Index: head/share/security/advisories/FreeBSD-EN-18:09.ip.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-18:09.ip.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-18:09.ip.asc (revision 52312)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:09.ip Errata Notice
+ The FreeBSD Project
+
+Topic: IP fragment remediation causes IPv6 fragment
+ reassembly failure
+
+Category: core
+Module: kernel
+Announced: 2018-09-27
+Credits: Kristof Provost
+Affects: FreeBSD 11.1 and FreeBSD 11.2
+Corrected: 2018-09-27 18:29:55 UTC (releng/11.2, 11.2-RELEASE-p4)
+ 2018-09-27 18:29:55 UTC (releng/11.1, 11.1-RELEASE-p15)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The recent security advisory titled SA-18:10.ip resolved an issue in the IPv4
+and IPv6 fragment reassembly code.
+
+II. Problem Description
+
+As a result of fixing the issue describe in SA-18:10.ip, a regression was
+introduced in the IPv6 fragment hashing code which could cause reassembly to
+fail.
+
+III. Impact
+
+Received IPv6 packets requiring fragment reassembly may be dropped instead of
+properly reassembled and delivered.
+
+IV. Workaround
+
+Disable IPv6 fragment reassembly, using these commands:
+ % sysctl net.inet6.ip6.maxfrags=0
+
+On systems compiled with VIMAGE, these sysctls will need to be
+executed for each VNET.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/EN-18:09/ip.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:09/ip.patch.asc
+# gpg --verify ip.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+releng/11.1/ r338978
+releng/11.2/ r338978
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The security advisory that introduced the regression is available at
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKTVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKagRAAh4AnkPqG5hNnpilNct2cjY6GrU+Ex0hmbDbv36RR5Cj/Xi6FrdjGdF6/
+sA5/KYC1fOe07S2JJDgh2b5f1E3NBtfCCXQL3Fq46LRu8KJUifReY23kxNw74pev
+86WmxtctkJ62gc3EUhaTx5tgvIqHRnLrNbJqAJ9VEZkV5aa33yT/5zDTq0TLJPsK
+LfgwIWw7KAecH28cHx9KH+QyeLEsKoQPj5PIpQih7aZE/8cVLIMxKepExzPFx0s8
+SV1BFVQqJaRK4frv7tHZIEjTrseKVhF6SCqbtSVP6ZBtOAaaNGobq9bQNzPPxls7
+tTIGC6JVacUNNzJY+uv+DyHwCcEqyU5HQKOaJGqcQ4rxccXdWLBQOA55sRuiCZSy
+SxRzs+4JNo2XDACnSECUFFos05HXxOWm8lqt8juR6fnq9Auej/PmktQYHaIXI3us
+hYOlHu7Oo6sSGERBE92I1B4Y0L2BzXgroFN+rKmzlLGmM3vQYDxt2o0/GpMRf0wf
+I+plRLC9osYTc/QFJzqt6dGJj+46xWyCw8aGcRhtQGPWUcB3DtYRjJxi1x6YjBkN
+Cw3nepcW4rwJpmJZyGuNhsyKFZlhhz2+GV1lxsoe5TC6rRbEo30O3aU1zh5+fljo
+KR9WSfy6bNoTX4NhbCJ+j9fdD6AxiqWtmB8h4Vp7ykrM/VJLUzc=
+=1FtK
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-18:09.ip.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-18:10.syscall.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-18:10.syscall.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-18:10.syscall.asc (revision 52312)
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:10.syscall Errata Notice
+ The FreeBSD Project
+
+Topic: NULL pointer dereference in freebsd4_getfsstat system call
+
+Category: core
+Module: kernel
+Announced: 2018-09-27
+Credits: Thomas Barabosch, Fraunhofer FKIE
+Affects: FreeBSD 11.x
+Corrected: 2018-09-27 18:54:41 UTC (stable/11, 11.1-STABLE)
+ 2018-09-27 18:32:14 UTC (releng/11.2, 11.2-RELEASE-p4)
+ 2018-09-27 18:32:14 UTC (releng/11.1, 11.1-RELEASE-p15)
+CVE Name: CVE-2018-17154
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The freebsd4_getfsstat system call returns information about all mounted file
+systems in a binary format compatible with FreeBSD 4.x. Part of the call
+includes passing in a userland allocated buffer for the system call to fill
+along with the size of the buffer.
+
+II. Problem Description
+
+Insufficient checking occurs on the buffer when a very large buffer size causes
+memory allocation to fail. Resulting code attempts to free the NULL pointer.
+
+III. Impact
+
+A local unprivileged user may cause a denial of service using a specially
+crafted binary.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/EN-18:10/syscall-11.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:10/syscall-11.patch.asc
+# gpg --verify syscall-11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r338987
+releng/11.1/ r338979
+releng/11.2/ r338979
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKSBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKT9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJMqQ/4ycdylBNCX0cqFDYrtDU0OJO0mEi2LKqCM31YzOCLbKLtVSq06rxOj/E9
+0okWag0NxaGIo2+7+b/hykDwL+1Rwpa5YNdODESRYQeW0OVdnmy/JSB/8q2I2BwX
+PrqMc38sc9YuCz202B7tj4CQRKyhe2/qWRXANzh4jolC8zIuP7zAH6bMO+jc4XJS
+9qe2YdvChWiwLJXOSXaqZf1xY1jY08+lRGDx03n13OLRN8PZdbIoDEmOd2/vxhcV
+YRcDH0axLJSyngknPE9gU8iVZDunxpNBool5hJYDd8rBbAfypXWSDZ7wJGUn7tUZ
+3Cj/NPmZ9auMTGLgpRJB/bhgCnn3mZQ5QjR1egonZf3uIlTWZ+0C9GhJjh5cw+2p
+3hF+202uJicNm5TSkO6QpavVVvQNFcuCR54ZvXEICv3YNam3yDupGWsbjHloxoCw
+7A/wmBBcbtAJ7ujzgPm4+yN5Vno4dcPmkIfW9bz0fwXzYF1VEaF5pZZu7a9bjdI0
+xHBk2v77NIRBxC5i1KK5R5Guj0UY0EvkclBTF4Twh3TP0SAPN+5sqpmBRQwPGEdp
+9v5TPQv5DJn0KTJwkdrrP+70WIYkfcUVJ9hJYbXAMXseN1q3mTggS/ypF9ckTP0Z
+D1hQuUySz07GInHlJ+znS8CzVSj/iWqsxThBBbwgy1a4haxr5A==
+=HCqG
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-18:10.syscall.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-18:11.listen.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-18:11.listen.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-18:11.listen.asc (revision 52312)
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:11.listen Errata Notice
+ The FreeBSD Project
+
+Topic: Denial of service in listen syscall over IPv6 socket
+
+Category: core
+Module: kernel
+Announced: 2018-09-27
+Credits: Jakub Jirasek, Secunia Research at Flexera
+Affects: All supported versions of FreeBSD.
+Corrected: 2018-09-27 18:50:10 UTC (stable/11, 11.2-STABLE)
+ 2018-09-27 18:34:42 UTC (releng/11.2, 11.2-RELEASE-p4)
+ 2018-09-27 18:34:42 UTC (releng/11.1, 11.1-RELEASE-p15)
+ 2018-09-27 18:48:50 UTC (stable/10, 10.4-STABLE)
+ 2018-09-27 18:34:42 UTC (releng/10.4, 10.4-RELEASE-p13)
+CVE Name: CVE-2018-6925
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The protocol control block is a structure that maintains the network layer
+state for various sockets. There are various state flags that must be
+properly maintained to keep the structure consistent.
+
+II. Problem Description
+
+There are various cases in the IPv6 socket code where the protocol control
+block's state flags are modified during a syscall, but are not restored if
+the operation fails. This can leave the control block in an inconsistent
+state.
+
+III. Impact
+
+A local unprivileged user could exploit the inconsistent state of the
+protocol control block to cause the kernel to crash, leading to a denial of
+service.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/EN-18:11/listen-11.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:11/listen-11.patch.asc
+# gpg --verify listen-11.patch.asc
+
+[FreeBSD 10.4]
+# fetch https://security.FreeBSD.org/patches/EN-18:11/listen-10.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:11/listen-10.patch.asc
+# gpg --verify listen-10.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r338985
+releng/10.4/ r338980
+stable/11/ r338986
+releng/11.1/ r338980
+releng/11.2/ r338980
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+For information about Secunia Research:
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKURfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIUEA/+JxBo76dRre8nfvYcN2PJGGFn8i2mWwSG87SWwQUeKlkgpJCV8qMnVEr2
+dGz3gwBsxFLKUjQVyl+IwFkaJgKXMbFYkfIqLaS+3a12KLllFAn2Q0dnN+oxFhS2
+Wpx4DkDRgBzEyLokxwjUCtg2fd6HPlML2YXCR5SqjXDOoBGAR9GCCXXYNnWSC00y
+IYgeC8UpE3ykTlwDH8q+LgLqtnx/oDW1h6UR12alP0ytH8+BldiAqRxjHE3/Wv2E
+aU8m8YuAAIW4tHZ4vdqpiFP4grN/0tSf/DEPBTtVIv5FGpXSk61YTBSm4OMIKNN8
+QEVEA6n6NEGSKYrbB5BE73KYgCAaeGzcGikX9F4aAlN5GSPBVJ66SEbk16YDzDfB
+KimjhityEP5YXh8hVkNo6fq+17dKpqx81390wzcXeDlBTIkANnKLh23gE0RuniNY
+dXrPE2HWSpkCnWN6l0BImefDeCgAaF7KZK+z7bbsn2D7UMGFGeHU/XlRM0ze7OOV
+ETqwk2M4GuxddHTKktNGBItWVd6EjReAh6QOo1kAA4qMKuNIiDQdRS72x6fUbmlA
+ZIOzPNd6TS57aKSnAZlR1SpvRMqo+g9cetMxuJmKnQ+hXaRk2zJVuP2RAJuoFFqf
+TmnVAPpDRjoYa0lf2YkOKtYcfF+pBcWI1CVAEFuQG2PheJRYns0=
+=jMY6
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-18:11.listen.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-18:12.mem.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-18:12.mem.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-18:12.mem.asc (revision 52312)
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:12.mem Errata Notice
+ The FreeBSD Project
+
+Topic: Small kernel memory disclosures in two system calls
+
+Category: core
+Module: kernel
+Announced: 2018-09-27
+Credits: Thomas Barabosch, Fraunhofer FKIE
+Affects: All supported versions of FreeBSD.
+Corrected: 2018-09-27 18:42:40 UTC (stable/11, 11.2-STABLE)
+ 2018-09-27 18:36:30 UTC (releng/11.2, 11.2-RELEASE-p4)
+ 2018-09-27 18:36:30 UTC (releng/11.1, 11.1-RELEASE-p15)
+ 2018-09-27 18:44:40 UTC (stable/10, 10.4-STABLE)
+ 2018-09-27 18:36:30 UTC (releng/10.4, 10.4-RELEASE-p13)
+CVE Name: CVE-2018-17155
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The kernel provides an interface for userland programs via system calls. Two
+of these system calls are named getcontext and swapcontext.
+
+II. Problem Description
+
+Due to insufficient initialization of memory copied to userland in the
+getcontext and swapcontext system calls, small amounts of kernel memory may
+be disclosed to userland processes.
+
+III. Impact
+
+An unprivileged local user may be able to create a specific program to read
+the contents of small portions of kernel memory.
+
+Such memory might contain sensitive information, such as portions of the file
+cache or terminal buffers. This information might be directly useful, or it
+might be leveraged to obtain elevated privileges in some way; for example,
+a terminal buffer might include a user-entered password.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-18:12/mem.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:12/mem.patch.asc
+# gpg --verify mem.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r339984
+releng/10.4/ r338981
+stable/11/ r339983
+releng/11.1/ r338981
+releng/11.2/ r338981
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKSBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKU5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJfGA/3XLR2dunxnQZYQvdpA8k9HA1zHfKFUMbTJqESIZPofvLnFJiw7gwDl0mF
+pMC5LCi+k+LIIsXPLzRk/7BUmoCt/hCbD7BOVuiYXhIZy0VgKhaOggSvOXYOsjNl
+JTJa5zGsKm4BUNhAkxcJtCO9i+gOShZ2fxiJ9SU7bO/gVl5HoMh56KWTLUBXX2jD
+vZfEvxJvllbvk6ST68jb7C0Ix47+idRO2hdfxVLyZfD1PsILIy6JThqKqsbGgqbA
++ma7OnCigxwI0bds4nusi7vNu3IiFuzjBLfV9exW8kcRgyotOsmCfCjSOlOcEJvR
+gKcmqZccf1SMGFR336YwGB66xL56QwpgN+UZ/QhmBX15mqI/oAekd0W3fb3OmfvW
+bMiDo0MHmtZqiSnQyUOcCPRW5s0l8EHeWCVbjKX1ViqY6e4NdQajrjRUyXnOqcM5
+vtTWAJ+BCc3Acg1V4nkjF7HNCUyGObKZcbDqK7M7p5+i/CFxJkCdKu0x8dsZRHL8
+7V4SL1sb9OkPWjBxyzHuiQNGJfTgknDsIxvBYcdPVukTtGzrWH1skhdWL2O0CNvQ
+Quk2YQePQ/X4ICPIB3s+Yao5N8t0FoEM4Hus6nSCpNRyP5XpCaBISHbhG8Ay7yJr
+1p0YkV22eQ5KXiNY6Qmof7S0S1p8IZlomO8J8I/yGuwqh2mkkQ==
+=uZtl
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-18:12.mem.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:09/ip.patch
===================================================================
--- head/share/security/patches/EN-18:09/ip.patch (nonexistent)
+++ head/share/security/patches/EN-18:09/ip.patch (revision 52312)
@@ -0,0 +1,13 @@
+--- sys/netinet6/frag6.c.orig
++++ sys/netinet6/frag6.c
+@@ -216,7 +216,9 @@
+ int offset = *offp, nxt, i, next;
+ int first_frag = 0;
+ int fragoff, frgpartlen; /* must be larger than u_int16_t */
+- uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
++ uint32_t hashkey[(sizeof(struct in6_addr) * 2 +
++ sizeof(ip6f->ip6f_ident)) / sizeof(uint32_t)];
++ uint32_t hash, *hashkeyp;
+ struct ifnet *dstifp;
+ u_int8_t ecn, ecn0;
+ #ifdef RSS
Property changes on: head/share/security/patches/EN-18:09/ip.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:09/ip.patch.asc
===================================================================
--- head/share/security/patches/EN-18:09/ip.patch.asc (nonexistent)
+++ head/share/security/patches/EN-18:09/ip.patch.asc (revision 52312)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKWZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK5fQ//cqB5ebX2iYBeKRDL7IfgBaDcojr8x8bDwu2PTRqlXtlq2pUVAkzKynaF
+HUoJtvE3xKXkCOw60igjtK1AqWjOyLebUfivM/YykcuBvpiVfs6ZNHsiLCFw+oz9
+pMq4I5jbhizxS4Rdo9ZFMo8Gys6lNMdq9iV6f7rJFD7Ls8sJRi5fi5BR7I08AIBl
+VVP3E+0ACOitR9YidRRZ5w4QWYjoZJljMjUlIL023B3VkK+h2uxJy16wLdHv3Tpt
+c0DnKyXlM1s0BoCq4qSwFkE2BfutIgsNWgzHHmDDhc6ju9eS96OtZDrok7+knLQr
+eBH5WEzXnnrBc+J31LIVVev12uJhntAXRtOau218BYeCnjwln4mBk/y+JqIqLjar
+jn4rWEj7lh/PTsmAEulh53mTdyz+tEHSeacNnkR+vuynLGWNUKmFkul4RCLrlP74
+u5qquwkDe3l/6vluGR6tI52RiDiyAuT5s6czH5/mKb/ewWTHj3uFJx9X0J/55Kcp
+pBSNuNtzwpjm2bAQy/9n6AYHqfmKvbKoIjIAB+WZwefYrEmAEfaqzchmjfrw5A0a
+D8w7IQhljX1CAZ9IcjuUMOWlNSeWdIlGHMZpXM+1MH4nP3RF1JbHGlCyo5WaRHKs
+0FLBWGYFN/hvUjY1H1izCCtKeUTDG6y9WnFJW+/VchZZvWFhP24=
+=q3dd
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-18:09/ip.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:10/syscall-11.patch
===================================================================
--- head/share/security/patches/EN-18:10/syscall-11.patch (nonexistent)
+++ head/share/security/patches/EN-18:10/syscall-11.patch (revision 52312)
@@ -0,0 +1,11 @@
+--- sys/kern/vfs_syscalls.c.orig
++++ sys/kern/vfs_syscalls.c
+@@ -600,6 +600,8 @@
+ size = count * sizeof(struct statfs);
+ error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
+ uap->mode);
++ if (buf == NULL)
++ return (EINVAL);
+ td->td_retval[0] = count;
+ if (size != 0) {
+ sp = buf;
Property changes on: head/share/security/patches/EN-18:10/syscall-11.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:10/syscall-11.patch.asc
===================================================================
--- head/share/security/patches/EN-18:10/syscall-11.patch.asc (nonexistent)
+++ head/share/security/patches/EN-18:10/syscall-11.patch.asc (revision 52312)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKW1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLwRxAAnybQwo07WZtP8aLAuOEzXjEJ8rLMKAV80pvIFj27TAxpiIw1cltQsZhb
+qHMhYFjnJejgujwBmMEz7rAK97zte71AW4Lm4+I6r2MY8Wniu8OiTHUkYOHlNkWM
+iROkSiRRLtPdH0HXk3M5n+BhprDgovOv1xQhu17RLbDYX+9mz5kB2EaRJtnv0JCT
+ZfYhin262zaZR0yJ4f5Hug5NphmcbD7VtSD3ZNye2txicJ7330B3iIcpD6YZnkH2
+pJqs4OzLux/xHhQdSMCN5dVtC6M5Gkt6gYDQX6vMoouRw/2o4gcpjye9aV1rkrVd
+D3c8iGwdTxyYzUZ++E3OCilx4YbAqmBEXmP4BsiiiO71XHr+oB79+0FQ+U0ZNy7T
+zVuc9TJOfOnIDyyz4KL5RcMSFFdNggnYHdCYQZAGk+Xv8aY1ddxmV8M1NBpMvuhS
+XQpiWvfoEP5e0pmRfG3OL5XOt9J271BF+gPMRDOAAeDgU/PkWRrHWxAQJtiC6HYl
+TEirv16TKpui1nITJj9Q8BBgxMdymEY5SezKdCYeX5PKwsCO9xd0ZRTBhgvVwnCU
+e/UTu7vL0ngZ9TFsTVj2A5YsGhDn/7ayYBMwndplF82lpdvPGwhSYmUUpHYBesXi
+NjnZjLrpxM+pntbnEcTPLuE7xqIvWsqn6M4DQeRs8+bY8zo9l9k=
+=s1wm
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-18:10/syscall-11.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:11/listen-10.patch
===================================================================
--- head/share/security/patches/EN-18:11/listen-10.patch (nonexistent)
+++ head/share/security/patches/EN-18:11/listen-10.patch (revision 52312)
@@ -0,0 +1,260 @@
+--- sys/netinet/tcp_usrreq.c.orig
++++ sys/netinet/tcp_usrreq.c
+@@ -328,6 +328,7 @@
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
+ struct sockaddr_in6 *sin6p;
++ u_char vflagsav;
+
+ sin6p = (struct sockaddr_in6 *)nam;
+ if (nam->sa_len != sizeof (*sin6p))
+@@ -344,6 +345,7 @@
+ inp = sotoinpcb(so);
+ KASSERT(inp != NULL, ("tcp6_usr_bind: inp == NULL"));
+ INP_WLOCK(inp);
++ vflagsav = inp->inp_vflag;
+ if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
+ error = EINVAL;
+ goto out;
+@@ -373,6 +375,8 @@
+ error = in6_pcbbind(inp, nam, td->td_ucred);
+ INP_HASH_WUNLOCK(&V_tcbinfo);
+ out:
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
+ TCPDEBUG2(PRU_BIND);
+ INP_WUNLOCK(inp);
+ return (error);
+@@ -434,6 +438,7 @@
+ int error = 0;
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
++ u_char vflagsav;
+
+ TCPDEBUG0;
+ inp = sotoinpcb(so);
+@@ -443,6 +448,7 @@
+ error = EINVAL;
+ goto out;
+ }
++ vflagsav = inp->inp_vflag;
+ tp = intotcpcb(inp);
+ TCPDEBUG1();
+ SOCK_LOCK(so);
+@@ -469,6 +475,9 @@
+ if (tp->t_flags & TF_FASTOPEN)
+ tp->t_tfo_pending = tcp_fastopen_alloc_counter();
+ #endif
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
++
+ out:
+ TCPDEBUG2(PRU_LISTEN);
+ INP_WUNLOCK(inp);
+@@ -543,6 +552,8 @@
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
+ struct sockaddr_in6 *sin6p;
++ u_int8_t incflagsav;
++ u_char vflagsav;
+
+ TCPDEBUG0;
+
+@@ -559,6 +570,8 @@
+ inp = sotoinpcb(so);
+ KASSERT(inp != NULL, ("tcp6_usr_connect: inp == NULL"));
+ INP_WLOCK(inp);
++ vflagsav = inp->inp_vflag;
++ incflagsav = inp->inp_inc.inc_flags;
+ if (inp->inp_flags & INP_TIMEWAIT) {
+ error = EADDRINUSE;
+ goto out;
+@@ -584,11 +597,11 @@
+ }
+
+ in6_sin6_2_sin(&sin, sin6p);
+- inp->inp_vflag |= INP_IPV4;
+- inp->inp_vflag &= ~INP_IPV6;
+ if ((error = prison_remote_ip4(td->td_ucred,
+ &sin.sin_addr)) != 0)
+ goto out;
++ inp->inp_vflag |= INP_IPV4;
++ inp->inp_vflag &= ~INP_IPV6;
+ if ((error = tcp_connect(tp, (struct sockaddr *)&sin, td)) != 0)
+ goto out;
+ #ifdef TCP_OFFLOAD
+@@ -601,11 +614,11 @@
+ goto out;
+ }
+ #endif
++ if ((error = prison_remote_ip6(td->td_ucred, &sin6p->sin6_addr)) != 0)
++ goto out;
+ inp->inp_vflag &= ~INP_IPV4;
+ inp->inp_vflag |= INP_IPV6;
+ inp->inp_inc.inc_flags |= INC_ISIPV6;
+- if ((error = prison_remote_ip6(td->td_ucred, &sin6p->sin6_addr)) != 0)
+- goto out;
+ if ((error = tcp6_connect(tp, nam, td)) != 0)
+ goto out;
+ #ifdef TCP_OFFLOAD
+@@ -618,6 +631,15 @@
+ error = tcp_output(tp);
+
+ out:
++ /*
++ * If the implicit bind in the connect call fails, restore
++ * the flags we modified.
++ */
++ if (error != 0 && inp->inp_lport == 0) {
++ inp->inp_vflag = vflagsav;
++ inp->inp_inc.inc_flags = incflagsav;
++ }
++
+ TCPDEBUG2(PRU_CONNECT);
+ INP_WUNLOCK(inp);
+ return (error);
+--- sys/netinet6/sctp6_usrreq.c.orig
++++ sys/netinet6/sctp6_usrreq.c
+@@ -608,6 +608,7 @@
+ struct sctp_inpcb *inp;
+ struct in6pcb *inp6;
+ int error;
++ u_char vflagsav;
+
+ inp = (struct sctp_inpcb *)so->so_pcb;
+ if (inp == NULL) {
+@@ -638,6 +639,7 @@
+ }
+ }
+ inp6 = (struct in6pcb *)inp;
++ vflagsav = inp6->inp_vflag;
+ inp6->inp_vflag &= ~INP_IPV4;
+ inp6->inp_vflag |= INP_IPV6;
+ if ((addr != NULL) && (SCTP_IPV6_V6ONLY(inp6) == 0)) {
+@@ -667,7 +669,7 @@
+ inp6->inp_vflag |= INP_IPV4;
+ inp6->inp_vflag &= ~INP_IPV6;
+ error = sctp_inpcb_bind(so, (struct sockaddr *)&sin, NULL, p);
+- return (error);
++ goto out;
+ }
+ #endif
+ break;
+@@ -684,7 +686,8 @@
+ if (addr->sa_family == AF_INET) {
+ /* can't bind v4 addr to v6 only socket! */
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, EINVAL);
+- return (EINVAL);
++ error = EINVAL;
++ goto out;
+ }
+ #endif
+ sin6_p = (struct sockaddr_in6 *)addr;
+@@ -693,10 +696,14 @@
+ /* can't bind v4-mapped addrs either! */
+ /* NOTE: we don't support SIIT */
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, EINVAL);
+- return (EINVAL);
++ error = EINVAL;
++ goto out;
+ }
+ }
+ error = sctp_inpcb_bind(so, addr, NULL, p);
++out:
++ if (error != 0)
++ inp6->inp_vflag = vflagsav;
+ return (error);
+ }
+
+--- sys/netinet6/udp6_usrreq.c.orig
++++ sys/netinet6/udp6_usrreq.c
+@@ -947,6 +947,7 @@
+ struct inpcb *inp;
+ struct inpcbinfo *pcbinfo;
+ int error;
++ u_char vflagsav;
+
+ pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
+ inp = sotoinpcb(so);
+@@ -954,6 +955,7 @@
+
+ INP_WLOCK(inp);
+ INP_HASH_WLOCK(pcbinfo);
++ vflagsav = inp->inp_vflag;
+ inp->inp_vflag &= ~INP_IPV4;
+ inp->inp_vflag |= INP_IPV6;
+ if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
+@@ -981,6 +983,8 @@
+ #ifdef INET
+ out:
+ #endif
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
+ INP_HASH_WUNLOCK(pcbinfo);
+ INP_WUNLOCK(inp);
+ return (error);
+@@ -1023,6 +1027,7 @@
+ struct inpcbinfo *pcbinfo;
+ struct sockaddr_in6 *sin6;
+ int error;
++ u_char vflagsav;
+
+ pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
+ inp = sotoinpcb(so);
+@@ -1046,17 +1051,26 @@
+ goto out;
+ }
+ in6_sin6_2_sin(&sin, sin6);
+- inp->inp_vflag |= INP_IPV4;
+- inp->inp_vflag &= ~INP_IPV6;
+ error = prison_remote_ip4(td->td_ucred, &sin.sin_addr);
+ if (error != 0)
+ goto out;
++ vflagsav = inp->inp_vflag;
++ inp->inp_vflag |= INP_IPV4;
++ inp->inp_vflag &= ~INP_IPV6;
+ INP_HASH_WLOCK(pcbinfo);
+ error = in_pcbconnect(inp, (struct sockaddr *)&sin,
+ td->td_ucred);
+ INP_HASH_WUNLOCK(pcbinfo);
++ /*
++ * If connect succeeds, mark socket as connected. If
++ * connect fails and socket is unbound, reset inp_vflag
++ * field.
++ */
+ if (error == 0)
+ soisconnected(so);
++ else if (inp->inp_laddr.s_addr == INADDR_ANY &&
++ inp->inp_lport == 0)
++ inp->inp_vflag = vflagsav;
+ goto out;
+ }
+ #endif
+@@ -1064,16 +1078,25 @@
+ error = EISCONN;
+ goto out;
+ }
+- inp->inp_vflag &= ~INP_IPV4;
+- inp->inp_vflag |= INP_IPV6;
+ error = prison_remote_ip6(td->td_ucred, &sin6->sin6_addr);
+ if (error != 0)
+ goto out;
++ vflagsav = inp->inp_vflag;
++ inp->inp_vflag &= ~INP_IPV4;
++ inp->inp_vflag |= INP_IPV6;
+ INP_HASH_WLOCK(pcbinfo);
+ error = in6_pcbconnect(inp, nam, td->td_ucred);
+ INP_HASH_WUNLOCK(pcbinfo);
++ /*
++ * If connect succeeds, mark socket as connected. If
++ * connect fails and socket is unbound, reset inp_vflag
++ * field.
++ */
+ if (error == 0)
+ soisconnected(so);
++ else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
++ inp->inp_lport == 0)
++ inp->inp_vflag = vflagsav;
+ out:
+ INP_WUNLOCK(inp);
+ return (error);
Property changes on: head/share/security/patches/EN-18:11/listen-10.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:11/listen-10.patch.asc
===================================================================
--- head/share/security/patches/EN-18:11/listen-10.patch.asc (nonexistent)
+++ head/share/security/patches/EN-18:11/listen-10.patch.asc (revision 52312)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKX5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLu1Q//dA9SiNzXp7Yn4jdV4DYI9OAOeeqi0yPYNpMjA2YL3/ItEB4SrIE86ELc
+9/OuUXZPUaRkvefgOO8IvY/wZKDCHOm94lizn2mstp3JyNLVFaTWimu1QQSaZZCj
+bCCVqMVWlYa3ssIUv3wJ8XPf0hDAJ4m+UuMoKG/6YpIsy5AM041RHNYFj881KLRw
+4vBioFuoKKQliIksfTgLJjjf6HvKeu9tHnckKrAyZ//sxAsSZ5zfnQbjXwympY8R
+n22Om1aXSYQc4Pve4dXY6gLhPcEtIAZKR6L1SOWtHv1RECSK98ePbDTXqQIkpOab
+au/WJyjLkZQ6SgIZofGVe9OAb0ibYO5eshgMWmHHDXyFmPAZ7P/XUFWM0C3bN5DA
+gQo3sLVJxZ2x6S8/shhK9OWU0pxVFbsewKsqTpHqozhCL/s9obfr81ao2dAGV8pR
+l9kT16PZcuWmvqMPgb7AF1eTBzSg4XtGcAEqcwIIuUEnCplCrnaDVaCfATsmu48s
+/x8RELtfCBbwGdCcoaCTimQJSe2xVfEI/mO60C1fZCeQCVfsCepgFDfR0HGd/lIq
+tCDIgoCFs978IPyApSpJ9IENK+SdA8jxfyPYbR+DrtCP23TIt+n6VISP5KCYRgn0
+mk/h/BV1GxHsM3FonUE3cV+AReRT3lJZHenXKQU3mxZn9C3wpKs=
+=1akG
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-18:11/listen-10.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:11/listen-11.patch
===================================================================
--- head/share/security/patches/EN-18:11/listen-11.patch (nonexistent)
+++ head/share/security/patches/EN-18:11/listen-11.patch (revision 52312)
@@ -0,0 +1,260 @@
+--- sys/netinet/tcp_usrreq.c.orig
++++ sys/netinet/tcp_usrreq.c
+@@ -339,6 +339,7 @@
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
+ struct sockaddr_in6 *sin6p;
++ u_char vflagsav;
+
+ sin6p = (struct sockaddr_in6 *)nam;
+ if (nam->sa_len != sizeof (*sin6p))
+@@ -355,6 +356,7 @@
+ inp = sotoinpcb(so);
+ KASSERT(inp != NULL, ("tcp6_usr_bind: inp == NULL"));
+ INP_WLOCK(inp);
++ vflagsav = inp->inp_vflag;
+ if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
+ error = EINVAL;
+ goto out;
+@@ -384,6 +386,8 @@
+ error = in6_pcbbind(inp, nam, td->td_ucred);
+ INP_HASH_WUNLOCK(&V_tcbinfo);
+ out:
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
+ TCPDEBUG2(PRU_BIND);
+ TCP_PROBE2(debug__user, tp, PRU_BIND);
+ INP_WUNLOCK(inp);
+@@ -447,6 +451,7 @@
+ int error = 0;
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
++ u_char vflagsav;
+
+ TCPDEBUG0;
+ inp = sotoinpcb(so);
+@@ -456,6 +461,7 @@
+ error = EINVAL;
+ goto out;
+ }
++ vflagsav = inp->inp_vflag;
+ tp = intotcpcb(inp);
+ TCPDEBUG1();
+ SOCK_LOCK(so);
+@@ -482,6 +488,9 @@
+ if (tp->t_flags & TF_FASTOPEN)
+ tp->t_tfo_pending = tcp_fastopen_alloc_counter();
+ #endif
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
++
+ out:
+ TCPDEBUG2(PRU_LISTEN);
+ TCP_PROBE2(debug__user, tp, PRU_LISTEN);
+@@ -558,6 +567,8 @@
+ struct inpcb *inp;
+ struct tcpcb *tp = NULL;
+ struct sockaddr_in6 *sin6p;
++ u_int8_t incflagsav;
++ u_char vflagsav;
+
+ TCPDEBUG0;
+
+@@ -574,6 +585,8 @@
+ inp = sotoinpcb(so);
+ KASSERT(inp != NULL, ("tcp6_usr_connect: inp == NULL"));
+ INP_WLOCK(inp);
++ vflagsav = inp->inp_vflag;
++ incflagsav = inp->inp_inc.inc_flags;
+ if (inp->inp_flags & INP_TIMEWAIT) {
+ error = EADDRINUSE;
+ goto out;
+@@ -603,11 +616,11 @@
+ }
+
+ in6_sin6_2_sin(&sin, sin6p);
+- inp->inp_vflag |= INP_IPV4;
+- inp->inp_vflag &= ~INP_IPV6;
+ if ((error = prison_remote_ip4(td->td_ucred,
+ &sin.sin_addr)) != 0)
+ goto out;
++ inp->inp_vflag |= INP_IPV4;
++ inp->inp_vflag &= ~INP_IPV6;
+ if ((error = tcp_connect(tp, (struct sockaddr *)&sin, td)) != 0)
+ goto out;
+ #ifdef TCP_OFFLOAD
+@@ -625,11 +638,11 @@
+ }
+ }
+ #endif
++ if ((error = prison_remote_ip6(td->td_ucred, &sin6p->sin6_addr)) != 0)
++ goto out;
+ inp->inp_vflag &= ~INP_IPV4;
+ inp->inp_vflag |= INP_IPV6;
+ inp->inp_inc.inc_flags |= INC_ISIPV6;
+- if ((error = prison_remote_ip6(td->td_ucred, &sin6p->sin6_addr)) != 0)
+- goto out;
+ if ((error = tcp6_connect(tp, nam, td)) != 0)
+ goto out;
+ #ifdef TCP_OFFLOAD
+@@ -642,6 +655,15 @@
+ error = tp->t_fb->tfb_tcp_output(tp);
+
+ out:
++ /*
++ * If the implicit bind in the connect call fails, restore
++ * the flags we modified.
++ */
++ if (error != 0 && inp->inp_lport == 0) {
++ inp->inp_vflag = vflagsav;
++ inp->inp_inc.inc_flags = incflagsav;
++ }
++
+ TCPDEBUG2(PRU_CONNECT);
+ TCP_PROBE2(debug__user, tp, PRU_CONNECT);
+ INP_WUNLOCK(inp);
+--- sys/netinet6/sctp6_usrreq.c.orig
++++ sys/netinet6/sctp6_usrreq.c
+@@ -557,6 +557,7 @@
+ struct sctp_inpcb *inp;
+ struct in6pcb *inp6;
+ int error;
++ u_char vflagsav;
+
+ inp = (struct sctp_inpcb *)so->so_pcb;
+ if (inp == NULL) {
+@@ -587,6 +588,7 @@
+ }
+ }
+ inp6 = (struct in6pcb *)inp;
++ vflagsav = inp6->inp_vflag;
+ inp6->inp_vflag &= ~INP_IPV4;
+ inp6->inp_vflag |= INP_IPV6;
+ if ((addr != NULL) && (SCTP_IPV6_V6ONLY(inp6) == 0)) {
+@@ -616,7 +618,7 @@
+ inp6->inp_vflag |= INP_IPV4;
+ inp6->inp_vflag &= ~INP_IPV6;
+ error = sctp_inpcb_bind(so, (struct sockaddr *)&sin, NULL, p);
+- return (error);
++ goto out;
+ }
+ #endif
+ break;
+@@ -633,7 +635,8 @@
+ if (addr->sa_family == AF_INET) {
+ /* can't bind v4 addr to v6 only socket! */
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, EINVAL);
+- return (EINVAL);
++ error = EINVAL;
++ goto out;
+ }
+ #endif
+ sin6_p = (struct sockaddr_in6 *)addr;
+@@ -642,10 +645,14 @@
+ /* can't bind v4-mapped addrs either! */
+ /* NOTE: we don't support SIIT */
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, EINVAL);
+- return (EINVAL);
++ error = EINVAL;
++ goto out;
+ }
+ }
+ error = sctp_inpcb_bind(so, addr, NULL, p);
++out:
++ if (error != 0)
++ inp6->inp_vflag = vflagsav;
+ return (error);
+ }
+
+--- sys/netinet6/udp6_usrreq.c.orig
++++ sys/netinet6/udp6_usrreq.c
+@@ -1002,6 +1002,7 @@
+ struct inpcb *inp;
+ struct inpcbinfo *pcbinfo;
+ int error;
++ u_char vflagsav;
+
+ pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
+ inp = sotoinpcb(so);
+@@ -1009,6 +1010,7 @@
+
+ INP_WLOCK(inp);
+ INP_HASH_WLOCK(pcbinfo);
++ vflagsav = inp->inp_vflag;
+ inp->inp_vflag &= ~INP_IPV4;
+ inp->inp_vflag |= INP_IPV6;
+ if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
+@@ -1036,6 +1038,8 @@
+ #ifdef INET
+ out:
+ #endif
++ if (error != 0)
++ inp->inp_vflag = vflagsav;
+ INP_HASH_WUNLOCK(pcbinfo);
+ INP_WUNLOCK(inp);
+ return (error);
+@@ -1082,6 +1086,7 @@
+ struct inpcbinfo *pcbinfo;
+ struct sockaddr_in6 *sin6;
+ int error;
++ u_char vflagsav;
+
+ pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
+ inp = sotoinpcb(so);
+@@ -1109,17 +1114,26 @@
+ goto out;
+ }
+ in6_sin6_2_sin(&sin, sin6);
+- inp->inp_vflag |= INP_IPV4;
+- inp->inp_vflag &= ~INP_IPV6;
+ error = prison_remote_ip4(td->td_ucred, &sin.sin_addr);
+ if (error != 0)
+ goto out;
++ vflagsav = inp->inp_vflag;
++ inp->inp_vflag |= INP_IPV4;
++ inp->inp_vflag &= ~INP_IPV6;
+ INP_HASH_WLOCK(pcbinfo);
+ error = in_pcbconnect(inp, (struct sockaddr *)&sin,
+ td->td_ucred);
+ INP_HASH_WUNLOCK(pcbinfo);
++ /*
++ * If connect succeeds, mark socket as connected. If
++ * connect fails and socket is unbound, reset inp_vflag
++ * field.
++ */
+ if (error == 0)
+ soisconnected(so);
++ else if (inp->inp_laddr.s_addr == INADDR_ANY &&
++ inp->inp_lport == 0)
++ inp->inp_vflag = vflagsav;
+ goto out;
+ } else {
+ if ((inp->inp_vflag & INP_IPV6) == 0) {
+@@ -1132,16 +1146,25 @@
+ error = EISCONN;
+ goto out;
+ }
+- inp->inp_vflag &= ~INP_IPV4;
+- inp->inp_vflag |= INP_IPV6;
+ error = prison_remote_ip6(td->td_ucred, &sin6->sin6_addr);
+ if (error != 0)
+ goto out;
++ vflagsav = inp->inp_vflag;
++ inp->inp_vflag &= ~INP_IPV4;
++ inp->inp_vflag |= INP_IPV6;
+ INP_HASH_WLOCK(pcbinfo);
+ error = in6_pcbconnect(inp, nam, td->td_ucred);
+ INP_HASH_WUNLOCK(pcbinfo);
++ /*
++ * If connect succeeds, mark socket as connected. If
++ * connect fails and socket is unbound, reset inp_vflag
++ * field.
++ */
+ if (error == 0)
+ soisconnected(so);
++ else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
++ inp->inp_lport == 0)
++ inp->inp_vflag = vflagsav;
+ out:
+ INP_WUNLOCK(inp);
+ return (error);
Property changes on: head/share/security/patches/EN-18:11/listen-11.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:11/listen-11.patch.asc
===================================================================
--- head/share/security/patches/EN-18:11/listen-11.patch.asc (nonexistent)
+++ head/share/security/patches/EN-18:11/listen-11.patch.asc (revision 52312)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKYdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJcHQ/9HOIZ1WVPhu/5uwHaLskSSXulZN5v4KIhCNA7EmArDcE6KGK8//t9O1FB
+a9u9Yv9IUT9FcW4fqNIFaRbpC0o3IAEpWmK1fjcZg/2RysZhyFg0PdLVMBJNvNDN
+bOxGeCigMEKL0gVCtEZ3tKPn99BoKSH2nqUvZfgVAhDp1XVBJJnKes2/32ctDohr
+18UmZwS5oWGt3lRWpVXMeSwRe4wz/oQnjPlZ1+G4ZU0ZzJT7jGKwJ364CM2aiOIw
+FSoM9T4DlEZeY+QuqMrG0oi2iSJgvzBQVGF4/gVBItfl3Jru9w8BKo8Mr1NzIeYz
+ZVG+m5ynaYqCO2GAM3yjND2l47HYi4W2PjHwh2OKz/XmOyvZnzNSq9kakok1W9/4
+BVoA/2NO2KSRrESR0vPfYTA7W5ZV70woN1oWFyo1tIZ94ltcKsNig7b7eqjsAwmq
+cBI/ift5dn1++iIro7sE/iazYvLpmW3iLrV/nboWN+yj1zyzi0rfOzqZTBPE5IEP
+GbtID58PaP0uAi5NGA3B7Mp9NQaenkO4jxabZp/PC8cSFFDm8QZxf3z2H1QZ5q6u
+QWpcZlyHAD0vMlI79WHsBWnurh7EgSjZ2BS5i4iSJ/gWVh8xx6uJm/fEDhHbVtdF
+0K9f6u6Dr51sYvd8ifJd6uek2WZCg5JPgD+WVJyP8lb2n/XuWvM=
+=w/wE
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-18:11/listen-11.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:12/mem.patch
===================================================================
--- head/share/security/patches/EN-18:12/mem.patch (nonexistent)
+++ head/share/security/patches/EN-18:12/mem.patch (revision 52312)
@@ -0,0 +1,18 @@
+--- sys/kern/kern_context.c.orig
++++ sys/kern/kern_context.c
+@@ -68,6 +68,7 @@
+ if (uap->ucp == NULL)
+ ret = EINVAL;
+ else {
++ bzero(&uc, sizeof(ucontext_t));
+ get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
+ PROC_LOCK(td->td_proc);
+ uc.uc_sigmask = td->td_sigmask;
+@@ -108,6 +109,7 @@
+ if (uap->oucp == NULL || uap->ucp == NULL)
+ ret = EINVAL;
+ else {
++ bzero(&uc, sizeof(ucontext_t));
+ get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET);
+ bzero(uc.__spare__, sizeof(uc.__spare__));
+ PROC_LOCK(td->td_proc);
Property changes on: head/share/security/patches/EN-18:12/mem.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-18:12/mem.patch.asc
===================================================================
--- head/share/security/patches/EN-18:12/mem.patch.asc (nonexistent)
+++ head/share/security/patches/EN-18:12/mem.patch.asc (revision 52312)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlutKV5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIMyg//SsrWMe1YBdPIDU8omW318CcpnJT2StW9I7y/VKFhSTGS1VWN07ED6FJq
+Du2O2bGhst765mbhDMaBQSE+gRHlegTER3oVKU7FSC9HCgQdYf1V3tHZFnlC3C84
+yZ+XIOsVi/mvpUOjZ1aUlxl6qHBJy4CzeO79CgSfaLZMnYg7f4F5tHolWlTTutJs
+tGfVaEojm9lzTe81fFUmSaWrNGCSBiZUgodC/n1kFSnCDCkcdaFjjkcZUPIQn3nC
+JRh5GEgLatN8d8CvS6RSIKIOAPK0jS6Q0Zg7hcHaUGnJkfUwW0w0zHPCp3/7DHu2
+wM5IUJvft6AZOVwMMAdDHbUUbOaC/kMcVwUYTXFBvLtQiIllr3gqGdD1MUZ77gws
+WrUXcvxqpvY/MuIiMpdPNlx1JdQpqBDDDGD3GzsNWWWdLzcAZChozfG5xvmrFWb2
+qIKvtwJygw7MrgLLbaF4VhblRYpWsWIWYyv6ZmFrPpW/Hoppl7ULSvktKB7tVVKk
++kW29Cy6zPP3PDEPPP7Mq+TMwTLWVtkGmLacMiJlWNPareB0Rp2i/Ch/VNmtkqPq
+/D5pN5U6ptm8meKYV6AD6VvWKWECM0CyoADwOpa7iGiPBjLW5SSqHKPLuzSuAltP
+iZa0xcm99ldjcUu4eYOCuOs2/XHCPZOTTUwJZn13C4Q0RvO1gN0=
+=MBLp
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-18:12/mem.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/notices.xml
===================================================================
--- head/share/xml/notices.xml (revision 52311)
+++ head/share/xml/notices.xml (revision 52312)
@@ -1,905 +1,926 @@
$FreeBSD$
2018
9
+ 27
+
+
+ FreeBSD-EN-18:12.mem
+
+
+
+ FreeBSD-EN-18:11.listen
+
+
+
+ FreeBSD-EN-18:10.syscall
+
+
+
+ FreeBSD-EN-18:09.ip
+
+
+
+
+
12
FreeBSD-EN-18:08.lazyfpu
6
21
FreeBSD-EN-18:07.pmap
5
8
FreeBSD-EN-18:06.tzdata
FreeBSD-EN-18:05.mem
4
4
FreeBSD-EN-18:04.mem
FreeBSD-EN-18:03.tzdata
3
7
FreeBSD-EN-18:02.file
FreeBSD-EN-18:01.tzdata
2017
11
2
FreeBSD-EN-17:09.tzdata
8
10
FreeBSD-EN-17:08.pf
FreeBSD-EN-17:07.vnet
7
12
FreeBSD-EN-17:06.hyperv
4
12
FreeBSD-EN-17:05.xen
2
23
FreeBSD-EN-17:04.mandoc
FreeBSD-EN-17:03.hyperv
FreeBSD-EN-17:02.yp
FreeBSD-EN-17:01.pcie
2016
12
6
FreeBSD-EN-16:21.localedef
FreeBSD-EN-16:20.tzdata
FreeBSD-EN-16:19.tzcode
10
25
FreeBSD-EN-16:18.loader
FreeBSD-EN-16:17.vm
8
12
FreeBSD-EN-16:16.hv_storvsc
FreeBSD-EN-16:15.vmbus
FreeBSD-EN-16:14.hv_storvsc
FreeBSD-EN-16:13.vmbus
FreeBSD-EN-16:12.hv_storvsc
FreeBSD-EN-16:11.vmbus
FreeBSD-EN-16:10.dhclient
7
25
FreeBSD-EN-16:09.freebsd-update
5
4
FreeBSD-EN-16:08.zfs
FreeBSD-EN-16:07.ipi
FreeBSD-EN-16:06.libc
3
16
FreeBSD-EN-16:05.hv_netvsc
FreeBSD-EN-16:04.hyperv
1
14
FreeBSD-EN-16:03.yplib
FreeBSD-EN-16:02.pf
FreeBSD-EN-16:01.filemon
2015
11
4
FreeBSD-EN-15:20.vm
FreeBSD-EN-15:19.kqueue
9
16
FreeBSD-EN-15:18.pkg
FreeBSD-EN-15:17.libc
FreeBSD-EN-15:16.pw
8
25
FreeBSD-EN-15:15.pkg
FreeBSD-EN-15:14.ixgbe
18
FreeBSD-EN-15:13.vidcontrol
FreeBSD-EN-15:12.netstat
FreeBSD-EN-15:11.toolchain
6
30
FreeBSD-EN-15:10.iconv
FreeBSD-EN-15:09.xlocale
18
FreeBSD-EN-15:08.sendmail
9
FreeBSD-EN-15:07.zfs
FreeBSD-EN-15:06.file
5
13
FreeBSD-EN-15:05.ufs
FreeBSD-EN-15:04.freebsd-update
2
25
FreeBSD-EN-15:03.freebsd-update
FreeBSD-EN-15:02.openssl
FreeBSD-EN-15:01.vt
2014
12
23
FreeBSD-EN-14:13.freebsd-update
11
04
FreeBSD-EN-14:12.zfs
10
22
FreeBSD-EN-14:11.crypt
FreeBSD-EN-14:10.tzdata
7
8
FreeBSD-EN-14:09.jail
6
24
FreeBSD-EN-14:08.heimdal
FreeBSD-EN-14:07.pmap
3
FreeBSD-EN-14:06.exec
5
13
FreeBSD-EN-14:05.ciss
FreeBSD-EN-14:04.kldxref
FreeBSD-EN-14:03.pkg
1
14
FreeBSD-EN-14:02.mmap
FreeBSD-EN-14:01.random
2013
11
28
FreeBSD-EN-13:05.freebsd-update
10
26
FreeBSD-EN-13:04.freebsd-update
8
22
FreeBSD-EN-13:03.mfi
6
28
FreeBSD-EN-13:01.fxp
FreeBSD-EN-13:02.vtnet
2012
6
12
FreeBSD-EN-12:02.ipv6refcount
1
4
FreeBSD-EN-12:01.freebsd-update
2010
2
27
FreeBSD-EN-10:02.sched_ule
1
6
FreeBSD-EN-10:01.freebsd
2009
10
2
FreeBSD-EN-09:05.null
6
24
FreeBSD-EN-09:04.fork
FreeBSD-EN-09:03.fxp
FreeBSD-EN-09:02.bce
3
23
FreeBSD-EN-09:01.kenv
2008
6
19
FreeBSD-EN-08:02.tcp
4
17
FreeBSD-EN-08:01.libpthread
2007
3
15
FreeBSD-EN-07:05.freebsd-update
2
28
FreeBSD-EN-07:04.zoneinfo
FreeBSD-EN-07:03.rc.d_jail
FreeBSD-EN-07:02.net
14
FreeBSD-EN-07:01.nfs
2006
8
28
FreeBSD-EN-06:02.net
7
7
FreeBSD-EN-06:01.jail
2005
12
19
FreeBSD-EN-05:04.nfs
1
16
FreeBSD-EN-05:03.ipi
6
FreeBSD-EN-05:02.sk
5
FreeBSD-EN-05:01.nfs
2004
6
28
FreeBSD-EN-04:01.twe
2
26
FreeBSD 5.2.1-RELEASE