♟ gordon

Add today's advisory and notices.

Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]

Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]

Remove references to Perforce from the website.

Address feedback from bjk.

Perforce has removed the server components for FreeBSD.

Add today's advisories.

Update timezone database information. [EN-18:06.tzdata]

Fix multiple small kernel memory disclosures. [EN-18:05.mem]

Fix mishandling of x86 debug exceptions. [SA-18:06.debugreg]

Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.

Fix multiple small kernel memory disclosures. [EN-18:04.mem]

Update timezone database information. [EN-18:03.tzdata]

Fix ipsec crash or denial of service. [SA-18:05.ipsec]

Fix vt console memory disclosure. [SA-18:04.vt]

Limit glyph count in vtfont_load to avoid integer overflow.

Add FreeBSD-SA-18:03.speculative_execution.

Add mitigations for two classes of speculative execution vulnerabilities

Update SA-18:01 with revision and a new patch.

Bump newvers and document the updated patch for SA-18:01.ipsec

Correct patches for 10.x along with updated advisory.

Correct patch for ipsec vulnerability.

Fixup the AH patch to properly compile.

Remove myself now that I have commited the NTP patches.

Add the actual patches to the doc repo. This would help people interested

NTP patches are large. Exempt myself from the limit to commit them.

Add actual patches to the doc repo. This would probably help.

Switch order of the SA and EN in the xml to sort properly.

Add SA-18:01, SA-18:02, EN-18:01, EN-18:02.

Update file(1) to new version with security update. [EN-18:02.file]

Update timezone database information. [EN-18:01.tzdata]

Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]

Fix ipsec validation and use-after-free. [SA-18:01.ipsec]

Port r329561 to stable/10. There were structural changes preventing MFC.

Adding cperciva and jmg who may be able to help provide some opinions about how they think this should go.

Okay, based on that, looks good to me.

Would it be better off to just not do checksumming for this and use the source as is?

Fixup include for p4 related ports now that devel/p4 is using source.

In D13925#292062, @cem wrote:

In D13925#292058, @badfilemagic_gmail.com wrote:

Conrad, thanks for the details. I also looked at the code in the other review and it looks good. I’d expect whitened output from the ctr-aes drbg to measure ~6.5 bits when put through the sp800-90b tool. That’s roughly what you get out of 1000000 samples from RDRND on Intel.

FWIW, these processors also have RDRAND. I don't know if the RDRAND implementation is related to the CCP device TRNG or not.

I obtained some sample output from the CTR-AES DRBG via kgdb and /dev/mem:

This is fine (obviously missing the actual implementation). Adding Dean to the reviewers, he has history in doing assessments of HW TRNG and might be a good collaborator to look at the quality of the bits coming from ccp(4).

Update devel/p4d and devel/p4p to 2016.1/1598719 due to micropatching.

Update so_public_key with new key.

Update PGP key for security-officer.

Looks okay to me but I'm probably not the best person to judge. If anyone else would like to weigh in. Feel free.

Add FreeBSD-SA-17:12.openssl.

Fix error state handling

Fix multiple OpenSSL vulnerabilities.

Fix error state handling.

Correct spelling: exceprt to excerpt.

Can you please review?

Update website to make 11.0 unsupported now that it is EoL.

I don't need the sizelimit exception anymore.

In D13392#279901, @gjb wrote:

In D13392#279884, @remko wrote:

shouldn't we try to renumber the rel0.current/rel1.current stuff ? I forgot how we did that in the past though so I can be mistaken :)

Generally, yes, but it tends to be a bit more complicated than what Gordon has proposed here.

I should have added secteam as well. Sorry about that.

In D12405#279438, @emaste wrote:

Is this ready to commit now?

Update SA-17:08 and SA-17:10 to properly give credit to Ilja van Sprundel.

Correct grammar nit.

Correct patch level.

Add SA-17:08, SA-17:09, SA-17:10.

Properly bzero kldstat structure to prevent information leak. [SA-17:10]

Fix namespace issue in POSIX shm implementation for jails. [SA-17:09]

Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]

Properly bzero kldstat structure to prevent kernel information leak.

Update the secteam with a few additional changes.

Update timezone database information. [EN-17:09]

Generally looks good. Mostly grammar nits and some clarification needed.

Set 11.0 end of life date.

Update SA-17:07 with patches for 10.x.

Fix WPA2 protocol vulnerability. [SA-17:07]

Update wpa_supplicant/hostapd for 2017-01 vulnerability release.

gordon (Gordon Tetlow)
User

Projects

User Details

Recent Activity
View All

Thu, Jun 21

May 20 2018

May 12 2018

May 11 2018

May 8 2018

Apr 4 2018

Mar 14 2018

Mar 8 2018

Mar 7 2018

Mar 5 2018

Feb 6 2018

Feb 5 2018

Feb 4 2018

Jan 16 2018

Dec 21 2017

Dec 17 2017

Dec 15 2017

Dec 9 2017

Dec 8 2017

Dec 6 2017

Dec 5 2017

Nov 21 2017

Nov 17 2017

Nov 15 2017

Nov 7 2017

Nov 2 2017

Nov 1 2017

Oct 20 2017

Oct 19 2017

gordon (Gordon Tetlow)User