Page MenuHomeFreeBSD
Feed Advanced Search

Dec 4 2018

gordon committed rS341484: Always treat firmware request and response sizes as unsigned..
Always treat firmware request and response sizes as unsigned.
Dec 4 2018, 6:29 PM

Nov 27 2018

gordon committed rD52522: Add SA-18:13 and EN-18:13 through EN-18:15..
Add SA-18:13 and EN-18:13 through EN-18:15.
Nov 27 2018, 8:02 PM
gordon committed rS341093: Fix deferred kernel loading breaks loader password. [EN-18:15.loader].
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Nov 27 2018, 7:48 PM
gordon committed rS341091: Timezone database information update. [EN-18:14.tzdata].
Timezone database information update. [EN-18:14.tzdata]
Nov 27 2018, 7:44 PM
gordon committed rS341089: Fix ICMP buffer underwrite. [EN-18:13.icmp].
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Nov 27 2018, 7:44 PM
gordon committed rS341088: Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs].
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Nov 27 2018, 7:44 PM

Nov 14 2018

gordon added a reviewer for D17984: Update secteam. Promote remko to Deputy. Update core team liason to reflect brooks taking the job.: secteam.
Nov 14 2018, 5:08 AM
gordon created D17984: Update secteam. Promote remko to Deputy. Update core team liason to reflect brooks taking the job..
Nov 14 2018, 5:07 AM

Oct 25 2018

gordon resigned from D4964: Protect calls to explicit_bzero() via by explicitly disabling the link-time and other optimizations that can cause code elimination..

I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.

Oct 25 2018, 3:23 AM

Oct 24 2018

gordon accepted D16935: rijndael (AES): Avoid leaking sensitive data on kernel stack.

Approved based on timeout from delphij.

Oct 24 2018, 6:04 PM

Oct 20 2018

gordon added a comment to D16985: Fortuna: fix a correctness issue in reseed (fortuna_pre_read).

I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.

Oct 20 2018, 10:57 PM
gordon accepted D17252: random(4): Match enabled sources mask to build options.

Logic looks reasonable to me. I have only read through the logic, not tested it myself.

Oct 20 2018, 10:47 PM

Sep 27 2018

gordon committed rD52312: Add errata notices EN-18:09 through EN-18:12.
Add errata notices EN-18:09 through EN-18:12
Sep 27 2018, 7:12 PM
gordon committed rS338987: Check to ensure the buffer returned is not NULL..
Check to ensure the buffer returned is not NULL.
Sep 27 2018, 6:55 PM
gordon committed rS338986: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Sep 27 2018, 6:50 PM
gordon committed rS338985: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Sep 27 2018, 6:49 PM
gordon committed rS338984: MFC r338982..
MFC r338982.
Sep 27 2018, 6:44 PM
gordon committed rS338983: MFC r338982..
MFC r338982.
Sep 27 2018, 6:42 PM
gordon committed rS338982: Clear stack allocated data structure to prevent kernel memory leak..
Clear stack allocated data structure to prevent kernel memory leak.
Sep 27 2018, 6:40 PM
gordon committed rS338981: Fix small kernel memory disclosures. [EN-18:12.mem].
Fix small kernel memory disclosures. [EN-18:12.mem]
Sep 27 2018, 6:36 PM
gordon committed rS338980: Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen].
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Sep 27 2018, 6:34 PM
gordon committed rS338979: Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall].
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Sep 27 2018, 6:32 PM
gordon committed rS338978: Fix regression in IPv6 fragment reassembly. [EN-18:09.ip].
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Sep 27 2018, 6:30 PM

Sep 12 2018

gordon committed rD52250: Add SA-18:12, EN-18:08..
Add SA-18:12, EN-18:08.
Sep 12 2018, 5:23 AM
gordon committed rS338607: Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu].
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Sep 12 2018, 5:08 AM
gordon committed rS338606: Fix improper elf header parsing. [SA-18:12.elf].
Fix improper elf header parsing. [SA-18:12.elf]
Sep 12 2018, 5:07 AM
gordon committed rS338605: MFC 338603:.
MFC 338603:
Sep 12 2018, 5:03 AM
gordon committed rS338604: MFC 338603:.
MFC 338603:
Sep 12 2018, 5:02 AM
gordon committed rS338603: Correct ELF header parsing code to prevent invalid ELF sections from.
Correct ELF header parsing code to prevent invalid ELF sections from
Sep 12 2018, 4:57 AM

Aug 24 2018

gordon added a comment to D16873: Limit the harvest rate of "fast" entropy for random(4) so as not to overload the system..

@markm Can you please specifically address the comment @jmg posted on this review (and it's ancestor)?

Aug 24 2018, 6:11 PM

Aug 23 2018

gordon added a reviewer for D16860: Use arc4rand() instead of read_random(): secteam.

Add secteam instead of just me.

Aug 23 2018, 3:48 PM

Jun 21 2018

gordon committed rD51892: Add today's advisory and notices..
Add today's advisory and notices.
Jun 21 2018, 5:38 AM
gordon committed rS335466: Fix TLB shootdown for Xen based guests. [EN-18:07.pmap].
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Jun 21 2018, 5:18 AM
gordon committed rS335465: Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu].
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
Jun 21 2018, 5:17 AM

May 20 2018

gordon committed rD51679: Remove references to Perforce from the website..
Remove references to Perforce from the website.
May 20 2018, 11:11 PM
gordon closed D15392: Remove Perforce from the documentation tree..
May 20 2018, 11:11 PM
gordon committed rP470436: MFH: r469706.
MFH: r469706
May 20 2018, 12:02 AM

May 12 2018

gordon updated the diff for D15392: Remove Perforce from the documentation tree..

Address feedback from bjk.

May 12 2018, 6:36 AM
gordon added inline comments to D15392: Remove Perforce from the documentation tree..
May 12 2018, 6:35 AM
gordon committed rP469706: Perforce has removed the server components for FreeBSD..
Perforce has removed the server components for FreeBSD.
May 12 2018, 3:50 AM

May 11 2018

gordon created D15392: Remove Perforce from the documentation tree..
May 11 2018, 5:12 PM

May 8 2018

gordon committed rD51632: Add today's advisories..
Add today's advisories.
May 8 2018, 5:25 PM
gordon committed rS333375: Update timezone database information. [EN-18:06.tzdata].
Update timezone database information. [EN-18:06.tzdata]
May 8 2018, 5:18 PM
gordon committed rS333372: Fix multiple small kernel memory disclosures. [EN-18:05.mem].
Fix multiple small kernel memory disclosures. [EN-18:05.mem]
May 8 2018, 5:15 PM
gordon committed rS333371: Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg].
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]
May 8 2018, 5:12 PM

Apr 4 2018

gordon committed rD51534: Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem..
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Apr 4 2018, 5:57 AM
gordon committed rD51533: Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem..
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Apr 4 2018, 5:55 AM
gordon committed rS331987: Fix multiple small kernel memory disclosures. [EN-18:04.mem].
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Apr 4 2018, 5:43 AM
gordon committed rS331986: Update timezone database information. [EN-18:03.tzdata].
Update timezone database information. [EN-18:03.tzdata]
Apr 4 2018, 5:41 AM
gordon committed rS331985: Fix ipsec crash or denial of service. [SA-18:05.ipsec].
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Apr 4 2018, 5:38 AM
gordon committed rS331984: Fix vt console memory disclosure. [SA-18:04.vt].
Fix vt console memory disclosure. [SA-18:04.vt]
Apr 4 2018, 5:34 AM
gordon committed rS331983: MFC r331981:.
MFC r331981:
Apr 4 2018, 5:26 AM
gordon committed rS331982: MFC r331981:.
MFC r331981:
Apr 4 2018, 5:25 AM
gordon committed rS331981: Limit glyph count in vtfont_load to avoid integer overflow..
Limit glyph count in vtfont_load to avoid integer overflow.
Apr 4 2018, 5:22 AM

Mar 14 2018

gordon committed rD51482: Add FreeBSD-SA-18:03.speculative_execution..
Add FreeBSD-SA-18:03.speculative_execution.
Mar 14 2018, 4:15 AM
gordon committed rS330908: Add mitigations for two classes of speculative execution vulnerabilities.
Add mitigations for two classes of speculative execution vulnerabilities
Mar 14 2018, 4:00 AM

Mar 8 2018

gordon committed rD51472: Update SA-18:01 with revision and a new patch..
Update SA-18:01 with revision and a new patch.
Mar 8 2018, 6:17 AM
gordon committed rS330631: Bump newvers and document the updated patch for SA-18:01.ipsec.
Bump newvers and document the updated patch for SA-18:01.ipsec
Mar 8 2018, 6:17 AM

Mar 7 2018

gordon committed rD51470: Correct patches for 10.x along with updated advisory..
Correct patches for 10.x along with updated advisory.
Mar 7 2018, 5:31 PM
gordon committed rS330611: Correct patch for ipsec vulnerability..
Correct patch for ipsec vulnerability.
Mar 7 2018, 5:17 PM
gordon committed rS330609: Fixup the AH patch to properly compile..
Fixup the AH patch to properly compile.
Mar 7 2018, 4:55 PM
gordon committed rD51468: Remove myself now that I have commited the NTP patches..
Remove myself now that I have commited the NTP patches.
Mar 7 2018, 2:58 PM
gordon committed rD51467: Add the actual patches to the doc repo. This would help people interested.
Add the actual patches to the doc repo. This would help people interested
Mar 7 2018, 2:57 PM
gordon committed rD51466: NTP patches are large. Exempt myself from the limit to commit them..
NTP patches are large. Exempt myself from the limit to commit them.
Mar 7 2018, 2:56 PM
gordon committed rD51465: Add actual patches to the doc repo. This would probably help..
Add actual patches to the doc repo. This would probably help.
Mar 7 2018, 2:55 PM
gordon committed rD51464: Switch order of the SA and EN in the xml to sort properly..
Switch order of the SA and EN in the xml to sort properly.
Mar 7 2018, 7:08 AM
gordon committed rD51463: Add SA-18:01, SA-18:02, EN-18:01, EN-18:02..
Add SA-18:01, SA-18:02, EN-18:01, EN-18:02.
Mar 7 2018, 6:46 AM
gordon committed rS330569: Update file(1) to new version with security update. [EN-18:02.file].
Update file(1) to new version with security update. [EN-18:02.file]
Mar 7 2018, 6:05 AM
gordon committed rS330568: Update timezone database information. [EN-18:01.tzdata].
Update timezone database information. [EN-18:01.tzdata]
Mar 7 2018, 6:01 AM
gordon committed rS330567: Fix multiple vulnerabilities in ntp. [SA-18:02.ntp].
Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]
Mar 7 2018, 5:59 AM
gordon committed rS330566: Fix ipsec validation and use-after-free. [SA-18:01.ipsec].
Fix ipsec validation and use-after-free. [SA-18:01.ipsec]
Mar 7 2018, 5:53 AM
gordon committed rS330565: Port r329561 to stable/10. There were structural changes preventing MFC..
Port r329561 to stable/10. There were structural changes preventing MFC.
Mar 7 2018, 5:48 AM

Mar 5 2018

gordon added reviewers for D14500: Implement getrandom(2) and getentropy(3): cperciva, jmg.

Adding cperciva and jmg who may be able to help provide some opinions about how they think this should go.

Mar 5 2018, 8:51 PM

Feb 6 2018

gordon accepted D14211: devel/p4 devel/p4api: cache distfiles in LOCAL.

Okay, based on that, looks good to me.

Feb 6 2018, 12:31 AM

Feb 5 2018

gordon added a comment to D14211: devel/p4 devel/p4api: cache distfiles in LOCAL.

Would it be better off to just not do checksumming for this and use the source as is?

Feb 5 2018, 9:41 PM

Feb 4 2018

gordon committed rP460954: MFH: r460953.
MFH: r460953
Feb 4 2018, 11:37 PM
gordon committed rP460953: Fixup include for p4 related ports now that devel/p4 is using source..
Fixup include for p4 related ports now that devel/p4 is using source.
Feb 4 2018, 11:35 PM

Jan 16 2018

gordon added a comment to D13925: random: Add CCP random source.
In D13925#292062, @cem wrote:

Conrad, thanks for the details. I also looked at the code in the other review and it looks good. I’d expect whitened output from the ctr-aes drbg to measure ~6.5 bits when put through the sp800-90b tool. That’s roughly what you get out of 1000000 samples from RDRND on Intel.

FWIW, these processors also have RDRAND. I don't know if the RDRAND implementation is related to the CCP device TRNG or not.

I obtained some sample output from the CTR-AES DRBG via kgdb and /dev/mem:

Jan 16 2018, 5:17 AM
gordon added a reviewer for D13925: random: Add CCP random source: badfilemagic_gmail.com.

This is fine (obviously missing the actual implementation). Adding Dean to the reviewers, he has history in doing assessments of HW TRNG and might be a good collaborator to look at the quality of the bits coming from ccp(4).

Jan 16 2018, 2:00 AM

Dec 21 2017

gordon committed rP456884: MFH: r456883.
MFH: r456883
Dec 21 2017, 4:09 AM
gordon committed rP456883: Update devel/p4d and devel/p4p to 2016.1/1598719 due to micropatching..
Update devel/p4d and devel/p4p to 2016.1/1598719 due to micropatching.
Dec 21 2017, 4:07 AM

Dec 17 2017

gordon committed rD51316: Update so_public_key with new key..
Update so_public_key with new key.
Dec 17 2017, 5:16 AM
gordon committed rD51315: Update PGP key for security-officer..
Update PGP key for security-officer.
Dec 17 2017, 4:41 AM

Dec 15 2017

gordon accepted D13459: kern.ipc.{msqids,semsegs,sema} sysctls for FreeBSD32..

Looks okay to me but I'm probably not the best person to judge. If anyone else would like to weigh in. Feel free.

Dec 15 2017, 6:15 AM

Dec 9 2017

gordon closed D13418: Update for OpenSSL CVE-2017-3737 and CVE-2017-3738..
Dec 9 2017, 4:18 AM
gordon committed rD51269: Add FreeBSD-SA-17:12.openssl..
Add FreeBSD-SA-17:12.openssl.
Dec 9 2017, 4:04 AM
gordon committed rS326723: Fix error state handling.
Fix error state handling
Dec 9 2017, 3:45 AM
gordon committed rS326722: Fix multiple OpenSSL vulnerabilities..
Fix multiple OpenSSL vulnerabilities.
Dec 9 2017, 3:44 AM
gordon committed rS326721: Fix error state handling..
Fix error state handling.
Dec 9 2017, 3:42 AM

Dec 8 2017

gordon committed rD51265: Correct spelling: exceprt to excerpt..
Correct spelling: exceprt to excerpt.
Dec 8 2017, 7:28 AM
gordon added a member for secteam: emaste.
Dec 8 2017, 5:37 AM
gordon added reviewers for D13418: Update for OpenSSL CVE-2017-3737 and CVE-2017-3738.: secteam, jkim.

Can you please review?

Dec 8 2017, 4:26 AM
gordon created D13418: Update for OpenSSL CVE-2017-3737 and CVE-2017-3738..
Dec 8 2017, 4:26 AM

Dec 6 2017

gordon committed rD51261: Update website to make 11.0 unsupported now that it is EoL..
Update website to make 11.0 unsupported now that it is EoL.
Dec 6 2017, 11:13 PM
gordon closed D13392: Documentation EoL for 11.0-RELEASE..
Dec 6 2017, 11:13 PM
gordon committed rS326639: I don't need the sizelimit exception anymore..
I don't need the sizelimit exception anymore.
Dec 6 2017, 10:03 PM
gordon added a comment to D13392: Documentation EoL for 11.0-RELEASE..
In D13392#279901, @gjb wrote:

shouldn't we try to renumber the rel0.current/rel1.current stuff ? I forgot how we did that in the past though so I can be mistaken :)

Generally, yes, but it tends to be a bit more complicated than what Gordon has proposed here.

Dec 6 2017, 7:18 PM
gordon updated the diff for D13392: Documentation EoL for 11.0-RELEASE..

Accommodate r51259.

Dec 6 2017, 5:54 PM
gordon added a reviewer for D13392: Documentation EoL for 11.0-RELEASE.: secteam.

I should have added secteam as well. Sorry about that.

Dec 6 2017, 5:43 PM
gordon added a reviewer for D13392: Documentation EoL for 11.0-RELEASE.: doceng.

Adding doceng

Dec 6 2017, 5:47 AM