User Details
User Details
- User Since
- Nov 2 2014, 4:37 PM (241 w, 1 d)
Today
Today
Add the ability to switch the uarch flag to keep 12.0 from breaking.
Yesterday
Yesterday
D20392: random(4): Add regression tests for uint128 implementation, Chacha CTR is now accepted and ready to land.
This looks straightforward. Approved.
Fri, Jun 14
Fri, Jun 14
Fri, Jun 7
Fri, Jun 7
Fri, May 31
Fri, May 31
Sat, May 25
Sat, May 25
Switch logic in indexfiles to always remove the uarch flag.
Add limit for XZ_THREADS to the buildworld invocation.
Cleanup: Update EOL for 11.0-RELEASE to reflect reality.
gordon committed rS348264: Only fetch the iso (and hence overwrite) if the file isn't already there..
Only fetch the iso (and hence overwrite) if the file isn't already there.
Fix for newer versions of openssl.
May 15 2019
May 15 2019
Republish the SA-19:07.mds advisory due to 12.0-RELEASE i386 panic.
Bump patch revision for updated mds patches.
Correct a few small details in advisories.
gordon committed rD53029: Update version of MDS advisory.
Update version of MDS advisory
May 14 2019
May 14 2019
gordon committed rD53024: Done with the large patches..
Done with the large patches.
Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.
I need to commit some large patches.
Bump newvers.sh and add UPDATING block.
Mitigations for Microarchitectural Data Sampling.
Mitigations for Microarchitectural Data Sampling.
Fix ICMP/ICMP6 packet filter bypass in pf.
Fix IPv6 fragment reassembly panic in pf
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Fix insufficient filename validation in scp client
Fix partially matching relative paths in xinstall.
Mar 21 2019
Mar 21 2019
gordon requested changes to D19620: Add an option to use TPM as entropy source.
gordon added a comment to D19620: Add an option to use TPM as entropy source.
Strong agree on separating any whitespace commits from functional commits. This is especially important for security sensitive content.
Mar 9 2019
Mar 9 2019
Correct wording around '-' masks.
Mar 6 2019
Mar 6 2019
Feb 5 2019
Feb 5 2019
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Jan 9 2019
Jan 9 2019
Correct wrong year in advisory text.
Hopefully I won't need this again.
gordon committed rD52756: Add EN-19:01 through EN-19:05..
Add EN-19:01 through EN-19:05.
gordon committed rD52755: The sqlite patch is large.....
The sqlite patch is large....
Dec 19 2018
Dec 19 2018
Add SA-18:15 and EN-18:16 through EN-18:18.
Dec 12 2018
Dec 12 2018
gordon committed rD52684: Adjust section for secteam..
Adjust section for secteam.
gordon closed D17984: Update secteam.
Promote remko to Deputy.
Update core team liason to reflect brooks taking the job..
Forgot to add this to the commit message to auto-close. This was committed as r52684.
Dec 6 2018
Dec 6 2018
Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.
Dec 4 2018
Dec 4 2018
gordon committed rD52569: Publish FreeBSD-SA-18:14.bhyve..
Publish FreeBSD-SA-18:14.bhyve.
gordon committed rS341488: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
gordon committed rS341487: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Always treat firmware request and response sizes as unsigned.
Nov 27 2018
Nov 27 2018
Add SA-18:13 and EN-18:13 through EN-18:15.
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Timezone database information update. [EN-18:14.tzdata]
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Nov 14 2018
Nov 14 2018
Oct 25 2018
Oct 25 2018
gordon resigned from D4964: Protect calls to explicit_bzero() via by explicitly disabling the link-time and other optimizations that can cause code elimination..
I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.
Oct 24 2018
Oct 24 2018
Approved based on timeout from delphij.
Oct 20 2018
Oct 20 2018
gordon added a comment to D16985: Fortuna: fix a correctness issue in reseed (fortuna_pre_read).
I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.
Logic looks reasonable to me. I have only read through the logic, not tested it myself.
Sep 27 2018
Sep 27 2018
Add errata notices EN-18:09 through EN-18:12
Check to ensure the buffer returned is not NULL.
gordon committed rS338986: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
gordon committed rS338985: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Clear stack allocated data structure to prevent kernel memory leak.
Fix small kernel memory disclosures. [EN-18:12.mem]
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Sep 12 2018
Sep 12 2018
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Fix improper elf header parsing. [SA-18:12.elf]
Correct ELF header parsing code to prevent invalid ELF sections from
Aug 24 2018
Aug 24 2018
gordon added a comment to D16873: Limit the harvest rate of "fast" entropy for random(4) so as not to overload the system..
Aug 23 2018
Aug 23 2018
Add secteam instead of just me.
Jun 21 2018
Jun 21 2018
gordon committed rD51892: Add today's advisory and notices..
Add today's advisory and notices.
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
May 20 2018
May 20 2018
Remove references to Perforce from the website.
May 12 2018
May 12 2018
gordon updated the diff for D15392: Remove Perforce from the documentation tree..
Address feedback from bjk.
gordon added inline comments to D15392: Remove Perforce from the documentation tree..
Perforce has removed the server components for FreeBSD.
May 11 2018
May 11 2018
May 8 2018
May 8 2018
Update timezone database information. [EN-18:06.tzdata]
Fix multiple small kernel memory disclosures. [EN-18:05.mem]
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]
Apr 4 2018
Apr 4 2018
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Update timezone database information. [EN-18:03.tzdata]
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Fix vt console memory disclosure. [SA-18:04.vt]