Add EN-17:01-04, SA-17:02.
This commit is contained in:
parent
dee8d95b16
commit
af7b670712
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=50004
19 changed files with 25115 additions and 0 deletions
129
share/security/advisories/FreeBSD-EN-17:01.pcie.asc
Normal file
129
share/security/advisories/FreeBSD-EN-17:01.pcie.asc
Normal file
|
@ -0,0 +1,129 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-17:01.pcie Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: System hang when booting when PCI-express HotPlug is enabled
|
||||
|
||||
Category: core
|
||||
Module: kernel
|
||||
Announced: 2017-02-23
|
||||
Credits: Alan Somers, Dave Baukus
|
||||
Affects: FreeBSD 11.0
|
||||
Corrected: 2017-02-07 22:40:38 UTC (stable/11, 11.0-STABLE)
|
||||
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
Native PCI-express HotPlug permits PCI-express devices to be added and
|
||||
removed at runtime in slots that support HotPlug.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Some PCI-express slots indicate partial support for PCI-express HotPlug
|
||||
in the capability registers associated with an individual slot. The
|
||||
PCI-express HotPlug driver attempted to configure these slots for HotPlug
|
||||
operation. However, since these slots do not fully support HotPlug,
|
||||
enabling HotPlug results in unpredictable behavior.
|
||||
|
||||
III. Impact
|
||||
|
||||
On at least some systems, booting a kernel with PCI-express HotPlug
|
||||
support can hang.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
The hw.pci.enable_pcie_hp loader tunable can be set to 0 to disable
|
||||
support for PCI-express HotPlug before booting an affected kernel.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
Afterward, reboot the system.
|
||||
|
||||
2) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
Afterward, reboot the system.
|
||||
|
||||
3) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch.asc
|
||||
# gpg --verify pcie.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/11/ r313408
|
||||
releng/11.0/ r314125
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211699>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:01.pcie.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNEACgkQ7Wfs1l3P
|
||||
aucj/RAAsB/+cWKAaf5pLiP9Hh9Rjmry8ZMyiG6RVBB22N8UM34ioiPPSjTu1ogQ
|
||||
ZCP31fUqCWDwwQgVu6/Nl4Ur/NjeOYMjHAzxyjlgrFPx2RliptZCakMSA7NDBm7h
|
||||
vhFxlvBdLvYOL1sDTPwO1HuaIRl8f6BMa3p99Ubaur2Blw7Zn2gDaIEDdiG8K2LN
|
||||
m+R+yJvDqJmpQJcTiqkxMrcfemcmpuVkH/PTaQhjcuZfslQW8eL82dfXsmkuv5tz
|
||||
J1cXJHSZHhX1Bq+cuKpAVp7rV65iud5nElt1NJiG4GC61h289nSoqsUebWcjzx4j
|
||||
0XVwCxitLVqgybdD+OtJejxBwgwWnB3K2xicu5WYOSo/jUhXGRLXZTSk1COvDwZZ
|
||||
4ndeGv1RwwknQTNxfHlnOH9uZozvQq1fCyXZ2CBnsfKs5gxW2GAF1+xTGXD2tSAJ
|
||||
ntyc9JhiV0EmixG/aiDk8D6HaUnvcqvtUHCewbNXKy2xqRbnNDal613vzhgbNWKi
|
||||
RqFoPDDCaLsD9uoL/DSh8R8sHh8QuNq903JxPODM0MoioWYGj+xzz5RNY1EwlhcO
|
||||
nRI3CwmQr/Oxow+ajEqT4MRaQtmHSudmvcF6Syyw6Rt0lWF4R6KxYk2fPdaW18N0
|
||||
LU9fqH2IWGSmzPMdnJKI6I49jtOiUaIfXCAGpX15jpVN/1ZUg1k=
|
||||
=x/qY
|
||||
-----END PGP SIGNATURE-----
|
128
share/security/advisories/FreeBSD-EN-17:02.yp.asc
Normal file
128
share/security/advisories/FreeBSD-EN-17:02.yp.asc
Normal file
|
@ -0,0 +1,128 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-17:02.yp Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: NIS master updates are not pushed to NIS slave
|
||||
|
||||
Category: core
|
||||
Module: yppush, ypxfr
|
||||
Announced: 2017-02-23
|
||||
Credits: Mark Johnston
|
||||
Affects: FreeBSD 11.0-RELEASE
|
||||
Corrected: 2016-10-19 17:18:48 UTC (stable/11, 11.0-STABLE)
|
||||
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
yppush(8) and ypxfr(8) utilities are used to synchronize databases from
|
||||
a master NIS server.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
A bug present in FreeBSD 11.0 prevents these utilities from working
|
||||
properly. In particular, an attempt to synchronize a non-empty map
|
||||
causes yppush(8) to crash.
|
||||
|
||||
III. Impact
|
||||
|
||||
The problem prevents updates to a master NIS server from being propagated
|
||||
to NIS slave servers.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but NIS configurations which do not make
|
||||
use of NIS slave servers are unaffected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
A reboot is not required. However, the system administrator may need to
|
||||
manually run yppush(8) after the update have been applied on slave systems.
|
||||
|
||||
3) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch.asc
|
||||
# gpg --verify yp.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
A reboot is not required. However, the system administrator may need to
|
||||
manually run yppush(8) after the update have been applied on slave systems.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/11/ r307642
|
||||
releng/11.0/ r314125
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213506>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:02.yp.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNcACgkQ7Wfs1l3P
|
||||
aucX/Q/5AbGPtToi+NC4OB0sNJbCiJD5WOP7tmbNipDm5SGoItN+lXQSv+FN1wbF
|
||||
9R4vhqBqDROE35PF9QUWdFb1qE4i37lD4DznK7r1urg3n7CWx5zcPYAz3PNA7FFX
|
||||
IJixTM4fjhoWoKAWMLZhc+7+ez7HB83AZrExXDBFRnj7SvceJw6B//yCRB/he9l3
|
||||
trE5yvUyAiSPylG5qfA6upsJftXsluajq0uQ/yD4iGfqT8nqjOrsd4z64S6+3wTT
|
||||
lnZHyjNEfIqVQ81Lp9EIsqaU7pyvPrjRQqxsHI+rZO/2YVA/RDokeIcq6s+8GN76
|
||||
/H7U8XoEuLFNq39s+fHOLTIPGjSM5PN1jqreoJTXnLFqpDtc2WI3W6cvMUY3lD2y
|
||||
rW3jDrQOxKF8E9qD/wyi7Sa74cC4PduEe9F+fwNOf+gQUtd/NF+OcnSo0imUnmvU
|
||||
VJy7FHSUQWZY7ZDW0L7CUT6IDBvIncUKlt1DX4b8M9GkX65FtXmd4risExxBlGDh
|
||||
ikMD+qzCE8tlqzXKPzEmZNLgsAj0nJiZIcD6kMDORLNyzdI7AeqSazg6Pt70XstR
|
||||
r+GjK1Hclp/lTqaEJLuBrkd2LJGI2Wcyp/nRZ6OifyduvRwk5vKPhQf792zqx+FK
|
||||
0sZ1T7po0aop1sDFRDZKCHMRxxpKfd5BTxEyQ24v7GL02Dz/rVk=
|
||||
=zlKa
|
||||
-----END PGP SIGNATURE-----
|
139
share/security/advisories/FreeBSD-EN-17:03.hyperv.asc
Normal file
139
share/security/advisories/FreeBSD-EN-17:03.hyperv.asc
Normal file
|
@ -0,0 +1,139 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-17:03.hyperv Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Compatibility with Hyper-V/storage after KB3172614 or
|
||||
KB3179574
|
||||
|
||||
Category: core
|
||||
Module: hyperv/storvsc
|
||||
Announced: 2017-02-23
|
||||
Credits: Microsoft OSTC
|
||||
Affects: FreeBSD 11.0-RELEASE
|
||||
Corrected: 2016-10-19 07:43:39 UTC (stable/11, 11.0-STABLE)
|
||||
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
Hyper-V is a default hypervisor provided on Windows server by Microsoft.
|
||||
ATA driver is the legacy storage driver for FreeBSD on Hyper-V, now they
|
||||
are replaced by synthetic driver which has better performance. There are
|
||||
issues when attaching synthetic storage driver for FreeBSD 11 on some of
|
||||
Hyper-V hosts.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
There are some compatibility issues with the FreeBSD Hyper-V driver,
|
||||
which will cause the OS disk to be detached if August 2016 update rollup
|
||||
is applied on Windows host (KB3172614 or KB3179574).
|
||||
|
||||
III. Impact
|
||||
|
||||
FreeBSD 11.0 can not be installed on a guest system on Hyper-V host.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
On Hyper-V connection, when the installer boot prompt, select
|
||||
|
||||
3. Escape to the loader prompt
|
||||
|
||||
Then:
|
||||
|
||||
set hw.ata.disk_enable=1
|
||||
boot.
|
||||
|
||||
Note: this workaround force FreeBSD to use legacy storage driver
|
||||
which is much slower than synthetic driver.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
Afterward, reboot the system.
|
||||
|
||||
2) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
Afterward, reboot the system.
|
||||
|
||||
3) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch.asc
|
||||
# gpg --verify hyperv.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/11/ r307617
|
||||
releng/11.0/ r314125
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212721>
|
||||
|
||||
<URL:https://support.microsoft.com/en-au/help/24717/windows-8-1-and-windows-server-2012-r2-update-history>
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNwACgkQ7Wfs1l3P
|
||||
auea7BAAtYKNH1OVGWZ2frFoaVAuzLA0Gow599XCM5ycF39HTlavmoR1+KN9g8Gh
|
||||
r2wEBvIM/Yzla16mmLEzt7QLeSFMP1mgVb1lUtvAp62b/lzb2ImIvL3qhury0nop
|
||||
eczup/A/nFOOgOa/IEMsxqi5noB5e2ODkWEOayiLNd5fmD/BF+yACEKi0YI0krQY
|
||||
Oonq4N9ah7z4rT8OYC2LNQPvc00ZAAq9eq/IDdtWDvLgpxOF1W+dJ0MAzLhQwNJn
|
||||
9cdW13AcrdJHxzyjAGeOd1pedWFs0ueEXLI+J5pVOvpZd3WeAc9Fls8t7GNgYwvf
|
||||
dpf9uaB765n5tZCa+gc8h2eSzY59aEAQOtHXTqlMGp3ACl7D7Gjmhh42Vp4fgySb
|
||||
zeeKEqAnNay4NdBEGt/U9CjycNKMKi6/bqLpEq3rxu8QFPzeXuwIB3favj8MpIUI
|
||||
ZMda4CQ1E9XLgG6YoupSpnVSbvNFZIEQ2RHzZesKlIoQIM4OPSBWPGjSR9UDMNKH
|
||||
mxb/cWMwO9N4G7xzKSULuIAF33wZYkaKqTfzOKVtOEZ7hlBPlqzfXK2MNqlbc0PO
|
||||
3bqPvrg8KXL8OyswEy0sZaptQs/jTUZjqI9/JNWY+IdRR1clVrRdpg/YWljwqqvb
|
||||
hFIarahbNC1fvsMTeAFq8QBGXkoy6ovmjpKrhBfPNpaiL5ccuWU=
|
||||
=nMwL
|
||||
-----END PGP SIGNATURE-----
|
124
share/security/advisories/FreeBSD-EN-17:04.mandoc.asc
Normal file
124
share/security/advisories/FreeBSD-EN-17:04.mandoc.asc
Normal file
|
@ -0,0 +1,124 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-17:04.mandoc Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: makewhatis output is not reproducible
|
||||
|
||||
Category: contrib
|
||||
Module: mandoc
|
||||
Announced: 2017-02-23
|
||||
Credits: Ingo Schwarze, Ed Maste
|
||||
Affects: FreeBSD 11.0-RELEASE
|
||||
Corrected: 2016-11-26 03:39:02 UTC (stable/11, 11.0-STABLE)
|
||||
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The makewhatis utility extracts keywords from UNIX manuals and indexes
|
||||
them in a database for fast retrieval by apropos(1), whatis(1), and
|
||||
man(1)'s -k option.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
The generation of makewhatis database is not reproducible.
|
||||
|
||||
III. Impact
|
||||
|
||||
The freebsd-update(8) build procedure may consider mandoc.db as changed when
|
||||
built multiple times.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but the impact is mostly cosmetic.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
Reboot is not necessary.
|
||||
|
||||
2) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
Reboot is not necessary.
|
||||
|
||||
3) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch.asc
|
||||
# gpg --verify mandoc.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/11/ r309183
|
||||
releng/11.0/ r314125
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214545>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:04.mandoc.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOMACgkQ7Wfs1l3P
|
||||
aucxsA//fsEp6miJAsXLBOFxI1hiRheHb6HlOaXYrMo59sKLgRGRipe34AxIq3Ca
|
||||
cYvVRHOEpXlUZNMvModg/P42SkkQLDi+2tIenvQUG5T5r3xSRTAHOU0pSRlpfjaA
|
||||
8OCIaZaWYDIcTOEfaQocIbjwuKfzw5qVxZY6Ot3NPz0QEpOSzFGkbRrM8JxkrVyg
|
||||
ROtzY/rqaDbhfdKyTCS8PZCIW4ZwNiBjAV9kZysviN3RUSQvLaxEC+vTDjU9BBm5
|
||||
CKIU3y0aoSlO4W6A9ahqVb/4hX7A2WBoFpfhMVXsVOzi4SkJhaFKNdjwbq6Nrmxr
|
||||
hePKGTSYVtcVIaiyf0rJwHDvGK6y4NKCTTqCwlQ7hrMGZHY2D5t5NAdd10uvIrv6
|
||||
PDQkJBap5hZTnSeJ+rZt1jSUR1qAJ+xb86Fe1dG30fs6AsKpbYJEpTLWgSXmOfp/
|
||||
GQT0SCxv5mxtxMzIom8MUQipYay1cUIiXAh/wlfxERNWHHt3UXoP4/wS9Df+26w9
|
||||
zQ/5fk3TbtxAcCpZWBeZr1+pKIomQ4+51wU7zgyjAHvGRDesoA54XS3BOTJPWKnY
|
||||
G1iNBWECSQC26jwzmSv/MMXf4BqT6ezZXXZ22uMeYQCTD4p0tiC6/H4RUEVSgOSl
|
||||
TnZ026b3FQRlE6FIOYPK9a4AipnLYu4NW6f9tsJquwRyElLSd/U=
|
||||
=oyNi
|
||||
-----END PGP SIGNATURE-----
|
164
share/security/advisories/FreeBSD-SA-17:02.openssl.asc
Normal file
164
share/security/advisories/FreeBSD-SA-17:02.openssl.asc
Normal file
|
@ -0,0 +1,164 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-17:02.openssl Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: OpenSSL multiple vulnerabilities
|
||||
|
||||
Category: contrib
|
||||
Module: openssl
|
||||
Announced: 2017-02-23
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)
|
||||
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
||||
2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)
|
||||
2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16)
|
||||
CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
|
||||
a collaborative effort to develop a robust, commercial-grade, full-featured
|
||||
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
|
||||
and Transport Layer Security (TLS v1) protocols as well as a full-strength
|
||||
general purpose cryptography library.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
If an SSL/TLS server or client is running on a 32-bit host, and a specific
|
||||
cipher is being used, then a truncated packet can cause that server or
|
||||
client to perform an out-of-bounds read, usually resulting in a crash.
|
||||
[CVE-2017-3731]
|
||||
|
||||
There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
|
||||
No EC algorithms are affected. Analysis suggests that attacks against RSA and
|
||||
DSA as a result of this defect would be very difficult to perform and are not
|
||||
believed likely. Attacks against DH are considered just feasible (although
|
||||
very difficult) because most of the work necessary to deduce information
|
||||
about a private key may be performed offline. The amount of resources
|
||||
required for such an attack would be very significant and likely only
|
||||
accessible to a limited number of attackers. An attacker would additionally
|
||||
need online access to an unpatched system using the target private key in
|
||||
a scenario with persistent DH parameters and a private key that is shared
|
||||
between multiple clients. [CVE-2017-3732]
|
||||
|
||||
Montgomery multiplication may produce incorrect results. [CVE-2016-7055]
|
||||
|
||||
III. Impact
|
||||
|
||||
A remote attacker may trigger a crash on servers or clients that supported
|
||||
RC4-MD5. [CVE-2017-3731]
|
||||
|
||||
A remote attacker may be able to deduce information about a private key,
|
||||
but that would require enormous amount of resources. [CVE-2017-3732,
|
||||
CVE-2016-7055]
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
Restart all daemons that use the library, or reboot the system.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
Restart all daemons that use the library, or reboot the system.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
[FreeBSD 11.0]
|
||||
# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc
|
||||
# gpg --verify openssl-11.patch.asc
|
||||
|
||||
[FreeBSD 10.3]
|
||||
# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc
|
||||
# gpg --verify openssl-10.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Restart all daemons that use the library, or reboot the system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r312863
|
||||
releng/10.3/ r314125
|
||||
stable/11/ r312826
|
||||
releng/11.0/ r314126
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>
|
||||
|
||||
<URL:https://www.openssl.org/news/secadv/20170126.txt>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P
|
||||
aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If
|
||||
Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5
|
||||
cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG
|
||||
US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V
|
||||
UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG
|
||||
CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY
|
||||
KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI
|
||||
P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq
|
||||
I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l
|
||||
9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB
|
||||
Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4=
|
||||
=8Jsr
|
||||
-----END PGP SIGNATURE-----
|
11
share/security/patches/EN-17:01/pcie.patch
Normal file
11
share/security/patches/EN-17:01/pcie.patch
Normal file
|
@ -0,0 +1,11 @@
|
|||
--- sys/dev/pci/pci_pci.c.orig
|
||||
+++ sys/dev/pci/pci_pci.c
|
||||
@@ -935,6 +935,8 @@
|
||||
|
||||
if ((sc->pcie_slot_cap & PCIEM_SLOT_CAP_HPC) == 0)
|
||||
return;
|
||||
+ if ((sc->pcie_link_cap & PCIEM_LINK_CAP_DL_ACTIVE) == 0)
|
||||
+ return;
|
||||
|
||||
/*
|
||||
* Some devices report that they have an MRL when they actually
|
17
share/security/patches/EN-17:01/pcie.patch.asc
Normal file
17
share/security/patches/EN-17:01/pcie.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPUACgkQ7Wfs1l3P
|
||||
aucnkRAAlrRIt4XdzSyuVFcuK3vIhbO2MEhlVmsduYElQ+S/A/QOyhgAVN83TveN
|
||||
3JvQSozXA8OTw7cGDOD8SiL7Hyr79PsC+cWkbD/XhQGLwXtwcaywTTIOuc7ny0Cj
|
||||
4m7tl3DzO8FN0rKGoOCC0UCiaTamKfh3Wl+mMHHPBOtYyk+DKzSw7TnTLaRrI90q
|
||||
wWnQnF5Xr1pCbJBwyx3EvIQq9AL6d5nRm6af8cksWaChpH1w6elNl0Q0FbojKkdp
|
||||
6aweLHYORRu8cVqDsOjuWoNq6BMyEF/cooqufmBb5JkpgwaFgVntp7aI0ql8Ts/v
|
||||
mkvSqMTyzPiJGEBoDDqBosQdb66MeGIV9PZIjR8AQEIwagXo4KCNq3PwW8kPKlJ1
|
||||
8vrxRGQc8xSKRvv7h0Xvg5Ovhodu7UV1RtFVUqWMAdeLqTy6mtyRmjOKb4ouy7wC
|
||||
V9/ZgG87zYHHpLmg6EmQfAB3fa8ksR30/rJEBxehxdbJTAwaxCfK2RWpRu4MVTH1
|
||||
uJrbEbiFHpSHM46LJ9JbkLfOfNMLuDz0K688D3eecWvpzyO7Zk7NqPV1fWOlcQLk
|
||||
xtdOFzmSV8Cr1UBiUV7AaAap20nXWrqQ7Lp5Q9fj7y7l7xVznh95Tf6VlFergBMB
|
||||
hR2MHvbCHExx9vokyWSYyz/yq7mnCJWNcSMDdRCfAjqqpSD9lGI=
|
||||
=2ZA+
|
||||
-----END PGP SIGNATURE-----
|
13
share/security/patches/EN-17:02/yp.patch
Normal file
13
share/security/patches/EN-17:02/yp.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
--- libexec/ypxfr/ypxfr_getmap.c.orig
|
||||
+++ libexec/ypxfr/ypxfr_getmap.c
|
||||
@@ -43,8 +43,8 @@
|
||||
|
||||
extern bool_t xdr_ypresp_all_seq(XDR *, unsigned long *);
|
||||
|
||||
-static int (*ypresp_allfn)();
|
||||
-static void *ypresp_data;
|
||||
+extern int (*ypresp_allfn)();
|
||||
+extern void *ypresp_data;
|
||||
extern DB *specdbp;
|
||||
extern enum ypstat yp_errno;
|
||||
|
17
share/security/patches/EN-17:02/yp.patch.asc
Normal file
17
share/security/patches/EN-17:02/yp.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPkACgkQ7Wfs1l3P
|
||||
audR3A//Y0/IZ4iyUh3N0Twwc/ywoSV2ph+D2XF9PmI3HWTk4F+uEN+/02XNDhft
|
||||
V9T25LuyuaROBrvDDgpN+9d8V82zxo8K4YiSi8YaarQq71q7lAUAJ0YIg+an9ije
|
||||
4M6HNDRk0x99rueb2gmOSk/6EWyUzLSwlumzhG1SdKrgz0VN2ItoSdE9FDNfHqTG
|
||||
UfCeXa5bgoQUU/yNfzQu4QfuTQzx/Oq2Kfjr5wIOK+bZxLk6tlInDxBhg5oJq/KZ
|
||||
zXgL4mJmqF/glDNKxpa8yZxHmiXql9wwI/mnRmVODQ2CCHDcuSx6uOxpS8PNhect
|
||||
31PpPR9wFtFOBGbXsuBHGUkGVjjReADXcBU0SdaFY02WlonQXnvc7RhzFu4TOo5Z
|
||||
6LTOxyiCIc7ZJW1nW7HmXZl5VfzWL/wmK0QHlLSMJ24tPwrAizPlT0OEwsjOlhCq
|
||||
LYfWRKBRPlu8x7Ow8J0ecYCouhPGy4dYA4o68fBvpk27HUREw0VgfpTPNgrcZinK
|
||||
VEM+z5zx7fQXuNkwb3GYQzCGDKLbZTtxZ35APlIzhCYtUdJ1kA5Q/udvxNIbd1zD
|
||||
apmj7h4+xgx5T+ncmPsyROm805LdXFGsMT9CcMrqECadGzRMC0Cq0tyOINnFHryp
|
||||
hmSVl1mp7YQpafXKSMs/2CvxPcTrBjw9vgZBOdaJD1+j2/gLkSA=
|
||||
=8C44
|
||||
-----END PGP SIGNATURE-----
|
277
share/security/patches/EN-17:03/hyperv.patch
Normal file
277
share/security/patches/EN-17:03/hyperv.patch
Normal file
|
@ -0,0 +1,277 @@
|
|||
--- sys/cam/ata/ata_xpt.c.orig
|
||||
+++ sys/cam/ata/ata_xpt.c
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <sys/interrupt.h>
|
||||
#include <sys/sbuf.h>
|
||||
|
||||
+#include <sys/eventhandler.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/sysctl.h>
|
||||
@@ -824,6 +825,7 @@
|
||||
{
|
||||
struct ccb_pathinq cpi;
|
||||
int16_t *ptr;
|
||||
+ int veto = 0;
|
||||
|
||||
ident_buf = &softc->ident_data;
|
||||
for (ptr = (int16_t *)ident_buf;
|
||||
@@ -830,6 +832,17 @@
|
||||
ptr < (int16_t *)ident_buf + sizeof(struct ata_params)/2; ptr++) {
|
||||
*ptr = le16toh(*ptr);
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * Allow others to veto this ATA disk attachment. This
|
||||
+ * is mainly used by VMs, whose disk controllers may
|
||||
+ * share the disks with the simulated ATA controllers.
|
||||
+ */
|
||||
+ EVENTHANDLER_INVOKE(ada_probe_veto, path, ident_buf, &veto);
|
||||
+ if (veto) {
|
||||
+ goto device_fail;
|
||||
+ }
|
||||
+
|
||||
if (strncmp(ident_buf->model, "FX", 2) &&
|
||||
strncmp(ident_buf->model, "NEC", 3) &&
|
||||
strncmp(ident_buf->model, "Pioneer", 7) &&
|
||||
--- sys/conf/files.amd64.orig
|
||||
+++ sys/conf/files.amd64
|
||||
@@ -268,7 +268,6 @@
|
||||
dev/hyperv/netvsc/hv_net_vsc.c optional hyperv
|
||||
dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv
|
||||
dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv
|
||||
-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv
|
||||
dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv
|
||||
dev/hyperv/utilities/hv_heartbeat.c optional hyperv
|
||||
dev/hyperv/utilities/hv_kvp.c optional hyperv
|
||||
--- sys/conf/files.i386.orig
|
||||
+++ sys/conf/files.i386
|
||||
@@ -239,7 +239,6 @@
|
||||
dev/hyperv/netvsc/hv_net_vsc.c optional hyperv
|
||||
dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c optional hyperv
|
||||
dev/hyperv/netvsc/hv_rndis_filter.c optional hyperv
|
||||
-dev/hyperv/stordisengage/hv_ata_pci_disengage.c optional hyperv
|
||||
dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c optional hyperv
|
||||
dev/hyperv/utilities/hv_heartbeat.c optional hyperv
|
||||
dev/hyperv/utilities/hv_kvp.c optional hyperv
|
||||
--- sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c.orig
|
||||
+++ sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
|
||||
@@ -58,6 +58,7 @@
|
||||
#include <sys/lock.h>
|
||||
#include <sys/sema.h>
|
||||
#include <sys/sglist.h>
|
||||
+#include <sys/eventhandler.h>
|
||||
#include <machine/bus.h>
|
||||
#include <sys/bus_dma.h>
|
||||
|
||||
@@ -139,6 +140,15 @@
|
||||
struct hv_storvsc_request hs_reset_req;
|
||||
};
|
||||
|
||||
+static eventhandler_tag storvsc_handler_tag;
|
||||
+/*
|
||||
+ * The size of the vmscsi_request has changed in win8. The
|
||||
+ * additional size is for the newly added elements in the
|
||||
+ * structure. These elements are valid only when we are talking
|
||||
+ * to a win8 host.
|
||||
+ * Track the correct size we need to apply.
|
||||
+ */
|
||||
+static int vmscsi_size_delta = sizeof(struct vmscsi_win8_extension);
|
||||
|
||||
/**
|
||||
* HyperV storvsc timeout testing cases:
|
||||
@@ -954,21 +964,15 @@
|
||||
static int
|
||||
storvsc_probe(device_t dev)
|
||||
{
|
||||
- int ata_disk_enable = 0;
|
||||
int ret = ENXIO;
|
||||
|
||||
switch (storvsc_get_storage_type(dev)) {
|
||||
case DRIVER_BLKVSC:
|
||||
if(bootverbose)
|
||||
- device_printf(dev, "DRIVER_BLKVSC-Emulated ATA/IDE probe\n");
|
||||
- if (!getenv_int("hw.ata.disk_enable", &ata_disk_enable)) {
|
||||
- if(bootverbose)
|
||||
- device_printf(dev,
|
||||
- "Enlightened ATA/IDE detected\n");
|
||||
- device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
|
||||
- ret = BUS_PROBE_DEFAULT;
|
||||
- } else if(bootverbose)
|
||||
- device_printf(dev, "Emulated ATA/IDE set (hw.ata.disk_enable set)\n");
|
||||
+ device_printf(dev,
|
||||
+ "Enlightened ATA/IDE detected\n");
|
||||
+ device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
|
||||
+ ret = BUS_PROBE_DEFAULT;
|
||||
break;
|
||||
case DRIVER_STORVSC:
|
||||
if(bootverbose)
|
||||
@@ -2018,27 +2022,45 @@
|
||||
ccb->ccb_h.status &= ~CAM_STATUS_MASK;
|
||||
if (vm_srb->scsi_status == SCSI_STATUS_OK) {
|
||||
const struct scsi_generic *cmd;
|
||||
-
|
||||
+ cmd = (const struct scsi_generic *)
|
||||
+ ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
|
||||
+ csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
|
||||
if (vm_srb->srb_status != SRB_STATUS_SUCCESS) {
|
||||
- if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
|
||||
- xpt_print(ccb->ccb_h.path, "invalid LUN %d\n",
|
||||
- vm_srb->lun);
|
||||
- } else {
|
||||
- xpt_print(ccb->ccb_h.path, "Unknown SRB flag: %d\n",
|
||||
- vm_srb->srb_status);
|
||||
- }
|
||||
/*
|
||||
* If there are errors, for example, invalid LUN,
|
||||
* host will inform VM through SRB status.
|
||||
*/
|
||||
- ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
|
||||
+ if (bootverbose) {
|
||||
+ if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
|
||||
+ xpt_print(ccb->ccb_h.path,
|
||||
+ "invalid LUN %d for op: %s\n",
|
||||
+ vm_srb->lun,
|
||||
+ scsi_op_desc(cmd->opcode, NULL));
|
||||
+ } else {
|
||||
+ xpt_print(ccb->ccb_h.path,
|
||||
+ "Unknown SRB flag: %d for op: %s\n",
|
||||
+ vm_srb->srb_status,
|
||||
+ scsi_op_desc(cmd->opcode, NULL));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * XXX For a selection timeout, all of the LUNs
|
||||
+ * on the target will be gone. It works for SCSI
|
||||
+ * disks, but does not work for IDE disks.
|
||||
+ *
|
||||
+ * For CAM_DEV_NOT_THERE, CAM will only get
|
||||
+ * rid of the device(s) specified by the path.
|
||||
+ */
|
||||
+ if (storvsc_get_storage_type(sc->hs_dev->device) ==
|
||||
+ DRIVER_STORVSC)
|
||||
+ ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
|
||||
+ else
|
||||
+ ccb->ccb_h.status |= CAM_DEV_NOT_THERE;
|
||||
} else {
|
||||
ccb->ccb_h.status |= CAM_REQ_CMP;
|
||||
}
|
||||
|
||||
- cmd = (const struct scsi_generic *)
|
||||
- ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
|
||||
- csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
|
||||
if (cmd->opcode == INQUIRY) {
|
||||
struct scsi_inquiry_data *inq_data =
|
||||
(struct scsi_inquiry_data *)csio->data_ptr;
|
||||
@@ -2059,7 +2081,7 @@
|
||||
resp_buf[3], resp_buf[4]);
|
||||
}
|
||||
if (vm_srb->srb_status == SRB_STATUS_SUCCESS &&
|
||||
- data_len > SHORT_INQUIRY_LENGTH) {
|
||||
+ data_len >= SHORT_INQUIRY_LENGTH) {
|
||||
char vendor[16];
|
||||
|
||||
cam_strvis(vendor, inq_data->vendor,
|
||||
@@ -2152,3 +2174,57 @@
|
||||
return (DRIVER_UNKNOWN);
|
||||
}
|
||||
|
||||
+#define PCI_VENDOR_INTEL 0x8086
|
||||
+#define PCI_PRODUCT_PIIX4 0x7111
|
||||
+
|
||||
+static void
|
||||
+storvsc_ada_probe_veto(void *arg __unused, struct cam_path *path,
|
||||
+ struct ata_params *ident_buf __unused, int *veto)
|
||||
+{
|
||||
+
|
||||
+ /*
|
||||
+ * The ATA disks are shared with the controllers managed
|
||||
+ * by this driver, so veto the ATA disks' attachment; the
|
||||
+ * ATA disks will be attached as SCSI disks once this driver
|
||||
+ * attached.
|
||||
+ */
|
||||
+ if (path->device->protocol == PROTO_ATA) {
|
||||
+ struct ccb_pathinq cpi;
|
||||
+
|
||||
+ bzero(&cpi, sizeof(cpi));
|
||||
+ xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
|
||||
+ cpi.ccb_h.func_code = XPT_PATH_INQ;
|
||||
+ xpt_action((union ccb *)&cpi);
|
||||
+ if (cpi.ccb_h.status == CAM_REQ_CMP &&
|
||||
+ cpi.hba_vendor == PCI_VENDOR_INTEL &&
|
||||
+ cpi.hba_device == PCI_PRODUCT_PIIX4) {
|
||||
+ (*veto)++;
|
||||
+ if (bootverbose) {
|
||||
+ xpt_print(path,
|
||||
+ "Disable ATA disks on "
|
||||
+ "simulated ATA controller (0x%04x%04x)\n",
|
||||
+ cpi.hba_device, cpi.hba_vendor);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+storvsc_sysinit(void *arg __unused)
|
||||
+{
|
||||
+ if (vm_guest == VM_GUEST_HV) {
|
||||
+ storvsc_handler_tag = EVENTHANDLER_REGISTER(ada_probe_veto,
|
||||
+ storvsc_ada_probe_veto, NULL, EVENTHANDLER_PRI_ANY);
|
||||
+ }
|
||||
+}
|
||||
+SYSINIT(storvsc_sys_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, storvsc_sysinit,
|
||||
+ NULL);
|
||||
+
|
||||
+static void
|
||||
+storvsc_sysuninit(void *arg __unused)
|
||||
+{
|
||||
+ if (storvsc_handler_tag != NULL)
|
||||
+ EVENTHANDLER_DEREGISTER(ada_probe_veto, storvsc_handler_tag);
|
||||
+}
|
||||
+SYSUNINIT(storvsc_sys_uninit, SI_SUB_DRIVERS, SI_ORDER_SECOND,
|
||||
+ storvsc_sysuninit, NULL);
|
||||
--- sys/modules/hyperv/Makefile.orig
|
||||
+++ sys/modules/hyperv/Makefile
|
||||
@@ -1,5 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
-SUBDIR = vmbus netvsc stordisengage storvsc utilities
|
||||
+SUBDIR = vmbus netvsc storvsc utilities
|
||||
|
||||
.include <bsd.subdir.mk>
|
||||
--- sys/sys/eventhandler.h.orig
|
||||
+++ sys/sys/eventhandler.h
|
||||
@@ -270,4 +270,11 @@
|
||||
EVENTHANDLER_DECLARE(register_framebuffer, register_framebuffer_fn);
|
||||
EVENTHANDLER_DECLARE(unregister_framebuffer, unregister_framebuffer_fn);
|
||||
|
||||
+/* Veto ada attachment */
|
||||
+struct cam_path;
|
||||
+struct ata_params;
|
||||
+typedef void (*ada_probe_veto_fn)(void *, struct cam_path *,
|
||||
+ struct ata_params *, int *);
|
||||
+EVENTHANDLER_DECLARE(ada_probe_veto, ada_probe_veto_fn);
|
||||
+
|
||||
#endif /* _SYS_EVENTHANDLER_H_ */
|
||||
--- sys/x86/x86/io_apic.c.orig
|
||||
+++ sys/x86/x86/io_apic.c
|
||||
@@ -412,6 +412,18 @@
|
||||
u_int old_id;
|
||||
|
||||
/*
|
||||
+ * On Hyper-V:
|
||||
+ * - Stick to the first cpu for all I/O APIC pins.
|
||||
+ * - And don't allow destination cpu changes.
|
||||
+ */
|
||||
+ if (vm_guest == VM_GUEST_HV) {
|
||||
+ if (intpin->io_vector)
|
||||
+ return (EINVAL);
|
||||
+ else
|
||||
+ apic_id = 0;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
* keep 1st core as the destination for NMI
|
||||
*/
|
||||
if (intpin->io_irq == IRQ_NMI)
|
17
share/security/patches/EN-17:03/hyperv.patch.asc
Normal file
17
share/security/patches/EN-17:03/hyperv.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujP0ACgkQ7Wfs1l3P
|
||||
aueetw/5AQuf9NbvaF6EyBq/4yY7ltLbFLBCSNQDij4sK0wLEPwZaUj3OVWaAVe5
|
||||
kZfGbdWl9E/iXbrQQO8gr6qSK7tvzBoDoZidTbS+PaaSJMq96GOtjgcUX3JAMlNL
|
||||
iygmYFq48kgFVvaja6NUPNxw5qV7n/HumnjqjC4JAxoeJ8SBCvzn1dmI5G/i2MMF
|
||||
gheVPUo/c5Gv5waaL2YDNRjQs80bPlssI1q/Zk9fORdLY4KzhG4nVv7ZwNoQS+w4
|
||||
y5bi1tgLPorpXycQbRCrV/E1Ll521NsX0D7MA0zwoII9KoDXJi+1BkS7YPA+IJh/
|
||||
q5Y7S6/zB0fUhyrjt1+JHP8k+oXvA7m2dvhzAJGYEo0NokKY/mCTLUnGvnRMrzMF
|
||||
nRYFxbImqPW5FtieQZ6+ChaZoSkaAJ+VCweEQMx1KzREs4JUwRquxKFxkHwWEybD
|
||||
mJ8R/bI8j3w3D52OqKCUGV9Mj7ZkoAicggtP5vPvTBg7kCb7hnUybHRk/zxxfwXp
|
||||
6NPvMP4TEz2/4CncWZh0rUFI7HzfQSSEq3HTz6NxE6k5I8rt9h63R/AhJiqGegEy
|
||||
SaN+lMMGiZ7QtQ4yVMPwvCSr6URabASJVXI9PUuFMO19Gz+pPrq9Y+zFU/WHmJL8
|
||||
XL86LeCtdGRzRR/5t/EZ3/3cZQtevKjjy3PgsmA7Vizfp1dSnLE=
|
||||
=8o7n
|
||||
-----END PGP SIGNATURE-----
|
119
share/security/patches/EN-17:04/mandoc.patch
Normal file
119
share/security/patches/EN-17:04/mandoc.patch
Normal file
|
@ -0,0 +1,119 @@
|
|||
--- contrib/mdocml/mandocdb.c.orig
|
||||
+++ contrib/mdocml/mandocdb.c
|
||||
@@ -103,6 +103,7 @@
|
||||
char *arch; /* architecture from file content */
|
||||
char *title; /* title from file content */
|
||||
char *desc; /* description from file content */
|
||||
+ struct mpage *next; /* singly linked list */
|
||||
struct mlink *mlinks; /* singly linked list */
|
||||
int form; /* format from file content */
|
||||
int name_head_done;
|
||||
@@ -146,6 +147,7 @@
|
||||
static int dbopen(int);
|
||||
static void dbprune(void);
|
||||
static void filescan(const char *);
|
||||
+static int fts_compare(const FTSENT *const *, const FTSENT *const *);
|
||||
static void mlink_add(struct mlink *, const struct stat *);
|
||||
static void mlink_check(struct mpage *, struct mlink *);
|
||||
static void mlink_free(struct mlink *);
|
||||
@@ -204,6 +206,7 @@
|
||||
static sqlite3 *db = NULL; /* current database */
|
||||
static sqlite3_stmt *stmts[STMT__MAX]; /* current statements */
|
||||
static uint64_t name_mask;
|
||||
+static struct mpage *mpage_head;
|
||||
|
||||
static const struct mdoc_handler mdocs[MDOC_MAX] = {
|
||||
{ NULL, 0 }, /* Ap */
|
||||
@@ -571,6 +574,20 @@
|
||||
return (int)MANDOCLEVEL_BADARG;
|
||||
}
|
||||
|
||||
+static int
|
||||
+fts_compare(const FTSENT *const *a, const FTSENT *const *b)
|
||||
+{
|
||||
+
|
||||
+ /*
|
||||
+ * The mpage list is processed in the opposite order to which pages are
|
||||
+ * added, so traverse the hierarchy in reverse alpha order, resulting
|
||||
+ * in database inserts in alpha order. This is not required for correct
|
||||
+ * operation, but is helpful when inspecting the database during
|
||||
+ * development.
|
||||
+ */
|
||||
+ return -strcmp((*a)->fts_name, (*b)->fts_name);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Scan a directory tree rooted at "basedir" for manpages.
|
||||
* We use fts(), scanning directory parts along the way for clues to our
|
||||
@@ -600,8 +617,8 @@
|
||||
argv[0] = ".";
|
||||
argv[1] = (char *)NULL;
|
||||
|
||||
- f = fts_open((char * const *)argv,
|
||||
- FTS_PHYSICAL | FTS_NOCHDIR, NULL);
|
||||
+ f = fts_open((char * const *)argv, FTS_PHYSICAL | FTS_NOCHDIR,
|
||||
+ fts_compare);
|
||||
if (f == NULL) {
|
||||
exitcode = (int)MANDOCLEVEL_SYSERR;
|
||||
say("", "&fts_open");
|
||||
@@ -966,6 +983,8 @@
|
||||
mpage = mandoc_calloc(1, sizeof(struct mpage));
|
||||
mpage->inodev.st_ino = inodev.st_ino;
|
||||
mpage->inodev.st_dev = inodev.st_dev;
|
||||
+ mpage->next = mpage_head;
|
||||
+ mpage_head = mpage;
|
||||
ohash_insert(&mpages, slot, mpage);
|
||||
} else
|
||||
mlink->next = mpage->mlinks;
|
||||
@@ -989,20 +1008,18 @@
|
||||
{
|
||||
struct mpage *mpage;
|
||||
struct mlink *mlink;
|
||||
- unsigned int slot;
|
||||
|
||||
- mpage = ohash_first(&mpages, &slot);
|
||||
- while (NULL != mpage) {
|
||||
+ while (NULL != (mpage = mpage_head)) {
|
||||
while (NULL != (mlink = mpage->mlinks)) {
|
||||
mpage->mlinks = mlink->next;
|
||||
mlink_free(mlink);
|
||||
}
|
||||
+ mpage_head = mpage->next;
|
||||
free(mpage->sec);
|
||||
free(mpage->arch);
|
||||
free(mpage->title);
|
||||
free(mpage->desc);
|
||||
free(mpage);
|
||||
- mpage = ohash_next(&mpages, &slot);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1123,18 +1140,14 @@
|
||||
char *sodest;
|
||||
char *cp;
|
||||
int fd;
|
||||
- unsigned int pslot;
|
||||
|
||||
if ( ! nodb)
|
||||
SQL_EXEC("BEGIN TRANSACTION");
|
||||
|
||||
- mpage = ohash_first(&mpages, &pslot);
|
||||
- while (mpage != NULL) {
|
||||
+ for (mpage = mpage_head; mpage != NULL; mpage = mpage->next) {
|
||||
mlinks_undupe(mpage);
|
||||
- if ((mlink = mpage->mlinks) == NULL) {
|
||||
- mpage = ohash_next(&mpages, &pslot);
|
||||
+ if ((mlink = mpage->mlinks) == NULL)
|
||||
continue;
|
||||
- }
|
||||
|
||||
name_mask = NAME_MASK;
|
||||
mandoc_ohash_init(&names, 4, offsetof(struct str, key));
|
||||
@@ -1256,7 +1269,6 @@
|
||||
nextpage:
|
||||
ohash_delete(&strings);
|
||||
ohash_delete(&names);
|
||||
- mpage = ohash_next(&mpages, &pslot);
|
||||
}
|
||||
|
||||
if (0 == nodb)
|
17
share/security/patches/EN-17:04/mandoc.patch.asc
Normal file
17
share/security/patches/EN-17:04/mandoc.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQEACgkQ7Wfs1l3P
|
||||
aucgbA/6AsqHHLk+Cfjad7pRQ/gLP2AGbGvGKjHztRrmHPqlILF2ev5kMI0/Ulbx
|
||||
hz6hDgYZOwXTW38av2E/jlt1zhwFQ9gLjMLcNedeFY4xsujH/6L6PYJrJALqIXjI
|
||||
dCNFYfH3avXzviG70wXhcIcDmOgOtXhQ5huKkwtUDK+I4maup0d6YNq2uXEaLt/x
|
||||
M4HVRHkre8pjqRpOVLruhwdqv1/Wlr22MXGZ5XT9jP4Cc6/XK/giwfYDZIB3g4eD
|
||||
Yu9ZcuZPwXiMaY+ofKg/zocHtN7vHDZsKFghzh/gMo5prhBn1umYHQWx5trqLmo2
|
||||
dyCFkT/K/+brbG4sayUhzXGw3b2Mb/XzVM1Sez/n656vKcIfy0osuGG8PveTwbED
|
||||
bY4f6p01hGYb5pNIgVh3yehlW39iUnob1X1EcGjo2p4Saxi8LwjBQ0QmiJGj2SRX
|
||||
48TF2EmlJYFLkm52O1PE/z6KKP6Nw0kLk1Q/IcSFFjnv9zidfAhJKHuz8QTfVbI6
|
||||
z7TKsrcEXFso/L/Qg62xmSw0mg4gpdmegSfmLsgbNmcnGZOlUkGnqiI6gS8i95RL
|
||||
kh15sahWblxUmuXH88y1CP3YEBKo+4G5R99DfMC55jy8uDsX99veHrehp7y3nxA9
|
||||
ER1GW6d9kLnaoxY+L7ubLkmU+rozuyYkSBaqtNAx/3yt8NBnh3w=
|
||||
=TyPt
|
||||
-----END PGP SIGNATURE-----
|
11
share/security/patches/SA-17:02/openssl-10.patch
Normal file
11
share/security/patches/SA-17:02/openssl-10.patch
Normal file
|
@ -0,0 +1,11 @@
|
|||
--- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c.orig
|
||||
+++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
|
||||
@@ -267,6 +267,8 @@
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (!ctx->encrypt) {
|
||||
+ if (len < MD5_DIGEST_LENGTH)
|
||||
+ return -1;
|
||||
len -= MD5_DIGEST_LENGTH;
|
||||
p[arg - 2] = len >> 8;
|
||||
p[arg - 1] = len;
|
17
share/security/patches/SA-17:02/openssl-10.patch.asc
Normal file
17
share/security/patches/SA-17:02/openssl-10.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQgACgkQ7Wfs1l3P
|
||||
auegMQ/6AwM1SkI936FCoj48Z9gVGTP68fbWYSiXpYb5JoDh/E9y/BlSAWSmxi2/
|
||||
70EmzRXahvgEQbgEu2WBpOq7AS20jQvF6TeRqjtKQQ7/RZwyxCG7cHy5VQoxlx0M
|
||||
6M8Ggpz22GmQN81p1wT6sCEt4PrFw07/x+aveP9XY85VoFQZ13x6CX/yLJhmqlHD
|
||||
FCaGwTDLYHKI/dVnflO/dyOcTfdKs/nJt3uomS0ThgB21nrrK6dEA19aMUxXq0/A
|
||||
+sdiBGu6rhpJnL2iO8f1u1qVAQFbiBRyYmuk+bmo2HXbnyxyW4DItHjj+RsVfXGT
|
||||
jN9r9UBFlQt0q44OkHBQQ1QTP4qwZhWKWtMpHrRmZNv8NDvR5Q57Pu74XHJ3azcR
|
||||
JQ8lSnbBkDRMmbQHTEn8i5WGMcmnIBCDfZDOJdoMy6hppvd9t1nfVDJRzJobznvb
|
||||
HGXbbDIFekp0MbiunGz2iMKpCbvJLglDIzD6pSCEHdbIotvZqoHvyO8pw4yuBJFh
|
||||
wo2lu/Gxr4RcITWTo6Mo0C5JcF42QGOaX6ELMb5tXwfRXh9IFPiJlSmziN+lmqUx
|
||||
h/t1OUahR9GefDiZFI1aNcmv/M0Vg0nnA3FnS3c/Y2dSQ3NAjaLmWCnXJHiH/F5J
|
||||
63kJEn1q2jiGT75LMnPVumezIiYtKLJUIh8M/90ihKB8+8weTKk=
|
||||
=wnyq
|
||||
-----END PGP SIGNATURE-----
|
23860
share/security/patches/SA-17:02/openssl-11.patch
Normal file
23860
share/security/patches/SA-17:02/openssl-11.patch
Normal file
File diff suppressed because it is too large
Load diff
17
share/security/patches/SA-17:02/openssl-11.patch.asc
Normal file
17
share/security/patches/SA-17:02/openssl-11.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.18 (FreeBSD)
|
||||
|
||||
iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQkACgkQ7Wfs1l3P
|
||||
auewhQ//VFWQScIUtXC6zAR9P70ua1ez1imvhi5iB2W0NJOz/47UaM9FpA0yBRbP
|
||||
99CHNo7PrtFP7plSVqDB+InzSHrmgne5VbquOdqJBoq3qkBFuR5VY5sHXGfq1fzG
|
||||
vRAWGaDfzN4JcRqIS/ocvcRno9+IV+zF9D16roIVj4o4/s16iGfBb2Kz8nCHukjB
|
||||
ACIQ3EMkd98KHBO70dMilaO+yyKdqu5UId6Lb6BorN79jyiNerhhCHniaO0Pur5u
|
||||
6oVyRy3Ext9NxXsSqodSOOd3d6SBO9SOX/z7SLT+oi4UM7Ci3wfGpb7R1e1hZJaV
|
||||
5+eq68DFqeJeRIyKvAS2T7mYqRQq/rKRL28LfkNpVNtYypsz7ZSWE92h6/HTLzpy
|
||||
8iI0bf1QNN9LiyZkiSSoxtkiVTp6JyK4L5O9kJs4BnTJ2FzGOtHYECuALGKD2y0n
|
||||
RvJlq1k4/X75zW14+Tbt0ptTLBlpRZKvbP4SttYqjVEgxVDCirbpyuheWu+n43ah
|
||||
xuSix6LbRBvMqr9bjQthfabzlPZzFQIpHmi0pgCasI+BRa6XKAR/UyYlIgy2rRFW
|
||||
fuN1WM3E5yvVtRfpIG4gPjZjoi1fwP18zia1i7zl9bQdpaUM/8WSjTSxTK0Dih2A
|
||||
3NSetWoFBbZDtCc2Dv2yIP6BclUulWNnmZdOnuiEVOGNEHvHoUs=
|
||||
=c9X0
|
||||
-----END PGP SIGNATURE-----
|
|
@ -7,6 +7,18 @@
|
|||
<year>
|
||||
<name>2017</name>
|
||||
|
||||
<month>
|
||||
<name>2</name>
|
||||
|
||||
<day>
|
||||
<name>23</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-17:02.openssl</name>
|
||||
</advisory>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>1</name>
|
||||
|
||||
|
|
|
@ -5,6 +5,32 @@
|
|||
</cvs:keyword>
|
||||
|
||||
<year>
|
||||
<name>2017</name>
|
||||
|
||||
<month>
|
||||
<name>2</name>
|
||||
|
||||
<day>
|
||||
<name>23</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-17:04.mandoc</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-17:03.hyperv</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-17:02.yp</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-17:01.pcie</name>
|
||||
</notice>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<name>2016</name>
|
||||
|
||||
<month>
|
||||
|
|
Loading…
Reference in a new issue