Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16.

Approved by:	so

share/security/advisories/FreeBSD-EN-20:08.tzdata.asc

@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:08.tzdata                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Timezone database information update
+
+Category:       contrib
+Module:         zoneinfo
+Announced:      2020-05-12
+Affects:        All supported versions of FreeBSD.
+Corrected:      2020-04-27 03:56:47 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:44:13 UTC (releng/12.1, 12.1-RELEASE-p5)
+                2020-04-27 03:57:17 UTC (stable/11, 11.4-PRERELEASE)
+                2020-05-12 16:44:13 UTC (releng/11.3, 11.3-RELEASE-p9)
+
+Note: The upcoming release of FreeBSD 11.4 was branched after the original
+commit to the stable branch and already includes the updated timezone
+information.
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime.  This file actually controls the
+conversion.
+
+II.  Problem Description
+
+Several changes in Daylight Savings Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+countries.  Because of these changes, the data in the zoneinfo files need to
+be updated, and if the local timezone on the running system is affected,
+tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV.  Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V.   Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately.  For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-20:08/tzdata-2020a.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:08/tzdata-2020a.patch.asc
+# gpg --verify tzdata-2020a.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r360361
+releng/12.1/                                                      r360969
+stable/11/                                                        r360362
+releng/11.3/                                                      r360969
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:08.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLsNw/9GPsAAKDQhjy0Y6hqfu8Jygd4sYUn/SghOFyaBvqfUdobKnPe+zy9ankg
+uM/Ytfwa/E7nKcI7z6kWiWGngmhkbMUlk4A16GmumSRV5bz/pHWYAusU8pVCtvsw
+4zrW14uK19s7Pl9KgdMf72fVGREAKQwbqL4iye9bwxUjP0yCa1VmI1RgAwhTXdqY
+fz7bCa8klq+R0oIV2JWnzw+IxwgbLYkV/1dQ5rc1IadciEmPvTls70SCKrzQ3orm
+wHpI8zvcle1JUooyQrqkf8sRTnTRNjVN+X9bFw5xMQFmVP0wahtQwXsE8wio73Ia
+J5bS40KkHUbKJ57ud+vRv3EQoArF4fhSsRUskK32C5S7ahGYIMDIdSCJcUHq7zTA
+gv9oaIgMSsoYq98M/JDdFsn49NNf4hitETChwQ2GdBpBXk77PSXz48kncm2TXPzn
+ibM8nufZxAG768sNAji4AtMb9/MiMoE2CDbmXV9pIc9XK/5hz91GDAdGY0BSH1q8
+LrwSpuOJvLHOQE1gVqxqB/DNkPOGMOqq62cagSxE4D0aGhHuTWq0h2BuF6TlbVs+
+cnog6eZ2BZcVsnkrSiWPQFPH1fg60bzmh6LdhIYRmTjWNxVu+fvm9yHUz3/SHt5N
+Kdll9Hy0QsXjtmwcgl55e4vint1ke4PeMc3sTbkpcodCRpg6faA=
+=Mxc9
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-20:09.igb.asc

@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:09.igb                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          igb interfaces fail to switch to inactive state
+
+Category:       core
+Module:         kernel
+Announced:      2020-05-12
+Affects:        FreeBSD 12.1
+Corrected:      2019-10-24 14:18:06 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:46:14 UTC (releng/12.1, 12.1-RELEASE-p5)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The igb driver supports Intel Gigabit Ethernet interfaces.
+
+II.  Problem Description
+
+The igb driver does not detect link loss, and the interface does not
+transition to "inactive" upon link loss.
+
+III. Impact
+
+Incorrect link state may lead to system-level misbehaviour (for example, lagg
+interfaces may not transition to an alternate interface) and may cause
+confusion for system administrators.
+
+IV.  Workaround
+
+Bringing the interface down and back up (e.g., "ifconfig igb0 down" followed
+by "ifconfig igb0 up") may cause the status to correctly change to inactive.
+Systems not using interfaces supported by the igb driver are not affected.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-20:09/igb.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:09/igb.patch.asc
+# gpg --verify igb.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r354021
+releng/12.1/                                                      r360970
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236724>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:09.igb.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIXkQ/7Bd9xjLiBJI3yG/8iCaAsQcqLPAvxS4cwtBTvzcOTs9iDs71YbiVy0IcU
+ffcorkOmlwMKPSlDmgZPNxW9l8k1eOrBp2m+8UVZ0bUxA/Vp2fv9Er0A7RPoZO17
+o8fqvTFc3OPuF4LAQ+cC/lH2yiB/F/m6qqph6GisQWUARH1CLvf2FwQFbgBJ5HMN
+jqiL71M3TTnoM9ZwKWelsaOLa2eGDb1zUJ/JcM33uBQ5WTMO7zcN0yxmD0i0dCrJ
+4ZeewKijLWEjJucsqflSEJhc4fo01SRkii66O0r7VLff7gqiCMbieWNr1BF578l5
+fT36r/C06YlivbNErRrZ13LOP5uLre7t4z0cg7fwkRNYfbA7f5o9YRQIp1t7QXN3
+E/6DOr7r5YTfdM6pd7gm5CDprIjZuQcc4hvBXg2FeM9dkZnoVnAKSU9zfNk8N5ly
++YrF3Sl/b/jGI0CI5AuYNzDH3lZf2tdicO9kM8qp8f8IkchAxLrZ4sZmoPqrX8O1
+n5a/e9bgfPAMMJO3PZFbI3haS0wsdkFFuDvrI/raaC/gbBVDwQ25YvKa+OP/Oej7
+H3ao1MPs0Y1FnO/104aVDbNMrDrbDPQnTrwUdF5+DVa1Y9FuBhr8QStsT8oH6il1
+tBKDVjEGb0aT8tF3T+x0Ugaow0pr05MnfipwZe6xUhfpvXEaLU0=
+=LGyL
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-20:10.build.asc

@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-20:10.build                                          Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Incorrect build host Clang version detection
+
+Category:       core
+Module:         build
+Announced:      2020-05-12
+Affects:        All supported versions of FreeBSD
+Corrected:      2020-02-18 18:03:04 UTC (stable/12, 12.1-STABLE)
+                2020-04-29 18:51:34 UTC (releng/12.1, 12.1-RELEASE-p5)
+                2020-02-18 18:03:04 UTC (stable/11, 11.3-STABLE)
+                2020-04-29 18:59:37 UTC (releng/11.3, 11.3-RELEASE-p9)
+
+Note: The upcoming release of FreeBSD 11.4 was branched after the original
+commit to the stable branch and already includes this errata.
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD's build system detects the host compiler version and uses that to
+control certain actions during the build. 
+
+II.  Problem Description
+
+The Clang and LLD version detection accepted only versions matching the shell
+glob pattern [1-9].[0-9]*, which notably does not include 10.0.  The build
+then proceeded as if the compiler or linker version was 0.0.
+
+III. Impact
+
+Attempting to build 12.1-RELEASE on 13-CURRENT failed.  The version detection
+issue also affects 11.3-RELEASE (although the build does not fail).
+
+This issue only affects attempts to build FreeBSD 12.1 or 11.3 on a -CURRENT
+host.
+
+IV.  Workaround
+
+Install 11.3-RELEASE or 12.1-RELEASE on the build host.  No action is
+required when building 11.3 on an 11.3 host, or 12.1 on a 12.1 host.  
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/EN-20:10/build.12.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:10/build.12.patch.asc
+# gpg --verify build.12.patch.asc
+
+[FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/EN-20:10/build.11.patch
+# fetch https://security.FreeBSD.org/patches/EN-20:10/build.11.patch.asc
+# gpg --verify build.11.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r358076
+releng/12.1/                                                      r360473
+stable/11/                                                        r358076
+releng/11.3/                                                      r360474
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245973>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:10.build.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIpBQ//Z3C6D2fP/MifBXt4ueGydxnImlZ3nh8J363j45Yla2SrG1ojLS3ld47a
+sz6mpMKOfXGtxd/oV64rnx+87ZiMygTTGnzQHclE3FZzYm2WmeMmXcyznq0ap0tt
+OJltwJY3KM/7znhJs+dRGIWVrHWStcT0oDmJzSE4u8+zZp4+psFSeBvJlWmZUgUt
+iIWQMrYUh6s6zGFpjL+6Qy3qDReVXB/+Lc/Wo1RNxff+7VOhYhzDIBr3JooIFy1C
+TG3AqtW2PC59B4cZHWUUVxnRyBAuyvlPxf+yWa7JRP/06m0YJlzWNpoKkvkdo4+x
+gG7ulHZU35QLc/NJVX+osTGaGJ7j3pmh1O0npPWbdmsXsR9ugMIZ6rv7+zxq0EX7
+C/7d3fpLw4UcOGbHEI2mZH266IOt/5PaADXjcRO0d/EZRU5zeArWP0vbKF1Hmjg+
+0rdNTv5rPxAVqGSzxC/dpaXCUCGbw0oZz2V6YDL/cxtHdqZwcuNx7nARpWh4H1tE
+0XG3McL8WejJELUb1KtyKrLNQRJ9QzM6tkvTupZcD/7ztL3cVL4tm5Gnfuo/Ui+i
+VcilDPJnm1aT6r3b5Yzz15VkvAP6bf924lXrJZP19pJMXv90wmKsHUzqgIRG9DsB
+iWLVJND9lALxcrW4ZBD+KmIOYukDrzNZJQBM8NzLiaRGgJDFCHg=
+=///S
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-20:12.libalias.asc

@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:12.libalias                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Insufficient packet length validation in libalias
+
+Category:       core
+Module:         libalias
+Announced:      2020-05-12
+Credits:        Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
+                Vishnu working with Trend Micro Zero Day Initiative
+Affects:        All supported versions of FreeBSD.
+Corrected:      2020-05-12 16:49:04 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:51:11 UTC (releng/12.1, 12.1-RELEASE-p5)
+                2020-05-12 16:49:04 UTC (stable/11, 11.4-STABLE)
+                2020-05-12 16:51:11 UTC (releng/11.4, 11.4-BETA1-p1)
+                2020-05-12 16:51:11 UTC (releng/11.3, 11.3-RELEASE-p9)
+CVE Name:       CVE-2020-7454
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The ipfw(4) system facility allows IP packet filtering, redirecting, and
+traffic accounting.  The ipfw(4) packet filter also contains two different
+methods of accomplishing network address translation (NAT): in-kernel and
+userspace.  Both implementations use the same functions provided by libalias.
+
+The libalias(3) library is a collection of functions for aliasing and
+dealiasing of IP packets, intended for masquerading and NAT.  Additionally,
+libalias(3) includes modules to support protocols that require additional
+logic to support address translation.
+
+Note: libalias(3) is not used by either the pf(4) or ipf(4) firewalls.
+
+II.  Problem Description
+
+libalias(3) packet handlers do not properly validate the packet length before
+accessing the protocol headers.  As a result, if a libalias(3) module does
+not properly validate the packet length before accessing the protocol header,
+it is possible for an out of bound read or write condition to occur.
+
+III. Impact
+
+A malicious attacker could send specially constructed packets that exploit
+the lack of validation allowing the attacker to read or write memory either
+from the kernel (for the in-kernel NAT implementation) or from the process
+space for natd (for the userspace implementation).
+
+IV.  Workaround
+
+No workaround is available.  Only systems using NAT and ipfw together are
+affected.  Systems using ipfw(4) without NAT, or systems leveraging pf(4) or
+ipf(4) are not affected.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:12/libalias.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:12/libalias.patch.asc
+# gpg --verify libalias.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r360971
+releng/12.1/                                                      r360972
+stable/11/                                                        r360971
+releng/11.4/                                                      r360972
+releng/11.3/                                                      r360972
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7454>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:12.libalias.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK1Iw/7BpU400GeYsWt6xd+tUuBqGGB6a28+4G/e2GkqMF83vwAaf9+M4siM4Md
+t0RUDLhcC3irLtGehLcXmVdWZUakmacGa3pGza3E8qdCSQC6+VdO4ghzk5fRlVf0
+jmcvCi7zml0YhmATkfMBscPeOJmvENUpouVIwzn4CXMwCKMofjKXdW8+tiT6ppsD
+RVVeUrGdslVo40KZ8wqxx4y2IMKZ7qW/UZnqWQFAAD3d3iQBJXORpy1xn0AZStY2
+ddnhkKdBOyKs5JLoJfSwP8vyTi4iMXPFILP1spuTAqxEFBRTZ3rTE81jimznhp5N
+/OXI92khj6deiTc1kun+ef3n89e1w6KO4Dt1LUNL08N4mpEwLwvBGLS/5v/3KVpm
+Q6XknASLY4RaWdj1D5zbPY6F+JFUv22la5mdia4Gn1zxjsyZNMGgM6nx8OCZn4qg
+JTr7RT4f+EubkEwYD1sw60iTYsqM3o1gFUzkFdEAotWU4tl3nxRkUwusikX7Uu7e
+2QY46Sg/6NxW+oelx1qDGjMlP2CIlEsEqj4ND3eJzJT6nef1xmmTUUu+kQF4TBtX
+J7XqmuTzST2ySPhBUEIOKbjmzdbe+zpbraADhq5BS3zKKmcVSqmqJxkXPxzCwIwb
+uMcg2spQ5fzP/BquOGdQSx0rD3dQ5lTNX6QZyDaKHZR78ZAEiVE=
+=I9Vz
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-20:13.libalias.asc

@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:13.libalias                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Memory disclosure vulnerability in libalias
+
+Category:       core
+Module:         libalias
+Announced:      2020-05-12
+Credits:        Vishnu Dev TJ working with Trend Micro Zero Day Initiative
+Affects:        All supported versions of FreeBSD
+Corrected:      2020-05-12 16:52:08 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:54:39 UTC (releng/12.1, 12.1-RELEASE-p5)
+                2020-05-12 16:52:08 UTC (stable/11, 11.4-STABLE)
+                2020-05-12 16:54:39 UTC (releng/11.4, 11.4-BETA1-p1)
+                2020-05-12 16:54:39 UTC (releng/11.3, 11.3-RELEASE-p9)
+CVE Name:       CVE-2020-7455
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The ipfw(4) system facility allows IP packet filtering, redirecting, and
+traffic accounting.  The ipfw(4) packet filter also contains two different
+methods of accomplishing network address translation (NAT): in-kernel and
+userspace.  Both implementations use the same functions provided by libalias.
+
+The libalias(3) library is a collection of functions for aliasing and
+dealiasing of IP packets, intended for masquerading and NAT.  Additionally,
+libalias(3) includes modules to support protocols that require additional
+logic to support address translation.
+
+Note: libalias(3) is not used by either the pf(4) or ipf(4) firewalls.
+
+II.  Problem Description
+
+The FTP packet handler in libalias incorrectly calculates some packet
+lengths.  This may result in disclosing small amounts of memory from the
+kernel (for the in-kernel NAT implementation) or from the process space for
+natd (for the userspace implementation).
+
+III. Impact
+
+A malicious attacker could send specially constructed packets that exploit the
+erroneous calculation allowing the attacker to disclose small amount of memory
+either from the kernel (for the in-kernel NAT implementation) or from the
+process space for natd (for the userspace implementation).
+
+IV.  Workaround
+
+No workaround is available.  Only systems using NAT and ipfw together are
+affected.  Systems using ipfw without NAT, or systems leveraging pf(4) or
+ipf(4) are not affected.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:13/libalias.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:13/libalias.patch.asc
+# gpg --verify libalias.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r360973
+releng/12.1/                                                      r360974
+stable/11/                                                        r360973
+releng/11.4/                                                      r360974
+releng/11.3/                                                      r360974
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7455>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK3hhAAlkHMjDluGni1AaDicw5jZuyrdGLEMfgH2OdxcrTQvrBN6ZEkfLsiFvLV
+KWgUS+rx3GJApz4rZ6DFwsb+DG+kMCwYGevbT5zH5IUwe1HklyMLmjw48z47DVhx
+8tpjCKNb4ttqBzb6RMURoJgo+2NAUQOZLnFGLSGOkquqeW9AhA97ZIGv7TyOPC1p
+rJD/ic1IxTUXniNu4soexsRqVoMqv1nA1DLrN4TTooFVCQTHaBUBxSTFlaAsBXyb
+7L5GIEydZ2429spQACnFGW4RDveOGB/6Jbt2yHEuu+ASOrwl9sRSu79PYijcz28v
+yXjI0zG4A+78qmeCMbGHIySrLjc8XaWgr13Kp4S+40MWQhoGHJ2ZZVdLX010WTvm
+nbGs9NQ60sytxdJn1QRTleiBIKjJiVqNEADfS4DhXa/0HouN3L8dVR/+jPfLMFmT
+/7GZjhdbn4u0a1ZlgUZ62oHoo8NLop49KY4LHtHd7VpJZ8OfK0qkCN0DL4Ep+Wrg
+oZWJL5HGhFOEA4TDYuypJ58yIPsTDVa9MuLMx/SBF30jVZcS1LtbiMXXuZs6clig
+oOk4ZE0hpSRdA69xgX459kcTjU6XVJRnTPWyepG3sNljktwk8jyfwKHXOUpJONos
+0jWu0ngj60djS8qCrxdkMn3t26fk0IhbA4leBEM+wAKmWsARt/M=
+=woOx
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-20:14.sctp.asc

@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:14.sctp                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:		Improper checking in SCTP-AUTH shared key update
+
+Category:       core
+Module:         kernel
+Announced:      2020-05-12
+Credits:        da_cheng_shao@yeah.net
+Affects:        FreeBSD 11.3
+Corrected:      2019-09-19 10:01:19 UTC (stable/12, 12.1-STABLE)
+                2019-09-19 10:06:18 UTC (stable/11, 11.3-STABLE)
+                2020-05-12 16:55:32 UTC (releng/11.3, 11.3-RELEASE-p9)
+CVE Name:       CVE-2019-15878
+
+Note: The upcoming release of FreeBSD 11.4 was branched after the original
+commit to the stable branch and already includes the fix for this advisory.
+Similarly, the 12.1 branch was created shortly after the original commit to
+the stable branch and already includes the fix.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The Stream Control Transmission Protocol (SCTP) is a transport protocol
+supporting the socket API.  An SCTP packet consists of an SCTP common header
+and a number of SCTP chunks.
+
+The SCTP extension SCTP-AUTH can be used to authenticate SCTP chunks.  It
+uses shared keys which can be managed via the socket API by the application
+using an SCTP association.
+
+II.  Problem Description
+
+The SCTP layer does improper checking when an application tries to update
+a shared key.  Therefore an unprivileged local user can trigger a use-after-
+free situation, for example by specific sequences of updating shared keys and
+closing the SCTP association.
+
+III. Impact
+
+Tiggering the use-after-free situation may result in unintended kernel
+behaviour including a kernel panic.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:14/sctp.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:14/sctp.patch.asc
+# gpg --verify sctp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r352509
+stable/11/                                                        r352509
+releng/11.3/                                                      r360975
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15878>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKMHQ/8C9QgTd37kgGUaKlZ2YpgIWj25acum87au89KvNxID1Kvd9jMOFkfvGOq
+YVEqJ5ZwnOPbqme6FpLI2UDM4E2N1aMxEZcTZspWR5U/4butu4+4yy4dGudn0LQ9
+EYwTag0ocCypB/c8tBh0SfN9KHM6JqCgnWFBlwyedHTjdVCUvAgwcZJEi4ne2D3G
+S7DgVes6x0gifXY897YQJlfEMfJEtdfLe9SMkIzSltjTD9PJhZ7WD5uqHYNGOFOv
+Xh6JNHlAGuFxUpL94Tvr3o8Ptx0oOIo0cMw9fvqZq/Hp48jSEDfMIqhcqbEWmygW
+sJo4NaZkqmA3hYCOqiOYSXFGeaSOYQanBduIA2m5BGjy5vHQBgTabSo9yH/ttrC8
+8vBkGAUOyrC+dH5kguT6Q194BwDWuloKr38oQ2PrVbfCRwHtG8SEk/BC3glPCSdE
+cWj5h4Eh1+z1GadgQ4JllmH5UBY702Vm1PhqZpGRbtRTbEWL84hT+4XCokq4wmQS
+uB2M/Ew77FPBeZxVzE063Zk5/TLOfl2CFywekTX6C8too2YmIqEgl0DX7DYyr+fC
+15t2bNkbfvFyS5iPti2rjOSIZG684i39nnk0YcC396azveQRCvDp6Q6E25jsl0pR
+P4ARjQkw5cY3MBXtdSXMFON35swHTqZnL4gy134pjGyNVR+A0/k=
+=fwNs
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-20:15.cryptodev.asc

@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:15.cryptodev                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Use after free in cryptodev module
+
+Category:       core
+Module:         cryptodev
+Announced:      2020-05-12
+Credits:        Yuval Kanarenstein
+Affects:        All supported versions of FreeBSD.
+Corrected:      2020-01-20 11:19:55 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:57:47 UTC (releng/12.1, 12.1-RELEASE-p5)
+                2020-01-20 11:19:55 UTC (stable/11, 11.3-STABLE)
+                2020-05-12 16:57:47 UTC (releng/11.3, 11.3-RELEASE-p9)
+CVE Name:       CVE-2019-15879
+
+Note: The upcoming release of FreeBSD 11.4 was branched after the original
+commit to the stable branch and already includes the fix for this advisory.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The cryptodev module permits userland applications to offload
+cryptographic requests to device drivers in the kernel.  Applications
+create sessions via file descriptors opened from /dev/crypto.
+
+II.  Problem Description
+
+A race condition permitted a data structure in the kernel to be used
+after it was freed by the cryptodev module.
+
+III. Impact
+
+An unprivileged process can overwrite arbitrary kernel memory.
+
+IV.  Workaround
+
+Unload the cryptodev kernel module if it is loaded:
+
+# kldunload cryptodev
+
+Note that the cryptodev module is not loaded by default and is not
+used by most applications.  Specificially, use of accelerated software
+cryptography, such as AES-NI, in userland applications via libraries such
+as OpenSSL do not make use of the cryptodev module.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.1]
+# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.12.patch.asc
+# gpg --verify cryptodev.12.patch.asc
+
+[FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.11.patch.asc
+# gpg --verify cryptodev.11.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r356908
+releng/12.1/                                                      r360976
+stable/11/                                                        r356908
+releng/11.3/                                                      r360976
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15879>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLW2A//VW8iJqNaBHhMnCrpl+oDTadzGM3gYVxnM+EEQYzru2Ze0z0tShiAkXrQ
+NryjwBpMA3r1nyWDYaWMgbHjcG+jQdsIvoiA+fSU9hXEUbpxwX9ZKlaSZUBDX48X
+YScJMewgHCXNpgkTnIckaIyIadOXX+zWhi5T0LN2tS5M5oejTLndAKo9mQm1Ni50
+PYiHFkLzO7v4H6K0cKuJRuHF8+kU1IhvOinZuXwZXoGqmPGTVsA0+T27dWhosaWv
+Yqh3Pbp5oS1y3NbbOadLPhY146pT2Qrb2mQOEiHvsXMFRgjIEQzH1MYXx5gvpa4K
+CkMwCV/MuNotscVZ00qhVQEGEVlrhgi2IXinzxde5HYCc3mD/KdcYnYz9zOCeIfb
+9RfdvKk8uzUITLyz8ZinZBqIHghnSG3M9/cNj2o/97yRfFJazXF/SI41YoV3hcyE
+Gb1ncYfaAJ4rL9U6xHMw7V+1LSlMrVsIcWxCM2PS4NTwWcZ8K7mEX51ARjx4k7lx
+IBEsJ+ExSfZHNkS6/DLZiuLEQKFxIOKlRyZQTALnzNaNTp763idW7zA+9k8ceBRH
+VO7x3EGNqNPhIss+JHOxDUaXTFfJTcd7XGv291unkZwBJuFhJBfH3S+ZCcF38xVK
+aweHOoJW5V+D9GKygb9oLjOxOupRkFuRrHFQcvj57FYqs9/GDVc=
+=8E1l
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-20:16.cryptodev.asc

@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-20:16.cryptodev                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Insufficient cryptodev MAC key length check
+
+Category:       core
+Module:         cryptodev
+Announced:      2020-05-12
+Credits:        Yuval Kanarenstein
+Affects:        FreeBSD 12.1
+Corrected:      2020-01-20 11:54:00 UTC (stable/12, 12.1-STABLE)
+                2020-05-12 16:59:09 UTC (releng/12.1, 12.1-RELEASE-p5)
+CVE Name:       CVE-2019-15880
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The cryptodev module permits userland applications to offload cryptographic
+requests to device drivers in the kernel.  Applications create sessions via
+file descriptors opened from /dev/crypto.
+
+II.  Problem Description
+
+Requests to create cryptography sessions using a MAC did not validate the
+user-supplied MAC key length.  The cryptodev module allocates a buffer whose
+size is this user-suppled length.
+
+III. Impact
+
+An unprivileged process can trigger a kernel panic.
+
+IV.  Workaround
+
+Unload the cryptodev kernel module if it is loaded:
+
+# kldunload cryptodev
+
+Note that the cryptodev module is not loaded by default and is not
+used by most applications.  Specificially, use of accelerated software
+cryptography (e.g. AES-NI) in userland applications via libraries such
+as OpenSSL does not make use of the cryptodev module.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-20:16/cryptodev.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:16/cryptodev.patch.asc
+# gpg --verify cryptodev.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r356911
+releng/12.1/                                                      r360977
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15880>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:16.cryptodev.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKFbg/+Ou239S9yDp+FTyDlqq4w8p08kh8nHqB6FO6Q6aIxkEgSu/yO9IZsKSnM
+o05O8iOVOTRR5xSIBN/aW5d4adH81AV6X66NKUZ0bJwAp16v7YIyivY3ySLOB093
+oOTy/wlv0jxAYVzOlqMTuVm4dr9dh+9I9kwF94SDY7/maY0pCuUmVCRi2Y5gvCqu
+LYkDdG0Mq0pka1sGY8aFvG63oMyZ98gkbBNk666SzJnBDq/QDSL0FASCgYDjG1fE
+R/BciJpucIFi3JPZgSaKi4j56HiN/LaX63A1rdjza3aRh/sLMr7+GHFI3sn474tu
+xrkRjwnxr7/dghjspHAvsv+8U1oRIGVxeyaQB+Hd4WvNcVzp2McNBJ9c/z7Ugt1r
+affyXl0JBBkdVa45xDf/weGwwxcmCWxXxv7gDPelf07p3MNjl5G3pPUCUoRA3XE5
+Am1v5E0Eui5s/H4ncodY/ECIAHuOfenzdcpK5xCQUMHkgikfiLftNfLWSVOrqEJn
+Wxl8/ttKWLYYwYDSYrN0kNvQWc6LHsuA1I7Zt7wpRW09wB2OlZ7Hn2nZebTrXjKG
+P/AeGa+JVCJ2HZzj1+8qxcFHgq8IRINICvq743e2vIQak0KsgqmtvnLavAlv/p3d
+zPxFJOPAw0bhJj14qLT+cXGC9u3/qrZWWR0b4S7qeMlLG3Cw4fk=
+=j3X1
+-----END PGP SIGNATURE-----

share/security/patches/EN-20:08/tzdata-2020a.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKODw//cJQJmbbx8gQCJ1d1PkK6RE6kOjTdk7QVEJarhhfar3FF9qm/ZmGpkD0P
+7o4EST7BraN2sTXxEmwh7Fd+ai+3z3SnxXE2DdnvC/Tw4bGxx42nn9iquCuedZrm
+C7A8s9I+H1IguIMnB5kvsvaANVUC0Aa/8KTgMu5uCzPmFvaOnrnZTiYewJzy9Syr
+LXcUYzykxp3c8ypWiL8CXtyFhoh+J6zXMIphKBl6kF+w+f0dROUEdFpR8iQdg24I
+ZbV0IqHKjExnpOeANgpKFPXMVL5D7lw9r++aFCpEypjHI7x+bvhMmTpsWc5AvOdg
+Gqm6sik8JszEC5H+mMmUMTPadlEUzsaIgz9JaqB4xPmkIRbJ3jes+bytmCgbnJ3a
+WMeGCyQscb1FVOQ7hLL7RzTj5CfwoF1muCu/sQhN7MkYkAEwghKezCaXY0z8THwU
+geyno2Fc13Htg/L+Msb5zZIANASNjocNx9+oOtnIkTNeYed3kSjyLiLPwm+/E4t4
+kB/5BbXigAiS8n2pFPEnqqlzXP43yxRp+AI6gjDbL1nVoF+7nLUGO1rdPfaVvmXC
+HzoBoFkDcuMWz69ctMFZOo3Y7Qty+i5vVgkf0EHj3CpgZPQvgcfy1m0jSgZw2+ti
+R2UTj+ps9PfAW0tqNHaOGAMdRhfZYGhRWSRyI3f66OO/r4tlkao=
+=083Y
+-----END PGP SIGNATURE-----

share/security/patches/EN-20:09/igb.patch

@@ -0,0 +1,84 @@
+--- sys/dev/e1000/if_em.c.orig
++++ sys/dev/e1000/if_em.c
+@@ -1395,10 +1395,8 @@
+ 	IFDI_INTR_DISABLE(ctx);
+ 
+ 	/* Link status change */
+-	if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC)) {
+-		adapter->hw.mac.get_link_status = 1;
+-		iflib_admin_intr_deferred(ctx);
+-	}
++	if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC))
++		em_handle_link(ctx);
+ 
+ 	if (reg_icr & E1000_ICR_RXO)
+ 		adapter->rx_overruns++;
+@@ -1481,22 +1479,24 @@
+ 
+ 	if (reg_icr & (E1000_ICR_RXSEQ | E1000_ICR_LSC)) {
+ 		em_handle_link(adapter->ctx);
+-	} else {
+-		E1000_WRITE_REG(&adapter->hw, E1000_IMS,
+-				EM_MSIX_LINK | E1000_IMS_LSC);
+-		if (adapter->hw.mac.type >= igb_mac_min)
+-			E1000_WRITE_REG(&adapter->hw, E1000_EIMS, adapter->link_mask);
++	} else if (adapter->hw.mac.type == e1000_82574) {
++		/* Only re-arm 82574 if em_if_update_admin_status() won't. */
++		E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK |
++		    E1000_IMS_LSC);
+ 	}
+ 
+-	/*
+-	 * Because we must read the ICR for this interrupt
+-	 * it may clear other causes using autoclear, for
+-	 * this reason we simply create a soft interrupt
+-	 * for all these vectors.
+-	 */
+-	if (reg_icr && adapter->hw.mac.type < igb_mac_min) {
+-		E1000_WRITE_REG(&adapter->hw,
+-			E1000_ICS, adapter->ims);
++	if (adapter->hw.mac.type == e1000_82574) {
++		/*
++		 * Because we must read the ICR for this interrupt it may
++		 * clear other causes using autoclear, for this reason we
++		 * simply create a soft interrupt for all these vectors.
++		 */
++		if (reg_icr)
++			E1000_WRITE_REG(&adapter->hw, E1000_ICS, adapter->ims);
++	} else {
++		/* Re-arm unconditionally */
++		E1000_WRITE_REG(&adapter->hw, E1000_IMS, E1000_IMS_LSC);
++		E1000_WRITE_REG(&adapter->hw, E1000_EIMS, adapter->link_mask);
+ 	}
+ 
+ 	return (FILTER_HANDLED);
+@@ -1512,7 +1512,6 @@
+ 	iflib_admin_intr_deferred(ctx);
+ }
+ 
+-
+ /*********************************************************************
+  *
+  *  Media Ioctl callback
+@@ -1829,14 +1828,15 @@
+ 	em_update_stats_counters(adapter);
+ 
+ 	/* Reset LAA into RAR[0] on 82571 */
+-	if ((adapter->hw.mac.type == e1000_82571) &&
+-	    e1000_get_laa_state_82571(&adapter->hw))
+-		e1000_rar_set(&adapter->hw, adapter->hw.mac.addr, 0);
++	if (hw->mac.type == e1000_82571 && e1000_get_laa_state_82571(hw))
++		e1000_rar_set(hw, hw->mac.addr, 0);
+ 
+-	if (adapter->hw.mac.type < em_mac_min)
++	if (hw->mac.type < em_mac_min)
+ 		lem_smartspeed(adapter);
+-
+-	E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK | E1000_IMS_LSC);
++	else if (hw->mac.type == e1000_82574 &&
++	    adapter->intr_type == IFLIB_INTR_MSIX)
++		E1000_WRITE_REG(&adapter->hw, E1000_IMS, EM_MSIX_LINK |
++		    E1000_IMS_LSC);
+ }
+ 
+ static void

share/security/patches/EN-20:09/igb.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKm0w//cglvZ8m6vivLMk2uiLy+itM6yKXO2NSHtRY4aRguAv3HaQoEs6+BupfI
+tYZdqrfdi1BIOD6+ANWwwghhx/8T6Hw7VYOr7C9X5Di3YuErpgz87V6uF6+hRqcI
+A7mQ0CRXS+7s98w9IIOIirdAXkP9S7ASDAgP6kzN1ym6zCkeGaMctgaEDbTdICUq
+nSKNpgA0XVG86HetEu7OZm2laxgdItPFRKQvoNp0VpQ5rya4XYagw6PhAjY0rH3g
+Wc6JdIwhRrSs4XkfmsNXVNTy87vI+gTVSYNZD3K+uvGIO/RBvwPo5QtbR/EoGZHY
+D3hK/4xQWd7Pd2nPUkZhRZ3hqc4vEdNlqKcNBhh8LSGB/qFuDsaqJd8UF83Sfpsy
+UuJiauksB0U29QHhWYef3tMGjaiQjJ/Alt9KN/+aX+h30uFUTHZMnK1d3VLEXKdh
+rV60ezQGuUjGlayICVl0fYCEhvMfQAdYvM+VorZCReznpzcv0nZBBjj/cBVl+pzu
+VlzU3J9kRSPShIWfHPxBzdaTaIWvD3WFIUUkYRzOLrLoDKI5IbDODh09ySrvsFEs
+z3Q1TKtYHySqlNP+MhegFn5LkqqGElJQxmVLdMG1f5ELs6Zg8HnYWhDfHVWXnRe9
+52/PolRWMxy0D5S/5JNO4lIp+hcV1G0Pwnney/sTtyK/o77HH34=
+=L1Qp
+-----END PGP SIGNATURE-----

share/security/patches/EN-20:10/build.11.patch

@@ -0,0 +1,31 @@
+--- share/mk/bsd.compiler.mk.orig
++++ share/mk/bsd.compiler.mk
+@@ -156,7 +156,7 @@
+ . endif
+ .endif
+ .if !defined(${X_}COMPILER_VERSION)
+-${X_}COMPILER_VERSION!=echo "${_v:M[1-9].[0-9]*}" | awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
++${X_}COMPILER_VERSION!=echo "${_v:M[1-9]*.[0-9]*}" | awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
+ .endif
+ .undef _v
+ .endif
+--- share/mk/bsd.linker.mk.orig
++++ share/mk/bsd.linker.mk
+@@ -55,7 +55,7 @@
+ .endif
+ .if ${_ld_version:[1..2]} == "GNU ld"
+ ${X_}LINKER_TYPE=	bfd
+-_v=	${_ld_version:M[1-9].[0-9]*:[1]}
++_v=	${_ld_version:M[1-9]*.[0-9]*:[1]}
+ .elif ${_ld_version:[1]} == "LLD"
+ ${X_}LINKER_TYPE=	lld
+ _v=	${_ld_version:[2]}
+@@ -64,7 +64,7 @@
+ ${X_}LINKER_TYPE=	bfd
+ _v=	2.17.50
+ .endif
+-${X_}LINKER_VERSION!=	echo "${_v:M[1-9].[0-9]*}" | \
++${X_}LINKER_VERSION!=	echo "${_v:M[1-9]*.[0-9]*}" | \
+ 			  awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
+ .undef _ld_version
+ .undef _v

share/security/patches/EN-20:10/build.11.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK1cg/8DXuUVvVWSFUqO+GP7+Nz/S1HTP0sFYirRzKgKtkuCdu6+3KIpTiYAUCI
+igWBSfCRnLX2YS8otVWWvMqhiggmo2y5z8Wb4nuEugdpGy8wDPiJUO9QgfjbBvgb
+LJFb05UxKXNJXCsMn6n+GEcA/Mt0RoMTRjKrBWkFf8ePXkWYdfKJQSX2M9n9QYQZ
+nfL6SqPufPHk3wCAJLNq8i36SPI/6yrCtEHscx90lnD+a06Ou5LZ5GYcJ+0y60SR
++TTsXcESIiwkGbyhocSAs5D2+m/mOzgy5ILElNB4y6LAYslPtc2CpYO+pvc8l989
+BM6YolAX55pIw1mTn51TLiDMBIOrBnzKrqHKTHnScuG+qyen721zBvV1ocdO+Knz
+elVLgWIxZ2UNbx6VcCQ7LXx2rJ/2RQuPY2yr5eFzGaxQmI39f/yWPx2/074DwMwk
+RuVMnX4p8O9LIu2oSXNpYl37ebaQ9p6r/+xop/peId39rrMOqDkv1U/IFqxNOEjf
+V4dgx/pYZ9riZnpguIjBRDnCzVbl7zBYl/akTxQ2Ch/gOfI8lgqlB+yEDyv5OFfN
+QO5Ciy/9j2yLn/HB885haDdPqrmaeOXzyNoeD65qDFTYm7Pil2TGKeQ+yNviSo68
+Bor061/uEF9ADmL6FRRkIBxdfX9VfCuUG2KslPL25YH/VjnSe2k=
+=m6X7
+-----END PGP SIGNATURE-----

share/security/patches/EN-20:10/build.12.patch

@@ -0,0 +1,31 @@
+--- share/mk/bsd.compiler.mk.orig
++++ share/mk/bsd.compiler.mk
+@@ -168,7 +168,7 @@
+ . endif
+ .endif
+ .if !defined(${X_}COMPILER_VERSION)
+-${X_}COMPILER_VERSION!=echo "${_v:M[1-9].[0-9]*}" | awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
++${X_}COMPILER_VERSION!=echo "${_v:M[1-9]*.[0-9]*}" | awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
+ .endif
+ .undef _v
+ .endif
+--- share/mk/bsd.linker.mk.orig
++++ share/mk/bsd.linker.mk
+@@ -59,7 +59,7 @@
+ .if ${_ld_version:[1..2]} == "GNU ld"
+ ${X_}LINKER_TYPE=	bfd
+ ${X_}LINKER_FREEBSD_VERSION=	0
+-_v=	${_ld_version:M[1-9].[0-9]*:[1]}
++_v=	${_ld_version:M[1-9]*.[0-9]*:[1]}
+ .elif ${_ld_version:[1]} == "LLD"
+ ${X_}LINKER_TYPE=	lld
+ _v=	${_ld_version:[2]}
+@@ -71,7 +71,7 @@
+ ${X_}LINKER_TYPE=	bfd
+ _v=	2.17.50
+ .endif
+-${X_}LINKER_VERSION!=	echo "${_v:M[1-9].[0-9]*}" | \
++${X_}LINKER_VERSION!=	echo "${_v:M[1-9]*.[0-9]*}" | \
+ 			  awk -F. '{print $$1 * 10000 + $$2 * 100 + $$3;}'
+ .undef _ld_version
+ .undef _v

share/security/patches/EN-20:10/build.12.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKV8w/+IAon7mFVyRP8oTn+3/tw9yfAzJEuOHYr4Tdbrrx0jtR/Om7BdQ8Q/cd9
+L8e6XcEKdlY9ZN/6duawFRQkFeGZDrgqoxrPm3/KkV4ri2oDpVwQj0GAgAJlFxRz
+o9jT9KbhMhPkzBVl1GB7+dfdf34AwrhOYIPmnQyxrSCFiyrPq1MMPVEzNcyR41uk
+XvqRfX++MBYPUyL6BhjqjcuGBZlfuPyaiXRMGsjHsHJVVVzfOvT0C3D4Yrpqc/++
+rVwWd4Wc9kMF5SMS4njW1H716Vm/aTjOaENbAA6341Itb1Qmq/IHyaghNSlJvOMG
+9suDjBSXkvwVzegtc/tUEDquRLWz72wqH+Cs6zFX+5oQX8DLeN31eibRlF87J8pK
+XehhFQaVzlxQoHwS2+QCluSesYRJXjjHupZOdXpZBH/yN14c9T0ArLghf32WONhW
+c4SuA+AVZqTbGx+yj1anJ501ppjED4NRPwdjJ7ASsQvgG7CRGeP1TbkTI+HI9cQW
+p3TjLjGstHKHtWz9/JSq48swDir6HiyJztUpheS8EaQ5Gydi6JBS21XOhVM9yMMb
+mfpXIRFo+XqlvIkzkzhOZ2cIzJ8PfNuOio+PwEZTGS692cIT/Vm6sTXfF1jKFN1o
+QlDyj+uv5GRAqo5ioXNdMWQKgImbglxo2JCgqi9yUjBdtdNRDfc=
+=0/gQ
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:12/libalias.patch

@@ -0,0 +1,102 @@
+--- sys/netinet/libalias/alias.c.orig
++++ sys/netinet/libalias/alias.c
+@@ -442,10 +442,15 @@
+ static int
+ IcmpAliasIn(struct libalias *la, struct ip *pip)
+ {
+-	int iresult;
+ 	struct icmp *ic;
++	int dlen, iresult;
+ 
+ 	LIBALIAS_LOCK_ASSERT(la);
++
++	dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++	if (dlen < ICMP_MINLEN)
++		return (PKT_ALIAS_IGNORED);
++
+ /* Return if proxy-only mode is enabled */
+ 	if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
+ 		return (PKT_ALIAS_OK);
+@@ -464,6 +469,9 @@
+ 	case ICMP_SOURCEQUENCH:
+ 	case ICMP_TIMXCEED:
+ 	case ICMP_PARAMPROB:
++		if (dlen < ICMP_ADVLENMIN ||
++		    dlen < ICMP_ADVLEN(ic))
++			return (PKT_ALIAS_IGNORED);
+ 		iresult = IcmpAliasIn2(la, pip);
+ 		break;
+ 	case ICMP_ECHO:
+@@ -732,10 +740,17 @@
+ {
+ 	struct udphdr *ud;
+ 	struct alias_link *lnk;
++	int dlen;
+ 
+ 	LIBALIAS_LOCK_ASSERT(la);
+ 
++	dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++	if (dlen < sizeof(struct udphdr))
++		return (PKT_ALIAS_IGNORED);
++
+ 	ud = (struct udphdr *)ip_next(pip);
++	if (dlen < ntohs(ud->uh_ulen))
++		return (PKT_ALIAS_IGNORED);
+ 
+ 	lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
+ 	    ud->uh_sport, ud->uh_dport,
+@@ -824,12 +839,19 @@
+ 	u_short dest_port;
+ 	u_short proxy_server_port;
+ 	int proxy_type;
+-	int error;
++	int dlen, error;
+ 
+ 	LIBALIAS_LOCK_ASSERT(la);
+ 
+ /* Return if proxy-only mode is enabled and not proxyrule found.*/
++	dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++	if (dlen < sizeof(struct udphdr))
++		return (PKT_ALIAS_IGNORED);
++
+ 	ud = (struct udphdr *)ip_next(pip);
++	if (dlen < ntohs(ud->uh_ulen))
++		return (PKT_ALIAS_IGNORED);
++
+ 	proxy_type = ProxyCheck(la, &proxy_server_address, 
+ 		&proxy_server_port, pip->ip_src, pip->ip_dst, 
+ 		ud->uh_dport, pip->ip_p);
+@@ -922,8 +944,13 @@
+ {
+ 	struct tcphdr *tc;
+ 	struct alias_link *lnk;
++	int dlen;
+ 
+ 	LIBALIAS_LOCK_ASSERT(la);
++
++	dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++	if (dlen < sizeof(struct tcphdr))
++		return (PKT_ALIAS_IGNORED);
+ 	tc = (struct tcphdr *)ip_next(pip);
+ 
+ 	lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst,
+@@ -1042,7 +1069,7 @@
+ static int
+ TcpAliasOut(struct libalias *la, struct ip *pip, int maxpacketsize, int create)
+ {
+-	int proxy_type, error;
++	int dlen, proxy_type, error;
+ 	u_short dest_port;
+ 	u_short proxy_server_port;
+ 	struct in_addr dest_address;
+@@ -1051,6 +1078,10 @@
+ 	struct alias_link *lnk;
+ 
+ 	LIBALIAS_LOCK_ASSERT(la);
++
++	dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);
++	if (dlen < sizeof(struct tcphdr))
++		return (PKT_ALIAS_IGNORED);
+ 	tc = (struct tcphdr *)ip_next(pip);
+ 
+ 	if (create)

share/security/patches/SA-20:12/libalias.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJE6xAAgd59+RRjasSyo+Idi+R+LUEFLy+LYmQGYHyWCMdqUv/7m7hOMOT9oDBu
+QGSNpYUDaNJuEB84iiiZiAR5KLwjj25voqRxqTmLhxNbyeXgtSUxcceygHuTm17j
++4CIyjP15/aBpVIWjx8jdGwtej0RcFYvkO9RP3hQrjlm0XbPWufRXe0hLXCYC46o
+uBqQeEPQzScGMrdbc8dlkZBkT8rblUlyaqBAEqmr4ZQVhKffAmor7PCQL2819p/f
+J+x6Jww3FuF8i5IGLs1/IIC8YSwjhN/H8DX4ITpDuNxsQpBSYpcX975sNgeqCZHX
+kwY1jrkBEP4VEQp5u8LD3JIfQPwjuOzBnWa4Y6pQkT1wvsoCQL7hBcRswa8fiGJ+
+BrAsgJgLV/DriyCxs5eMbY0qQ26wFjbbzoi3aBTjc4UulySV3F760YPXgnDxgzqJ
+O67lPSKwYSi1syMcdOIJM9UiH2VsQ6RbHvQ4HH+KnNF+obyNU3uiG9M25YMTe3Bw
+1uniEMyd4R5zNoppzf3X1PDZHVqZRKTUuaBTzMbSzBi03sAW73ZcvOd1rf1XgFjO
+WdwCgJLwjLVwcobcs2PVZ8ngYlTnIcPBi7MiuXgZJ6NkMdMXlzLGWGc5q7Xq8jvB
+HH+RNXYcOGeCX/u/cGNYlWGgIsK6sl1VZN3oCiSlISYam2BCcI0=
+=1oQk
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:13/libalias.patch

@@ -0,0 +1,12 @@
+--- sys/netinet/libalias/alias_ftp.c.orig
++++ sys/netinet/libalias/alias_ftp.c
+@@ -754,7 +754,8 @@
+ 		{
+ 			u_short new_len;
+ 
+-			new_len = htons(hlen + slen);
++			new_len = htons(hlen +
++			    MIN(slen, maxpacketsize - hlen));
+ 			DifferentialChecksum(&pip->ip_sum,
+ 			    &new_len,
+ 			    &pip->ip_len,

share/security/patches/SA-20:13/libalias.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cL3YRAAhnKuI7oF3fed+H1H4eI4e8uqyeeajkOJZDEquxlYEP6+HxHlgynDWKfG
+9CaM5lwnceYuLjqzEecfQNbkap4sRNSP4QjkJJJ67mK8v01++azjuOJJOu3x3uFK
+ldU/1s9vNWZvnhW88yIJIoR3OopdLfxiM4Mbj/alDOnpFXvym7z6FcKyy7FmuP+M
+AqEzHwhni4LG4sD8UrLCidOP4TTw24nokSycu7XzTaP7S/Ilyvtj4ccyI4IvNg2J
+N5AwawDEvgMU/xxJzp22TYFK496QKVFmFOO9R3Xm1gYoN+J+Ecxp5sm4aafHykFx
+zM18Uik7nENDWspIzTLpZIabwW8Zc3hBxn+diBtdPG2htD7m6KFIeJRSF7WqiFkR
+u6odCKqXOPqtoD/sKRrIGYvAhZ2fJdtvyuKdMw0kRir7cjZYPeowad8jI6hsYF1A
+pi4IR9FoDXlicoQqRO8PGhg9ULs6aVXTl22N9J4nFdPeEnrup7GEIpVy34ii3E76
+SHYNbJCU36aNLelwNoUSviPUeR1yaxy4IGqXa6ELuh04RzVz38rRsUQE1cMCNBOx
+vnee30NXLaTA3H4V3xOmo+iFodG+UGysSKABdCHz5vSfSMalt86u5c6G0DAlMBj/
+ptpBvlIlcS2kSUfq1eFpWBf7OtViF+mtncBdNYD5YcEoMOfYSjM=
+=yrxB
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:14/sctp.patch

@@ -0,0 +1,11 @@
+--- sys/netinet/sctp_auth.c.orig
++++ sys/netinet/sctp_auth.c
+@@ -523,7 +523,7 @@
+ 		} else if (new_skey->keyid == skey->keyid) {
+ 			/* replace the existing key */
+ 			/* verify this key *can* be replaced */
+-			if ((skey->deactivated) && (skey->refcount > 1)) {
++			if ((skey->deactivated) || (skey->refcount > 1)) {
+ 				SCTPDBG(SCTP_DEBUG_AUTH1,
+ 				    "can't replace shared key id %u\n",
+ 				    new_skey->keyid);

share/security/patches/SA-20:14/sctp.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI+yw/9G0uF81zxIW5o9EmwgbvfNXWq75phJn+q8Y8qnpbJtTj9QIKkWzcCIA5C
+h9jQy/hyq5w7D6c+u0DR9qkMU2f25sooYQYDoz2KQi2rryqlJOFGhD0PVvVRWe9R
+jVztdazpxSJCs89wl25bXpFnSihFYkpg2iZpKEsStZQPkXTZcf5SnxczI8uPOlxf
+EslzFJNVcRp+jZQSX4bQ3kzkVP0873npn/CBNlRLM2Xw7xi6GO4fVgkHfgh0CsRi
+cvdXxM0bYr8RkHQAA9a5bQJQGo4Co4Fo5XFX9t8SLdN6FHuijxgXa0PDSRSTS/ek
+r3thIlKGH7pa5Zc6GDOSAV7zXfShVVZEcTezhjwDC5/Ngsy/bcHPkHWofvlpnZBY
+1r1+wTIbZHqp1fygMSa7F1+l+v6DaIUB8ScgZH/ybYJiwTAayE1oBkqDJVt2SmdN
+guGKK28GHp5SdHAtiziAdAHDCtly1qyp3g04RCo1CSCe1vsF1HlPzTPInnF81pw8
+ileE4Grq4mTuvbZb6MexX9UijlY5FAvXS75APa8KTVDBRDVQEFszZuZkfYXvYBrJ
+1HwU9K3ySePu0Dto+dRmGyOk5KgN/7NTat036+dFgADC5Ykw0VvJDUkkVpGkwMb0
+k6hyRdw1nm1eaRMAVmbrxlwJ6GeH9BX50cKLObzt9JteKjBe1oE=
+=Atod
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:15/cryptodev.11.patch

@@ -0,0 +1,166 @@
+--- sys/opencrypto/cryptodev.c.orig
++++ sys/opencrypto/cryptodev.c
+@@ -268,6 +268,7 @@
+ struct csession {
+ 	TAILQ_ENTRY(csession) next;
+ 	u_int64_t	sid;
++	volatile u_int	refs;
+ 	u_int32_t	ses;
+ 	struct mtx	lock;		/* for op submission */
+ 
+@@ -294,6 +295,7 @@
+ struct fcrypt {
+ 	TAILQ_HEAD(csessionlist, csession) csessions;
+ 	int		sesn;
++	struct mtx	lock;
+ };
+ 
+ static	int cryptof_ioctl(struct file *, u_long, void *,
+@@ -320,8 +322,7 @@
+ };
+ 
+ static struct csession *csefind(struct fcrypt *, u_int);
+-static int csedelete(struct fcrypt *, struct csession *);
+-static struct csession *cseadd(struct fcrypt *, struct csession *);
++static int csedelete(struct fcrypt *, u_int);
+ static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t,
+     u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
+     struct auth_hash *);
+@@ -612,13 +613,9 @@
+ 		break;
+ 	case CIOCFSESSION:
+ 		ses = *(u_int32_t *)data;
+-		cse = csefind(fcr, ses);
+-		if (cse == NULL) {
++		error = csedelete(fcr, ses);
++		if (error != 0)
+ 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+-			return (EINVAL);
+-		}
+-		csedelete(fcr, cse);
+-		error = csefree(cse);
+ 		break;
+ 	case CIOCCRYPT:
+ #ifdef COMPAT_FREEBSD32
+@@ -635,6 +632,7 @@
+ 			return (EINVAL);
+ 		}
+ 		error = cryptodev_op(cse, cop, active_cred, td);
++		(void)csefree(cse);
+ #ifdef COMPAT_FREEBSD32
+ 		if (error == 0 && cmd == CIOCCRYPT32)
+ 			crypt_op_to_32(cop, data);
+@@ -701,6 +699,7 @@
+ 			return (EINVAL);
+ 		}
+ 		error = cryptodev_aead(cse, caead, active_cred, td);
++		(void)csefree(cse);
+ 		break;
+ 	default:
+ 		error = EINVAL;
+@@ -1275,6 +1274,9 @@
+ 
+ 	while ((cse = TAILQ_FIRST(&fcr->csessions))) {
+ 		TAILQ_REMOVE(&fcr->csessions, cse, next);
++		KASSERT(cse->refs == 1,
++		    ("%s: crypto session %p with %d refs", __func__, cse,
++		    cse->refs));
+ 		(void)csefree(cse);
+ 	}
+ 	free(fcr, M_XDATA);
+@@ -1295,34 +1297,35 @@
+ {
+ 	struct csession *cse;
+ 
+-	TAILQ_FOREACH(cse, &fcr->csessions, next)
+-		if (cse->ses == ses)
++	mtx_lock(&fcr->lock);
++	TAILQ_FOREACH(cse, &fcr->csessions, next) {
++		if (cse->ses == ses) {
++			refcount_acquire(&cse->refs);
++			mtx_unlock(&fcr->lock);
+ 			return (cse);
++		}
++	}
++	mtx_unlock(&fcr->lock);
+ 	return (NULL);
+ }
+ 
+ static int
+-csedelete(struct fcrypt *fcr, struct csession *cse_del)
++csedelete(struct fcrypt *fcr, u_int ses)
+ {
+ 	struct csession *cse;
+ 
++	mtx_lock(&fcr->lock);
+ 	TAILQ_FOREACH(cse, &fcr->csessions, next) {
+-		if (cse == cse_del) {
++		if (cse->ses == ses) {
+ 			TAILQ_REMOVE(&fcr->csessions, cse, next);
+-			return (1);
++			mtx_unlock(&fcr->lock);
++			return (csefree(cse));
+ 		}
+ 	}
+-	return (0);
++	mtx_unlock(&fcr->lock);
++	return (EINVAL);
+ }
+ 	
+-static struct csession *
+-cseadd(struct fcrypt *fcr, struct csession *cse)
+-{
+-	TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
+-	cse->ses = fcr->sesn++;
+-	return (cse);
+-}
+-
+ struct csession *
+ csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
+     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
+@@ -1334,6 +1337,7 @@
+ 	if (cse == NULL)
+ 		return NULL;
+ 	mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF);
++	refcount_init(&cse->refs, 1);
+ 	cse->key = key;
+ 	cse->keylen = keylen/8;
+ 	cse->mackey = mackey;
+@@ -1343,7 +1347,10 @@
+ 	cse->mac = mac;
+ 	cse->txform = txform;
+ 	cse->thash = thash;
+-	cseadd(fcr, cse);
++	mtx_lock(&fcr->lock);
++	TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
++	cse->ses = fcr->sesn++;
++	mtx_unlock(&fcr->lock);
+ 	return (cse);
+ }
+ 
+@@ -1352,6 +1359,8 @@
+ {
+ 	int error;
+ 
++	if (!refcount_release(&cse->refs))
++		return (0);
+ 	error = crypto_freesession(cse->sid);
+ 	mtx_destroy(&cse->lock);
+ 	if (cse->key)
+@@ -1389,13 +1398,14 @@
+ 
+ 	switch (cmd) {
+ 	case CRIOGET:
+-		fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK);
++		fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO);
+ 		TAILQ_INIT(&fcr->csessions);
+-		fcr->sesn = 0;
++		mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF);
+ 
+ 		error = falloc(td, &f, &fd, 0);
+ 
+ 		if (error) {
++			mtx_destroy(&fcr->lock);
+ 			free(fcr, M_XDATA);
+ 			return (error);
+ 		}

share/security/patches/SA-20:15/cryptodev.11.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJp/Q/6Aik1+ye69Sgz3v1HwCBut/CJNoQglaftRNE7kaIFw3qDWLk8qOpI3s1f
+3Q6m9taVd29KhzAP4VmPf/iTUGGHHiLdA3tmgpK0WK6/HV9v/Y5GhLtObmysYldi
+d9jrF0xIEqRhvX173Ly1zFonkUqZ+fWwgTkmwLTGOWh0cc7gpAR+NBmdmnand1tw
+olJDc2dNCAIugEp+tbg0Imd3j1ZF35PJPnWwTNviigoCFIGknS7yo6CPL67LaIjN
+1Ogz0ve4885JvdSSbJFoMKEx1ehiYxU/FBvkz6pTHSDxLAooNgXO4rWG+YUN7oJs
+31/kWYvtWWSkif3uDAJmQKeXudg05ukA0bksBAk/1pdwxkD2GNeAzm3mwKkPV8LX
+tAMepLKg8GEUeG+9RX/zk6913H4AJJZ4q9eyDo+Dd/KEEMlVDmvtns7cCPQvUoNA
+KjEaCZvNCil21khXAoWTI0Yy5os5TG620a+22AjDIiUIHYoj57FeMU/6YQD4J/Si
+7ZdlB/5o9zrcq/OF7bxf7dM+9S93Nr0gMPlzZd2DFG4h2XUnpDQES1rT5v5VD5Pf
+vcQA9KRMzPI35ZUieGKAqjOJ3vcSnaKChjbyXMJoz8ztn7Xf+wSd5KkSIq7ansfW
+7SVtDBN0EFdTcrnHu5G/W2L3Ipw67i6fHdv5n3mAj/dyYjIdLHQ=
+=r7Z1
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:15/cryptodev.12.patch

@@ -0,0 +1,167 @@
+--- sys/opencrypto/cryptodev.c.orig
++++ sys/opencrypto/cryptodev.c
+@@ -266,6 +266,7 @@
+ struct csession {
+ 	TAILQ_ENTRY(csession) next;
+ 	crypto_session_t cses;
++	volatile u_int	refs;
+ 	u_int32_t	ses;
+ 	struct mtx	lock;		/* for op submission */
+ 
+@@ -292,6 +293,7 @@
+ struct fcrypt {
+ 	TAILQ_HEAD(csessionlist, csession) csessions;
+ 	int		sesn;
++	struct mtx	lock;
+ };
+ 
+ static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
+@@ -323,8 +325,7 @@
+ };
+ 
+ static struct csession *csefind(struct fcrypt *, u_int);
+-static int csedelete(struct fcrypt *, struct csession *);
+-static struct csession *cseadd(struct fcrypt *, struct csession *);
++static bool csedelete(struct fcrypt *, u_int);
+ static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t,
+     u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
+     struct auth_hash *);
+@@ -685,13 +686,10 @@
+ 		break;
+ 	case CIOCFSESSION:
+ 		ses = *(u_int32_t *)data;
+-		cse = csefind(fcr, ses);
+-		if (cse == NULL) {
++		if (!csedelete(fcr, ses)) {
+ 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ 			return (EINVAL);
+ 		}
+-		csedelete(fcr, cse);
+-		csefree(cse);
+ 		break;
+ 	case CIOCCRYPT:
+ #ifdef COMPAT_FREEBSD32
+@@ -708,6 +706,7 @@
+ 			return (EINVAL);
+ 		}
+ 		error = cryptodev_op(cse, cop, active_cred, td);
++		csefree(cse);
+ #ifdef COMPAT_FREEBSD32
+ 		if (error == 0 && cmd == CIOCCRYPT32)
+ 			crypt_op_to_32(cop, data);
+@@ -774,6 +773,7 @@
+ 			return (EINVAL);
+ 		}
+ 		error = cryptodev_aead(cse, caead, active_cred, td);
++		csefree(cse);
+ 		break;
+ 	default:
+ 		error = EINVAL;
+@@ -1349,6 +1349,9 @@
+ 
+ 	while ((cse = TAILQ_FIRST(&fcr->csessions))) {
+ 		TAILQ_REMOVE(&fcr->csessions, cse, next);
++		KASSERT(cse->refs == 1,
++		    ("%s: crypto session %p with %d refs", __func__, cse,
++		    cse->refs));
+ 		csefree(cse);
+ 	}
+ 	free(fcr, M_XDATA);
+@@ -1369,34 +1372,36 @@
+ {
+ 	struct csession *cse;
+ 
+-	TAILQ_FOREACH(cse, &fcr->csessions, next)
+-		if (cse->ses == ses)
++	mtx_lock(&fcr->lock);
++	TAILQ_FOREACH(cse, &fcr->csessions, next) {
++		if (cse->ses == ses) {
++			refcount_acquire(&cse->refs);
++			mtx_unlock(&fcr->lock);
+ 			return (cse);
++		}
++	}
++	mtx_unlock(&fcr->lock);
+ 	return (NULL);
+ }
+ 
+-static int
+-csedelete(struct fcrypt *fcr, struct csession *cse_del)
++static bool
++csedelete(struct fcrypt *fcr, u_int ses)
+ {
+ 	struct csession *cse;
+ 
++	mtx_lock(&fcr->lock);
+ 	TAILQ_FOREACH(cse, &fcr->csessions, next) {
+-		if (cse == cse_del) {
++		if (cse->ses == ses) {
+ 			TAILQ_REMOVE(&fcr->csessions, cse, next);
+-			return (1);
++			mtx_unlock(&fcr->lock);
++			csefree(cse);
++			return (true);
+ 		}
+ 	}
+-	return (0);
++	mtx_unlock(&fcr->lock);
++	return (false);
+ }
+ 	
+-static struct csession *
+-cseadd(struct fcrypt *fcr, struct csession *cse)
+-{
+-	TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
+-	cse->ses = fcr->sesn++;
+-	return (cse);
+-}
+-
+ struct csession *
+ csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen,
+     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
+@@ -1408,6 +1413,7 @@
+ 	if (cse == NULL)
+ 		return NULL;
+ 	mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF);
++	refcount_init(&cse->refs, 1);
+ 	cse->key = key;
+ 	cse->keylen = keylen/8;
+ 	cse->mackey = mackey;
+@@ -1417,7 +1423,10 @@
+ 	cse->mac = mac;
+ 	cse->txform = txform;
+ 	cse->thash = thash;
+-	cseadd(fcr, cse);
++	mtx_lock(&fcr->lock);
++	TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
++	cse->ses = fcr->sesn++;
++	mtx_unlock(&fcr->lock);
+ 	return (cse);
+ }
+ 
+@@ -1425,6 +1434,8 @@
+ csefree(struct csession *cse)
+ {
+ 
++	if (!refcount_release(&cse->refs))
++		return;
+ 	crypto_freesession(cse->cses);
+ 	mtx_destroy(&cse->lock);
+ 	if (cse->key)
+@@ -1461,13 +1472,14 @@
+ 
+ 	switch (cmd) {
+ 	case CRIOGET:
+-		fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK);
++		fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO);
+ 		TAILQ_INIT(&fcr->csessions);
+-		fcr->sesn = 0;
++		mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF);
+ 
+ 		error = falloc(td, &f, &fd, 0);
+ 
+ 		if (error) {
++			mtx_destroy(&fcr->lock);
+ 			free(fcr, M_XDATA);
+ 			return (error);
+ 		}

share/security/patches/SA-20:15/cryptodev.12.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cItUg/9GXYa9/yDoRW9fmReyZM8jEmYhG0CAzkoHR7In5uXKTkcNmJRN6EeO0n6
+P7WvAei7Xyt/Uf4gwdi8SJz3rklJmF7kRw/w3IAa1+fo3GwglO97E4VEjuttJnZh
+RgLuj7RAtaItKmKYERos0W32poao93zc1+mDQdnPVXwY0Krd61WWWeCpp3Qvy7GQ
+C4EqLyrPrwLXjIv99sZVSWm5zwW63ZyRYwh3IyB2TyIAcBSaU+12RMdpL3GpdsUu
+7fr9RlaAvC1yzCcrqFCojP5UE2AW+GSFs1NX/fj+9yP566YuDfqZDFGYeVsFAWLu
+tkzXavVwbot8zvVixnRLZoXrX5rvI1LwWx8Kk4LQx9FyJ4wX5alHe0VrnZSPAlyn
+k9eck9VF+VzFcSfPtMn0QJUy+UEiI58AEUiY0c2+6cJa3/3vGUDSQA9+QnnRc+iE
+a6xVBxAQpx4ZAO7ea3xZqN38FKtR8tFk1cuyl4QfgGf7YRQCmMiI+QMu40m8jGG+
+kn78tbKAzGcoayH+INlmKxpdTH2j95xYqB+TC/Eqhlj+njsDjezkpIwn775hUuH/
+BkAi4Pf6j2vdsVDm+w57hnIBQ4FtHOn1Le5e5ajTz4StGpTzohiav0bg4EQLq6kQ
+sX8IfGi3MibhMkBu9wHv2MMeCrA31anhGAFDjVo/F2JkYbttJhs=
+=1ToN
+-----END PGP SIGNATURE-----

share/security/patches/SA-20:16/cryptodev.patch

@@ -0,0 +1,13 @@
+--- sys/opencrypto/cryptodev.c.orig
++++ sys/opencrypto/cryptodev.c
+@@ -585,8 +585,8 @@
+ 		if (thash) {
+ 			cria.cri_alg = thash->type;
+ 			cria.cri_klen = sop->mackeylen * 8;
+-			if (thash->keysize != 0 &&
+-			    sop->mackeylen > thash->keysize) {
++			if (sop->mackeylen > thash->keysize ||
++			    sop->mackeylen < 0) {
+ 				CRYPTDEB("invalid mac key length");
+ 				error = EINVAL;
+ 				SDT_PROBE1(opencrypto, dev, ioctl, error,

share/security/patches/SA-20:16/cryptodev.patch.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl664A9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLSyg//U3VUulGkSepGhmQDqg2CHHIUorPXT2vmR46o1mGKvhaoLle7zAx3qhqc
+NU/Mf9XpGfqsLRXu71NXzCgK8doBSHb0xmAXuIUKC72kYEQ6wUtzxg1+fu9vUxQD
+P85Yfm0ZIZj0dDeD7unojl6rtVQDVLzobeJeAoQnIT0tQTNujqrVn/MFqd0jtfOs
+N1VHctqoaYRgp5noMRcG5T8ZTQCNfvz2SWLgZN7/xmQf+2+CHMr80TW5GchYacUu
+QSexwO1Jk/VyiowCkQ3ck/coFzZ60NQVMEOfFqx0qwDC1UlhiLA3YlQVFtf730pY
+sohPlPTGBHjoIRuQqEBriW3ajY6XwYRoI5Eb+TAWHPE1UYbDYYceT0rBk7nbAJdf
+AM2IBqv3wDQbC5hU1hRT1tVRmuMtayvpj0tOxUbNAF2lWjRIU6E28rz3vZPdYCLn
+qPuQPN8SJC4Eh+A2caT4N+A6Vy/TpQHsoSRZs3MXA0NbYGZvSxlk5IL+5kbEomZm
+Qbqlw4RuW5KldpSkvLCIeJ1wfHhglRhE8YQuGnVh8zWjpVH9m874X4P2HYYHGCpA
+5cI/l7iMWPL7u+covJzMEl0+RfPE+FrFbPykJ3Uxf5dLLMcTSEOSNmlq2bqoFIGI
+IrOzx4PVPYw6pHhWC7T7pFjX01Lw2OgvRW+c76VTdkesVZyDLsM=
+=tX1Z
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -7,6 +7,35 @@
   <year>
     <name>2020</name>
 
+    <month>
+      <name>5</name>
+
+      <day>
+	<name>12</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-20:16.cryptodev</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-20:15.cryptodev</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-20:14.sctp</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-20:13.libalias</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-20:12.libalias</name>
+	</advisory>
+
+      </day>
+    </month>
+
     <month>
       <name>4</name>
 

share/xml/notices.xml

@@ -7,6 +7,27 @@
   <year>
     <name>2020</name>
 
+    <month>
+      <name>5</name>
+
+      <day>
+	<name>12</name>
+
+	<notice>
+	  <name>FreeBSD-EN-20:10.build</name>
+	</notice>
+
+	<notice>
+	  <name>FreeBSD-EN-20:09.igb</name>
+	</notice>
+
+	<notice>
+	  <name>FreeBSD-EN-20:08.tzdata</name>
+	</notice>
+
+      </day>
+    </month>
+
     <month>
       <name>4</name>