Index: head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc
===================================================================
--- head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc (revision 48424)
+++ head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc (nonexistent)
@@ -1,129 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-=============================================================================
-FreeBSD-EN-16:05.hv_netvsc Errata Notice
- The FreeBSD Project
-
-Topic: hv_netvsc(4) incorrect TCP/IP checksums
-
-Category: core
-Module: hyperv
-Announced: 2016-03-16
-Credits: Larry Baird
-Affects: FreeBSD 10.2
-Corrected: 2015-12-18 14:56:49 UTC (stable/10, 10.2-STABLE)
- 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
-
-For general information regarding FreeBSD Errata Notices and Security
-Advisories, including descriptions of the fields above, security
-branches, and the following sections, please visit
-.
-
-I. Background
-
-Hyper-V is a native hypervisor running on Windows operating system. It can
-run FreeBSD 10.x as guest in virtual machine.
-
-When FreeBSD guest runs on Hyper-V, to get the best network performance,
-it usually uses the Hyper-V synthetic network device. The driver of the
-network device is called hv_netvsc(4). Since FreeBSD 10.2-RELEASE the
-driver supports TCP segmentation and TCP/IP checksum offloading.
-
-II. Problem Description
-
-Together with the TCP segmentation and TCP/IP checksum offloading a regression
-was introduced. The driver checked the inbound checksum flags when deciding
-whether to process checksums or not, while it should have checked the outbound
-flags only.
-
-III. Impact
-
-If the guest running on Hyper-V is configured as a gateway, the host will
-silently drop certain packets from the guest.
-
-IV. Workaround
-
-No workaround is available.
-
-V. Solution
-
-Perform one of the following:
-
-1) Upgrade your system to a supported FreeBSD stable or release / security
-branch (releng) dated after the correction date. Reboot is required.
-
-2) To update your system via a binary patch:
-
-Systems running a RELEASE version of FreeBSD on the i386 or amd64
-platforms can be updated via the freebsd-update(8) utility:
-
-# freebsd-update fetch
-# freebsd-update install
-
-Reboot is required.
-
-3) To update your system via a source code patch:
-
-The following patches have been verified to apply to the applicable
-FreeBSD release branches.
-
-a) Download the relevant patch from the location below, and verify the
-detached PGP signature using your PGP utility.
-
-# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch
-# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch.asc
-# gpg --verify hv_netvsc.patch.asc
-
-b) Apply the patch. Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile your kernel as described in
- and reboot the
-system.
-
-VI. Correction details
-
-The following list contains the correction revision numbers for each
-affected branch.
-
-Branch/path Revision
-- -------------------------------------------------------------------------
-stable/10/ r292439
-releng/10.2/ r296955
-- -------------------------------------------------------------------------
-
-To see which files were modified by a particular revision, run the
-following command, replacing NNNNNN with the revision number, on a
-machine with Subversion installed:
-
-# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
-
-Or visit the following URL, replacing NNNNNN with the revision number:
-
-
-
-VII. References
-
-
-
-The latest revision of this advisory is available at
-
------BEGIN PGP SIGNATURE-----
-
-iQIcBAEBCgAGBQJW6eQyAAoJEO1n7NZdz2rnOdQQANX3NYcoY1uMJEJcOMgfKp52
-OUKUriPdJjEr94Yq/QSGaIp5WyZ5O/hu89LI45DlJMHGxQYJrpQuM1Cyf2QS770u
-yrmfTkcJpqmwJpr4pOqQuYUHuAXkUsOeOysOO/2ccP7USFWqdWbgLotbq3JAFwIz
-cnPwteAawZ3BZLaDRXgsr9Hhqn5d++YIsYC3mhyGNJJI6LlNG/ihba2Vd8lDu9hv
-UVv0WW8yfv851jEv/vhCQmhHcHcIAhzZGLn47Shi4s0833icvPeU+Xc/cpL/wifX
-vCPKA53DqdsNCsPQbbfzgCgoxV1iC3zb/4EOUAIpCInS00N4YQeQiJePH7Im56rc
-y6LsccIf1otr8xCuRuWsUVXuzrmtDBKDzE2gwMx+YHAEWl7ObhgM1VYYWoYnwBlr
-g+M2Wynjcj/rSZUpBdtUFFDNhqFlvrFSXDUEl0MbK4IzwtyOQtQfnCjy6kTqr2yB
-czWonmU9tgLtaqkN61b5pBx+jR2oEC4M8HPHuA2LmEKLJrgfePHBIAZ7cPnWaZ4O
-L4uP97MPmZEQggQeED5SLTMl3jJUe52H9XDkN8RV8/P3oA/YXBD4prhg4fYvNKQT
-VR0pWvlnJNmjaupCBWOfJfG1S8+oOfoTNV5/Fq83LVLW0DPKHVmLtQfS5Rs02745
-VnvCDT/XPOCODW1KdsSc
-=vkxR
------END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-16:04.hyperv.asc
===================================================================
--- head/share/security/advisories/FreeBSD-16:04.hyperv.asc (revision 48424)
+++ head/share/security/advisories/FreeBSD-16:04.hyperv.asc (nonexistent)
@@ -1,137 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-=============================================================================
-FreeBSD-EN-16:04.hyperv Errata Notice
- The FreeBSD Project
-
-Topic: Hyper-V KVP (Key-Value Pair) daemon indefinite sleep
-
-Category: core
-Module: hyperv
-Announced: 2016-03-16
-Credits: Microsoft Open Source Technology Center(OSTC)
-Affects: FreeBSD 10.x
-Corrected: 2015-12-18 14:52:12 UTC (stable/10, 10.2-STABLE)
- 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
- 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
-
-For general information regarding FreeBSD Errata Notices and Security
-Advisories, including descriptions of the fields above, security
-branches, and the following sections, please visit
-.
-
-I. Background
-
-Hyper-V is a native hypervisor running on Windows operating system. It can
-run FreeBSD 10.x as guest in virtual machine.
-
-Data Exchange is an integration service, also known as a key-value pair or
-KVP, that can be used to share information between virtual machines and the
-Hyper-V host. For more information, see
-.
-
-II. Problem Description
-
-The KVP driver code doesn't implement the KVP device's .d_poll callback
-correctly: when there is no data available to the user-mode KVP daemon, the
-driver forgets to remember the daemon and wake up the daemon later. As a
-result, the daemon can't be woken up in a predictable period of time, and
-the host side's KVP query can hang for an unexpected period of time and get
-timeout, and finally the host can think the VM is irresponsive or unhealthy.
-
-III. Impact
-
-When a FreeBSD 10.x virtual machine runs on Hyper-V, the host may not get the
-expected response of a KVP query. When a virtual machine runs on Azure, the
-host may try to recover the "irresponsive" virtual machine by killing it and
-starting it later, causing unnecessary virtual machine downtime.
-
-IV. Workaround
-
-Don't run the KVP daemon on a virtual machine. With this, the host will know
-that KVP functionality is not working at all, so the host won't try to send KVP
-query to virtual machine.
-
-V. Solution
-
-Perform one of the following:
-
-1) Upgrade your system to a supported FreeBSD stable or release / security
-branch (releng) dated after the correction date. Reboot is required.
-
-2) To update your system via a binary patch:
-
-Systems running a RELEASE version of FreeBSD on the i386 or amd64
-platforms can be updated via the freebsd-update(8) utility:
-
-# freebsd-update fetch
-# freebsd-update install
-
-Reboot is required.
-
-3) To update your system via a source code patch:
-
-The following patches have been verified to apply to the applicable
-FreeBSD release branches.
-
-a) Download the relevant patch from the location below, and verify the
-detached PGP signature using your PGP utility.
-
-# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch
-# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch.asc
-# gpg --verify hyperv.patch.asc
-
-b) Apply the patch. Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile your kernel as described in
- and reboot the
-system.
-
-VI. Correction details
-
-The following list contains the correction revision numbers for each
-affected branch.
-
-Branch/path Revision
-- -------------------------------------------------------------------------
-stable/10/ r292438
-releng/10.1/ r296954
-releng/10.2/ r296955
-- -------------------------------------------------------------------------
-
-To see which files were modified by a particular revision, run the
-following command, replacing NNNNNN with the revision number, on a
-machine with Subversion installed:
-
-# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
-
-Or visit the following URL, replacing NNNNNN with the revision number:
-
-
-
-VII. References
-
-.
-
-The latest revision of this advisory is available at
-
------BEGIN PGP SIGNATURE-----
-
-iQIcBAEBCgAGBQJW6eQmAAoJEO1n7NZdz2rnq+sQAOOnGB826xMwM5xW7a2rnOKV
-SDPzC0XXkHhRltJWSaIBi+nhKusMQcuYEaZDG8P5pvugpJfBPDhv2THu9ofEhvB4
-88iT4sFOKi20iXJxrZQM5UT9tPaDoWUCQ9isr4HseotF5Hda4onplGK3/VXq3xGF
-tGjgOfnHbhQbXAf7JZwCfjUeIyYYY2VGBscSwDF/AS0Z9vUEudNKnPEZcC5V19LJ
-8vZHjknNpchklnaT0UFZwrpFEgpmSU5rtYlH6FbfWYbspqRjEk1Ia2wkasB9im2z
-v2vc+qNOqgOMATgatix0yqzXnBkOqi+5ra0MUipXG89l3Yxvekv0mvqQFYRWN7MN
-fjPOnP9i2hjoKbbPEArEmYffOFMjxrOTgzLYVxXntOTUFMgGcUXltgjlo/Ov4Fm0
-CfDIDUBlyPlDkemPYiaRinyLim4M3TOll2M6ucnonFuE//sLfU/DEnlz8pf+yJg3
-jeJ7Pi6YKe+YUrTj2kL8shoPWjg00oHCIZua9nFhdHwNURX5XuoPlf84qxeSmumL
-lbQ8Dq82zkECJmJe7fGshUyPGlXqN+ValGYtZkuQwS/vq1cxRomvO1naZQDqJuVA
-Z15SW63CnsFIYJvK0Dd0v0i3Nw0WYHRRJ5nFo18WIzHs2FZguib1wqiN6D1oRnrH
-0YgK0KZFzwWufB7YB0TG
-=4BjO
------END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-16:04.hyperv.asc
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc (revision 48425)
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:04.hyperv Errata Notice
+ The FreeBSD Project
+
+Topic: Hyper-V KVP (Key-Value Pair) daemon indefinite sleep
+
+Category: core
+Module: hyperv
+Announced: 2016-03-16
+Credits: Microsoft Open Source Technology Center(OSTC)
+Affects: FreeBSD 10.x
+Corrected: 2015-12-18 14:52:12 UTC (stable/10, 10.2-STABLE)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+ 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+Data Exchange is an integration service, also known as a key-value pair or
+KVP, that can be used to share information between virtual machines and the
+Hyper-V host. For more information, see
+.
+
+II. Problem Description
+
+The KVP driver code doesn't implement the KVP device's .d_poll callback
+correctly: when there is no data available to the user-mode KVP daemon, the
+driver forgets to remember the daemon and wake up the daemon later. As a
+result, the daemon can't be woken up in a predictable period of time, and
+the host side's KVP query can hang for an unexpected period of time and get
+timeout, and finally the host can think the VM is irresponsive or unhealthy.
+
+III. Impact
+
+When a FreeBSD 10.x virtual machine runs on Hyper-V, the host may not get the
+expected response of a KVP query. When a virtual machine runs on Azure, the
+host may try to recover the "irresponsive" virtual machine by killing it and
+starting it later, causing unnecessary virtual machine downtime.
+
+IV. Workaround
+
+Don't run the KVP daemon on a virtual machine. With this, the host will know
+that KVP functionality is not working at all, so the host won't try to send KVP
+query to virtual machine.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r292438
+releng/10.1/ r296954
+releng/10.2/ r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+.
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQmAAoJEO1n7NZdz2rnq+sQAOOnGB826xMwM5xW7a2rnOKV
+SDPzC0XXkHhRltJWSaIBi+nhKusMQcuYEaZDG8P5pvugpJfBPDhv2THu9ofEhvB4
+88iT4sFOKi20iXJxrZQM5UT9tPaDoWUCQ9isr4HseotF5Hda4onplGK3/VXq3xGF
+tGjgOfnHbhQbXAf7JZwCfjUeIyYYY2VGBscSwDF/AS0Z9vUEudNKnPEZcC5V19LJ
+8vZHjknNpchklnaT0UFZwrpFEgpmSU5rtYlH6FbfWYbspqRjEk1Ia2wkasB9im2z
+v2vc+qNOqgOMATgatix0yqzXnBkOqi+5ra0MUipXG89l3Yxvekv0mvqQFYRWN7MN
+fjPOnP9i2hjoKbbPEArEmYffOFMjxrOTgzLYVxXntOTUFMgGcUXltgjlo/Ov4Fm0
+CfDIDUBlyPlDkemPYiaRinyLim4M3TOll2M6ucnonFuE//sLfU/DEnlz8pf+yJg3
+jeJ7Pi6YKe+YUrTj2kL8shoPWjg00oHCIZua9nFhdHwNURX5XuoPlf84qxeSmumL
+lbQ8Dq82zkECJmJe7fGshUyPGlXqN+ValGYtZkuQwS/vq1cxRomvO1naZQDqJuVA
+Z15SW63CnsFIYJvK0Dd0v0i3Nw0WYHRRJ5nFo18WIzHs2FZguib1wqiN6D1oRnrH
+0YgK0KZFzwWufB7YB0TG
+=4BjO
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc (revision 48425)
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:05.hv_netvsc Errata Notice
+ The FreeBSD Project
+
+Topic: hv_netvsc(4) incorrect TCP/IP checksums
+
+Category: core
+Module: hyperv
+Announced: 2016-03-16
+Credits: Larry Baird
+Affects: FreeBSD 10.2
+Corrected: 2015-12-18 14:56:49 UTC (stable/10, 10.2-STABLE)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+When FreeBSD guest runs on Hyper-V, to get the best network performance,
+it usually uses the Hyper-V synthetic network device. The driver of the
+network device is called hv_netvsc(4). Since FreeBSD 10.2-RELEASE the
+driver supports TCP segmentation and TCP/IP checksum offloading.
+
+II. Problem Description
+
+Together with the TCP segmentation and TCP/IP checksum offloading a regression
+was introduced. The driver checked the inbound checksum flags when deciding
+whether to process checksums or not, while it should have checked the outbound
+flags only.
+
+III. Impact
+
+If the guest running on Hyper-V is configured as a gateway, the host will
+silently drop certain packets from the guest.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch.asc
+# gpg --verify hv_netvsc.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r292439
+releng/10.2/ r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQyAAoJEO1n7NZdz2rnOdQQANX3NYcoY1uMJEJcOMgfKp52
+OUKUriPdJjEr94Yq/QSGaIp5WyZ5O/hu89LI45DlJMHGxQYJrpQuM1Cyf2QS770u
+yrmfTkcJpqmwJpr4pOqQuYUHuAXkUsOeOysOO/2ccP7USFWqdWbgLotbq3JAFwIz
+cnPwteAawZ3BZLaDRXgsr9Hhqn5d++YIsYC3mhyGNJJI6LlNG/ihba2Vd8lDu9hv
+UVv0WW8yfv851jEv/vhCQmhHcHcIAhzZGLn47Shi4s0833icvPeU+Xc/cpL/wifX
+vCPKA53DqdsNCsPQbbfzgCgoxV1iC3zb/4EOUAIpCInS00N4YQeQiJePH7Im56rc
+y6LsccIf1otr8xCuRuWsUVXuzrmtDBKDzE2gwMx+YHAEWl7ObhgM1VYYWoYnwBlr
+g+M2Wynjcj/rSZUpBdtUFFDNhqFlvrFSXDUEl0MbK4IzwtyOQtQfnCjy6kTqr2yB
+czWonmU9tgLtaqkN61b5pBx+jR2oEC4M8HPHuA2LmEKLJrgfePHBIAZ7cPnWaZ4O
+L4uP97MPmZEQggQeED5SLTMl3jJUe52H9XDkN8RV8/P3oA/YXBD4prhg4fYvNKQT
+VR0pWvlnJNmjaupCBWOfJfG1S8+oOfoTNV5/Fq83LVLW0DPKHVmLtQfS5Rs02745
+VnvCDT/XPOCODW1KdsSc
+=vkxR
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property