Page MenuHomeFreeBSD

gordon (Gordon Tetlow)
User

Projects

User Details

User Since
Nov 2 2014, 4:37 PM (316 w, 5 d)

Recent Activity

Oct 23 2020

gordon committed rS366979: Add 12.2-RELEASE configuration..
Add 12.2-RELEASE configuration.
Oct 23 2020, 6:29 PM

Oct 16 2020

gordon committed rS366772: Add 12.2-RC3..
Add 12.2-RC3.
Oct 16 2020, 8:57 PM

Oct 9 2020

gordon committed rS366586: Change job handling to use the same construct I moved to later..
Change job handling to use the same construct I moved to later.
Oct 9 2020, 8:30 PM
gordon committed rS366585: Add 12.2-RC2..
Add 12.2-RC2.
Oct 9 2020, 8:29 PM

Oct 2 2020

gordon committed rS366383: Add 12.2-RC1.
Add 12.2-RC1
Oct 2 2020, 9:16 PM

Sep 25 2020

gordon committed rS366172: Add 12.2-BETA3..
Add 12.2-BETA3.
Sep 25 2020, 8:39 PM

Sep 18 2020

gordon committed rS365885: Add 12.2-BETA2 profile..
Add 12.2-BETA2 profile.
Sep 18 2020, 3:51 PM

Sep 16 2020

gordon accepted D26447: add deprecation notice to ftpd.
Sep 16 2020, 5:24 PM

Sep 15 2020

gordon committed rD54498: Add SA-20:27 to SA-20:30..
Add SA-20:27 to SA-20:30.
Sep 15 2020, 10:00 PM
gordon committed rS365782: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Sep 15 2020, 9:49 PM
gordon committed rS365781: Fix ftpd privilege escalation via ftpchroot..
Fix ftpd privilege escalation via ftpchroot.
Sep 15 2020, 9:48 PM
gordon committed rS365780: Fix bhyve SVM guest escape..
Fix bhyve SVM guest escape.
Sep 15 2020, 9:46 PM
gordon committed rS365779: Fix bhyve privilege escalation via VMCS access..
Fix bhyve privilege escalation via VMCS access.
Sep 15 2020, 9:44 PM
gordon committed rS365778: Fix ure device driver susceptible to packet-in-packet attack..
Fix ure device driver susceptible to packet-in-packet attack.
Sep 15 2020, 9:42 PM

Sep 14 2020

gordon committed rD54490: brooks is no longer on the core team and hence not the secteam liason..
brooks is no longer on the core team and hence not the secteam liason.
Sep 14 2020, 8:59 PM
gordon committed rS365720: Partially revert r346018 and use the if/then construct instead of shell..
Partially revert r346018 and use the if/then construct instead of shell.
Sep 14 2020, 2:45 PM

Sep 13 2020

gordon committed rS365679: Rework wait logic and add additional output..
Rework wait logic and add additional output.
Sep 13 2020, 12:17 AM

Sep 12 2020

gordon committed rS365676: Add additional output to show we are actually doing something..
Add additional output to show we are actually doing something.
Sep 12 2020, 11:23 PM
gordon committed rS365675: Forgot to add the wait to the end of the script..
Forgot to add the wait to the end of the script.
Sep 12 2020, 11:06 PM
gordon committed rS365674: Add parallelization..
Add parallelization.
Sep 12 2020, 11:04 PM
gordon committed rS365660: Add needed patch for 12.2-BETA1 to prevent spurious changes through.
Add needed patch for 12.2-BETA1 to prevent spurious changes through
Sep 12 2020, 3:19 PM

Sep 11 2020

gordon committed rS365635: Add 12.2-BETA1 configuration..
Add 12.2-BETA1 configuration.
Sep 11 2020, 4:03 PM

Sep 6 2020

gordon committed rD54466: Update credits to include Moshe Kol..
Update credits to include Moshe Kol.
Sep 6 2020, 3:44 PM

Sep 3 2020

gordon committed rD54462: Add missing credit for Henrique L. Amorim..
Add missing credit for Henrique L. Amorim.
Sep 3 2020, 7:25 PM
gordon closed D26187: Exclude mandoc.db from freebsd-update data.
Sep 3 2020, 3:58 PM
gordon committed rS365303: Exclude mandoc.db from freebsd-update data.
Exclude mandoc.db from freebsd-update data
Sep 3 2020, 3:58 PM
gordon accepted D26225: add an entry for X.509 certificate subjAltName otherName field.

LGTM

Sep 3 2020, 3:28 AM

Sep 2 2020

gordon committed rD54452: Add EN-20:17, EN-20:18, and SA-20:24 to SA-20:26..
Add EN-20:17, EN-20:18, and SA-20:24 to SA-20:26.
Sep 2 2020, 4:54 PM
gordon committed rS365258: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Sep 2 2020, 4:29 PM
gordon committed rS365257: Fix dhclient heap overflow..
Fix dhclient heap overflow.
Sep 2 2020, 4:25 PM
gordon committed rS365256: Fix SCTP socket use-after-free..
Fix SCTP socket use-after-free.
Sep 2 2020, 4:24 PM
gordon committed rS365255: Fix IPv6 Hop-by-Hop options use-after-free..
Fix IPv6 Hop-by-Hop options use-after-free.
Sep 2 2020, 4:23 PM
gordon committed rS365254: Fix getfsstat compatibility system call panic..
Fix getfsstat compatibility system call panic.
Sep 2 2020, 4:22 PM
gordon committed rS365253: Fix FreeBSD Linux ABI kernel panic..
Fix FreeBSD Linux ABI kernel panic.
Sep 2 2020, 4:21 PM
gordon added inline comments to D26225: add an entry for X.509 certificate subjAltName otherName field.
Sep 2 2020, 5:33 AM

Aug 7 2020

gordon committed rD54414: Correct URLs for patches..
Correct URLs for patches.
Aug 7 2020, 8:35 PM

Aug 5 2020

gordon committed rD54399: Add EN-20:16 and SA-20:21 through SA-20:23..
Add EN-20:16 and SA-20:21 through SA-20:23.
Aug 5 2020, 5:31 PM
gordon committed rS363924: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Aug 5 2020, 5:14 PM
gordon committed rS363923: Fix sendmsg(2) privilege escalation..
Fix sendmsg(2) privilege escalation.
Aug 5 2020, 5:14 PM
gordon committed rS363922: Fix multiple vulnerabilities in sqlite3..
Fix multiple vulnerabilities in sqlite3.
Aug 5 2020, 5:14 PM
gordon committed rS363921: Fix memory corruption in USB network device drivers..
Fix memory corruption in USB network device drivers.
Aug 5 2020, 5:11 PM
gordon committed rS363920: Fix vmx driver packet loss and degraded performance..
Fix vmx driver packet loss and degraded performance.
Aug 5 2020, 5:10 PM

Jul 9 2020

gordon committed rD54322: Fix the patch urls (pki -> kpi)..
Fix the patch urls (pki -> kpi).
Jul 9 2020, 3:12 PM

Jul 8 2020

gordon committed rD54319: Add EN-20:13 through EN-20:15, and SA-20:18 through SA-20:20..
Add EN-20:13 through EN-20:15, and SA-20:18 through SA-20:20.
Jul 8 2020, 8:50 PM
gordon committed rD54318: Up my size limit due to large patches (unbound)..
Up my size limit due to large patches (unbound).
Jul 8 2020, 8:49 PM
gordon committed rS363030: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Jul 8 2020, 8:26 PM
gordon committed rS363029: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Jul 8 2020, 8:25 PM
gordon committed rS363028: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Jul 8 2020, 8:23 PM
gordon committed rS363027: Fix multiple vulnerabilities in unbound..
Fix multiple vulnerabilities in unbound.
Jul 8 2020, 8:21 PM
gordon committed rS363026: Fix IPv6 socket option race condition and use after free..
Fix IPv6 socket option race condition and use after free.
Jul 8 2020, 8:11 PM
gordon committed rS363025: Fix posix_spawnp(3) buffer overflow..
Fix posix_spawnp(3) buffer overflow.
Jul 8 2020, 8:08 PM
gordon committed rS363024: Fix kernel panic in mps(4) driver..
Fix kernel panic in mps(4) driver.
Jul 8 2020, 7:58 PM
gordon committed rS363023: Fix kernel panic in LinuxKPI subsystem..
Fix kernel panic in LinuxKPI subsystem.
Jul 8 2020, 7:57 PM
gordon committed rS363022: Fix host crash in bhyve with PCI device passthrough..
Fix host crash in bhyve with PCI device passthrough.
Jul 8 2020, 7:56 PM

Jun 30 2020

gordon accepted D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.

I think this looks good to me. @kib, can you weigh in on the symbol versioning being used here? Should we also update the Symbol.map file as well? What's the protocol around that look like?

Jun 30 2020, 5:25 AM

Jun 29 2020

gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.
In D25493#563650, @cem wrote:

Do you intend to MFC OPENSSL_NO_SSL3?

Jun 29 2020, 11:57 PM
gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.
In D25493#563618, @cem wrote:

If you know of an example of some software that explicitly invokes every version it knows about (and tries SSLv3 before a TLS version), I've love to see an example.

I'd take returning NULL over the status quo, where we ship SSLv3 in 2020.

Jun 29 2020, 5:58 PM
gordon added a comment to D25493: Replace OPENSSL_NO_SSL3_METHODs with dummies.

This feels heavy handed (abort and KILL). Would we be better to mirror the actual API and return NULL to indicate this doesn't work?

Jun 29 2020, 4:14 PM

Jun 25 2020

gordon committed rS362620: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility.
Jun 25 2020, 7:35 PM
gordon closed D25451: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Jun 25 2020, 7:35 PM
gordon requested review of D25451: Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility..
Jun 25 2020, 2:16 PM

Jun 23 2020

gordon requested review of D24824: Add proper links for the html output of vuln.xml..
Jun 23 2020, 3:28 AM
gordon closed D24945: Turn off SSLv3..
Jun 23 2020, 3:20 AM
gordon requested review of D24945: Turn off SSLv3..
Jun 23 2020, 3:20 AM
gordon closed D24824: Add proper links for the html output of vuln.xml..
Jun 23 2020, 3:17 AM

Jun 14 2020

gordon committed rS362177: Add 11.4-RELEASE.
Add 11.4-RELEASE
Jun 14 2020, 3:49 PM

Jun 9 2020

gordon accepted D25038: execvPe: obviate the need for potentially large stack allocations.

Per discussion with Kyle offline, we are going to defer this change until after the 11.4 release. We are just in a tough spot to inject a change of this size this late into the release process.

Jun 9 2020, 9:29 PM
gordon committed rP538328: Add FreeBSD-SA-20:17.usb..
Add FreeBSD-SA-20:17.usb.
Jun 9 2020, 4:59 PM
gordon committed rD54224: Add EN-20:10, EN-20:11, and SA-20:17..
Add EN-20:10, EN-20:11, and SA-20:17.
Jun 9 2020, 4:37 PM
gordon committed rS361973: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
Jun 9 2020, 4:15 PM
gordon committed rS361972: Fix USB HID descriptor parsing error..
Fix USB HID descriptor parsing error.
Jun 9 2020, 4:14 PM
gordon committed rS361971: Fix iflib watchdog timeout resetting idle queues..
Fix iflib watchdog timeout resetting idle queues.
Jun 9 2020, 4:12 PM
gordon committed rS361970: Fix stability issues in ena(4) driver..
Fix stability issues in ena(4) driver.
Jun 9 2020, 4:11 PM

May 29 2020

gordon committed rS361627: Add 11.4-RC2..
Add 11.4-RC2.
May 29 2020, 4:15 PM

May 28 2020

gordon added a reviewer for D25038: execvPe: obviate the need for potentially large stack allocations: releng.

Adding releng. They would deal with in-progress releases, not secteam. We get to deal with them *after* release. :-)

May 28 2020, 5:18 PM

May 22 2020

gordon added a comment to D24965: Add FIPS provider option for openssl-devel..

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group
May 22 2020, 10:58 PM
gordon added a comment to D24965: Add FIPS provider option for openssl-devel..

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc
May 22 2020, 7:34 PM
gordon added a reviewer for D24965: Add FIPS provider option for openssl-devel.: brnrd.

With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.

May 22 2020, 5:58 PM
gordon requested review of D24965: Add FIPS provider option for openssl-devel..
May 22 2020, 5:57 PM
gordon committed rS361392: Remove support for SSLv3 from the OpenSSL build..
Remove support for SSLv3 from the OpenSSL build.
May 22 2020, 4:54 PM
gordon committed rS361389: Add 11.4-RC1..
Add 11.4-RC1.
May 22 2020, 4:22 PM

May 21 2020

gordon added a comment to D24945: Turn off SSLv3..
In D24945#549309, @jkim wrote:

It's okay but we need to disable SSLv3 from fetch(3) first. Please see D24947.

May 21 2020, 10:19 PM
gordon added a comment to D24945: Turn off SSLv3..
In D24945#549197, @cem wrote:

We should also disable SSL2, if we do not already. And perhaps TLS 1.0?

May 21 2020, 5:44 PM
gordon added members for secteam: gnn, bz.
May 21 2020, 4:33 PM
gordon added reviewers for D24945: Turn off SSLv3.: secteam, jkim.

Secteam and jkim to review. Per a comment from jmg. we should turn of SSLv3 in the OpenSSL build. I did a quick build test with this an confirmed the symbols related to SSLv3 are not in the resulting libssl library.

May 21 2020, 4:31 PM

May 15 2020

gordon committed rS361083: Add 11.4-BETA2..
Add 11.4-BETA2.
May 15 2020, 4:14 PM

May 13 2020

gordon committed rP535112: Add proper links for the html output of vuln.xml..
Add proper links for the html output of vuln.xml.
May 13 2020, 3:17 PM

May 12 2020

gordon added a reviewer for D24824: Add proper links for the html output of vuln.xml.: ports secteam.

Ports secteam, can you please review and approve? Thanks!

May 12 2020, 6:43 PM
gordon committed rP535002: Add data for today's SA batch..
Add data for today's SA batch.
May 12 2020, 6:37 PM
gordon committed rD54137: Fix incorrect spelling..
Fix incorrect spelling.
May 12 2020, 6:23 PM
gordon committed rD54136: Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16..
Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16.
May 12 2020, 6:00 PM
gordon committed rS360978: Add UPDATING entries and bump version..
Add UPDATING entries and bump version.
May 12 2020, 5:00 PM
gordon committed rS360977: Fix insufficient cryptodev MAC key length check..
Fix insufficient cryptodev MAC key length check.
May 12 2020, 4:59 PM
gordon committed rS360976: Fix use after free in cryptodev module..
Fix use after free in cryptodev module.
May 12 2020, 4:58 PM
gordon committed rS360975: Fix improper checking in SCTP-AUTH shared key update..
Fix improper checking in SCTP-AUTH shared key update.
May 12 2020, 4:55 PM
gordon committed rS360974: Fix memory disclosure vulnerability in libalias..
Fix memory disclosure vulnerability in libalias.
May 12 2020, 4:54 PM
gordon committed rS360972: Fix insufficient packet length validation in libalias..
Fix insufficient packet length validation in libalias.
May 12 2020, 4:51 PM
gordon committed rS360970: Fix igb interfaces failing to switch to inactive state..
Fix igb interfaces failing to switch to inactive state.
May 12 2020, 4:46 PM
gordon committed rS360969: Update to tzdata 2020a..
Update to tzdata 2020a.
May 12 2020, 4:44 PM

May 11 2020

gordon committed rS360886: Update expiry dates based on currently published release schedules..
Update expiry dates based on currently published release schedules.
May 11 2020, 1:21 AM