Index: head/share/security/advisories/FreeBSD-SA-18:08.tcp.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-18:08.tcp.asc	(revision 52126)
+++ head/share/security/advisories/FreeBSD-SA-18:08.tcp.asc	(revision 52127)
@@ -1,168 +1,187 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
 =============================================================================
 FreeBSD-SA-18:08.tcp                                        Security Advisory
                                                           The FreeBSD Project
 
 Topic:          Resource exhaustion in TCP reassembly 
 
 Category:       core
 Module:         inet
 Announced:      2018-08-06
 Credits:        Juha-Matti Tilli <juha-matti.tilli@iki.fi> from
                 Aalto University, Department of Communications and Networking
                 and Nokia Bell Labs
 Affects:        All supported versions of FreeBSD.
 Corrected:      2018-08-06 18:46:09 UTC (stable/11, 11.1-STABLE)
-                2018-08-06 17:47:47 UTC (releng/11.2, 11.2-RELEASE-p1)
-                2018-08-06 17:48:46 UTC (releng/11.1, 11.1-RELEASE-p12)
+                2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2)
+                2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13)
                 2018-08-06 18:47:03 UTC (stable/10, 10.4-STABLE)
-                2018-08-06 17:50:40 UTC (releng/10.4, 10.4-RELEASE-p10)
+                2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11)
 CVE Name:       CVE-2018-6922
 
 For general information regarding FreeBSD Security Advisories,
 including descriptions of the fields above, security branches, and the
 following sections, please visit <URL:https://security.FreeBSD.org/>.
 
+
+0.   Revision history
+
+v1.0   2018-08-06  Initial release.
+v1.1   2018-08-14  Fixed documentation date in manual pages.
+
 I.   Background
 
 The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
 provides a connection-oriented, reliable, sequence-preserving data
 stream service.
 
 To transmit a stream of data, TCP breaks the data stream into segments
 for transmission through the Internet, and reassembles the segments at
 the receiving side to recreate the data stream.
 
 II.  Problem Description
 
 One of the data structures that holds TCP segments uses an inefficient
 algorithm to reassemble the data. This causes the CPU time spent on
 segment processing to grow linearly with the number of segments in the
 reassembly queue.
 
 III. Impact
 
 An attacker who has the ability to send TCP traffic to a victim system
 can degrade the victim system's network performance and/or consume
 excessive CPU by exploiting the inefficiency of TCP reassembly
 handling, with relatively small bandwidth cost.
 
 IV.  Workaround
 
 As a workaround, system administrators should configure their systems
 to only accept TCP connections from trusted end-stations, if it is
 possible to do so.
 
 For systems which must accept TCP connections from untrusted
 end-stations, the workaround is to limit the size of each reassembly
 queue. The capability to do that is added by the patches noted in the
 "Solution" section below.
 
 V.   Solution
 
 As a temporary solution to this problem, these patches limit the size
 of each TCP connection's reassembly queue. The value is controlled by
 a sysctl (net.inet.tcp.reass.maxqueuelen), which sets the maximum
 number of TCP segments that can be outstanding on a session's
 reassembly queue. This value defaults to 100.
 
 Note that setting this value too low could impact the throughput of
 TCP connections which experience significant loss or
 reordering. However, the higher this number is set, the more resources
 can be consumed on TCP reassembly processing.
 
 Perform one of the following:
 
 1) Upgrade your vulnerable system to a supported FreeBSD stable or
 release / security branch (releng) dated after the correction date.
 
 Afterward, reboot the system.
 
 2) To update your vulnerable system via a binary patch:
 
 Systems running a RELEASE version of FreeBSD on the i386 or amd64
 platforms can be updated via the freebsd-update(8) utility:
 
 # freebsd-update fetch
 # freebsd-update install
 
 Afterward, reboot the system.
 
 3) To update your vulnerable system via a source code patch:
 
 The following patches have been verified to apply to the applicable
 FreeBSD release branches.
 
 a) Download the relevant patch from the location below, and verify the
 detached PGP signature using your PGP utility.
 
 [FreeBSD 10.4]
 # fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-10.patch
 # fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-10.patch.asc
 # gpg --verify tcp-10.patch.asc
 
 [FreeBSD 11.x]
 # fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-11.patch
 # fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-11.patch.asc
 # gpg --verify tcp-11.patch.asc
 
+[*** v1.1 NOTE ***] Patchsets are provided for completeness, it have
+little impact to runtime behavior.
+
+[FreeBSD 10.4]
+# fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-man-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-man-10.patch.asc
+# gpg --verify tcp-man-10.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-man-11.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:08/tcp-man-11.patch.asc
+# gpg --verify tcp-man-11.patch.asc
+
 b) Apply the patch.  Execute the following commands as root:
 
 # cd /usr/src
 # patch < /path/to/patch
 
 c) Recompile your kernel as described in
 <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
 system.
 
 VI.  Correction details
 
 The following list contains the correction revision numbers for each
 affected branch.
 
 Branch/path                                                      Revision
 - -------------------------------------------------------------------------
 stable/10/                                                        r337392
-releng/10.4/                                                      r337389
+releng/10.4/                                                      r337832
 stable/11/                                                        r337391
-releng/11.1/                                                      r337388
-releng/11.2/                                                      r337387
+releng/11.1/                                                      r337828
+releng/11.2/                                                      r337828
 - -------------------------------------------------------------------------
 
 To see which files were modified by a particular revision, run the
 following command, replacing NNNNNN with the revision number, on a
 machine with Subversion installed:
 
 # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
 
 Or visit the following URL, replacing NNNNNN with the revision number:
 
 <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
 
 VII. References
 
 <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6922>
 
 <URL:https://www.kb.cert.org/vuls/id/962459>
 
 The latest revision of this advisory is available at
 <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:08.tcp.asc>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.2.9 (FreeBSD)
 
-iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltosd4ACgkQ05eS9J6n
-5cKLRRAApitUTx46nToGtbCr/fzEZtYpjU0L/kMDwFw8ngfrb3MR4yht087t8JK1
-jZlbeKRQwYjN+ecLrO3QdWoM4LavQK/cYuWq2tCpJiwqXK15rDJGBJjlBiAsmupF
-fGGSD2DcJ/Jz7zTKDkjybCh83QGGTt/HBZRYLc85ipJPHgPQQtnD/OLjFK34Lr45
-vEss9AAkBEe4ZWiSltrQYzqMYf8+sCz/OYP+NGluz4eUjuzKogqyLIAA29auqoNp
-UY5tIUhf8dcB9oeARxWlvmxTKSLB5kevF5jsBzxB8Ap1xUfLFip02h6ApL0xuWz2
-ouX/gN8KBgmJoNIP+GbBY29sQCEY0GTIR9q/dO1ZB3CePJFQsvWjtNeBBjIK66On
-xJSSrUXDPANfcePbnCN9JdsclSEJ0+EBYol3hSWVY8bX3OMcOZw1wRXXCwN0T3of
-QQwbuP0ORt5OdsOObwaxDJEWLEma7N2swWF5YR0oQl0+ETvkIsqFilsTlY6qEB/L
-WG9G1Y9uVn++AJs7HzI+vKVEhhwtJep+7ks28sH5J0LQiUGYfwRACYfVLgi6iXNV
-YKPB4hUFd2d8QaYWdgU92YBJWrR8bqyDdetifMEG5tP+TFCeNCh6SMpRnL7Lzns+
-hkZiRHJeIT7tGu77xZknFI6ghDHOdemtZ/QiL0NsrM05spWkdIA=
-=HNsD
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztakACgkQ05eS9J6n
+5cLN1A//XMCorSih94rs9zvkRPj8g3eN4es5QD9QzI9IwLlfK8DTvtMM9XUKsNT2
+vxgJK8Mnl6N5NddRyiV8o0CioRQF+cmN4cnMhf0LRN6Rv0PqWpsbuuRdWgVtm/aV
+yHNEvnY32RbaZ6YQWmAhG9b+7JztWCpv2MawIaIdy6QFWmHV50ElDj5k1QBHauDd
+2+P3u3+ohbXNMAZGQjIMQwxIgU7BRTVKASa/GzkPSCwQHFabbtm7aL/jEhzySfdl
+bA6ZsMPhr0QqLORKqt8kAUzzFgpVdSRLCa+a8H9phi3CqPDEzGCDdseiCw4mJ+VU
+EhFu616EKw7V9G7FXpnK3Z+E0aHe6UYlf4swUzXluWJrtO/n5bD++ObZaSUOPH0l
+arcOUe8S5dnHiZ8Gg9BqtT6nKQMPXHgGh8W3U53CPt0USJsUWMPd0GPVYt2QnbkX
+27leNs7e1+Njes4PuhOJ+wunn1iye+eTVilqaGkuFC+YKiOJVs9pNJovBTalTsfB
+XqQO52DesrJ/C0xo3AaaNGfNB4JhG3rqR2tPiqubNQcEIocTJ7LkGy0lKXiDbIra
+UA7fDszAG5l5RSyRtgQ4QPd+EzvYguX1vccFGqItDX9aZdQDspnnViKl/FJNzb19
+p9fEa+ZVjV65N836RhCtRx7allqhTAX4yQFXIrUiwQ3ssLNAx1s=
+=sl/Z
 -----END PGP SIGNATURE-----
Index: head/share/security/advisories/FreeBSD-SA-18:09.l1tf.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-18:09.l1tf.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-18:09.l1tf.asc	(revision 52127)
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-18:09.l1tf                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          L1 Terminal Fault (L1TF) Kernel Information Disclosure
+
+Category:       core
+Module:         Kernel
+Announced:      2018-08-14
+Affects:        All supported versions of FreeBSD.
+Corrected:      2018-08-14 17:51:12 UTC (stable/11, 11.1-STABLE)
+                2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2)
+                2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13)
+CVE Name:       CVE-2018-3620, CVE-2018-3646
+
+Special Note:   Speculative execution vulnerability mitigation remains a work
+                in progress.  This advisory addresses the issue in FreeBSD
+                11.1 and later.  We expect to update this advisory to include
+                10.4 at a later time.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+When a program accesses data in memory via a logical address it is translated
+to a physical address in RAM by the CPU.  Accessing an unmapped logical
+address results in what is known as a terminal fault.
+
+II.  Problem Description
+
+On certain Intel 64-bit x86 systems there is a period of time during terminal
+fault handling where the CPU may use speculative execution to try to load
+data.  The CPU may speculatively access the level 1 data cache (L1D).  Data
+which would otherwise be protected may then be determined by using side
+channel methods.
+
+This issue affects bhyve on FreeBSD/amd64 systems.
+
+III. Impact
+
+An attacker executing user code, or kernel code inside of a virtual machine,
+may be able to read secret data from the kernel or from another virtual
+machine.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch.asc
+# gpg --verify l1tf-11.2.patch.asc
+
+[FreeBSD 11.1]
+# fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch.asc
+# gpg --verify l1tf-11.1.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+CVE-2018-3620 (L1 Terminal Fault-OS)
+- ------------------------------------
+FreeBSD reserves the the memory page at physical address 0, so it will not
+contain secret data.  FreeBSD zeros the paging data structures for unmapped
+addresses, so that speculatively executed L1 Terminal Faults will access only
+the reserved, unused page.
+
+CVE-2018-3646 (L1 Terminal Fault-VMM)
+- -------------------------------------
+Patched systems flush the L1 data cache prior to guest entry, so that there
+is no secret data in cache for a terminal fault (from the the guest) to
+access.
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r337794
+releng/11.1/                                                      r337828
+releng/11.2/                                                      r337828
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+More information on L1 Terminal Fault is available at:
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646>
+
+<URL:https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault>
+
+<URL:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html>
+
+The FreeBSD Security Team thanks Intel for disclosing the issue.
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztc8ACgkQ05eS9J6n
+5cLwEhAAos2Bnilthrbd+uQr1IGASD96aZZ5iXvn1Ibls03Vtd0kG9EcU30gFVG0
+HSg47qT7r5qJQUdhuSYxspgS9ZxXpRez1vnAz7cSGHL9FdecyfHWmHvGor5tz84/
+CgX4jCCAZfqDBquYD+ioqiLX7p1ZTRKfHBQOHcGgMfMq8UQUsg1YriXabEqnavU6
+W0h/eCGBo/Dbvl7004Gx0hKmDO2YQxt9aPWfInXWx1VOMf+wNWpcrvU6rJ4kOnL9
+7BXi+c5+vwlVXDvjrTwP9X+9DDa0MJcMoy2JCyCa/0W7lQ9nADLfUiXLsTvLDo6V
+6/sooFbqlO+Qz37XHlXOXaoVGZGw+NtJRcnD+w8ueP9ts02SsECoxofN8tPOzGsT
+T285qAwv8D8uuBLU3dc9y+assEe3j/4Aqb1Eil6Eh1MsHypEvyN5z9+PIpbN2tWK
+qqCtzgqx037Jvjo6DwjwMUd+DikObGjZyK4pwP8KIeccOIBrUAA1Xel7Xr74xuwq
+LwqtcHb2MWeFD0Mw+oW9viuJKrxyu6aiQfU6FsuGVmHjtXGxi+aWyGQqed+q8FcU
+w/J6fq4kmBVVqNNrAMc/bWKU3IXAj4c48H0CSiCoX4dE4waRQ+cEetKkSWVGYnXj
+3QdoyPsiqo8Goo34Cn0Ipf9GWDeNVv32iz0fXtr4LtoVZKCx9oc=
+=G5SD
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-18:09.l1tf.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-18:10.ip.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-18:10.ip.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-18:10.ip.asc	(revision 52127)
@@ -0,0 +1,172 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-18:10.ip                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Resource exhaustion in IP fragment reassembly
+
+Category:       core
+Module:         inet
+Announced:      2018-08-14
+Credits:        Juha-Matti Tilli <juha-matti.tilli@iki.fi> from
+                Aalto University, Department of Communications and Networking
+                and Nokia Bell Labs
+Affects:        All supported versions of FreeBSD.
+Corrected:      2018-08-14 18:17:05 UTC (stable/11, 11.1-STABLE)
+                2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2)
+                2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13)
+CVE Name:       CVE-2018-6923
+
+Special note:   Due to source code differences in FreeBSD 10-stable a patch
+                is not yet available for FreeBSD 10.4.  This will follow at
+                a later date.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The Internet Protocol (IP) version 4 (IPv4) allows fragmentation of
+packets which are too big to traverse all the links between two end
+stations. Any router along the path between two end hosts may fragment
+packets which are larger than a link's maximum transmission unit
+(MTU). FreeBSD's implementation of some IPv4 protocols (such as the
+Transmission Control Protocol [TCP]) perform path MTU discovery to
+avoid the need for fragmentation.
+
+IP version 6 (IPv6) retains the concept of packet fragmentation. It
+changed the fragmentation operation to require that the originating
+end-system perform path MTU discovery and fragment packets which are
+too large for any MTU along the path between two end systems.
+
+While all hosts attached to the Internet are required to support
+fragmentation and reassembly, many hosts will encounter very few
+legitimate fragmented packets due to the operation of path MTU discovery.
+
+II.  Problem Description
+
+A researcher has notified us of a DoS attack applicable to another
+operating system. While FreeBSD may not be vulnerable to that exact
+attack, we have identified several places where inadequate DoS protection
+could allow an attacker to consume system resources.
+
+It is not necessary that the attacker be able to establish two-way
+communication to carry out these attacks. These attacks impact both
+IPv4 and IPv6 fragment reassembly.
+
+III. Impact
+
+In the worst case, an attacker could send a stream of crafted
+fragments with a low packet rate which would consume a substantial
+amount of CPU.
+
+Other attack vectors allow an attacker to send a stream of crafted
+fragments which could consume a large amount of CPU or all available
+mbuf clusters on the system.
+
+These attacks could temporarily render a system unreachable through
+network interfaces or temporarily render a system unresponsive. The
+effects of the attack should clear within 60 seconds after the attack stops.
+
+IV.  Workaround
+
+Disable fragment reassembly, using these commands:
+ % sysctl net.inet.ip.maxfragpackets=0
+ % sysctl net.inet6.ip6.maxfrags=0
+
+On systems compiled with VIMAGE, these sysctls will need to be
+executed for each VNET.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release or
+security branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+Afterward, reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-18:10/ip.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:10/ip.patch.asc
+# gpg --verify ip.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r337804
+releng/11.1/                                                      r337828
+releng/11.2/                                                      r337828
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.kb.cert.org/vuls/id/641765>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6923>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:10.ip.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztekACgkQ05eS9J6n
+5cJekQ/+PAOPGiPwpafBGuxwZVOaB3JloxJATPzg8z7PE7lvvo6I4pdwP0wq7ruJ
+vRejKXJPDPkDcNziyhB+QdhTXt3O1OAvow9n89nNKiLYX44+C2igTSbHGVe7lIFN
+NHvzGSJsdaPnm9qdvD3R7ZWT4vkNvoDiDiNChBSw829ZyGgLe1wNOOqQvsqVlwQt
+1p0ikLHv30wbSX5KlSkLUSYA66pwcEd8eZFM43pwOZw9eIhcggAhufjTWdgnIBZA
+ZYiMqUi/7ZydO2YW55cVa290tP8JGf6PynmYwBJWTGInz2RlM18TyBcWILewgXic
+PM7jJ75thqd26BcPCh44toZWT8A7EYYiZ6iieLfAaQD7R6zqkeVwT39kV50YYRmW
+tA3jmTKhJ1B0AXQbkh3QZw8cfgIOMYzcbjy4MCcBS3XbehRuT58Jvc8nFFsrypuE
+FF4O3GtqFBKJUrcCJZF0VR0CvU7GUxTeYmS/9dNfQMJlEouFdPatn2jJwTfkiu0O
+I1NlDHA6jriZxepaSa+zxqF86pxNvTI5gRouWwMdevtEPVZGBF8A+DDA5fk1wcdS
+dEV4jcxcg1LH+EPBItYTh7seYYPodFdSyu5X/hLGBo/4XyA4Mb3xIjct74nKr0qx
+bPR3y53fV9+4JWazgO0bIlMG8XVH4go8Rh9n0IKdqv8xwdLVo3w=
+=ddfE
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-18:10.ip.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc	(revision 52127)
@@ -0,0 +1,159 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-18:11.hostapd                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Unauthenticated EAPOL-Key Decryption Vulnerability
+
+Category:       contrib
+Module:         wpa
+Announced:      2018-08-14
+Credits:        Mathy Vanhoef of the imec-DistriNet research group of
+                KU Leuven
+Affects:        All supported versions of FreeBSD.
+Corrected:      2018-08-15 05:03:54 UTC (stable/11, 11.1-STABLE)
+                2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2)
+                2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13)
+                2018-08-15 05:05:02 UTC (stable/10, 10.4-STABLE)
+                2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11)
+CVE Name:       CVE-2018-14526
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The wpa_supplicant(8) utility is a client (supplicant) with support for WPA
+and WPA2 (IEEE 802.11i / RSN).  It is suitable for both desktop and laptop
+computers as well as embedded systems.  Supplicant is the IEEE 802.1X/WPA
+component that is used in the client stations.  It implements key negotiation
+with a WPA Authenticator and it controls the roaming and IEEE 802.11
+authentication/association of the wlan(4) driver.
+
+The wpa_supplicant(8) utility is designed to be a "daemon" program that runs
+in the background and acts as the backend component controlling the wireless
+connection.  The wpa_supplicant(8) utility supports separate frontend programs
+and a text-based frontend (wpa_cli(8)) and a GUI (wpa_gui) are included with
+wpa_supplicant(8).
+
+II.  Problem Description
+
+When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC
+flag set, the data field was decrypted first without verifying the MIC.  When
+the dta field was encrypted using RC4, for example, when negotiating TKIP as
+a pairwise cipher, the unauthenticated but decrypted data was subsequently
+processed.  This opened wpa_supplicant(8) to abuse by decryption and recovery
+of sensitive information contained in EAPOL-Key messages.
+
+See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
+for a detailed description of the bug.
+
+III. Impact
+
+All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for
+example, the group key.
+
+IV.  Workaround
+
+Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks in
+wpa_supplicant.conf(5) by changing 'pairwise=CCMP TKIP' to 'pariwise=CCMP'.
+
+This can also be mitigated by removing TKIP as a cipher on the AP.
+
+Systems and users who do not use WPA2 TKIP are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd.patch.asc
+# gpg --verify hostapd.patch.asc
+
+[FreeBSD 10.4]
+# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:11/hostapd-10.patch.asc
+# gpg --verify hostapd-10.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r337832
+releng/10.4/                                                      r337829
+stable/11/                                                        r337831
+releng/11.1/                                                      r337828
+releng/11.2/                                                      r337828
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.hostapd.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztf8ACgkQ05eS9J6n
+5cJ2kRAAiuef2NM6sG/OJhjIi3zTNZRTmO2S7BcaD8w7RDmH0rp1XPzTRs8CyWxo
+zLfoubOwIucS1nQGHHYhwTYSXw7lFvGWbebuzhNcEUOc8a1TrpLlyinqF8KDgfNd
+RSkTR1OTF91BEjlYKjuIFKUZ6OxUCpgUrprneEyn5wV/0eLkRv3VNqUuAwkTqU/i
+X7pnFd2BXPpvKTatefpGjnYmo3j3oJSiQeXcPM9zgcm6n9ZD+KiC48vdvbZGmERt
+HsMzUy0Z+OehKMJ+RvemWTiEwEFO7BK/FFgGH8LAgrwd0xff2RDU7S0NeCd+p76g
+y98aUg0WF6RqHXU/xHeHpljHxzrWP3Msb56NqB+phFuEKvVoVimGL54P6/sBSbq+
+eACFcTUcf88MLry41zKBchSmekzSdzeV1S6kQGG74W7DfYY/UdF/4ves/eNqO13l
+J5PjjusPn5IS+IP1omA6imJNHoEUrKR4ZW6KXZEfF7NdtcLGRebrAGySdqD0jHPP
+23fkVQRmEL23fwtlONxNhvrF/oA09/oHS++MUEUxF6b6BRyq0sQ/aBXU5GpoI8VQ
+5nDcASCloson18oA91T125bwD1bt6yLeTaFWhRJj6eeEI5HcJchZ9m1kGflNxEO9
+vM6bvIEPmF1IcR304i1os2JMgWHOAtOKxlsZpnwGs9U0qJu9/nw=
+=34YE
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-18:11.hostapd.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:08/tcp-man-10.patch
===================================================================
--- head/share/security/patches/SA-18:08/tcp-man-10.patch	(nonexistent)
+++ head/share/security/patches/SA-18:08/tcp-man-10.patch	(revision 52127)
@@ -0,0 +1,11 @@
+--- share/man/man4/tcp.4.orig
++++ share/man/man4/tcp.4
+@@ -38,7 +38,7 @@
+ .\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
+ .\" $FreeBSD$
+ .\"
+-.Dd October 13, 2014
++.Dd August 6, 2018
+ .Dt TCP 4
+ .Os
+ .Sh NAME

Property changes on: head/share/security/patches/SA-18:08/tcp-man-10.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:08/tcp-man-10.patch.asc
===================================================================
--- head/share/security/patches/SA-18:08/tcp-man-10.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:08/tcp-man-10.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztboACgkQ05eS9J6n
+5cJtEQ/8CDdSUbL4aWI2tt1NTAxMoLirMte4r4oR6R3L3prOQWzqKc8m2KV73pgI
+5hSAbcyW8pINgJ4gIX8FwXd+g1bfiz/9Fq7J7IEeZHbNPUo150NCsHC8LPG4oupz
+6UmjGybX/J4nBrKMVqC88p7sWeukvCQm2d8fcKJQgUPQ8d9lgjRFn2MeaKEGR36j
+rhQRK0GSQC7PLgsxzmHAnPtMBqnBNxP9GAyv/O+GX4pAX4PVf6GevQZMYMMPZYNE
+yC8vOclIBuSuOlXaEtanCB7w3WT4M+x6VUwM8NSTq30uQe3NMUvzbzlv+YE2xx0Q
+3XYncGma86rL0FqrqcgLZLoWHJAubqlxonCJNSNXS0o8I77njPffkKx1nDFtpUt2
+IdIleTaltinZXq1mAoPqtrt/nOa9x1C4hihvrIStIYAi/0rLdB8rCGJgMjD8twG7
+W7GUTJxDz2F/dp/y3zomwg69cjdXadh8JWHoPwscPObFhWUml3/WnPLw8iw0ae4A
+TE8+npZUir8zbbxevcZrQxZA/FasfVIEZJytBkIs6z9t+bxa6stBeR/tWU1qgYPx
+oSebDN09tpb3Qzb8uUKNHjuF9La6BXmstjzuh8F/FgPqfImIGQaTkvb0/jcZtvJt
+GatGGPBnZCJWZvy5wvHkNYbUxO81A6dvBJd0kYbS8Q4vYLrzjHo=
+=tsh3
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:08/tcp-man-10.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:08/tcp-man-11.patch
===================================================================
--- head/share/security/patches/SA-18:08/tcp-man-11.patch	(nonexistent)
+++ head/share/security/patches/SA-18:08/tcp-man-11.patch	(revision 52127)
@@ -0,0 +1,11 @@
+--- share/man/man4/tcp.4.orig
++++ share/man/man4/tcp.4
+@@ -34,7 +34,7 @@
+ .\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
+ .\" $FreeBSD$
+ .\"
+-.Dd February 6, 2017
++.Dd August 6, 2018
+ .Dt TCP 4
+ .Os
+ .Sh NAME

Property changes on: head/share/security/patches/SA-18:08/tcp-man-11.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:08/tcp-man-11.patch.asc
===================================================================
--- head/share/security/patches/SA-18:08/tcp-man-11.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:08/tcp-man-11.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztbgACgkQ05eS9J6n
+5cJfvA//VV3j4T6xmYhMFYQ9fzExzBAfzmJjhmVeeAS/JBrKcHhsZgVuIk1E7CD/
+U1hqrlnwlPgG76UNe3tsXaDxhhYOFo4jH3COwE6zXJaXjDDv0H3rfc3TjbJD22fw
+ktz0P2P9DP0uxb1M2f73yrVvQokPlI5cWQ4yQa0MCyVWNUtCKJPIzK27hupjNo7L
+sDepUOR7809n2vHD1uXrkwAi4OfMYLkxDtf0Yt31EJ8+/ZeL8qg6caP2QPElAnws
+3P45z/SqVg3ygmBR9WhF0UK98a7FuyDI79/KZSMBIAOkl7nwe09HZjjvFNYlXnPq
+l7duHMVcC87VhZ0IaNQ1fEDIcyyXws7pVQpWNuA6HGOjLFYSGrJWCzek/yPsTO+S
+m631sRGWs/YyyY49S1D5P/6MaAGT2WjOnSX3q8wy+2WkKDPdQSlj85MZvRKKXY5u
+5KgvqWH6w/hxtHHDE+9Bk8dDfW7aHBGSy/lV5I2VorgE3dyp1vWTMuOacWeMJqhN
+twzlLEn7QCZgkEocb6rqK+fVuG3Sx+QJPa8pKBj3LgsnHTd8mJRcWWtzG50LvNcO
+orzUHwYht0gWrSfsfsS5OXfMUrOeEfpxtAB0FYh+2Sr+1jEtaAqBA4S9yHUnNUtS
+jLcoPClf+s4FVvm1khHLihhKHp/BMFoha8zeQKudrod4UNxSQxM=
+=r2Sc
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:08/tcp-man-11.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:09/l1tf-11.1.patch
===================================================================
--- head/share/security/patches/SA-18:09/l1tf-11.1.patch	(nonexistent)
+++ head/share/security/patches/SA-18:09/l1tf-11.1.patch	(revision 52127)
@@ -0,0 +1,213 @@
+--- sys/amd64/amd64/pmap.c.orig
++++ sys/amd64/amd64/pmap.c
+@@ -1206,6 +1206,9 @@
+ 	vm_size_t s;
+ 	int error, i, pv_npg;
+ 
++	/* L1TF, reserve page @0 unconditionally */
++	vm_page_blacklist_add(0, bootverbose);
++
+ 	/*
+ 	 * Initialize the vm page array entries for the kernel pmap's
+ 	 * page table pages.
+--- sys/amd64/vmm/intel/vmx.c.orig
++++ sys/amd64/vmm/intel/vmx.c
+@@ -183,6 +183,12 @@
+ SYSCTL_UINT(_hw_vmm_vmx, OID_AUTO, vpid_alloc_failed, CTLFLAG_RD,
+ 	    &vpid_alloc_failed, 0, NULL);
+ 
++static int guest_l1d_flush;
++SYSCTL_INT(_hw_vmm_vmx, OID_AUTO, l1d_flush, CTLFLAG_RD,
++    &guest_l1d_flush, 0, NULL);
++
++uint64_t vmx_msr_flush_cmd;
++
+ /*
+  * Use the last page below 4GB as the APIC access address. This address is
+  * occupied by the boot firmware so it is guaranteed that it will not conflict
+@@ -718,6 +724,12 @@
+ 		return (error);
+ 	}
+ 
++	guest_l1d_flush = (cpu_ia32_arch_caps & IA32_ARCH_CAP_RDCL_NO) == 0;
++	TUNABLE_INT_FETCH("hw.vmm.l1d_flush", &guest_l1d_flush);
++	if (guest_l1d_flush &&
++	    (cpu_stdext_feature3 & CPUID_STDEXT3_L1D_FLUSH) != 0)
++		vmx_msr_flush_cmd = IA32_FLUSH_CMD_L1D;
++
+ 	/*
+ 	 * Stash the cr0 and cr4 bits that must be fixed to 0 or 1
+ 	 */
+--- sys/amd64/vmm/intel/vmx_genassym.c.orig
++++ sys/amd64/vmm/intel/vmx_genassym.c
+@@ -36,6 +36,7 @@
+ 
+ #include <vm/vm.h>
+ #include <vm/pmap.h>
++#include <vm/vm_param.h>
+ 
+ #include <machine/vmm.h>
+ #include "vmx_cpufunc.h"
+@@ -86,3 +87,6 @@
+ 
+ ASSYM(KERNEL_SS, GSEL(GDATA_SEL, SEL_KPL));
+ ASSYM(KERNEL_CS, GSEL(GCODE_SEL, SEL_KPL));
++
++ASSYM(PAGE_SIZE, PAGE_SIZE);
++ASSYM(KERNBASE, KERNBASE);
+--- sys/amd64/vmm/intel/vmx_support.S.orig
++++ sys/amd64/vmm/intel/vmx_support.S
+@@ -28,6 +28,7 @@
+  */
+ 
+ #include <machine/asmacros.h>
++#include <machine/specialreg.h>
+ 
+ #include "vmx_assym.h"
+ 
+@@ -136,9 +137,47 @@
+ 	jbe	invept_error		/* Check invept instruction error */
+ 
+ guest_restore:
+-	cmpl	$0, %edx
++
++	/*
++	 * Flush L1D cache if requested.  Use IA32_FLUSH_CMD MSR if available,
++	 * otherwise load enough of the data from the zero_region to flush
++	 * existing L1D content.
++	 */
++#define	L1D_FLUSH_SIZE	(64 * 1024)
++	movl	%edx, %r8d
++	cmpb	$0, guest_l1d_flush(%rip)
++	je	after_l1d
++	movq	vmx_msr_flush_cmd(%rip), %rax
++	testq	%rax, %rax
++	jz	1f
++	movq	%rax, %rdx
++	shrq	$32, %rdx
++	movl	$MSR_IA32_FLUSH_CMD, %ecx
++	wrmsr
++	jmp	after_l1d
++1:	movq	$KERNBASE, %r9
++	movq	$-L1D_FLUSH_SIZE, %rcx
++	/*
++	 * pass 1: Preload TLB.
++	 * Kernel text is mapped using superpages.  TLB preload is
++	 * done for the benefit of older CPUs which split 2M page
++	 * into 4k TLB entries.
++	 */
++2:	movb	L1D_FLUSH_SIZE(%r9, %rcx), %al
++	addq	$PAGE_SIZE, %rcx
++	jne	2b
++	xorl	%eax, %eax
++	cpuid
++	movq	$-L1D_FLUSH_SIZE, %rcx
++	/* pass 2: Read each cache line */
++3:	movb	L1D_FLUSH_SIZE(%r9, %rcx), %al
++	addq	$64, %rcx
++	jne	3b
++	lfence
++#undef	L1D_FLUSH_SIZE
++after_l1d:
++	cmpl	$0, %r8d
+ 	je	do_launch
+-
+ 	VMX_GUEST_RESTORE
+ 	vmresume
+ 	/*
+--- sys/vm/vm_page.c.orig
++++ sys/vm/vm_page.c
+@@ -290,6 +290,27 @@
+ 	return (0);
+ }
+ 
++bool
++vm_page_blacklist_add(vm_paddr_t pa, bool verbose)
++{
++	vm_page_t m;
++	int ret;
++
++	m = vm_phys_paddr_to_vm_page(pa);
++	if (m == NULL)
++		return (true); /* page does not exist, no failure */
++
++	mtx_lock(&vm_page_queue_free_mtx);
++	ret = vm_phys_unfree_page(m);
++	mtx_unlock(&vm_page_queue_free_mtx);
++	if (ret) {
++		TAILQ_INSERT_TAIL(&blacklist_head, m, listq);
++		if (verbose)
++			printf("Skipping page with pa 0x%jx\n", (uintmax_t)pa);
++	}
++	return (ret);
++}
++
+ /*
+  *	vm_page_blacklist_check:
+  *
+@@ -301,26 +322,13 @@
+ vm_page_blacklist_check(char *list, char *end)
+ {
+ 	vm_paddr_t pa;
+-	vm_page_t m;
+ 	char *next;
+-	int ret;
+ 
+ 	next = list;
+ 	while (next != NULL) {
+ 		if ((pa = vm_page_blacklist_next(&next, end)) == 0)
+ 			continue;
+-		m = vm_phys_paddr_to_vm_page(pa);
+-		if (m == NULL)
+-			continue;
+-		mtx_lock(&vm_page_queue_free_mtx);
+-		ret = vm_phys_unfree_page(m);
+-		mtx_unlock(&vm_page_queue_free_mtx);
+-		if (ret == TRUE) {
+-			TAILQ_INSERT_TAIL(&blacklist_head, m, listq);
+-			if (bootverbose)
+-				printf("Skipping page with pa 0x%jx\n",
+-				    (uintmax_t)pa);
+-		}
++		vm_page_blacklist_add(pa, bootverbose);
+ 	}
+ }
+ 
+--- sys/vm/vm_page.h.orig
++++ sys/vm/vm_page.h
+@@ -448,6 +448,7 @@
+     u_long npages, vm_paddr_t low, vm_paddr_t high, u_long alignment,
+     vm_paddr_t boundary, vm_memattr_t memattr);
+ vm_page_t vm_page_alloc_freelist(int, int);
++bool vm_page_blacklist_add(vm_paddr_t pa, bool verbose);
+ vm_page_t vm_page_grab (vm_object_t, vm_pindex_t, int);
+ int vm_page_try_to_free (vm_page_t);
+ void vm_page_deactivate (vm_page_t);
+--- sys/x86/include/specialreg.h.orig
++++ sys/x86/include/specialreg.h
+@@ -378,6 +378,7 @@
+  */
+ #define	CPUID_STDEXT3_IBPB	0x04000000
+ #define	CPUID_STDEXT3_STIBP	0x08000000
++#define	CPUID_STDEXT3_L1D_FLUSH	0x10000000
+ #define	CPUID_STDEXT3_ARCH_CAP	0x20000000
+ 
+ /* MSR IA32_ARCH_CAP(ABILITIES) bits */
+@@ -427,6 +428,7 @@
+ #define	MSR_IA32_EXT_CONFIG	0x0ee	/* Undocumented. Core Solo/Duo only */
+ #define	MSR_MTRRcap		0x0fe
+ #define	MSR_IA32_ARCH_CAP	0x10a
++#define	MSR_IA32_FLUSH_CMD	0x10b
+ #define	MSR_BBL_CR_ADDR		0x116
+ #define	MSR_BBL_CR_DECC		0x118
+ #define	MSR_BBL_CR_CTL		0x119
+@@ -580,6 +582,9 @@
+ /* MSR IA32_PRED_CMD */
+ #define	IA32_PRED_CMD_IBPB_BARRIER	0x0000000000000001ULL
+ 
++/* MSR IA32_FLUSH_CMD */
++#define	IA32_FLUSH_CMD_L1D	0x00000001
++
+ /*
+  * PAT modes.
+  */

Property changes on: head/share/security/patches/SA-18:09/l1tf-11.1.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:09/l1tf-11.1.patch.asc
===================================================================
--- head/share/security/patches/SA-18:09/l1tf-11.1.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:09/l1tf-11.1.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztdsACgkQ05eS9J6n
+5cItLA//UjGUEP8QwggeT/drm99htP1lpABfxgLjaBFvXDQ8pFJU2D8bm0X/jHBW
+ExM4TO1H2K6gKtJMXC1gCgL9DXy6ukqI7DDKjG2vt46U8533DQ715C4HInj5+mdp
+hvdJVFKbLKVA4jqv0Z+LGeM/yhC5vLCJ+Upirfz42pLWUdmW1a5zbT0pEXsKldxJ
+cTRWfKck7TKbND9cYczaRKl7YjaJNUY8x2FZ3aq607dxWMbreW1sP1VnC2W/EJOa
+fX6G7WC38uZ5RzLL0GoyEUoA83ljcQLYjGWEH0Kr90AfRw6geh2ViajYWMaRj4Kg
+0/Jax7pn5xI14FaREwMybz7Lj+l2DpYfpToYs9Uh4mg/Ug8orLellD+tEBP88NyY
+aWRPYYc3um08osZ6f96RRdH8bOoYgyW+0HV7hO1ZBrIZiAwLdh7nSLoBPEGoGA/e
+XumkfRbwCc5gODH4NYDuCGFppQ2qQ+vfws97kFWULoia8PM/bseFICv9lbZ3c3wc
+7ImNHSHRCDk8lanX8ivTEN2MqEtQBIXwMJuLy6L2s2SPFaaH8Tzt6VNcFvDMONQb
+iXpUoejcLFdeQV1tisnOTsJ6bZayHQjuE6mvLmbSSVjWhh1X3ZStoqhU44AGnmiC
+LjEmQ03E/pCYfA4YV3trqAsE4dqgNTReiiK2P0edkIlo72g42x0=
+=8Mzj
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:09/l1tf-11.1.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:09/l1tf-11.2.patch
===================================================================
--- head/share/security/patches/SA-18:09/l1tf-11.2.patch	(nonexistent)
+++ head/share/security/patches/SA-18:09/l1tf-11.2.patch	(revision 52127)
@@ -0,0 +1,145 @@
+--- sys/amd64/amd64/pmap.c.orig
++++ sys/amd64/amd64/pmap.c
+@@ -1215,6 +1215,9 @@
+ 	vm_size_t s;
+ 	int error, i, pv_npg, ret, skz63;
+ 
++	/* L1TF, reserve page @0 unconditionally */
++	vm_page_blacklist_add(0, bootverbose);
++
+ 	/* Detect bare-metal Skylake Server and Skylake-X. */
+ 	if (vm_guest == VM_GUEST_NO && cpu_vendor_id == CPU_VENDOR_INTEL &&
+ 	    CPUID_TO_FAMILY(cpu_id) == 0x6 && CPUID_TO_MODEL(cpu_id) == 0x55) {
+--- sys/amd64/vmm/intel/vmx.c.orig
++++ sys/amd64/vmm/intel/vmx.c
+@@ -185,6 +185,12 @@
+ SYSCTL_UINT(_hw_vmm_vmx, OID_AUTO, vpid_alloc_failed, CTLFLAG_RD,
+ 	    &vpid_alloc_failed, 0, NULL);
+ 
++static int guest_l1d_flush;
++SYSCTL_INT(_hw_vmm_vmx, OID_AUTO, l1d_flush, CTLFLAG_RD,
++    &guest_l1d_flush, 0, NULL);
++
++uint64_t vmx_msr_flush_cmd;
++
+ /*
+  * Use the last page below 4GB as the APIC access address. This address is
+  * occupied by the boot firmware so it is guaranteed that it will not conflict
+@@ -720,6 +726,12 @@
+ 		return (error);
+ 	}
+ 
++	guest_l1d_flush = (cpu_ia32_arch_caps & IA32_ARCH_CAP_RDCL_NO) == 0;
++	TUNABLE_INT_FETCH("hw.vmm.l1d_flush", &guest_l1d_flush);
++	if (guest_l1d_flush &&
++	    (cpu_stdext_feature3 & CPUID_STDEXT3_L1D_FLUSH) != 0)
++		vmx_msr_flush_cmd = IA32_FLUSH_CMD_L1D;
++
+ 	/*
+ 	 * Stash the cr0 and cr4 bits that must be fixed to 0 or 1
+ 	 */
+--- sys/amd64/vmm/intel/vmx_genassym.c.orig
++++ sys/amd64/vmm/intel/vmx_genassym.c
+@@ -36,6 +36,7 @@
+ 
+ #include <vm/vm.h>
+ #include <vm/pmap.h>
++#include <vm/vm_param.h>
+ 
+ #include <machine/vmm.h>
+ #include "vmx_cpufunc.h"
+@@ -86,3 +87,6 @@
+ 
+ ASSYM(KERNEL_SS, GSEL(GDATA_SEL, SEL_KPL));
+ ASSYM(KERNEL_CS, GSEL(GCODE_SEL, SEL_KPL));
++
++ASSYM(PAGE_SIZE, PAGE_SIZE);
++ASSYM(KERNBASE, KERNBASE);
+--- sys/amd64/vmm/intel/vmx_support.S.orig
++++ sys/amd64/vmm/intel/vmx_support.S
+@@ -28,6 +28,7 @@
+  */
+ 
+ #include <machine/asmacros.h>
++#include <machine/specialreg.h>
+ 
+ #include "vmx_assym.h"
+ 
+@@ -173,9 +174,47 @@
+ 	jbe	invept_error		/* Check invept instruction error */
+ 
+ guest_restore:
+-	cmpl	$0, %edx
+-	je	do_launch
+ 
++	/*
++	 * Flush L1D cache if requested.  Use IA32_FLUSH_CMD MSR if available,
++	 * otherwise load enough of the data from the zero_region to flush
++	 * existing L1D content.
++	 */
++#define	L1D_FLUSH_SIZE	(64 * 1024)
++	movl	%edx, %r8d
++	cmpb	$0, guest_l1d_flush(%rip)
++	je	after_l1d
++	movq	vmx_msr_flush_cmd(%rip), %rax
++	testq	%rax, %rax
++	jz	1f
++	movq	%rax, %rdx
++	shrq	$32, %rdx
++	movl	$MSR_IA32_FLUSH_CMD, %ecx
++	wrmsr
++	jmp	after_l1d
++1:	movq	$KERNBASE, %r9
++	movq	$-L1D_FLUSH_SIZE, %rcx
++	/*
++	 * pass 1: Preload TLB.
++	 * Kernel text is mapped using superpages,  TLB preload is
++	 * done for the benefit of older CPUs which split 2M page
++	 * into 4k TLB entries.
++	 */
++2:	movb	L1D_FLUSH_SIZE(%r9, %rcx), %al
++	addq	$PAGE_SIZE, %rcx
++	jne	2b
++	xorl	%eax, %eax
++	cpuid
++	movq	$-L1D_FLUSH_SIZE, %rcx
++	/* pass 2: Read each cache line */
++3:	movb	L1D_FLUSH_SIZE(%r9, %rcx), %al
++	addq	$64, %rcx
++	jne	3b
++	lfence
++#undef	L1D_FLUSH_SIZE
++after_l1d:
++	cmpl	$0, %r8d
++	je	do_launch
+ 	VMX_GUEST_RESTORE
+ 	vmresume
+ 	/*
+--- sys/x86/include/specialreg.h.orig
++++ sys/x86/include/specialreg.h
+@@ -387,6 +387,7 @@
+  */
+ #define	CPUID_STDEXT3_IBPB	0x04000000
+ #define	CPUID_STDEXT3_STIBP	0x08000000
++#define	CPUID_STDEXT3_L1D_FLUSH	0x10000000
+ #define	CPUID_STDEXT3_ARCH_CAP	0x20000000
+ #define	CPUID_STDEXT3_SSBD	0x80000000
+ 
+@@ -438,6 +439,7 @@
+ #define	MSR_IA32_EXT_CONFIG	0x0ee	/* Undocumented. Core Solo/Duo only */
+ #define	MSR_MTRRcap		0x0fe
+ #define	MSR_IA32_ARCH_CAP	0x10a
++#define	MSR_IA32_FLUSH_CMD	0x10b
+ #define	MSR_BBL_CR_ADDR		0x116
+ #define	MSR_BBL_CR_DECC		0x118
+ #define	MSR_BBL_CR_CTL		0x119
+@@ -592,6 +594,9 @@
+ /* MSR IA32_PRED_CMD */
+ #define	IA32_PRED_CMD_IBPB_BARRIER	0x0000000000000001ULL
+ 
++/* MSR IA32_FLUSH_CMD */
++#define	IA32_FLUSH_CMD_L1D	0x00000001
++
+ /*
+  * PAT modes.
+  */

Property changes on: head/share/security/patches/SA-18:09/l1tf-11.2.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:09/l1tf-11.2.patch.asc
===================================================================
--- head/share/security/patches/SA-18:09/l1tf-11.2.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:09/l1tf-11.2.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztd0ACgkQ05eS9J6n
+5cIGQQ//SWf3YET59okirsbCm/gF+ra8q1ohCRPaJbyS5ZJaWWWBNQRKX2ksphAF
+huamH+PmAlBvRmkjjVujbW5npPcZ00DpZVCC90awH1mLknlm5aIFpaFSe1oY/RUi
+cZjTSobjdTNyEwDX36GdQpq3xx4d0AmmvzmiLRb62MnzDTzMRQ4kPgAoMe1VP6QT
+z4KeSxS+rc1XjS+3d8qFB57/cxi8a3v60YAkOC7EfgqYUjGheuBa6wLFgsJyzm4/
+jil+Tm5Gp+GgyRzYuQNJSzgMtQaEfvBSkgLn1zIZGPMKfLWyo5Km4aFdtjsWmQaj
+XRQk91BhPJ3xXyvyUChkTckGrXuUMfkVarto5I2dIR9bXo9MXCpOgzLHfcSomGyQ
+JjMKqqjhmcg6aY1ptVHqnA5/NJAFNFUDnwAwsgPw8RPW8rcJjFY9KjmkPo3LRNkV
+x2AhAxjBj1jZ2JUMQiw4jQH25P/yX6COoJTCFisr4RJD0paGf3sPjTrIUN2SOHE9
+TorBvYWeaxgWs3e5yO/qOyUXt7C40ux3vzn2jfjersclJiKId4vIp0VLW4wUd+Et
+wjCZpYHt8BmN8YVRIV3a4hIHZ7tOQg12sv6DHeuzHBtDsKcgMcqZnhehalWGHAZ6
+NnJObTilJi3edXibluvNOgwElIT9l1a6rEv/eJ99rp3tSY0323Q=
+=gc08
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:09/l1tf-11.2.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:10/ip.patch
===================================================================
--- head/share/security/patches/SA-18:10/ip.patch	(nonexistent)
+++ head/share/security/patches/SA-18:10/ip.patch	(revision 52127)
@@ -0,0 +1,1315 @@
+--- share/man/man4/inet.4.orig
++++ share/man/man4/inet.4
+@@ -28,7 +28,7 @@
+ .\"     From: @(#)inet.4	8.1 (Berkeley) 6/5/93
+ .\" $FreeBSD$
+ .\"
+-.Dd Feb 4, 2016
++.Dd August 14, 2018
+ .Dt INET 4
+ .Os
+ .Sh NAME
+@@ -229,15 +229,38 @@
+ cycle greatly.
+ Default is 0 (sequential IP IDs).
+ IPv6 flow IDs and fragment IDs are always random.
++.It Va ip.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Va ip.maxfragpackets
+-Integer: maximum number of fragmented packets the host will accept and hold
+-in the reassembling queue simultaneously.
+-0 means that the host will not accept any fragmented packets.
+-\-1 means that the host will accept as many fragmented packets as it receives.
++Integer: maximum number of fragmented packets the host will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the host will not accept any fragmented packets for that VNET.
++\-1 means that the host will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Va ip.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip.maxfragpackets
++changes.
++This is a per-VNET limit.
+ .It Va ip.maxfragsperpacket
+ Integer: maximum number of fragments the host will accept and hold
+-in the reassembling queue for a packet.
+-0 means that the host will not accept any fragmented packets.
++in the reassembly queue for a packet.
++0 means that the host will not accept any fragmented packets for the VNET.
++This is a per-VNET limit.
+ .El
+ .Sh SEE ALSO
+ .Xr ioctl 2 ,
+--- share/man/man4/inet6.4.orig
++++ share/man/man4/inet6.4
+@@ -29,7 +29,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.Dd September 2, 2009
++.Dd August 14, 2018
+ .Dt INET6 4
+ .Os
+ .Sh NAME
+@@ -219,12 +219,41 @@
+ This value applies to all the transport protocols on top of
+ .Tn IPv6 .
+ There are APIs to override the value.
++.It Dv IPV6CTL_MAXFRAGS
++.Pq ip6.maxfrags
++Integer: maximum number of fragments the host will accept and simultaneously
++hold across all reassembly queues in all VNETs.
++If set to 0, fragment reassembly is disabled.
++If set to -1, this limit is not applied.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a global limit.
+ .It Dv IPV6CTL_MAXFRAGPACKETS
+ .Pq ip6.maxfragpackets
+-Integer: default maximum number of fragmented packets the node will accept.
+-0 means that the node will not accept any fragmented packets.
+--1 means that the node will accept as many fragmented packets as it receives.
+-The flag is provided basically for avoiding possible DoS attacks.
++Integer: maximum number of fragmented packets the node will accept and
++simultaneously hold in the reassembly queue for a particular VNET.
++0 means that the node will not accept any fragmented packets for that VNET.
++-1 means that the node will not apply this limit for that VNET.
++This limit is recalculated when the number of mbuf clusters is changed.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGBUCKETSIZE
++.Pq ip6.maxfragbucketsize
++Integer: maximum number of reassembly queues per bucket.
++Fragmented packets are hashed to buckets.
++Each bucket has a list of reassembly queues.
++The system must compare the incoming packets to the existing reassembly queues
++in the bucket to find a matching reassembly queue.
++To preserve system resources, the system limits the number of reassembly
++queues allowed in each bucket.
++This limit is recalculated when the number of mbuf clusters is changed or
++when the value of
++.Va ip6.maxfragpackets
++changes.
++This is a per-VNET limit.
++.It Dv IPV6CTL_MAXFRAGSPERPACKET
++.Pq ip6.maxfragsperpacket
++Integer: maximum number of fragments the host will accept and hold in the
++ressembly queue for a packet.
++This is a per-VNET limit.
+ .It Dv IPV6CTL_ACCEPT_RTADV
+ .Pq ip6.accept_rtadv
+ Boolean: the default value of a per-interface flag to
+--- sys/netinet/ip_reass.c.orig
++++ sys/netinet/ip_reass.c
+@@ -42,6 +42,7 @@
+ #include <sys/hash.h>
+ #include <sys/mbuf.h>
+ #include <sys/malloc.h>
++#include <sys/limits.h>
+ #include <sys/lock.h>
+ #include <sys/mutex.h>
+ #include <sys/sysctl.h>
+@@ -63,13 +64,14 @@
+ /*
+  * Reassembly headers are stored in hash buckets.
+  */
+-#define	IPREASS_NHASH_LOG2	6
++#define	IPREASS_NHASH_LOG2	10
+ #define	IPREASS_NHASH		(1 << IPREASS_NHASH_LOG2)
+ #define	IPREASS_HMASK		(IPREASS_NHASH - 1)
+ 
+ struct ipqbucket {
+ 	TAILQ_HEAD(ipqhead, ipq) head;
+ 	struct mtx		 lock;
++	int			 count;
+ };
+ 
+ static VNET_DEFINE(struct ipqbucket, ipq[IPREASS_NHASH]);
+@@ -82,6 +84,9 @@
+ #define	IPQ_UNLOCK(i)	mtx_unlock(&V_ipq[i].lock)
+ #define	IPQ_LOCK_ASSERT(i)	mtx_assert(&V_ipq[i].lock, MA_OWNED)
+ 
++static VNET_DEFINE(int, ipreass_maxbucketsize);
++#define	V_ipreass_maxbucketsize	VNET(ipreass_maxbucketsize)
++
+ void		ipreass_init(void);
+ void		ipreass_drain(void);
+ void		ipreass_slowtimo(void);
+@@ -89,27 +94,53 @@
+ void		ipreass_destroy(void);
+ #endif
+ static int	sysctl_maxfragpackets(SYSCTL_HANDLER_ARGS);
++static int	sysctl_maxfragbucketsize(SYSCTL_HANDLER_ARGS);
+ static void	ipreass_zone_change(void *);
+ static void	ipreass_drain_tomax(void);
+-static void	ipq_free(struct ipqhead *, struct ipq *);
++static void	ipq_free(struct ipqbucket *, struct ipq *);
+ static struct ipq * ipq_reuse(int);
+ 
+ static inline void
+-ipq_timeout(struct ipqhead *head, struct ipq *fp)
++ipq_timeout(struct ipqbucket *bucket, struct ipq *fp)
+ {
+ 
+ 	IPSTAT_ADD(ips_fragtimeout, fp->ipq_nfrags);
+-	ipq_free(head, fp);
++	ipq_free(bucket, fp);
+ }
+ 
+ static inline void
+-ipq_drop(struct ipqhead *head, struct ipq *fp)
++ipq_drop(struct ipqbucket *bucket, struct ipq *fp)
+ {
+ 
+ 	IPSTAT_ADD(ips_fragdropped, fp->ipq_nfrags);
+-	ipq_free(head, fp);
++	ipq_free(bucket, fp);
+ }
+ 
++/*
++ * By default, limit the number of IP fragments across all reassembly
++ * queues to  1/32 of the total number of mbuf clusters.
++ *
++ * Limit the total number of reassembly queues per VNET to the
++ * IP fragment limit, but ensure the limit will not allow any bucket
++ * to grow above 100 items. (The bucket limit is
++ * IP_MAXFRAGPACKETS / (IPREASS_NHASH / 2), so the 50 is the correct
++ * multiplier to reach a 100-item limit.)
++ * The 100-item limit was chosen as brief testing seems to show that
++ * this produces "reasonable" performance on some subset of systems
++ * under DoS attack.
++ */
++#define	IP_MAXFRAGS		(nmbclusters / 32)
++#define	IP_MAXFRAGPACKETS	(imin(IP_MAXFRAGS, IPREASS_NHASH * 50))
++
++static int		maxfrags;
++static volatile u_int	nfrags;
++SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfrags, CTLFLAG_RW,
++    &maxfrags, 0,
++    "Maximum number of IPv4 fragments allowed across all reassembly queues");
++SYSCTL_UINT(_net_inet_ip, OID_AUTO, curfrags, CTLFLAG_RD,
++    __DEVOLATILE(u_int *, &nfrags), 0,
++    "Current number of IPv4 fragments across all reassembly queues");
++
+ static VNET_DEFINE(uma_zone_t, ipq_zone);
+ #define	V_ipq_zone	VNET(ipq_zone)
+ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_VNET |
+@@ -127,6 +158,10 @@
+ SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_VNET | CTLFLAG_RW,
+     &VNET_NAME(maxfragsperpacket), 0,
+     "Maximum number of IPv4 fragments allowed per packet");
++SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxfragbucketsize,
++    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0,
++    sysctl_maxfragbucketsize, "I",
++    "Maximum number of IPv4 fragment reassembly queue entries per bucket");
+ 
+ /*
+  * Take incoming datagram fragment and try to reassemble it into
+@@ -146,9 +181,9 @@
+ 	struct mbuf *p, *q, *nq, *t;
+ 	struct ipq *fp;
+ 	struct ipqhead *head;
+-	int i, hlen, next;
++	int i, hlen, next, tmpmax;
+ 	u_int8_t ecn, ecn0;
+-	uint32_t hash;
++	uint32_t hash, hashkey[3];
+ #ifdef	RSS
+ 	uint32_t rss_hash, rss_type;
+ #endif
+@@ -156,8 +191,12 @@
+ 	/*
+ 	 * If no reassembling or maxfragsperpacket are 0,
+ 	 * never accept fragments.
++	 * Also, drop packet if it would exceed the maximum
++	 * number of fragments.
+ 	 */
+-	if (V_noreass == 1 || V_maxfragsperpacket == 0) {
++	tmpmax = maxfrags;
++	if (V_noreass == 1 || V_maxfragsperpacket == 0 ||
++	    (tmpmax >= 0 && nfrags >= (u_int)tmpmax)) {
+ 		IPSTAT_INC(ips_fragments);
+ 		IPSTAT_INC(ips_fragdropped);
+ 		m_freem(m);
+@@ -202,8 +241,12 @@
+ 	m->m_data += hlen;
+ 	m->m_len -= hlen;
+ 
+-	hash = ip->ip_src.s_addr ^ ip->ip_id;
+-	hash = jenkins_hash32(&hash, 1, V_ipq_hashseed) & IPREASS_HMASK;
++	hashkey[0] = ip->ip_src.s_addr;
++	hashkey[1] = ip->ip_dst.s_addr;
++	hashkey[2] = (uint32_t)ip->ip_p << 16;
++	hashkey[2] += ip->ip_id;
++	hash = jenkins_hash32(hashkey, nitems(hashkey), V_ipq_hashseed);
++	hash &= IPREASS_HMASK;
+ 	head = &V_ipq[hash].head;
+ 	IPQ_LOCK(hash);
+ 
+@@ -224,9 +267,12 @@
+ 	 * If first fragment to arrive, create a reassembly queue.
+ 	 */
+ 	if (fp == NULL) {
+-		fp = uma_zalloc(V_ipq_zone, M_NOWAIT);
++		if (V_ipq[hash].count < V_ipreass_maxbucketsize)
++			fp = uma_zalloc(V_ipq_zone, M_NOWAIT);
+ 		if (fp == NULL)
+ 			fp = ipq_reuse(hash);
++		if (fp == NULL)
++			goto dropfrag;
+ #ifdef MAC
+ 		if (mac_ipq_init(fp, M_NOWAIT) != 0) {
+ 			uma_zfree(V_ipq_zone, fp);
+@@ -236,7 +282,9 @@
+ 		mac_ipq_create(m, fp);
+ #endif
+ 		TAILQ_INSERT_HEAD(head, fp, ipq_list);
++		V_ipq[hash].count++;
+ 		fp->ipq_nfrags = 1;
++		atomic_add_int(&nfrags, 1);
+ 		fp->ipq_ttl = IPFRAGTTL;
+ 		fp->ipq_p = ip->ip_p;
+ 		fp->ipq_id = ip->ip_id;
+@@ -247,6 +295,7 @@
+ 		goto done;
+ 	} else {
+ 		fp->ipq_nfrags++;
++		atomic_add_int(&nfrags, 1);
+ #ifdef MAC
+ 		mac_ipq_update(m, fp);
+ #endif
+@@ -323,6 +372,7 @@
+ 		m->m_nextpkt = nq;
+ 		IPSTAT_INC(ips_fragdropped);
+ 		fp->ipq_nfrags--;
++		atomic_subtract_int(&nfrags, 1);
+ 		m_freem(q);
+ 	}
+ 
+@@ -340,7 +390,7 @@
+ 	for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
+ 		if (ntohs(GETIP(q)->ip_off) != next) {
+ 			if (fp->ipq_nfrags > V_maxfragsperpacket)
+-				ipq_drop(head, fp);
++				ipq_drop(&V_ipq[hash], fp);
+ 			goto done;
+ 		}
+ 		next += ntohs(GETIP(q)->ip_len);
+@@ -348,7 +398,7 @@
+ 	/* Make sure the last packet didn't have the IP_MF flag */
+ 	if (p->m_flags & M_IP_FRAG) {
+ 		if (fp->ipq_nfrags > V_maxfragsperpacket)
+-			ipq_drop(head, fp);
++			ipq_drop(&V_ipq[hash], fp);
+ 		goto done;
+ 	}
+ 
+@@ -359,7 +409,7 @@
+ 	ip = GETIP(q);
+ 	if (next + (ip->ip_hl << 2) > IP_MAXPACKET) {
+ 		IPSTAT_INC(ips_toolong);
+-		ipq_drop(head, fp);
++		ipq_drop(&V_ipq[hash], fp);
+ 		goto done;
+ 	}
+ 
+@@ -388,6 +438,7 @@
+ 	while (m->m_pkthdr.csum_data & 0xffff0000)
+ 		m->m_pkthdr.csum_data = (m->m_pkthdr.csum_data & 0xffff) +
+ 		    (m->m_pkthdr.csum_data >> 16);
++	atomic_subtract_int(&nfrags, fp->ipq_nfrags);
+ #ifdef MAC
+ 	mac_ipq_reassemble(fp, m);
+ 	mac_ipq_destroy(fp);
+@@ -402,6 +453,7 @@
+ 	ip->ip_src = fp->ipq_src;
+ 	ip->ip_dst = fp->ipq_dst;
+ 	TAILQ_REMOVE(head, fp, ipq_list);
++	V_ipq[hash].count--;
+ 	uma_zfree(V_ipq_zone, fp);
+ 	m->m_len += (ip->ip_hl << 2);
+ 	m->m_data -= (ip->ip_hl << 2);
+@@ -447,8 +499,10 @@
+ 
+ dropfrag:
+ 	IPSTAT_INC(ips_fragdropped);
+-	if (fp != NULL)
++	if (fp != NULL) {
+ 		fp->ipq_nfrags--;
++		atomic_subtract_int(&nfrags, 1);
++	}
+ 	m_freem(m);
+ done:
+ 	IPQ_UNLOCK(hash);
+@@ -463,21 +517,27 @@
+ void
+ ipreass_init(void)
+ {
++	int max;
+ 
+ 	for (int i = 0; i < IPREASS_NHASH; i++) {
+ 		TAILQ_INIT(&V_ipq[i].head);
+ 		mtx_init(&V_ipq[i].lock, "IP reassembly", NULL,
+ 		    MTX_DEF | MTX_DUPOK);
++		V_ipq[i].count = 0;
+ 	}
+ 	V_ipq_hashseed = arc4random();
+ 	V_maxfragsperpacket = 16;
+ 	V_ipq_zone = uma_zcreate("ipq", sizeof(struct ipq), NULL, NULL, NULL,
+ 	    NULL, UMA_ALIGN_PTR, 0);
+-	uma_zone_set_max(V_ipq_zone, nmbclusters / 32);
++	max = IP_MAXFRAGPACKETS;
++	max = uma_zone_set_max(V_ipq_zone, max);
++	V_ipreass_maxbucketsize = imax(max / (IPREASS_NHASH / 2), 1);
+ 
+-	if (IS_DEFAULT_VNET(curvnet))
++	if (IS_DEFAULT_VNET(curvnet)) {
++		maxfrags = IP_MAXFRAGS;
+ 		EVENTHANDLER_REGISTER(nmbclusters_change, ipreass_zone_change,
+ 		    NULL, EVENTHANDLER_PRI_ANY);
++	}
+ }
+ 
+ /*
+@@ -492,7 +552,7 @@
+ 		IPQ_LOCK(i);
+ 		TAILQ_FOREACH_SAFE(fp, &V_ipq[i].head, ipq_list, tmp)
+ 		if (--fp->ipq_ttl == 0)
+-				ipq_timeout(&V_ipq[i].head, fp);
++				ipq_timeout(&V_ipq[i], fp);
+ 		IPQ_UNLOCK(i);
+ 	}
+ }
+@@ -507,7 +567,10 @@
+ 	for (int i = 0; i < IPREASS_NHASH; i++) {
+ 		IPQ_LOCK(i);
+ 		while(!TAILQ_EMPTY(&V_ipq[i].head))
+-			ipq_drop(&V_ipq[i].head, TAILQ_FIRST(&V_ipq[i].head));
++			ipq_drop(&V_ipq[i], TAILQ_FIRST(&V_ipq[i].head));
++		KASSERT(V_ipq[i].count == 0,
++		    ("%s: V_ipq[%d] count %d (V_ipq=%p)", __func__, i,
++		    V_ipq[i].count, V_ipq));
+ 		IPQ_UNLOCK(i);
+ 	}
+ }
+@@ -535,8 +598,22 @@
+ static void
+ ipreass_drain_tomax(void)
+ {
++	struct ipq *fp;
+ 	int target;
+ 
++	/*
++	 * Make sure each bucket is under the new limit. If
++	 * necessary, drop enough of the oldest elements from
++	 * each bucket to get under the new limit.
++	 */
++	for (int i = 0; i < IPREASS_NHASH; i++) {
++		IPQ_LOCK(i);
++		while (V_ipq[i].count > V_ipreass_maxbucketsize &&
++		    (fp = TAILQ_LAST(&V_ipq[i].head, ipqhead)) != NULL)
++			ipq_timeout(&V_ipq[i], fp);
++		IPQ_UNLOCK(i);
++	}
++
+ 	/*
+ 	 * If we are over the maximum number of fragments,
+ 	 * drain off enough to get down to the new limit,
+@@ -545,13 +622,11 @@
+ 	 */
+ 	target = uma_zone_get_max(V_ipq_zone);
+ 	while (uma_zone_get_cur(V_ipq_zone) > target) {
+-		struct ipq *fp;
+-
+ 		for (int i = 0; i < IPREASS_NHASH; i++) {
+ 			IPQ_LOCK(i);
+ 			fp = TAILQ_LAST(&V_ipq[i].head, ipqhead);
+ 			if (fp != NULL)
+-				ipq_timeout(&V_ipq[i].head, fp);
++				ipq_timeout(&V_ipq[i], fp);
+ 			IPQ_UNLOCK(i);
+ 		}
+ 	}
+@@ -560,9 +635,20 @@
+ static void
+ ipreass_zone_change(void *tag)
+ {
+-
+-	uma_zone_set_max(V_ipq_zone, nmbclusters / 32);
+-	ipreass_drain_tomax();
++	VNET_ITERATOR_DECL(vnet_iter);
++	int max;
++
++	maxfrags = IP_MAXFRAGS;
++	max = IP_MAXFRAGPACKETS;
++	VNET_LIST_RLOCK_NOSLEEP();
++	VNET_FOREACH(vnet_iter) {
++		CURVNET_SET(vnet_iter);
++		max = uma_zone_set_max(V_ipq_zone, max);
++		V_ipreass_maxbucketsize = imax(max / (IPREASS_NHASH / 2), 1);
++		ipreass_drain_tomax();
++		CURVNET_RESTORE();
++	}
++	VNET_LIST_RUNLOCK_NOSLEEP();
+ }
+ 
+ /*
+@@ -590,6 +676,7 @@
+ 		 * and place an extreme upper bound.
+ 		 */
+ 		max = uma_zone_set_max(V_ipq_zone, max);
++		V_ipreass_maxbucketsize = imax(max / (IPREASS_NHASH / 2), 1);
+ 		ipreass_drain_tomax();
+ 		V_noreass = 0;
+ 	} else if (max == 0) {
+@@ -598,6 +685,7 @@
+ 	} else if (max == -1) {
+ 		V_noreass = 0;
+ 		uma_zone_set_max(V_ipq_zone, 0);
++		V_ipreass_maxbucketsize = INT_MAX;
+ 	} else
+ 		return (EINVAL);
+ 	return (0);
+@@ -611,49 +699,72 @@
+ ipq_reuse(int start)
+ {
+ 	struct ipq *fp;
+-	int i;
++	int bucket, i;
+ 
+ 	IPQ_LOCK_ASSERT(start);
+ 
+-	for (i = start;; i++) {
+-		if (i == IPREASS_NHASH)
+-			i = 0;
+-		if (i != start && IPQ_TRYLOCK(i) == 0)
++	for (i = 0; i < IPREASS_NHASH; i++) {
++		bucket = (start + i) % IPREASS_NHASH;
++		if (bucket != start && IPQ_TRYLOCK(bucket) == 0)
+ 			continue;
+-		fp = TAILQ_LAST(&V_ipq[i].head, ipqhead);
++		fp = TAILQ_LAST(&V_ipq[bucket].head, ipqhead);
+ 		if (fp) {
+ 			struct mbuf *m;
+ 
+ 			IPSTAT_ADD(ips_fragtimeout, fp->ipq_nfrags);
++			atomic_subtract_int(&nfrags, fp->ipq_nfrags);
+ 			while (fp->ipq_frags) {
+ 				m = fp->ipq_frags;
+ 				fp->ipq_frags = m->m_nextpkt;
+ 				m_freem(m);
+ 			}
+-			TAILQ_REMOVE(&V_ipq[i].head, fp, ipq_list);
+-			if (i != start)
+-				IPQ_UNLOCK(i);
+-			IPQ_LOCK_ASSERT(start);
+-			return (fp);
++			TAILQ_REMOVE(&V_ipq[bucket].head, fp, ipq_list);
++			V_ipq[bucket].count--;
++			if (bucket != start)
++				IPQ_UNLOCK(bucket);
++			break;
+ 		}
+-		if (i != start)
+-			IPQ_UNLOCK(i);
++		if (bucket != start)
++			IPQ_UNLOCK(bucket);
+ 	}
++	IPQ_LOCK_ASSERT(start);
++	return (fp);
+ }
+ 
+ /*
+  * Free a fragment reassembly header and all associated datagrams.
+  */
+ static void
+-ipq_free(struct ipqhead *fhp, struct ipq *fp)
++ipq_free(struct ipqbucket *bucket, struct ipq *fp)
+ {
+ 	struct mbuf *q;
+ 
++	atomic_subtract_int(&nfrags, fp->ipq_nfrags);
+ 	while (fp->ipq_frags) {
+ 		q = fp->ipq_frags;
+ 		fp->ipq_frags = q->m_nextpkt;
+ 		m_freem(q);
+ 	}
+-	TAILQ_REMOVE(fhp, fp, ipq_list);
++	TAILQ_REMOVE(&bucket->head, fp, ipq_list);
++	bucket->count--;
+ 	uma_zfree(V_ipq_zone, fp);
+ }
++
++/*
++ * Get or set the maximum number of reassembly queues per bucket.
++ */
++static int
++sysctl_maxfragbucketsize(SYSCTL_HANDLER_ARGS)
++{
++	int error, max;
++
++	max = V_ipreass_maxbucketsize;
++	error = sysctl_handle_int(oidp, &max, 0, req);
++	if (error || !req->newptr)
++		return (error);
++	if (max <= 0)
++		return (EINVAL);
++	V_ipreass_maxbucketsize = max;
++	ipreass_drain_tomax();
++	return (0);
++}
+--- sys/netinet6/frag6.c.orig
++++ sys/netinet6/frag6.c
+@@ -36,6 +36,7 @@
+ 
+ #include <sys/param.h>
+ #include <sys/systm.h>
++#include <sys/hash.h>
+ #include <sys/malloc.h>
+ #include <sys/mbuf.h>
+ #include <sys/domain.h>
+@@ -47,6 +48,8 @@
+ #include <sys/kernel.h>
+ #include <sys/syslog.h>
+ 
++#include <machine/atomic.h>
++
+ #include <net/if.h>
+ #include <net/if_var.h>
+ #include <net/netisr.h>
+@@ -63,58 +66,110 @@
+ 
+ #include <security/mac/mac_framework.h>
+ 
+-static void frag6_enq(struct ip6asfrag *, struct ip6asfrag *);
+-static void frag6_deq(struct ip6asfrag *);
+-static void frag6_insque(struct ip6q *, struct ip6q *);
+-static void frag6_remque(struct ip6q *);
+-static void frag6_freef(struct ip6q *);
+-
+-static struct mtx ip6qlock;
+ /*
+- * These fields all protected by ip6qlock.
++ * Reassembly headers are stored in hash buckets.
+  */
+-static VNET_DEFINE(u_int, frag6_nfragpackets);
+-static VNET_DEFINE(u_int, frag6_nfrags);
+-static VNET_DEFINE(struct ip6q, ip6q);	/* ip6 reassemble queue */
++#define	IP6REASS_NHASH_LOG2	10
++#define	IP6REASS_NHASH		(1 << IP6REASS_NHASH_LOG2)
++#define	IP6REASS_HMASK		(IP6REASS_NHASH - 1)
++
++static void frag6_enq(struct ip6asfrag *, struct ip6asfrag *,
++    uint32_t bucket __unused);
++static void frag6_deq(struct ip6asfrag *, uint32_t bucket __unused);
++static void frag6_insque_head(struct ip6q *, struct ip6q *,
++    uint32_t bucket);
++static void frag6_remque(struct ip6q *, uint32_t bucket);
++static void frag6_freef(struct ip6q *, uint32_t bucket);
++
++struct ip6qbucket {
++	struct ip6q	ip6q;
++	struct mtx	lock;
++	int		count;
++};
++
++static VNET_DEFINE(volatile u_int, frag6_nfragpackets);
++volatile u_int frag6_nfrags = 0;
++static VNET_DEFINE(struct ip6qbucket, ip6q[IP6REASS_NHASH]);
++static VNET_DEFINE(uint32_t, ip6q_hashseed);
+ 
+ #define	V_frag6_nfragpackets		VNET(frag6_nfragpackets)
+-#define	V_frag6_nfrags			VNET(frag6_nfrags)
+ #define	V_ip6q				VNET(ip6q)
++#define	V_ip6q_hashseed			VNET(ip6q_hashseed)
+ 
+-#define	IP6Q_LOCK_INIT()	mtx_init(&ip6qlock, "ip6qlock", NULL, MTX_DEF);
+-#define	IP6Q_LOCK()		mtx_lock(&ip6qlock)
+-#define	IP6Q_TRYLOCK()		mtx_trylock(&ip6qlock)
+-#define	IP6Q_LOCK_ASSERT()	mtx_assert(&ip6qlock, MA_OWNED)
+-#define	IP6Q_UNLOCK()		mtx_unlock(&ip6qlock)
++#define	IP6Q_LOCK(i)		mtx_lock(&V_ip6q[(i)].lock)
++#define	IP6Q_TRYLOCK(i)		mtx_trylock(&V_ip6q[(i)].lock)
++#define	IP6Q_LOCK_ASSERT(i)	mtx_assert(&V_ip6q[(i)].lock, MA_OWNED)
++#define	IP6Q_UNLOCK(i)		mtx_unlock(&V_ip6q[(i)].lock)
++#define	IP6Q_HEAD(i)		(&V_ip6q[(i)].ip6q)
+ 
+ static MALLOC_DEFINE(M_FTABLE, "fragment", "fragment reassembly header");
+ 
++/*
++ * By default, limit the number of IP6 fragments across all reassembly
++ * queues to  1/32 of the total number of mbuf clusters.
++ *
++ * Limit the total number of reassembly queues per VNET to the
++ * IP6 fragment limit, but ensure the limit will not allow any bucket
++ * to grow above 100 items. (The bucket limit is
++ * IP_MAXFRAGPACKETS / (IPREASS_NHASH / 2), so the 50 is the correct
++ * multiplier to reach a 100-item limit.)
++ * The 100-item limit was chosen as brief testing seems to show that
++ * this produces "reasonable" performance on some subset of systems
++ * under DoS attack.
++ */
++#define	IP6_MAXFRAGS		(nmbclusters / 32)
++#define	IP6_MAXFRAGPACKETS	(imin(IP6_MAXFRAGS, IP6REASS_NHASH * 50))
++
+ /*
+  * Initialise reassembly queue and fragment identifier.
+  */
++void
++frag6_set_bucketsize()
++{
++	int i;
++
++	if ((i = V_ip6_maxfragpackets) > 0)
++		V_ip6_maxfragbucketsize = imax(i / (IP6REASS_NHASH / 2), 1);
++}
++
+ static void
+ frag6_change(void *tag)
+ {
++	VNET_ITERATOR_DECL(vnet_iter);
+ 
+-	V_ip6_maxfragpackets = nmbclusters / 4;
+-	V_ip6_maxfrags = nmbclusters / 4;
++	ip6_maxfrags = IP6_MAXFRAGS;
++	VNET_LIST_RLOCK_NOSLEEP();
++	VNET_FOREACH(vnet_iter) {
++		CURVNET_SET(vnet_iter);
++		V_ip6_maxfragpackets = IP6_MAXFRAGPACKETS;
++		frag6_set_bucketsize();
++		CURVNET_RESTORE();
++	}
++	VNET_LIST_RUNLOCK_NOSLEEP();
+ }
+ 
+ void
+ frag6_init(void)
+ {
+-
+-	V_ip6_maxfragpackets = nmbclusters / 4;
+-	V_ip6_maxfrags = nmbclusters / 4;
+-	V_ip6q.ip6q_next = V_ip6q.ip6q_prev = &V_ip6q;
+-
++	struct ip6q *q6;
++	int i;
++
++	V_ip6_maxfragpackets = IP6_MAXFRAGPACKETS;
++	frag6_set_bucketsize();
++	for (i = 0; i < IP6REASS_NHASH; i++) {
++		q6 = IP6Q_HEAD(i);
++		q6->ip6q_next = q6->ip6q_prev = q6;
++		mtx_init(&V_ip6q[i].lock, "ip6qlock", NULL, MTX_DEF);
++		V_ip6q[i].count = 0;
++	}
++	V_ip6q_hashseed = arc4random();
++	V_ip6_maxfragsperpacket = 64;
+ 	if (!IS_DEFAULT_VNET(curvnet))
+ 		return;
+ 
++	ip6_maxfrags = IP6_MAXFRAGS;
+ 	EVENTHANDLER_REGISTER(nmbclusters_change,
+ 	    frag6_change, NULL, EVENTHANDLER_PRI_ANY);
+-
+-	IP6Q_LOCK_INIT();
+ }
+ 
+ /*
+@@ -155,12 +210,13 @@
+ 	struct mbuf *m = *mp, *t;
+ 	struct ip6_hdr *ip6;
+ 	struct ip6_frag *ip6f;
+-	struct ip6q *q6;
++	struct ip6q *head, *q6;
+ 	struct ip6asfrag *af6, *ip6af, *af6dwn;
+ 	struct in6_ifaddr *ia;
+ 	int offset = *offp, nxt, i, next;
+ 	int first_frag = 0;
+ 	int fragoff, frgpartlen;	/* must be larger than u_int16_t */
++	uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
+ 	struct ifnet *dstifp;
+ 	u_int8_t ecn, ecn0;
+ #ifdef RSS
+@@ -229,19 +285,38 @@
+ 		return (ip6f->ip6f_nxt);
+ 	}
+ 
+-	IP6Q_LOCK();
++	/* Get fragment length and discard 0-byte fragments. */
++	frgpartlen = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) - offset;
++	if (frgpartlen == 0) {
++		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
++		    offsetof(struct ip6_hdr, ip6_plen));
++		in6_ifstat_inc(dstifp, ifs6_reass_fail);
++		IP6STAT_INC(ip6s_fragdropped);
++		return IPPROTO_DONE;
++	}
++
++	hashkeyp = hashkey;
++	memcpy(hashkeyp, &ip6->ip6_src, sizeof(struct in6_addr));
++	hashkeyp += sizeof(struct in6_addr) / sizeof(*hashkeyp);
++	memcpy(hashkeyp, &ip6->ip6_dst, sizeof(struct in6_addr));
++	hashkeyp += sizeof(struct in6_addr) / sizeof(*hashkeyp);
++	*hashkeyp = ip6f->ip6f_ident;
++	hash = jenkins_hash32(hashkey, nitems(hashkey), V_ip6q_hashseed);
++	hash &= IP6REASS_HMASK;
++	head = IP6Q_HEAD(hash);
++	IP6Q_LOCK(hash);
+ 
+ 	/*
+ 	 * Enforce upper bound on number of fragments.
+ 	 * If maxfrag is 0, never accept fragments.
+ 	 * If maxfrag is -1, accept all fragments without limitation.
+ 	 */
+-	if (V_ip6_maxfrags < 0)
++	if (ip6_maxfrags < 0)
+ 		;
+-	else if (V_frag6_nfrags >= (u_int)V_ip6_maxfrags)
++	else if (frag6_nfrags >= (u_int)ip6_maxfrags)
+ 		goto dropfrag;
+ 
+-	for (q6 = V_ip6q.ip6q_next; q6 != &V_ip6q; q6 = q6->ip6q_next)
++	for (q6 = head->ip6q_next; q6 != head; q6 = q6->ip6q_next)
+ 		if (ip6f->ip6f_ident == q6->ip6q_ident &&
+ 		    IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &q6->ip6q_src) &&
+ 		    IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &q6->ip6q_dst)
+@@ -251,7 +326,7 @@
+ 		    )
+ 			break;
+ 
+-	if (q6 == &V_ip6q) {
++	if (q6 == head) {
+ 		/*
+ 		 * the first fragment to arrive, create a reassembly queue.
+ 		 */
+@@ -266,9 +341,10 @@
+ 		 */
+ 		if (V_ip6_maxfragpackets < 0)
+ 			;
+-		else if (V_frag6_nfragpackets >= (u_int)V_ip6_maxfragpackets)
++		else if (V_ip6q[hash].count >= V_ip6_maxfragbucketsize ||
++		    V_frag6_nfragpackets >= (u_int)V_ip6_maxfragpackets)
+ 			goto dropfrag;
+-		V_frag6_nfragpackets++;
++		atomic_add_int(&V_frag6_nfragpackets, 1);
+ 		q6 = (struct ip6q *)malloc(sizeof(struct ip6q), M_FTABLE,
+ 		    M_NOWAIT);
+ 		if (q6 == NULL)
+@@ -281,7 +357,7 @@
+ 		}
+ 		mac_ip6q_create(m, q6);
+ #endif
+-		frag6_insque(q6, &V_ip6q);
++		frag6_insque_head(q6, head, hash);
+ 
+ 		/* ip6q_nxt will be filled afterwards, from 1st fragment */
+ 		q6->ip6q_down	= q6->ip6q_up = (struct ip6asfrag *)q6;
+@@ -315,21 +391,20 @@
+ 	 * in size.
+ 	 * If it would exceed, discard the fragment and return an ICMP error.
+ 	 */
+-	frgpartlen = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) - offset;
+ 	if (q6->ip6q_unfrglen >= 0) {
+ 		/* The 1st fragment has already arrived. */
+ 		if (q6->ip6q_unfrglen + fragoff + frgpartlen > IPV6_MAXPACKET) {
+ 			icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
+ 			    offset - sizeof(struct ip6_frag) +
+ 			    offsetof(struct ip6_frag, ip6f_offlg));
+-			IP6Q_UNLOCK();
++			IP6Q_UNLOCK(hash);
+ 			return (IPPROTO_DONE);
+ 		}
+ 	} else if (fragoff + frgpartlen > IPV6_MAXPACKET) {
+ 		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
+ 		    offset - sizeof(struct ip6_frag) +
+ 		    offsetof(struct ip6_frag, ip6f_offlg));
+-		IP6Q_UNLOCK();
++		IP6Q_UNLOCK(hash);
+ 		return (IPPROTO_DONE);
+ 	}
+ 	/*
+@@ -348,7 +423,7 @@
+ 				int erroff = af6->ip6af_offset;
+ 
+ 				/* dequeue the fragment. */
+-				frag6_deq(af6);
++				frag6_deq(af6, hash);
+ 				free(af6, M_FTABLE);
+ 
+ 				/* adjust pointer. */
+@@ -446,7 +521,7 @@
+ 		}
+ 		af6 = af6->ip6af_down;
+ 		m_freem(IP6_REASS_MBUF(af6->ip6af_up));
+-		frag6_deq(af6->ip6af_up);
++		frag6_deq(af6->ip6af_up, hash);
+ 	}
+ #else
+ 	/*
+@@ -495,29 +570,38 @@
+ 	/*
+ 	 * Stick new segment in its place;
+ 	 * check for complete reassembly.
++	 * If not complete, check fragment limit.
+ 	 * Move to front of packet queue, as we are
+ 	 * the most recently active fragmented packet.
+ 	 */
+-	frag6_enq(ip6af, af6->ip6af_up);
+-	V_frag6_nfrags++;
++	frag6_enq(ip6af, af6->ip6af_up, hash);
++	atomic_add_int(&frag6_nfrags, 1);
+ 	q6->ip6q_nfrag++;
+ #if 0 /* xxx */
+-	if (q6 != V_ip6q.ip6q_next) {
+-		frag6_remque(q6);
+-		frag6_insque(q6, &V_ip6q);
++	if (q6 != head->ip6q_next) {
++		frag6_remque(q6, hash);
++		frag6_insque_head(q6, head, hash);
+ 	}
+ #endif
+ 	next = 0;
+ 	for (af6 = q6->ip6q_down; af6 != (struct ip6asfrag *)q6;
+ 	     af6 = af6->ip6af_down) {
+ 		if (af6->ip6af_off != next) {
+-			IP6Q_UNLOCK();
++			if (q6->ip6q_nfrag > V_ip6_maxfragsperpacket) {
++				IP6STAT_INC(ip6s_fragdropped);
++				frag6_freef(q6, hash);
++			}
++			IP6Q_UNLOCK(hash);
+ 			return IPPROTO_DONE;
+ 		}
+ 		next += af6->ip6af_frglen;
+ 	}
+ 	if (af6->ip6af_up->ip6af_mff) {
+-		IP6Q_UNLOCK();
++		if (q6->ip6q_nfrag > V_ip6_maxfragsperpacket) {
++			IP6STAT_INC(ip6s_fragdropped);
++			frag6_freef(q6, hash);
++		}
++		IP6Q_UNLOCK(hash);
+ 		return IPPROTO_DONE;
+ 	}
+ 
+@@ -527,7 +611,7 @@
+ 	ip6af = q6->ip6q_down;
+ 	t = m = IP6_REASS_MBUF(ip6af);
+ 	af6 = ip6af->ip6af_down;
+-	frag6_deq(ip6af);
++	frag6_deq(ip6af, hash);
+ 	while (af6 != (struct ip6asfrag *)q6) {
+ 		m->m_pkthdr.csum_flags &=
+ 		    IP6_REASS_MBUF(af6)->m_pkthdr.csum_flags;
+@@ -535,7 +619,7 @@
+ 		    IP6_REASS_MBUF(af6)->m_pkthdr.csum_data;
+ 
+ 		af6dwn = af6->ip6af_down;
+-		frag6_deq(af6);
++		frag6_deq(af6, hash);
+ 		while (t->m_next)
+ 			t = t->m_next;
+ 		m_adj(IP6_REASS_MBUF(af6), af6->ip6af_offset);
+@@ -562,13 +646,13 @@
+ #endif
+ 
+ 	if (ip6_deletefraghdr(m, offset, M_NOWAIT) != 0) {
+-		frag6_remque(q6);
+-		V_frag6_nfrags -= q6->ip6q_nfrag;
++		frag6_remque(q6, hash);
++		atomic_subtract_int(&frag6_nfrags, q6->ip6q_nfrag);
+ #ifdef MAC
+ 		mac_ip6q_destroy(q6);
+ #endif
+ 		free(q6, M_FTABLE);
+-		V_frag6_nfragpackets--;
++		atomic_subtract_int(&V_frag6_nfragpackets, 1);
+ 
+ 		goto dropfrag;
+ 	}
+@@ -579,14 +663,14 @@
+ 	m_copyback(m, ip6_get_prevhdr(m, offset), sizeof(uint8_t),
+ 	    (caddr_t)&nxt);
+ 
+-	frag6_remque(q6);
+-	V_frag6_nfrags -= q6->ip6q_nfrag;
++	frag6_remque(q6, hash);
++	atomic_subtract_int(&frag6_nfrags, q6->ip6q_nfrag);
+ #ifdef MAC
+ 	mac_ip6q_reassemble(q6, m);
+ 	mac_ip6q_destroy(q6);
+ #endif
+ 	free(q6, M_FTABLE);
+-	V_frag6_nfragpackets--;
++	atomic_subtract_int(&V_frag6_nfragpackets, 1);
+ 
+ 	if (m->m_flags & M_PKTHDR) { /* Isn't it always true? */
+ 		int plen = 0;
+@@ -608,7 +692,7 @@
+ 	m_tag_prepend(m, mtag);
+ #endif
+ 
+-	IP6Q_UNLOCK();
++	IP6Q_UNLOCK(hash);
+ 	IP6STAT_INC(ip6s_reassembled);
+ 	in6_ifstat_inc(dstifp, ifs6_reass_ok);
+ 
+@@ -630,7 +714,7 @@
+ 	return nxt;
+ 
+  dropfrag:
+-	IP6Q_UNLOCK();
++	IP6Q_UNLOCK(hash);
+ 	in6_ifstat_inc(dstifp, ifs6_reass_fail);
+ 	IP6STAT_INC(ip6s_fragdropped);
+ 	m_freem(m);
+@@ -641,19 +725,19 @@
+  * Free a fragment reassembly header and all
+  * associated datagrams.
+  */
+-void
+-frag6_freef(struct ip6q *q6)
++static void
++frag6_freef(struct ip6q *q6, uint32_t bucket)
+ {
+ 	struct ip6asfrag *af6, *down6;
+ 
+-	IP6Q_LOCK_ASSERT();
++	IP6Q_LOCK_ASSERT(bucket);
+ 
+ 	for (af6 = q6->ip6q_down; af6 != (struct ip6asfrag *)q6;
+ 	     af6 = down6) {
+ 		struct mbuf *m = IP6_REASS_MBUF(af6);
+ 
+ 		down6 = af6->ip6af_down;
+-		frag6_deq(af6);
++		frag6_deq(af6, bucket);
+ 
+ 		/*
+ 		 * Return ICMP time exceeded error for the 1st fragment.
+@@ -675,24 +759,25 @@
+ 			m_freem(m);
+ 		free(af6, M_FTABLE);
+ 	}
+-	frag6_remque(q6);
+-	V_frag6_nfrags -= q6->ip6q_nfrag;
++	frag6_remque(q6, bucket);
++	atomic_subtract_int(&frag6_nfrags, q6->ip6q_nfrag);
+ #ifdef MAC
+ 	mac_ip6q_destroy(q6);
+ #endif
+ 	free(q6, M_FTABLE);
+-	V_frag6_nfragpackets--;
++	atomic_subtract_int(&V_frag6_nfragpackets, 1);
+ }
+ 
+ /*
+  * Put an ip fragment on a reassembly chain.
+  * Like insque, but pointers in middle of structure.
+  */
+-void
+-frag6_enq(struct ip6asfrag *af6, struct ip6asfrag *up6)
++static void
++frag6_enq(struct ip6asfrag *af6, struct ip6asfrag *up6,
++    uint32_t bucket __unused)
+ {
+ 
+-	IP6Q_LOCK_ASSERT();
++	IP6Q_LOCK_ASSERT(bucket);
+ 
+ 	af6->ip6af_up = up6;
+ 	af6->ip6af_down = up6->ip6af_down;
+@@ -703,36 +788,41 @@
+ /*
+  * To frag6_enq as remque is to insque.
+  */
+-void
+-frag6_deq(struct ip6asfrag *af6)
++static void
++frag6_deq(struct ip6asfrag *af6, uint32_t bucket __unused)
+ {
+ 
+-	IP6Q_LOCK_ASSERT();
++	IP6Q_LOCK_ASSERT(bucket);
+ 
+ 	af6->ip6af_up->ip6af_down = af6->ip6af_down;
+ 	af6->ip6af_down->ip6af_up = af6->ip6af_up;
+ }
+ 
+-void
+-frag6_insque(struct ip6q *new, struct ip6q *old)
++static void
++frag6_insque_head(struct ip6q *new, struct ip6q *old, uint32_t bucket)
+ {
+ 
+-	IP6Q_LOCK_ASSERT();
++	IP6Q_LOCK_ASSERT(bucket);
++	KASSERT(IP6Q_HEAD(bucket) == old,
++	    ("%s: attempt to insert at head of wrong bucket"
++	    " (bucket=%u, old=%p)", __func__, bucket, old));
+ 
+ 	new->ip6q_prev = old;
+ 	new->ip6q_next = old->ip6q_next;
+ 	old->ip6q_next->ip6q_prev= new;
+ 	old->ip6q_next = new;
++	V_ip6q[bucket].count++;
+ }
+ 
+-void
+-frag6_remque(struct ip6q *p6)
++static void
++frag6_remque(struct ip6q *p6, uint32_t bucket)
+ {
+ 
+-	IP6Q_LOCK_ASSERT();
++	IP6Q_LOCK_ASSERT(bucket);
+ 
+ 	p6->ip6q_prev->ip6q_next = p6->ip6q_next;
+ 	p6->ip6q_next->ip6q_prev = p6->ip6q_prev;
++	V_ip6q[bucket].count--;
+ }
+ 
+ /*
+@@ -744,37 +834,71 @@
+ frag6_slowtimo(void)
+ {
+ 	VNET_ITERATOR_DECL(vnet_iter);
+-	struct ip6q *q6;
++	struct ip6q *head, *q6;
++	int i;
+ 
+ 	VNET_LIST_RLOCK_NOSLEEP();
+-	IP6Q_LOCK();
+ 	VNET_FOREACH(vnet_iter) {
+ 		CURVNET_SET(vnet_iter);
+-		q6 = V_ip6q.ip6q_next;
+-		if (q6)
+-			while (q6 != &V_ip6q) {
++		for (i = 0; i < IP6REASS_NHASH; i++) {
++			IP6Q_LOCK(i);
++			head = IP6Q_HEAD(i);
++			q6 = head->ip6q_next;
++			if (q6 == NULL) {
++				/*
++				 * XXXJTL: This should never happen. This
++				 * should turn into an assertion.
++				 */
++				IP6Q_UNLOCK(i);
++				continue;
++			}
++			while (q6 != head) {
+ 				--q6->ip6q_ttl;
+ 				q6 = q6->ip6q_next;
+ 				if (q6->ip6q_prev->ip6q_ttl == 0) {
+ 					IP6STAT_INC(ip6s_fragtimeout);
+ 					/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
+-					frag6_freef(q6->ip6q_prev);
++					frag6_freef(q6->ip6q_prev, i);
+ 				}
+ 			}
++			/*
++			 * If we are over the maximum number of fragments
++			 * (due to the limit being lowered), drain off
++			 * enough to get down to the new limit.
++			 * Note that we drain all reassembly queues if
++			 * maxfragpackets is 0 (fragmentation is disabled),
++			 * and don't enforce a limit when maxfragpackets
++			 * is negative.
++			 */
++			while ((V_ip6_maxfragpackets == 0 ||
++			    (V_ip6_maxfragpackets > 0 &&
++			    V_ip6q[i].count > V_ip6_maxfragbucketsize)) &&
++			    head->ip6q_prev != head) {
++				IP6STAT_INC(ip6s_fragoverflow);
++				/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
++				frag6_freef(head->ip6q_prev, i);
++			}
++			IP6Q_UNLOCK(i);
++		}
+ 		/*
+-		 * If we are over the maximum number of fragments
+-		 * (due to the limit being lowered), drain off
+-		 * enough to get down to the new limit.
++		 * If we are still over the maximum number of fragmented
++		 * packets, drain off enough to get down to the new limit.
+ 		 */
+-		while (V_frag6_nfragpackets > (u_int)V_ip6_maxfragpackets &&
+-		    V_ip6q.ip6q_prev) {
+-			IP6STAT_INC(ip6s_fragoverflow);
+-			/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
+-			frag6_freef(V_ip6q.ip6q_prev);
++		i = 0;
++		while (V_ip6_maxfragpackets >= 0 &&
++		    V_frag6_nfragpackets > (u_int)V_ip6_maxfragpackets) {
++			IP6Q_LOCK(i);
++			head = IP6Q_HEAD(i);
++			if (head->ip6q_prev != head) {
++				IP6STAT_INC(ip6s_fragoverflow);
++				/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
++				frag6_freef(head->ip6q_prev, i);
++			}
++			IP6Q_UNLOCK(i);
++			i = (i + 1) % IP6REASS_NHASH;
+ 		}
+ 		CURVNET_RESTORE();
+ 	}
+-	IP6Q_UNLOCK();
+ 	VNET_LIST_RUNLOCK_NOSLEEP();
+ }
+ 
+@@ -785,22 +909,25 @@
+ frag6_drain(void)
+ {
+ 	VNET_ITERATOR_DECL(vnet_iter);
++	struct ip6q *head;
++	int i;
+ 
+ 	VNET_LIST_RLOCK_NOSLEEP();
+-	if (IP6Q_TRYLOCK() == 0) {
+-		VNET_LIST_RUNLOCK_NOSLEEP();
+-		return;
+-	}
+ 	VNET_FOREACH(vnet_iter) {
+ 		CURVNET_SET(vnet_iter);
+-		while (V_ip6q.ip6q_next != &V_ip6q) {
+-			IP6STAT_INC(ip6s_fragdropped);
+-			/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
+-			frag6_freef(V_ip6q.ip6q_next);
++		for (i = 0; i < IP6REASS_NHASH; i++) {
++			if (IP6Q_TRYLOCK(i) == 0)
++				continue;
++			head = IP6Q_HEAD(i);
++			while (head->ip6q_next != head) {
++				IP6STAT_INC(ip6s_fragdropped);
++				/* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */
++				frag6_freef(head->ip6q_next, i);
++			}
++			IP6Q_UNLOCK(i);
+ 		}
+ 		CURVNET_RESTORE();
+ 	}
+-	IP6Q_UNLOCK();
+ 	VNET_LIST_RUNLOCK_NOSLEEP();
+ }
+ 
+--- sys/netinet6/in6.h.orig
++++ sys/netinet6/in6.h
+@@ -637,7 +637,9 @@
+ #define	IPV6CTL_INTRQMAXLEN	51	/* max length of IPv6 netisr queue */
+ #define	IPV6CTL_INTRDQMAXLEN	52	/* max length of direct IPv6 netisr
+ 					 * queue */
+-#define	IPV6CTL_MAXID		53
++#define	IPV6CTL_MAXFRAGSPERPACKET	53 /* Max fragments per packet */
++#define	IPV6CTL_MAXFRAGBUCKETSIZE	54 /* Max reassembly queues per bucket */
++#define	IPV6CTL_MAXID		55
+ #endif /* __BSD_VISIBLE */
+ 
+ /*
+--- sys/netinet6/in6_proto.c.orig
++++ sys/netinet6/in6_proto.c
+@@ -383,7 +383,9 @@
+ VNET_DEFINE(int, ip6_norbit_raif) = 0;
+ VNET_DEFINE(int, ip6_rfc6204w3) = 0;
+ VNET_DEFINE(int, ip6_maxfragpackets);	/* initialized in frag6.c:frag6_init() */
+-VNET_DEFINE(int, ip6_maxfrags);		/* initialized in frag6.c:frag6_init() */
++int ip6_maxfrags;		/* initialized in frag6.c:frag6_init() */
++VNET_DEFINE(int, ip6_maxfragbucketsize);/* initialized in frag6.c:frag6_init() */
++VNET_DEFINE(int, ip6_maxfragsperpacket); /* initialized in frag6.c:frag6_init() */
+ VNET_DEFINE(int, ip6_log_interval) = 5;
+ VNET_DEFINE(int, ip6_hdrnestlimit) = 15;/* How many header options will we
+ 					 * process? */
+@@ -470,6 +472,20 @@
+ 	return (0);
+ }
+ 
++static int
++sysctl_ip6_maxfragpackets(SYSCTL_HANDLER_ARGS)
++{
++	int error, val;
++
++	val = V_ip6_maxfragpackets;
++	error = sysctl_handle_int(oidp, &val, 0, req);
++	if (error != 0 || !req->newptr)
++		return (error);
++	V_ip6_maxfragpackets = val;
++	frag6_set_bucketsize();
++	return (0);
++}
++
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding,
+ 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_forwarding), 0,
+ 	"Enable forwarding of IPv6 packets between interfaces");
+@@ -482,8 +498,9 @@
+ SYSCTL_VNET_PCPUSTAT(_net_inet6_ip6, IPV6CTL_STATS, stats, struct ip6stat,
+ 	ip6stat,
+ 	"IP6 statistics (struct ip6stat, netinet6/ip6_var.h)");
+-SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets,
+-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfragpackets), 0,
++SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets,
++	CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
++	sysctl_ip6_maxfragpackets, "I",
+ 	"Default maximum number of outstanding fragmented IPv6 packets. "
+ 	"A value of 0 means no fragmented packets will be accepted, while a "
+ 	"a value of -1 means no limit");
+@@ -557,8 +574,16 @@
+ 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_use_defzone), 0,
+ 	"Use the default scope zone when none is specified");
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, maxfrags,
+-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfrags), 0,
+-	"Maximum allowed number of outstanding IPv6 packet fragments");
++	CTLFLAG_RW, &ip6_maxfrags, 0,
++	"Maximum allowed number of outstanding IPv6 packet fragments. "
++	"A value of 0 means no fragmented packets will be accepted, while a "
++	"a value of -1 means no limit");
++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGBUCKETSIZE, maxfragbucketsize,
++	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfragbucketsize), 0,
++	"Maximum number of reassembly queues per hash bucket");
++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGSPERPACKET, maxfragsperpacket,
++	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfragsperpacket), 0,
++	"Maximum allowed number of fragments per packet");
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, mcast_pmtu,
+ 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_mcast_pmtu), 0,
+ 	"Enable path MTU discovery for multicast packets");
+--- sys/netinet6/ip6_var.h.orig
++++ sys/netinet6/ip6_var.h
+@@ -296,8 +296,10 @@
+ VNET_DECLARE(int, ip6_sendredirects);	/* send IP redirects when forwarding? */
+ VNET_DECLARE(int, ip6_maxfragpackets);	/* Maximum packets in reassembly
+ 					 * queue */
+-VNET_DECLARE(int, ip6_maxfrags);	/* Maximum fragments in reassembly
++extern int ip6_maxfrags;		/* Maximum fragments in reassembly
+ 					 * queue */
++VNET_DECLARE(int, ip6_maxfragbucketsize); /* Maximum reassembly queues per bucket */
++VNET_DECLARE(int, ip6_maxfragsperpacket); /* Maximum fragments per packet */
+ VNET_DECLARE(int, ip6_accept_rtadv);	/* Acts as a host not a router */
+ VNET_DECLARE(int, ip6_no_radr);		/* No defroute from RA */
+ VNET_DECLARE(int, ip6_norbit_raif);	/* Disable R-bit in NA on RA
+@@ -312,7 +314,8 @@
+ #define	V_ip6_mrouter			VNET(ip6_mrouter)
+ #define	V_ip6_sendredirects		VNET(ip6_sendredirects)
+ #define	V_ip6_maxfragpackets		VNET(ip6_maxfragpackets)
+-#define	V_ip6_maxfrags			VNET(ip6_maxfrags)
++#define	V_ip6_maxfragbucketsize		VNET(ip6_maxfragbucketsize)
++#define	V_ip6_maxfragsperpacket		VNET(ip6_maxfragsperpacket)
+ #define	V_ip6_accept_rtadv		VNET(ip6_accept_rtadv)
+ #define	V_ip6_no_radr			VNET(ip6_no_radr)
+ #define	V_ip6_norbit_raif		VNET(ip6_norbit_raif)
+@@ -399,6 +402,7 @@
+ 
+ int	route6_input(struct mbuf **, int *, int);
+ 
++void	frag6_set_bucketsize(void);
+ void	frag6_init(void);
+ int	frag6_input(struct mbuf **, int *, int);
+ void	frag6_slowtimo(void);

Property changes on: head/share/security/patches/SA-18:10/ip.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:10/ip.patch.asc
===================================================================
--- head/share/security/patches/SA-18:10/ip.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:10/ip.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztfIACgkQ05eS9J6n
+5cJ/BQ/9FjMAjlN0nLHm8OnoWIBRe2WTN/oi4/cQ+mliYClOLQB3fKaC7A43J0jJ
+AKXZsSwPlFujHyTMXr4Bnp1ws+JiAtFRqpKlgAOiv2M2jF1PJxEBFbw8Co9O/X4h
+wHI37BRsxxrp7UecxYEoaQsUF8ZTSqeuR2hyIwZLLc2wN3mziJsWjrNAHciwG1SK
+nYmdaSz8pzOmdcxM3jm3jle1EACwqoqo0aehuP+Bc4A0DhugK+wxP6KA1Ra7nojr
+VVKWgeKnyo0MUEXx/mA1kJ88DWolZVHxGUNk9jV4SQKC8p4/SowZvRn7k3M/f8I+
+Emub4mTo9pMyoQs2rbHGyhB1FYy9xI1Ax+BEpXL8z2TubO6r+AbmQP3cVLlfvbjS
+/GL9ibemyP6fRBqeJ+P4q+chvdE9BlQcZH1sVXfLaxbqq5zgeq9bwhtWclEm3Y/x
+XAKdCNRdTDV88s5jqA1COS3RNC5i2DCl1iFxIU1pme+kjyHC/YkPnRTckj8NjNCy
+kBdPba74yf86NAzzM3UD4vuzJ/Y2I2+tXbs+psIlKGEYBTjl8MQErVylvt+Ki9RE
+D6EkM4nqXyWAKlHgxJ4ifakx0IywXiZMssSRnSsQnwoWVIxCkTnU8iUgN/4ZgTb8
+Wb2yMX+ua1SACd/RWICrS8NTSuczyNvEHAeARg2es7lISTNG/gE=
+=TKXh
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:10/ip.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:11/hostapd-10.patch
===================================================================
--- head/share/security/patches/SA-18:11/hostapd-10.patch	(nonexistent)
+++ head/share/security/patches/SA-18:11/hostapd-10.patch	(revision 52127)
@@ -0,0 +1,20 @@
+--- contrib/wpa/src/rsn_supp/wpa.c.orig
++++ contrib/wpa/src/rsn_supp/wpa.c
+@@ -1829,6 +1829,17 @@
+ 
+ 	if (sm->proto == WPA_PROTO_RSN &&
+ 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
++		/*
++		 * Only decrypt the Key Data field if the frame's authenticity
++		 * was verified. When using AES-SIV (FILS), the MIC flag is not
++		 * set, so this check should only be performed if mic_len != 0
++		 * which is the case in this code branch.
++		 */
++		if (!(key_info & WPA_KEY_INFO_MIC)) {
++			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
++			goto out;
++		}
+ 		if (wpa_supplicant_decrypt_key_data(sm, key, ver))
+ 			goto out;
+ 		extra_len = WPA_GET_BE16(key->key_data_length);

Property changes on: head/share/security/patches/SA-18:11/hostapd-10.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:11/hostapd-10.patch.asc
===================================================================
--- head/share/security/patches/SA-18:11/hostapd-10.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:11/hostapd-10.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztg0ACgkQ05eS9J6n
+5cKKBw/8DSDp5oTy7IkgB8PrPc3dCZg9tFeN19UYXs/wnBBX2eu4DdriU7vqn86d
+tGmCKxBMpALcprZaCmyKjk5hcQw7FVLe5N5kSmMbZYJBRJw9cODzGoZV4GabFt/X
+t6Lr9fuozfwEOyvzIgVPATOaBb6i9Pe5IbHoXNX4GtdzM65CpyW4qp1eIPb1dtYj
+pFKSbdz7IeUSXblYhZXiDYZ+dlhUGUrucxeD1ubFHTKWETYwdiJr7ERkqYgLLgA2
+Nc8uFrjLC4SiVjPSBVo8pQlXxvhUCqkBL8clJ0/FIiByUsoT5TdYRi2sSns5wJLk
+J3X0tSrOUI1+Nr69Q0GCIp0dy15ccvQMRcRJFZZFQ3weJz6WQd7iF9BHfZzbyQ1R
+B3jYVI2GBlWRD2BerDQQh6jwxs8Yd/b3sVCkKZNgk7v5Joh9UKszNF1msKiFLvtw
+yI82j5Xq+ZTj6Z/CvBGE6R6K7UymaAksn/BeV3rKVfgiITr3KMsK2IlP1hCjnZx1
+QbNanRDZ1cRqK87ic2IX9gBZR0j2YmZTPE+6lXEX7ufLJnArTKeqq1/CX1Q/iD3O
+V5YzO/gdOTBBnLdT4GdbMgMJ8ERGwCy1KCCC26rm6k4Rn01G3/pLyIcEWTbloqGr
+6sm4S9fLuRitriADzUj6Z4vAPtEkDPn29vyJAaVq2rII0h3s3r0=
+=mnWA
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:11/hostapd-10.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:11/hostapd.patch
===================================================================
--- head/share/security/patches/SA-18:11/hostapd.patch	(nonexistent)
+++ head/share/security/patches/SA-18:11/hostapd.patch	(revision 52127)
@@ -0,0 +1,20 @@
+--- contrib/wpa/src/rsn_supp/wpa.c.orig
++++ contrib/wpa/src/rsn_supp/wpa.c
+@@ -2072,6 +2072,17 @@
+ 
+ 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+ 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
++		/*
++		 * Only decrypt the Key Data field if the frame's authenticity
++		 * was verified. When using AES-SIV (FILS), the MIC flag is not
++		 * set, so this check should only be performed if mic_len != 0
++		 * which is the case in this code branch.
++		 */
++		if (!(key_info & WPA_KEY_INFO_MIC)) {
++			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
++			goto out;
++		}
+ 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
+ 						    &key_data_len))
+ 			goto out;

Property changes on: head/share/security/patches/SA-18:11/hostapd.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-18:11/hostapd.patch.asc
===================================================================
--- head/share/security/patches/SA-18:11/hostapd.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-18:11/hostapd.patch.asc	(revision 52127)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.9 (FreeBSD)
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztgkACgkQ05eS9J6n
+5cIE8Q/9GKu6n3za6wrVV1JctS7bbQx/lbPy2Q139jds+HW5fJ4QN0f6OOl5X5g+
+483GOFEPgWYV/tkz1suoZD+sZWDb7rrkAli5uo3igstp5JiIYXgFi81LxrmK2bUe
+tj0PYWoUmjTn7QqLw0ASxkZnDzQk3QlviEHqijtFkoKwXJ5yGWNib4khSBo03gV6
+hoquvRX5PLURUdgP1gdiOOShwE1KAvfG/IU/a6HrvzDi3V8PnwztdGxNtaVuovXw
+dgS8Uaq10JO9fmvXyjtbFNC2uo9p/LVsv+S3aHzbCpqAJ/inRWVf1JCq2tv5LqA3
+ATJUk4EWXhBAzVbe//SkT7gxxGBHqRea4ed2vZ6SeXg1bDHUiq9far88TNwrhxdn
+Rr2qUejC12zDl8c+ASQdJ7EItQI+/FgjodwZpUYiVHNtZT/xP4VPgdABwY7tYnsK
+kZWFJG16JymXLEJU4KSiStz/5hJav5ETdzr2rIk1AcjRUT5+RtH+4auyh8hzT621
+yrI6zypGyKoEWuBBW0vb2sBMmj5SaucJ7hNbq+gn/C4VdV9Ds+HVSWnS+eM+skv4
+d+6SA6Vo4keE83/H44TDDAoGi89CBDP6JjOjJ8837zJ1tRzIVdrvdcQp5RcP8RHx
+kprox8j6sMFyuX6YgQQG2ZfVJqCffHW44g3+vLszMcCw9rHUNPA=
+=R1kF
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-18:11/hostapd.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/advisories.xml
===================================================================
--- head/share/xml/advisories.xml	(revision 52126)
+++ head/share/xml/advisories.xml	(revision 52127)
@@ -1,4505 +1,4522 @@
 <?xml version="1.0"?>
 <advisories>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
     <name>2018</name>
 
     <month>
       <name>8</name>
 
       <day>
+	<name>14</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-18:11.hostapd</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-18:10.ip</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-18:09.l1tf</name>
+	</advisory>
+
+      </day>
+
+      <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:08.tcp</name>
 	</advisory>
 
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>21</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:07.lazyfpu</name>
 	</advisory>
 
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:06.debugreg</name>
 	</advisory>
 
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>4</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:05.ipsec</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:04.vt</name>
 	</advisory>
 
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:03.speculative_execution</name>
 	</advisory>
 
       </day>
 
       <day>
 	<name>7</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:02.ntp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-18:01.ipsec</name>
 	</advisory>
 
       </day>
     </month>
   </year>
 
   <year>
     <name>2017</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>09</name>
 
         <advisory>
           <name>FreeBSD-SA-17:12.openssl</name>
         </advisory>
       </day>
 
     </month>
 
     <month>
       <name>11</name>
 
       <day>
         <name>29</name>
 
         <advisory>
           <name>FreeBSD-SA-17:11.openssl</name>
         </advisory>
       </day>
 
       <day>
         <name>15</name>
 
         <advisory>
           <name>FreeBSD-SA-17:10.kldstat</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-17:09.shm</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-17:08.ptrace</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-17:07.wpa</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
         <name>10</name>
 
         <advisory>
           <name>FreeBSD-SA-17:06.openssh</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>12</name>
 
         <advisory>
           <name>FreeBSD-SA-17:05.heimdal</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-17:04.ipfilter</name>
         </advisory>
       </day>
 
       <day>
         <name>12</name>
 
         <advisory>
           <name>FreeBSD-SA-17:03.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-17:02.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>11</name>
 
         <advisory>
           <name>FreeBSD-SA-17:01.openssh</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2016</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>22</name>
 
         <advisory>
           <name>FreeBSD-SA-16:39.ntp</name>
         </advisory>
       </day>
 
       <day>
         <name>6</name>
 
         <advisory>
           <name>FreeBSD-SA-16:38.bhyve</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:37.libc</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:36.telnetd</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
         <name>2</name>
 
         <advisory>
           <name>FreeBSD-SA-16:35.openssl</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:34.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:33.openssh</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-16:32.bhyve</name>
         </advisory>
       </day>
 
       <day>
         <name>10</name>
 
         <advisory>
           <name>FreeBSD-SA-16:31.libarchive</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:30.portsnap</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:29.bspatch</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:28.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:27.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-16:26.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-16:25.bspatch</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>4</name>
 
         <advisory>
           <name>FreeBSD-SA-16:24.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>31</name>
 
         <advisory>
           <name>FreeBSD-SA-16:23.libarchive</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:22.libarchive</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:21.43bsd</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:20.linux</name>
         </advisory>
       </day>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-16:19.sendmsg</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:18.atkbd</name>
         </advisory>
       </day>
 
       <day>
         <name>4</name>
 
         <advisory>
           <name>FreeBSD-SA-16:17.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
         <name>29</name>
 
         <advisory>
           <name>FreeBSD-SA-16:16.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
         <name>16</name>
 
         <advisory>
           <name>FreeBSD-SA-16:15.sysarch</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:14.openssh</name>
         </advisory>
       </day>
 
       <day>
         <name>10</name>
 
         <advisory>
           <name>FreeBSD-SA-16:13.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:12.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>30</name>
 
         <advisory>
           <name>FreeBSD-SA-16:11.openssl</name>
         </advisory>
       </day>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-16:10.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:09.ntp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:08.bind</name>
         </advisory>
       </day>
 
       <day>
         <name>14</name>
 
         <advisory>
           <name>FreeBSD-SA-16:07.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:06.bsnmpd</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:05.tcp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:04.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:03.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:02.ntp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:01.sctp</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2015</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>16</name>
 
         <advisory>
           <name>FreeBSD-SA-15:27.bind</name>
         </advisory>
       </day>
 
       <day>
         <name>6</name>
 
         <advisory>
           <name>FreeBSD-SA-15:26.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>26</name>
 
         <advisory>
           <name>FreeBSD-SA-15:25.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>29</name>
 
         <advisory>
           <name>FreeBSD-SA-15:24.rpcbind</name>
         </advisory>
       </day>
 
       <day>
         <name>2</name>
 
         <advisory>
           <name>FreeBSD-SA-15:23.bind</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-15:22.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:21.amd64</name>
         </advisory>
       </day>
 
       <day>
         <name>18</name>
 
         <advisory>
           <name>FreeBSD-SA-15:20.expat</name>
         </advisory>
       </day>
 
       <day>
         <name>5</name>
 
         <advisory>
           <name>FreeBSD-SA-15:19.routed</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:18.bsdpatch</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>28</name>
 
         <advisory>
           <name>FreeBSD-SA-15:17.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:16.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:15.tcp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:14.bsdpatch</name>
         </advisory>
       </day>
 
       <day>
         <name>21</name>
 
         <advisory>
           <name>FreeBSD-SA-15:13.tcp</name>
         </advisory>
       </day>
 
       <day>
         <name>9</name>
 
         <advisory>
           <name>FreeBSD-SA-15:12.openssl</name>
         </advisory>
       </day>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-15:11.bind</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>12</name>
 
         <advisory>
           <name>FreeBSD-SA-15:10.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-15:09.ipv6</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:08.bsdinstall</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:07.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
         <name>19</name>
 
         <advisory>
           <name>FreeBSD-SA-15:06.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-15:05.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:04.igmp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-15:03.sctp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:02.kmem</name>
         </advisory>
       </day>
 
       <day>
         <name>14</name>
 
         <advisory>
           <name>FreeBSD-SA-15:01.openssl</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2014</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-14:31.ntp</name>
         </advisory>
       </day>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-14:30.unbound</name>
         </advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:29.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:28.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:27.stdio</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>04</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:26.ftp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:25.setlogin</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:24.sshd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>21</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:23.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:22.namei</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:21.routed</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:20.rtsold</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:19.tcp</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:18.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:17.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:16.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:15.iconv</name>
 	</advisory>
       </day>
 
       <day>
 	<name>5</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:14.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:13.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:12.ktrace</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:11.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:10.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:09.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:08.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:07.devfs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>08</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:06.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:05.nfsserver</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:03.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:01.bsnmpd</name>
 	</advisory>
       </day>
     </month>
 
   </year>
 
   <year>
     <name>2013</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:14.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:13.nullfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:12.ifioctl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:11.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:10.sctp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:09.ip_multicast</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:08.nfsserver</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:07.bind</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:06.mmap</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:05.nfsserver</name>
 	</advisory>
       </day>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:03.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2012</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:08.linux</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:07.hostapd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:05.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:04.sysret</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:02.crypt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:01.openssl</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:10.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:09.pam_ssh</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:08.telnetd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:07.chroot</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:05.unix</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:04.compress</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:01.mountd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:10.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:09.pseudofs</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:08.bzip2</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:07.mbuf</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>27</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:06.nfsclient</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:05.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:04.jail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:03.zfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2009</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:17.freebsd-update</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:16.rtld</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:15.ssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:14.devfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:13.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:12.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:11.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:10.ipv6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:09.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:08.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:07.libc</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:06.ktimer</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:05.telnetd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:03.ntpd</name>
 	</advisory>
       </day>
 
       <day>
 	<name>7</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:02.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:01.lukemftpd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2008</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:13.protosw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:12.ftpd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:11.arc4random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:10.nd6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:09.icmp6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:08.nmount</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:07.amd64</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>17</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:05.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:04.ipsec</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:03.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>18</name>
 
         <release>
           <name>FreeBSD 6.3-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:01.pty</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2007</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:10.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:09.random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:08.openssl</name>
 	</advisory>
       </day>
     </month>
 
 
     <month>
       <name>8</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:07.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:06.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:05.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:04.file</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:03.ipv6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>15</name>
 
         <release>
           <name>FreeBSD 6.2-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:01.jail</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2006</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:26.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:25.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:24.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:22.openssh</name>
 	</advisory>
       </day>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:23.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:21.gzip</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:20.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:19.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:18.ppp</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:17.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>31</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:16.smbfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:15.ypserv</name>
 	</advisory>
       </day>
 
       <day>
         <name>25</name>
 
         <release>
           <name>FreeBSD 5.5-RELEASE</name>
         </release>
       </day>
 
       <day>
         <name>9</name>
 
         <release>
           <name>FreeBSD 6.1-RELEASE</name>
         </release>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:14.fpu</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:13.sendmail</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:12.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:11.ipsec</name>
 	</advisory>
       </day>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:10.nfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:09.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:08.sack</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>25</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:07.pf</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:06.kmem</name>
 	</advisory>
       </day>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:05.80211</name>
 	</advisory>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:04.ipfw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:03.cpio</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:02.ee</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:01.texindex</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2005</name>
 
     <month>
       <name>11</name>
 
       <day>
         <name>4</name>
 
         <release>
           <name>FreeBSD 6.0-RELEASE</name>
         </release>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>11</name>
 
         <advisory>
           <name>FreeBSD-SA-05:21.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-05:20.cvsbug</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-05:19.ipsec</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-05:18.zlib</name>
         </advisory>
       </day>
 
       <day>
         <name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:17.devfs</name>
 	</advisory>
       </day>
 
       <day>
         <name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:16.zlib</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:15.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:14.bzip2</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:13.ipfw</name>
 	</advisory>
       </day>
 
       <day>
         <name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:12.bind9</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:11.gzip</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:10.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:09.htt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<release>
 	  <name>FreeBSD 5.4-RELEASE</name>
 	</release>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:08.kmem</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:07.ldt</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:06.iir</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:05.cvs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>15</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:04.ifconf</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:03.amd64</name>
 	</advisory>
       </day>
 
       <day>
 	<name>4</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:02.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:01.telnet</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
 	<day>
 	  <name>25</name>
 
 	  <release>
 	    <name>FreeBSD 4.11-RELEASE</name>
 	  </release>
 	</day>
     </month>
   </year>
 
     <year>
       <name>2004</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>1</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:17.procfs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>11</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:16.fetch</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>6</name>
 
 	  <release>
 	    <name>FreeBSD 5.3-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
         <name>10</name>
 
 	<day>
 	  <name>4</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:15.syscons</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>9</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:14.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>6</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:13.linux</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:12.jailroute</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.10-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:11.msync</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:10.cvs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:09.kadmind</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-04:08.heimdal</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:07.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:06.ipv6</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:05.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:04.tcp</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>26</name>
 
 	  <release>
 	    <name>FreeBSD 5.2.1-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:03.jail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:02.shmat</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:01.mksnap_ffs</name>
 	  </advisory>
 	</day>
 
 
 	<day>
 	  <name>12</name>
 
 	  <release>
 	    <name>FreeBSD 5.2-RELEASE</name>
 	  </release>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2003</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:19.bind</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.9-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:15.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:18.openssl</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-03:17.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:16.filedesc</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:14.arp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:13.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:12.openssh</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:11.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:10.ibcs2</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:09.signal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:08.realpath</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>9</name>
 
 	  <release>
 	    <name>FreeBSD 5.1-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>8</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:02</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <release>
 	    <name>FreeBSD 4.8-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:07.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:06.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:05.xdr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:04.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:03.syncookies</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:02.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:01.cvs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>19</name>
 
 	  <release>
 	    <name>FreeBSD 5.0-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:44.filedesc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2002</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:43.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:41.smrsh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:42.resolv</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:40.kadmind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>10</name>
 
 	  <release>
 	    <name>FreeBSD 4.7-RELEASE</name>
 	  </release>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:06</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:39.libkvm</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:05</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:38.signed-error</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6.2-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:37.kqueue</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:36.nfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:35.ffs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:33.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:34.rpc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:32.pppd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:31.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:30.ktrace</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:29.tcpdump</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:28.resolv</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:04</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:27.rc</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:26.accept</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:03</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:25.bzip2</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:24.k5su</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:02</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:23.stdio</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:22.mmap</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:21.tcpip</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:20.syncache</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:19.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:18.zlib</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:17.mod_frontpage</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:16.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:15.cyrus-sasl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:14.pam-pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:13.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:12.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:11.snmp</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:10.rsync</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:09.fstatfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>29</name>
 
 	  <release>
 	    <name>FreeBSD 4.5-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:08.exec</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:07.k5su</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:06.sudo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:05.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:04.mutt</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:03.mod_auth_pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:02.pw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:01.pkg_add</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2001</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:64.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:63.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>08</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:62.uucp</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:61.squid</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:60.procmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.4-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:59.rmuser</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:58.lpd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:57.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:56.tcp_wrappers</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:55.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:54.ports-telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:53.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:52.fragment</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:51.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:50.windowmaker</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:49.telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:48.tcpdump</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:47.xinetd</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:46.w3m</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:45.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:44.gnupg</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:43.fetchmail</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:42.signal</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:41.hanterm</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:40.fts</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:39.tcp-isn</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:38.sudo</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:37.slrn</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:36.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:35.licq</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:34.hylafax</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.3-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:33.ftpd-glob</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:32.ipfilter</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:31.ntpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:30.ufs-ext2fs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:29.rwhod</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:28.timed</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:27.cfengine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:26.interbase</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:23.icecast</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:25.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:24.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:22.dc20ctrl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:21.ja-elvis</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:20.mars_nwe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:19.ja-klock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:18.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:17.exmh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:16.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:15.tinyproxy</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:14.micq</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:13.sort</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:12.periodic</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:11.inetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:10.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:09.crontab</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:08.ipfw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:07.xfree86</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:06.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:05.stunnel</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:04.joe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:03.bash1</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:02.syslog-ng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:01.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2000</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:81.ethereal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:80.halflifeserver</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:79.oops</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:78.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:77.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:76.tcsh-csh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:75.php</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:74.gaim</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:73.thttpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:72.curl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:71.mgetty</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:70.ppp-nat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:69.telnetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:68.ncurses</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:67.gnupg</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:66.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:65.xfce</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:64.global</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:63.getnameinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:62.top</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:61.tcpdump</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:60.boa</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:59.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:58.chpass</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:57.muh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:56.lprng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:55.xpdf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:54.fingerd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:52.tcp-iss</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:53.catopen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:51.mailman</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:50.listmanager</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:49.eject</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:48.xchat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:47.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:46.screen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:45.esound</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:44.xlock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:43.brouted</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:42.linux</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:41.elf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:40.mopd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:39.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:38.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:37.cvsweb</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:36.ntop</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:35.proftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:34.dhclient</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:33.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:32.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:31.canna</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:30.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:29.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:28.majordomo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:27.XFree86-4</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:26.popper</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:24.libedit</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:23.ip-options</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:25.alpha-random</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:22.apsfilter</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:21.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:20.krb5</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:19.semconfig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:18.gnapster.knapster</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:17.libmytinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:16.golddig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:15.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:14.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:13.generic-nqs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:12.healthd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:11.ircii</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:10.orville-write</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:09.mtr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:08.lynx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:07.mh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:06.htdig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:05.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:04.delegate</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:03.asmon</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:02.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:01.make</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1999</name>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:06.amd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:05.fts</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:04.core</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:03.ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:02.profil</name>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:01.chflags</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1998</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:08.fragment</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:07.rst</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:06.icmp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:05.nfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:04.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:03.ttcp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:02.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1997</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:06.f00f</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:01.land</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:05.open</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:04.procfs</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:03.sysinstall</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:02.lpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:01.setlocale</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:21.talkd</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1996</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:20.stack-overflow</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:19.modstat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:18.lpr</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:17.rzsz</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:16.rdist</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:15.ppp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:12.perl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:14.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:13.comsat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:11.man</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:10.mount_union</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:09.vfsload</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:02.apache</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:08.syslog</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:01.sliplogin</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:03.sendmail-suggestion</name>
 	  </advisory>
 	</day>
 
       </month>
     </year>
 
 </advisories>