Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.

Approved by:	so

share/security/advisories/FreeBSD-EN-19:06.dtrace.asc

@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:06.dtrace                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          DTrace incompatibility with SMAP-enabled systems
+
+Category:       core
+Module:         dtrace
+Announced:      2019-02-05
+Credits:        Mateusz Guzik
+Affects:        FreeBSD 12.0
+Corrected:      2018-12-19 23:29:44 UTC (stable/12, 12.0-STABLE)
+                2019-02-05 17:54:09 UTC (releng/12.0, 12.0-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+DTrace is a dynamic tracing framework that can be used to analyze the kernel
+and userspace applications in various ways.
+
+II.  Problem Description
+
+When tracing userspace applications, the kernel component of DTrace may need
+to access userspace memory.  With the addition of SMAP support to the amd64
+kernel, the kernel is not able to arbitrarily access userspace memory: it
+must set a CPU flag to enable access.  The code used by DTrace to perform
+such accesses was not updated accordingly.
+
+III. Impact
+
+The problem means that certain DTrace actions do not work on SMAP-enabled
+systems.  This does not affect the application being traced.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch.asc
+# gpg --verify dtrace.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r342267
+releng/12.0/                                                      r343783
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:06.dtrace.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1WhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLzHA/+MVR5AHgEorzgRkpiqRzSlmbE6VyhF07lgY5CvRLFGp4mUbspZICcwtk5
+ZOeA8MuDFiLo1p6Fo2JykJ25ipxM+cCbMlx4jO5lILwq40bYfejHiYrmC/gdfR7/
+YcuNR3DpCw4llYIXFAcyw7SXG92jYNi9kKOSol7Fji8Zq2qDTSWTFqKsoJ2Pk3rJ
+LfiQaekux00JlY3TOyt6QtPWSdlkhM4WAITWp4pUkGuNT/nIA2iED5N2ohgSraxa
+dtBp/r8BHHbwog9wOQEHPIRN/Di7Kv02CZk13zJySmV+yZiPlR0YWZ4gI6i69cyD
+rqTfO9kU2yjaqSBIFKMuGGysswZq7ii/+cULHuHVdJLuHDdh/9jZuI9O8VujGqVh
+rU8THFHOtli/nGXNdPQP3jn84SDH7jPr1SgcFv1s3/FPHXVfZW9Uq558G9ZDujgg
+pAtwMYiixMHpNr+j7qJr6DCTh22BR7FjYQg1iPVzIzgTYJ+I6ZH/cexVxXOS2S4T
+O793AjmvOVaXsWB7tzhewTKVBam3upbRH7WmTMdD9z6dIlWtl6xKSgHvyarHVHpA
+/y5H3VcK4suh/NIHlD+ln/hooFtmPIxsJnmInaXKq7Eg/C9mQx3x7h7qQFvWffD8
+cHOVGf3LCrH76unfc7AI7YafnD67Tgm09/sbgjVnScEpVW4E6Pc=
+=3+kY
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-19:07.lle.asc

@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:07.lle                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          LLE table lookup code race condition
+
+Category:       core
+Module:         net
+Announced:      2019-02-05
+Credits:        Mark Johnston
+Affects:        FreeBSD 12.0
+Corrected:      2019-01-25 20:24:53 UTC (stable/12, 12.0-STABLE)
+                2019-02-05 17:59:50 UTC (releng/12.0, 12.0-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+A LLE (link layer entry) table stores information about hosts on a network
+and is used to translate between network layer addresses and data link layer
+addresses.  The ARP cache, for example, is implemented using an LLE table.
+LLEs typically expire after some period, so there exist mechanisms to
+automatically remove them from their tables upon expiration.
+
+II.  Problem Description
+
+The LLE table lookup code for IPv4 and IPv6 contains a race which results in
+a condition where the expiry period of an LLE is extended after it has been
+removed from the table and freed.  By the time that the updated timer fires,
+the LLE structure has been freed, and so the timer code is operating on freed
+memory.
+
+III. Impact
+
+When the race is triggered, the result is typically a kernel panic.  It may
+otherwise cause undefined system behavior.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch.asc
+# gpg --verify lle.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r343454
+releng/12.0/                                                      r343787
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234296>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:07.lle.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1XtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIYyA/8Da9XcP30o/+jISmHXjSx+livOJKyPu5UTAm7Xw4Pg8j3GR2xblzAsWie
+YAT56/V88yzeY+u/3UOWG2XNAViWlzBAsfrqphJEcMuGdTwslgVlVRpzLyQeh4hY
+whDkvYzPmjcxuX8+Agj/Ytwo+Q35bSfGNhls2OBSHnkqNL7HNhFePUWm5oVnlczL
+APHsknLRAAhZF8UYR+PdAT5x/9exLJStmGXdAeVT4HCfx8b/AvZ/lr3b4Jwa+8fq
+tCAsISOTOftGsTTpwgtWDebJ4jJB2l71EBBlWuj76yColhK9k1zhacauK3lOxoEw
+cpUHgLcY+ochSijBOZIw7IScVHvR05jry7VzL7oxe1oDn3HNkbTt6pwdNgL5ftzQ
+Cv7vjMGLdSfr7QyAVc/nZhg1x0mBKu+Dj0leQ9ZcjedrB0CIwslhmMYdlTCYWksA
+x06NwrPRzDohtnYM4n2KZBfPQw40vxsJLP8e+hnRpyliXWtOaYdw5GZoUcwublMZ
+TU7Y1n8s1C5L5KuJoYgs9jLS48nXgcSZc9pxjyGRcFQTsk/A5y4sckWImFurU9AT
+cYR3nHlaGJR/TZVNtR6sU1VhzunHg8ARlvoZivsFyVS7bUC+EIUzfQvZqHEUPycR
+RwX+/exDyXQSvhQVfqT1ngLwQ8e/GutI8WZ1ZFy+T6Mh6jeacPQ=
+=zCSg
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-19:01.syscall.asc

@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:01.syscall                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          System call kernel data register leak
+
+Category:       core
+Module:         kernel
+Announced:      2019-02-05
+Credits:        Konstantin Belousov
+Affects:        All supported versions of FreeBSD.
+Corrected:      2019-02-05 17:52:06 UTC (stable/12, 12.0-STABLE)
+                2019-02-05 18:05:05 UTC (releng/12.0, 12.0-RELEASE-p3)
+                2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE)
+                2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9)
+CVE Name:       CVE-2019-5595
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD/amd64 architecture defines the SYSCALL instruction for syscalls,
+and uses registers calling conventions for passing syscalls arguments and
+return values in addition to the registers usage imposed by the SYSCALL and
+SYSRET instructions in long mode.  In particular, the arguments are passed in
+registers specified by the C ABI, and the content of the registers specified
+as caller-save, is undefined after the return from syscall.
+
+II.  Problem Description
+
+The callee-save registers are used by kernel and for some of them (%r8, %r10,
+and for non-PTI configurations, %r9) the content is not sanitized before
+return from syscalls, potentially leaking sensitive information.
+
+III. Impact
+
+Typically an address of some kernel data structure used in the syscall
+implementation, is exposed.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10m "Rebooting for security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch.asc
+# gpg --verify syscall.patch.asc
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch.asc
+# gpg --verify syscall.patch.11.2.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r343781
+releng/12.0/                                                      r343788
+stable/11/                                                        r343782
+releng/11.2/                                                      r343789
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5595>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1X9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKPZBAAlwCVtNNIuq0s8FB9LjLaVJww1WWmbVJbhw1TJyBV2yRCkWwGDLag3dJ0
+EH8HwpWeL41lppjFeL6OMDZ2+wUnuShv3pAUGwodSRXsKWsp+aWqMPcNJifkVPxs
+DENrziUHnXkbOnbnP25eA12j0ztCz8FjKoDh+wrjuY4BL8jzBK4ZJtmYaubrFEcD
+GDStnEcvCNYDK8tf0rUW2lpv4oStTex5gFpZALPjq0g28kHPuctYzoOXOf9/So1i
+0kwdstsIdgydsDCHv5nXij7IDohNo+5KEJuee1cIptKftmxPLuonXyP0PiO3WA0h
+XQck1BbM5ENNm/0SOExctcqS+APXLf/VPhd2JwUPszRcYBV40pdqchkihoRXAKHs
+Dthv+9k9KrgwUO0wsrOvIzK8vjnVC2unUCXnFNX3OD2pfxCjKvl1grKQ2lAsP4Pu
+aP2VgPZyHbFKWQdOGaqOtM94CzXseXyYN3hgkNq+gPgDjkd7Xw8q5vu8d2QY/aYj
+Re4aEfUOzf9S22SQT9g4kx2QfEnUuJnnae3BMeBqWGngtQ7TnTHWrw3wGhxxC2S8
+iou+BzeCv9MRn74Fpzr/xnGRUwT+0wFJVd9N9QdpErRA59oo6X4TXNl6AvKHvxY7
+1UurBJ5MqUGUUIeJg8Qv5HpgJML3BiotDbk+LwmMx7T2IL1dJdk=
+=Aktj
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-19:02.fd.asc

@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:02.fd                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          File description reference count leak
+
+Category:       core
+Module:         unix
+Announced:      2019-02-05
+Credits:        Peter Holm
+Affects:        FreeBSD 12.0
+Corrected:      2019-02-05 17:56:22 UTC (stable/12, 12.0-STABLE)
+                2019-02-05 18:11:15 UTC (releng/12.0, 12.0-RELEASE-p3)
+                2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE)
+CVE Name:       CVE-2019-5596
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+UNIX-domain sockets are used for inter-process communication.  It is
+possible to use UNIX-domain sockets to transfer rights, encoded as file
+descriptors, to another process.
+
+II.  Problem Description
+
+FreeBSD 12.0 attempts to handle the case where the receiving process does
+not provide a sufficiently large buffer for an incoming control message
+containing rights.  In particular, to avoid leaking the corresponding
+descriptors into the receiving process' descriptor table, the kernel handles
+the truncation case by closing descriptors referenced by the discarded
+message.
+
+The code which performs this operation failed to release a reference obtained
+on the file corresponding to a received right.  This bug can be used to cause
+the reference counter to wrap around and free the file structure.
+
+III. Impact
+
+A local user can exploit the bug to gain root privileges or escape from
+a jail.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch.asc
+# gpg --verify fd.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r343785
+releng/12.0/                                                      r343790
+stable/11/                                                        r343786
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5596>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1YFfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK7+w/+JeFIVM0QQC1R4wJFmT3bBaRumxGCx5PN5Ufe7ub/ztwsKQKJeps1aiS3
+fzw3Ck1K7+joeG+cNwZNihmAyEa2Hgk+FDhQBX531yrwF1jQ2A2oKGfkhs5e02Ng
+k16MV9pVlNP1zQ3wFVBjFCCvBuVJ0A8XTxALY7ivZlj2edgSH1eL4SaP1mrSD2Xu
+pR2amN7WkAaIqvATK0VkWjYp6kUXtI8CBtdP3hpKz88rpYoZfWxupqtghnxgjIqt
+iuTOhbemvYuBvB+ErbtU/6Z4ffoHt9Csrk2MM56/RZRwyHmtC4CFqtxClrUpOoa2
+2OcEbR8cZyEardSES78UBjbTwlOTVd5F4o86Q1bKytHjI72ycB5yKZkyiHmdJCjs
+EhlaDC/rnHxdYGvBuiLqFcNU5tJiGawZZwyozCQz67dGD89QzKQurKEWQ1YJvMsW
+ZwwJRSHrllUyJQBdqV/R3Qoaz2koeE9633jtqHDdUYKCZAgeFdic/6u9r4Rx2Nj5
+JpTZU01bwvxNZPf35WbI2L+JbygR40b3FYbZ3skBqZylp+EkPGPxGpHGAxdKWeOy
+rzGBukIuWnLy9pmJ574oTZymw8Psvu2DJL3Csngak1HkcA9mA5vjnDBvk9mvqTgo
+YCfCewlfFwVa/exSK3q5oI9hxse0KvQI4cH2+c2b7NDMS9+DpTY=
+=pr7t
+-----END PGP SIGNATURE-----

share/security/patches/EN-19:06/dtrace.patch

@@ -0,0 +1,256 @@
+--- sys/cddl/dev/dtrace/amd64/dtrace_asm.S.orig
++++ sys/cddl/dev/dtrace/amd64/dtrace_asm.S
+@@ -208,7 +208,7 @@
+ void
+ dtrace_copy(uintptr_t src, uintptr_t dest, size_t size)
+ */
+-	ENTRY(dtrace_copy)
++	ENTRY(dtrace_copy_nosmap)
+ 	pushq	%rbp
+ 	movq	%rsp, %rbp
+ 
+@@ -218,14 +218,28 @@
+ 	smovb				/*   move from %ds:rsi to %ed:rdi */
+ 	leave
+ 	ret
+-	END(dtrace_copy)
++	END(dtrace_copy_nosmap)
+ 
++	ENTRY(dtrace_copy_smap)
++	pushq	%rbp
++	movq	%rsp, %rbp
++
++	xchgq	%rdi, %rsi		/* make %rsi source, %rdi dest */
++	movq	%rdx, %rcx		/* load count */
++	stac
++	repz				/* repeat for count ... */
++	smovb				/*   move from %ds:rsi to %ed:rdi */
++	clac
++	leave
++	ret
++	END(dtrace_copy_smap)
++
+ /*
+ void
+ dtrace_copystr(uintptr_t uaddr, uintptr_t kaddr, size_t size,
+     volatile uint16_t *flags)
+ */
+-	ENTRY(dtrace_copystr)
++	ENTRY(dtrace_copystr_nosmap)
+ 	pushq	%rbp
+ 	movq	%rsp, %rbp
+ 
+@@ -248,56 +262,121 @@
+ 	leave
+ 	ret
+ 
+-	END(dtrace_copystr)
++	END(dtrace_copystr_nosmap)
+ 
++	ENTRY(dtrace_copystr_smap)
++	pushq	%rbp
++	movq	%rsp, %rbp
++
++	stac
++0:
++	movb	(%rdi), %al		/* load from source */
++	movb	%al, (%rsi)		/* store to destination */
++	addq	$1, %rdi		/* increment source pointer */
++	addq	$1, %rsi		/* increment destination pointer */
++	subq	$1, %rdx		/* decrement remaining count */
++	cmpb	$0, %al
++	je	2f
++	testq	$0xfff, %rdx		/* test if count is 4k-aligned */
++	jnz	1f			/* if not, continue with copying */
++	testq	$CPU_DTRACE_BADADDR, (%rcx) /* load and test dtrace flags */
++	jnz	2f
++1:
++	cmpq	$0, %rdx
++	jne	0b
++2:
++	clac
++	leave
++	ret
++
++	END(dtrace_copystr_smap)
++
+ /*
+ uintptr_t
+ dtrace_fulword(void *addr)
+ */
+-	ENTRY(dtrace_fulword)
++	ENTRY(dtrace_fulword_nosmap)
+ 	movq	(%rdi), %rax
+ 	ret
+-	END(dtrace_fulword)
++	END(dtrace_fulword_nosmap)
+ 
++	ENTRY(dtrace_fulword_smap)
++	stac
++	movq	(%rdi), %rax
++	clac
++	ret
++	END(dtrace_fulword_smap)
++
+ /*
+ uint8_t
+ dtrace_fuword8_nocheck(void *addr)
+ */
+-	ENTRY(dtrace_fuword8_nocheck)
++	ENTRY(dtrace_fuword8_nocheck_nosmap)
+ 	xorq	%rax, %rax
+ 	movb	(%rdi), %al
+ 	ret
+-	END(dtrace_fuword8_nocheck)
++	END(dtrace_fuword8_nocheck_nosmap)
+ 
++	ENTRY(dtrace_fuword8_nocheck_smap)
++	stac
++	xorq	%rax, %rax
++	movb	(%rdi), %al
++	clac
++	ret
++	END(dtrace_fuword8_nocheck_smap)
++
+ /*
+ uint16_t
+ dtrace_fuword16_nocheck(void *addr)
+ */
+-	ENTRY(dtrace_fuword16_nocheck)
++	ENTRY(dtrace_fuword16_nocheck_nosmap)
+ 	xorq	%rax, %rax
+ 	movw	(%rdi), %ax
+ 	ret
+-	END(dtrace_fuword16_nocheck)
++	END(dtrace_fuword16_nocheck_nosmap)
+ 
++	ENTRY(dtrace_fuword16_nocheck_smap)
++	stac
++	xorq	%rax, %rax
++	movw	(%rdi), %ax
++	clac
++	ret
++	END(dtrace_fuword16_nocheck_smap)
++
+ /*
+ uint32_t
+ dtrace_fuword32_nocheck(void *addr)
+ */
+-	ENTRY(dtrace_fuword32_nocheck)
++	ENTRY(dtrace_fuword32_nocheck_nosmap)
+ 	xorq	%rax, %rax
+ 	movl	(%rdi), %eax
+ 	ret
+-	END(dtrace_fuword32_nocheck)
++	END(dtrace_fuword32_nocheck_nosmap)
+ 
++	ENTRY(dtrace_fuword32_nocheck_smap)
++	stac
++	xorq	%rax, %rax
++	movl	(%rdi), %eax
++	clac
++	ret
++	END(dtrace_fuword32_nocheck_smap)
++
+ /*
+ uint64_t
+ dtrace_fuword64_nocheck(void *addr)
+ */
+-	ENTRY(dtrace_fuword64_nocheck)
++	ENTRY(dtrace_fuword64_nocheck_nosmap)
+ 	movq	(%rdi), %rax
+ 	ret
+-	END(dtrace_fuword64_nocheck)
++	END(dtrace_fuword64_nocheck_nosmap)
+ 
++	ENTRY(dtrace_fuword64_nocheck_smap)
++	stac
++	movq	(%rdi), %rax
++	clac
++	ret
++	END(dtrace_fuword64_nocheck_smap)
++
+ /*
+ void
+ dtrace_probe_error(dtrace_state_t *state, dtrace_epid_t epid, int which,
+--- sys/cddl/dev/dtrace/amd64/dtrace_isa.c.orig
++++ sys/cddl/dev/dtrace/amd64/dtrace_isa.c
+@@ -37,6 +37,7 @@
+ #include <machine/md_var.h>
+ #include <machine/reg.h>
+ #include <machine/stack.h>
++#include <x86/ifunc.h>
+ 
+ #include <vm/vm.h>
+ #include <vm/vm_param.h>
+@@ -664,3 +665,70 @@
+ 	}
+ 	return (dtrace_fuword64_nocheck(uaddr));
+ }
++
++/*
++ * ifunc resolvers for SMAP support
++ */
++void dtrace_copy_nosmap(uintptr_t, uintptr_t, size_t);
++void dtrace_copy_smap(uintptr_t, uintptr_t, size_t);
++DEFINE_IFUNC(, void, dtrace_copy, (uintptr_t, uintptr_t, size_t), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_copy_smap : dtrace_copy_nosmap);
++}
++
++void dtrace_copystr_nosmap(uintptr_t, uintptr_t, size_t, volatile uint16_t *);
++void dtrace_copystr_smap(uintptr_t, uintptr_t, size_t, volatile uint16_t *);
++DEFINE_IFUNC(, void, dtrace_copystr, (uintptr_t, uintptr_t, size_t,
++    volatile uint16_t *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_copystr_smap : dtrace_copystr_nosmap);
++}
++
++uintptr_t dtrace_fulword_nosmap(void *);
++uintptr_t dtrace_fulword_smap(void *);
++DEFINE_IFUNC(, uintptr_t, dtrace_fulword, (void *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_fulword_smap : dtrace_fulword_nosmap);
++}
++
++uint8_t dtrace_fuword8_nocheck_nosmap(void *);
++uint8_t dtrace_fuword8_nocheck_smap(void *);
++DEFINE_IFUNC(, uint8_t, dtrace_fuword8_nocheck, (void *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_fuword8_nocheck_smap : dtrace_fuword8_nocheck_nosmap);
++}
++
++uint16_t dtrace_fuword16_nocheck_nosmap(void *);
++uint16_t dtrace_fuword16_nocheck_smap(void *);
++DEFINE_IFUNC(, uint16_t, dtrace_fuword16_nocheck, (void *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_fuword16_nocheck_smap : dtrace_fuword16_nocheck_nosmap);
++}
++
++uint32_t dtrace_fuword32_nocheck_nosmap(void *);
++uint32_t dtrace_fuword32_nocheck_smap(void *);
++DEFINE_IFUNC(, uint32_t, dtrace_fuword32_nocheck, (void *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_fuword32_nocheck_smap : dtrace_fuword32_nocheck_nosmap);
++}
++
++uint64_t dtrace_fuword64_nocheck_nosmap(void *);
++uint64_t dtrace_fuword64_nocheck_smap(void *);
++DEFINE_IFUNC(, uint64_t, dtrace_fuword64_nocheck, (void *), static)
++{
++
++	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++	    dtrace_fuword64_nocheck_smap : dtrace_fuword64_nocheck_nosmap);
++}

share/security/patches/EN-19:06/dtrace.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI/AQ//b3+UzDH6VXWyY0YODzxG/WxNZ97OvT3uVxWBXRU8KGpmXGnzqzAzxNtZ
+c1JHpZi2pxfxzFxnA0eLYDK/D6pcjvxTB7CPQVJqCXXibEVQepBSnuTEWCBD8EkR
+vDVVKid1aoMVofvtjQ+OGcYkOMgrrlN6eeL3voM8rrrIahupLyeSjfHdXItpI8Qx
+XXNwUvMNaVNlLhymas0Gpcy/iPcXbU5dQnZbzAg9U+nTGhKIuLqkouvswTzeist8
+B6i8YHM+phiCxKMJ7f4pDLD29Eb+sDPqVUt6DL8Av10jVGw2NphXIrZplodzJYft
+MZIdSDbxu9Q745EK8W60aeiIVEJxA1mIKjYhcJyCmELK29HthsuL0gUnSzruKhkD
+ZawH/sC7jI+QTXTT3cHXZleVYSd6FS+1S12EGskoWfrqi94ymyA4FBP135OfPMSq
+NOy+aKLNssGFlw5qyzvJirbt6Au6qI1mxVh0z6ljxskZU9DX6hoeboLZrDrTHco9
+3DHAOaSmajolFAeuMEDAuh+n4EpslzCfmies/ra/pHRR1rAcisNzgdzoBe4IMdGq
+qWEiiWnd7NNUkG4FFnD8ChiCm4cEoB7oG0vXk8iaCqT4R0O/dqqvQAKZLb4pU8Vq
+siAQutL5TgXvVg0faGsfekecZAa+F816zBgt0V5flmAdYlNeZyY=
+=e48g
+-----END PGP SIGNATURE-----

share/security/patches/EN-19:07/lle.patch

@@ -0,0 +1,81 @@
+--- sys/netinet/in.c.orig
++++ sys/netinet/in.c
+@@ -1372,15 +1372,13 @@
+ 	IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
+ 	KASSERT(l3addr->sa_family == AF_INET,
+ 	    ("sin_family %d", l3addr->sa_family));
++	KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
++	    (LLE_UNLOCKED | LLE_EXCLUSIVE),
++	    ("wrong lle request flags: %#x", flags));
++
+ 	lle = in_lltable_find_dst(llt, sin->sin_addr);
+-
+ 	if (lle == NULL)
+ 		return (NULL);
+-
+-	KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) !=
+-	    (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
+-	    flags));
+-
+ 	if (flags & LLE_UNLOCKED)
+ 		return (lle);
+ 
+@@ -1389,6 +1387,17 @@
+ 	else
+ 		LLE_RLOCK(lle);
+ 
++	/*
++	 * If the afdata lock is not held, the LLE may have been unlinked while
++	 * we were blocked on the LLE lock.  Check for this case.
++	 */
++	if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) {
++		if (flags & LLE_EXCLUSIVE)
++			LLE_WUNLOCK(lle);
++		else
++			LLE_RUNLOCK(lle);
++		return (NULL);
++	}
+ 	return (lle);
+ }
+ 
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -2311,16 +2311,13 @@
+ 	IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
+ 	KASSERT(l3addr->sa_family == AF_INET6,
+ 	    ("sin_family %d", l3addr->sa_family));
++	KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
++	    (LLE_UNLOCKED | LLE_EXCLUSIVE),
++	    ("wrong lle request flags: %#x", flags));
+ 
+ 	lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
+-
+ 	if (lle == NULL)
+ 		return (NULL);
+-
+-	KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) !=
+-	    (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
+-	    flags));
+-
+ 	if (flags & LLE_UNLOCKED)
+ 		return (lle);
+ 
+@@ -2328,6 +2325,18 @@
+ 		LLE_WLOCK(lle);
+ 	else
+ 		LLE_RLOCK(lle);
++
++	/*
++	 * If the afdata lock is not held, the LLE may have been unlinked while
++	 * we were blocked on the LLE lock.  Check for this case.
++	 */
++	if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) {
++		if (flags & LLE_EXCLUSIVE)
++			LLE_WUNLOCK(lle);
++		else
++			LLE_RUNLOCK(lle);
++		return (NULL);
++	}
+ 	return (lle);
+ }
+ 

share/security/patches/EN-19:07/lle.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZxfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIIIhAAiMgGjXcETkoTyrua/GEu5jy1Kf0NAPnNdGDPk1bqtpMTzBIAxC6VXPkM
+03bMsAaVNQLYtLPevB/uVnc2Qkr/uZNFv0L4XaGNqvL2FYqq7Fy8g9lkxXSphZ78
+gf1PVDVsHQ4Vwou9mYeGMetVwdil27p1OorT3f1y9nk8VM6m0HQgPGl5bYJjG8Se
+IfiT7j0RwHkXkt9ODJL17Cs0+VjCoKZ9fTN4hWy22sLHT2ZJYLIt6zdvTK1qp6gT
+IYifpEmckCiDNoL/AOrbGknG3FkbaEbwb5TV7BOjt9UiKRfKGoxxyxe6RusTwhUy
+ZScuAqVtY1zRR2k6RqA0RVxGsqkbqdmxz+NUUtMn/8jzvOxPXyWPrD63Xex6rOqC
+B47tpsQzozC6Xuk64EtZuEe5TOVCzQul3CRFpnbJttc/NSfSGc9sLyz/3fA8xI2e
+WXBQhXI4z1zwpUQRedFU5FMKI272I3H0DtjYx/MyxUP5BTyycPbj4n7+X2pTdwi5
+/HSRBprO6dnKi4MZAzIJDRTbTJzu8DaNCfJQKt95wGBwZWPPX3lCl5n/iqkyXDra
+0FDrB3N0YFKmtwCAktZazotAIejANmcdqrNaR72s2KxzzLdEzLJGLLy6giOJQvqd
+aYmmGORxypiE0Y4KcuNWDpFqYYOwyLMydZro5QSygz0nVAgsPhU=
+=PZ6a
+-----END PGP SIGNATURE-----

share/security/patches/SA-19:01/syscall.11.2.patch

@@ -0,0 +1,19 @@
+--- sys/amd64/amd64/exception.S.orig
++++ sys/amd64/amd64/exception.S
+@@ -496,12 +496,14 @@
+ 	movq	TF_RFLAGS(%rsp),%r11	/* original %rflags */
+ 	movq	TF_RIP(%rsp),%rcx	/* original %rip */
+ 	movq	TF_RSP(%rsp),%rsp	/* user stack pointer */
++	xorl	%r8d,%r8d		/* zero the rest of GPRs */
++	xorl	%r10d,%r10d
+ 	cmpb	$0,pti
+ 	je	2f
+ 	movq	PCPU(UCR3),%r9
+ 	movq	%r9,%cr3
+-	xorl	%r9d,%r9d
+-2:	swapgs
++2:	xorl	%r9d,%r9d
++	swapgs
+ 	sysretq
+ 
+ 3:	/* AST scheduled. */

share/security/patches/SA-19:01/syscall.11.2.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1eBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKpCBAAgWL2O3tUpnwwvUIpEAKhIwNaWMqhTH8OyIF5dM8YrZlAYCc7twoPr6Y3
+2ojEMEihgC3B3+5flWZyp6Xxdni65Dpy6NcbgqiXJhbI30htC6TzETm2vhtderam
+wnz7B3dmpYtdNBJpRow3kGiLKv6zZ7gG720EuhVKgPjHx+5U4FXzpBazz8cEfz4U
+8F9amyqqe/7hf7kTbjBF7TZ90FpN/Uoe7FCF58L6UB8c3TYvpdfRSQMNg8ODuDIP
+kLV04/QVgoZKtT3MoRhmVgkpSCYYy1/j7KfZqmx08teW+6OjISbCTotS3DgHQD0Y
+sBB+GtvWxzuZjThWyIGQiDUztdyHrqYZbG5q7XFQMRpPjD7WC6MWRxeIgcLn5gjW
+RVVO6WhBEeFi+uTeSnpQUhMERkwJEBg3VzqeXQ5j6eR1xB3hZynJTl9uqMac4GK3
+K8xSoi4pS0VwOJnmu1iXqkUIrS9xSuSak1x/9dk5K6j+bbMXa1kGAJ808c8PQZ0g
+joqgdJjPeekK0e5U88QQ1aT4lwxBGGxdJVCPFYO55r3AzuDLT1Yo74ksn3mS4v1J
+vWE23qQo4v4iIpp0IESHL0TyFffD3vy1FRmmYwS+hZCiOOQBxgx8d0Cl0wMZn3KF
+Cae6mlauAgltuj2cNCjVTZ0mb+D3YU74mwUhLU4Tc8XVYrgh8Sw=
+=VDU6
+-----END PGP SIGNATURE-----

share/security/patches/SA-19:01/syscall.patch

@@ -0,0 +1,19 @@
+--- sys/amd64/amd64/exception.S.orig
++++ sys/amd64/amd64/exception.S
+@@ -521,12 +521,14 @@
+ 	movq	TF_RFLAGS(%rsp),%r11	/* original %rflags */
+ 	movq	TF_RIP(%rsp),%rcx	/* original %rip */
+ 	movq	TF_RSP(%rsp),%rsp	/* user stack pointer */
++	xorl	%r8d,%r8d		/* zero the rest of GPRs */
++	xorl	%r10d,%r10d
+ 	cmpq	$~0,PCPU(UCR3)
+ 	je	2f
+ 	movq	PCPU(UCR3),%r9
+ 	movq	%r9,%cr3
+-	xorl	%r9d,%r9d
+-2:	swapgs
++2:	xorl	%r9d,%r9d
++	swapgs
+ 	sysretq
+ 
+ 3:	/* AST scheduled. */

share/security/patches/SA-19:01/syscall.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1hJfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJbrA//fheN3NfAhxlgRjYwFa6WvhJgHFqoNnwWZLKwUmGdlJCIpdb6o/0FiWVw
+dfH5hSUibY7+vVGYyjcMNnU2BwDFcrQJbzFK7qz8zkDX4sH5RujkGcuacIe71Ny0
++Wwf/jo58WX4bMmFhO8rbO77iijqtDFMJIbk9/jbsIAlbqzQ0Po0KEgA9UdTuvWN
+sSPbkc/kaKSMtWZu8893YlEQGOkZaySuFQmnBHXNiUT7xVeQ0Or/QTYF1/BwkWXD
+n5rPUt1NrijjtMp7Qioz99ClcOGnKR8eqZJkYsFXwHTJH0gTAphUuCP44kGUM+A0
+AfKcsMNngWuVFqPwqtktuu1dkn4hOlIWgL7al9i5GkkvcGAyjdO9+Nh5A6jqlSV8
+PzaEzdvGdrJ76IZJVHDNfMemS9oOuLYyvVxJOdCYovK56rL0F+iFPr3mB5i9jl1M
+T4u/lE30MZmmnWEvIFthqSfr2flT6Z+4MFCesyJ9v3fcA4CKRmn/uuY1mtoHzhjw
+97KQxS9ip/cWlE0WUm5EU5ZfBvWgogVOhf8BEgqaA66v68tdn0WmNNHrqudgerID
+IAg3GL5PkqMAo5PMxh7OvwvKJLk83d+gUhVL40L61CA1+a+4+d/ffaHKzf3OUSmS
+t5GFeOlvaJEHEt4WHE4cfPVuu6JhqBETFQd4UqjeCkwCDpk5/Vk=
+=O4kh
+-----END PGP SIGNATURE-----

share/security/patches/SA-19:02/fd.patch

@@ -0,0 +1,14 @@
+--- sys/kern/uipc_syscalls.c.orig
++++ sys/kern/uipc_syscalls.c
+@@ -1607,8 +1607,10 @@
+ 					fd = *fds++;
+ 					error = fget(td, fd, &cap_no_rights,
+ 					    &fp);
+-					if (error == 0)
++					if (error == 0) {
+ 						fdclose(td, fp, fd);
++						fdrop(fp, td);
++					}
+ 				}
+ 			}
+ 			clen -= datalen;

share/security/patches/SA-19:02/fd.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1alfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIoWA/7B/i7Qms9fnfopopwqADcnARgeziJw29X95Tw7Jax+5v3In0jHS4oCWsM
+JcrpZzECnd2RDs/KQect/HgczWDJLb0XmXyRwW9yifL6bRJwKK+ljxy78+j3vk4S
+lllr2alzP7fTHt0LbiJDJhTp9H6s22cCPiv4/PeohQf0hIKSzYH+3lSiUprYYdFx
+vpA+VimYE8SRpBOkRSNcqJIkRMgCtcA9605+PNARqur2k77Bht+1B4imsH0ox3WS
+DZ43sa9hbWksBrx9i9LmX81VlifnRHFiy+WjGHFEyX3BNQeHhmIoNXqIdngZOvv6
+tvy0HCwrmIuP/aWubWvTLTQJjy37wCqM2pU5TQRecjYvncEITd6nGpWJLkvS2mQJ
+9yi1UY/7CcHQVwF/t1rgT7TlVyKER78vwJdttfnySKj+cNkExf5p4UAgS0z+b40o
+KDLr4X9zhxNiVR1SXOfDpYsZ9ijRDJD4Wc3JdavslkAtbEsNxYs4iejqqHT+0hpe
+6eIydkDtfx1DgD72+A9/q087dXB3EfaRvds1wxoTol6j28y79z7VHL4vgKZ4xmfO
+7S4r8FJ4tL/JiyPMWWJn2S+PN3KgITp16iUGKMhUHUrCRFGyokJxix0laDey5hW3
+Z5XUlN0CaNhcywcgaoRt2/pDVNlkBHPFb5iI8dCM7eGJKeb5v3Q=
+=vmZG
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -4,6 +4,28 @@
       $FreeBSD$
     </cvs:keyword>
 
+  <year>
+    <name>2019</name>
+
+    <month>
+      <name>2</name>
+
+      <day>
+	<name>5</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-19:02.fd</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-19:01.syscall</name>
+	</advisory>
+
+      </day>
+
+    </month>
+  </year>
+
   <year>
     <name>2018</name>
 

share/xml/notices.xml

@@ -7,6 +7,23 @@
   <year>
     <name>2019</name>
 
+    <month>
+      <name>2</name>
+
+      <day>
+	<name>5</name>
+
+	<notice>
+	  <name>FreeBSD-EN-19:07.lle</name>
+	</notice>
+
+	<notice>
+	  <name>FreeBSD-EN-19:06.dtrace</name>
+	</notice>
+
+      </day>
+    </month>
+
     <month>
       <name>1</name>