Index: head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc (revision 51201)
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:08.ptrace Security Advisory
+ The FreeBSD Project
+
+Topic: Kernel data leak via ptrace(PT_LWPINFO)
+
+Category: core
+Module: ptrace
+Announced: 2017-11-15
+Credits: John Baldwin
+Affects: All supported versions of FreeBSD.
+Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE)
+ 2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4)
+ 2017-11-15 22:40:15 UTC (releng/11.0, 11.0-RELEASE-p15)
+ 2017-11-10 12:31:58 UTC (stable/10, 10.4-STABLE)
+ 2017-11-15 22:40:32 UTC (releng/10.4, 10.4-RELEASE-p3)
+ 2017-11-15 22:40:46 UTC (releng/10.3, 10.3-RELEASE-p24)
+CVE Name: CVE-2017-1086
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The ptrace(2) syscall provides the facility for a debugger to control the
+execution of the target process and to obtain necessary status information
+about it. The struct ptrace_lwpinfo structure is reported by one of the
+ptrace(2) subcommand and contains a lot of the information about the stopped
+thread (light-weight process or LWP, thus the name).
+
+II. Problem Description
+
+Not all information in the struct ptrace_lwpinfo is relevant for the state
+of any thread, and the kernel does not fill the irrelevant bytes or short
+strings. Since the structure filled by the kernel is allocated on the
+kernel stack and copied to userspace, a leak of information of the kernel
+stack of the thread is possible from the debugger.
+
+III. Impact
+
+Some bytes from the kernel stack of the thread using ptrace(PT_LWPINFO)
+call can be observed in userspace.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-17:08/ptrace.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:08/ptrace.patch.asc
+# gpg --verify ptrace.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r325643
+releng/10.3/ r325871
+releng/10.4/ r325870
+stable/11/ r325642
+releng/11.0/ r325869
+releng/11.1/ r325868
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxftfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+audQ+hAA2+cjqNVUJ/Polwo9cu61QxKLEXO1DItlMIFWBxpFpXXlRSLbqH+RGmaO
+6aR4Q1xcOnLm8e57KcLFppl77uOZyO0IJ0lyK6P30ouSxuYIW3aHbW+p3pVYBE+J
+aqF3mNxSh9xQRgXvxUB/CM3w/SMKkxXtkZMvhNSGFCShGQTNpjGfAgIwOZD8mNFi
+WvYbPgzwfeE4tsaStZ91SZ8wf2nxdRXhybDXEOCAJvicP6IqYA1Zfr7RG2N3swK7
+JKLXW7tiVu+zbRYYFiWYX4FIWatIlsTjpD0GyuZs0j2PCEu80z1muFnrp/dGg3Bn
+APGVzIrkFjKvmXfkuFZFPMWCL+u9cUgOMNGkMFDXrLppLL7aXCGrz3BWECg581Pr
+dnUrrz/iEcXGDcnTJ3Ff+OidqdhdpVQz59Ek90TMd5iO+nZ+xeVjVzxdLHb82/wt
+KlgXRpwTg3Q72xDSF84UmRSkk1M/V5AZMrZiy2RjIwtvLqIJ9ZpLAMnrwTTWRDjB
+YurHHNWKjMVkdKCdbpBVGRjNmS6XYS6QukmA4M85d2r0Dmb8J6Gd6juHc3Essrz+
+3qEMKAcYsSWbQ5ZSMywUOzM74Dk+wUTf7jCJ1IsSqn8hYHOqvUSF0ftwXkdS1+cv
+GT25iduAMCdTP15Qp57Wlhv9WCF8eOUoYKHiSpXcVa6XMqazLy4=
+=Uqz2
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-SA-17:08.ptrace.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-17:09.shm.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-17:09.shm.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-17:09.shm.asc (revision 51201)
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:09.shm Security Advisory
+ The FreeBSD Project
+
+Topic: POSIX shm allows jails to access global namespace
+
+Category: core
+Module: shm
+Announced: 2017-11-15
+Credits: Whitewinterwolf
+Affects: FreeBSD 10.x
+Corrected: 2017-11-13 23:21:17 UTC (stable/10, 10.4-STABLE)
+ 2017-11-15 22:45:50 UTC (releng/10.4, 10.4-RELEASE-p3)
+ 2017-11-15 22:45:13 UTC (releng/10.3, 10.3-RELEASE-p24)
+CVE Name: CVE-2017-1087
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+POSIX shared memory objects allow realtime inter-process communication by
+sharing a memory area through the use of a named path (see shm_open(2)).
+
+This is used by some multi-process applications to share data between running
+processes, such as a common cache or to implement a producer-consumer model
+where several worker processes handle requests pushed by a producer process.
+
+II. Problem Description
+
+Named paths are globally scoped, meaning a process located in one jail can
+read and modify the content of POSIX shared memory objects created by a
+process in another jail or the host system.
+
+III. Impact
+
+A malicious user that has access to a jailed system is able to abuse shared
+memory by injecting malicious content in the shared memory region. This
+memory region might be executed by applications trusting the shared memory,
+like Squid.
+
+This issue could lead to a Denial of Service or local privilege escalation.
+
+IV. Workaround
+
+No workaround is available, but systems without jails or jails not having
+local users are not vulnerable.
+
+V. Solution
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+Reboot the system for the update to take effect.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+Reboot the system for the update to take effect.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.4, FreeBSD 10-STABLE]
+# fetch https://security.FreeBSD.org/patches/SA-17:09/shm-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:09/shm-10.patch.asc
+# gpg --verify shm-10.patch.asc
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/SA-17:09/shm-10.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:09/shm-10.3.patch.asc
+# gpg --verify shm-10.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r325783
+releng/10.3/ r325873
+releng/10.4/ r325874
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxg1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+auciExAAhd9IcZrWpAqjKSGQWHrG7wJxrbCyyVVmZeoVQYQCihXJOnp+mhmVoJp5
+zvyjIBG23F/dR8ukRO/LnqzM2bhCj7OcijlvZboH3L4os8iIeB2Tc6k9YlnFQeij
+wYK0CNnQjECf5S4OIBmQ+irpBYATZKk2EEDdmKDltcauSlIhJIzUedGdmMySOFzl
+jpx3+dHNb+D9v4luOgvF3mVTYPpjYmJ2HIYel3m0XdElW+okM+L4Q5Nt4Krm+DDp
+L0fUG5tqS+a++53mNIGeGiBhomD0zZMJZ8LXe/FAACHPWA0yUMhCVrZTwzVTHhA7
+g5W1prFW3WYui7x1qF2LIA+SnGFTWXRlIhlAA/1n94Jl6shHnV6guZbzLAX0zk/C
+6WFydhrYhmPXd3o5uWz+oQQHXQCcHeGrNc+fmPKg/bpkyJvgfLc6YaY2gEQmfIrI
+3w/xqhN8mWVVhpHsHK+Wcz44T9uGH4NlYeDYy3TJ1ECri28fbxufAzr8hgbNRDtw
+B8YTijrPUSjwKBG815oO5JsOmHVCkCkIRx7nW72bHIs8ralXX563HK3RPjlFzr2G
+tzk9DF2w2TUQlgzS4wbZk9lXmlgvV0vRzsz+7jcJe1K+ZgyweNg+QIVet3BvobIA
+zeiRFfZuhH3ExNoJKqfZhBtOiePD0JR6JnkhvjEJm1NoHvoDOAQ=
+=epmQ
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-SA-17:09.shm.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc (revision 51201)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:10.kldstat Security Advisory
+ The FreeBSD Project
+
+Topic: Information leak in kldstat(2)
+
+Category: core
+Module: kernel
+Announced: 2017-11-15
+Credits: TJ Corley
+Affects: All supported versions of FreeBSD.
+Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE)
+ 2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4)
+ 2017-11-15 22:50:20 UTC (releng/11.0, 11.0-RELEASE-p15)
+ 2017-11-15 22:35:16 UTC (stable/10, 10.4-STABLE)
+ 2017-11-15 22:50:47 UTC (releng/10.4, 10.4-RELEASE-p3)
+ 2017-11-15 22:51:08 UTC (releng/10.3, 10.3-RELEASE-p24)
+CVE Name: CVE-2017-1088
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The kldstat(2) syscall provides information about loaded kld files. The
+syscall takes a userland argument of struct kld_file_stat which is then
+filled with data about the kld file requested.
+
+II. Problem Description
+
+The kernel does not properly clear the memory of the kld_file_stat
+structure before filling the data. Since the structure filled by the
+kernel is allocated on the kernel stack and copied to userspace, a leak
+of information from the kernel stack is possible.
+
+III. Impact
+
+Some bytes from the kernel stack can be observed in userspace.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-17:10/kldstat.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:10/kldstat.patch.asc
+# gpg --verify kldstat.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r325867
+releng/10.3/ r325878
+releng/10.4/ r325877
+stable/11/ r325866
+releng/11.0/ r325876
+releng/11.1/ r325875
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxhRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+audjZhAA29uguakBjkQtnAlWceN0BOQlkp03iYQh61dFpdH98f7RQcr5cq77XKrM
+pkONtdEVbZNF9g6sly6n9dq5ivAuC9K1KGPtylMcPzHLTzDtV1B13vk2iwwgqkZ7
+GgB+m305kcL85knaASn3PBYwKTKzGOrhZFUZuTTI4VAnbbEmIwTHnJlVHvNwFDIj
+je1XxdDBr4jq7SdCZH8YW9LZAMDi9b+0hg72u20ZQ66uNeadxN4i9DuWtMeHJHb7
+2aZRtHhdw4imryUpHM4FnCp5zp9V87Gyv4wy7IrkOKYtbl4nWqxqVakL7T9yVmY5
+Q4cGqreYq8bF2aM3LyT26VmDfMOovovHJpCRHf9fvlIMj6ajS39FKWMkEeU23ykg
+EiTNk090h/G3REWiPnWjbxt8VGnFGyLe3K1VQqUvS+LlQ4lc45WCJnEHcpbvXT/E
+TNTQ/85nE4BklV1d9wiLy26C21W92IguZam0HdRYJHgEc9Mug+62MfqDzHf0w5HP
+3pu8IV5KMwEjGxzaiDMETIZU+K5fkdzPDNBhscxZ6OOab4zQ0+pZgdT1CSbXV6Ru
+xuOjSyBdz5vVdbq/298VJJ7hNyoP1MgnyaxPrG2ImNDKjUGqbtOgv0m3ISqtsyfs
+pEvyO2MxWWZqdNhtGJuQpOYyzAMxfJdmdOz1PMFFayQiBR7F0ao=
+=N2rs
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-SA-17:10.kldstat.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:08/ptrace.patch
===================================================================
--- head/share/security/patches/SA-17:08/ptrace.patch (nonexistent)
+++ head/share/security/patches/SA-17:08/ptrace.patch (revision 51201)
@@ -0,0 +1,27 @@
+--- sys/kern/sys_process.c.orig
++++ sys/kern/sys_process.c
+@@ -518,6 +518,7 @@
+ struct ptrace_lwpinfo32 *pl32)
+ {
+
++ bzero(pl32, sizeof(*pl32));
+ pl32->pl_lwpid = pl->pl_lwpid;
+ pl32->pl_event = pl->pl_event;
+ pl32->pl_flags = pl->pl_flags;
+@@ -1301,6 +1302,7 @@
+ } else
+ #endif
+ pl = addr;
++ bzero(pl, sizeof(*pl));
+ pl->pl_lwpid = td2->td_tid;
+ pl->pl_event = PL_EVENT_NONE;
+ pl->pl_flags = 0;
+@@ -1321,8 +1323,6 @@
+ pl->pl_siginfo = td2->td_dbgksi.ksi_info;
+ }
+ }
+- if ((pl->pl_flags & PL_FLAG_SI) == 0)
+- bzero(&pl->pl_siginfo, sizeof(pl->pl_siginfo));
+ if (td2->td_dbgflags & TDB_SCE)
+ pl->pl_flags |= PL_FLAG_SCE;
+ else if (td2->td_dbgflags & TDB_SCX)
Property changes on: head/share/security/patches/SA-17:08/ptrace.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:08/ptrace.patch.asc
===================================================================
--- head/share/security/patches/SA-17:08/ptrace.patch.asc (nonexistent)
+++ head/share/security/patches/SA-17:08/ptrace.patch.asc (revision 51201)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxiVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+aueBbRAApWCpppwWGjGogqxNVVeyROsWzCVGy4MGOT0ngU5mc2uwZA1zwbUZ0m1I
+KGIGQGgkJLaU/pHJfjPmG6QGfGW2XY/VGd6EKY5P7dYXx54uGeb0OXU5e+6HLTMX
+dWPkvAXeRQJuIY5A3L4K9lOiS6sLfpk759RlriuMRpqoBOZ4uQxynplYuuBJ/CRc
+Tezy8LehBys2qDwhQa1wgoK/St5heh7TfOcoaumm9KvO7687DADE7bmU/iQ+XntL
+eB/RVQTZ5yxDNe7z4oDsVwUwHFpwrln76feVDYVVdJFz8/dCszRenFhptrC145rY
+W3o+LuczLdf+70vVY6ajLRypIpcvFEzO7X5DKafNFKG0ZvxrQp190+a4DAKJ6Vgh
+8hB6Poz1aBObeJlnLNKPpcXQDwi3FCxyMardrTJG2bIAjqoS27eqF/RVhJpeXexs
+plG2aRk4CdduOyrTYvvqDw2HkDB36kuE3gyFufV9DwMrPWtPQIEJcW9bPNGBdDi/
+LorKHPCXiX1/M8I9DMgOAmcGkaO/UtTqGFNZRrwuC9j2XpVk4gQfF5LUTdnf7FB3
+R0+/+HWYWpHm+OmuodToYgZ5X4+ftQpQztmvgArBLW83AcUUBL4ic7u5kOJCLUlT
+QEseNpEHQBEIJzkOtq/nui//9kimTOWsC6rw7Raeoh/kUmurMjg=
+=AJBS
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-17:08/ptrace.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:09/shm-10.3.patch
===================================================================
--- head/share/security/patches/SA-17:09/shm-10.3.patch (nonexistent)
+++ head/share/security/patches/SA-17:09/shm-10.3.patch (revision 51201)
@@ -0,0 +1,1025 @@
+--- share/man/man9/osd.9.orig
++++ share/man/man9/osd.9
+@@ -25,7 +25,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.Dd January 5, 2011
++.Dd March 30, 2016
+ .Dt OSD 9
+ .Os
+ .Sh NAME
+@@ -33,6 +33,9 @@
+ .Nm osd_register ,
+ .Nm osd_deregister ,
+ .Nm osd_set ,
++.Nm osd_reserve ,
++.Nm osd_set_reserved ,
++.Nm osd_free_reserved ,
+ .Nm osd_get ,
+ .Nm osd_del ,
+ .Nm osd_call ,
+@@ -63,6 +66,22 @@
+ .Fa "void *value"
+ .Fc
+ .Ft void *
++.Fo osd_reserve
++.Fa "u_int slot"
++.Fc
++.Ft int
++.Fo osd_set_reserved
++.Fa "u_int type"
++.Fa "struct osd *osd"
++.Fa "u_int slot"
++.Fa "void *rsv"
++.Fa "void *value"
++.Fc
++.Ft void
++.Fo osd_free_reserved
++.Fa "void *rsv"
++.Fc
++.Ft void *
+ .Fo osd_get
+ .Fa "u_int type"
+ .Fa "struct osd *osd"
+@@ -198,6 +217,15 @@
+ .Fa osd .
+ .Pp
+ The
++.Fn osd_set_reserved
++function does the same as
++.Fn osd_set ,
++but with an extra argument
++.Fa rsv
++that is internal-use memory previously allocated via
++.Fn osd_reserve .
++.Pp
++The
+ .Fn osd_get
+ function returns the data pointer associated with a kernel data structure's
+ .Vt struct osd
+@@ -324,6 +352,24 @@
+ .Xr realloc 9
+ calls.
+ .Pp
++It is possible for
++.Fn osd_set
++to fail to allocate this array. To ensure that such allocation succeeds,
++.Fn osd_reserve
++may be called (in a non-blocking context), and it will pre-allocate the
++memory via
++.Xr malloc 9
++with M_WAITOK.
++Then this pre-allocated memory is passed to
++.Fn osd_set_reserved ,
++which will use it if necessary or otherwise discard it.
++The memory may also be explicitly discarded by calling
++.Fn osd_free_reserved .
++As this method always allocates memory whether or not it is ultimately needed,
++it should be used only rarely, such as in the unlikely event that
++.Fn osd_set
++fails.
++.Pp
+ The
+ .Nm
+ API is geared towards slot identifiers storing pointers to the same underlying
+@@ -359,15 +405,27 @@
+ returns the slot identifier for the newly registered data type.
+ .Pp
+ .Fn osd_set
+-returns zero on success or ENOMEM if the specified type/slot identifier pair
++and
++.Fn osd_set_reserved
++return zero on success or ENOMEM if the specified type/slot identifier pair
+ triggered an internal
+ .Xr realloc 9
+-which failed.
++which failed
++.Fn ( osd_set_reserved
++will always succeed when
++.Fa rsv
++is non-NULL).
+ .Pp
+ .Fn osd_get
+ returns the data pointer for the specified type/slot identifier pair, or NULL if
+ the slot has not been initialised yet.
+ .Pp
++.Fn osd_reserve
++returns a pointer suitable for passing to
++.Fn osd_set_reserved
++or
++.Fn osd_free_reserved .
++.Pp
+ .Fn osd_call
+ returns zero if no method is run or the method for each slot runs successfully.
+ If a method for a slot returns non-zero,
+--- sys/kern/kern_osd.c.orig
++++ sys/kern/kern_osd.c
+@@ -44,6 +44,23 @@
+
+ /* OSD (Object Specific Data) */
+
++/*
++ * Lock key:
++ * (m) osd_module_lock
++ * (o) osd_object_lock
++ * (l) osd_list_lock
++ */
++struct osd_master {
++ struct sx osd_module_lock;
++ struct rmlock osd_object_lock;
++ struct mtx osd_list_lock;
++ LIST_HEAD(, osd) osd_list; /* (l) */
++ osd_destructor_t *osd_destructors; /* (o) */
++ osd_method_t *osd_methods; /* (m) */
++ u_int osd_ntslots; /* (m) */
++ const u_int osd_nmethods;
++};
++
+ static MALLOC_DEFINE(M_OSD, "osd", "Object Specific Data");
+
+ static int osd_debug = 0;
+@@ -62,25 +79,12 @@
+ int list_locked);
+
+ /*
+- * Lists of objects with OSD.
+- *
+- * Lock key:
+- * (m) osd_module_lock
+- * (o) osd_object_lock
+- * (l) osd_list_lock
++ * List of objects with OSD.
+ */
+-static LIST_HEAD(, osd) osd_list[OSD_LAST + 1]; /* (m) */
+-static osd_method_t *osd_methods[OSD_LAST + 1]; /* (m) */
+-static u_int osd_nslots[OSD_LAST + 1]; /* (m) */
+-static osd_destructor_t *osd_destructors[OSD_LAST + 1]; /* (o) */
+-static const u_int osd_nmethods[OSD_LAST + 1] = {
+- [OSD_JAIL] = PR_MAXMETHOD,
++struct osd_master osdm[OSD_LAST + 1] = {
++ [OSD_JAIL] = { .osd_nmethods = PR_MAXMETHOD },
+ };
+
+-static struct sx osd_module_lock[OSD_LAST + 1];
+-static struct rmlock osd_object_lock[OSD_LAST + 1];
+-static struct mtx osd_list_lock[OSD_LAST + 1];
+-
+ static void
+ osd_default_destructor(void *value __unused)
+ {
+@@ -102,12 +106,12 @@
+ if (destructor == NULL)
+ destructor = osd_default_destructor;
+
+- sx_xlock(&osd_module_lock[type]);
++ sx_xlock(&osdm[type].osd_module_lock);
+ /*
+ * First, we try to find unused slot.
+ */
+- for (i = 0; i < osd_nslots[type]; i++) {
+- if (osd_destructors[type][i] == NULL) {
++ for (i = 0; i < osdm[type].osd_ntslots; i++) {
++ if (osdm[type].osd_destructors[i] == NULL) {
+ OSD_DEBUG("Unused slot found (type=%u, slot=%u).",
+ type, i);
+ break;
+@@ -116,31 +120,31 @@
+ /*
+ * If no unused slot was found, allocate one.
+ */
+- if (i == osd_nslots[type]) {
+- osd_nslots[type]++;
+- if (osd_nmethods[type] != 0)
+- osd_methods[type] = realloc(osd_methods[type],
+- sizeof(osd_method_t) * osd_nslots[type] *
+- osd_nmethods[type], M_OSD, M_WAITOK);
+- newptr = malloc(sizeof(osd_destructor_t) * osd_nslots[type],
+- M_OSD, M_WAITOK);
+- rm_wlock(&osd_object_lock[type]);
+- bcopy(osd_destructors[type], newptr,
++ if (i == osdm[type].osd_ntslots) {
++ osdm[type].osd_ntslots++;
++ if (osdm[type].osd_nmethods != 0)
++ osdm[type].osd_methods = realloc(osdm[type].osd_methods,
++ sizeof(osd_method_t) * osdm[type].osd_ntslots *
++ osdm[type].osd_nmethods, M_OSD, M_WAITOK);
++ newptr = malloc(sizeof(osd_destructor_t) *
++ osdm[type].osd_ntslots, M_OSD, M_WAITOK);
++ rm_wlock(&osdm[type].osd_object_lock);
++ bcopy(osdm[type].osd_destructors, newptr,
+ sizeof(osd_destructor_t) * i);
+- free(osd_destructors[type], M_OSD);
+- osd_destructors[type] = newptr;
+- rm_wunlock(&osd_object_lock[type]);
++ free(osdm[type].osd_destructors, M_OSD);
++ osdm[type].osd_destructors = newptr;
++ rm_wunlock(&osdm[type].osd_object_lock);
+ OSD_DEBUG("New slot allocated (type=%u, slot=%u).",
+ type, i + 1);
+ }
+
+- osd_destructors[type][i] = destructor;
+- if (osd_nmethods[type] != 0) {
+- for (m = 0; m < osd_nmethods[type]; m++)
+- osd_methods[type][i * osd_nmethods[type] + m] =
+- methods != NULL ? methods[m] : NULL;
++ osdm[type].osd_destructors[i] = destructor;
++ if (osdm[type].osd_nmethods != 0) {
++ for (m = 0; m < osdm[type].osd_nmethods; m++)
++ osdm[type].osd_methods[i * osdm[type].osd_nmethods + m]
++ = methods != NULL ? methods[m] : NULL;
+ }
+- sx_xunlock(&osd_module_lock[type]);
++ sx_xunlock(&osdm[type].osd_module_lock);
+ return (i + 1);
+ }
+
+@@ -151,37 +155,37 @@
+
+ KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type."));
+ KASSERT(slot > 0, ("Invalid slot."));
+- KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot."));
++ KASSERT(osdm[type].osd_destructors[slot - 1] != NULL, ("Unused slot."));
+
+- sx_xlock(&osd_module_lock[type]);
+- rm_wlock(&osd_object_lock[type]);
++ sx_xlock(&osdm[type].osd_module_lock);
++ rm_wlock(&osdm[type].osd_object_lock);
+ /*
+ * Free all OSD for the given slot.
+ */
+- mtx_lock(&osd_list_lock[type]);
+- LIST_FOREACH_SAFE(osd, &osd_list[type], osd_next, tosd)
++ mtx_lock(&osdm[type].osd_list_lock);
++ LIST_FOREACH_SAFE(osd, &osdm[type].osd_list, osd_next, tosd)
+ do_osd_del(type, osd, slot, 1);
+- mtx_unlock(&osd_list_lock[type]);
++ mtx_unlock(&osdm[type].osd_list_lock);
+ /*
+ * Set destructor to NULL to free the slot.
+ */
+- osd_destructors[type][slot - 1] = NULL;
+- if (slot == osd_nslots[type]) {
+- osd_nslots[type]--;
+- osd_destructors[type] = realloc(osd_destructors[type],
+- sizeof(osd_destructor_t) * osd_nslots[type], M_OSD,
++ osdm[type].osd_destructors[slot - 1] = NULL;
++ if (slot == osdm[type].osd_ntslots) {
++ osdm[type].osd_ntslots--;
++ osdm[type].osd_destructors = realloc(osdm[type].osd_destructors,
++ sizeof(osd_destructor_t) * osdm[type].osd_ntslots, M_OSD,
+ M_NOWAIT | M_ZERO);
+- if (osd_nmethods[type] != 0)
+- osd_methods[type] = realloc(osd_methods[type],
+- sizeof(osd_method_t) * osd_nslots[type] *
+- osd_nmethods[type], M_OSD, M_NOWAIT | M_ZERO);
++ if (osdm[type].osd_nmethods != 0)
++ osdm[type].osd_methods = realloc(osdm[type].osd_methods,
++ sizeof(osd_method_t) * osdm[type].osd_ntslots *
++ osdm[type].osd_nmethods, M_OSD, M_NOWAIT | M_ZERO);
+ /*
+ * We always reallocate to smaller size, so we assume it will
+ * always succeed.
+ */
+- KASSERT(osd_destructors[type] != NULL &&
+- (osd_nmethods[type] == 0 || osd_methods[type] != NULL),
+- ("realloc() failed"));
++ KASSERT(osdm[type].osd_destructors != NULL &&
++ (osdm[type].osd_nmethods == 0 ||
++ osdm[type].osd_methods != NULL), ("realloc() failed"));
+ OSD_DEBUG("Deregistration of the last slot (type=%u, slot=%u).",
+ type, slot);
+ } else {
+@@ -188,68 +192,105 @@
+ OSD_DEBUG("Slot deregistration (type=%u, slot=%u).",
+ type, slot);
+ }
+- rm_wunlock(&osd_object_lock[type]);
+- sx_xunlock(&osd_module_lock[type]);
++ rm_wunlock(&osdm[type].osd_object_lock);
++ sx_xunlock(&osdm[type].osd_module_lock);
+ }
+
+ int
+ osd_set(u_int type, struct osd *osd, u_int slot, void *value)
+ {
++
++ return (osd_set_reserved(type, osd, slot, NULL, value));
++}
++
++void *
++osd_reserve(u_int slot)
++{
++
++ KASSERT(slot > 0, ("Invalid slot."));
++
++ OSD_DEBUG("Reserving slot array (slot=%u).", slot);
++ return (malloc(sizeof(void *) * slot, M_OSD, M_WAITOK | M_ZERO));
++}
++
++int
++osd_set_reserved(u_int type, struct osd *osd, u_int slot, void *rsv,
++ void *value)
++{
+ struct rm_priotracker tracker;
+
+ KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type."));
+ KASSERT(slot > 0, ("Invalid slot."));
+- KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot."));
++ KASSERT(osdm[type].osd_destructors[slot - 1] != NULL, ("Unused slot."));
+
+- rm_rlock(&osd_object_lock[type], &tracker);
++ rm_rlock(&osdm[type].osd_object_lock, &tracker);
+ if (slot > osd->osd_nslots) {
++ void *newptr;
++
+ if (value == NULL) {
+ OSD_DEBUG(
+ "Not allocating null slot (type=%u, slot=%u).",
+ type, slot);
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock, &tracker);
++ if (rsv)
++ osd_free_reserved(rsv);
+ return (0);
+- } else if (osd->osd_nslots == 0) {
++ }
++
++ /*
++ * Too few slots allocated here, so we need to extend or create
++ * the array.
++ */
++ if (rsv) {
+ /*
+- * First OSD for this object, so we need to allocate
+- * space and put it onto the list.
++ * Use the reserve passed in (assumed to be
++ * the right size).
+ */
+- osd->osd_slots = malloc(sizeof(void *) * slot, M_OSD,
+- M_NOWAIT | M_ZERO);
+- if (osd->osd_slots == NULL) {
+- rm_runlock(&osd_object_lock[type], &tracker);
+- return (ENOMEM);
++ newptr = rsv;
++ if (osd->osd_nslots != 0) {
++ memcpy(newptr, osd->osd_slots,
++ sizeof(void *) * osd->osd_nslots);
++ free(osd->osd_slots, M_OSD);
+ }
+- osd->osd_nslots = slot;
+- mtx_lock(&osd_list_lock[type]);
+- LIST_INSERT_HEAD(&osd_list[type], osd, osd_next);
+- mtx_unlock(&osd_list_lock[type]);
+- OSD_DEBUG("Setting first slot (type=%u).", type);
+ } else {
+- void *newptr;
+-
+- /*
+- * Too few slots allocated here, needs to extend
+- * the array.
+- */
+ newptr = realloc(osd->osd_slots, sizeof(void *) * slot,
+ M_OSD, M_NOWAIT | M_ZERO);
+ if (newptr == NULL) {
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock,
++ &tracker);
+ return (ENOMEM);
+ }
+- osd->osd_slots = newptr;
+- osd->osd_nslots = slot;
++ }
++ if (osd->osd_nslots == 0) {
++ /*
++ * First OSD for this object, so we need to put it
++ * onto the list.
++ */
++ mtx_lock(&osdm[type].osd_list_lock);
++ LIST_INSERT_HEAD(&osdm[type].osd_list, osd, osd_next);
++ mtx_unlock(&osdm[type].osd_list_lock);
++ OSD_DEBUG("Setting first slot (type=%u).", type);
++ } else
+ OSD_DEBUG("Growing slots array (type=%u).", type);
+- }
+- }
++ osd->osd_slots = newptr;
++ osd->osd_nslots = slot;
++ } else if (rsv)
++ osd_free_reserved(rsv);
+ OSD_DEBUG("Setting slot value (type=%u, slot=%u, value=%p).", type,
+ slot, value);
+ osd->osd_slots[slot - 1] = value;
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock, &tracker);
+ return (0);
+ }
+
++void
++osd_free_reserved(void *rsv)
++{
++
++ OSD_DEBUG("Discarding reserved slot array.");
++ free(rsv, M_OSD);
++}
++
+ void *
+ osd_get(u_int type, struct osd *osd, u_int slot)
+ {
+@@ -258,9 +299,9 @@
+
+ KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type."));
+ KASSERT(slot > 0, ("Invalid slot."));
+- KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot."));
++ KASSERT(osdm[type].osd_destructors[slot - 1] != NULL, ("Unused slot."));
+
+- rm_rlock(&osd_object_lock[type], &tracker);
++ rm_rlock(&osdm[type].osd_object_lock, &tracker);
+ if (slot > osd->osd_nslots) {
+ value = NULL;
+ OSD_DEBUG("Slot doesn't exist (type=%u, slot=%u).", type, slot);
+@@ -269,7 +310,7 @@
+ OSD_DEBUG("Returning slot value (type=%u, slot=%u, value=%p).",
+ type, slot, value);
+ }
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock, &tracker);
+ return (value);
+ }
+
+@@ -278,9 +319,9 @@
+ {
+ struct rm_priotracker tracker;
+
+- rm_rlock(&osd_object_lock[type], &tracker);
++ rm_rlock(&osdm[type].osd_object_lock, &tracker);
+ do_osd_del(type, osd, slot, 0);
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock, &tracker);
+ }
+
+ static void
+@@ -290,7 +331,7 @@
+
+ KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type."));
+ KASSERT(slot > 0, ("Invalid slot."));
+- KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot."));
++ KASSERT(osdm[type].osd_destructors[slot - 1] != NULL, ("Unused slot."));
+
+ OSD_DEBUG("Deleting slot (type=%u, slot=%u).", type, slot);
+
+@@ -299,7 +340,7 @@
+ return;
+ }
+ if (osd->osd_slots[slot - 1] != NULL) {
+- osd_destructors[type][slot - 1](osd->osd_slots[slot - 1]);
++ osdm[type].osd_destructors[slot - 1](osd->osd_slots[slot - 1]);
+ osd->osd_slots[slot - 1] = NULL;
+ }
+ for (i = osd->osd_nslots - 1; i >= 0; i--) {
+@@ -313,10 +354,10 @@
+ /* No values left for this object. */
+ OSD_DEBUG("No more slots left (type=%u).", type);
+ if (!list_locked)
+- mtx_lock(&osd_list_lock[type]);
++ mtx_lock(&osdm[type].osd_list_lock);
+ LIST_REMOVE(osd, osd_next);
+ if (!list_locked)
+- mtx_unlock(&osd_list_lock[type]);
++ mtx_unlock(&osdm[type].osd_list_lock);
+ free(osd->osd_slots, M_OSD);
+ osd->osd_slots = NULL;
+ osd->osd_nslots = 0;
+@@ -342,7 +383,7 @@
+ int error, i;
+
+ KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type."));
+- KASSERT(method < osd_nmethods[type], ("Invalid method."));
++ KASSERT(method < osdm[type].osd_nmethods, ("Invalid method."));
+
+ /*
+ * Call this method for every slot that defines it, stopping if an
+@@ -349,14 +390,14 @@
+ * error is encountered.
+ */
+ error = 0;
+- sx_slock(&osd_module_lock[type]);
+- for (i = 0; i < osd_nslots[type]; i++) {
+- methodfun =
+- osd_methods[type][i * osd_nmethods[type] + method];
++ sx_slock(&osdm[type].osd_module_lock);
++ for (i = 0; i < osdm[type].osd_ntslots; i++) {
++ methodfun = osdm[type].osd_methods[i * osdm[type].osd_nmethods +
++ method];
+ if (methodfun != NULL && (error = methodfun(obj, data)) != 0)
+ break;
+ }
+- sx_sunlock(&osd_module_lock[type]);
++ sx_sunlock(&osdm[type].osd_module_lock);
+ return (error);
+ }
+
+@@ -374,14 +415,14 @@
+ return;
+ }
+
+- rm_rlock(&osd_object_lock[type], &tracker);
++ rm_rlock(&osdm[type].osd_object_lock, &tracker);
+ for (i = 1; i <= osd->osd_nslots; i++) {
+- if (osd_destructors[type][i - 1] != NULL)
++ if (osdm[type].osd_destructors[i - 1] != NULL)
+ do_osd_del(type, osd, i, 0);
+ else
+ OSD_DEBUG("Unused slot (type=%u, slot=%u).", type, i);
+ }
+- rm_runlock(&osd_object_lock[type], &tracker);
++ rm_runlock(&osdm[type].osd_object_lock, &tracker);
+ OSD_DEBUG("Object exit (type=%u).", type);
+ }
+
+@@ -391,13 +432,13 @@
+ u_int i;
+
+ for (i = OSD_FIRST; i <= OSD_LAST; i++) {
+- osd_nslots[i] = 0;
+- LIST_INIT(&osd_list[i]);
+- sx_init(&osd_module_lock[i], "osd_module");
+- rm_init(&osd_object_lock[i], "osd_object");
+- mtx_init(&osd_list_lock[i], "osd_list", NULL, MTX_DEF);
+- osd_destructors[i] = NULL;
+- osd_methods[i] = NULL;
++ sx_init(&osdm[i].osd_module_lock, "osd_module");
++ rm_init(&osdm[i].osd_object_lock, "osd_object");
++ mtx_init(&osdm[i].osd_list_lock, "osd_list", NULL, MTX_DEF);
++ LIST_INIT(&osdm[i].osd_list);
++ osdm[i].osd_destructors = NULL;
++ osdm[i].osd_ntslots = 0;
++ osdm[i].osd_methods = NULL;
+ }
+ }
+ SYSINIT(osd, SI_SUB_LOCK, SI_ORDER_ANY, osd_init, NULL);
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -52,6 +52,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -60,8 +61,8 @@
+ #include
+ #include
+ #include
++#include
+ #include
+-#include
+ #include
+ #include
+ #include
+@@ -131,6 +132,7 @@
+ LIST_HEAD(,mqfs_node) mn_children;
+ LIST_ENTRY(mqfs_node) mn_sibling;
+ LIST_HEAD(,mqfs_vdata) mn_vnodes;
++ const void *mn_pr_root;
+ int mn_refcount;
+ mqfs_type_t mn_type;
+ int mn_deleted;
+@@ -151,6 +153,11 @@
+ #define FPTOMQ(fp) ((struct mqueue *)(((struct mqfs_node *) \
+ (fp)->f_data)->mn_data))
+
++struct mqfs_osd {
++ struct task mo_task;
++ const void *mo_pr_root;
++};
++
+ TAILQ_HEAD(msgq, mqueue_msg);
+
+ struct mqueue;
+@@ -218,6 +225,7 @@
+ static uma_zone_t mqnoti_zone;
+ static struct vop_vector mqfs_vnodeops;
+ static struct fileops mqueueops;
++static unsigned mqfs_osd_jail_slot;
+
+ /*
+ * Directory structure construction and manipulation
+@@ -235,6 +243,9 @@
+ static void mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn);
+ static void mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn);
+ static int mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn);
++static int mqfs_prison_create(void *obj, void *data);
++static void mqfs_prison_destructor(void *data);
++static void mqfs_prison_remove_task(void *context, int pending);
+
+ /*
+ * Message queue construction and maniplation
+@@ -435,6 +446,7 @@
+
+ node = mqnode_alloc();
+ strncpy(node->mn_name, name, namelen);
++ node->mn_pr_root = cred->cr_prison->pr_root;
+ node->mn_type = nodetype;
+ node->mn_refcount = 1;
+ vfs_timestamp(&node->mn_birth);
+@@ -643,6 +655,10 @@
+ {
+ struct mqfs_node *root;
+ struct mqfs_info *mi;
++ struct prison *pr;
++ osd_method_t methods[PR_MAXMETHOD] = {
++ [PR_METHOD_CREATE] = mqfs_prison_create,
++ };
+
+ mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node),
+ NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
+@@ -669,6 +685,13 @@
+ EVENTHANDLER_PRI_ANY);
+ mq_fdclose = mqueue_fdclose;
+ p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING);
++
++ /* Note current jails. */
++ mqfs_osd_jail_slot = osd_jail_register(mqfs_prison_destructor, methods);
++ sx_slock(&allprison_lock);
++ TAILQ_FOREACH(pr, &allprison, pr_list)
++ (void)mqfs_prison_create(pr, NULL);
++ sx_sunlock(&allprison_lock);
+ return (0);
+ }
+
+@@ -678,10 +701,14 @@
+ static int
+ mqfs_uninit(struct vfsconf *vfc)
+ {
++ unsigned slot;
+ struct mqfs_info *mi;
+
+ if (!unloadable)
+ return (EOPNOTSUPP);
++ slot = mqfs_osd_jail_slot;
++ mqfs_osd_jail_slot = 0;
++ osd_jail_deregister(slot);
+ EVENTHANDLER_DEREGISTER(process_exit, exit_tag);
+ mi = &mqfs_data;
+ mqfs_destroy(mi->mi_root);
+@@ -799,13 +826,17 @@
+ * Search a directory entry
+ */
+ static struct mqfs_node *
+-mqfs_search(struct mqfs_node *pd, const char *name, int len)
++mqfs_search(struct mqfs_node *pd, const char *name, int len, struct ucred *cred)
+ {
+ struct mqfs_node *pn;
++ const void *pr_root;
+
+ sx_assert(&pd->mn_info->mi_lock, SX_LOCKED);
++ pr_root = cred->cr_prison->pr_root;
+ LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
+- if (strncmp(pn->mn_name, name, len) == 0 &&
++ /* Only match names within the same prison root directory */
++ if ((pn->mn_pr_root == NULL || pn->mn_pr_root == pr_root) &&
++ strncmp(pn->mn_name, name, len) == 0 &&
+ pn->mn_name[len] == '\0')
+ return (pn);
+ }
+@@ -877,7 +908,7 @@
+
+ /* named node */
+ sx_xlock(&mqfs->mi_lock);
+- pn = mqfs_search(pd, pname, namelen);
++ pn = mqfs_search(pd, pname, namelen, cnp->cn_cred);
+ if (pn != NULL)
+ mqnode_addref(pn);
+ sx_xunlock(&mqfs->mi_lock);
+@@ -1362,6 +1393,7 @@
+ struct mqfs_node *pn;
+ struct dirent entry;
+ struct uio *uio;
++ const void *pr_root;
+ int *tmp_ncookies = NULL;
+ off_t offset;
+ int error, i;
+@@ -1386,10 +1418,18 @@
+ error = 0;
+ offset = 0;
+
++ pr_root = ap->a_cred->cr_prison->pr_root;
+ sx_xlock(&mi->mi_lock);
+
+ LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
+ entry.d_reclen = sizeof(entry);
++
++ /*
++ * Only show names within the same prison root directory
++ * (or not associated with a prison, e.g. "." and "..").
++ */
++ if (pn->mn_pr_root != NULL && pn->mn_pr_root != pr_root)
++ continue;
+ if (!pn->mn_fileno)
+ mqfs_fileno_alloc(mi, pn);
+ entry.d_fileno = pn->mn_fileno;
+@@ -1522,7 +1562,82 @@
+
+ #endif /* notyet */
+
++
+ /*
++ * Set a destructor task with the prison's root
++ */
++static int
++mqfs_prison_create(void *obj, void *data __unused)
++{
++ struct prison *pr = obj;
++ struct mqfs_osd *mo;
++ void *rsv;
++
++ if (pr->pr_root == pr->pr_parent->pr_root)
++ return(0);
++
++ mo = malloc(sizeof(struct mqfs_osd), M_PRISON, M_WAITOK);
++ rsv = osd_reserve(mqfs_osd_jail_slot);
++ TASK_INIT(&mo->mo_task, 0, mqfs_prison_remove_task, mo);
++ mtx_lock(&pr->pr_mtx);
++ mo->mo_pr_root = pr->pr_root;
++ (void)osd_jail_set_reserved(pr, mqfs_osd_jail_slot, rsv, mo);
++ mtx_unlock(&pr->pr_mtx);
++ return (0);
++}
++
++/*
++ * Queue the task for after jail/OSD locks are released
++ */
++static void
++mqfs_prison_destructor(void *data)
++{
++ struct mqfs_osd *mo = data;
++
++ if (mqfs_osd_jail_slot != 0)
++ taskqueue_enqueue(taskqueue_thread, &mo->mo_task);
++ else
++ free(mo, M_PRISON);
++}
++
++/*
++ * See if this prison root is obsolete, and clean up associated queues if it is
++ */
++static void
++mqfs_prison_remove_task(void *context, int pending)
++{
++ struct mqfs_osd *mo = context;
++ struct mqfs_node *pn, *tpn;
++ const struct prison *pr;
++ const void *pr_root;
++ int found;
++
++ pr_root = mo->mo_pr_root;
++ found = 0;
++ sx_slock(&allprison_lock);
++ TAILQ_FOREACH(pr, &allprison, pr_list) {
++ if (pr->pr_root == pr_root)
++ found = 1;
++ }
++ sx_sunlock(&allprison_lock);
++ if (!found) {
++ /*
++ * No jails are rooted in this directory anymore,
++ * so no queues should be either.
++ */
++ sx_xlock(&mqfs_data.mi_lock);
++ LIST_FOREACH_SAFE(pn, &mqfs_data.mi_root->mn_children,
++ mn_sibling, tpn) {
++ if (pn->mn_pr_root == pr_root)
++ (void)do_unlink(pn, curthread->td_ucred);
++ }
++ sx_xunlock(&mqfs_data.mi_lock);
++ }
++ free(mo, M_PRISON);
++}
++
++
++/*
+ * Allocate a message queue
+ */
+ static struct mqueue *
+@@ -1982,7 +2097,7 @@
+ return (error);
+
+ sx_xlock(&mqfs_data.mi_lock);
+- pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
++ pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1, td->td_ucred);
+ if (pn == NULL) {
+ if (!(flags & O_CREAT)) {
+ error = ENOENT;
+@@ -2077,7 +2192,7 @@
+ return (EINVAL);
+
+ sx_xlock(&mqfs_data.mi_lock);
+- pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
++ pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1, td->td_ucred);
+ if (pn != NULL)
+ error = do_unlink(pn, td->td_ucred);
+ else
+--- sys/kern/uipc_sem.c.orig
++++ sys/kern/uipc_sem.c
+@@ -44,6 +44,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -444,12 +445,24 @@
+ static void
+ ksem_info_impl(struct ksem *ks, char *path, size_t size, uint32_t *value)
+ {
++ const char *ks_path, *pr_path;
++ size_t pr_pathlen;
+
+ if (ks->ks_path == NULL)
+ return;
+ sx_slock(&ksem_dict_lock);
+- if (ks->ks_path != NULL)
+- strlcpy(path, ks->ks_path, size);
++ ks_path = ks->ks_path;
++ if (ks_path != NULL) {
++ pr_path = curthread->td_ucred->cr_prison->pr_path;
++ if (strcmp(pr_path, "/") != 0) {
++ /* Return the jail-rooted pathname. */
++ pr_pathlen = strlen(pr_path);
++ if (strncmp(ks_path, pr_path, pr_pathlen) == 0 &&
++ ks_path[pr_pathlen] == '/')
++ ks_path += pr_pathlen;
++ }
++ strlcpy(path, ks_path, size);
++ }
+ if (value != NULL)
+ *value = ks->ks_value;
+ sx_sunlock(&ksem_dict_lock);
+@@ -493,6 +506,8 @@
+ struct ksem *ks;
+ struct file *fp;
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error, fd;
+
+@@ -529,10 +544,16 @@
+ ks->ks_flags |= KS_ANONYMOUS;
+ } else {
+ path = malloc(MAXPATHLEN, M_KSEM, M_WAITOK);
+- error = copyinstr(name, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
+
++ /* Construct a full pathname for jailed callers. */
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(name, path + pr_pathlen,
++ MAXPATHLEN - pr_pathlen, NULL);
++
+ /* Require paths to start with a '/' character. */
+- if (error == 0 && path[0] != '/')
++ if (error == 0 && path[pr_pathlen] != '/')
+ error = EINVAL;
+ if (error) {
+ fdclose(fdp, fp, fd, td);
+@@ -668,11 +689,17 @@
+ sys_ksem_unlink(struct thread *td, struct ksem_unlink_args *uap)
+ {
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error;
+
+ path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
+- error = copyinstr(uap->name, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->name, path + pr_pathlen, MAXPATHLEN - pr_pathlen,
++ NULL);
+ if (error) {
+ free(path, M_TEMP);
+ return (error);
+--- sys/kern/uipc_shm.c.orig
++++ sys/kern/uipc_shm.c
+@@ -57,6 +57,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -711,6 +712,8 @@
+ struct shmfd *shmfd;
+ struct file *fp;
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ mode_t cmode;
+ int fd, error;
+@@ -748,13 +751,19 @@
+ shmfd = shm_alloc(td->td_ucred, cmode);
+ } else {
+ path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK);
+- error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++
++ /* Construct a full pathname for jailed callers. */
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->path, path + pr_pathlen,
++ MAXPATHLEN - pr_pathlen, NULL);
+ #ifdef KTRACE
+ if (error == 0 && KTRPOINT(curthread, KTR_NAMEI))
+ ktrnamei(path);
+ #endif
+ /* Require paths to start with a '/' character. */
+- if (error == 0 && path[0] != '/')
++ if (error == 0 && path[pr_pathlen] != '/')
+ error = EINVAL;
+ if (error) {
+ fdclose(fdp, fp, fd, td);
+@@ -841,11 +850,17 @@
+ sys_shm_unlink(struct thread *td, struct shm_unlink_args *uap)
+ {
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error;
+
+ path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
+- error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->path, path + pr_pathlen, MAXPATHLEN - pr_pathlen,
++ NULL);
+ if (error) {
+ free(path, M_TEMP);
+ return (error);
+@@ -1052,11 +1067,23 @@
+ void
+ shm_path(struct shmfd *shmfd, char *path, size_t size)
+ {
++ const char *shm_path, *pr_path;
++ size_t pr_pathlen;
+
+ if (shmfd->shm_path == NULL)
+ return;
+ sx_slock(&shm_dict_lock);
+- if (shmfd->shm_path != NULL)
+- strlcpy(path, shmfd->shm_path, size);
++ shm_path = shmfd->shm_path;
++ if (shm_path != NULL) {
++ pr_path = curthread->td_ucred->cr_prison->pr_path;
++ if (strcmp(pr_path, "/") != 0) {
++ /* Return the jail-rooted pathname. */
++ pr_pathlen = strlen(pr_path);
++ if (strncmp(shm_path, pr_path, pr_pathlen) == 0 &&
++ shm_path[pr_pathlen] == '/')
++ shm_path += pr_pathlen;
++ }
++ strlcpy(path, shm_path, size);
++ }
+ sx_sunlock(&shm_dict_lock);
+ }
+--- sys/sys/osd.h.orig
++++ sys/sys/osd.h
+@@ -59,6 +59,10 @@
+ void osd_deregister(u_int type, u_int slot);
+
+ int osd_set(u_int type, struct osd *osd, u_int slot, void *value);
++void *osd_reserve(u_int slot);
++int osd_set_reserved(u_int type, struct osd *osd, u_int slot, void *rsv,
++ void *value);
++void osd_free_reserved(void *rsv);
+ void *osd_get(u_int type, struct osd *osd, u_int slot);
+ void osd_del(u_int type, struct osd *osd, u_int slot);
+ int osd_call(u_int type, u_int method, void *obj, void *data);
+@@ -71,6 +75,8 @@
+ osd_deregister(OSD_THREAD, (slot))
+ #define osd_thread_set(td, slot, value) \
+ osd_set(OSD_THREAD, &(td)->td_osd, (slot), (value))
++#define osd_thread_set_reserved(td, slot, rsv, value) \
++ osd_set_reserved(OSD_THREAD, &(td)->td_osd, (slot), (rsv), (value))
+ #define osd_thread_get(td, slot) \
+ osd_get(OSD_THREAD, &(td)->td_osd, (slot))
+ #define osd_thread_del(td, slot) do { \
+@@ -88,6 +94,8 @@
+ osd_deregister(OSD_JAIL, (slot))
+ #define osd_jail_set(pr, slot, value) \
+ osd_set(OSD_JAIL, &(pr)->pr_osd, (slot), (value))
++#define osd_jail_set_reserved(pr, slot, rsv, value) \
++ osd_set_reserved(OSD_JAIL, &(pr)->pr_osd, (slot), (rsv), (value))
+ #define osd_jail_get(pr, slot) \
+ osd_get(OSD_JAIL, &(pr)->pr_osd, (slot))
+ #define osd_jail_del(pr, slot) \
Property changes on: head/share/security/patches/SA-17:09/shm-10.3.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:09/shm-10.3.patch.asc
===================================================================
--- head/share/security/patches/SA-17:09/shm-10.3.patch.asc (nonexistent)
+++ head/share/security/patches/SA-17:09/shm-10.3.patch.asc (revision 51201)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxjRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+auenfg/9E6q50Ghg4zZdsQCasxVQbKIChpZhSnWsLYPBj/6p7OvYuDEEFCmD5Em0
+OVymwJZw1Ist+toQ9SmbNbkylkNW8Nsh5ZL1/LjK3/4/T6bcN4QprV3HSuUyRBVd
+uN3nNw7bU7tYC0mrUi5e9V7OMW3FeQD3yusEnppe8MKjWYYSlElVJuGYoc1Wl10B
+uHe2WThVEPVqkF2BQexQCo4PyszA5vH1/YseoBgW+gRBIcqHqVsH0RIC3H9shIL1
+0QaeA+H/03xBtpWaZcBALYCyPWajKq5bQTSqMx6tikfNlWCWAc0LFjgpgtj+yujW
+isMyDxTqdYhPGn4Rpfz7JH/OImMdICH/+9f5i0but90DD/eGo38XY7QwypZzR0eR
+itCpyPLeqPJgOajSP76kVyMCr8LwmKnOrDDf1AFCjUNdrJrQybJdDHRbOOUr9arp
+qyOLMDrEhjuSlcvi4jvoHufhyZ8CZESASgrB1vR3fsib0UBfcbK2DFBvQAdD55tf
+LIYdf7+CcgjKxcALewL1uCOY1lmrYW1fA4SEevVQAjmuGpTQm2wFAQX86TrzMKjl
+sj6MXJkI6Nawe4L/T7EnhIytEdcka7bfTHaBtzhLR1bRo8DoGk/WJkUtQNWm5kF3
+UNeChno3BxTBZZK5OvVZ3lB0u4/O1UXM/zZkp0JHj1R0npNsWpw=
+=uZpC
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-17:09/shm-10.3.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:09/shm-10.patch
===================================================================
--- head/share/security/patches/SA-17:09/shm-10.patch (nonexistent)
+++ head/share/security/patches/SA-17:09/shm-10.patch (revision 51201)
@@ -0,0 +1,361 @@
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -52,6 +52,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -60,8 +61,8 @@
+ #include
+ #include
+ #include
++#include
+ #include
+-#include
+ #include
+ #include
+ #include
+@@ -131,6 +132,7 @@
+ LIST_HEAD(,mqfs_node) mn_children;
+ LIST_ENTRY(mqfs_node) mn_sibling;
+ LIST_HEAD(,mqfs_vdata) mn_vnodes;
++ const void *mn_pr_root;
+ int mn_refcount;
+ mqfs_type_t mn_type;
+ int mn_deleted;
+@@ -218,6 +220,7 @@
+ static uma_zone_t mqnoti_zone;
+ static struct vop_vector mqfs_vnodeops;
+ static struct fileops mqueueops;
++static unsigned mqfs_osd_jail_slot;
+
+ /*
+ * Directory structure construction and manipulation
+@@ -235,6 +238,7 @@
+ static void mqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn);
+ static void mqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn);
+ static int mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn);
++static int mqfs_prison_remove(void *obj, void *data);
+
+ /*
+ * Message queue construction and maniplation
+@@ -435,6 +439,7 @@
+
+ node = mqnode_alloc();
+ strncpy(node->mn_name, name, namelen);
++ node->mn_pr_root = cred->cr_prison->pr_root;
+ node->mn_type = nodetype;
+ node->mn_refcount = 1;
+ vfs_timestamp(&node->mn_birth);
+@@ -643,6 +648,9 @@
+ {
+ struct mqfs_node *root;
+ struct mqfs_info *mi;
++ osd_method_t methods[PR_MAXMETHOD] = {
++ [PR_METHOD_REMOVE] = mqfs_prison_remove,
++ };
+
+ mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node),
+ NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
+@@ -669,6 +677,7 @@
+ EVENTHANDLER_PRI_ANY);
+ mq_fdclose = mqueue_fdclose;
+ p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING);
++ mqfs_osd_jail_slot = osd_jail_register(NULL, methods);
+ return (0);
+ }
+
+@@ -682,6 +691,7 @@
+
+ if (!unloadable)
+ return (EOPNOTSUPP);
++ osd_jail_deregister(mqfs_osd_jail_slot);
+ EVENTHANDLER_DEREGISTER(process_exit, exit_tag);
+ mi = &mqfs_data;
+ mqfs_destroy(mi->mi_root);
+@@ -801,13 +811,17 @@
+ * Search a directory entry
+ */
+ static struct mqfs_node *
+-mqfs_search(struct mqfs_node *pd, const char *name, int len)
++mqfs_search(struct mqfs_node *pd, const char *name, int len, struct ucred *cred)
+ {
+ struct mqfs_node *pn;
++ const void *pr_root;
+
+ sx_assert(&pd->mn_info->mi_lock, SX_LOCKED);
++ pr_root = cred->cr_prison->pr_root;
+ LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
+- if (strncmp(pn->mn_name, name, len) == 0 &&
++ /* Only match names within the same prison root directory */
++ if ((pn->mn_pr_root == NULL || pn->mn_pr_root == pr_root) &&
++ strncmp(pn->mn_name, name, len) == 0 &&
+ pn->mn_name[len] == '\0')
+ return (pn);
+ }
+@@ -879,7 +893,7 @@
+
+ /* named node */
+ sx_xlock(&mqfs->mi_lock);
+- pn = mqfs_search(pd, pname, namelen);
++ pn = mqfs_search(pd, pname, namelen, cnp->cn_cred);
+ if (pn != NULL)
+ mqnode_addref(pn);
+ sx_xunlock(&mqfs->mi_lock);
+@@ -1364,6 +1378,7 @@
+ struct mqfs_node *pn;
+ struct dirent entry;
+ struct uio *uio;
++ const void *pr_root;
+ int *tmp_ncookies = NULL;
+ off_t offset;
+ int error, i;
+@@ -1388,10 +1403,18 @@
+ error = 0;
+ offset = 0;
+
++ pr_root = ap->a_cred->cr_prison->pr_root;
+ sx_xlock(&mi->mi_lock);
+
+ LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
+ entry.d_reclen = sizeof(entry);
++
++ /*
++ * Only show names within the same prison root directory
++ * (or not associated with a prison, e.g. "." and "..").
++ */
++ if (pn->mn_pr_root != NULL && pn->mn_pr_root != pr_root)
++ continue;
+ if (!pn->mn_fileno)
+ mqfs_fileno_alloc(mi, pn);
+ entry.d_fileno = pn->mn_fileno;
+@@ -1525,6 +1548,38 @@
+ #endif /* notyet */
+
+ /*
++ * See if this prison root is obsolete, and clean up associated queues if it is.
++ */
++static int
++mqfs_prison_remove(void *obj, void *data __unused)
++{
++ const struct prison *pr = obj;
++ const struct prison *tpr;
++ struct mqfs_node *pn, *tpn;
++ int found;
++
++ found = 0;
++ TAILQ_FOREACH(tpr, &allprison, pr_list) {
++ if (tpr->pr_root == pr->pr_root && tpr != pr && tpr->pr_ref > 0)
++ found = 1;
++ }
++ if (!found) {
++ /*
++ * No jails are rooted in this directory anymore,
++ * so no queues should be either.
++ */
++ sx_xlock(&mqfs_data.mi_lock);
++ LIST_FOREACH_SAFE(pn, &mqfs_data.mi_root->mn_children,
++ mn_sibling, tpn) {
++ if (pn->mn_pr_root == pr->pr_root)
++ (void)do_unlink(pn, curthread->td_ucred);
++ }
++ sx_xunlock(&mqfs_data.mi_lock);
++ }
++ return (0);
++}
++
++/*
+ * Allocate a message queue
+ */
+ static struct mqueue *
+@@ -1984,7 +2039,7 @@
+ return (error);
+
+ sx_xlock(&mqfs_data.mi_lock);
+- pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
++ pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1, td->td_ucred);
+ if (pn == NULL) {
+ if (!(flags & O_CREAT)) {
+ error = ENOENT;
+@@ -2079,7 +2134,7 @@
+ return (EINVAL);
+
+ sx_xlock(&mqfs_data.mi_lock);
+- pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1);
++ pn = mqfs_search(mqfs_data.mi_root, path + 1, len - 1, td->td_ucred);
+ if (pn != NULL)
+ error = do_unlink(pn, td->td_ucred);
+ else
+--- sys/kern/uipc_sem.c.orig
++++ sys/kern/uipc_sem.c
+@@ -44,6 +44,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -444,12 +445,24 @@
+ static void
+ ksem_info_impl(struct ksem *ks, char *path, size_t size, uint32_t *value)
+ {
++ const char *ks_path, *pr_path;
++ size_t pr_pathlen;
+
+ if (ks->ks_path == NULL)
+ return;
+ sx_slock(&ksem_dict_lock);
+- if (ks->ks_path != NULL)
+- strlcpy(path, ks->ks_path, size);
++ ks_path = ks->ks_path;
++ if (ks_path != NULL) {
++ pr_path = curthread->td_ucred->cr_prison->pr_path;
++ if (strcmp(pr_path, "/") != 0) {
++ /* Return the jail-rooted pathname. */
++ pr_pathlen = strlen(pr_path);
++ if (strncmp(ks_path, pr_path, pr_pathlen) == 0 &&
++ ks_path[pr_pathlen] == '/')
++ ks_path += pr_pathlen;
++ }
++ strlcpy(path, ks_path, size);
++ }
+ if (value != NULL)
+ *value = ks->ks_value;
+ sx_sunlock(&ksem_dict_lock);
+@@ -493,6 +506,8 @@
+ struct ksem *ks;
+ struct file *fp;
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error, fd;
+
+@@ -529,10 +544,16 @@
+ ks->ks_flags |= KS_ANONYMOUS;
+ } else {
+ path = malloc(MAXPATHLEN, M_KSEM, M_WAITOK);
+- error = copyinstr(name, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
+
++ /* Construct a full pathname for jailed callers. */
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(name, path + pr_pathlen,
++ MAXPATHLEN - pr_pathlen, NULL);
++
+ /* Require paths to start with a '/' character. */
+- if (error == 0 && path[0] != '/')
++ if (error == 0 && path[pr_pathlen] != '/')
+ error = EINVAL;
+ if (error) {
+ fdclose(td, fp, fd);
+@@ -668,11 +689,17 @@
+ sys_ksem_unlink(struct thread *td, struct ksem_unlink_args *uap)
+ {
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error;
+
+ path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
+- error = copyinstr(uap->name, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->name, path + pr_pathlen, MAXPATHLEN - pr_pathlen,
++ NULL);
+ if (error) {
+ free(path, M_TEMP);
+ return (error);
+--- sys/kern/uipc_shm.c.orig
++++ sys/kern/uipc_shm.c
+@@ -57,6 +57,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -712,6 +713,8 @@
+ struct shmfd *shmfd;
+ struct file *fp;
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ mode_t cmode;
+ int fd, error;
+@@ -749,13 +752,19 @@
+ shmfd = shm_alloc(td->td_ucred, cmode);
+ } else {
+ path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK);
+- error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++
++ /* Construct a full pathname for jailed callers. */
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->path, path + pr_pathlen,
++ MAXPATHLEN - pr_pathlen, NULL);
+ #ifdef KTRACE
+ if (error == 0 && KTRPOINT(curthread, KTR_NAMEI))
+ ktrnamei(path);
+ #endif
+ /* Require paths to start with a '/' character. */
+- if (error == 0 && path[0] != '/')
++ if (error == 0 && path[pr_pathlen] != '/')
+ error = EINVAL;
+ if (error) {
+ fdclose(td, fp, fd);
+@@ -842,11 +851,17 @@
+ sys_shm_unlink(struct thread *td, struct shm_unlink_args *uap)
+ {
+ char *path;
++ const char *pr_path;
++ size_t pr_pathlen;
+ Fnv32_t fnv;
+ int error;
+
+ path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
+- error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
++ pr_path = td->td_ucred->cr_prison->pr_path;
++ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0
++ : strlcpy(path, pr_path, MAXPATHLEN);
++ error = copyinstr(uap->path, path + pr_pathlen, MAXPATHLEN - pr_pathlen,
++ NULL);
+ if (error) {
+ free(path, M_TEMP);
+ return (error);
+@@ -1053,11 +1068,23 @@
+ void
+ shm_path(struct shmfd *shmfd, char *path, size_t size)
+ {
++ const char *shm_path, *pr_path;
++ size_t pr_pathlen;
+
+ if (shmfd->shm_path == NULL)
+ return;
+ sx_slock(&shm_dict_lock);
+- if (shmfd->shm_path != NULL)
+- strlcpy(path, shmfd->shm_path, size);
++ shm_path = shmfd->shm_path;
++ if (shm_path != NULL) {
++ pr_path = curthread->td_ucred->cr_prison->pr_path;
++ if (strcmp(pr_path, "/") != 0) {
++ /* Return the jail-rooted pathname. */
++ pr_pathlen = strlen(pr_path);
++ if (strncmp(shm_path, pr_path, pr_pathlen) == 0 &&
++ shm_path[pr_pathlen] == '/')
++ shm_path += pr_pathlen;
++ }
++ strlcpy(path, shm_path, size);
++ }
+ sx_sunlock(&shm_dict_lock);
+ }
Property changes on: head/share/security/patches/SA-17:09/shm-10.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:09/shm-10.patch.asc
===================================================================
--- head/share/security/patches/SA-17:09/shm-10.patch.asc (nonexistent)
+++ head/share/security/patches/SA-17:09/shm-10.patch.asc (revision 51201)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxjBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+aud+NQ//brfNPCYRN11P4LroaBUcy5Ylz8uA95mE/MwU1R9jA0LBpIvKmuzZQ0C1
+vaw8CCk2NfKZdod+/6MtPq5ngHSkaFpLEpT91T4z6CnjwDFkWtGWbSmOP6w9dtJY
+tl2lU2MsQYe6xCbW6Idf45gWEbca7S3pkjc8Qrun1Eofl86OmNLcHvbQQDn0LzLv
+/Albm3zqNusBJRY4GN7lcAbN8GjuYcXgqgvP4x9UkW2oUWBwaUxFieW+TqfDtQC0
+a1G7OFit+kF9vDaWKM6dALPc5etV5WsUl/W1/qCpja32IZ9Dc8fiKMapp3/p2+xe
+B5iA8UOa+PzOReoIc/PsCy1oKpor5vvJA5h70APfvUHwodb4slNPK15ZxynK9llE
+vHIN+fY/Xfjz0NM5xEz9QhOHue7H9nNtIHQSdy9wZzXT/s8rmf+5MWFgyKtMQac3
+Mat/RRZu+eLGvshQrnAseXvpmbGv7B06qOr81zx+K353rXrBm+V+5Z9ftvt2Ajlg
+YfPN4ExjXSsn2m8piuPuJT/6uyfo/NKdQrT9G4GLJi/gW9FSvAMMx7kT47U6MEFq
+FjYP70Z3JO/lCJz/yQHg6+LLR69GEFyqX54zrOfsYxfobLiiDJurcWHaVEnvVIes
+Sqc8fw2SPz74rL2GwkQttPTqJzGfXwKJGljcG5Yfr8l+0ZxLUFs=
+=4WnF
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-17:09/shm-10.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:10/kldstat.patch
===================================================================
--- head/share/security/patches/SA-17:10/kldstat.patch (nonexistent)
+++ head/share/security/patches/SA-17:10/kldstat.patch (revision 51201)
@@ -0,0 +1,75 @@
+--- sys/compat/freebsd32/freebsd32_misc.c.orig
++++ sys/compat/freebsd32/freebsd32_misc.c
+@@ -3331,8 +3331,8 @@
+ int
+ freebsd32_kldstat(struct thread *td, struct freebsd32_kldstat_args *uap)
+ {
+- struct kld_file_stat stat;
+- struct kld32_file_stat stat32;
++ struct kld_file_stat *stat;
++ struct kld32_file_stat *stat32;
+ int error, version;
+
+ if ((error = copyin(&uap->stat->version, &version, sizeof(version)))
+@@ -3342,17 +3342,22 @@
+ version != sizeof(struct kld32_file_stat))
+ return (EINVAL);
+
+- error = kern_kldstat(td, uap->fileid, &stat);
+- if (error != 0)
+- return (error);
+-
+- bcopy(&stat.name[0], &stat32.name[0], sizeof(stat.name));
+- CP(stat, stat32, refs);
+- CP(stat, stat32, id);
+- PTROUT_CP(stat, stat32, address);
+- CP(stat, stat32, size);
+- bcopy(&stat.pathname[0], &stat32.pathname[0], sizeof(stat.pathname));
+- return (copyout(&stat32, uap->stat, version));
++ stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK | M_ZERO);
++ stat32 = malloc(sizeof(*stat32), M_TEMP, M_WAITOK | M_ZERO);
++ error = kern_kldstat(td, uap->fileid, stat);
++ if (error == 0) {
++ bcopy(&stat->name[0], &stat32->name[0], sizeof(stat->name));
++ CP(*stat, *stat32, refs);
++ CP(*stat, *stat32, id);
++ PTROUT_CP(*stat, *stat32, address);
++ CP(*stat, *stat32, size);
++ bcopy(&stat->pathname[0], &stat32->pathname[0],
++ sizeof(stat->pathname));
++ error = copyout(stat32, uap->stat, version);
++ }
++ free(stat, M_TEMP);
++ free(stat32, M_TEMP);
++ return (error);
+ }
+
+ int
+--- sys/kern/kern_linker.c.orig
++++ sys/kern/kern_linker.c
+@@ -1229,7 +1229,7 @@
+ int
+ sys_kldstat(struct thread *td, struct kldstat_args *uap)
+ {
+- struct kld_file_stat stat;
++ struct kld_file_stat *stat;
+ int error, version;
+
+ /*
+@@ -1242,10 +1242,12 @@
+ version != sizeof(struct kld_file_stat))
+ return (EINVAL);
+
+- error = kern_kldstat(td, uap->fileid, &stat);
+- if (error != 0)
+- return (error);
+- return (copyout(&stat, uap->stat, version));
++ stat = malloc(sizeof(*stat), M_TEMP, M_WAITOK | M_ZERO);
++ error = kern_kldstat(td, uap->fileid, stat);
++ if (error == 0)
++ error = copyout(stat, uap->stat, version);
++ free(stat, M_TEMP);
++ return (error);
+ }
+
+ int
Property changes on: head/share/security/patches/SA-17:10/kldstat.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-17:10/kldstat.patch.asc
===================================================================
--- head/share/security/patches/SA-17:10/kldstat.patch.asc (nonexistent)
+++ head/share/security/patches/SA-17:10/kldstat.patch.asc (revision 51201)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxj1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
+RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
+aud7chAApmeYQat1/fM0tufIYLhiq1sNIqJWoVg1mRRIfKQWIiq1qscyke6zZvOw
+AVYGEiMuLjb38cdwkJ1iASiA3HQ7tEBf/qBtOA4pxPvndGYeJE5Iubvkj57Jp0qb
+xjJ21APFcxsAnqYZWz8drUEj0LhEBj/bMEcYYPcqtTZDOFy+6rjzQQZluKnDOUEL
+J5FUjT7ekUAKLKPMqv1FvOZ6NwoZ2aOnI7pOZA/UOe+wPFF4aFfKfpcT7tcx7XFs
+iFiyirKBq2tjLGYUqcR4U8/kDk0QVeyfGarcDU9UUDSu4cNzZu6h5p3nnVPMOHqW
+lQMfONobxHwQy37Eg58W4f4cMDiOQSa48oMhE4Ai3/VDpwyBn6DYqw9BqisSZZZO
+xw4Fkvvjwg0wGWgkMpgrHaan+ubyjFNcBg6RuXrODm0RDWAR3pzc0bZQzwd8tlYq
+Fsku+bdaHW6VtUFFcSIXAfakFQX0F/99WW+Oy4+QzkA10oXKY9LJeFDBAAwY5mJm
+SPHWrcVo08mjDO5XV642HV7K+1YWZ3l8jA2b22UlU2s6slgz+AO51DV+RONlze/E
+qp25CnKkK8DUmtZ5zjXAGUfm/iA0rrSFAqHsB9xQSx5ht7Hk+EpV3d7FzeVKI0Sl
+V2TCk/SHCKVwNDg53/eXl7zWsY41CBw5L2b6oAvcyuipZJOAloA=
+=oLz2
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-17:10/kldstat.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/advisories.xml
===================================================================
--- head/share/xml/advisories.xml (revision 51200)
+++ head/share/xml/advisories.xml (revision 51201)
@@ -1,4378 +1,4398 @@
$FreeBSD$
2017
+ 11
+
+
+ 15
+
+
+ FreeBSD-SA-17:10.kldstat
+
+
+
+ FreeBSD-SA-17:09.shm
+
+
+
+ FreeBSD-SA-17:08.ptrace
+
+
+
+
+
10
17
FreeBSD-SA-17:07.wpa
8
10
FreeBSD-SA-17:06.openssh
7
12
FreeBSD-SA-17:05.heimdal
4
27
FreeBSD-SA-17:04.ipfilter
12
FreeBSD-SA-17:03.ntp
2
23
FreeBSD-SA-17:02.openssl
1
11
FreeBSD-SA-17:01.openssh
2016
12
22
FreeBSD-SA-16:39.ntp
6
FreeBSD-SA-16:38.bhyve
FreeBSD-SA-16:37.libc
FreeBSD-SA-16:36.telnetd
11
2
FreeBSD-SA-16:35.openssl
FreeBSD-SA-16:34.bind
FreeBSD-SA-16:33.openssh
10
25
FreeBSD-SA-16:32.bhyve
10
FreeBSD-SA-16:31.libarchive
FreeBSD-SA-16:30.portsnap
FreeBSD-SA-16:29.bspatch
FreeBSD-SA-16:28.bind
FreeBSD-SA-16:27.openssl
9
23
FreeBSD-SA-16:26.openssl
7
25
FreeBSD-SA-16:25.bspatch
6
4
FreeBSD-SA-16:24.ntp
5
31
FreeBSD-SA-16:23.libarchive
FreeBSD-SA-16:22.libarchive
FreeBSD-SA-16:21.43bsd
FreeBSD-SA-16:20.linux
17
FreeBSD-SA-16:19.sendmsg
FreeBSD-SA-16:18.atkbd
4
FreeBSD-SA-16:17.openssl
4
29
FreeBSD-SA-16:16.ntp
3
16
FreeBSD-SA-16:15.sysarch
FreeBSD-SA-16:14.openssh
10
FreeBSD-SA-16:13.bind
FreeBSD-SA-16:12.openssl
1
30
FreeBSD-SA-16:11.openssl
27
FreeBSD-SA-16:10.linux
FreeBSD-SA-16:09.ntp
FreeBSD-SA-16:08.bind
14
FreeBSD-SA-16:07.openssh
FreeBSD-SA-16:06.bsnmpd
FreeBSD-SA-16:05.tcp
FreeBSD-SA-16:04.linux
FreeBSD-SA-16:03.linux
FreeBSD-SA-16:02.ntp
FreeBSD-SA-16:01.sctp
2015
12
16
FreeBSD-SA-15:27.bind
6
FreeBSD-SA-15:26.openssl
10
26
FreeBSD-SA-15:25.ntp
9
29
FreeBSD-SA-15:24.rpcbind
2
FreeBSD-SA-15:23.bind
8
25
FreeBSD-SA-15:22.openssh
FreeBSD-SA-15:21.amd64
18
FreeBSD-SA-15:20.expat
5
FreeBSD-SA-15:19.routed
FreeBSD-SA-15:18.bsdpatch
7
28
FreeBSD-SA-15:17.bind
FreeBSD-SA-15:16.openssh
FreeBSD-SA-15:15.tcp
FreeBSD-SA-15:14.bsdpatch
21
FreeBSD-SA-15:13.tcp
9
FreeBSD-SA-15:12.openssl
7
FreeBSD-SA-15:11.bind
6
12
FreeBSD-SA-15:10.openssl
4
7
FreeBSD-SA-15:09.ipv6
FreeBSD-SA-15:08.bsdinstall
FreeBSD-SA-15:07.ntp
3
19
FreeBSD-SA-15:06.openssl
2
25
FreeBSD-SA-15:05.bind
FreeBSD-SA-15:04.igmp
1
27
FreeBSD-SA-15:03.sctp
FreeBSD-SA-15:02.kmem
14
FreeBSD-SA-15:01.openssl
2014
12
23
FreeBSD-SA-14:31.ntp
17
FreeBSD-SA-14:30.unbound
10
FreeBSD-SA-14:29.bind
FreeBSD-SA-14:28.file
FreeBSD-SA-14:27.stdio
11
04
FreeBSD-SA-14:26.ftp
FreeBSD-SA-14:25.setlogin
FreeBSD-SA-14:24.sshd
10
21
FreeBSD-SA-14:23.openssl
FreeBSD-SA-14:22.namei
FreeBSD-SA-14:21.routed
FreeBSD-SA-14:20.rtsold
9
16
FreeBSD-SA-14:19.tcp
9
FreeBSD-SA-14:18.openssl
7
8
FreeBSD-SA-14:17.kmem
6
24
FreeBSD-SA-14:16.file
FreeBSD-SA-14:15.iconv
5
FreeBSD-SA-14:14.openssl
3
FreeBSD-SA-14:13.pam
FreeBSD-SA-14:12.ktrace
FreeBSD-SA-14:11.sendmail
5
13
FreeBSD-SA-14:10.openssl
4
30
FreeBSD-SA-14:09.openssl
FreeBSD-SA-14:08.tcp
FreeBSD-SA-14:07.devfs
08
FreeBSD-SA-14:06.openssl
FreeBSD-SA-14:05.nfsserver
1
14
FreeBSD-SA-14:04.bind
FreeBSD-SA-14:03.openssl
FreeBSD-SA-14:02.ntpd
FreeBSD-SA-14:01.bsnmpd
2013
11
19
FreeBSD-SA-13:14.openssh
9
10
FreeBSD-SA-13:13.nullfs
FreeBSD-SA-13:12.ifioctl
FreeBSD-SA-13:11.sendfile
8
22
FreeBSD-SA-13:10.sctp
FreeBSD-SA-13:09.ip_multicast
7
26
FreeBSD-SA-13:08.nfsserver
FreeBSD-SA-13:07.bind
6
18
FreeBSD-SA-13:06.mmap
4
29
FreeBSD-SA-13:05.nfsserver
2
FreeBSD-SA-13:04.bind
FreeBSD-SA-13:03.openssl
2
19
FreeBSD-SA-13:02.libc
FreeBSD-SA-13:01.bind
2012
11
22
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
8
6
FreeBSD-SA-12:05.bind
6
12
FreeBSD-SA-12:04.sysret
FreeBSD-SA-12:03.bind
5
30
FreeBSD-SA-12:02.crypt
30
FreeBSD-SA-12:01.openssl
2011
12
23
FreeBSD-SA-11:10.pam
FreeBSD-SA-11:09.pam_ssh
FreeBSD-SA-11:08.telnetd
FreeBSD-SA-11:07.chroot
FreeBSD-SA-11:06.bind
9
28
FreeBSD-SA-11:05.unix
FreeBSD-SA-11:04.compress
FreeBSD-SA-11:03.bind
5
28
FreeBSD-SA-11:02.bind
4
20
FreeBSD-SA-11:01.mountd
2010
11
29
FreeBSD-SA-10:10.openssl
10
FreeBSD-SA-10:09.pseudofs
9
20
FreeBSD-SA-10:08.bzip2
7
13
FreeBSD-SA-10:07.mbuf
5
27
FreeBSD-SA-10:06.nfsclient
FreeBSD-SA-10:05.opie
FreeBSD-SA-10:04.jail
1
6
FreeBSD-SA-10:03.zfs
FreeBSD-SA-10:02.ntpd
FreeBSD-SA-10:01.bind
2009
12
3
FreeBSD-SA-09:17.freebsd-update
FreeBSD-SA-09:16.rtld
FreeBSD-SA-09:15.ssl
10
2
FreeBSD-SA-09:14.devfs
FreeBSD-SA-09:13.pipe
7
29
FreeBSD-SA-09:12.bind
6
10
FreeBSD-SA-09:11.ntpd
FreeBSD-SA-09:10.ipv6
FreeBSD-SA-09:09.pipe
4
22
FreeBSD-SA-09:08.openssl
FreeBSD-SA-09:07.libc
3
23
FreeBSD-SA-09:06.ktimer
2
16
FreeBSD-SA-09:05.telnetd
1
13
FreeBSD-SA-09:04.bind
FreeBSD-SA-09:03.ntpd
7
FreeBSD-SA-09:02.openssl
FreeBSD-SA-09:01.lukemftpd
2008
12
23
FreeBSD-SA-08:13.protosw
FreeBSD-SA-08:12.ftpd
11
24
FreeBSD-SA-08:11.arc4random
10
2
FreeBSD-SA-08:10.nd6
9
3
FreeBSD-SA-08:09.icmp6
FreeBSD-SA-08:08.nmount
FreeBSD-SA-08:07.amd64
7
13
FreeBSD-SA-08:06.bind
4
17
FreeBSD-SA-08:05.openssh
2
14
FreeBSD-SA-08:04.ipsec
FreeBSD-SA-08:03.sendfile
1
18
FreeBSD 6.3-RELEASE
14
FreeBSD-SA-08:02.libc
FreeBSD-SA-08:01.pty
2007
11
29
FreeBSD-SA-07:10.gtar
FreeBSD-SA-07:09.random
10
3
FreeBSD-SA-07:08.openssl
8
1
FreeBSD-SA-07:07.bind
FreeBSD-SA-07:06.tcpdump
7
12
FreeBSD-SA-07:05.libarchive
5
23
FreeBSD-SA-07:04.file
4
26
FreeBSD-SA-07:03.ipv6
2
9
FreeBSD-SA-07:02.bind
1
15
FreeBSD 6.2-RELEASE
11
FreeBSD-SA-07:01.jail
2006
12
6
FreeBSD-SA-06:26.gtar
FreeBSD-SA-06:25.kmem
11
8
FreeBSD-SA-06:24.libarchive
9
30
FreeBSD-SA-06:22.openssh
28
FreeBSD-SA-06:23.openssl
19
FreeBSD-SA-06:21.gzip
6
FreeBSD-SA-06:20.bind
FreeBSD-SA-06:19.openssl
8
23
FreeBSD-SA-06:18.ppp
6
14
FreeBSD-SA-06:17.sendmail
5
31
FreeBSD-SA-06:16.smbfs
FreeBSD-SA-06:15.ypserv
25
FreeBSD 5.5-RELEASE
9
FreeBSD 6.1-RELEASE
4
19
FreeBSD-SA-06:14.fpu
3
22
FreeBSD-SA-06:13.sendmail
FreeBSD-SA-06:12.opie
FreeBSD-SA-06:11.ipsec
1
FreeBSD-SA-06:10.nfs
FreeBSD-SA-06:09.openssh
2
1
FreeBSD-SA-06:08.sack
1
25
FreeBSD-SA-06:07.pf
FreeBSD-SA-06:06.kmem
18
FreeBSD-SA-06:05.80211
11
FreeBSD-SA-06:04.ipfw
FreeBSD-SA-06:03.cpio
FreeBSD-SA-06:02.ee
FreeBSD-SA-06:01.texindex
2005
11
4
FreeBSD 6.0-RELEASE
10
11
FreeBSD-SA-05:21.openssl
9
7
FreeBSD-SA-05:20.cvsbug
7
27
FreeBSD-SA-05:19.ipsec
FreeBSD-SA-05:18.zlib
20
FreeBSD-SA-05:17.devfs
6
FreeBSD-SA-05:16.zlib
6
29
FreeBSD-SA-05:15.tcp
FreeBSD-SA-05:14.bzip2
FreeBSD-SA-05:13.ipfw
9
FreeBSD-SA-05:12.bind9
FreeBSD-SA-05:11.gzip
FreeBSD-SA-05:10.tcpdump
5
13
FreeBSD-SA-05:09.htt
9
FreeBSD 5.4-RELEASE
6
FreeBSD-SA-05:08.kmem
FreeBSD-SA-05:07.ldt
FreeBSD-SA-05:06.iir
4
22
FreeBSD-SA-05:05.cvs
15
FreeBSD-SA-05:04.ifconf
6
FreeBSD-SA-05:03.amd64
4
FreeBSD-SA-05:02.sendfile
3
28
FreeBSD-SA-05:01.telnet
1
25
FreeBSD 4.11-RELEASE
2004
12
1
FreeBSD-SA-04:17.procfs
11
18
FreeBSD-SA-04:16.fetch
6
FreeBSD 5.3-RELEASE
10
4
FreeBSD-SA-04:15.syscons
9
19
FreeBSD-SA-04:14.cvs
6
30
FreeBSD-SA-04:13.linux
7
FreeBSD-SA-04:12.jailroute
5
27
FreeBSD 4.10-RELEASE
19
FreeBSD-SA-04:11.msync
19
FreeBSD-SA-04:10.cvs
5
FreeBSD-SA-04:09.kadmind
FreeBSD-SA-04:08.heimdal
4
15
FreeBSD-SA-04:07.cvs
3
29
FreeBSD-SA-04:06.ipv6
17
FreeBSD-SA-04:05.openssl
2
FreeBSD-SA-04:04.tcp
2
26
FreeBSD 5.2.1-RELEASE
25
FreeBSD-SA-04:03.jail
05
FreeBSD-SA-04:02.shmat
1
30
FreeBSD-SA-04:01.mksnap_ffs
12
FreeBSD 5.2-RELEASE
2003
11
28
FreeBSD-SA-03:19.bind
10
27
FreeBSD 4.9-RELEASE
5
FreeBSD-SA-03:15.openssh
3
FreeBSD-SA-03:18.openssl
FreeBSD-SA-03:17.procfs
2
FreeBSD-SA-03:16.filedesc
9
23
FreeBSD-SA-03:14.arp
17
FreeBSD-SA-03:13.sendmail
16
FreeBSD-SA-03:12.openssh
8
26
FreeBSD-SA-03:11.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170
10
FreeBSD-SA-03:10.ibcs2
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164
FreeBSD-SA-03:09.signal
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163
3
FreeBSD-SA-03:08.realpath
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158
6
9
FreeBSD 5.1-RELEASE
4
8
FreeBSD-SN-03:02
7
FreeBSD-SN-03:01
3
FreeBSD 4.8-RELEASE
3
30
FreeBSD-SA-03:07.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122
21
FreeBSD-SA-03:06.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118
20
FreeBSD-SA-03:05.xdr
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117
3
FreeBSD-SA-03:04.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112
2
24
FreeBSD-SA-03:03.syncookies
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106
FreeBSD-SA-03:02.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105
04
FreeBSD-SA-03:01.cvs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100
1
19
FreeBSD 5.0-RELEASE
07
FreeBSD-SA-02:44.filedesc
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090
2002
11
15
FreeBSD-SA-02:43.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084
FreeBSD-SA-02:41.smrsh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082
12
FreeBSD-SA-02:42.resolv
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083
FreeBSD-SA-02:40.kadmind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081
10
10
FreeBSD 4.7-RELEASE
FreeBSD-SN-02:06
9
16
FreeBSD-SA-02:39.libkvm
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051
8
28
FreeBSD-SN-02:05
19
FreeBSD-SA-02:38.signed-error
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041
15
FreeBSD 4.6.2-RELEASE
05
FreeBSD-SA-02:37.kqueue
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033
FreeBSD-SA-02:36.nfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032
FreeBSD-SA-02:35.ffs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031
FreeBSD-SA-02:33.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023
01
FreeBSD-SA-02:34.rpc
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024
7
31
FreeBSD-SA-02:32.pppd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022
15
FreeBSD-SA-02:31.openssh
12
FreeBSD-SA-02:30.ktrace
FreeBSD-SA-02:29.tcpdump
6
26
FreeBSD-SA-02:28.resolv
19
FreeBSD-SN-02:04
15
FreeBSD 4.6-RELEASE
5
29
FreeBSD-SA-02:27.rc
FreeBSD-SA-02:26.accept
28
FreeBSD-SN-02:03
20
FreeBSD-SA-02:25.bzip2
FreeBSD-SA-02:24.k5su
13
FreeBSD-SN-02:02
4
22
FreeBSD-SA-02:23.stdio
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021
18
FreeBSD-SA-02:22.mmap
17
FreeBSD-SA-02:21.tcpip
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980
16
FreeBSD-SA-02:20.syncache
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979
3
30
FreeBSD-SN-02:01
26
FreeBSD-SA-02:19.squid
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960
18
FreeBSD-SA-02:18.zlib
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978
12
FreeBSD-SA-02:17.mod_frontpage
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954
FreeBSD-SA-02:16.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953
FreeBSD-SA-02:15.cyrus-sasl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952
FreeBSD-SA-02:14.pam-pgsql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951
07
FreeBSD-SA-02:13.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945
2
21
FreeBSD-SA-02:12.squid
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938
12
FreeBSD-SA-02:11.snmp
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936
06
FreeBSD-SA-02:10.rsync
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928
FreeBSD-SA-02:09.fstatfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927
1
29
FreeBSD 4.5-RELEASE
24
FreeBSD-SA-02:08.exec
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923
18
FreeBSD-SA-02:07.k5su
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912
16
FreeBSD-SA-02:06.sudo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909
04
FreeBSD-SA-02:05.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894
FreeBSD-SA-02:04.mutt
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893
FreeBSD-SA-02:03.mod_auth_pgsql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892
FreeBSD-SA-02:02.pw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891
FreeBSD-SA-02:01.pkg_add
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898
2001
12
04
FreeBSD-SA-01:64.wu-ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870
02
FreeBSD-SA-01:63.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871
10
08
FreeBSD-SA-01:62.uucp
FreeBSD-SA-01:61.squid
9
24
FreeBSD-SA-01:60.procmail
20
FreeBSD 4.4-RELEASE
04
FreeBSD-SA-01:59.rmuser
8
30
FreeBSD-SA-01:58.lpd
27
FreeBSD-SA-01:57.sendmail
23
FreeBSD-SA-01:56.tcp_wrappers
21
FreeBSD-SA-01:55.procfs
20
FreeBSD-SA-01:54.ports-telnetd
17
FreeBSD-SA-01:53.ipfw
06
FreeBSD-SA-01:52.fragment
7
30
FreeBSD-SA-01:51.openssl
27
FreeBSD-SA-01:50.windowmaker
23
FreeBSD-SA-01:49.telnetd
17
FreeBSD-SA-01:48.tcpdump
10
FreeBSD-SA-01:47.xinetd
FreeBSD-SA-01:46.w3m
FreeBSD-SA-01:45.samba
FreeBSD-SA-01:44.gnupg
FreeBSD-SA-01:43.fetchmail
FreeBSD-SA-01:42.signal
09
FreeBSD-SA-01:41.hanterm
6
04
FreeBSD-SA-01:40.fts
5
02
FreeBSD-SA-01:39.tcp-isn
4
23
FreeBSD-SA-01:38.sudo
FreeBSD-SA-01:37.slrn
FreeBSD-SA-01:36.samba
FreeBSD-SA-01:35.licq
FreeBSD-SA-01:34.hylafax
20
FreeBSD 4.3-RELEASE
17
FreeBSD-SA-01:33.ftpd-glob
16
FreeBSD-SA-01:32.ipfilter
06
FreeBSD-SA-01:31.ntpd
3
22
FreeBSD-SA-01:30.ufs-ext2fs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738
12
FreeBSD-SA-01:29.rwhod
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732
FreeBSD-SA-01:28.timed
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731
FreeBSD-SA-01:27.cfengine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730
FreeBSD-SA-01:26.interbase
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729
FreeBSD-SA-01:23.icecast
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728
2
14
FreeBSD-SA-01:25.kerberosIV
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716
12
FreeBSD-SA-01:24.ssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715
07
FreeBSD-SA-01:22.dc20ctrl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714
FreeBSD-SA-01:21.ja-elvis
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713
FreeBSD-SA-01:20.mars_nwe
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712
FreeBSD-SA-01:19.ja-klock
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707
1
31
FreeBSD-SA-01:18.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706
29
FreeBSD-SA-01:17.exmh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705
FreeBSD-SA-01:16.mysql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704
FreeBSD-SA-01:15.tinyproxy
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703
FreeBSD-SA-01:14.micq
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702
FreeBSD-SA-01:13.sort
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701
FreeBSD-SA-01:12.periodic
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700
FreeBSD-SA-01:11.inetd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699
23
FreeBSD-SA-01:10.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698
FreeBSD-SA-01:09.crontab
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697
FreeBSD-SA-01:08.ipfw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696
FreeBSD-SA-01:07.xfree86
15
FreeBSD-SA-01:06.zope
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669
FreeBSD-SA-01:05.stunnel
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668
FreeBSD-SA-01:04.joe
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667
FreeBSD-SA-01:03.bash1
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666
FreeBSD-SA-01:02.syslog-ng
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665
FreeBSD-SA-01:01.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664
2000
12
20
FreeBSD-SA-00:81.ethereal
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651
FreeBSD-SA-00:80.halflifeserver
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650
FreeBSD-SA-00:79.oops
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649
FreeBSD-SA-00:78.bitchx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648
18
FreeBSD-SA-00:77.procfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647
11
20
FreeBSD-SA-00:76.tcsh-csh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628
FreeBSD-SA-00:75.php
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627
FreeBSD-SA-00:74.gaim
FreeBSD-SA-00:73.thttpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626
FreeBSD-SA-00:72.curl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625
FreeBSD-SA-00:71.mgetty
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624
14
FreeBSD-SA-00:70.ppp-nat
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623
FreeBSD-SA-00:69.telnetd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622
13
FreeBSD-SA-00:68.ncurses
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621
10
FreeBSD-SA-00:67.gnupg
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620
06
FreeBSD-SA-00:66.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619
FreeBSD-SA-00:65.xfce
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618
FreeBSD-SA-00:64.global
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617
01
FreeBSD-SA-00:63.getnameinfo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589
FreeBSD-SA-00:62.top
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616
10
31
FreeBSD-SA-00:61.tcpdump
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615
30
FreeBSD-SA-00:60.boa
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586
FreeBSD-SA-00:59.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585
FreeBSD-SA-00:58.chpass
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584
13
FreeBSD-SA-00:57.muh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570
FreeBSD-SA-00:56.lprng
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569
FreeBSD-SA-00:55.xpdf
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568
FreeBSD-SA-00:54.fingerd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567
06
FreeBSD-SA-00:52.tcp-iss
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561
9
27
FreeBSD-SA-00:53.catopen
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562
13
FreeBSD-SA-00:51.mailman
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550
FreeBSD-SA-00:50.listmanager
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549
FreeBSD-SA-00:49.eject
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548
FreeBSD-SA-00:48.xchat
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547
FreeBSD-SA-00:47.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546
FreeBSD-SA-00:46.screen
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545
8
31
FreeBSD-SA-00:45.esound
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526
28
FreeBSD-SA-00:44.xlock
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523
FreeBSD-SA-00:43.brouted
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520
FreeBSD-SA-00:42.linux
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530
FreeBSD-SA-00:41.elf
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527
FreeBSD-SA-00:40.mopd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521
FreeBSD-SA-00:39.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528
14
FreeBSD-SA-00:38.zope
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525
FreeBSD-SA-00:37.cvsweb
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524
FreeBSD-SA-00:36.ntop
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531
FreeBSD-SA-00:35.proftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522
FreeBSD-SA-00:34.dhclient
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529
7
12
FreeBSD-SA-00:33.kerberosIV
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488
05
FreeBSD-SA-00:32.bitchx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487
FreeBSD-SA-00:31.canna
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486
FreeBSD-SA-00:30.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485
FreeBSD-SA-00:29.wu-ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489
FreeBSD-SA-00:28.majordomo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484
FreeBSD-SA-00:27.XFree86-4
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483
FreeBSD-SA-00:26.popper
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482
FreeBSD-SA-00:24.libedit
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481
6
19
FreeBSD-SA-00:23.ip-options
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480
12
FreeBSD-SA-00:25.alpha-random
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473
07
FreeBSD-SA-00:22.apsfilter
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461
FreeBSD-SA-00:21.ssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459
5
26
FreeBSD-SA-00:20.krb5
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452
23
FreeBSD-SA-00:19.semconfig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451
09
FreeBSD-SA-00:18.gnapster.knapster
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429
FreeBSD-SA-00:17.libmytinfo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442
FreeBSD-SA-00:16.golddig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439
4
24
FreeBSD-SA-00:15.imap-uw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438
FreeBSD-SA-00:14.imap-uw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441
19
FreeBSD-SA-00:13.generic-nqs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437
10
FreeBSD-SA-00:12.healthd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436
FreeBSD-SA-00:11.ircii
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440
3
15
FreeBSD-SA-00:10.orville-write
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408
FreeBSD-SA-00:09.mtr
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408
FreeBSD-SA-00:08.lynx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407
FreeBSD-SA-00:07.mh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411
01
FreeBSD-SA-00:06.htdig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403
2
28
FreeBSD-SA-00:05.mysql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402
19
FreeBSD-SA-00:04.delegate
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392
FreeBSD-SA-00:03.asmon
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391
1
24
FreeBSD-SA-00:02.procfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380
19
FreeBSD-SA-00:01.make
1999
9
16
FreeBSD-SA-99:06.amd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318
15
FreeBSD-SA-99:05.fts
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313
FreeBSD-SA-99:04.core
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312
05
FreeBSD-SA-99:03.ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311
04
FreeBSD-SA-99:02.profil
FreeBSD-SA-99:01.chflags
1998
11
04
FreeBSD-SA-98:08.fragment
10
13
FreeBSD-SA-98:07.rst
6
10
FreeBSD-SA-98:06.icmp
04
FreeBSD-SA-98:05.nfs
02
FreeBSD-SA-98:04.mmap
5
14
FreeBSD-SA-98:03.ttcp
3
12
FreeBSD-SA-98:02.mmap
1997
12
09
FreeBSD-SA-97:06.f00f
01
FreeBSD-SA-98:01.land
10
29
FreeBSD-SA-97:05.open
8
19
FreeBSD-SA-97:04.procfs
4
07
FreeBSD-SA-97:03.sysinstall
3
26
FreeBSD-SA-97:02.lpd
2
05
FreeBSD-SA-97:01.setlocale
1
18
FreeBSD-SA-96:21.talkd
1996
12
16
FreeBSD-SA-96:20.stack-overflow
10
FreeBSD-SA-96:19.modstat
11
25
FreeBSD-SA-96:18.lpr
7
16
FreeBSD-SA-96:17.rzsz
12
FreeBSD-SA-96:16.rdist
04
FreeBSD-SA-96:15.ppp
6
28
FreeBSD-SA-96:12.perl
24
FreeBSD-SA-96:14.ipfw
05
FreeBSD-SA-96:13.comsat
5
21
FreeBSD-SA-96:11.man
17
FreeBSD-SA-96:10.mount_union
FreeBSD-SA-96:09.vfsload
4
22
FreeBSD-SA-96:02.apache
21
FreeBSD-SA-96:08.syslog
FreeBSD-SA-96:01.sliplogin
20
FreeBSD-SA-96:03.sendmail-suggestion