os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add SA-18:04.vt, SA-18:05.ipsec, EN-18:03.tzdata, EN-18:04.mem.

Browse source 
Approved by:	so
This commit is contained in:
Gordon Tetlow 2018-04-04 05:55:14 +00:00
parent 009a15ab0b
commit 866286679f
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=51533
14 changed files with 5479 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
share/security/advisories/FreeBSD-EN-18:03.tzdata.asc Normal file
View file

@ -0,0 +1,149 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-18:03.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2018-04-04
Credits: Philip Paeps
Affects: All supported versions of FreeBSD
Corrected: 2018-03-28 07:42:50 UTC (stable/11, 11.1-STABLE)
2018-04-04 05:40:48 UTC (releng/11.1, 11.1-RELEASE-p9)
2018-03-28 07:45:57 UTC (stable/10, 10.4-STABLE)
2018-04-04 05:40:48 UTC (releng/10.4, 10.4-RELEASE-p8)
2018-04-04 05:40:48 UTC (releng/10.3, 10.3-RELEASE-p29)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local timezone.
Based on the selected timezone, tzsetup(8) copies one of the files from
/usr/share/zoneinfo to /etc/localtime. This file actually controls the
conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous FreeBSD
releases were released that would affect many people who live in different
countries. Because of these changes, the data in the zoneinfo files need to
be updated, and if the local timezone on the running system is affected,
tzsetup(8) needs to be run so the /etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one of the
affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from the
misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby, Java and
Perl, may be using different zoneinfo data source, in such cases this
software must be updated separately. For software packages that is installed
via binary packages, they can be upgraded by executing `pkg upgrade'.
Following the instructions in this Errata Notice will update all of the
zoneinfo files to be the same as what was released with FreeBSD release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-18:03/tzdata-2018d.patch
# fetch https://security.FreeBSD.org/patches/EN-18:03/tzdata-2018d.patch.asc
# gpg --verify tzdata-2018d.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r331663
releng/10.3/ r331986
releng/10.4/ r331986
stable/11/ r331662
releng/11.1/ r331986
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:03.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZutfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKJ7A/+NXjXPibYne7thcIjSJPFJDlA13Ga4UhKytjO7KW2wN5CjQp62ULwCfaO
dcl5ysljMGXxNmCBqCcfQrO9AL7vnOxQSr60KwB8AAzIBPfLzXrqopXW2fB/8pKP
cOTJHpZlNQ4P8cJ1OHpjsovcA5a/7KQ87BgRj8AUJoeTlCPoLlDlnyCR6VMOswSa
a8PX9cAb+lcQWGg56E+n7ZE0JEMDHUVwvHplU1m5nn1Dn8b04na+tn3MRMKi2iqF
Y9MhLavfY1UzwXkuUKf/ODTuGSYF8Sy4lJgLrqs4awJXErIJvJNbh6V4h8uRpEIY
iUN+wPBWsvfZ4X0KSb+4aPI5jpKnE2LATHiz2vDYuDZ5U5y9ec8GMuGnFOueNwcb
vMQkPPPOj7VTTKUZPHgAGdYlsO9mLTMkAjiTPwB0kZ6P7MN0211dHN+fvr8Skwyl
x9IFVW6h9XtTvSqU29/Nd3KSFORuiKowokxWTQ+jnEdsYCsm0wQNKH6avxedbEAA
oKowh4zfTGO2jOzcuCtfmZNUFUAVYE0SASnYD4rxEDcuJNx/jSVhf1wY97G22s7n
aLKDnHHGKHsLzQAuFEITaC0pMTs41XL1baO9RtjtZDSz/dKla+ZsgQk5yVKyR2v7
tW6ertUBZiUfD50d0GKPgGEMTWH9k5a5hJvMhAMLfHzhxBT0B+w=
=k+2X
-----END PGP SIGNATURE-----

151
share/security/advisories/FreeBSD-EN-18:04.mem.asc Normal file
View file

@ -0,0 +1,151 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-18:04.mem Errata Notice
The FreeBSD Project
Topic: Multiple small kernel memory disclosures
Category: core
Module: kernel
Announced: 2018-04-04
Credits: Ilja van Sprundel
Affects: All supported versions of FreeBSD.
Corrected: 2018-03-28 13:41:43 UTC (stable/11, 11.1-STABLE)
2018-04-04 05:43:03 UTC (releng/11.1, 11.1-RELEASE-p9)
2018-03-29 22:31:14 UTC (stable/10, 10.4-STABLE)
2018-04-04 05:43:03 UTC (releng/10.4, 10.4-RELEASE-p8)
2018-04-04 05:43:03 UTC (releng/10.3, 10.3-RELEASE-p29)
CVE Name: CVE-2018-6919
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes drivers for HighPoint disk controllers via the hpt27xx(4),
hptnr(4) and hptrr(4) drivers, for some graphics cards via drm drivers. In
addition, FreeBSD includes optional support for executing svr4 and ibcs2
binaries.
II. Problem Description
Due to insufficient initialization of memory copied to userland small amounts
of kernel memory may be disclosed to userland processes.
III. Impact
A user who can access these drivers or execute svr4 or ibcs2 binaries
may be able to read the contents of kernel memory.
Such memory might contain sensitive information, such as portions of the file
cache or terminal buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way; for example,
a terminal buffer might include a user-entered password.
IV. Workaround
No workaround is available, but systems that do not use these devices and
do not enable support for ibcs2 and svr4 binaries are not vulnerable.
In addition, note that the drm driver affected by this issue supports only
relatively old hardware. Systems built within the last decade likely
contain graphics hardware supported by the drm2 driver in the FreeBSD base
system or the drm-next-kmod driver in FreeBSD ports.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Afterward, reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterward, reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/EN-18:04/mem.11.patch
# fetch https://security.FreeBSD.org/patches/EN-18:04/mem.11.patch.asc
# gpg --verify mem.11.patch.asc
[FreeBSD 10.x]
# fetch https://security.FreeBSD.org/patches/EN-18:04/mem.10.patch
# fetch https://security.FreeBSD.org/patches/EN-18:04/mem.10.patch.asc
# gpg --verify mem.10.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r331749
releng/10.3/ r331987
releng/10.4/ r331987
stable/11/ r331670
releng/11.1/ r331987
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6919>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZvNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJa/A//Z53qYxwSpKH5hrkHsMVzH62xagHUn7zqewyfmBIaz8xLPArNYEy3onPv
5mXLLL5RIoaiUXq++Nld90QPDbbHtuyfwKySm/X8vNXUu/a2mFpzSixI1tQEIcsx
PH+eqCQTgFHyzo0uADRcLyxuo4qmM/b/8LQZWr0CLpxmdPVuoGG2tlcVpL47f5sa
nFghwxiOj5gKCR0Wx0buZ8u1T0NV0EyGcI7SRXJItq1GM8lvb26bfSnDls5h0hPW
dn8qa7+exYL133qZ4vgEyNk+cGjEGNIG1eoAe3WeoUaaFsmpXTNK17P8Gxr/KZk4
QmMiRbbIooX4AsNnY+OnkGRN1LzxFF2TLc+zYGV7j/uyhGE5cfZ3Av3hDMFlyTRO
Udp1/ghmm/GPrHO/FAmJGYPmfxRYdU/jZU6gJld+QXd2y8/HLsXNOdRK92KIwCyp
I9tUVwMg4mze6L6/s1chmQL5jdy5Sz5SSfjDAcP3ieJ5cmg0DDITYjWEVk4Fdaxl
rWU2X2nYmJeROqU6tlAEfMPJZEw2cPxE14vRe3iN9mPUSPvGKT4oWLMtwRnjsQyz
v8da9m4lncTQd5/qz9BpWzFANP6+g8gmgm8G4j1HeVyf2WFPMsU+YqAoaQewB3h5
Hnfq/GhTTNtvjTnW2trPT21lXPEFbuVVZ724U+SJwYzVJv2tyug=
=r842
-----END PGP SIGNATURE-----

140
share/security/advisories/FreeBSD-SA-18:04.vt.asc Normal file
View file

@ -0,0 +1,140 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-18:04.vt Security Advisory
The FreeBSD Project
Topic: vt console memory disclosure
Category: core
Module: vt console
Announced: 2018-04-04
Credits: Dr Silvio Cesare of InfoSect
Affects: All supported versions of FreeBSD.
Corrected: 2018-04-04 05:24:59 UTC (stable/11, 11.1-STABLE)
2018-04-04 05:33:56 UTC (releng/11.1, 11.1-RELEASE-p9)
2018-04-04 05:26:33 UTC (stable/10, 10.4-STABLE)
2018-04-04 05:33:56 UTC (releng/10.4, 10.4-RELEASE-p8)
2018-04-04 05:33:56 UTC (releng/10.3, 10.3-RELEASE-p29)
CVE Name: CVE-2018-6917
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
On FreeBSD 11 and later, and FreeBSD 10.x systems that boot via UEFI, the
default system video console is provided by the vt(4) driver. The console
allows the user, including an unprivileged user, to load a font at runtime.
II. Problem Description
Insufficient validation of user-provided font parameters can result in an
integer overflow, leading to the use of arbitrary kernel memory as glyph
data. Characters that reference this data can be displayed on the screen,
effectively disclosing kernel memory.
III. Impact
Unprivileged users may be able to access privileged kernel data.
Such memory might contain sensitive information, such as portions of the file
cache or terminal buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way; for example,
a terminal buffer might include a user-entered password.
IV. Workaround
The syscons sc(4) system console is not affected by this issue and may be
used on systems that do not boot via UEFI. To use the syscons console,
set the kern.vty tunable in /boot/loader.conf as described in sc(4), and
reboot. No workaround is available for systems that boot via UEFI.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
A reboot is required after the upgrade.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-18:04/vt.patch
# fetch https://security.FreeBSD.org/patches/SA-18:04/vt.patch.asc
# gpg --verify vt.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r331983
releng/10.3/ r331984
releng/10.4/ r331984
stable/11/ r331982
releng/11.1/ r331984
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6917>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZttfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cI5CBAAmZS+2l3qNafZ0FQDKONeX+jiyJt6lPWk2LUd/jJXnEnVjqiP/pW1YpC0
9oob5gFaCt8YEpQRIPGU1VwIfX16KeMSiM2TYnZXAaTzSo5ecWemrQ706ds7hy+m
FmlyoqoqmDn3AyziTeJAxFc2QVZ5jo25KWZL7zMJdNjGqzFao4UktY01Sy9fB3Ak
rgi/AInZV1FGt1KrH04zJpK+WSfNtM553e7KfFlmD6cR+yXViHfGHl6TBYcb1H3y
8wjfZmdlfyFMB84bQ5bw9iqx5fHhth4s/0sbAErRAS/PeWOKF9uxSVy3t4p160BZ
Ym7k4PXYO8hUH9n5mqDzg/asPkRA8nJMqmUtvBJrdUMi9VhQqOybhddZNAZp7RGb
6BtlsBUaRRmxA9tm4h5nbk+Fy9/qqtkcOdsJNqqAdSk4nTTkkkKPNPrIkXKcW4HE
qv8c71xDkpbAGfQjkC2B4VXg9uoQIi36F8843ha6UbhdL2urSWWPXLBOoSupRAyp
PkB35tvulXyJ/cRRf/FfAL+lSmoqImi2WjSjpd+fqABWSaxrypJqI0Cca3ySdhVG
mylVk2sDW/d27Wltyd1Pdy9qXHVSEoKwdWemCamAABFwaCf49D1xrgysCrdY+uFp
zydy8rxJ0Bht18n4Yhp+WveujRFwamvGjWxYbxJ0g+LD+SWD7Zs=
=L6/K
-----END PGP SIGNATURE-----

142
share/security/advisories/FreeBSD-SA-18:05.ipsec.asc Normal file
View file

@ -0,0 +1,142 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-18:05.ipsec Security Advisory
The FreeBSD Project
Topic: ipsec crash or denial of service
Category: core
Module: ipsec
Announced: 2018-04-04
Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected: 2018-01-31 09:24:48 UTC (stable/11, 11.1-STABLE)
2018-04-04 05:37:52 UTC (releng/11.1, 11.1-RELEASE-p9)
2018-01-31 09:26:28 UTC (stable/10, 10.4-STABLE)
2018-04-04 05:37:52 UTC (releng/10.4, 10.4-RELEASE-p8)
2018-04-04 05:37:52 UTC (releng/10.3, 10.3-RELEASE-p29)
CVE Name: CVE-2018-6918
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The IPsec suite of protocols provide network level security for IPv4 and IPv6
packets. FreeBSD includes software originally developed by the KAME project
which implements the various protocols that make up IPsec.
In IPsec, the IP Authentication Header (AH) is used to provide protection
against replay attacks and connectionless integrity and data origin
authentication for IP datagrams.
II. Problem Description
The length field of the option header does not count the size of the option
header itself. This causes a problem when the length is zero, the count is
then incremented by zero, which causes an infinite loop.
In addition there are pointer/offset mistakes in the handling of IPv4
options.
III. Impact
A remote attacker who is able to send an arbitrary packet, could cause the
remote target machine to crash.
IV. Workaround
No workaround is available. Note that in FreeBSD 10 IPsec is not included
in the kernel by default, but it is in FreeBSD 11.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Afterward, reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterward, reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-18:05/ipsec.patch
# fetch https://security.FreeBSD.org/patches/SA-18:05/ipsec.patch.asc
# gpg --verify ipsec.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r328621
releng/10.3/ r331985
releng/10.4/ r331985
stable/11/ r328620
releng/11.1/ r331985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6918>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZuRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKpOxAAlcyr88qHimXmMWNelNe+RvNkRoQwlmOw5XCWmWFGt4bX6KyrPSNVkZXK
9bZr0+sYiEjHPstXy+F6v95wqShRiefwpLVNJkP6LFKdQJeuxy0Uwsgl/i3aZVHy
q4iM+PgnMwt5FxzmIcFHjwZSGGaOw5p9dMlkFLxXQ6chafPutMbgkXMIGVGXEp4e
iwQgmh7j5LbUED0P9G7sYpcEN+DKZLWIyvz6L/AJmeHC/Z21TTeOoPjNPImgUmeU
R2gK6WrQ5hfDvvFIJK1RvkR7OGdgrw0p2bCeeW8HRR5WEifO+a5Mb6+S414jWLYi
uPYoxWf5NP92b9r3sLjNXbbsZ71mOZ49nZO3gc83O4mqOo9FYbTZ1W9C1UIO66pO
bsp9e7g09gvT/VTO9j2Bu9nNdLd41Jx6NCmrrJAPP5fp7yhgtI7a+voF+swyBPSq
kzSrNuY+PAnEvvAPzCz97uQQWabwbJoZNlPc+9IWZ7K++8N9j0K94dtsy8g6FMIT
A54s3LX9X5v+EYEwqnbNgEZxkSgjgpQkbnQC3evBwVkSgm0aQb4jRXoe9aY6KGtA
pSldkfyC364h8KNM1tbMq02fAIGDdBc+TbxjPabdc+FNmwVT+KlW/cBDy8J/rUhz
BSyWQdVwjHZ45R4Vmf8pEDA4/uc/L7XnMuqwgn2gBe23riiAjDM=
=WcBl
-----END PGP SIGNATURE-----

4454
share/security/patches/EN-18:03/tzdata-2018d.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/EN-18:03/tzdata-2018d.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZxZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cIkGg//aNWHcadGK3+kKQlSQJj47Fa+EpYhAyDwlIzJjIS72X5GwehgSNXBQb6j
KyXlS5U8AmjJ5BgpjOzmoRCOvKaMe6FrasvRicjyKSgXizXNsEtySwS6DJEKbpci
/sGyU3J4h1StAkIQWZLECH2WjJ8HL/d9/9RBfCnOdG5p2iIkYDGLDIWczZ7bJNwX
QlBPaL+E3qG8L8HDvfCkm72YIjoVGCAymM8h6MnF/ZYGqhKUD238d7bUVFcQkeoU
A9+NO/Py4bva890pYFGQQGs67Orh54k1n4KHFTcurVgB4b9Eme5H/TrYOtwfeuVK
4+mpkLQoNRot+BBdxpJQZuT+R7xFT6w1WTsUJC1D+reJVIm9BFVgnh6nNAcON3mM
vIeCMPuO9DkXKp42NFR53cOw76h3l6OyC6Xhb8bya/UEZFEFwy6R8mXJHssDrVg2
KcTmzHEIcFefTpLnlDCIj/glrgT03yIab/6JvclqYedzBxWbz/6QlvFfBjhDLLA6
ctepdAjvPZjPtD5snvyctTpP8YUIyEfxVT20BXVCFdpFuEjvJHr2QjqSGrRo2gMk
cWylBK4YOfphwv0IDgZV1N+9tiOcfgAjjS5O9dqd2TNGrGDC23BifHNsBcxhdI50
NqoBmeMduYfVOiie3lDo0jMHCEXicSR9MVvTrAOMwqw+SueyNYY=
=+BEu
-----END PGP SIGNATURE-----

101
share/security/patches/EN-18:04/mem.10.patch Normal file
View file

@ -0,0 +1,101 @@
--- sys/compat/svr4/svr4_misc.c.orig
+++ sys/compat/svr4/svr4_misc.c
@@ -260,6 +260,7 @@
u_long *cookies = NULL, *cookiep;
int ncookies;
+ memset(&svr4_dirent, 0, sizeof(svr4_dirent));
DPRINTF(("svr4_sys_getdents64(%d, *, %d)\n",
uap->fd, uap->nbytes));
error = getvnode(td->td_proc->p_fd, uap->fd,
--- sys/dev/drm/drm_bufs.c.orig
+++ sys/dev/drm/drm_bufs.c
@@ -935,6 +935,7 @@
if (dma->bufs[i].buf_count) {
struct drm_buf_desc from;
+ memset(&from, 0, sizeof(from));
from.count = dma->bufs[i].buf_count;
from.size = dma->bufs[i].buf_size;
from.low_mark = dma->bufs[i].freelist.low_mark;
--- sys/dev/drm/drm_irq.c.orig
+++ sys/dev/drm/drm_irq.c
@@ -357,7 +357,7 @@
goto out;
crtc = modeset->crtc;
- if (crtc >= dev->num_crtcs) {
+ if (crtc < 0 || crtc >= dev->num_crtcs) {
ret = EINVAL;
goto out;
}
--- sys/dev/hpt27xx/hpt27xx_osm_bsd.c.orig
+++ sys/dev/hpt27xx/hpt27xx_osm_bsd.c
@@ -1402,7 +1402,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1432,7 +1432,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/dev/hptnr/hptnr_osm_bsd.c.orig
+++ sys/dev/hptnr/hptnr_osm_bsd.c
@@ -1584,7 +1584,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1614,7 +1614,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/dev/hptrr/hptrr_osm_bsd.c.orig
+++ sys/dev/hptrr/hptrr_osm_bsd.c
@@ -1231,7 +1231,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1261,7 +1261,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/i386/ibcs2/ibcs2_misc.c.orig
+++ sys/i386/ibcs2/ibcs2_misc.c
@@ -352,6 +352,7 @@
#define BSD_DIRENT(cp) ((struct dirent *)(cp))
#define IBCS2_RECLEN(reclen) (reclen + sizeof(u_short))
+ memset(&idb, 0, sizeof(idb));
error = getvnode(td->td_proc->p_fd, uap->fd,
cap_rights_init(&rights, CAP_READ), &fp);
if (error != 0)

18
share/security/patches/EN-18:04/mem.10.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZxtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKXuhAAop4wsNHYzAOlbVm2dzsLYgWFW5VBTR0py0XH1vxh3Q3KN4lcodQQOUrw
FRS6nkf6CAcrXFdxoOmno2UK612awe44zXc9xIGYU41iJdj83Cj/UKtPRpVC1FTw
2dxdsLVlGIoZMOijuyTDYsphS9opUezFX6pJxJ6yMxrxeeZW/sJwmYGFI/75KOi+
pEgd02ukmjdmxY6+y/AfqKau7QyyJkMH87rxmmWXLGlBw398/HFrSzmSewPTQ++U
ajjG/4Tftz/I7IaDMPe7xduxl2dYJnNfwjdB6S5Zgpo+eAq8wk00vMcf18v4XMYd
anlha15JOdVORV/agLaqA3wIRCPYwHQdbbQDqSWpqo6h1rv3+lbv/OXbx9e+KJFt
u0wuxlhbeuNqOia2yIGF/q4ZkgPD7K/meSlbda5xxBW5nBMK7mIjGvPGWLvQv/GA
NGpYjYXT93Uys269f8qn/9uwfzuBn89h6XUg5xZTlsBfvo7lr1eeIXH1qkCkY3+z
3RDcTb7qz8cj52nezL78Bi/zu/4iJULnKBMIUWrriHNCpW1Iso5XZ028+vEZDr8P
HYU3sekQNGHY0HqibM64eeKlGfb2PPwucIWP526hbZFitKqqSqmP1cnODVf/yqGI
B3Onoh4ACCg2ef7/Az425jFYWVQwAMnuOC9JYlfl+QOMw9uhx/I=
=CpHQ
-----END PGP SIGNATURE-----

101
share/security/patches/EN-18:04/mem.11.patch Normal file
View file

@ -0,0 +1,101 @@
--- sys/compat/svr4/svr4_misc.c.orig
+++ sys/compat/svr4/svr4_misc.c
@@ -259,6 +259,7 @@
u_long *cookies = NULL, *cookiep;
int ncookies;
+ memset(&svr4_dirent, 0, sizeof(svr4_dirent));
DPRINTF(("svr4_sys_getdents64(%d, *, %d)\n",
uap->fd, uap->nbytes));
error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
--- sys/dev/drm/drm_bufs.c.orig
+++ sys/dev/drm/drm_bufs.c
@@ -935,6 +935,7 @@
if (dma->bufs[i].buf_count) {
struct drm_buf_desc from;
+ memset(&from, 0, sizeof(from));
from.count = dma->bufs[i].buf_count;
from.size = dma->bufs[i].buf_size;
from.low_mark = dma->bufs[i].freelist.low_mark;
--- sys/dev/drm/drm_irq.c.orig
+++ sys/dev/drm/drm_irq.c
@@ -351,7 +351,7 @@
goto out;
crtc = modeset->crtc;
- if (crtc >= dev->num_crtcs) {
+ if (crtc < 0 || crtc >= dev->num_crtcs) {
ret = EINVAL;
goto out;
}
--- sys/dev/hpt27xx/hpt27xx_osm_bsd.c.orig
+++ sys/dev/hpt27xx/hpt27xx_osm_bsd.c
@@ -1402,7 +1402,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1432,7 +1432,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/dev/hptnr/hptnr_osm_bsd.c.orig
+++ sys/dev/hptnr/hptnr_osm_bsd.c
@@ -1584,7 +1584,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1614,7 +1614,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/dev/hptrr/hptrr_osm_bsd.c.orig
+++ sys/dev/hptrr/hptrr_osm_bsd.c
@@ -1231,7 +1231,7 @@
{
PHPT_IOCTL_PARAM piop=(PHPT_IOCTL_PARAM)data;
IOCTL_ARG ioctl_args;
- HPT_U32 bytesReturned;
+ HPT_U32 bytesReturned = 0;
switch (cmd){
case HPT_DO_IOCONTROL:
@@ -1261,7 +1261,7 @@
}
if (ioctl_args.nOutBufferSize) {
- ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK);
+ ioctl_args.lpOutBuffer = malloc(ioctl_args.nOutBufferSize, M_DEVBUF, M_WAITOK | M_ZERO);
if (!ioctl_args.lpOutBuffer)
goto invalid;
}
--- sys/i386/ibcs2/ibcs2_misc.c.orig
+++ sys/i386/ibcs2/ibcs2_misc.c
@@ -342,6 +342,7 @@
#define BSD_DIRENT(cp) ((struct dirent *)(cp))
#define IBCS2_RECLEN(reclen) (reclen + sizeof(u_short))
+ memset(&idb, 0, sizeof(idb));
error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
if (error != 0)
return (error);

18
share/security/patches/EN-18:04/mem.11.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZx9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK3zQ//YG/fDMHFV8wgvb5WPnDjyHFQS5XYKMP5XPOyjhtNhz07oIpejPsPOhsK
/iy4zlgRwDbOnibwYh04gaq/IghzF/i1ncaZ+C9YDpA1eVYXsdj7UUQFJl1qQLar
Qpogx77tPB5nxqGuKSBe7jvm85riTuwJktRnGRKhumCcqPvzhuu4vvsTwOmo1tN9
2fEiHJ1UVhK03XFd4avSULv8CL7165Y6PflcEfeq0sf7Wn9UTi3F4S93DnM2lf9z
0WQXpqBM/qJa8XkYb4GFX143dZgNJhonyAreAYksNh2/EXFQnP46LnudxeWShkOM
dtbqIbIEFBF0aRT9TDmmTZdZP9palqI7Wh7OzLCJ1XWdo/hNzRJor1moB7RG8D2y
ac0uhUcShsaPHJbEFFDZvJYS9ajd8anklyHcwKZk+pLiimX66Z4MGiBEVAtTTn/c
tEOgJf3Fpo76Rzg9DJ/+D0VClPp4evKMqztmWW5y1BBOVQIGD/W5rOAFMGxV9ocw
bQFerxi6tUZeT7D5iN84VVfWQwEP75YBbXXOvp324RjmQ2S70aSlLTdjOtSdR66j
rGFZGLU+yhCi4o4Au+G/lpEBuyymfVvd7ohqw5lEtv+t250vVWjF7eWN9eIrbgvl
nx8LDmc4AdK9cWG0NJMRjuXk7qI6PTodljKj+HP4/zhhzSv/a1A=
=19FX
-----END PGP SIGNATURE-----

20
share/security/patches/SA-18:04/vt.patch Normal file
View file

@ -0,0 +1,20 @@
--- sys/dev/vt/vt_font.c.orig
+++ sys/dev/vt/vt_font.c
@@ -42,6 +42,7 @@
/* Some limits to prevent abnormal fonts from being loaded. */
#define VTFONT_MAXMAPPINGS 65536
+#define VTFONT_MAXGLYPHS 131072
#define VTFONT_MAXGLYPHSIZE 2097152
#define VTFONT_MAXDIMENSION 128
@@ -171,7 +172,8 @@
/* Make sure the dimensions are valid. */
if (f->width < 1 || f->height < 1)
return (EINVAL);
- if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION)
+ if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION ||
+ f->glyph_count > VTFONT_MAXGLYPHS)
return (E2BIG);
/* Not too many mappings. */

18
share/security/patches/SA-18:04/vt.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZwJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLTbhAAosjOICeBsoemI83sQhRCBfDUrSo1ZiJWAutTzLOGJzK3MwAb4t1WRp1c
KCVi933s44srnJQQgLz1Md7g80kt3n+/dg7WfyXsBNPY2bEkznD6x6TDoP3gHwBe
xITDg9MPjzD50Tzc3Eh0j4GS6kTKpex6BlnvXRd8VkMgyLAbPIBjD6NlZuzNgU7G
hOlAQmOkzVe5ltm2GhPlkKZNQG/0NVOaoM0Vg2MdVTHrSEIQ0vwO3+kKOhE/sciM
EauG4/jd01ZE5funXpiQZkevUEKDEkxzxW+G1GtmW+P5qBVJmZrEBTQpDrFOavqY
CDaHaViBPGluiLSJcuqx7Ml9pmgsl97RSxL5k3OpxPhOPcTTU1bH4q/xOd0g3Fli
SUjeahiaFniniGM3o/ibAP2mm6R6/fRyQy6q56MuNWwbJ+nsxgRPzEB4qx4/AmV6
szQ3QY0kSZGnMF3TUvrQroS2kkTVXJOKbFYWfe/wRmpftkzzPVyplgAMfH9E3t3/
noB30N0PYsT4m++cmw2hRYUvLlfCwCq5wo56t6bxskSawdDFMqWrw4nnucqm9cei
UFQPuun16kdod49+rOGmHNsJur6t7vmoIybwB9F1RDUs2c9wGm+NJeliCfFLKPJM
9sSooJQZBKW3uxkhPLf3UP1M/ToAIWiQ95vwVwnm0aeul+aoF3o=
=KLuI
-----END PGP SIGNATURE-----

131
share/security/patches/SA-18:05/ipsec.patch Normal file
View file

@ -0,0 +1,131 @@
--- sys/netipsec/xform_ah.c.orig
+++ sys/netipsec/xform_ah.c
@@ -264,7 +264,7 @@
#ifdef INET6
struct ip6_ext *ip6e;
struct ip6_hdr ip6;
- int alloc, len, ad;
+ int ad, alloc, nxt, noff;
#endif /* INET6 */
switch (proto) {
@@ -293,7 +293,7 @@
else
ip->ip_off = htons(0);
- ptr = mtod(m, unsigned char *) + sizeof(struct ip);
+ ptr = mtod(m, unsigned char *);
/* IPv4 option processing */
for (off = sizeof(struct ip); off < skip;) {
@@ -374,7 +374,7 @@
/* Zeroize all other options. */
count = ptr[off + 1];
- bcopy(ipseczeroes, ptr, count);
+ bcopy(ipseczeroes, ptr + off, count);
off += count;
break;
}
@@ -447,61 +447,44 @@
} else
break;
- off = ip6.ip6_nxt & 0xff; /* Next header type. */
+ nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
- for (len = 0; len < skip - sizeof(struct ip6_hdr);)
- switch (off) {
+ for (off = 0; off < skip - sizeof(struct ip6_hdr);)
+ switch (nxt) {
case IPPROTO_HOPOPTS:
case IPPROTO_DSTOPTS:
- ip6e = (struct ip6_ext *) (ptr + len);
+ ip6e = (struct ip6_ext *)(ptr + off);
+ noff = off + ((ip6e->ip6e_len + 1) << 3);
+ /* Sanity check. */
+ if (noff > skip - sizeof(struct ip6_hdr))
+ goto error6;
+
/*
- * Process the mutable/immutable
- * options -- borrows heavily from the
- * KAME code.
+ * Zero out mutable options.
*/
- for (count = len + sizeof(struct ip6_ext);
- count < len + ((ip6e->ip6e_len + 1) << 3);) {
+ for (count = off + sizeof(struct ip6_ext);
+ count < noff;) {
if (ptr[count] == IP6OPT_PAD1) {
count++;
continue; /* Skip padding. */
}
- /* Sanity check. */
- if (count > len +
- ((ip6e->ip6e_len + 1) << 3)) {
- m_freem(m);
+ ad = ptr[count + 1] + 2;
+ if (count + ad > noff)
+ goto error6;
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
- }
-
- ad = ptr[count + 1];
-
- /* If mutable option, zeroize. */
if (ptr[count] & IP6OPT_MUTABLE)
- bcopy(ipseczeroes, ptr + count,
- ptr[count + 1]);
-
+ memset(ptr + count, 0, ad);
count += ad;
+ }
- /* Sanity check. */
- if (count >
- skip - sizeof(struct ip6_hdr)) {
- m_freem(m);
+ if (count != noff)
+ goto error6;
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
- }
- }
-
/* Advance. */
- len += ((ip6e->ip6e_len + 1) << 3);
- off = ip6e->ip6e_nxt;
+ off += ((ip6e->ip6e_len + 1) << 3);
+ nxt = ip6e->ip6e_nxt;
break;
case IPPROTO_ROUTING:
@@ -509,14 +492,15 @@
* Always include routing headers in
* computation.
*/
- ip6e = (struct ip6_ext *) (ptr + len);
- len += ((ip6e->ip6e_len + 1) << 3);
- off = ip6e->ip6e_nxt;
+ ip6e = (struct ip6_ext *) (ptr + off);
+ off += ((ip6e->ip6e_len + 1) << 3);
+ nxt = ip6e->ip6e_nxt;
break;
default:
DPRINTF(("%s: unexpected IPv6 header type %d",
__func__, off));
+error6:
if (alloc)
free(ptr, M_XDATA);
m_freem(m);

18
share/security/patches/SA-18:05/ipsec.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlrEZwtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cID5xAAm2xSJis9o05EyTAPgoTCjAPHyUg7HFuJB72kdrlmzSaCYrQ294nyhlr2
K020pNYmKV2s/f3Id1rdVTg6T1XT3FlWPOUiwyuWB1R7YVzagQsB3E5U/ozAlVkm
+iV49G0e4T9wqw1xHql2J0yUl7Nv07YLza6Hu3T+ZsGsqyZi5bmJ8or3gS1C/JaU
U0MPWPqHsWghEgfVIOrBllSy/GJnLs8ag6/i7IWvmRE2mQXOq6WdtMFSZO4zcDRK
y88+hpqL8WX1Wn1NOlT7a14gVcrkRSPXzu0rQEXWwal7WfAPzU1MZvWss29PKgiS
xLqeZPqM8yuZS0wu+Iy9t5iBbRahdYiR7jGWYt+ALG0JxO5vVHddMKtWGMsnefzE
aywvgnGjB4kKGbzc40iHyf97cvC+bgsfO95CO6n4NBpGCkrZ8oh16UBt2If8dw3R
I2ygi+fP9AZ4LcjWpt5f2v/m3HbGdWUWgiHxXqiD1GLsbm0kPuKPUhJKUMYoJFdl
pIjjSsxziWoQ9YvnkPOqW3cXWvrG674WbRd/prG4juLckXP7iXZ+VVx/uqXkFi0K
Aij/+2asvnFKnoHI1IqhXVK27Z6m2XLLcBtmARmAoXTTxlkUAQvYrFX5w/KKIhd4
a2VdJGj6HMpGkQuEyoBs6g7mtdV5q7OuYkrdQz78IuJpvA2JUFE=
=Idvp
-----END PGP SIGNATURE-----