Page MenuHomeFreeBSD

gordon (Gordon Tetlow)
User

Projects

User Details

User Since
Nov 2 2014, 4:37 PM (297 w, 2 d)

Recent Activity

Thu, Jul 9

gordon committed rD54322: Fix the patch urls (pki -> kpi)..
Fix the patch urls (pki -> kpi).
Thu, Jul 9, 3:12 PM

Wed, Jul 8

gordon committed rD54319: Add EN-20:13 through EN-20:15, and SA-20:18 through SA-20:20..
Add EN-20:13 through EN-20:15, and SA-20:18 through SA-20:20.
Wed, Jul 8, 8:50 PM
gordon committed rD54318: Up my size limit due to large patches (unbound)..
Up my size limit due to large patches (unbound).
Wed, Jul 8, 8:49 PM
gordon committed rS363030: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Wed, Jul 8, 8:26 PM
gordon committed rS363029: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Wed, Jul 8, 8:25 PM
gordon committed rS363028: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Wed, Jul 8, 8:23 PM
gordon committed rS363027: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Wed, Jul 8, 8:21 PM
gordon committed rS363026: Fix IPv6 socket option race condition and use after free..
Fix IPv6 socket option race condition and use after free.
Wed, Jul 8, 8:11 PM
gordon committed rS363025: Fix posix_spawnp(3) buffer overflow..
Fix posix_spawnp(3) buffer overflow.
Wed, Jul 8, 8:08 PM
gordon committed rS363024: Fix kernel panic in mps(4) driver..
Fix kernel panic in mps(4) driver.
Wed, Jul 8, 7:58 PM
gordon committed rS363023: Fix kernel panic in LinuxKPI subsystem..
Fix kernel panic in LinuxKPI subsystem.
Wed, Jul 8, 7:57 PM
gordon committed rS363022: Fix host crash in bhyve with PCI device passthrough..
Fix host crash in bhyve with PCI device passthrough.
Wed, Jul 8, 7:56 PM

Tue, Jun 30

gordon accepted D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.

I think this looks good to me. @kib, can you weigh in on the symbol versioning being used here? Should we also update the Symbol.map file as well? What's the protocol around that look like?

Tue, Jun 30, 5:25 AM

Mon, Jun 29

gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.
In D25493#563650, @cem wrote:

Do you intend to MFC OPENSSL_NO_SSL3?

Mon, Jun 29, 11:57 PM
gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.
In D25493#563618, @cem wrote:

If you know of an example of some software that explicitly invokes every version it knows about (and tries SSLv3 before a TLS version), I've love to see an example.

I'd take returning NULL over the status quo, where we ship SSLv3 in 2020.

Mon, Jun 29, 5:58 PM
gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.

This feels heavy handed (abort and KILL). Would we be better to mirror the actual API and return NULL to indicate this doesn't work?

Mon, Jun 29, 4:14 PM

Thu, Jun 25

gordon committed rS362620: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility.
Thu, Jun 25, 7:35 PM
gordon closed D25451: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Thu, Jun 25, 7:35 PM
gordon requested review of D25451: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Thu, Jun 25, 2:16 PM

Tue, Jun 23

gordon requested review of D24824: Add proper links for the html output of vuln.xml..
Tue, Jun 23, 3:28 AM
gordon closed D24945: Turn off SSLv3..
Tue, Jun 23, 3:20 AM
gordon requested review of D24945: Turn off SSLv3..
Tue, Jun 23, 3:20 AM
gordon closed D24824: Add proper links for the html output of vuln.xml..
Tue, Jun 23, 3:17 AM

Jun 14 2020

gordon committed rS362177: Add 11.4-RELEASE.
Add 11.4-RELEASE
Jun 14 2020, 3:49 PM

Jun 9 2020

gordon accepted D25038: execvPe: obviate the need for potentially large stack allocations.

Per discussion with Kyle offline, we are going to defer this change until after the 11.4 release. We are just in a tough spot to inject a change of this size this late into the release process.

Jun 9 2020, 9:29 PM
gordon committed rP538328: Add FreeBSD-SA-20:17.usb..
Add FreeBSD-SA-20:17.usb.
Jun 9 2020, 4:59 PM
gordon committed rD54224: Add EN-20:10, EN-20:11, and SA-20:17..
Add EN-20:10, EN-20:11, and SA-20:17.
Jun 9 2020, 4:37 PM
gordon committed rS361973: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Jun 9 2020, 4:15 PM
gordon committed rS361972: Fix USB HID descriptor parsing error..
Fix USB HID descriptor parsing error.
Jun 9 2020, 4:14 PM
gordon committed rS361971: Fix iflib watchdog timeout resetting idle queues..
Fix iflib watchdog timeout resetting idle queues.
Jun 9 2020, 4:12 PM
gordon committed rS361970: Fix stability issues in ena(4) driver..
Fix stability issues in ena(4) driver.
Jun 9 2020, 4:11 PM

May 29 2020

gordon committed rS361627: Add 11.4-RC2..
Add 11.4-RC2.
May 29 2020, 4:15 PM

May 28 2020

gordon added a reviewer for D25038: execvPe: obviate the need for potentially large stack allocations: releng.

Adding releng. They would deal with in-progress releases, not secteam. We get to deal with them *after* release. :-)

May 28 2020, 5:18 PM

May 22 2020

gordon added a comment to D24965: Add FIPS provider option for openssl-devel..

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group
May 22 2020, 10:58 PM
gordon added a comment to D24965: Add FIPS provider option for openssl-devel..

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc
May 22 2020, 7:34 PM
gordon added a reviewer for D24965: Add FIPS provider option for openssl-devel.: brnrd.

With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.

May 22 2020, 5:58 PM
gordon requested review of D24965: Add FIPS provider option for openssl-devel..
May 22 2020, 5:57 PM
gordon committed rS361392: Remove support for SSLv3 from the OpenSSL build..
Remove support for SSLv3 from the OpenSSL build.
May 22 2020, 4:54 PM
gordon committed rS361389: Add 11.4-RC1..
Add 11.4-RC1.
May 22 2020, 4:22 PM

May 21 2020

gordon added a comment to D24945: Turn off SSLv3..
In D24945#549309, @jkim wrote:

It's okay but we need to disable SSLv3 from fetch(3) first. Please see D24947.

May 21 2020, 10:19 PM
gordon added a comment to D24945: Turn off SSLv3..
In D24945#549197, @cem wrote:

We should also disable SSL2, if we do not already. And perhaps TLS 1.0?

May 21 2020, 5:44 PM
gordon added members for secteam: gnn, bz.
May 21 2020, 4:33 PM
gordon added reviewers for D24945: Turn off SSLv3.: secteam, jkim.

Secteam and jkim to review. Per a comment from jmg. we should turn of SSLv3 in the OpenSSL build. I did a quick build test with this an confirmed the symbols related to SSLv3 are not in the resulting libssl library.

May 21 2020, 4:31 PM

May 15 2020

gordon committed rS361083: Add 11.4-BETA2..
Add 11.4-BETA2.
May 15 2020, 4:14 PM

May 13 2020

gordon committed rP535112: Add proper links for the html output of vuln.xml..
Add proper links for the html output of vuln.xml.
May 13 2020, 3:17 PM

May 12 2020

gordon added a reviewer for D24824: Add proper links for the html output of vuln.xml.: ports secteam.

Ports secteam, can you please review and approve? Thanks!

May 12 2020, 6:43 PM
gordon committed rP535002: Add data for today's SA batch..
Add data for today's SA batch.
May 12 2020, 6:37 PM
gordon committed rD54137: Fix incorrect spelling..
Fix incorrect spelling.
May 12 2020, 6:23 PM
gordon committed rD54136: Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16..
Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16.
May 12 2020, 6:00 PM
gordon committed rS360978: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
May 12 2020, 5:00 PM
gordon committed rS360977: Fix insufficient cryptodev MAC key length check..
Fix insufficient cryptodev MAC key length check.
May 12 2020, 4:59 PM
gordon committed rS360976: Fix use after free in cryptodev module..
Fix use after free in cryptodev module.
May 12 2020, 4:58 PM
gordon committed rS360975: Fix improper checking in SCTP-AUTH shared key update..
Fix improper checking in SCTP-AUTH shared key update.
May 12 2020, 4:55 PM
gordon committed rS360974: Fix memory disclosure vulnerability in libalias..
Fix memory disclosure vulnerability in libalias.
May 12 2020, 4:54 PM
gordon committed rS360972: Fix insufficient packet length validation in libalias..
Fix insufficient packet length validation in libalias.
May 12 2020, 4:51 PM
gordon committed rS360970: Fix igb interfaces failing to switch to inactive state..
Fix igb interfaces failing to switch to inactive state.
May 12 2020, 4:46 PM
gordon committed rS360969: Update to tzdata 2020a..
Update to tzdata 2020a.
May 12 2020, 4:44 PM

May 11 2020

gordon committed rS360886: Update expiry dates based on currently published release schedules..
Update expiry dates based on currently published release schedules.
May 11 2020, 1:21 AM

May 9 2020

gordon accepted D24766: Remove ubsec(4)..
May 9 2020, 4:15 PM
gordon accepted D24760: remove %n support from printf(9).

Looks good to me. I haven't tested it, but seeing as it is the same patch as OpenBSD's it should do what is expected.

May 9 2020, 3:53 PM

May 8 2020

gordon added a comment to D24760: remove %n support from printf(9).

Have we checked to see how often this is used in tree?

May 8 2020, 10:21 PM
gordon committed rS360825: Add 11.4-BETA1..
Add 11.4-BETA1.
May 8 2020, 10:14 PM

May 2 2020

gordon accepted D24274: security/openssl: Add support for in-kernel TLS (KTLS)..

Sounds like maintainer time-out. Feel free to commit.

May 2 2020, 8:02 PM

Apr 22 2020

gordon committed rP532512: 11.3 isn't vulenrable to the recent OpenSSL vulnerability..
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Apr 22 2020, 8:29 PM

Apr 21 2020

gordon committed rP532291: Add new entries for SA-20:10 and SA-20:11..
Add new entries for SA-20:10 and SA-20:11.
Apr 21 2020, 6:30 PM
gordon committed rD54065: Add EN-20:07, SA-20:10, and SA-20:11..
Add EN-20:07, SA-20:10, and SA-20:11.
Apr 21 2020, 4:30 PM
gordon committed rS360151: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Apr 21 2020, 3:54 PM
gordon committed rS360150: Fix OpenSSL remote denial of service vulnerability..
Fix OpenSSL remote denial of service vulnerability.
Apr 21 2020, 3:53 PM
gordon committed rS360149: Fix ipfw invalid mbuf handling..
Fix ipfw invalid mbuf handling.
Apr 21 2020, 3:52 PM
gordon committed rS360148: Fix regression in rpc.rquotad with certain NFS servers..
Fix regression in rpc.rquotad with certain NFS servers.
Apr 21 2020, 3:51 PM
gordon committed rS360147: MFC: r360146.
MFC: r360146
Apr 21 2020, 3:48 PM
gordon committed rS360146: Fix OpenSSL remote denial of service..
Fix OpenSSL remote denial of service.
Apr 21 2020, 3:44 PM

Mar 19 2020

gordon committed rP528737: Add details for today's SAs..
Add details for today's SAs.
Mar 19 2020, 6:00 PM
gordon committed rD53996: Add EN-20:03 through EN-20:06 and SA-20:04 through SA-20:09..
Add EN-20:03 through EN-20:06 and SA-20:04 through SA-20:09.
Mar 19 2020, 5:21 PM
gordon committed rS359145: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Mar 19 2020, 5:02 PM
gordon committed rS359144: Fix multiple denial of service in ntpd..
Fix multiple denial of service in ntpd.
Mar 19 2020, 4:55 PM
gordon committed rS359142: Fix kernel memory disclosure with nested jails..
Fix kernel memory disclosure with nested jails.
Mar 19 2020, 4:51 PM
gordon committed rS359141: Fix incorrect user-controlled pointer use in epair..
Fix incorrect user-controlled pointer use in epair.
Mar 19 2020, 4:50 PM
gordon committed rS359140: Fix insufficient ixl(4) ioctl(2) privilege checking..
Fix insufficient ixl(4) ioctl(2) privilege checking.
Mar 19 2020, 4:49 PM
gordon committed rS359139: Fix insufficient oce(4) ioctl(2) privilege checking..
Fix insufficient oce(4) ioctl(2) privilege checking.
Mar 19 2020, 4:48 PM
gordon committed rS359138: Fix TCP IPv6 SYN cache kernel information disclosure..
Fix TCP IPv6 SYN cache kernel information disclosure.
Mar 19 2020, 4:46 PM
gordon committed rS359137: Fix incorrect checksum calculations with IPv6 extension headers..
Fix incorrect checksum calculations with IPv6 extension headers.
Mar 19 2020, 4:44 PM
gordon committed rS359136: Fix packet forwarding performance in mlx5en(4) driver..
Fix packet forwarding performance in mlx5en(4) driver.
Mar 19 2020, 4:41 PM
gordon committed rS359135: Fix missing pfctl(8) tunable..
Fix missing pfctl(8) tunable.
Mar 19 2020, 4:35 PM
gordon committed rS359134: Fix misleading log messages upon successful sshd login..
Fix misleading log messages upon successful sshd login.
Mar 19 2020, 4:34 PM

Feb 24 2020

gordon committed rS358295: Add 12.1-RELEASE.
Add 12.1-RELEASE
Feb 24 2020, 7:03 PM

Jan 28 2020

gordon committed rD53835: Add EN-20:01, EN-20:01, and SA-20:01 through SA-20:03..
Add EN-20:01, EN-20:01, and SA-20:01 through SA-20:03.
Jan 28 2020, 7:13 PM
gordon committed rS357220: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Jan 28 2020, 6:58 PM
gordon committed rS357219: Fix kernel stack data disclosure.
Fix kernel stack data disclosure
Jan 28 2020, 6:57 PM
gordon committed rS357218: Fix missing IPsec anti-replay window check.
Fix missing IPsec anti-replay window check
Jan 28 2020, 6:57 PM
gordon committed rS357217: Fix libfetch buffer overflow.
Fix libfetch buffer overflow
Jan 28 2020, 6:55 PM
gordon committed rS357216: Fix nmount invalid pointer dereference.
Fix nmount invalid pointer dereference
Jan 28 2020, 6:54 PM
gordon committed rS357215: Fix imprecise ordering of SSP canary initialization.
Fix imprecise ordering of SSP canary initialization
Jan 28 2020, 6:53 PM
gordon committed rS357214: MFC 357212..
MFC 357212.
Jan 28 2020, 6:42 PM
gordon committed rS357213: MFC 357212..
MFC 357212.
Jan 28 2020, 6:41 PM
gordon committed rS357212: Fix urldecode buffer overrun..
Fix urldecode buffer overrun.
Jan 28 2020, 6:37 PM

Jan 2 2020

gordon added a comment to D22368: Improve sequence number overflow detection in AH protocol.

I don't think secteam is the right reviewer for this change. Has this been reviewed by folks on the freebsd-net mailing list?

Jan 2 2020, 7:03 PM
gordon added a comment to D22367: Implement anti-replay algorithm with ESN support.

I don't think secteam is the right reviewer for this change. Has this been reviewed by folks on the freebsd-net mailing list?

Jan 2 2020, 7:03 PM

Dec 24 2019

gordon added inline comments to D22512: random(4): Simplify RANDOM_LOADABLE.
Dec 24 2019, 9:28 PM

Nov 21 2019

gordon accepted D22481: random(4): Remove unused definitions.
Nov 21 2019, 10:04 PM