Add latest errata notices:

Fix a problem where dhclient(8) utility tries to initilaize an
  fxp(4) forever because the driver resets the controller chip
  twice upon initialization. [EN-13:01]

  Fix a problem where frames sent to additional MAC addresses are
  not forwarded to the vtnet(4) interface. [EN-13:02]

share/security/advisories/FreeBSD-EN-13:01.fxp.asc

@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-13:01.fxp                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		dhclient(8) utility issue on fxp(4) network interface
+
+Category:	core
+Modules:	sys_dev
+Announced:	2013-06-28
+Credits:	Michael L. Squires and YongHyeon PYUN
+Affects:	FreeBSD 8.4
+Corrected:	2013-06-10 07:31:50 UTC (head, 10.0-CURRENT)
+		2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE)
+		2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE)
+		2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP)
+client, which is used for configuring network interfaces.
+
+The fxp(4) network interface driver supports Intel EtherExpress
+PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559,
+i82550, i82551, and i82562 chips.
+
+II.  Problem Description
+
+When the dhclient(8) utility is used on an fxp(4) network interface,
+configuration of the interface could fail with the following warning
+messages displayed:
+
+ fxp0: link state changed to UP
+ fxp0: link state changed to DOWN
+
+The cause is that the fxp(4) network interface driver resets the controller
+chip twice upon initialization, and the dhclient(8) utility falsely
+recognizes the second reset as a link down and attempts reinitialize
+the interface.  As a result, the dhclient(8) utility keeps trying to
+initialize the interface forever.
+
+III. Impact
+
+A machine which has an fxp(4) network interface does not work with
+the dhclient(8) utility.
+
+IV.  Workaround
+
+There is no workaround.  Note that this issue occurs only when the
+dhclient(8) utility is used with an fxp(4) interface.  A static
+configuration by using the ifconfig(8) utility works.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
+   security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch
+# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+head                                                              r251600
+stable/9/                                                         r251829
+stable/8/                                                         r251830
+releng/8.4/                                                       r252334
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb
+Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey
+=mArf
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-13:02.vtnet.asc

@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-13:02.vtnet                                          Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		vtnet(4) network interface issue on QEMU 1.4.0 and later
+
+Category:	core
+Modules:	sys_dev
+Announced:	2013-06-28
+Credits:	Julian Stecklina and Bryan Venteicher
+Affects:	FreeBSD 8.4
+Corrected:	2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
+		2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
+		2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
+		2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+VirtIO is a specification for para-virtualized I/O in a virtual
+machine.  The vtnet(4) network interface driver supports VirtIO
+emulated Ethernet device.
+
+QEMU is a generic and open source machine emulator and virtualizer.
+It is included as a third-party package in FreeBSD Ports Collection
+(emulators/qemu).
+
+II.  Problem Description
+
+The vtnet(4) network interface driver displays the following message
+upon configuration when using QEMU 1.4.0 or later:
+
+ vtnet0: error setting host MAC filter table
+
+The interface works normally when the interface has one MAC address.
+However, if it has two or more MAC addresses configured, frames to
+those additional MAC addresses are not forwarded to the vtnet(4)
+interface.  Thus, only the first MAC address works.
+
+III. Impact
+
+A vtnet(4) network interface with two or more MAC addresses configured
+on it cannot receive frames to the addresses except for the first one
+when the FreeBSD kernel is running on QEMU 1.4.0 or later.  For the
+first MAC address, the vtnet(4) interface works without problem even
+though the error message is displayed.
+
+The vtnet(4) driver is included in GENERIC kernel in FreeBSD
+8.4-RELEASE.
+
+IV.  Workaround
+
+The additional MAC addresses can work by setting the vtnet(4) network
+interface in promiscuous mode.  The following command sets vtnet0 in
+promiscuous mode:
+
+ # ifconfig vtnet0 promisc
+
+Note that this may lead to performance degradation.
+
+Or, the fixed version of the vtnet(4) driver can be installed as
+kernel module by using the Ports Collection (emulators/virtio-kmod).
+To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
+removing all of the virtio(4) drivers before installing
+emulators/virtio-kmod.  The following lines in kernel configuration
+file disable the drivers:
+
+ nodevice          virtio
+ nodevice          virtio_pci
+ nodevice          vtnet
+ nodevice          virtio_blk
+ nodevice          virtio_scsi
+ nodevice          virtio_balloon
+
+After recompilation and installing the new kernel and
+emulators/virtio-kmod, add the following lines to /boot/loader.conf.
+This enables the drivers by loading kernel modules which are installed
+by emulators/virtio-kmod at boot time.
+
+ virtio_load="YES"
+ virtio_pci_load="YES"
+ virtio_blk_load="YES"
+ if_vtnet_load="YES"
+ virtio_balloon_load="YES"
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
+   security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
+# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+head                                                              r251769
+stable/9/                                                         r252193
+stable/8/                                                         r252194
+releng/8.4/                                                       r252334
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
+O3kAn0R36RIBdh45I+g/BPzjTimKMPza
+=8wlc
+-----END PGP SIGNATURE-----

share/security/patches/EN-13:01/fxp_init.patch

@@ -0,0 +1,90 @@
+Index: sys/dev/fxp/if_fxp.c
+===================================================================
+--- sys/dev/fxp/if_fxp.c	(revision 251829)
++++ sys/dev/fxp/if_fxp.c	(revision 251830)
+@@ -1074,7 +1074,8 @@ fxp_suspend(device_t dev)
+ 			pmstat |= PCIM_PSTAT_PME | PCIM_PSTAT_PMEENABLE;
+ 			sc->flags |= FXP_FLAG_WOL;
+ 			/* Reconfigure hardware to accept magic frames. */
+-			fxp_init_body(sc, 1);
++			ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
++			fxp_init_body(sc, 0);
+ 		}
+ 		pci_write_config(sc->dev, pmc + PCIR_POWER_STATUS, pmstat, 2);
+ 	}
+@@ -2140,8 +2141,10 @@ fxp_tick(void *xsc)
+ 	 */
+ 	if (sc->rx_idle_secs > FXP_MAX_RX_IDLE) {
+ 		sc->rx_idle_secs = 0;
+-		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++			ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 			fxp_init_body(sc, 1);
++		}
+ 		return;
+ 	}
+ 	/*
+@@ -2239,6 +2242,7 @@ fxp_watchdog(struct fxp_softc *sc)
+ 	device_printf(sc->dev, "device timeout\n");
+ 	sc->ifp->if_oerrors++;
+ 
++	sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 	fxp_init_body(sc, 1);
+ }
+ 
+@@ -2273,6 +2277,10 @@ fxp_init_body(struct fxp_softc *sc, int setmedia)
+ 	int i, prm;
+ 
+ 	FXP_LOCK_ASSERT(sc, MA_OWNED);
++
++	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++		return;
++
+ 	/*
+ 	 * Cancel any pending I/O
+ 	 */
+@@ -2812,6 +2820,7 @@ fxp_miibus_statchg(device_t dev)
+ 	 */
+ 	if (sc->revision == FXP_REV_82557)
+ 		return;
++	ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 	fxp_init_body(sc, 0);
+ }
+ 
+@@ -2835,9 +2844,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ 		if (ifp->if_flags & IFF_UP) {
+ 			if (((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) &&
+ 			    ((ifp->if_flags ^ sc->if_flags) &
+-			    (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0)
++			    (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0) {
++				ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 				fxp_init_body(sc, 0);
+-			else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
++			} else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
+ 				fxp_init_body(sc, 1);
+ 		} else {
+ 			if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
+@@ -2850,8 +2860,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ 	case SIOCADDMULTI:
+ 	case SIOCDELMULTI:
+ 		FXP_LOCK(sc);
+-		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++			ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 			fxp_init_body(sc, 0);
++		}
+ 		FXP_UNLOCK(sc);
+ 		break;
+ 
+@@ -2941,8 +2953,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ 				    ~(IFCAP_VLAN_HWTSO | IFCAP_VLAN_HWCSUM);
+ 			reinit++;
+ 		}
+-		if (reinit > 0 && ifp->if_flags & IFF_UP)
++		if (reinit > 0 && (ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++			ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ 			fxp_init_body(sc, 0);
++		}
+ 		FXP_UNLOCK(sc);
+ 		VLAN_CAPABILITIES(ifp);
+ 		break;

share/security/patches/EN-13:01/fxp_init.patch.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlHNIK0ACgkQFdaIBMps37LWlACgjE24YlxIPHVad66ryPEoKN9/
+t+gAn1B2wYnsKkU7BCgs4gDtOLSNSyFz
+=S5aD
+-----END PGP SIGNATURE-----

share/security/patches/EN-13:02/vtnet.patch

@@ -0,0 +1,16 @@
+Index: sys/dev/virtio/network/if_vtnet.c
+===================================================================
+--- sys/dev/virtio/network/if_vtnet.c	(revision 252193)
++++ sys/dev/virtio/network/if_vtnet.c	(revision 252194)
+@@ -2470,9 +2470,9 @@ vtnet_rx_filter_mac(struct vtnet_softc *sc)
+ 	sglist_init(&sg, 4, segs);
+ 	error |= sglist_append(&sg, &hdr, sizeof(struct virtio_net_ctrl_hdr));
+ 	error |= sglist_append(&sg, &filter->vmf_unicast,
+-	    sizeof(struct vtnet_mac_table));
++	    sizeof(uint32_t) + filter->vmf_unicast.nentries * ETHER_ADDR_LEN);
+ 	error |= sglist_append(&sg, &filter->vmf_multicast,
+-	    sizeof(struct vtnet_mac_table));
++	    sizeof(uint32_t) + filter->vmf_multicast.nentries * ETHER_ADDR_LEN);
+ 	error |= sglist_append(&sg, &ack, sizeof(uint8_t));
+ 	KASSERT(error == 0 && sg.sg_nseg == 4,
+ 	    ("error adding MAC filtering message to sglist"));

share/security/patches/EN-13:02/vtnet.patch.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlHNIKQACgkQFdaIBMps37LavgCglodGaYxXqVR5F6vBDK1IUkk2
+nQAAn3QKtIuK+/t7ggokGWRE8e/nLhaE
+=pp9d
+-----END PGP SIGNATURE-----

share/xml/notices.xml

@@ -4,6 +4,27 @@
       $FreeBSD$
     </cvs:keyword>
 
+  <year>
+    <name>2013</name>
+
+    <month>
+      <name>6</name>
+
+      <day>
+	<name>28</name>
+
+	<notice>
+	  <name>FreeBSD-EN-13:01.fxp</name>
+	</notice>
+
+	<notice>
+	  <name>FreeBSD-EN-13:02.vtnet</name>
+	</notice>
+      </day>
+    </month>
+
+  </year>
+
   <year>
     <name>2012</name>