Add EN-19:12 and SA-19:09 to SA-19:11
Update UPDATING and bump newvers.sh
Fix privilege escalation in cd(4) driver.
Fix kernel stack disclosure in UFS/FFS.
Fix iconv buffer overflow.
Restart local_unbound service after the future build, if it is running.
Add 11.3-RC2 configuration.
Add SA-19:08 and EN-19:11.
Add UPDATING entries for today's release. Bump patch version.
Add ability to limit split map entries to prevent resource
Fix incorrect locking in networking stack.
Add the ability to switch the uarch flag to keep 12.0 from breaking.
This looks straightforward. Approved.
Switch logic in indexfiles to always remove the uarch flag.
Add limit for XZ_THREADS to the buildworld invocation.
Cleanup: Update EOL for 11.0-RELEASE to reflect reality.
Only fetch the iso (and hence overwrite) if the file isn't already there.
Fix for newer versions of openssl.
Republish the SA-19:07.mds advisory due to 12.0-RELEASE i386 panic.
Bump patch revision for updated mds patches.
Correct a few small details in advisories.
Update version of MDS advisory
Correct announcement date.
Done with the large patches.
Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.
I need to commit some large patches.
Bump newvers.sh and add UPDATING block.
Mitigations for Microarchitectural Data Sampling.
Mitigations for Microarchitectural Data Sampling.
Fix ICMP/ICMP6 packet filter bypass in pf.
Fix IPv6 fragment reassembly panic in pf
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Fix insufficient filename validation in scp client
Fix partially matching relative paths in xinstall.
Strong agree on separating any whitespace commits from functional commits. This is especially important for security sensitive content.
Correct wording around '-' masks.
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Correct wrong year in advisory text.
Hopefully I won't need this again.
Add EN-19:01 through EN-19:05.
The sqlite patch is large....
Add SA-18:15 and EN-18:16 through EN-18:18.
Adjust section for secteam.
Forgot to add this to the commit message to auto-close. This was committed as r52684.
Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.
Publish FreeBSD-SA-18:14.bhyve.
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Always treat firmware request and response sizes as unsigned.
Add SA-18:13 and EN-18:13 through EN-18:15.
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Timezone database information update. [EN-18:14.tzdata]
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.
Approved based on timeout from delphij.
I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.
Logic looks reasonable to me. I have only read through the logic, not tested it myself.
Add errata notices EN-18:09 through EN-18:12
Check to ensure the buffer returned is not NULL.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Clear stack allocated data structure to prevent kernel memory leak.
Fix small kernel memory disclosures. [EN-18:12.mem]
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Fix improper elf header parsing. [SA-18:12.elf]
Correct ELF header parsing code to prevent invalid ELF sections from
@markm Can you please specifically address the comment @jmg posted on this review (and it's ancestor)?
Add secteam instead of just me.
Add today's advisory and notices.
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
Remove references to Perforce from the website.
Address feedback from bjk.