->uh_sum != 0) {
+ accumulate = alias_port;
+ accumulate -= ud->uh_dport;
+ accumulate += twowords(&alias_address);
+ accumulate -= twowords(&original_address);
+
+-/* If this is a proxy packet, modify checksum because of source change.*/
+- if (proxy_port != 0) {
+- accumulate += ud->uh_sport;
+- accumulate -= proxy_port;
+- }
++ /* If this is a proxy packet, modify checksum
++ * because of source change.*/
++ if (proxy_port != 0) {
++ accumulate += ud->uh_sport;
++ accumulate -= proxy_port;
++ }
+
+- if (proxy_address.s_addr != 0) {
++ if (proxy_address.s_addr != 0) {
+ accumulate += twowords(&pip->ip_src);
+ accumulate -= twowords(&proxy_address);
+- }
++ }
+
+ ADJUST_CHECKSUM(accumulate, ud->uh_sum);
+ }
+-/* XXX: Could the two if's below be concatenated to one ? */
+-/* Restore source port and/or address in case of proxying*/
+
+- if (proxy_port != 0)
+- ud->uh_sport = proxy_port;
++ /* XXX: Could the two if's below be concatenated to one ? */
++ /* Restore source port and/or address in case of proxying*/
++ if (proxy_port != 0)
++ ud->uh_sport = proxy_port;
+
+- if (proxy_address.s_addr != 0) {
+- DifferentialChecksum(&pip->ip_sum,
+- &proxy_address, &pip->ip_src, 2);
+- pip->ip_src = proxy_address;
+- }
++ if (proxy_address.s_addr != 0) {
++ DifferentialChecksum(&pip->ip_sum,
++ &proxy_address, &pip->ip_src, 2);
++ pip->ip_src = proxy_address;
++ }
+
+-/* Restore original IP address */
++ /* Restore original IP address */
+ DifferentialChecksum(&pip->ip_sum,
+ &original_address, &pip->ip_dst, 2);
+ pip->ip_dst = original_address;
+@@ -829,47 +847,41 @@
+ u_short proxy_server_port;
+ int proxy_type;
+ int error;
+- size_t dlen;
+
+ LIBALIAS_LOCK_ASSERT(la);
+
+-/* Return if proxy-only mode is enabled and not proxyrule found.*/
+- dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
+- if (dlen < sizeof(struct udphdr))
++ ud = ValidateUdpLength(pip);
++ if (ud == NULL)
+ return (PKT_ALIAS_IGNORED);
+
+- ud = (struct udphdr *)ip_next(pip);
+- if (dlen < ntohs(ud->uh_ulen))
+- return (PKT_ALIAS_IGNORED);
+-
+- proxy_type = ProxyCheck(la, &proxy_server_address,
+- &proxy_server_port, pip->ip_src, pip->ip_dst,
+- ud->uh_dport, pip->ip_p);
++ /* Return if proxy-only mode is enabled and not proxyrule found.*/
++ proxy_type = ProxyCheck(la, &proxy_server_address, &proxy_server_port,
++ pip->ip_src, pip->ip_dst, ud->uh_dport, pip->ip_p);
+ if (proxy_type == 0 && (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY))
+ return (PKT_ALIAS_OK);
+
+-/* If this is a transparent proxy, save original destination,
+- * then alter the destination and adjust checksums */
++ /* If this is a transparent proxy, save original destination,
++ * then alter the destination and adjust checksums */
+ dest_port = ud->uh_dport;
+ dest_address = pip->ip_dst;
+
+ if (proxy_type != 0) {
+- int accumulate;
++ int accumulate;
+
+ accumulate = twowords(&pip->ip_dst);
+ accumulate -= twowords(&proxy_server_address);
+
+- ADJUST_CHECKSUM(accumulate, pip->ip_sum);
++ ADJUST_CHECKSUM(accumulate, pip->ip_sum);
+
+ if (ud->uh_sum != 0) {
+ accumulate = twowords(&pip->ip_dst);
+ accumulate -= twowords(&proxy_server_address);
+- accumulate += ud->uh_dport;
+- accumulate -= proxy_server_port;
+- ADJUST_CHECKSUM(accumulate, ud->uh_sum);
++ accumulate += ud->uh_dport;
++ accumulate -= proxy_server_port;
++ ADJUST_CHECKSUM(accumulate, ud->uh_sum);
+ }
+- pip->ip_dst = proxy_server_address;
+- ud->uh_dport = proxy_server_port;
++ pip->ip_dst = proxy_server_address;
++ ud->uh_dport = proxy_server_port;
+ }
+ lnk = FindUdpTcpOut(la, pip->ip_src, pip->ip_dst,
+ ud->uh_sport, ud->uh_dport,
+@@ -878,7 +890,7 @@
+ u_short alias_port;
+ struct in_addr alias_address;
+ struct alias_data ad = {
+- .lnk = lnk,
++ .lnk = lnk,
+ .oaddr = NULL,
+ .aaddr = &alias_address,
+ .aport = &alias_port,
+@@ -887,24 +899,24 @@
+ .maxpktsize = 0
+ };
+
+-/* Save original destination address, if this is a proxy packet.
+- * Also modify packet to include destination encoding. This may
+- * change the size of IP header. */
++ /* Save original destination address, if this is a proxy packet.
++ * Also modify packet to include destination encoding. This may
++ * change the size of IP header. */
+ if (proxy_type != 0) {
+- SetProxyPort(lnk, dest_port);
+- SetProxyAddress(lnk, dest_address);
+- ProxyModify(la, lnk, pip, maxpacketsize, proxy_type);
+- ud = (struct udphdr *)ip_next(pip);
+- }
++ SetProxyPort(lnk, dest_port);
++ SetProxyAddress(lnk, dest_address);
++ ProxyModify(la, lnk, pip, maxpacketsize, proxy_type);
++ ud = (struct udphdr *)ip_next(pip);
++ }
+
+ alias_address = GetAliasAddress(lnk);
+ alias_port = GetAliasPort(lnk);
+
+- /* Walk out chain. */
++ /* Walk out chain. */
+ error = find_handler(OUT, UDP, la, pip, &ad);
+
+-/* If UDP checksum is not zero, adjust since source port is */
+-/* being aliased and source address is being altered */
++ /* If UDP checksum is not zero, adjust since source port is */
++ /* being aliased and source address is being altered */
+ if (ud->uh_sum != 0) {
+ int accumulate;
+
+@@ -914,10 +926,10 @@
+ accumulate -= twowords(&alias_address);
+ ADJUST_CHECKSUM(accumulate, ud->uh_sum);
+ }
+-/* Put alias port in UDP header */
++ /* Put alias port in UDP header */
+ ud->uh_sport = alias_port;
+
+-/* Change source address */
++ /* Change source address */
+ DifferentialChecksum(&pip->ip_sum,
+ &alias_address, &pip->ip_src, 2);
+ pip->ip_src = alias_address;
+@@ -1340,68 +1352,69 @@
+ /* Defense against mangled packets */
+ if (ntohs(pip->ip_len) > maxpacketsize
+ || (pip->ip_hl << 2) > maxpacketsize) {
+- iresult = PKT_ALIAS_IGNORED;
++ iresult = PKT_ALIAS_IGNORED;
++ goto getout;
++ }
++
++ if (FRAG_NO_HDR(pip)) {
++ iresult = FragmentIn(la, pip->ip_src, pip, pip->ip_id,
++ &pip->ip_sum);
+ goto getout;
+ }
+
+ iresult = PKT_ALIAS_IGNORED;
+- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {
+- switch (pip->ip_p) {
+- case IPPROTO_ICMP:
+- iresult = IcmpAliasIn(la, pip);
+- break;
+- case IPPROTO_UDP:
+- iresult = UdpAliasIn(la, pip);
+- break;
+- case IPPROTO_TCP:
+- iresult = TcpAliasIn(la, pip);
+- break;
++ switch (pip->ip_p) {
++ case IPPROTO_ICMP:
++ iresult = IcmpAliasIn(la, pip);
++ break;
++ case IPPROTO_UDP:
++ iresult = UdpAliasIn(la, pip);
++ break;
++ case IPPROTO_TCP:
++ iresult = TcpAliasIn(la, pip);
++ break;
+ #ifdef _KERNEL
+- case IPPROTO_SCTP:
+- iresult = SctpAlias(la, pip, SN_TO_LOCAL);
+- break;
++ case IPPROTO_SCTP:
++ iresult = SctpAlias(la, pip, SN_TO_LOCAL);
++ break;
+ #endif
+- case IPPROTO_GRE: {
+- int error;
+- struct alias_data ad = {
+- .lnk = NULL,
+- .oaddr = NULL,
+- .aaddr = NULL,
+- .aport = NULL,
+- .sport = NULL,
+- .dport = NULL,
+- .maxpktsize = 0
+- };
+-
+- /* Walk out chain. */
+- error = find_handler(IN, IP, la, pip, &ad);
+- if (error == 0)
+- iresult = PKT_ALIAS_OK;
+- else
+- iresult = ProtoAliasIn(la, pip->ip_src,
+- pip, pip->ip_p, &pip->ip_sum);
+- }
+- break;
+- default:
+- iresult = ProtoAliasIn(la, pip->ip_src, pip,
+- pip->ip_p, &pip->ip_sum);
+- break;
+- }
++ case IPPROTO_GRE: {
++ int error;
++ struct alias_data ad = {
++ .lnk = NULL,
++ .oaddr = NULL,
++ .aaddr = NULL,
++ .aport = NULL,
++ .sport = NULL,
++ .dport = NULL,
++ .maxpktsize = 0
++ };
+
+- if (ntohs(pip->ip_off) & IP_MF) {
+- struct alias_link *lnk;
++ /* Walk out chain. */
++ error = find_handler(IN, IP, la, pip, &ad);
++ if (error == 0)
++ iresult = PKT_ALIAS_OK;
++ else
++ iresult = ProtoAliasIn(la, pip->ip_src,
++ pip, pip->ip_p, &pip->ip_sum);
++ break;
++ }
++ default:
++ iresult = ProtoAliasIn(la, pip->ip_src, pip,
++ pip->ip_p, &pip->ip_sum);
++ break;
++ }
+
+- lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
+- if (lnk != NULL) {
+- iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
+- SetFragmentAddr(lnk, pip->ip_dst);
+- } else {
+- iresult = PKT_ALIAS_ERROR;
+- }
++ if (MF_ISSET(pip)) {
++ struct alias_link *lnk;
++
++ lnk = FindFragmentIn1(la, pip->ip_src, alias_addr, pip->ip_id);
++ if (lnk != NULL) {
++ iresult = PKT_ALIAS_FOUND_HEADER_FRAGMENT;
++ SetFragmentAddr(lnk, pip->ip_dst);
++ } else {
++ iresult = PKT_ALIAS_ERROR;
+ }
+- } else {
+- iresult = FragmentIn(la, pip->ip_src, pip, pip->ip_id,
+- &pip->ip_sum);
+ }
+
+ getout:
+@@ -1449,10 +1462,10 @@
+ }
+
+ static int
+-LibAliasOutLocked(struct libalias *la, struct ip *pip, /* valid IP packet */
+- int maxpacketsize, /* How much the packet data may grow (FTP
+- * and IRC inline changes) */
+- int create /* Create new entries ? */
++LibAliasOutLocked(struct libalias *la,
++ struct ip *pip, /* valid IP packet */
++ int maxpacketsize, /* How much the packet data may grow (FTP and IRC inline changes) */
++ int create /* Create new entries ? */
+ )
+ {
+ int iresult;
+@@ -1498,52 +1511,55 @@
+ } else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) {
+ SetDefaultAliasAddress(la, pip->ip_src);
+ }
++
++ if (FRAG_NO_HDR(pip)) {
++ iresult = FragmentOut(la, pip, &pip->ip_sum);
++ goto getout_restore;
++ }
++
+ iresult = PKT_ALIAS_IGNORED;
+- if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) {
+- switch (pip->ip_p) {
+- case IPPROTO_ICMP:
+- iresult = IcmpAliasOut(la, pip, create);
+- break;
+- case IPPROTO_UDP:
+- iresult = UdpAliasOut(la, pip, maxpacketsize, create);
+- break;
+- case IPPROTO_TCP:
+- iresult = TcpAliasOut(la, pip, maxpacketsize, create);
+- break;
++ switch (pip->ip_p) {
++ case IPPROTO_ICMP:
++ iresult = IcmpAliasOut(la, pip, create);
++ break;
++ case IPPROTO_UDP:
++ iresult = UdpAliasOut(la, pip, maxpacketsize, create);
++ break;
++ case IPPROTO_TCP:
++ iresult = TcpAliasOut(la, pip, maxpacketsize, create);
++ break;
+ #ifdef _KERNEL
+- case IPPROTO_SCTP:
+- iresult = SctpAlias(la, pip, SN_TO_GLOBAL);
+- break;
++ case IPPROTO_SCTP:
++ iresult = SctpAlias(la, pip, SN_TO_GLOBAL);
++ break;
+ #endif
+- case IPPROTO_GRE: {
+- int error;
+- struct alias_data ad = {
+- .lnk = NULL,
+- .oaddr = NULL,
+- .aaddr = NULL,
+- .aport = NULL,
+- .sport = NULL,
+- .dport = NULL,
+- .maxpktsize = 0
+- };
+- /* Walk out chain. */
+- error = find_handler(OUT, IP, la, pip, &ad);
+- if (error == 0)
+- iresult = PKT_ALIAS_OK;
+- else
+- iresult = ProtoAliasOut(la, pip,
+- pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+- }
+- break;
+- default:
++ case IPPROTO_GRE: {
++ int error;
++ struct alias_data ad = {
++ .lnk = NULL,
++ .oaddr = NULL,
++ .aaddr = NULL,
++ .aport = NULL,
++ .sport = NULL,
++ .dport = NULL,
++ .maxpktsize = 0
++ };
++ /* Walk out chain. */
++ error = find_handler(OUT, IP, la, pip, &ad);
++ if (error == 0)
++ iresult = PKT_ALIAS_OK;
++ else
+ iresult = ProtoAliasOut(la, pip,
+ pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
+- break;
++ break;
+ }
+- } else {
+- iresult = FragmentOut(la, pip, &pip->ip_sum);
++ default:
++ iresult = ProtoAliasOut(la, pip,
++ pip->ip_dst, pip->ip_p, &pip->ip_sum, create);
++ break;
+ }
+
++getout_restore:
+ SetDefaultAliasAddress(la, addr_save);
+ getout:
+ return (iresult);
diff --git a/website/static/security/patches/EN-22:06/libalias.13.patch.asc b/website/static/security/patches/EN-22:06/libalias.13.patch.asc
new file mode 100644
index 0000000000..2ae91f257a
--- /dev/null
+++ b/website/static/security/patches/EN-22:06/libalias.13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cIjkQ//S/PbtpfNkq5peITWkBr/bwOV4ScWxxbJP9yT1Px5Yt8f5hwxQofwXs/O
+lg3SPXwi2MxHzev3qX+Af2/DDK/fr5a+gbuuKl4jGk8In/2f9p8fxVHX+uJjOlMC
+H2aOH66+AWOsv2A0Grof9MMm8O5E/py7u5dcch1IyxFttLiEOAdJpz8Kyj3T+0Hj
+3nEid8waoSRYOsOJFGk1hpvN4vJpXs6jg97RAzrAtnjBhePQzqzrndmARmtIO05e
+UsgSDRv+363m3tHJWlGlEBwclZ22/iaLRvYb7dQkphb8w8JfUvnLQV3UxCFrVwNh
+odyC0Zt3lfL6tSA4PbZrx1no6DSp2iQ+LmHdlQtuChATA0pnt0JFVp7DWqEiaLge
+D7emJqJOhHYQk/UU4tPwRabQnwwdJoop8RsSHbpOVd/jRJ0wbVrfHCHc042Cc49q
+D7HlgzxJymFrPphoix91XV4RZW4Bp8SEdCUxAksb70fwMbHscCAQCXbuM1BIe8qu
+5OkFSn+iLgUXHIL3mTyQnCmj6MhxOZJTG1ShIOFYFljyee7tTsmlH3gAXMWnGmAQ
+LEgClacqdLFFnCrplXcSMhux4W/yf1NBFFjh1OwnhKzm1fPV3zacQt1Qs1bJUORA
+imULB9gA1RYk6TTP4F2QkQ82c41Cbma20zF6BChwqAQhqjdCchk=
+=XtkJ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-22:01/vt.patch b/website/static/security/patches/SA-22:01/vt.patch
new file mode 100644
index 0000000000..def49300e9
--- /dev/null
+++ b/website/static/security/patches/SA-22:01/vt.patch
@@ -0,0 +1,44 @@
+--- sys/dev/vt/hw/fb/vt_fb.c.orig
++++ sys/dev/vt/hw/fb/vt_fb.c
+@@ -355,6 +355,9 @@
+ VTBUF_ISCURSOR(&vw->vw_buf, row, col), &fg, &bg);
+
+ z = row * PIXEL_WIDTH(VT_FB_MAX_WIDTH) + col;
++ if (z >= PIXEL_HEIGHT(VT_FB_MAX_HEIGHT) *
++ PIXEL_WIDTH(VT_FB_MAX_WIDTH))
++ continue;
+ if (vd->vd_drawn && (vd->vd_drawn[z] == c) &&
+ vd->vd_drawnfg && (vd->vd_drawnfg[z] == fg) &&
+ vd->vd_drawnbg && (vd->vd_drawnbg[z] == bg))
+@@ -405,6 +408,9 @@
+ for (col = area->tr_begin.tp_col; col < area->tr_end.tp_col;
+ ++col) {
+ z = row * PIXEL_WIDTH(VT_FB_MAX_WIDTH) + col;
++ if (z >= PIXEL_HEIGHT(VT_FB_MAX_HEIGHT) *
++ PIXEL_WIDTH(VT_FB_MAX_WIDTH))
++ continue;
+ if (vd->vd_drawn)
+ vd->vd_drawn[z] = 0;
+ if (vd->vd_drawnfg)
+--- sys/dev/vt/hw/vga/vt_vga.c.orig
++++ sys/dev/vt/hw/vga/vt_vga.c
+@@ -888,6 +888,9 @@
+ &fg, &bg);
+
+ z = row * PIXEL_WIDTH(VT_FB_MAX_WIDTH) + col;
++ if (z >= PIXEL_HEIGHT(VT_FB_MAX_HEIGHT) *
++ PIXEL_WIDTH(VT_FB_MAX_WIDTH))
++ continue;
+ if (vd->vd_drawn && (vd->vd_drawn[z] == c) &&
+ vd->vd_drawnfg && (vd->vd_drawnfg[z] == fg) &&
+ vd->vd_drawnbg && (vd->vd_drawnbg[z] == bg))
+@@ -941,6 +944,9 @@
+ col < area->tr_end.tp_col;
+ ++col) {
+ z = row * PIXEL_WIDTH(VT_FB_MAX_WIDTH) + col;
++ if (z >= PIXEL_HEIGHT(VT_FB_MAX_HEIGHT) *
++ PIXEL_WIDTH(VT_FB_MAX_WIDTH))
++ continue;
+ if (vd->vd_drawn)
+ vd->vd_drawn[z] = 0;
+ if (vd->vd_drawnfg)
diff --git a/website/static/security/patches/SA-22:01/vt.patch.asc b/website/static/security/patches/SA-22:01/vt.patch.asc
new file mode 100644
index 0000000000..086f30ea72
--- /dev/null
+++ b/website/static/security/patches/SA-22:01/vt.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n
+5cJIpA/9H/QBZciF+Sr0rL6CFTS2W9ipdZAKjlocgdX1Mj5EUNibkWRZXz/hl8b1
+eTPdqzcw3k3aDQy5x+ckzgfhwCCn5q1CQttgv1O1sYgH2cGAok3FO1YZaXfYskl2
+c5iYYzBtwVJk7TysoEzwvAQBVDEXEg0MMD+SH4wpJoXZ4X3DCN7r7ED0AAq+UvJG
+UrRPioAoVAyzLXSl0Pjnt83KHhC/PGgJvpzgQ/0HczYy0dakPKjBK/u9ATRRr5+G
+oMG6084wcardpf77HB7vUs9uKO/6oG16/DHBUwsWc4MHyBXTeqPezw860+cE61ss
+1LZ9jkfTRJMpgvxCumirdqfWoOVKvXMWJjg83v4CrL/VYq4z95h/wv3gBTrDkJpy
+9o6qROrcw/VTiQgbigC/k7p5Mi63dM+905EbAlGCRZzBgnL3fSj7I5t7UDvMwF8u
+Ju70Dw7vPF0f8bVjPYofER7HEN9gpEpH2rDX0Ics/qwTiP6nG4jA9BpI8v2Blvha
+FpamAdS0JSNDJxbPj3PoxJSBJy66HtUlR25fKTwTT9Zftd9vuSUfmjRqEmZO46oq
+YodTjh20naz5mCnTK6zkGOGmWBgv2RKtz2s/sMDLNi6I93Oq8cGQ5SoIbGXFnYXP
+V9e0XZSpjHEsyRoUID8z5IcaB067b2/Xx0PSghlMKdlNR0KD6to=
+=dggg
+-----END PGP SIGNATURE-----