Add EN-17:01-04, SA-17:02.

svn path=/head/; revision=50004

share/security/advisories/FreeBSD-EN-17:01.pcie.asc

@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-17:01.pcie                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          System hang when booting when PCI-express HotPlug is enabled
+
+Category:       core
+Module:         kernel
+Announced:      2017-02-23
+Credits:        Alan Somers, Dave Baukus
+Affects:        FreeBSD 11.0
+Corrected:      2017-02-07 22:40:38 UTC (stable/11, 11.0-STABLE)
+                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+Native PCI-express HotPlug permits PCI-express devices to be added and
+removed at runtime in slots that support HotPlug.
+
+II.  Problem Description
+
+Some PCI-express slots indicate partial support for PCI-express HotPlug
+in the capability registers associated with an individual slot.  The
+PCI-express HotPlug driver attempted to configure these slots for HotPlug
+operation.  However, since these slots do not fully support HotPlug,
+enabling HotPlug results in unpredictable behavior.
+
+III. Impact
+
+On at least some systems, booting a kernel with PCI-express HotPlug
+support can hang.
+
+IV.  Workaround
+
+The hw.pci.enable_pcie_hp loader tunable can be set to 0 to disable
+support for PCI-express HotPlug before booting an affected kernel.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch
+# fetch https://security.FreeBSD.org/patches/EN-17:01/pcie.patch.asc
+# gpg --verify pcie.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r313408
+releng/11.0/                                                      r314125
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211699>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:01.pcie.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNEACgkQ7Wfs1l3P
+aucj/RAAsB/+cWKAaf5pLiP9Hh9Rjmry8ZMyiG6RVBB22N8UM34ioiPPSjTu1ogQ
+ZCP31fUqCWDwwQgVu6/Nl4Ur/NjeOYMjHAzxyjlgrFPx2RliptZCakMSA7NDBm7h
+vhFxlvBdLvYOL1sDTPwO1HuaIRl8f6BMa3p99Ubaur2Blw7Zn2gDaIEDdiG8K2LN
+m+R+yJvDqJmpQJcTiqkxMrcfemcmpuVkH/PTaQhjcuZfslQW8eL82dfXsmkuv5tz
+J1cXJHSZHhX1Bq+cuKpAVp7rV65iud5nElt1NJiG4GC61h289nSoqsUebWcjzx4j
+0XVwCxitLVqgybdD+OtJejxBwgwWnB3K2xicu5WYOSo/jUhXGRLXZTSk1COvDwZZ
+4ndeGv1RwwknQTNxfHlnOH9uZozvQq1fCyXZ2CBnsfKs5gxW2GAF1+xTGXD2tSAJ
+ntyc9JhiV0EmixG/aiDk8D6HaUnvcqvtUHCewbNXKy2xqRbnNDal613vzhgbNWKi
+RqFoPDDCaLsD9uoL/DSh8R8sHh8QuNq903JxPODM0MoioWYGj+xzz5RNY1EwlhcO
+nRI3CwmQr/Oxow+ajEqT4MRaQtmHSudmvcF6Syyw6Rt0lWF4R6KxYk2fPdaW18N0
+LU9fqH2IWGSmzPMdnJKI6I49jtOiUaIfXCAGpX15jpVN/1ZUg1k=
+=x/qY
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-17:02.yp.asc

@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-17:02.yp                                             Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          NIS master updates are not pushed to NIS slave
+
+Category:       core
+Module:         yppush, ypxfr
+Announced:      2017-02-23
+Credits:        Mark Johnston
+Affects:        FreeBSD 11.0-RELEASE
+Corrected:      2016-10-19 17:18:48 UTC (stable/11, 11.0-STABLE)
+                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+yppush(8) and ypxfr(8) utilities are used to synchronize databases from
+a master NIS server.
+
+II.  Problem Description
+
+A bug present in FreeBSD 11.0 prevents these utilities from working
+properly. In particular, an attempt to synchronize a non-empty map
+causes yppush(8) to crash.
+
+III. Impact
+
+The problem prevents updates to a master NIS server from being propagated
+to NIS slave servers.
+
+IV.  Workaround
+
+No workaround is available, but NIS configurations which do not make
+use of NIS slave servers are unaffected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is not required.  However, the system administrator may need to
+manually run yppush(8) after the update have been applied on slave systems.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch
+# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch.asc
+# gpg --verify yp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+A reboot is not required.  However, the system administrator may need to
+manually run yppush(8) after the update have been applied on slave systems.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r307642
+releng/11.0/                                                      r314125
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213506>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:02.yp.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNcACgkQ7Wfs1l3P
+aucX/Q/5AbGPtToi+NC4OB0sNJbCiJD5WOP7tmbNipDm5SGoItN+lXQSv+FN1wbF
+9R4vhqBqDROE35PF9QUWdFb1qE4i37lD4DznK7r1urg3n7CWx5zcPYAz3PNA7FFX
+IJixTM4fjhoWoKAWMLZhc+7+ez7HB83AZrExXDBFRnj7SvceJw6B//yCRB/he9l3
+trE5yvUyAiSPylG5qfA6upsJftXsluajq0uQ/yD4iGfqT8nqjOrsd4z64S6+3wTT
+lnZHyjNEfIqVQ81Lp9EIsqaU7pyvPrjRQqxsHI+rZO/2YVA/RDokeIcq6s+8GN76
+/H7U8XoEuLFNq39s+fHOLTIPGjSM5PN1jqreoJTXnLFqpDtc2WI3W6cvMUY3lD2y
+rW3jDrQOxKF8E9qD/wyi7Sa74cC4PduEe9F+fwNOf+gQUtd/NF+OcnSo0imUnmvU
+VJy7FHSUQWZY7ZDW0L7CUT6IDBvIncUKlt1DX4b8M9GkX65FtXmd4risExxBlGDh
+ikMD+qzCE8tlqzXKPzEmZNLgsAj0nJiZIcD6kMDORLNyzdI7AeqSazg6Pt70XstR
+r+GjK1Hclp/lTqaEJLuBrkd2LJGI2Wcyp/nRZ6OifyduvRwk5vKPhQf792zqx+FK
+0sZ1T7po0aop1sDFRDZKCHMRxxpKfd5BTxEyQ24v7GL02Dz/rVk=
+=zlKa
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-17:03.hyperv.asc

@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-17:03.hyperv                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Compatibility with Hyper-V/storage after KB3172614 or
+                KB3179574
+
+Category:       core
+Module:         hyperv/storvsc
+Announced:      2017-02-23
+Credits:        Microsoft OSTC
+Affects:        FreeBSD 11.0-RELEASE
+Corrected:      2016-10-19 07:43:39 UTC (stable/11, 11.0-STABLE)
+                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+Hyper-V is a default hypervisor provided on Windows server by Microsoft.
+ATA driver is the legacy storage driver for FreeBSD on Hyper-V, now they
+are replaced by synthetic driver which has better performance. There are
+issues when attaching synthetic storage driver for FreeBSD 11 on some of
+Hyper-V hosts.
+
+II.  Problem Description
+
+There are some compatibility issues with the FreeBSD Hyper-V driver, 
+which will cause the OS disk to be detached if August 2016 update rollup
+is applied on Windows host (KB3172614 or KB3179574).
+
+III. Impact
+
+FreeBSD 11.0 can not be installed on a guest system on Hyper-V host.
+
+IV.  Workaround
+
+On Hyper-V connection, when the installer boot prompt, select
+
+    3. Escape to the loader prompt
+
+Then:
+
+    set hw.ata.disk_enable=1
+    boot.
+
+Note: this workaround force FreeBSD to use legacy storage driver
+which is much slower than synthetic driver.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-17:03/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r307617
+releng/11.0/                                                      r314125
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212721>
+
+<URL:https://support.microsoft.com/en-au/help/24717/windows-8-1-and-windows-server-2012-r2-update-history>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNwACgkQ7Wfs1l3P
+auea7BAAtYKNH1OVGWZ2frFoaVAuzLA0Gow599XCM5ycF39HTlavmoR1+KN9g8Gh
+r2wEBvIM/Yzla16mmLEzt7QLeSFMP1mgVb1lUtvAp62b/lzb2ImIvL3qhury0nop
+eczup/A/nFOOgOa/IEMsxqi5noB5e2ODkWEOayiLNd5fmD/BF+yACEKi0YI0krQY
+Oonq4N9ah7z4rT8OYC2LNQPvc00ZAAq9eq/IDdtWDvLgpxOF1W+dJ0MAzLhQwNJn
+9cdW13AcrdJHxzyjAGeOd1pedWFs0ueEXLI+J5pVOvpZd3WeAc9Fls8t7GNgYwvf
+dpf9uaB765n5tZCa+gc8h2eSzY59aEAQOtHXTqlMGp3ACl7D7Gjmhh42Vp4fgySb
+zeeKEqAnNay4NdBEGt/U9CjycNKMKi6/bqLpEq3rxu8QFPzeXuwIB3favj8MpIUI
+ZMda4CQ1E9XLgG6YoupSpnVSbvNFZIEQ2RHzZesKlIoQIM4OPSBWPGjSR9UDMNKH
+mxb/cWMwO9N4G7xzKSULuIAF33wZYkaKqTfzOKVtOEZ7hlBPlqzfXK2MNqlbc0PO
+3bqPvrg8KXL8OyswEy0sZaptQs/jTUZjqI9/JNWY+IdRR1clVrRdpg/YWljwqqvb
+hFIarahbNC1fvsMTeAFq8QBGXkoy6ovmjpKrhBfPNpaiL5ccuWU=
+=nMwL
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-17:04.mandoc.asc

@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-17:04.mandoc                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          makewhatis output is not reproducible
+
+Category:       contrib
+Module:         mandoc
+Announced:      2017-02-23
+Credits:        Ingo Schwarze, Ed Maste
+Affects:        FreeBSD 11.0-RELEASE
+Corrected:      2016-11-26 03:39:02 UTC (stable/11, 11.0-STABLE)
+                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The makewhatis utility extracts keywords from UNIX manuals and indexes
+them in a database for fast retrieval by apropos(1), whatis(1), and
+man(1)'s -k option.
+
+II.  Problem Description
+
+The generation of makewhatis database is not reproducible.
+
+III. Impact
+
+The freebsd-update(8) build procedure may consider mandoc.db as changed when
+built multiple times.
+
+IV.  Workaround
+
+No workaround is available, but the impact is mostly cosmetic.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Reboot is not necessary.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is not necessary.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch
+# fetch https://security.FreeBSD.org/patches/EN-17:04/mandoc.patch.asc
+# gpg --verify mandoc.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r309183
+releng/11.0/                                                      r314125
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214545>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:04.mandoc.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOMACgkQ7Wfs1l3P
+aucxsA//fsEp6miJAsXLBOFxI1hiRheHb6HlOaXYrMo59sKLgRGRipe34AxIq3Ca
+cYvVRHOEpXlUZNMvModg/P42SkkQLDi+2tIenvQUG5T5r3xSRTAHOU0pSRlpfjaA
+8OCIaZaWYDIcTOEfaQocIbjwuKfzw5qVxZY6Ot3NPz0QEpOSzFGkbRrM8JxkrVyg
+ROtzY/rqaDbhfdKyTCS8PZCIW4ZwNiBjAV9kZysviN3RUSQvLaxEC+vTDjU9BBm5
+CKIU3y0aoSlO4W6A9ahqVb/4hX7A2WBoFpfhMVXsVOzi4SkJhaFKNdjwbq6Nrmxr
+hePKGTSYVtcVIaiyf0rJwHDvGK6y4NKCTTqCwlQ7hrMGZHY2D5t5NAdd10uvIrv6
+PDQkJBap5hZTnSeJ+rZt1jSUR1qAJ+xb86Fe1dG30fs6AsKpbYJEpTLWgSXmOfp/
+GQT0SCxv5mxtxMzIom8MUQipYay1cUIiXAh/wlfxERNWHHt3UXoP4/wS9Df+26w9
+zQ/5fk3TbtxAcCpZWBeZr1+pKIomQ4+51wU7zgyjAHvGRDesoA54XS3BOTJPWKnY
+G1iNBWECSQC26jwzmSv/MMXf4BqT6ezZXXZ22uMeYQCTD4p0tiC6/H4RUEVSgOSl
+TnZ026b3FQRlE6FIOYPK9a4AipnLYu4NW6f9tsJquwRyElLSd/U=
+=oyNi
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-17:02.openssl.asc

@@ -0,0 +1,164 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:02.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL multiple vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2017-02-23
+Affects:        All supported versions of FreeBSD.
+Corrected:      2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)
+                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
+                2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)
+                2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16)
+CVE Name:       CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+If an SSL/TLS server or client is running on a 32-bit host, and a specific
+cipher is being used, then a truncated packet can cause that server or
+client to perform an out-of-bounds read, usually resulting in a crash.
+[CVE-2017-3731]
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
+No EC algorithms are affected. Analysis suggests that attacks against RSA and
+DSA as a result of this defect would be very difficult to perform and are not
+believed likely. Attacks against DH are considered just feasible (although
+very difficult) because most of the work necessary to deduce information
+about a private key may be performed offline. The amount of resources
+required for such an attack would be very significant and likely only
+accessible to a limited number of attackers. An attacker would additionally
+need online access to an unpatched system using the target private key in
+a scenario with persistent DH parameters and a private key that is shared
+between multiple clients. [CVE-2017-3732]
+
+Montgomery multiplication may produce incorrect results. [CVE-2016-7055]
+
+III. Impact
+
+A remote attacker may trigger a crash on servers or clients that supported
+RC4-MD5. [CVE-2017-3731]
+
+A remote attacker may be able to deduce information about a private key,
+but that would require enormous amount of resources. [CVE-2017-3732,
+CVE-2016-7055]
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all daemons that use the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.0]
+# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc
+# gpg --verify openssl-11.patch.asc
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc
+# gpg --verify openssl-10.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r312863
+releng/10.3/                                                      r314125
+stable/11/                                                        r312826
+releng/11.0/                                                      r314126
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055> 
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731> 
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>
+
+<URL:https://www.openssl.org/news/secadv/20170126.txt>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P
+aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If
+Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5
+cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG
+US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V
+UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG
+CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY
+KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI
+P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq
+I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l
+9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB
+Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4=
+=8Jsr
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:01/pcie.patch

@@ -0,0 +1,11 @@
+--- sys/dev/pci/pci_pci.c.orig
++++ sys/dev/pci/pci_pci.c
+@@ -935,6 +935,8 @@
+ 
+ 	if ((sc->pcie_slot_cap & PCIEM_SLOT_CAP_HPC) == 0)
+ 		return;
++	if ((sc->pcie_link_cap & PCIEM_LINK_CAP_DL_ACTIVE) == 0)
++		return;
+ 
+ 	/*
+ 	 * Some devices report that they have an MRL when they actually

share/security/patches/EN-17:01/pcie.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPUACgkQ7Wfs1l3P
+aucnkRAAlrRIt4XdzSyuVFcuK3vIhbO2MEhlVmsduYElQ+S/A/QOyhgAVN83TveN
+3JvQSozXA8OTw7cGDOD8SiL7Hyr79PsC+cWkbD/XhQGLwXtwcaywTTIOuc7ny0Cj
+4m7tl3DzO8FN0rKGoOCC0UCiaTamKfh3Wl+mMHHPBOtYyk+DKzSw7TnTLaRrI90q
+wWnQnF5Xr1pCbJBwyx3EvIQq9AL6d5nRm6af8cksWaChpH1w6elNl0Q0FbojKkdp
+6aweLHYORRu8cVqDsOjuWoNq6BMyEF/cooqufmBb5JkpgwaFgVntp7aI0ql8Ts/v
+mkvSqMTyzPiJGEBoDDqBosQdb66MeGIV9PZIjR8AQEIwagXo4KCNq3PwW8kPKlJ1
+8vrxRGQc8xSKRvv7h0Xvg5Ovhodu7UV1RtFVUqWMAdeLqTy6mtyRmjOKb4ouy7wC
+V9/ZgG87zYHHpLmg6EmQfAB3fa8ksR30/rJEBxehxdbJTAwaxCfK2RWpRu4MVTH1
+uJrbEbiFHpSHM46LJ9JbkLfOfNMLuDz0K688D3eecWvpzyO7Zk7NqPV1fWOlcQLk
+xtdOFzmSV8Cr1UBiUV7AaAap20nXWrqQ7Lp5Q9fj7y7l7xVznh95Tf6VlFergBMB
+hR2MHvbCHExx9vokyWSYyz/yq7mnCJWNcSMDdRCfAjqqpSD9lGI=
+=2ZA+
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:02/yp.patch

@@ -0,0 +1,13 @@
+--- libexec/ypxfr/ypxfr_getmap.c.orig
++++ libexec/ypxfr/ypxfr_getmap.c
+@@ -43,8 +43,8 @@
+ 
+ extern bool_t xdr_ypresp_all_seq(XDR *, unsigned long *);
+ 
+-static int (*ypresp_allfn)();
+-static void *ypresp_data;
++extern int (*ypresp_allfn)();
++extern void *ypresp_data;
+ extern DB *specdbp;
+ extern enum ypstat yp_errno;
+ 

share/security/patches/EN-17:02/yp.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPkACgkQ7Wfs1l3P
+audR3A//Y0/IZ4iyUh3N0Twwc/ywoSV2ph+D2XF9PmI3HWTk4F+uEN+/02XNDhft
+V9T25LuyuaROBrvDDgpN+9d8V82zxo8K4YiSi8YaarQq71q7lAUAJ0YIg+an9ije
+4M6HNDRk0x99rueb2gmOSk/6EWyUzLSwlumzhG1SdKrgz0VN2ItoSdE9FDNfHqTG
+UfCeXa5bgoQUU/yNfzQu4QfuTQzx/Oq2Kfjr5wIOK+bZxLk6tlInDxBhg5oJq/KZ
+zXgL4mJmqF/glDNKxpa8yZxHmiXql9wwI/mnRmVODQ2CCHDcuSx6uOxpS8PNhect
+31PpPR9wFtFOBGbXsuBHGUkGVjjReADXcBU0SdaFY02WlonQXnvc7RhzFu4TOo5Z
+6LTOxyiCIc7ZJW1nW7HmXZl5VfzWL/wmK0QHlLSMJ24tPwrAizPlT0OEwsjOlhCq
+LYfWRKBRPlu8x7Ow8J0ecYCouhPGy4dYA4o68fBvpk27HUREw0VgfpTPNgrcZinK
+VEM+z5zx7fQXuNkwb3GYQzCGDKLbZTtxZ35APlIzhCYtUdJ1kA5Q/udvxNIbd1zD
+apmj7h4+xgx5T+ncmPsyROm805LdXFGsMT9CcMrqECadGzRMC0Cq0tyOINnFHryp
+hmSVl1mp7YQpafXKSMs/2CvxPcTrBjw9vgZBOdaJD1+j2/gLkSA=
+=8C44
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:03/hyperv.patch

@@ -0,0 +1,277 @@
+--- sys/cam/ata/ata_xpt.c.orig
++++ sys/cam/ata/ata_xpt.c
+@@ -40,6 +40,7 @@
+ #include <sys/interrupt.h>
+ #include <sys/sbuf.h>
+ 
++#include <sys/eventhandler.h>
+ #include <sys/lock.h>
+ #include <sys/mutex.h>
+ #include <sys/sysctl.h>
+@@ -824,6 +825,7 @@
+ 	{
+ 		struct ccb_pathinq cpi;
+ 		int16_t *ptr;
++		int veto = 0;
+ 
+ 		ident_buf = &softc->ident_data;
+ 		for (ptr = (int16_t *)ident_buf;
+@@ -830,6 +832,17 @@
+ 		     ptr < (int16_t *)ident_buf + sizeof(struct ata_params)/2; ptr++) {
+ 			*ptr = le16toh(*ptr);
+ 		}
++
++		/*
++		 * Allow others to veto this ATA disk attachment.  This
++		 * is mainly used by VMs, whose disk controllers may
++		 * share the disks with the simulated ATA controllers.
++		 */
++		EVENTHANDLER_INVOKE(ada_probe_veto, path, ident_buf, &veto);
++		if (veto) {
++			goto device_fail;
++		}
++
+ 		if (strncmp(ident_buf->model, "FX", 2) &&
+ 		    strncmp(ident_buf->model, "NEC", 3) &&
+ 		    strncmp(ident_buf->model, "Pioneer", 7) &&
+--- sys/conf/files.amd64.orig
++++ sys/conf/files.amd64
+@@ -268,7 +268,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c				optional	hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c			optional	hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c		optional	hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/utilities/hv_heartbeat.c			optional	hyperv
+ dev/hyperv/utilities/hv_kvp.c				optional	hyperv
+--- sys/conf/files.i386.orig
++++ sys/conf/files.i386
+@@ -239,7 +239,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c				optional	hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c			optional	hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c		optional	hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/utilities/hv_heartbeat.c			optional	hyperv
+ dev/hyperv/utilities/hv_kvp.c				optional	hyperv
+--- sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
+@@ -58,6 +58,7 @@
+ #include <sys/lock.h>
+ #include <sys/sema.h>
+ #include <sys/sglist.h>
++#include <sys/eventhandler.h>
+ #include <machine/bus.h>
+ #include <sys/bus_dma.h>
+ 
+@@ -139,6 +140,15 @@
+ 	struct hv_storvsc_request	hs_reset_req;
+ };
+ 
++static eventhandler_tag storvsc_handler_tag;
++/*
++ * The size of the vmscsi_request has changed in win8. The
++ * additional size is for the newly added elements in the
++ * structure. These elements are valid only when we are talking
++ * to a win8 host.
++ * Track the correct size we need to apply.
++ */
++static int vmscsi_size_delta = sizeof(struct vmscsi_win8_extension);
+ 
+ /**
+  * HyperV storvsc timeout testing cases:
+@@ -954,21 +964,15 @@
+ static int
+ storvsc_probe(device_t dev)
+ {
+-	int ata_disk_enable = 0;
+ 	int ret	= ENXIO;
+ 	
+ 	switch (storvsc_get_storage_type(dev)) {
+ 	case DRIVER_BLKVSC:
+ 		if(bootverbose)
+-			device_printf(dev, "DRIVER_BLKVSC-Emulated ATA/IDE probe\n");
+-		if (!getenv_int("hw.ata.disk_enable", &ata_disk_enable)) {
+-			if(bootverbose)
+-				device_printf(dev,
+-					"Enlightened ATA/IDE detected\n");
+-			device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
+-			ret = BUS_PROBE_DEFAULT;
+-		} else if(bootverbose)
+-			device_printf(dev, "Emulated ATA/IDE set (hw.ata.disk_enable set)\n");
++			device_printf(dev,
++			    "Enlightened ATA/IDE detected\n");
++		device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
++		ret = BUS_PROBE_DEFAULT;
+ 		break;
+ 	case DRIVER_STORVSC:
+ 		if(bootverbose)
+@@ -2018,27 +2022,45 @@
+ 	ccb->ccb_h.status &= ~CAM_STATUS_MASK;
+ 	if (vm_srb->scsi_status == SCSI_STATUS_OK) {
+ 		const struct scsi_generic *cmd;
+-
++		cmd = (const struct scsi_generic *)
++		    ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
++		     csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
+ 		if (vm_srb->srb_status != SRB_STATUS_SUCCESS) {
+-			if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
+-				xpt_print(ccb->ccb_h.path, "invalid LUN %d\n",
+-				    vm_srb->lun);
+-			} else {
+-				xpt_print(ccb->ccb_h.path, "Unknown SRB flag: %d\n",
+-				    vm_srb->srb_status);
+-			}
+ 			/*
+ 			 * If there are errors, for example, invalid LUN,
+ 			 * host will inform VM through SRB status.
+ 			 */
+-			ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
++			if (bootverbose) {
++				if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
++					xpt_print(ccb->ccb_h.path,
++					    "invalid LUN %d for op: %s\n",
++					    vm_srb->lun,
++					    scsi_op_desc(cmd->opcode, NULL));
++				} else {
++					xpt_print(ccb->ccb_h.path,
++					    "Unknown SRB flag: %d for op: %s\n",
++					    vm_srb->srb_status,
++					    scsi_op_desc(cmd->opcode, NULL));
++				}
++			}
++
++			/*
++			 * XXX For a selection timeout, all of the LUNs
++			 * on the target will be gone.  It works for SCSI
++			 * disks, but does not work for IDE disks.
++			 *
++			 * For CAM_DEV_NOT_THERE, CAM will only get
++			 * rid of the device(s) specified by the path.
++			 */
++			if (storvsc_get_storage_type(sc->hs_dev->device) ==
++			    DRIVER_STORVSC)
++				ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
++			else
++				ccb->ccb_h.status |= CAM_DEV_NOT_THERE;
+ 		} else {
+ 			ccb->ccb_h.status |= CAM_REQ_CMP;
+ 		}
+ 
+-		cmd = (const struct scsi_generic *)
+-		    ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
+-		     csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
+ 		if (cmd->opcode == INQUIRY) {
+ 			struct scsi_inquiry_data *inq_data =
+ 			    (struct scsi_inquiry_data *)csio->data_ptr;
+@@ -2059,7 +2081,7 @@
+ 				    resp_buf[3], resp_buf[4]);
+ 			}
+ 			if (vm_srb->srb_status == SRB_STATUS_SUCCESS &&
+-			    data_len > SHORT_INQUIRY_LENGTH) {
++			    data_len >= SHORT_INQUIRY_LENGTH) {
+ 				char vendor[16];
+ 
+ 				cam_strvis(vendor, inq_data->vendor,
+@@ -2152,3 +2174,57 @@
+ 	return (DRIVER_UNKNOWN);
+ }
+ 
++#define	PCI_VENDOR_INTEL	0x8086
++#define	PCI_PRODUCT_PIIX4	0x7111
++
++static void
++storvsc_ada_probe_veto(void *arg __unused, struct cam_path *path,
++    struct ata_params *ident_buf __unused, int *veto)
++{
++
++	/*
++	 * The ATA disks are shared with the controllers managed
++	 * by this driver, so veto the ATA disks' attachment; the
++	 * ATA disks will be attached as SCSI disks once this driver
++	 * attached.
++	 */
++	if (path->device->protocol == PROTO_ATA) {
++		struct ccb_pathinq cpi;
++
++		bzero(&cpi, sizeof(cpi));
++		xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
++		cpi.ccb_h.func_code = XPT_PATH_INQ;
++		xpt_action((union ccb *)&cpi);
++		if (cpi.ccb_h.status == CAM_REQ_CMP &&
++		    cpi.hba_vendor == PCI_VENDOR_INTEL &&
++		    cpi.hba_device == PCI_PRODUCT_PIIX4) {
++			(*veto)++;
++			if (bootverbose) {
++				xpt_print(path,
++				    "Disable ATA disks on "
++				    "simulated ATA controller (0x%04x%04x)\n",
++				    cpi.hba_device, cpi.hba_vendor);
++			}
++		}
++	}
++}
++
++static void
++storvsc_sysinit(void *arg __unused)
++{
++	if (vm_guest == VM_GUEST_HV) {
++		storvsc_handler_tag = EVENTHANDLER_REGISTER(ada_probe_veto,
++		    storvsc_ada_probe_veto, NULL, EVENTHANDLER_PRI_ANY);
++	}
++}
++SYSINIT(storvsc_sys_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, storvsc_sysinit,
++    NULL);
++
++static void
++storvsc_sysuninit(void *arg __unused)
++{
++	if (storvsc_handler_tag != NULL)
++		EVENTHANDLER_DEREGISTER(ada_probe_veto, storvsc_handler_tag);
++}
++SYSUNINIT(storvsc_sys_uninit, SI_SUB_DRIVERS, SI_ORDER_SECOND,
++    storvsc_sysuninit, NULL);
+--- sys/modules/hyperv/Makefile.orig
++++ sys/modules/hyperv/Makefile
+@@ -1,5 +1,5 @@
+ # $FreeBSD$
+ 
+-SUBDIR = vmbus netvsc stordisengage storvsc utilities
++SUBDIR = vmbus netvsc storvsc utilities
+ 
+ .include <bsd.subdir.mk>
+--- sys/sys/eventhandler.h.orig
++++ sys/sys/eventhandler.h
+@@ -270,4 +270,11 @@
+ EVENTHANDLER_DECLARE(register_framebuffer, register_framebuffer_fn);
+ EVENTHANDLER_DECLARE(unregister_framebuffer, unregister_framebuffer_fn);
+ 
++/* Veto ada attachment */
++struct cam_path;
++struct ata_params;
++typedef void (*ada_probe_veto_fn)(void *, struct cam_path *,
++    struct ata_params *, int *);
++EVENTHANDLER_DECLARE(ada_probe_veto, ada_probe_veto_fn);
++
+ #endif /* _SYS_EVENTHANDLER_H_ */
+--- sys/x86/x86/io_apic.c.orig
++++ sys/x86/x86/io_apic.c
+@@ -412,6 +412,18 @@
+ 	u_int old_id;
+ 
+ 	/*
++	 * On Hyper-V:
++	 * - Stick to the first cpu for all I/O APIC pins.
++	 * - And don't allow destination cpu changes.
++	 */
++	if (vm_guest == VM_GUEST_HV) {
++		if (intpin->io_vector)
++			return (EINVAL);
++		else
++			apic_id = 0;
++	}
++
++	/*
+ 	 * keep 1st core as the destination for NMI
+ 	 */
+ 	if (intpin->io_irq == IRQ_NMI)

share/security/patches/EN-17:03/hyperv.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujP0ACgkQ7Wfs1l3P
+aueetw/5AQuf9NbvaF6EyBq/4yY7ltLbFLBCSNQDij4sK0wLEPwZaUj3OVWaAVe5
+kZfGbdWl9E/iXbrQQO8gr6qSK7tvzBoDoZidTbS+PaaSJMq96GOtjgcUX3JAMlNL
+iygmYFq48kgFVvaja6NUPNxw5qV7n/HumnjqjC4JAxoeJ8SBCvzn1dmI5G/i2MMF
+gheVPUo/c5Gv5waaL2YDNRjQs80bPlssI1q/Zk9fORdLY4KzhG4nVv7ZwNoQS+w4
+y5bi1tgLPorpXycQbRCrV/E1Ll521NsX0D7MA0zwoII9KoDXJi+1BkS7YPA+IJh/
+q5Y7S6/zB0fUhyrjt1+JHP8k+oXvA7m2dvhzAJGYEo0NokKY/mCTLUnGvnRMrzMF
+nRYFxbImqPW5FtieQZ6+ChaZoSkaAJ+VCweEQMx1KzREs4JUwRquxKFxkHwWEybD
+mJ8R/bI8j3w3D52OqKCUGV9Mj7ZkoAicggtP5vPvTBg7kCb7hnUybHRk/zxxfwXp
+6NPvMP4TEz2/4CncWZh0rUFI7HzfQSSEq3HTz6NxE6k5I8rt9h63R/AhJiqGegEy
+SaN+lMMGiZ7QtQ4yVMPwvCSr6URabASJVXI9PUuFMO19Gz+pPrq9Y+zFU/WHmJL8
+XL86LeCtdGRzRR/5t/EZ3/3cZQtevKjjy3PgsmA7Vizfp1dSnLE=
+=8o7n
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:04/mandoc.patch

@@ -0,0 +1,119 @@
+--- contrib/mdocml/mandocdb.c.orig
++++ contrib/mdocml/mandocdb.c
+@@ -103,6 +103,7 @@
+ 	char		*arch;    /* architecture from file content */
+ 	char		*title;   /* title from file content */
+ 	char		*desc;    /* description from file content */
++	struct mpage	*next;    /* singly linked list */
+ 	struct mlink	*mlinks;  /* singly linked list */
+ 	int		 form;    /* format from file content */
+ 	int		 name_head_done;
+@@ -146,6 +147,7 @@
+ static	int	 dbopen(int);
+ static	void	 dbprune(void);
+ static	void	 filescan(const char *);
++static	int	 fts_compare(const FTSENT *const *, const FTSENT *const *);
+ static	void	 mlink_add(struct mlink *, const struct stat *);
+ static	void	 mlink_check(struct mpage *, struct mlink *);
+ static	void	 mlink_free(struct mlink *);
+@@ -204,6 +206,7 @@
+ static	sqlite3		*db = NULL; /* current database */
+ static	sqlite3_stmt	*stmts[STMT__MAX]; /* current statements */
+ static	uint64_t	 name_mask;
++static	struct mpage	*mpage_head;
+ 
+ static	const struct mdoc_handler mdocs[MDOC_MAX] = {
+ 	{ NULL, 0 },  /* Ap */
+@@ -571,6 +574,20 @@
+ 	return (int)MANDOCLEVEL_BADARG;
+ }
+ 
++static int
++fts_compare(const FTSENT *const *a, const FTSENT *const *b)
++{
++
++	/*
++	 * The mpage list is processed in the opposite order to which pages are
++	 * added, so traverse the hierarchy in reverse alpha order, resulting
++	 * in database inserts in alpha order. This is not required for correct
++	 * operation, but is helpful when inspecting the database during
++	 * development.
++	 */
++	return -strcmp((*a)->fts_name, (*b)->fts_name);
++}
++
+ /*
+  * Scan a directory tree rooted at "basedir" for manpages.
+  * We use fts(), scanning directory parts along the way for clues to our
+@@ -600,8 +617,8 @@
+ 	argv[0] = ".";
+ 	argv[1] = (char *)NULL;
+ 
+-	f = fts_open((char * const *)argv,
+-	    FTS_PHYSICAL | FTS_NOCHDIR, NULL);
++	f = fts_open((char * const *)argv, FTS_PHYSICAL | FTS_NOCHDIR,
++	    fts_compare);
+ 	if (f == NULL) {
+ 		exitcode = (int)MANDOCLEVEL_SYSERR;
+ 		say("", "&fts_open");
+@@ -966,6 +983,8 @@
+ 		mpage = mandoc_calloc(1, sizeof(struct mpage));
+ 		mpage->inodev.st_ino = inodev.st_ino;
+ 		mpage->inodev.st_dev = inodev.st_dev;
++		mpage->next = mpage_head;
++		mpage_head = mpage;
+ 		ohash_insert(&mpages, slot, mpage);
+ 	} else
+ 		mlink->next = mpage->mlinks;
+@@ -989,20 +1008,18 @@
+ {
+ 	struct mpage	*mpage;
+ 	struct mlink	*mlink;
+-	unsigned int	 slot;
+ 
+-	mpage = ohash_first(&mpages, &slot);
+-	while (NULL != mpage) {
++	while (NULL != (mpage = mpage_head)) {
+ 		while (NULL != (mlink = mpage->mlinks)) {
+ 			mpage->mlinks = mlink->next;
+ 			mlink_free(mlink);
+ 		}
++		mpage_head = mpage->next;
+ 		free(mpage->sec);
+ 		free(mpage->arch);
+ 		free(mpage->title);
+ 		free(mpage->desc);
+ 		free(mpage);
+-		mpage = ohash_next(&mpages, &slot);
+ 	}
+ }
+ 
+@@ -1123,18 +1140,14 @@
+ 	char			*sodest;
+ 	char			*cp;
+ 	int			 fd;
+-	unsigned int		 pslot;
+ 
+ 	if ( ! nodb)
+ 		SQL_EXEC("BEGIN TRANSACTION");
+ 
+-	mpage = ohash_first(&mpages, &pslot);
+-	while (mpage != NULL) {
++	for (mpage = mpage_head; mpage != NULL; mpage = mpage->next) {
+ 		mlinks_undupe(mpage);
+-		if ((mlink = mpage->mlinks) == NULL) {
+-			mpage = ohash_next(&mpages, &pslot);
++		if ((mlink = mpage->mlinks) == NULL)
+ 			continue;
+-		}
+ 
+ 		name_mask = NAME_MASK;
+ 		mandoc_ohash_init(&names, 4, offsetof(struct str, key));
+@@ -1256,7 +1269,6 @@
+ nextpage:
+ 		ohash_delete(&strings);
+ 		ohash_delete(&names);
+-		mpage = ohash_next(&mpages, &pslot);
+ 	}
+ 
+ 	if (0 == nodb)

share/security/patches/EN-17:04/mandoc.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQEACgkQ7Wfs1l3P
+aucgbA/6AsqHHLk+Cfjad7pRQ/gLP2AGbGvGKjHztRrmHPqlILF2ev5kMI0/Ulbx
+hz6hDgYZOwXTW38av2E/jlt1zhwFQ9gLjMLcNedeFY4xsujH/6L6PYJrJALqIXjI
+dCNFYfH3avXzviG70wXhcIcDmOgOtXhQ5huKkwtUDK+I4maup0d6YNq2uXEaLt/x
+M4HVRHkre8pjqRpOVLruhwdqv1/Wlr22MXGZ5XT9jP4Cc6/XK/giwfYDZIB3g4eD
+Yu9ZcuZPwXiMaY+ofKg/zocHtN7vHDZsKFghzh/gMo5prhBn1umYHQWx5trqLmo2
+dyCFkT/K/+brbG4sayUhzXGw3b2Mb/XzVM1Sez/n656vKcIfy0osuGG8PveTwbED
+bY4f6p01hGYb5pNIgVh3yehlW39iUnob1X1EcGjo2p4Saxi8LwjBQ0QmiJGj2SRX
+48TF2EmlJYFLkm52O1PE/z6KKP6Nw0kLk1Q/IcSFFjnv9zidfAhJKHuz8QTfVbI6
+z7TKsrcEXFso/L/Qg62xmSw0mg4gpdmegSfmLsgbNmcnGZOlUkGnqiI6gS8i95RL
+kh15sahWblxUmuXH88y1CP3YEBKo+4G5R99DfMC55jy8uDsX99veHrehp7y3nxA9
+ER1GW6d9kLnaoxY+L7ubLkmU+rozuyYkSBaqtNAx/3yt8NBnh3w=
+=TyPt
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:02/openssl-10.patch

@@ -0,0 +1,11 @@
+--- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c.orig
++++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+@@ -267,6 +267,8 @@
+             len = p[arg - 2] << 8 | p[arg - 1];
+ 
+             if (!ctx->encrypt) {
++                if (len < MD5_DIGEST_LENGTH)
++                    return -1;
+                 len -= MD5_DIGEST_LENGTH;
+                 p[arg - 2] = len >> 8;
+                 p[arg - 1] = len;

share/security/patches/SA-17:02/openssl-10.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQgACgkQ7Wfs1l3P
+auegMQ/6AwM1SkI936FCoj48Z9gVGTP68fbWYSiXpYb5JoDh/E9y/BlSAWSmxi2/
+70EmzRXahvgEQbgEu2WBpOq7AS20jQvF6TeRqjtKQQ7/RZwyxCG7cHy5VQoxlx0M
+6M8Ggpz22GmQN81p1wT6sCEt4PrFw07/x+aveP9XY85VoFQZ13x6CX/yLJhmqlHD
+FCaGwTDLYHKI/dVnflO/dyOcTfdKs/nJt3uomS0ThgB21nrrK6dEA19aMUxXq0/A
++sdiBGu6rhpJnL2iO8f1u1qVAQFbiBRyYmuk+bmo2HXbnyxyW4DItHjj+RsVfXGT
+jN9r9UBFlQt0q44OkHBQQ1QTP4qwZhWKWtMpHrRmZNv8NDvR5Q57Pu74XHJ3azcR
+JQ8lSnbBkDRMmbQHTEn8i5WGMcmnIBCDfZDOJdoMy6hppvd9t1nfVDJRzJobznvb
+HGXbbDIFekp0MbiunGz2iMKpCbvJLglDIzD6pSCEHdbIotvZqoHvyO8pw4yuBJFh
+wo2lu/Gxr4RcITWTo6Mo0C5JcF42QGOaX6ELMb5tXwfRXh9IFPiJlSmziN+lmqUx
+h/t1OUahR9GefDiZFI1aNcmv/M0Vg0nnA3FnS3c/Y2dSQ3NAjaLmWCnXJHiH/F5J
+63kJEn1q2jiGT75LMnPVumezIiYtKLJUIh8M/90ihKB8+8weTKk=
+=wnyq
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:02/openssl-11.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQkACgkQ7Wfs1l3P
+auewhQ//VFWQScIUtXC6zAR9P70ua1ez1imvhi5iB2W0NJOz/47UaM9FpA0yBRbP
+99CHNo7PrtFP7plSVqDB+InzSHrmgne5VbquOdqJBoq3qkBFuR5VY5sHXGfq1fzG
+vRAWGaDfzN4JcRqIS/ocvcRno9+IV+zF9D16roIVj4o4/s16iGfBb2Kz8nCHukjB
+ACIQ3EMkd98KHBO70dMilaO+yyKdqu5UId6Lb6BorN79jyiNerhhCHniaO0Pur5u
+6oVyRy3Ext9NxXsSqodSOOd3d6SBO9SOX/z7SLT+oi4UM7Ci3wfGpb7R1e1hZJaV
+5+eq68DFqeJeRIyKvAS2T7mYqRQq/rKRL28LfkNpVNtYypsz7ZSWE92h6/HTLzpy
+8iI0bf1QNN9LiyZkiSSoxtkiVTp6JyK4L5O9kJs4BnTJ2FzGOtHYECuALGKD2y0n
+RvJlq1k4/X75zW14+Tbt0ptTLBlpRZKvbP4SttYqjVEgxVDCirbpyuheWu+n43ah
+xuSix6LbRBvMqr9bjQthfabzlPZzFQIpHmi0pgCasI+BRa6XKAR/UyYlIgy2rRFW
+fuN1WM3E5yvVtRfpIG4gPjZjoi1fwP18zia1i7zl9bQdpaUM/8WSjTSxTK0Dih2A
+3NSetWoFBbZDtCc2Dv2yIP6BclUulWNnmZdOnuiEVOGNEHvHoUs=
+=c9X0
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -7,6 +7,18 @@
   <year>
     <name>2017</name>
 
+    <month>
+      <name>2</name>
+
+      <day>
+        <name>23</name>
+
+        <advisory>
+          <name>FreeBSD-SA-17:02.openssl</name>
+        </advisory>
+      </day>
+    </month>
+
     <month>
       <name>1</name>
 

share/xml/notices.xml

@@ -5,6 +5,32 @@
     </cvs:keyword>
 
   <year>
+    <name>2017</name>
+
+    <month>
+      <name>2</name>
+
+      <day>
+        <name>23</name>
+
+        <notice>
+          <name>FreeBSD-EN-17:04.mandoc</name>
+        </notice>
+
+        <notice>
+          <name>FreeBSD-EN-17:03.hyperv</name>
+        </notice>
+
+        <notice>
+          <name>FreeBSD-EN-17:02.yp</name>
+        </notice>
+
+        <notice>
+          <name>FreeBSD-EN-17:01.pcie</name>
+        </notice>
+      </day>
+    </month>
+
     <name>2016</name>
 
     <month>