diff --git a/share/security/advisories/FreeBSD-16:04.hyperv.asc b/share/security/advisories/FreeBSD-16:04.hyperv.asc
new file mode 100644
index 0000000000..5a493b7132
--- /dev/null
+++ b/share/security/advisories/FreeBSD-16:04.hyperv.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:04.hyperv Errata Notice
+ The FreeBSD Project
+
+Topic: Hyper-V KVP (Key-Value Pair) daemon indefinite sleep
+
+Category: core
+Module: hyperv
+Announced: 2016-03-16
+Credits: Microsoft Open Source Technology Center(OSTC)
+Affects: FreeBSD 10.x
+Corrected: 2015-12-18 14:52:12 UTC (stable/10, 10.2-STABLE)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+ 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+Data Exchange is an integration service, also known as a key-value pair or
+KVP, that can be used to share information between virtual machines and the
+Hyper-V host. For more information, see
+.
+
+II. Problem Description
+
+The KVP driver code doesn't implement the KVP device's .d_poll callback
+correctly: when there is no data available to the user-mode KVP daemon, the
+driver forgets to remember the daemon and wake up the daemon later. As a
+result, the daemon can't be woken up in a predictable period of time, and
+the host side's KVP query can hang for an unexpected period of time and get
+timeout, and finally the host can think the VM is irresponsive or unhealthy.
+
+III. Impact
+
+When a FreeBSD 10.x virtual machine runs on Hyper-V, the host may not get the
+expected response of a KVP query. When a virtual machine runs on Azure, the
+host may try to recover the "irresponsive" virtual machine by killing it and
+starting it later, causing unnecessary virtual machine downtime.
+
+IV. Workaround
+
+Don't run the KVP daemon on a virtual machine. With this, the host will know
+that KVP functionality is not working at all, so the host won't try to send KVP
+query to virtual machine.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r292438
+releng/10.1/ r296954
+releng/10.2/ r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+.
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQmAAoJEO1n7NZdz2rnq+sQAOOnGB826xMwM5xW7a2rnOKV
+SDPzC0XXkHhRltJWSaIBi+nhKusMQcuYEaZDG8P5pvugpJfBPDhv2THu9ofEhvB4
+88iT4sFOKi20iXJxrZQM5UT9tPaDoWUCQ9isr4HseotF5Hda4onplGK3/VXq3xGF
+tGjgOfnHbhQbXAf7JZwCfjUeIyYYY2VGBscSwDF/AS0Z9vUEudNKnPEZcC5V19LJ
+8vZHjknNpchklnaT0UFZwrpFEgpmSU5rtYlH6FbfWYbspqRjEk1Ia2wkasB9im2z
+v2vc+qNOqgOMATgatix0yqzXnBkOqi+5ra0MUipXG89l3Yxvekv0mvqQFYRWN7MN
+fjPOnP9i2hjoKbbPEArEmYffOFMjxrOTgzLYVxXntOTUFMgGcUXltgjlo/Ov4Fm0
+CfDIDUBlyPlDkemPYiaRinyLim4M3TOll2M6ucnonFuE//sLfU/DEnlz8pf+yJg3
+jeJ7Pi6YKe+YUrTj2kL8shoPWjg00oHCIZua9nFhdHwNURX5XuoPlf84qxeSmumL
+lbQ8Dq82zkECJmJe7fGshUyPGlXqN+ValGYtZkuQwS/vq1cxRomvO1naZQDqJuVA
+Z15SW63CnsFIYJvK0Dd0v0i3Nw0WYHRRJ5nFo18WIzHs2FZguib1wqiN6D1oRnrH
+0YgK0KZFzwWufB7YB0TG
+=4BjO
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc b/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc
new file mode 100644
index 0000000000..ce408f1991
--- /dev/null
+++ b/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:05.hv_netvsc Errata Notice
+ The FreeBSD Project
+
+Topic: hv_netvsc(4) incorrect TCP/IP checksums
+
+Category: core
+Module: hyperv
+Announced: 2016-03-16
+Credits: Larry Baird
+Affects: FreeBSD 10.2
+Corrected: 2015-12-18 14:56:49 UTC (stable/10, 10.2-STABLE)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+When FreeBSD guest runs on Hyper-V, to get the best network performance,
+it usually uses the Hyper-V synthetic network device. The driver of the
+network device is called hv_netvsc(4). Since FreeBSD 10.2-RELEASE the
+driver supports TCP segmentation and TCP/IP checksum offloading.
+
+II. Problem Description
+
+Together with the TCP segmentation and TCP/IP checksum offloading a regression
+was introduced. The driver checked the inbound checksum flags when deciding
+whether to process checksums or not, while it should have checked the outbound
+flags only.
+
+III. Impact
+
+If the guest running on Hyper-V is configured as a gateway, the host will
+silently drop certain packets from the guest.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch.asc
+# gpg --verify hv_netvsc.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r292439
+releng/10.2/ r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQyAAoJEO1n7NZdz2rnOdQQANX3NYcoY1uMJEJcOMgfKp52
+OUKUriPdJjEr94Yq/QSGaIp5WyZ5O/hu89LI45DlJMHGxQYJrpQuM1Cyf2QS770u
+yrmfTkcJpqmwJpr4pOqQuYUHuAXkUsOeOysOO/2ccP7USFWqdWbgLotbq3JAFwIz
+cnPwteAawZ3BZLaDRXgsr9Hhqn5d++YIsYC3mhyGNJJI6LlNG/ihba2Vd8lDu9hv
+UVv0WW8yfv851jEv/vhCQmhHcHcIAhzZGLn47Shi4s0833icvPeU+Xc/cpL/wifX
+vCPKA53DqdsNCsPQbbfzgCgoxV1iC3zb/4EOUAIpCInS00N4YQeQiJePH7Im56rc
+y6LsccIf1otr8xCuRuWsUVXuzrmtDBKDzE2gwMx+YHAEWl7ObhgM1VYYWoYnwBlr
+g+M2Wynjcj/rSZUpBdtUFFDNhqFlvrFSXDUEl0MbK4IzwtyOQtQfnCjy6kTqr2yB
+czWonmU9tgLtaqkN61b5pBx+jR2oEC4M8HPHuA2LmEKLJrgfePHBIAZ7cPnWaZ4O
+L4uP97MPmZEQggQeED5SLTMl3jJUe52H9XDkN8RV8/P3oA/YXBD4prhg4fYvNKQT
+VR0pWvlnJNmjaupCBWOfJfG1S8+oOfoTNV5/Fq83LVLW0DPKHVmLtQfS5Rs02745
+VnvCDT/XPOCODW1KdsSc
+=vkxR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-16:14.openssh.asc b/share/security/advisories/FreeBSD-SA-16:14.openssh.asc
new file mode 100644
index 0000000000..a43511a564
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-16:14.openssh.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:14.openssh Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSH xauth(1) command injection
+Category: contrib
+Module: OpenSSH
+Announced: 2016-03-16
+Credits:
+Affects: All supported versions of FreeBSD.
+Corrected: 2016-03-12 23:53:20 UTC (stable/10, 10.2-STABLE)
+ 2016-03-14 13:05:13 UTC (releng/10.3, 10.3-RC2)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+ 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
+ 2016-03-13 23:50:19 UTC (stable/9, 9.3-STABLE)
+ 2016-03-16 22:30:03 UTC (releng/9.3, 9.3-RELEASE-p39)
+CVE Name: CVE-2016-3115
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted and authenticated transport for a variety of services,
+including remote shell access. OpenSSH supports X11 forwarding,
+allowing X11 applications on the server to connect to the client's
+display.
+
+When an X11 forwarding session is established, the OpenSSH daemon runs
+the xauth tool with information provided by the client to create an
+authority file on the server containing information that applications
+need in order to connect to the client's X11 display.
+
+II. Problem Description
+
+Due to insufficient input validation in OpenSSH, a client which has
+permission to establish X11 forwarding sessions to a server can
+piggyback arbitrary shell commands on the data intended to be passed
+to the xauth tool.
+
+III. Impact
+
+An attacker with valid credentials and permission to establish X11
+forwarding sessions can bypass other restrictions which may have been
+placed on their account, for instance using ForceCommand directives in
+the server's configuration file.
+
+IV. Workaround
+
+Disable X11 forwarding globally by adding the following line to
+/etc/ssh/sshd_config, before any Match blocks:
+
+ X11Forwarding no
+
+then either restart the OpenSSH daemon or reboot the system.
+
+Consult the sshd(8) and sshd_config(5) manual pages for additional
+information on how to enable or disable X11 forwarding on a per-user
+or per-key basis.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+then either restart the OpenSSH daemon or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# service sshd restart
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:14/openssh-xauth.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:14/openssh-xauth.patch.asc
+# gpg --verify openssh-xauth.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+d) Either restart the OpenSSH daemon or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r296780
+releng/9.3/ r296953
+stable/10/ r296781
+releng/10.1/ r296954
+releng/10.2/ r296955
+releng/10.3/ r296853
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6ePuAAoJEO1n7NZdz2rncF0QAOu5DtldNmqgqr7iwdCguoiB
+wTYAenLBBhbj4SoMeqhGd9p6RfoKtgsjt1Pbw/4XXJOIsgvFezm4GvDHWrHCqp14
+3DIJWTxcXcDkRvnqiqUJSDszeM7BYu7G+q8VXEGl0ObMBWfgfsP42jnemx81bI4e
+W4Y5/idRvE+6yn7ja3qnNFEB8NfBZOYBV27+tTBiKaZgOt52yWQiFuVIE0WDYS/f
+I7Pc5DzMAU5l4bEPRYlniuVKOaGY+JYjbuVW/4af9MU6JYmK3HATtNcAuDi2SsSo
+SIpbJeILtyXTi72LClT/Px1GsQi/OIjiE2/7DOtNODyjPnQlRIoHveaaYBZ+WUks
+A0hEgaxdDLU+SUHcJKmbdu65eCQtrkdS0vquGnlqd2Q1fqQwwE4U1A2tEgbsGZ6R
+fikKBHISZYwhGMkIijy0ImDAD/SzO5UrIsgePM+9PoeGqLRZXKVNCtxaKpA9tO80
+J9MAbLsi7jgzncCGliL6x3m/w6xsJWP//NtyZVF74ydMEh8IuW4n8yrlrZN5cWJa
+2rySvewHvdXwlClFzMrAxwRPEo845xmsIvODMpaZplXaIzqNN46WfkBsPZTBkYR4
+xF/YNQkLSjYpbrv9GLfJtDn2+ny5OYkJ/pWhaiN0r7oeBjnbXLz9Y/4sS1rFyIMR
+OYy+uH7vcQ7RLXfVgahv
+=RZqF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc b/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc
new file mode 100644
index 0000000000..769121df45
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:15.sysarch Security Advisory
+ The FreeBSD Project
+
+Topic: Incorrect argument validation in sysarch(2)
+
+Category: core
+Module: kernel
+Announced: 2016-03-16
+Credits: Core Security
+Affects: All supported versions of FreeBSD.
+Corrected: 2016-03-16 22:35:55 UTC (stable/10, 10.2-STABLE)
+ 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+ 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
+ 2016-03-16 22:36:02 UTC (stable/9, 9.3-STABLE)
+ 2016-03-16 22:30:03 UTC (releng/9.3, 9.3-RELEASE-p39)
+CVE Name: CVE-2016-1885
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The IA-32 architecture allows programs to define segments, which provides
+based and size-limited view into the program address space. The
+memory-resident processor structure, called Local Descriptor Table,
+usually abbreviated LDT, contains definitions of the segments. Since
+incorrect or malicious segments would breach system integrity, operating
+systems do not provide processes direct access to the LDT, instead
+they provide system calls which allow controlled installation and removal
+of segments.
+
+II. Problem Description
+
+A special combination of sysarch(2) arguments, specify a request to
+uninstall a set of descriptors from the LDT. The start descriptor
+is cleared and the number of descriptors are provided. Due to invalid
+use of a signed intermediate value in the bounds checking during argument
+validity verification, unbound zero'ing of the process LDT and adjacent
+memory can be initiated from usermode.
+
+III. Impact
+
+This vulnerability could cause the kernel to panic. In addition it is
+possible to perform a local Denial of Service against the system by
+unprivileged processes.
+
+IV. Workaround
+
+No workaround is available, but only the amd64 architecture is affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Reboot is required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch.asc
+# gpg --verify sysarch.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r296958
+releng/9.3/ r296953
+stable/10/ r296957
+releng/10.1/ r296954
+releng/10.2/ r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eO/AAoJEO1n7NZdz2rn0UMP/iU/orN0P6+Rsj9hY2B6M0VS
+H6CMMVvketkIIWl9oKX9D/G0g/HyD8uFy06qL2OBz+h99h1oaF5ELl4G6TkF69Ra
+yOKrLcWnyi3eWLUaPvGkrLakVpG0+pU3QRvBT+d0nsTarOMPq+nhooarMfAluF3p
+c3bXEjzn/lTA5T0zTcGS2o9IgORvYrKRIGW0KJDsCWsDgVyWngsJAJdIrzwx022Q
+ENoIGmgLnYsx7TY1cuMtdb3TVyJsZv8zjrrmcLzw67Vly7wShs22CKK23ydDDyy9
+xFYsbWA+X8CarV2uSk8xJCIbWjJSlfc9XvOlHLZEiT7PNCZIk2c2fNLENxHvyNl1
+vgIUBoD/wzzS5QqdnT4r726aQt3pNezns1NDxujwUovVn5nQaXnKOTJHsOthDJ99
+PakEMa93iZqOfzbVouBIBH1IPgNLHof9Jdq3wYiKhrQVJXRespdpCfh3/wdph9LB
+ElBOTlrCcShV+N6deO4KI2wNK5h704D4hOMsqlInLwGQmGi7qa4ouWASgzQQmU/8
+6va3mJsgCvzHUpRCMQo7pIZm6SnOIYLdg7S4vV7P6q5oOIBnjFa8bK/Cq+zOR42e
+gJs9ou65JTTC0KG+26wXaD2Wx8uriO/+ZfCT/YM29FUUqIdayqHxhACjF0lkY83P
+02CAQXURVoI7kbjHaGT7
+=jV9z
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-16:04/hyperv.patch b/share/security/patches/EN-16:04/hyperv.patch
new file mode 100644
index 0000000000..29a26cc1a6
--- /dev/null
+++ b/share/security/patches/EN-16:04/hyperv.patch
@@ -0,0 +1,48 @@
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -44,6 +44,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -114,6 +115,8 @@
+ static struct hv_kvp_msg *hv_kvp_dev_buf;
+ struct proc *daemon_task;
+
++static struct selinfo hv_kvp_selinfo;
++
+ /*
+ * Global state to track and synchronize multiple
+ * KVP transaction requests from the host.
+@@ -628,6 +631,9 @@
+
+ /* Send the msg to user via function deamon_read - setting sema */
+ sema_post(&kvp_globals.dev_sema);
++
++ /* We should wake up the daemon, in case it's doing poll() */
++ selwakeup(&hv_kvp_selinfo);
+ }
+
+
+@@ -940,7 +946,7 @@
+ * for daemon to read.
+ */
+ static int
+-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused)
++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td)
+ {
+ int revents = 0;
+
+@@ -953,6 +959,9 @@
+ */
+ if (kvp_globals.daemon_busy == true)
+ revents = POLLIN;
++ else
++ selrecord(td, &hv_kvp_selinfo);
++
+ mtx_unlock(&kvp_globals.pending_mutex);
+
+ return (revents);
diff --git a/share/security/patches/EN-16:04/hyperv.patch.asc b/share/security/patches/EN-16:04/hyperv.patch.asc
new file mode 100644
index 0000000000..636a4f5677
--- /dev/null
+++ b/share/security/patches/EN-16:04/hyperv.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJW6eTNAAoJEO1n7NZdz2rncSgQALit1G2h1OmIqsoK70jv9SuZ
+TUiuIeubcbcw2jvhaOiR2PFSr7nI/2K03mhoWZk7g8klG38WKIRd9FONfGim4gTi
+eqJTlu/uERLvPUsfrlYZ1XAIkG9xQVXR5BlCAZC3cbE+SL6arBnCMwdGb9WYojR7
+t9iS7Q1tUi3BmH73gPtDC34fIQVvO1SVeAqrtggPbeWu0aS4Orr4y/LtNKltN3Fu
+Szzj4fNn6Sr0FHNn3dH6v6QSvuodeCOqwEsEC4mn0b2YYbP3p5XTZJVOEZGuQjjV
+SBHbTFBPnkeTpcPRls41vMPvEK8xwm+0ISoZSUseudt0LMSB7KsydLZ7tZ2erT8R
+xEKpVIhFWhu9K0gydYyjaNncVIgkp4RMcIdOXmrr6CTDwpz2UYOmEoMm7y3Gfepn
+bp+Azu59DsgK0l5YqgPPdNksP2LFwUl+4y+7CoO99KzBaVt79cf8jRFz+Qa3ejX0
+Sb0CRdQL41F06EAaxbj+kRLhUCt8aqRGcBODwLdzEyoByA+MfsU4aI2+6sMZ6+CF
++bByt5Q2vbN8Ke4MukczOYx9xk3oZ5Dh9LobaDM1ymq5YhTfcNNSjHplrk4bmx4n
+fsKkEw4q2zxaEvglBeCdK7k4JsJyWgCmo7R0K9d/qo+MWu3dS4F6vC6zqCFG3V8P
+03wCEqy0B0RTcoZSgH7Q
+=rIbe
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-16:05/hv_netvsc.patch b/share/security/patches/EN-16:05/hv_netvsc.patch
new file mode 100644
index 0000000000..d7c19e908c
--- /dev/null
+++ b/share/security/patches/EN-16:05/hv_netvsc.patch
@@ -0,0 +1,28 @@
+--- sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c
+@@ -128,6 +128,15 @@
+ #define HV_NV_SC_PTR_OFFSET_IN_BUF 0
+ #define HV_NV_PACKET_OFFSET_IN_BUF 16
+
++/*
++ * A unified flag for all outbound check sum flags is useful,
++ * and it helps avoiding unnecessary check sum calculation in
++ * network forwarding scenario.
++ */
++#define HV_CSUM_FOR_OUTBOUND \
++ (CSUM_IP|CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP|CSUM_IP_TSO| \
++ CSUM_IP_ISCSI|CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP| \
++ CSUM_IP6_TSO|CSUM_IP6_ISCSI)
+
+ /*
+ * Data types
+@@ -570,7 +579,8 @@
+ packet->vlan_tci & 0xfff;
+ }
+
+- if (0 == m_head->m_pkthdr.csum_flags) {
++ /* Only check the flags for outbound and ignore the ones for inbound */
++ if (0 == (m_head->m_pkthdr.csum_flags & HV_CSUM_FOR_OUTBOUND)) {
+ goto pre_send;
+ }
+
diff --git a/share/security/patches/EN-16:05/hv_netvsc.patch.asc b/share/security/patches/EN-16:05/hv_netvsc.patch.asc
new file mode 100644
index 0000000000..10d1ae25cb
--- /dev/null
+++ b/share/security/patches/EN-16:05/hv_netvsc.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJW6eSgAAoJEO1n7NZdz2rnTWYQAOrx8JpIRuiqkHBHKMuzKTuN
+IRL/Jmas4XfNDim45g2mZdKFPqW6LwcquKreET6bD6ld+vO9XWD3WVkAoEClzn41
+uo9PJ0gtiKR3M6UupQWeT86lVFIAGmN51vpNb7+IL9saRgl5iqhlnP3ctOI/W1Mn
+NfRh4bg/9OQN9eYWRzN2Se5cHO45GTbEgrAdcpFYqItyREwdQV/O/DyGOBnaSWFR
+xIcmMxGwF6unuJ3Ah1nG0HVid3s2z4ih/KW68k5WXlasERe7NmR39UN4FgPLUC08
+nR/Jvi3vSd6qSiiHxZQGK9ZvWFKGAy9e6w1bhA8+zkciH3i+4b/3d5yr3F9og6Ol
+cxshafgPwC647laEPEW2n3ZEw2elDISD097MhJhu0Yp0Y5VI9LM2bPUTZhfknT6j
+Xm1fHthkNJ9OJbD3zsZXtMDY7q3MO6Fg6YnYO0N5V30pn4yHHEyHO6Yqx+lXKeEn
+Ig/IDYlo6g8USEBht8ZleOumjuGWrRZ1uHXobPClERbdkntI8xwnRhyiXYRp3P0X
+lrrJmlvrN7A4d3HEjOtUC/H1XRxjCIbZJGBDdDRShiEmBPNMqSCIQWqVDDApqZZJ
+N2MudpAPKPGGHCM2DL90PYp0FZJg3paEUYTtp7jEyjwaD605C36VzcVgYPHfWCa8
+zektJEKNcu4ciRJN2f0N
+=nPnm
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:14/openssh-xauth.patch b/share/security/patches/SA-16:14/openssh-xauth.patch
new file mode 100644
index 0000000000..71077a7536
--- /dev/null
+++ b/share/security/patches/SA-16:14/openssh-xauth.patch
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+
+ #include
+
++#include
+ #include
+ #include
+ #include
+@@ -274,6 +275,21 @@
+ do_cleanup(authctxt);
+ }
+
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++ size_t i;
++
++ for (i = 0; s[i] != '\0'; i++) {
++ if (!isalnum((u_char)s[i]) &&
++ s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++ s[i] != '-' && s[i] != '_')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Prepares for an interactive session. This is called after the user has
+ * been successfully authenticated. During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ s->screen = 0;
+ }
+ packet_check_eom();
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ s->screen = packet_get_int();
+ packet_check_eom();
+
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
diff --git a/share/security/patches/SA-16:14/openssh-xauth.patch.asc b/share/security/patches/SA-16:14/openssh-xauth.patch.asc
new file mode 100644
index 0000000000..a0eb3f5846
--- /dev/null
+++ b/share/security/patches/SA-16:14/openssh-xauth.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJW6eThAAoJEO1n7NZdz2rnZqoP/RS674pw04h0UWqQQOJSSioN
+eNWOepSLNydoyL+XBkeOFwJ2n8j17TGP+ClBNAl9AQJa6u6hNQfu2jqJyd6cUcDE
+fIDKuVXFraRixlh/mLKB105Wfx5nnfz3buwGiLc0vgLkoV1M6dUVWQAu34oEb72Q
+mqei/7ob5zw0IObC1PUkp2ar7BmkPjOdl264bpY+mlGe5+bRa142JbK8W+ZubMS7
+Bi5L73Z9dSRxM0toXw1trSU2OBx3+IOeF+JC1YM+zy/g88peldUuiYUUhYQrUsQ3
+Joahl/BvTPml5wpOWUEcdr+PMVTkCT+SYSKxWg8/sIfkESAU2J1AYHHVJbeF8ja1
+1dkCEOwGDrZ2zGmCyZeLLKyDvN8Do56DWz0vmgXxcTY4PKWyn4myWqGQBXVnmfcT
+Lm3leUSqFNtFptUovLOgQxMGXPSQFEuOURw/Ze1jytT+y2gLCfga9NxO0dtVEBoC
+yC9swFSOq24N4hTkLYw0W0d3Ms5waUx04KayI/Xkh/dNu5Zvg6nwqlf+Rw1jR2/Q
+EBMBqV8OxMpKBf0wZkEGu6ed72dOzUZ/G7uUi9UNzlRfmjPxFXp7NB0QLsMQQoCp
+PEfX3HaeGtapNrEOoezZ15ou1UNJu0GWQEHmnB6l2ian42M0UeiBWqkwRfVDWdeO
+X12SMxZqWG+rayyhEski
+=gZFi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:15/sysarch.patch b/share/security/patches/SA-16:15/sysarch.patch
new file mode 100644
index 0000000000..3577ec07f7
--- /dev/null
+++ b/share/security/patches/SA-16:15/sysarch.patch
@@ -0,0 +1,13 @@
+--- sys/amd64/amd64/sys_machdep.c.orig
++++ sys/amd64/amd64/sys_machdep.c
+@@ -580,8 +580,8 @@
+ struct i386_ldt_args *uap;
+ struct user_segment_descriptor *descs;
+ {
+- int error = 0, i;
+- int largest_ld;
++ int error = 0;
++ unsigned int largest_ld, i;
+ struct mdproc *mdp = &td->td_proc->p_md;
+ struct proc_ldt *pldt;
+ struct user_segment_descriptor *dp;
diff --git a/share/security/patches/SA-16:15/sysarch.patch.asc b/share/security/patches/SA-16:15/sysarch.patch.asc
new file mode 100644
index 0000000000..00ce22ab42
--- /dev/null
+++ b/share/security/patches/SA-16:15/sysarch.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJW6eUyAAoJEO1n7NZdz2rnaSIQAJTQUQ1TymgrFTpruBnZXlti
+EM1Q0DikCelD6mycM7qVMvl3n3QMgbs1tYlzHnt+Mt7UGqLBwKJH8vbAUf4Tb4mK
+kWSHXtGivmQQoinCNJ5W2gJG4k+47eYvNKAtty4VI65tvzWWTRBaXtR065okqmzy
+DPqu40pv6Liw9MwTvvw/+aoI7AY1AK/ao7lbBzDL7BYy0iHrsWWIqJiDU9UFxJ8H
+7EFZRMvavG13yKZsEjiRk+3UzF/xZ8bguvOvrz37GT51bT6EuwFxkYRqxc/YgD+0
+uxds5o2Ot77qOxCQDVIOvHkhFNQhwonJKGbVbZ3ZAEhFs2DKbu198RIaXviiizwk
+DJefFdXpDRN8qGkjAxo0ycggaqnreQt8YRSObpZdSzeTilyQddwbZ2JYCzswwpkJ
+MrPK0RjB3IJPEJJ6W7wqwVXoQaC7N8VYZ/K13GgEYktLQCxGWWvSIKqQ+X+wKbjN
+ibW6ep4ChZTo59jsPexkqXzZ4KSPZEfiLiRYwwAYgSYHwPBcuKVCAx6aPiyF9jN3
+BTTQ+QCI+7IOzggKjBGn05moc1WEiumWi/KJ8KkSGc5v8ilfFRGJ98YYVG+1BNja
+GO7STPpIeOcvuQKDG2brUeTI8Z67gQ4ly9D5NTg6b7iPFsz8S71fmJH3rH5kF16f
+1gEAuD/03MUEpkFcG2ZW
+=bUiv
+-----END PGP SIGNATURE-----
diff --git a/share/xml/advisories.xml b/share/xml/advisories.xml
index d37a658c01..a4b8f80206 100644
--- a/share/xml/advisories.xml
+++ b/share/xml/advisories.xml
@@ -10,6 +10,18 @@
3
+
+ 16
+
+
+ FreeBSD-SA-16:15.sysarch
+
+
+
+ FreeBSD-SA-16:14.openssh
+
+
+
10
diff --git a/share/xml/notices.xml b/share/xml/notices.xml
index 552a008a76..ac00742bd2 100644
--- a/share/xml/notices.xml
+++ b/share/xml/notices.xml
@@ -7,6 +7,22 @@
2016
+
+ 3
+
+
+ 16
+
+
+ FreeBSD-EN-16:05.hv_netvsc
+
+
+
+ FreeBSD-EN-16:04.hyperv
+
+
+
+
1