Add EN-19:01 through EN-19:05.

Approved by:	so
This commit is contained in:
Gordon Tetlow 2019-01-09 19:17:54 +00:00
parent 032abc8ca4
commit 05104ff48a
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=52756
18 changed files with 143725 additions and 0 deletions

View file

@ -0,0 +1,133 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:01.cc_cubic Errata Notice
The FreeBSD Project
Topic: Connection stalls with CUBIC congestion control
Category: core
Module: tcp
Announced: 2019-01-09
Credits: Matt Garber, Hiren Panchasara
Affects: FreeBSD 12.0
Corrected: 2018-12-17 21:46:42 UTC (stable/12, 12.0-STABLE)
2019-01-09 18:38:35 UTC (releng/12.0, 12.0-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
CUBIC is a modern congestion control algorithm for the Transmission Control
Protocol (TCP), which along with its predecessor BIC TCP is specifically
optimized for high bandwidth, high latency networks. It is widely
implemented across a variety of operating systems, and is the default TCP
implementation or enabled by default in recent versions of Linux and
Microsoft Windows. CUBIC is available as an alternate congestion control
algorithm since FreeBSD 9.0 using the cc_cubic module.
II. Problem Description
Changes to the cc_cubic module in FreeBSD 12.0 can cause network stuttering
or connection stalls when loaded and enabled as default.
III. Impact
FreeBSD 12.0 systems loading cc_cubic and setting non-default sysctl value
net.inet.tcp.cc.algorithm=cubic exhibit stuttering and complete stalls of
network connections. Under certain conditions, this may cause loss of system
availability over the network or service unreachability.
IV. Workaround
Disabling cc_cubic and selecting one of the alternate included congestion
control algorithms (e.g., newreno, htcp) will restore normal network
connectivity and alleviate stuttering and stalls. Note that disabling CUBIC
may cause a reduction in expected performance based on specific, unique
network condition characteristics and the module used as a workaround.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +30 "Rebooting for FreeBSD errata update"
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch
# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch.asc
# gpg --verify cc_cubic.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r342181
releng/12.0/ r342893
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:01.cc_cubic.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rb5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJGyRAAnpturBqU4XIZMdvInaVHOXA5P6KemeFuJkwz/aMtIbgefm49lvZVS4q6
RO8/GytONX1OHaoJQDdincVfRbe9x+ID+ulCJfSLuZMhjLYpxDQJo9d4NWZtvpBn
3wJNEQEXB0AjrYUOrebiT7yd3zA4f+7zSHu0Uvq4k5Tk0Xxsqxsx3/MG5ezEmdxx
IWub1RnYvgmUVJBKn/C5A4v17dE12VnZtLrnfhZ4K3U3mVZYc3cJxF34wSscVqYd
iAsntF786FV+hAXBX7wHa3JIqe+uXE2uemrquNmxgup+zrbVWPWPirgku2TVcvsm
m9aQILNc9RvJ/XkViLV8+ypqCymBFsl3VhO3dzmOnsbL72G9rqjQtgdYWT2dp69p
VyU4EWsTULXIbIBNxyrYhinT+DAqyt8bdrtyT3AhcVJaVk5B5APWnXiwjgS4mPN9
hf2mCjZw10tJgsqYYrBlTERomgHU/pyliu0Rt2sof5+iGArbe7ZhEorHrM7YhD9n
Hc+3oNzA0dYDStJQpEb4rJ7dEKP/mpppwIosMhPbku6u3ViafCJVq2dIGNQpDope
Mh00Kk7cY0o3Rukw2lGNc9vDbIyUSqT/jV4lBDhp4k5ilQynvkMZETLlynI+KQUH
J2uOOvYzkIZLzZyXtaQfkmrkV6DxzmjxDsqwiMz5DB7o70w/M54=
=e8Wg
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,128 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:02.tcp Errata Notice
The FreeBSD Project
Topic: TCP connections may stall and eventually fail in case of
packet loss
Category: core
Module: kernel
Announced: 2019-01-09
Credits: Michael Tuexen
Affects: FreeBSD 12.0
Corrected: 2018-12-23 09:48:36 UTC (stable/12, 12.0-STABLE)
2019-09-09 18:42:40 UTC (releng/12.0, 12.0-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The TCP stack limits the resources used for TCP connections. Once a limit
is reached, further received TCP segments for the TCP connection are dropped.
II. Problem Description
To continue delivering data to the application, accepting the TCP segment
with the next expected sequence number is required. If this TCP segment is
dropped due to a resource limit, no further progress can be made. Therefore
exceptions for this particular TCP segment have to be implemented.
III. Impact
In case of lost TCP segments, TCP connections may stall and then eventually
fail.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Afterward, reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterward, reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch
# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch.asc
# gpg --verify tcp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r342378
releng/12.0/ r342894
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:02.tcp.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rc1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJtnxAAgOIJjP9Dg76onxJUPJWiKTAR5VZeZ8od0RJREIeZMUpgFiVUVH82fr8z
ajAzGZbVFhEgFvYwQRU4R/MokNqONoG1O3YPdjcMFyW5HPBoAG+9h67qD3CtLgTN
xnXMR72ed83oY8ts1WSfYVAKF+9X6U5G6FtchBgAhap2k9tI22QKiEmTTmqzUnoy
ddLZatOyKmig8MZKshMmleEpvU+BoYR66d2K9CYxcjHqgNNJOQwQK6yLR3oX41Z9
n5Akkg/KC7wD02CPFjmO9008ZC4fFiQ8D4eGt9D/lPI4AzLcfkvRdzt5CjMlamXm
Rjf2H5/2f4iYSXiEi2wkChFJHh+MQuYgcfTqRJdNB0qf3DbLwTL5wULfrMVNn7LU
rLHd8CNRTN4+d+//p7nZ/atFbuLjJE08YFqE2ODcMa8eJFaY09/+X+NMIqO6AdTE
hGzqDuiVmI/1MSFjD7dxUotw6Y2iRf+DiLx+JUmb0L+C0FXfl/u8x1ErYbzuLyyL
vD1qb66fDuuSC8aNWO6Qv55bBWAhYhO668CQwfmvEgree72ShbzJPEn3vUN2dIX4
zg0kTs30QOlizAT2lxQchiPBKkQ+IExPurTT7lW0cZ5PID8y/FSKl49yeQo/nhrD
j/vnF7yMgc6roCyasNlREdi20yTYbp2PItfhaSXWVrtYAFN1jNc=
=3a3w
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,145 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:03.sqlite Errata Notice
The FreeBSD Project
Topic: sqlite update
Category: contrib
Module: sqlite3
Announced: 2019-01-09
Credits: Cy Schubert
Affects: All supported versions of FreeBSD.
Corrected: 2018-12-21 01:58:01 UTC (stable/12, 12.0-STABLE)
2019-01-09 18:47:10 UTC (releng/12.0, 12.0-RELEASE-p2)
2018-12-21 02:04:15 UTC (stable/11, 11.2-STABLE)
2019-01-09 18:50:27 UTC (releng/11.2, 11.2-RELEASE-p8)
CVE Name: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
SQLite is an SQL database engine in a C library. Programs that link the
SQLite library can have SQL database access without running a separate RDBMS
process. The distribution comes with a standalone command-line access
program (sqlite3) that can be used to administer an SQLite database and which
serves as an example of how to use the SQLite library.
II. Problem Description
According to https://blade.tencent.com/magellan/index_en.html, the
vulnerabilities known as Magellan are a group vulnerabilities that exist
in sqlite3, documented by CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506.
When the FTS3 extension is enabled an integer overflow resulting in a buffer
overflow when allowing remote attackers to run arbitrary SQL statements which
can be leveraged to execute arbitrary code.
III. Impact
The vulnerabilities were discovered by Tencent Blade Team and verified to be
able to successfully implement remote code execution in Chromium browsers.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.2]
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch.asc
# gpg --verify sqlite-11.patch.asc
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch
# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch.asc
# gpg --verify sqlite-12.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r342291
releng/12.0/ r342895
stable/11/ r342292
releng/11.2/ r342896
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://blade.tencent.com/magellan/index_en.html>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234113>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:03.sqlite.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLtJg/9EM0jQbTBrSgVy5X1AyQ2rcFz9KbjtA0L48wOuOLiAh7eeYxh4Wxuz9k1
QnEJavMbpVr71yhmt6maEAbRzyGUvemDh4vlu0wjcYSlEzcvk7xaRzfXimippxky
GumFBCvs7UKDIiGRr62ukmxu3FgfEaTM/Cc4bNcuV5k4za+DWIGTu+97i0+B2ieX
/IZ5hQq42w1YIUY5QOy2vj87rnQf2t+uShcBjRg8HsnPsG9BfQfI8vfuWjjtaKMI
iva++F5UJWcsykjZo5J3aaZFxnHsW2hs3buQN+AhoEt7oKdGquOHdweSw8xtSlp9
3Y+qj+veD7u4Mt95OtnYrJOg8Kynlrzg5uMDbNGbyqktbxfpi2gqBbPEVmx2+nGj
Aj9PDSHMliBZsVKvr1opExfYp4HL0LB9Kqhato08lFxs05TUxiT6LRcel/iXiIfl
vCqfWhKJYVZ+alAW+Kjic6iWw7AtmVLbV64dDu03jxS/14RtRp1Hbk1BRCrnJeLn
sLSdFj6bi2mQx6OXAd9G9jhReoxylyZwRXyhPSsPG1E4mzX6ZRbJfnkriSazW4hq
F+PjTyXidn3uhS6z6CZB08Ltw2NBd3baRl/TQBEiFHd6SSGByqX6gMguK/tQV92U
uM/Q4Ak4H/Q+nEN8/LdXioW0P7ZEC6X/9GXKWv+bUs6LjcZXftA=
=TG5W
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,147 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:04.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2019-01-09
Credits: Philip Paeps
Affects: All supported versions of FreeBSD.
Corrected: 2019-01-01 10:04:49 UTC (stable/12, 12.0-STABLE)
2019-01-09 18:53:35 UTC (releng/12.0, 12.0-RELEASE-p2)
2019-01-01 10:05:12 UTC (stable/11, 11.2-STABLE)
2019-01-09 18:54:42 UTC (releng/11.2, 11.2-RELEASE-p8)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local timezone.
Based on the selected timezone, tzsetup(8) copies one of the files from
/usr/share/zoneinfo to /etc/localtime. This file actually controls the
conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous FreeBSD
releases were released that would affect many people who live in different
countries. Because of these changes, the data in the zoneinfo files need to
be updated, and if the local timezone on the running system is affected,
tzsetup(8) needs to be run so the /etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one of the
affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from the
misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby, Java and
Perl, may be using different zoneinfo data source, in such cases this
software must be updated separately. For software packages that is installed
via binary packages, they can be upgraded by executing `pkg upgrade'.
Following the instructions in this Errata Notice will update all of the
zoneinfo files to be the same as what was released with FreeBSD release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch
# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch.asc
# gpg --verify tzdata-2018i.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r342667
releng/12.0/ r342897
stable/11/ r342668
releng/11.2/ r342898
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:04.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKd+Q//QYBUcMdBnW6URT8bWCrIOTPP84aGpMKmU4ZZYidUfI6CJiiWVaGQHJgD
tmdQjaHemSRfxQ+yAZ5XR8oUIBxrzBhA51cM5QMNnJMXBkpqz9yCbHefH3Fxfr6n
Dg+Vt2cZ745MHPK9uhjtUTmLYRF2iztUqlATr3R1NxBbJ6QQzQuVEyeAvTSY9Jdw
/+cQM72m28iHPP+ff5v9n2MLqoTg74HbchwJthtDvgK9elfQFuC1F07i8I6F4krT
FHnPRISpg4EEOKYG/Jjedk9FQBUpKiOhsDz+siGtjQoivz8TemaH5nTMI7P/WP/7
jFJ6+jQirc2vCvcUzmiPGrBXRx3OptYcIiLOeKfgc+wCtgEHap4Nrl4Damt1QC13
T4kpaOi3TcqtDtKxZyxwR8tOtJGEayqXFHA5FL1Fgr63JcvbZTXlBg0BT4oAd7mX
DuvDkap5hXh6jlQ2BM4L9J+I+GNMfrpULsM4drsqd7GVBcLrnu06po3M8jgja44T
rVzNB62FuOX19Q2W8kZ7LOfAwW+ho02GNzwuYWiLCpP4JSTaxtHrd1LexpCzO4Lg
zsttA2bkNjmzHxfcbAPbS5IMX539iJdTgZiDlBNzUi+QqiCG83/fRcVvgD7qH1iM
kF7DipZUURjlV/RbtCZFU/fsKVzR7rF5MSQl9q7llwe5uMto6lQ=
=1NIG
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,126 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:05.kqueue Errata Notice
The FreeBSD Project
Topic: kqueue race condition and kernel panic
Category: core
Module: kqueue
Announced: 2019-01-09
Credits: Mark Johnston
Affects: FreeBSD 11.2
Corrected: 2019-11-24 17:11:47 UTC (stable/11, 11.2-STABLE)
2019-01-09 18:57:38 UTC (releng/11.2, 11.2-RELEASE-p8)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
kevent(2) is a system call which provides a generic method of notifying the
caller when a caller-specified event happens or a condition holds. One use
for kevent(2) is to wait for a specified timeout to elapse.
II. Problem Description
The kevent(2) implementation in the kernel contains a race condition which
can be triggered when an event is added and fires shortly after. Most event
types are not affected, but timer events can trigger the race if the timeout
duration is very short.
III. Impact
The race condition can cause corruption of a queue structure, leading to
a kernel panic when it is later accessed. Applications using kevent(2) may
trigger the panic if their usage causes the race condition to occur.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +30 "Rebooting for errata update"
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.2]
# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch
# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch.asc
# gpg --verify kqueue.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/11/ r340904
releng/11.2/ r342899
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:05.kqueue.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK0nRAAgPsdkc/TyBTqpvJrvvNaVd0xgNC2lxnYK3HxOPbo5kqj6XHZxb3KvrrN
He6TyGvwGCPHNzlFwHILH+FtFkgrvGVBoPu/U0e/NKRrkhyxPHJMz0bZPu7yqQoG
GDFRIsw5D3JKZW38yMD9Menh3mag81OVZii1LfzkcDLLKfwX/zcx1vV7MSwMzoNs
5L7Fm8lg0uIxrrlKvvmrPxfWoZENhCr9CAAdg8moL3thl64NaVVmPo7tXDXosNGo
EQYT19SY0FBSboUcpVaChgyZaCFzOeCPuXuJPoUYppIWNiv2S8ZTjuq9d1g4R4SD
7GBMozz8EG1rN0pzhx8mVEECZBzdt5rjggiWKjkOVxH/sy5LQjppONK3VVOygoCz
dve2wGq6S1ke/b2NDRpAinmIr8I3x3b7JLNkE5OvNJ6bTLk3ZmpIRYQNYT+eu8Fx
GNe/oTU9DRbB4yv0kcKsypHqQ0cKdn6+duYzKGZ4+c86B7IHJgsYoG/NTKYfFzQx
BHWuI/P/9pakHESNiDidKRz+z5w679+jIfZDcbBIXaw+PCqzg5a1GFN8Bub2mGLw
2wmVQJV1nbdE+6UbWvaV2seV/bo+N/L8k4QS6OPIDUefLPGgCdRFr/MlLoiTaJ43
p+L3iVlVbiOTCfsCGI/QVQq+IOngKzqSUXN3Ys7PXvvAzSyaTFg=
=fD2U
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,194 @@
--- sys/netinet/cc/cc.h.orig
+++ sys/netinet/cc/cc.h
@@ -102,8 +102,6 @@
#define CCF_ACKNOW 0x0008 /* Will this ack be sent now? */
#define CCF_IPHDR_CE 0x0010 /* Does this packet set CE bit? */
#define CCF_TCPHDR_CWR 0x0020 /* Does this packet set CWR bit? */
-#define CCF_MAX_CWND 0x0040 /* Have we reached maximum cwnd? */
-#define CCF_CHG_MAX_CWND 0x0080 /* Cubic max_cwnd changed, for K */
/* ACK types passed to the ack_received() hook. */
#define CC_ACK 0x0001 /* Regular in sequence ACK. */
--- sys/netinet/cc/cc_cubic.c.orig
+++ sys/netinet/cc/cc_cubic.c
@@ -88,8 +88,6 @@
unsigned long max_cwnd;
/* cwnd at the previous congestion event. */
unsigned long prev_max_cwnd;
- /* Cached value for t_maxseg when K was computed */
- uint32_t k_maxseg;
/* Number of congestion events. */
uint32_t num_cong_events;
/* Minimum observed rtt in ticks. */
@@ -126,9 +124,6 @@
cubic_data = ccv->cc_data;
cubic_record_rtt(ccv);
- if (ccv->flags & CCF_MAX_CWND)
- return;
-
/*
* Regular ACK and we're not in cong/fast recovery and we're cwnd
* limited and we're either not doing ABC or are slow starting or are
@@ -156,12 +151,6 @@
cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
CCV(ccv, t_maxseg));
- if (ccv->flags & CCF_CHG_MAX_CWND || cubic_data->k_maxseg != CCV(ccv, t_maxseg)) {
- cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
- cubic_data->k_maxseg = CCV(ccv, t_maxseg);
- ccv->flags &= ~(CCF_MAX_CWND|CCF_CHG_MAX_CWND);
- }
-
w_cubic_next = cubic_cwnd(ticks_since_cong +
cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
CCV(ccv, t_maxseg), cubic_data->K);
@@ -173,18 +162,13 @@
* TCP-friendly region, follow tf
* cwnd growth.
*/
- CCV(ccv, snd_cwnd) = ulmin(w_tf, TCP_MAXWIN << CCV(ccv, snd_scale));
+ CCV(ccv, snd_cwnd) = w_tf;
else if (CCV(ccv, snd_cwnd) < w_cubic_next) {
/*
* Concave or convex region, follow CUBIC
* cwnd growth.
*/
- if (w_cubic_next >= TCP_MAXWIN << CCV(ccv, snd_scale)) {
- w_cubic_next = TCP_MAXWIN << CCV(ccv, snd_scale);
- ccv->flags |= CCF_MAX_CWND;
- }
- w_cubic_next = ulmin(w_cubic_next, TCP_MAXWIN << CCV(ccv, snd_scale));
if (V_tcp_do_rfc3465)
CCV(ccv, snd_cwnd) = w_cubic_next;
else
@@ -202,10 +186,8 @@
* max_cwnd.
*/
if (cubic_data->num_cong_events == 0 &&
- cubic_data->max_cwnd < CCV(ccv, snd_cwnd)) {
+ cubic_data->max_cwnd < CCV(ccv, snd_cwnd))
cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
- ccv->flags |= CCF_CHG_MAX_CWND;
- }
}
}
}
@@ -254,7 +236,6 @@
cubic_data->num_cong_events++;
cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
- ccv->flags |= CCF_CHG_MAX_CWND;
}
ENTER_RECOVERY(CCV(ccv, t_flags));
}
@@ -267,8 +248,6 @@
cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
cubic_data->t_last_cong = ticks;
- ccv->flags |= CCF_CHG_MAX_CWND;
- ccv->flags &= ~CCF_MAX_CWND;
CCV(ccv, snd_cwnd) = CCV(ccv, snd_ssthresh);
ENTER_CONGRECOVERY(CCV(ccv, t_flags));
}
@@ -285,7 +264,6 @@
if (CCV(ccv, t_rxtshift) >= 2) {
cubic_data->num_cong_events++;
cubic_data->t_last_cong = ticks;
- ccv->flags &= ~CCF_MAX_CWND;
}
break;
}
@@ -304,7 +282,6 @@
* get used.
*/
cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
- ccv->flags |= CCF_CHG_MAX_CWND;
}
static int
@@ -329,11 +306,9 @@
pipe = 0;
/* Fast convergence heuristic. */
- if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd) {
+ if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd)
cubic_data->max_cwnd = (cubic_data->max_cwnd * CUBIC_FC_FACTOR)
>> CUBIC_SHIFT;
- ccv->flags |= CCF_CHG_MAX_CWND;
- }
if (IN_FASTRECOVERY(CCV(ccv, t_flags))) {
/*
@@ -356,7 +331,6 @@
cubic_data->max_cwnd) >> CUBIC_SHIFT));
}
cubic_data->t_last_cong = ticks;
- ccv->flags &= ~CCF_MAX_CWND;
/* Calculate the average RTT between congestion epochs. */
if (cubic_data->epoch_ack_count > 0 &&
@@ -367,6 +341,7 @@
cubic_data->epoch_ack_count = 0;
cubic_data->sum_rtt_ticks = 0;
+ cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
}
/*
--- sys/netinet/cc/cc_cubic.h.orig
+++ sys/netinet/cc/cc_cubic.h
@@ -41,8 +41,6 @@
#ifndef _NETINET_CC_CUBIC_H_
#define _NETINET_CC_CUBIC_H_
-#include <sys/limits.h>
-
/* Number of bits of precision for fixed point math calcs. */
#define CUBIC_SHIFT 8
@@ -163,6 +161,8 @@
/*
* Compute the new cwnd value using an implementation of eqn 1 from the I-D.
* Thanks to Kip Macy for help debugging this function.
+ *
+ * XXXLAS: Characterise bounds for overflow.
*/
static __inline unsigned long
cubic_cwnd(int ticks_since_cong, unsigned long wmax, uint32_t smss, int64_t K)
@@ -174,15 +174,6 @@
/* t - K, with CUBIC_SHIFT worth of precision. */
cwnd = ((int64_t)(ticks_since_cong << CUBIC_SHIFT) - (K * hz)) / hz;
- /* moved this calculation up because it cannot overflow or underflow */
- cwnd *= CUBIC_C_FACTOR * smss;
-
- if (cwnd > 2097151) /* 2^21 cubed is long max */
- return INT_MAX;
-
- if (cwnd < -2097152) /* -2^21 cubed is long min */
- return smss;
-
/* (t - K)^3, with CUBIC_SHIFT^3 worth of precision. */
cwnd *= (cwnd * cwnd);
@@ -191,17 +182,8 @@
* The down shift by CUBIC_SHIFT_4 is because cwnd has 4 lots of
* CUBIC_SHIFT included in the value. 3 from the cubing of cwnd above,
* and an extra from multiplying through by CUBIC_C_FACTOR.
- *
- * The original formula was this:
- * cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
- *
- * CUBIC_C_FACTOR and smss factors were moved up to an earlier
- * calculation to simplify overflow and underflow detection.
*/
- cwnd = (cwnd >> CUBIC_SHIFT_4) + wmax;
-
- if (cwnd < 0)
- return 1;
+ cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
return ((unsigned long)cwnd);
}

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK6Bw/+NJXfzNxz2c9hS4RgZSeDZxtqPEC6ZG5aKN2vc7RzwYsGgv5f4VzuU40A
MsRNRmbDjoQYj9zkBKOYUWaIX6ZffOjUwc7DZ1Us4ykXRxlB2Ys4R98z5lY6mQDA
hcTnCPvKTMChcXO3hQ77W3bUPk+p5+XvcDhks8K8N5/Xixj1xoy5J8dmbGvQ9i/R
JZa2loacsPab/c2Fr/6L7DyHU3bbXIh+27HknCUOyK0dekbZ8g0oP+u/qb4VX/7s
BkSbIkLUNq3dBkb0vOAoTry/M2kKpU8Dz/SITuW4bSJqfvNWN2hiT7YTQaNg+E0J
VaaKHhpGO5TrYDnYRfmJyrAiobROEbpoGXg9TvfZ9VLk0sGOPcBN598DNJLkiZCa
dzMrimOOcgeeyPhvG0Mq4ZGBkYgqj88jb29bwJbkCLvjTfaL3kPeKxky1bylgEmR
Vevzqlp9IhrnSW21u0Kd8ZWuXka8ni+uKe2B24FyOZntziODWOi/rFAE7DV21y1V
gZsX2v9kwr/M2ApFpAhtEnF3JHX0sl5J8mF9Wnv0CdJP3fTpC9M0byZsCc2qy84g
5f6KPu57CgvuHG/YRKLDxG7tt1jXYi/LFsR7iGbbCCbthx5pImQrYfKMOdSR81s+
Iwa8j657nxF+YjM+aq8l7E3g1uonJ2aWT95WFssUnv2ww+O14fw=
=4RIV
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,56 @@
--- sys/netinet/tcp_reass.c.orig
+++ sys/netinet/tcp_reass.c
@@ -579,7 +579,8 @@
*/
lenofoh = tcp_reass_overhead_of_chain(m, &mlast);
sb = &tp->t_inpcb->inp_socket->so_rcv;
- if ((sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
+ if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
+ (sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
/* No room */
TCPSTAT_INC(tcps_rcvreassfull);
#ifdef TCP_REASS_COUNTERS
@@ -588,6 +589,11 @@
#ifdef TCP_REASS_LOGGING
tcp_log_reassm(tp, NULL, NULL, th->th_seq, lenofoh, TCP_R_LOG_LIMIT_REACHED, 0);
#endif
+ if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) {
+ log(LOG_DEBUG, "%s; %s: mbuf count limit reached, "
+ "segment dropped\n", s, __func__);
+ free(s, M_TCPLOG);
+ }
m_freem(m);
*tlenp = 0;
#ifdef TCP_REASS_LOGGING
@@ -936,6 +942,20 @@
* is understood.
*/
new_entry:
+ if (th->th_seq == tp->rcv_nxt && TCPS_HAVEESTABLISHED(tp->t_state)) {
+ tp->rcv_nxt += *tlenp;
+ flags = th->th_flags & TH_FIN;
+ TCPSTAT_INC(tcps_rcvoopack);
+ TCPSTAT_ADD(tcps_rcvoobyte, *tlenp);
+ SOCKBUF_LOCK(&so->so_rcv);
+ if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
+ m_freem(m);
+ } else {
+ sbappendstream_locked(&so->so_rcv, m, 0);
+ }
+ sorwakeup_locked(so);
+ return (flags);
+ }
if (tcp_new_limits) {
if ((tp->t_segqlen > tcp_reass_queue_guard) &&
(*tlenp < MSIZE)) {
@@ -960,9 +980,7 @@
return (0);
}
} else {
-
- if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
- tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
+ if (tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
tcp_reass_maxqueuelen)) {
TCPSTAT_INC(tcps_rcvreassfull);
*tlenp = 0;

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIsjBAAiM9K9Y/ci+sVsH0HrunEbdJT5dI4oabI6Z7zV7X2F5OZobC0neXYCpqH
sknU/phwdWTmSdLlqxI37At2rQPRFnnAF0sfyByJEmnrNq3CPg/cFabvuNWfetPh
wpHQc7XUJAz58Lk5o382Dn4POZP+aBmo1e6ULHIXCcgR8xHvGAtQoCLJFh9VXKZx
tSP+PiwCfHXjIF1J+bEPhv6IO3H59COb5daj1qhTbUnkCmacPBDCFzrSqqbUPOru
MAvXxcUP3mhPDrIx5eDUNo5C1t54PF6fPzBj8Pq+SUKXrHI1PYHxw2yL+y0vn7vT
TImWde+rRdDwzab2mt/IP2WaRnC5wVNS+QHZc9M+QB+ujAx8e278uK/eiJwKkm59
MShtZ46YB96aoZuLYibk+i53jW7OOJbCH9xwFXvZb2n3ObBfJcqig4aXtvug7BOr
v/90s6Q72jKpJUopgzFut6E2XtJ6ImAvq8qDxo0qLix5vASu57tst/5vyfj4dt79
AJ05x20KKKKhaNzpnwyOWW4/egeElJPLHg8WsWzwtsRW1ZMWBRIqAzS+dLlDNod9
ywSbOYb0FMmYe0rtv1gbm5wWjAQ8QYEe/8JoD7y5O04mUVmxmubeYYQ2vAxtxDPs
ODiJtLdALWkPidb8ynn4r5LBYDjQRvni1+3j2E+nCh9Z08nHzzs=
=KVpY
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RiJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJUcA//Sbp6kYL6InxUHPlQYO+MSTT+vc8bnzo7pW2sGs9VP+mnseZUQLO8pp29
cCYNOC+4W2aIRP236IgeyPWSWUFSQ2MY+TSBxwa2kbIQW6Dts3ZvJNGT2MrMFqfx
4mXMf8bgrsgGHymJ7qTgudeQzgsl0OPSzXSVzp/KVT+VQb9gIok3Dx7gGzTj/u2O
5NIok6oBxUUcuoFfMV5z1fVS3Ny/gK80BVQy0f8ZlutkVZ2H09zu1pnHSLUCnUYT
psE5QlJZ/baCkPBioComDJsy8YqEf9E4W4rm/Ds/tzV+IA5s7RzH/HvfHp3j7t8l
ODNBr13lAlV6hQ71CwAPJEH5R8tmzRTKBQInAIS3xKiNBWqhshWf//ZSobHCPqJT
BDEnE/9XF1GHaa4vb5RTZRIEhTU0zJ+o1CQOR6McdJ4IxOc1P23hOvRwkylQB84S
E/3Yy42bde5RLnDYdQuxCW/c6S3PRo1jSMYjS7DnQ2PS8k+wAeAzHgj575UpcpDl
5pSuzejvobSd0qyqwmBjKVWqAhkrRcUw/Yy/wt62RyHepEtpLat6U9deq481eart
IC3eDJAaPW06mnmT9nfAqSh2CKvFUxTQ1XwZh0R+ZltdtjWFVWsU1XMc5fsfiQKU
aD3o/huTvc2MhYTexvqYQcWZYndMgnXgWQt2LqLoe0YZAgMX5ZU=
=I2kE
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RiZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJ1DxAAnbAtjFeY6WfYrVaBB1GHJGdIKQrgq3yzHxd3ycQYguOqjHYkagR7TLM4
Eo7/hUjTos7yvgw7A7IOVg6HqpcTuQNRHu6T5MjnHoNiB5pNgjN/OYlJ1v1nDSRR
PiNoBX1NhrUiZc8eMblZESdq2COuph9wdLJGiZeA69uTDzLTvnhIvmaFwLBM0ewl
wqK0ND3Z+bVLxuxdeRI7n616HCkQ9EgP2S8uPONZEmMaI1J00018bGOZTmBYaE9x
3/LYfR5F1ggBq5J7Vxa62z0s0vVUu8AAIE422MmqpNONgSqRQ7c2tlYi4x8NLLbs
feKuS6l181m7gN0Jc6OJZfnuEkFC1P8y3Klg9ruERX5kNKGc0cJQ5tTEzGLRxflV
eHHczHFHe6h45W9LDrkhQgOWF/ofATOIjkch0G3i5aoegBMuf0ISFZaqHm11fxnO
AAc8HY1pn6qSgMaJH33xAjCdWvGJHv8Dln08Bag9L80qW+7JoGADVTpDqJ9jqENR
2w/dQH+1AQTH3TVI7GaOYVD2f73o+YJ/SJjJQ6SrvhKaQ0MIzKRwqhsD3DgfG6ux
FYc6/5mv/yljxBPR/K7FNbd+XIz5SyicoXe7Xkk/GxChtjfKrYwK/LyWIHZfrX9N
nBNecHd8XRnpEDqdQ2qStNkWdkaX8KixcBhX18SkHDchhjJF7BY=
=M+mD
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Ri1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJtHA/+JOl78JntS1QrQn11yftlRvHgwMHbp8tOpQ9TWNsuw0uBpeIbf8ZqGRaK
BGMW+Ph77x2dMD8tt8sGYDWy1xsUUVfy7EGF7zEFjCx69hGFxno652/MrGvCYNgo
tWfbjYJhJsHaplkNFZPdIvtWfQ1IGGHKEUMnTEoCr75NeXscuUCpBtpZFnJdYry+
EHCHd2/If/49YF0PPs7zctM02KPAb52h+wwdbv19HyBD1UWuqGb3YZEPsH1btSs6
iAdEut+nrFBt5iL+fJE+CRTFXWyZoU5WD95+fmb4p4dPtisCey5QE0iSN/MCw5xB
Kj6+MuRJ+jAmWufNE+DIJYbSqosIH9zvDt0NXpgWUOlsdE87jdMGl0DgNK7eaScQ
5AqeUFFXgv63kHXl90vln/m+rIYI3xjkrAij6mkjDHAIFpE9rKVtQAezbxZ/6p7v
ZoIY4d8mb8oZhRfwd8/mAvzqTQWFnyw0OImzk7NMLj9a4idq0eTyXq1qbceuc1pt
QUJtbWfKDptN9GDNPE37FulsiLufaeNPleA54U4XRLyBYMnZfc4yPfdcy8b10GCf
zwy6bn+mZaFsOkMoLHd2pRV3erdXF8H42qUGAAW9I9Zqy2+hN87IDZ2ZUPHEYdxF
5+jD/4HsHgFgMjakP/7CJPdcVrf/pyY2PGP1Qf5dS8C4wqvbl/k=
=9pQl
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,49 @@
--- sys/kern/kern_event.c.orig
+++ sys/kern/kern_event.c
@@ -1296,6 +1296,8 @@
kn->kn_kevent.flags &= ~(EV_ADD | EV_DELETE |
EV_ENABLE | EV_DISABLE | EV_FORCEONESHOT);
kn->kn_status = KN_INFLUX|KN_DETACHED;
+ if ((kev->flags & EV_DISABLE) != 0)
+ kn->kn_status |= KN_DISABLED;
error = knote_attach(kn, kq);
KQ_UNLOCK(kq);
@@ -1332,6 +1334,11 @@
KNOTE_ACTIVATE(kn, 1);
}
+ if ((kev->flags & EV_ENABLE) != 0)
+ kn->kn_status &= ~KN_DISABLED;
+ else if ((kev->flags & EV_DISABLE) != 0)
+ kn->kn_status |= KN_DISABLED;
+
/*
* The user may change some filter values after the initial EV_ADD,
* but doing so will not reset any filter which has already been
@@ -1348,19 +1355,17 @@
kn->kn_sdata = kev->data;
}
+done_ev_add:
/*
* We can get here with kn->kn_knlist == NULL. This can happen when
* the initial attach event decides that the event is "completed"
- * already. i.e. filt_procattach is called on a zombie process. It
- * will call filt_proc which will remove it from the list, and NULL
+ * already, e.g., filt_procattach() is called on a zombie process. It
+ * will call filt_proc() which will remove it from the list, and NULL
* kn_knlist.
+ *
+ * KN_DISABLED will be stable while the knote is in flux, so the
+ * unlocked read will not race with an update.
*/
-done_ev_add:
- if ((kev->flags & EV_ENABLE) != 0)
- kn->kn_status &= ~KN_DISABLED;
- else if ((kev->flags & EV_DISABLE) != 0)
- kn->kn_status |= KN_DISABLED;
-
if ((kn->kn_status & KN_DISABLED) == 0)
event = kn->kn_fop->f_event(kn, 0);
else

View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RjRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLrQRAAlMBtUSxbiSdLI8KfeKYj2Xe2cAvVfK+oK+pooErNX6TyofIyewrck4PB
xZ/c7clZg3WRKAZJ1D6RacF02coBlCJHJbajMtjrIO6p3lXLX7FalxrIc9APiDI1
n5he7Ij5Uu6FedPqJmSu81wOfInI+mX6vhap2UFrajFXI1iexhT4FiANtHGxTQwG
I8GlFfptT7QY1dUugt2+KRoYFobUv4SQynhgDb1CfMZ55SCjnkEPIqE6dMsv/f4d
iKBQoMmI8oBB6LLP1YhsidgG7LS84A+CwGXf9KQHRrugU9pPy2b8nQodGBzfmv4c
UaVJYO7hIkCof+4loloJrxEATWNnb2V5XlJumY6ENQwCCjttD/TOnfAAbUCkajZW
t+LZu5MkTZpx/Zyby9ojHl6yd7u7Cc2klN56vyOjGGBZ9PbXjsrwllEonnlHEThY
NDwcML8kjXPCXwgHtysKTxJKT9HsaG5tL/PMdTeHUwmkAfYyOeOTL14wpoF5//tc
akIcGw5qQjfFFaFCkfdFwktF63Hdsv8/G56sDBYHsdPE7Bwj4cnJhasWWtUTTN5t
XOvxoGUMOKwyQ/tUlNHvuyOEieEy781LYqHhVQObI00qkeSOJmwKaDuOjNd64wjv
2jJ4ZLegckyQlYR4GKGr6L0h6WTyL+d4xXZ7EcOxdkDa/dAYnHQ=
=Er0a
-----END PGP SIGNATURE-----

View file

@ -4,6 +4,39 @@
$FreeBSD$
</cvs:keyword>
<year>
<name>2019</name>
<month>
<name>1</name>
<day>
<name>9</name>
<notice>
<name>FreeBSD-EN-19:05.kqueue</name>
</notice>
<notice>
<name>FreeBSD-EN-19:04.tzdata</name>
</notice>
<notice>
<name>FreeBSD-EN-19:03.sqlite</name>
</notice>
<notice>
<name>FreeBSD-EN-19:02.tcp</name>
</notice>
<notice>
<name>FreeBSD-EN-19:01.cc_cubic</name>
</notice>
</day>
</month>
</year>
<year>
<name>2018</name>