Page MenuHomeFreeBSD

gordon (Gordon Tetlow)
User

Projects

User Details

User Since
Nov 2 2014, 4:37 PM (214 w, 5 d)

Recent Activity

Wed, Dec 12

gordon committed rD52684: Adjust section for secteam..
Adjust section for secteam.
Wed, Dec 12, 7:24 PM
gordon closed D17984: Update secteam. Promote remko to Deputy. Update core team liason to reflect brooks taking the job..

Forgot to add this to the commit message to auto-close. This was committed as r52684.

Wed, Dec 12, 7:24 PM

Thu, Dec 6

gordon accepted D18443: Fix bugs in plugable CC algorithm and siftr sysctls..

Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.

Thu, Dec 6, 5:05 PM

Tue, Dec 4

gordon committed rD52569: Publish FreeBSD-SA-18:14.bhyve..
Publish FreeBSD-SA-18:14.bhyve.
Tue, Dec 4, 6:46 PM
gordon committed rS341488: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Tue, Dec 4, 6:38 PM
gordon committed rS341487: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Tue, Dec 4, 6:38 PM
gordon committed rS341486: MFC r341484.
MFC r341484
Tue, Dec 4, 6:33 PM
gordon committed rS341485: MFC r341484.
MFC r341484
Tue, Dec 4, 6:31 PM
gordon committed rS341484: Always treat firmware request and response sizes as unsigned..
Always treat firmware request and response sizes as unsigned.
Tue, Dec 4, 6:29 PM

Tue, Nov 27

gordon committed rD52522: Add SA-18:13 and EN-18:13 through EN-18:15..
Add SA-18:13 and EN-18:13 through EN-18:15.
Tue, Nov 27, 8:02 PM
gordon committed rS341093: Fix deferred kernel loading breaks loader password. [EN-18:15.loader].
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Tue, Nov 27, 7:48 PM
gordon committed rS341091: Timezone database information update. [EN-18:14.tzdata].
Timezone database information update. [EN-18:14.tzdata]
Tue, Nov 27, 7:44 PM
gordon committed rS341089: Fix ICMP buffer underwrite. [EN-18:13.icmp].
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Tue, Nov 27, 7:44 PM
gordon committed rS341088: Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs].
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Tue, Nov 27, 7:44 PM

Nov 14 2018

gordon added a reviewer for D17984: Update secteam. Promote remko to Deputy. Update core team liason to reflect brooks taking the job.: secteam.
Nov 14 2018, 5:08 AM
gordon created D17984: Update secteam. Promote remko to Deputy. Update core team liason to reflect brooks taking the job..
Nov 14 2018, 5:07 AM

Oct 25 2018

gordon resigned from D4964: Protect calls to explicit_bzero() via by explicitly disabling the link-time and other optimizations that can cause code elimination..

I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.

Oct 25 2018, 3:23 AM

Oct 24 2018

gordon accepted D16935: rijndael (AES): Avoid leaking sensitive data on kernel stack.

Approved based on timeout from delphij.

Oct 24 2018, 6:04 PM

Oct 20 2018

gordon added a comment to D16985: Fortuna: fix a correctness issue in reseed (fortuna_pre_read).

I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.

Oct 20 2018, 10:57 PM
gordon accepted D17252: random(4): Match enabled sources mask to build options.

Logic looks reasonable to me. I have only read through the logic, not tested it myself.

Oct 20 2018, 10:47 PM

Sep 27 2018

gordon committed rD52312: Add errata notices EN-18:09 through EN-18:12.
Add errata notices EN-18:09 through EN-18:12
Sep 27 2018, 7:12 PM
gordon committed rS338987: Check to ensure the buffer returned is not NULL..
Check to ensure the buffer returned is not NULL.
Sep 27 2018, 6:55 PM
gordon committed rS338986: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Sep 27 2018, 6:50 PM
gordon committed rS338985: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Sep 27 2018, 6:49 PM
gordon committed rS338984: MFC r338982..
MFC r338982.
Sep 27 2018, 6:44 PM
gordon committed rS338983: MFC r338982..
MFC r338982.
Sep 27 2018, 6:42 PM
gordon committed rS338982: Clear stack allocated data structure to prevent kernel memory leak..
Clear stack allocated data structure to prevent kernel memory leak.
Sep 27 2018, 6:40 PM
gordon committed rS338981: Fix small kernel memory disclosures. [EN-18:12.mem].
Fix small kernel memory disclosures. [EN-18:12.mem]
Sep 27 2018, 6:36 PM
gordon committed rS338980: Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen].
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Sep 27 2018, 6:34 PM
gordon committed rS338979: Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall].
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Sep 27 2018, 6:32 PM
gordon committed rS338978: Fix regression in IPv6 fragment reassembly. [EN-18:09.ip].
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Sep 27 2018, 6:30 PM

Sep 12 2018

gordon committed rD52250: Add SA-18:12, EN-18:08..
Add SA-18:12, EN-18:08.
Sep 12 2018, 5:23 AM
gordon committed rS338607: Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu].
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Sep 12 2018, 5:08 AM
gordon committed rS338606: Fix improper elf header parsing. [SA-18:12.elf].
Fix improper elf header parsing. [SA-18:12.elf]
Sep 12 2018, 5:07 AM
gordon committed rS338605: MFC 338603:.
MFC 338603:
Sep 12 2018, 5:03 AM
gordon committed rS338604: MFC 338603:.
MFC 338603:
Sep 12 2018, 5:02 AM
gordon committed rS338603: Correct ELF header parsing code to prevent invalid ELF sections from.
Correct ELF header parsing code to prevent invalid ELF sections from
Sep 12 2018, 4:57 AM

Aug 24 2018

gordon added a comment to D16873: Limit the harvest rate of "fast" entropy for random(4) so as not to overload the system..

@markm Can you please specifically address the comment @jmg posted on this review (and it's ancestor)?

Aug 24 2018, 6:11 PM

Aug 23 2018

gordon added a reviewer for D16860: Use arc4rand() instead of read_random(): secteam.

Add secteam instead of just me.

Aug 23 2018, 3:48 PM

Jun 21 2018

gordon committed rD51892: Add today's advisory and notices..
Add today's advisory and notices.
Jun 21 2018, 5:38 AM
gordon committed rS335466: Fix TLB shootdown for Xen based guests. [EN-18:07.pmap].
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Jun 21 2018, 5:18 AM
gordon committed rS335465: Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu].
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
Jun 21 2018, 5:17 AM

May 20 2018

gordon committed rD51679: Remove references to Perforce from the website..
Remove references to Perforce from the website.
May 20 2018, 11:11 PM
gordon closed D15392: Remove Perforce from the documentation tree..
May 20 2018, 11:11 PM
gordon committed rP470436: MFH: r469706.
MFH: r469706
May 20 2018, 12:02 AM

May 12 2018

gordon updated the diff for D15392: Remove Perforce from the documentation tree..

Address feedback from bjk.

May 12 2018, 6:36 AM
gordon added inline comments to D15392: Remove Perforce from the documentation tree..
May 12 2018, 6:35 AM
gordon committed rP469706: Perforce has removed the server components for FreeBSD..
Perforce has removed the server components for FreeBSD.
May 12 2018, 3:50 AM

May 11 2018

gordon created D15392: Remove Perforce from the documentation tree..
May 11 2018, 5:12 PM

May 8 2018

gordon committed rD51632: Add today's advisories..
Add today's advisories.
May 8 2018, 5:25 PM
gordon committed rS333375: Update timezone database information. [EN-18:06.tzdata].
Update timezone database information. [EN-18:06.tzdata]
May 8 2018, 5:18 PM
gordon committed rS333372: Fix multiple small kernel memory disclosures. [EN-18:05.mem].
Fix multiple small kernel memory disclosures. [EN-18:05.mem]
May 8 2018, 5:15 PM
gordon committed rS333371: Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg].
Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]
May 8 2018, 5:12 PM

Apr 4 2018

gordon committed rD51534: Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem..
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Apr 4 2018, 5:57 AM
gordon committed rD51533: Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem..
Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.
Apr 4 2018, 5:55 AM
gordon committed rS331987: Fix multiple small kernel memory disclosures. [EN-18:04.mem].
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Apr 4 2018, 5:43 AM
gordon committed rS331986: Update timezone database information. [EN-18:03.tzdata].
Update timezone database information. [EN-18:03.tzdata]
Apr 4 2018, 5:41 AM
gordon committed rS331985: Fix ipsec crash or denial of service. [SA-18:05.ipsec].
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Apr 4 2018, 5:38 AM
gordon committed rS331984: Fix vt console memory disclosure. [SA-18:04.vt].
Fix vt console memory disclosure. [SA-18:04.vt]
Apr 4 2018, 5:34 AM
gordon committed rS331983: MFC r331981:.
MFC r331981:
Apr 4 2018, 5:26 AM
gordon committed rS331982: MFC r331981:.
MFC r331981:
Apr 4 2018, 5:25 AM
gordon committed rS331981: Limit glyph count in vtfont_load to avoid integer overflow..
Limit glyph count in vtfont_load to avoid integer overflow.
Apr 4 2018, 5:22 AM

Mar 14 2018

gordon committed rD51482: Add FreeBSD-SA-18:03.speculative_execution..
Add FreeBSD-SA-18:03.speculative_execution.
Mar 14 2018, 4:15 AM
gordon committed rS330908: Add mitigations for two classes of speculative execution vulnerabilities.
Add mitigations for two classes of speculative execution vulnerabilities
Mar 14 2018, 4:00 AM

Mar 8 2018

gordon committed rD51472: Update SA-18:01 with revision and a new patch..
Update SA-18:01 with revision and a new patch.
Mar 8 2018, 6:17 AM
gordon committed rS330631: Bump newvers and document the updated patch for SA-18:01.ipsec.
Bump newvers and document the updated patch for SA-18:01.ipsec
Mar 8 2018, 6:17 AM

Mar 7 2018

gordon committed rD51470: Correct patches for 10.x along with updated advisory..
Correct patches for 10.x along with updated advisory.
Mar 7 2018, 5:31 PM
gordon committed rS330611: Correct patch for ipsec vulnerability..
Correct patch for ipsec vulnerability.
Mar 7 2018, 5:17 PM
gordon committed rS330609: Fixup the AH patch to properly compile..
Fixup the AH patch to properly compile.
Mar 7 2018, 4:55 PM
gordon committed rD51468: Remove myself now that I have commited the NTP patches..
Remove myself now that I have commited the NTP patches.
Mar 7 2018, 2:58 PM
gordon committed rD51467: Add the actual patches to the doc repo. This would help people interested.
Add the actual patches to the doc repo. This would help people interested
Mar 7 2018, 2:57 PM
gordon committed rD51466: NTP patches are large. Exempt myself from the limit to commit them..
NTP patches are large. Exempt myself from the limit to commit them.
Mar 7 2018, 2:56 PM
gordon committed rD51465: Add actual patches to the doc repo. This would probably help..
Add actual patches to the doc repo. This would probably help.
Mar 7 2018, 2:55 PM
gordon committed rD51464: Switch order of the SA and EN in the xml to sort properly..
Switch order of the SA and EN in the xml to sort properly.
Mar 7 2018, 7:08 AM
gordon committed rD51463: Add SA-18:01, SA-18:02, EN-18:01, EN-18:02..
Add SA-18:01, SA-18:02, EN-18:01, EN-18:02.
Mar 7 2018, 6:46 AM
gordon committed rS330569: Update file(1) to new version with security update. [EN-18:02.file].
Update file(1) to new version with security update. [EN-18:02.file]
Mar 7 2018, 6:05 AM
gordon committed rS330568: Update timezone database information. [EN-18:01.tzdata].
Update timezone database information. [EN-18:01.tzdata]
Mar 7 2018, 6:01 AM
gordon committed rS330567: Fix multiple vulnerabilities in ntp. [SA-18:02.ntp].
Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]
Mar 7 2018, 5:59 AM
gordon committed rS330566: Fix ipsec validation and use-after-free. [SA-18:01.ipsec].
Fix ipsec validation and use-after-free. [SA-18:01.ipsec]
Mar 7 2018, 5:53 AM
gordon committed rS330565: Port r329561 to stable/10. There were structural changes preventing MFC..
Port r329561 to stable/10. There were structural changes preventing MFC.
Mar 7 2018, 5:48 AM

Mar 5 2018

gordon added reviewers for D14500: Implement getrandom(2) and getentropy(3): cperciva, jmg.

Adding cperciva and jmg who may be able to help provide some opinions about how they think this should go.

Mar 5 2018, 8:51 PM

Feb 6 2018

gordon accepted D14211: devel/p4 devel/p4api: cache distfiles in LOCAL.

Okay, based on that, looks good to me.

Feb 6 2018, 12:31 AM

Feb 5 2018

gordon added a comment to D14211: devel/p4 devel/p4api: cache distfiles in LOCAL.

Would it be better off to just not do checksumming for this and use the source as is?

Feb 5 2018, 9:41 PM

Feb 4 2018

gordon committed rP460954: MFH: r460953.
MFH: r460953
Feb 4 2018, 11:37 PM
gordon committed rP460953: Fixup include for p4 related ports now that devel/p4 is using source..
Fixup include for p4 related ports now that devel/p4 is using source.
Feb 4 2018, 11:35 PM

Jan 16 2018

gordon added a comment to D13925: random: Add CCP random source.
In D13925#292062, @cem wrote:

Conrad, thanks for the details. I also looked at the code in the other review and it looks good. I’d expect whitened output from the ctr-aes drbg to measure ~6.5 bits when put through the sp800-90b tool. That’s roughly what you get out of 1000000 samples from RDRND on Intel.

FWIW, these processors also have RDRAND. I don't know if the RDRAND implementation is related to the CCP device TRNG or not.

I obtained some sample output from the CTR-AES DRBG via kgdb and /dev/mem:

Jan 16 2018, 5:17 AM
gordon added a reviewer for D13925: random: Add CCP random source: badfilemagic_gmail.com.

This is fine (obviously missing the actual implementation). Adding Dean to the reviewers, he has history in doing assessments of HW TRNG and might be a good collaborator to look at the quality of the bits coming from ccp(4).

Jan 16 2018, 2:00 AM

Dec 21 2017

gordon committed rP456884: MFH: r456883.
MFH: r456883
Dec 21 2017, 4:09 AM
gordon committed rP456883: Update devel/p4d and devel/p4p to 2016.1/1598719 due to micropatching..
Update devel/p4d and devel/p4p to 2016.1/1598719 due to micropatching.
Dec 21 2017, 4:07 AM

Dec 17 2017

gordon committed rD51316: Update so_public_key with new key..
Update so_public_key with new key.
Dec 17 2017, 5:16 AM
gordon committed rD51315: Update PGP key for security-officer..
Update PGP key for security-officer.
Dec 17 2017, 4:41 AM

Dec 15 2017

gordon accepted D13459: kern.ipc.{msqids,semsegs,sema} sysctls for FreeBSD32..

Looks okay to me but I'm probably not the best person to judge. If anyone else would like to weigh in. Feel free.

Dec 15 2017, 6:15 AM

Dec 9 2017

gordon closed D13418: Update for OpenSSL CVE-2017-3737 and CVE-2017-3738..
Dec 9 2017, 4:18 AM
gordon committed rD51269: Add FreeBSD-SA-17:12.openssl..
Add FreeBSD-SA-17:12.openssl.
Dec 9 2017, 4:04 AM
gordon committed rS326723: Fix error state handling.
Fix error state handling
Dec 9 2017, 3:45 AM
gordon committed rS326722: Fix multiple OpenSSL vulnerabilities..
Fix multiple OpenSSL vulnerabilities.
Dec 9 2017, 3:44 AM
gordon committed rS326721: Fix error state handling..
Fix error state handling.
Dec 9 2017, 3:42 AM

Dec 8 2017

gordon committed rD51265: Correct spelling: exceprt to excerpt..
Correct spelling: exceprt to excerpt.
Dec 8 2017, 7:28 AM
gordon added a member for secteam: emaste.
Dec 8 2017, 5:37 AM
gordon added reviewers for D13418: Update for OpenSSL CVE-2017-3737 and CVE-2017-3738.: secteam, jkim.

Can you please review?

Dec 8 2017, 4:26 AM