Bump patch revision for updated mds patches.
Correct a few small details in advisories.
Update version of MDS advisory
Correct announcement date.
Done with the large patches.
Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.
I need to commit some large patches.
Bump newvers.sh and add UPDATING block.
Mitigations for Microarchitectural Data Sampling.
Mitigations for Microarchitectural Data Sampling.
Fix ICMP/ICMP6 packet filter bypass in pf.
Fix IPv6 fragment reassembly panic in pf
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Fix insufficient filename validation in scp client
Fix partially matching relative paths in xinstall.
Strong agree on separating any whitespace commits from functional commits. This is especially important for security sensitive content.
Correct wording around '-' masks.
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Correct wrong year in advisory text.
Hopefully I won't need this again.
Add EN-19:01 through EN-19:05.
The sqlite patch is large....
Add SA-18:15 and EN-18:16 through EN-18:18.
Adjust section for secteam.
Forgot to add this to the commit message to auto-close. This was committed as r52684.
Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.
Publish FreeBSD-SA-18:14.bhyve.
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Always treat firmware request and response sizes as unsigned.
Add SA-18:13 and EN-18:13 through EN-18:15.
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Timezone database information update. [EN-18:14.tzdata]
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.
Approved based on timeout from delphij.
I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.
Logic looks reasonable to me. I have only read through the logic, not tested it myself.
Add errata notices EN-18:09 through EN-18:12
Check to ensure the buffer returned is not NULL.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Clear stack allocated data structure to prevent kernel memory leak.
Fix small kernel memory disclosures. [EN-18:12.mem]
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Fix improper elf header parsing. [SA-18:12.elf]
Correct ELF header parsing code to prevent invalid ELF sections from
@markm Can you please specifically address the comment @jmg posted on this review (and it's ancestor)?
Add secteam instead of just me.
Add today's advisory and notices.
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
Remove references to Perforce from the website.
Address feedback from bjk.
Perforce has removed the server components for FreeBSD.
Update timezone database information. [EN-18:06.tzdata]
Fix multiple small kernel memory disclosures. [EN-18:05.mem]
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Update timezone database information. [EN-18:03.tzdata]
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Fix vt console memory disclosure. [SA-18:04.vt]
Limit glyph count in vtfont_load to avoid integer overflow.
Add FreeBSD-SA-18:03.speculative_execution.
Add mitigations for two classes of speculative execution vulnerabilities
Update SA-18:01 with revision and a new patch.
Bump newvers and document the updated patch for SA-18:01.ipsec
Correct patches for 10.x along with updated advisory.
Correct patch for ipsec vulnerability.
Fixup the AH patch to properly compile.
Remove myself now that I have commited the NTP patches.