diff --git a/share/security/advisories/FreeBSD-EN-19:13.mds.asc b/share/security/advisories/FreeBSD-EN-19:13.mds.asc
new file mode 100644
index 0000000000..6749ddbc57
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-19:13.mds.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:13.mds Errata Notice
+ The FreeBSD Project
+
+Topic: Kernel panic from Intel CPU vulnerability mitigation
+
+Category: core
+Module: kernel
+Announced: 2019-07-24
+Credits: Schuendehuette, Matthias
+ All supported versions of FreeBSD.
+Corrected: 2019-07-14 05:40:03 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:50:46 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-14 05:41:43 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:50:46 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:50:46 UTC (releng/11.3, 11.3-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+In a previous update FreeBSD added mitigations for an Intel CPU
+vulnerability known as "microarchitectural data sampling."
+
+II. Problem Description
+
+Under certain configurations a pointer to the mitigation routine may be
+dereferenced before it is initialized.
+
+III. Impact
+
+Depending on system configuration, version, and architecture, the system
+may panic early in boot process, and thus be unusable.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2, FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/EN-19:13/mds.11.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:13/mds.11.patch.asc
+# gpg --verify mds.11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:13/mds.12.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:13/mds.12.patch.asc
+# gpg --verify mds.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349983
+releng/12.0/ r350280
+stable/11/ r349985
+releng/11.2/ r350280
+releng/11.3/ r350280
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:13.mds.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WkVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIkZA//ZbeSb2yAsux4w/nOLXQI1kfNWFT3LjVsiYS0VXCoixHr07nkDNMUv2Pn
+08eP+9hy5mtgtooOjxP/aYIzR11+HZKpS/MG1x8KGAA/0TWY4EObJUTQ53UHY5+i
+WStyHgKvqgeV2vuTqtjK5eAJfaTQV9huoapcQo0ngJMlbzICxN37UBZhOnSGb5HL
+vRAL1AnI37LBWeZJhp3nyNatUjYfaL/HBYVpmuO9g+lgXqcFRpgIZxTNSzpDsAUb
+7ARtHNUOelUoeMcMQXHbYtNOpM9c84fWxLftNsVfD3d9+GiHpklU2B++aBfzbTl3
+3lgRRk1p1p0JUNXCJy/cPb6/4SqnQRHehu1pwnJnuOM4PBpLB5HRD4WWGzM2A4Jq
+SB1rLKCwfeSWPDQ0/iOs6P+UPFjqV8WvbNmQQT+oZxZH7YSm2TY9EGd8V/3wxzYo
++FeVQ+KTW+qxXTKHnNS9KGD26Xseq8S7Ft4dzIjm6hZVwSwNPBQFnPptv4b42/sQ
+1sJxjKwKb7CrJJl4uf7vlIyNRHu7FrdyE9w1YlSB1yC2lX9Q/PQqVOxToGCIlhPk
+JvGlPa6O4ZIkhBUKDt6XJdYrRrzlM3bV5Z1lNvW02ii7KG0pDWpzGHuUdkKIF1p0
+qHugXJ4OG+lOr5n0KKfUE66gfJV0WVUDBPCeEuBun75YG++TP2w=
+=P8y6
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:12.telnet.asc b/share/security/advisories/FreeBSD-SA-19:12.telnet.asc
new file mode 100644
index 0000000000..158923aef2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:12.telnet.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:12.telnet Security Advisory
+ The FreeBSD Project
+
+Topic: telnet(1) client multiple vulnerabilities
+
+Category: contrib
+Module: contrib/telnet
+Announced: 2019-07-24
+Credits: Juniper Networks
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-19 15:37:29 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:51:52 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-19 15:27:53 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:51:52 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:51:52 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-0053
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The telnet(1) command is a TELNET protocol client, used primarily to
+establish terminal sessions across a network.
+
+II. Problem Description
+
+Insufficient validation of environment variables in the telnet client
+supplied in FreeBSD can lead to stack-based buffer overflows. A stack-
+based overflow is present in the handling of environment variables when
+connecting via the telnet client to remote telnet servers.
+
+This issue only affects the telnet client. Inbound telnet sessions to
+telnetd(8) are not affected by this issue.
+
+III. Impact
+
+These buffer overflows may be triggered when connecting to a malicious
+server, or by an active attacker in the network path between the client
+and server. Specially crafted TELNET command sequences may cause the
+execution of arbitrary code with the privileges of the user invoking
+telnet(1).
+
+IV. Workaround
+
+Do not use telnet(1) to connect to untrusted machines or over an
+untrusted network.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch.asc
+# gpg --verify telnet.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350139
+releng/12.0/ r350281
+stable/11/ r350140
+releng/11.2/ r350281
+releng/11.3/ r350281
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0053>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WltfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLOzA//YxRZNUr+d8B+t6DnBUbVvthJiY9sQ1YPXUIJmp4QA7wvXr5UjURw+6qv
+raxEp6JmF06wZK4RjeIFckQD6s2wnjO5VHO80Zbs0nD4NejQGeDAIlVdKqofOtJv
+bBQNSY3vPAtumyfElc+N19rKetAjGbsUjOMbn87GlWrit4lqcavBQsdmSlQB5gVA
+dFAFsVxr+ujjATnrCmIpFiaDk0unyJ7Gtz7jiM9I8xZueJtM49/9kNCFFLKCMUl8
+HpB2k0cb18GVNJoKtzo1nELOM/oIJVO5HZt1fmYG/RgeL1BSyzg4q/5jXJQopJ2h
+Qax7fmMP+RpGGrfp9Uom63tj79eQk2NirpUtfAaYkfGKzj6fNcq/7jxZfbobx0R8
+uTiF88mlv2/SGxpo11Z/QBqOSYTQtjDRYJvjCo77g7YW8HauECC3tiklpPfFOIO8
+m5qNOORKI74Do377GBF3gxDF2T8ILwj1j7nKHf3apotvQXJkkbpWBG7ADRTFcZWd
+PMKdYiDPHV33YmCAg9tOAqV4O7TvaB07ZLKiI6kuSBtPVrazB8Az/oRJwfF6JQ6g
+4ZdinyCrXWYrWslkW8402GKCERFFYJUvwLSUqHxYMRgZWPy9zf/mH56vh4bleYnP
+kz2X7OgtB3Juu0Uzwv927+KZuyzitniaPlLe9tsyBwXFbUM+BrY=
+=LWVf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:13.pts.asc b/share/security/advisories/FreeBSD-SA-19:13.pts.asc
new file mode 100644
index 0000000000..af224fdccf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:13.pts.asc
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:13.pts Security Advisory
+ The FreeBSD Project
+
+Topic: pts(4) write-after-free
+
+Category: core
+Module: kernel
+Announced: 2019-07-24
+Credits: syzkaller
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-07 14:19:46 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:53:06 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-07 14:20:14 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:53:06 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:53:06 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-5606
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The posix_openpt(2) system call allocates a pseudo-terminal device and
+returns a descriptor referencing that device. Such a descriptor may be
+configured such that a SIGIO signal will be sent to a designated process
+or process group when the device is ready to perform I/O.
+
+II. Problem Description
+
+The code which handles a close(2) of a descriptor created by
+posix_openpt(2) fails to undo the configuration which causes SIGIO to be
+raised. This bug can lead to a write-after-free of kernel memory.
+
+III. Impact
+
+The bug permits malicious code to trigger a write-after-free, which may
+be used to gain root privileges or escape a jail.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:13/pts.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:13/pts.patch.asc
+# gpg --verify pts.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349805
+releng/12.0/ r350282
+stable/11/ r349806
+releng/11.2/ r350282
+releng/11.3/ r350282
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5606>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04Wl9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLZDA//SGC+7Vghtofm/CzylIXhC1drFOxNYJOF7KEJqDwsRR3U9S99Q9NBWS5+
+e+/vJzvV0+epZNQXDlit5a76jGwy4fNuutNh0J3APHe/l0Zp/PhM56IwRWQgqAkQ
+hF67xhHxFZs8AH6/bw21N4IkRrAZHmrrCY8ubZArjoUi0gCoFzAYRw1Nh/JTQoLS
+IGuqUFaMZWKvu3aeJiikLjHiJUMRAY7sxh+iSBSp99dsLkASqQZtx1grmosljttN
+fuD7qO2f067EWUpC50JTbNt9V7za854hrlOp8jn1g51O4fWWJoEEL2/0VUeOO+fr
+aGS9UNal25NPr2zGzx2t0u1VNE3/YKoZ0tq+mQYtaXke32ZO15Ufby0YcLU4DF8d
+dU1ZoG2AGbWmBqgQ982hocq5Dn0r5yCHXDeEGguE1DsfyBuUEZw6zfYRtzIQ0swk
+wDrdETxpIMa8jaSGtDw2bilrLNRIVqYkXBJftC3fpXhlz6PyU6bZaFm00xrs7z1D
+EJMkuIWho9oMqLTU7bZNHv7JD4G3ziTF1h2tGXGcEKp02ImNZQnw3w5PBberFgto
+H4uJQCWgFqqddkjnSidX3Uj676LC99ERDEUlqi+xnXMmBScJnQuRtiUdbpOCkPD2
+gLJmcyy7qjKw87i8KaQF5hUcym2D9xygbUV+I4RT93jR2DCVBA0=
+=Cpu+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:14.freebsd32.asc b/share/security/advisories/FreeBSD-SA-19:14.freebsd32.asc
new file mode 100644
index 0000000000..f92dc52940
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:14.freebsd32.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:14.freebsd32 Security Advisory
+ The FreeBSD Project
+
+Topic: Kernel memory disclosure in freebsd32_ioctl
+
+Category: core
+Module: kernel
+Announced: 2019-07-24
+Credits: Ilja van Sprundel, IOActive
+Affects: FreeBSD 11.2 and FreeBSD 11.3
+Corrected: 2019-07-22 18:14:34 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:54:10 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:54:10 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-5605
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD kernel supports executing 32-bit applications on a 64-bit
+kernel, including the ioctl(2) interface.
+
+II. Problem Description
+
+Due to insufficient initialization of memory copied to userland in the
+components listed above small amounts of kernel memory may be disclosed
+to userland processes.
+
+III. Impact
+
+A user who can invoke 32-bit FreeBSD ioctls may be able to read the
+contents of small portions of kernel memory.
+
+Such memory might contain sensitive information, such as portions of the
+file cache or terminal buffers. This information might be directly
+useful, or it might be leveraged to obtain elevated privileges in some
+way; for example, a terminal buffer might include a user-entered
+password.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:14/freebsd32.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:14/freebsd32.patch.asc
+# gpg --verify freebsd32.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r350217
+releng/11.2/ r350283
+releng/11.3/ r350283
+- -------------------------------------------------------------------------
+
+Note: This issue was addressed in a different way prior to the branch point
+for stable/12. As such, no patch is needed for FreeBSD 12.x.
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5605>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmNfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIavw//emdRXVNpGREW1FfUvWmUPpdgk6rFck9nEG0KUKYCcfhqN83BN9XtqaWu
+lBQ1jbB/CsalwL6Gpn2yuMvgS8W4yUidyPHLpzuoAThlsy5bHID1/oRftJt0T0BS
+kHbTD0tTUt3QDV51FoLBjvXfjRRb8xJ+wIGJ0NzOscWgjgu6JPUysHEJD3+vSOKN
+X3qJd3zcoYqswcvuhoVE2cFrSaZKEyIi1pJVr9CGItQTWXIisgdXdGYTnBdZU8jq
+iJGaI1BXiNUl/p/21JA32T+ZD7cdMtx6KiuoKlY7Bzgj7Qk3XW7xsQsYu724LIJT
+pVhIxntMrQSak7wIaqNPGR/FgkkKDsoo6iCHXlGxXv6tLg7pnioZIaHhc5+UZqmT
+8I0UogWhQZS03/nwFRVDLPp+ka2P0g2gsm/dX1UVuucMT+hGeqn2c/iaSU76duoR
+qavRPjLPJDnfVrpXhpqco9rq1+UwA/1uSNe0cFX0ArX040hCReDsMphcxgrkZ0sD
+u71Px2ZLE5rpWmFd8LD0X2y1l4OEcTmoTPUtJxHlVrMFztuNbAlRnyCxTV8c2uId
+zN44wRj6c2ZEV/w+kBVTV+L7NSt1eHDZ5tgUL7boEOylEgkHTl30aZ8nV2wvpaM3
+1Y/IwBnGmI4iNLMnRoIDlac6rR3dMUS4gtH+lkfxlBri9Qc3Qso=
+=8LlB
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc b/share/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc
new file mode 100644
index 0000000000..62ead97ba5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc
@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:15.mqueuefs Security Advisory
+ The FreeBSD Project
+
+Topic: Reference count overflow in mqueue filesystem
+
+Category: core
+Module: kernel
+Announced: 2019-07-24
+Credits: Mateusz Guzik
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-23 21:12:32 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:55:16 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-23 21:15:28 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:55:16 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:55:16 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-5603
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+mqueuefs(5) implements POSIX message queue file system which can be used
+by processes as a communication mechanism.
+
+'struct file' represents open files, directories, sockets and other
+entities.
+
+II. Problem Description
+
+System calls operating on file descriptors obtain a reference to
+relevant struct file which due to a programming error was not always put
+back, which in turn could be used to overflow the counter of affected
+struct file.
+
+III. Impact
+
+A local user can use this flaw to obtain access to files, directories,
+sockets etc. opened by processes owned by other users. If obtained
+struct file represents a directory from outside of user's jail, it can
+be used to access files outside of the jail. If the user in question is
+a jailed root they can obtain root privileges on the host system.
+
+IV. Workaround
+
+No workaround is available. Note that the mqueuefs file system is not
+enabled by default.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:15/mqueuefs.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:15/mqueuefs.patch.asc
+# gpg --verify mqueuefs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350261
+releng/12.0/ r350284
+stable/11/ r350263
+releng/11.2/ r350284
+releng/11.3/ r350284
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5603>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIWpBAAg9BmPamkj7wLJODR8SvNk+qYqEbYeakiSGnvXllz2l+qI2dhMVsuQRGQ
+ko7VY0P2Wuh68UiiDG63Oq3hbOWPPkL1axk6n275rZSdoVj856tjrHjnUtP3UX5S
+WQUKRAREjhVjM9dAOwCYrmAmcpX4SkslklhfiR6AR62t4eptMlfJ6ACQATs6FPnX
+WRdyDe7yq0mL4UHWg+PvotQ+rxGiynwgVRMXwaglKOldGOuPOeuj7azM4nb6/qkN
+GjJlJOIRwfU1/sXVII3cCzndnCrz5A0sSttg4JK+uzneJNze+rOghGbyQ9F046z9
+H0M0Ae6M74UCyioyoTrQgvivWvATtNRkLBoRfvHQUNGSt6bS9g1F0N5J7NCgaIPx
+vos7P4vnRM1avEAAnAhmm9eYAkO5VLmTb1ry5vOY1o2viesN3P0URcj7o+JIipaA
+Kqlff154N2nJmCkT0BJ3m+80GWeAnwqli/LvAIruXxc2hqgWLh7wO+71mraPrV5Z
+2+IiuLPMF18FdpTBjhXyX5zCtW7t7uARgZLJMjM+hTXc7aAer7746XY5JyXfRsa9
+jLVWHlff2YoF7DySyDIC7+ONfPIHGgr45imdJgJ9Cxu31ZBmCjesNR4x1DCKgLvT
+KnpBvofWIkIb8sEikEnXMfrHqoP/RtVtK73GlmT7sbH9PDQPUYw=
+=ehKK
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:16.bhyve.asc b/share/security/advisories/FreeBSD-SA-19:16.bhyve.asc
new file mode 100644
index 0000000000..7384f74b35
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:16.bhyve.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:16.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Bhyve out-of-bounds read in XHCI device
+
+Category: core
+Module: bhyve
+Announced: 2019-07-24
+Credits: Reno Robert
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-23 17:48:37 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:56:06 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-23 17:48:37 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:56:06 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:56:06 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-5604
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of virtual
+machines (guests). bhyve includes an emulated XHCI device.
+
+II. Problem Description
+
+The pci_xhci_device_doorbell() function does not validate the 'epid' and
+'streamid' provided by the guest, leading to an out-of-bounds read.
+
+III. Impact
+
+A misbehaving bhyve guest could crash the system or access memory that
+it should not be able to.
+
+IV. Workaround
+
+No workaround is available, however systems not using bhyve(8) for
+virtualization are not vulnerable.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is required. Rather the bhyve(8) process for vulnerable virtual
+machines should be restarted.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart any bhyve virtual machines or reboot the system.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:16/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:16/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart any bhyve virtual machines, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350246
+releng/12.0/ r350285
+stable/11/ r350247
+releng/11.2/ r350285
+releng/11.3/ r350285
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5604>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:16.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI+Jw//TcrKrFaXkEJtqzspjoeK9YKwNwj30ewdb/Ph3GdcgVoQmfJVsWPcmcM9
++dewKdl7gGLhVhoJ+3f3oFzlDcqSxFLHcNwSW5J7P8Zt+7ZpQzwH8pfB6S8T1Nk6
+77Sv5hYrjy8kdSh6Z/c8BkAQrhEFYO09xej8ekQ1B+iL2N4ErexpCNTMKlP96pGS
+0/4tso5gdcwrc1t6HHGffFkjItgnE8Lvgr1ZsSHbcRGAc3nqy3n21U+VH+fecAzK
+0NBO3HQeCbRIEdAms3jMLcAJGrs60VBN0nnWqLxlGBb10hY7Si0NkgbWOP2g/Elf
+J+K4SHTFXbhIGrpsrEdvSVPvytQ8gKOSys5luvtLjt0Yhll08eEUDVzaIk//Hsak
+BcUSlKHULLkVTJZvdZAHUMHJOMPpSAh61DuFcM+pxAt5E9rmgX+HnPBs1yLbgd23
+NaQadFC126T+AW5W5GyOs2BIEo4bdTNHqONF7gmR4a5bv6/7GWZz/QNsep43jDZH
+43lur9mts+/1LUCD1s4DkMniNMaGt28GMNa44PgQVzHI7NU/gdVe25TLnAv+X9lO
+aAkV/WAyszux/Io2G2DfJNTc8Am/xRzFBvmydOnbMtzw8X/xgxB1/0ysl51O9Bdw
+OhfpMygAsxbG0e8y5VuhpuoHd8/vIoBmA0z+u1tt4zxJIXgqSgE=
+=/161
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-19:17.fd.asc b/share/security/advisories/FreeBSD-SA-19:17.fd.asc
new file mode 100644
index 0000000000..3612eecd8f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-19:17.fd.asc
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:17.fd Security Advisory
+ The FreeBSD Project
+
+Topic: File description reference count leak
+
+Category: core
+Module: unix
+Announced: 2019-07-24
+Credits: Mark Johnston
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-22 19:25:05 UTC (stable/12, 12.0-STABLE)
+ 2019-07-24 12:57:49 UTC (releng/12.0, 12.0-RELEASE-p8)
+ 2019-07-22 19:27:23 UTC (stable/11, 11.2-STABLE)
+ 2019-07-24 12:57:49 UTC (releng/11.2, 11.2-RELEASE-p12)
+ 2019-07-24 12:57:49 UTC (releng/11.3, 11.3-RELEASE-p1)
+CVE Name: CVE-2019-5607
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+UNIX-domain sockets are used for inter-process communication. It is
+possible to use UNIX-domain sockets to transfer rights, encoded as file
+descriptors, to another process. Rights are encapsulated in control
+messages, and multiple such messages may be transmitted with a single
+system call.
+
+II. Problem Description
+
+If a process attempts to transmit rights over a UNIX-domain socket and
+an error causes the attempt to fail, references acquired on the rights
+are not released and are leaked. This bug can be used to cause the
+reference counter to wrap around and free the corresponding file
+structure.
+
+III. Impact
+
+A local user can exploit the bug to gain root privileges or escape from
+a jail.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.2.patch.asc
+# gpg --verify fd.11.2.patch.asc
+
+[FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.patch.asc
+# gpg --verify fd.11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:17/fd.12.patch.asc
+# gpg --verify fd.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350222
+releng/12.0/ r350286
+stable/11/ r350223
+releng/11.2/ r350286
+releng/11.3/ r350286
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5607>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:17.fd.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WnBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIOTQ/+KQMGXwNiuMVNib5ErewD9QdT48NYaU/hYUub3VMAfQltvWmbiPw7zXj7
+yJGm9FxWrMvZ6hFnKskV60u9d7PMYkOv4nzcaFgPoadByXXlALQGd/ansrZFyTJr
+bDeBs7J3dM/VnH/lSlPc/LlbnH4iN+gj6SSqpsWAIdq99VIviAnzHTr7SniGfXul
+hP+5+xSlfAYOKuH7jM1+gpuld9kR2QzGObiUJ6gfJk+I41C90tSJHb3v+DCanyrM
+N2NXKbkgRtZoaIItiqZVIKHJP+VaHOnHCBq3uEbj2+OR7I5yFkDYdQbTiWVU1bl0
+9Ps/5LPDEiQYQqgCGadzZyqyEHvoPFy2vWvc1GFya6cV1L3gtM51C713ci2Xa3NK
+ZknS4bIC2Nhtrf9PcFJRkMKW8OOdwYi/2vL9I4W/PAs2EV3thQivBB7dH9TYRTdC
+BWP2tFM+isibjezJfj2RAjdAq0Kln0U+4AkNWgNNToyzSNFJ0LBtvzlgS7mmtuN0
+mA9n7tYyQM5vCXEQqcC3hIkJSeNE2Sj4/RVd8oo1Ngh1el0AFTJ2aq+QowG/lWO/
+pK1lvOQXMPElbSSxCytqALWY995VRxmEUO/TF6pCgsRDIXxx+eSf1XrtT2d1+Na7
+nzt511Ho9/F4Uwbih7u+IhnWReB2Da0djLBWUtOc+HsMLQZVAUk=
+=juJj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-19:13/mds.11.patch b/share/security/patches/EN-19:13/mds.11.patch
new file mode 100644
index 0000000000..a0b62c41d6
--- /dev/null
+++ b/share/security/patches/EN-19:13/mds.11.patch
@@ -0,0 +1,18 @@
+--- sys/x86/x86/cpu_machdep.c.orig
++++ sys/x86/x86/cpu_machdep.c
+@@ -953,7 +953,6 @@
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+-void (*mds_handler)(void);
+ void mds_handler_void(void);
+ void mds_handler_verw(void);
+ void mds_handler_ivb(void);
+@@ -962,6 +961,7 @@
+ void mds_handler_skl_avx(void);
+ void mds_handler_skl_avx512(void);
+ void mds_handler_silvermont(void);
++void (*mds_handler)(void) = mds_handler_void;
+
+ static int
+ sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
diff --git a/share/security/patches/EN-19:13/mds.11.patch.asc b/share/security/patches/EN-19:13/mds.11.patch.asc
new file mode 100644
index 0000000000..24b33f86ea
--- /dev/null
+++ b/share/security/patches/EN-19:13/mds.11.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WohfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cL2Uw/7BSeV5qpvcB0DWjmccL4skTSJt37KOZ+2B4kO3RuCQ3VLZm73tAJZYGkZ
+gUlgluC0qr6mzjtG5eXfFB0yQ95XfM5/Fcu/d1m/g7Zg/OC/lTzfyoMiW3cKrY0E
+p1t5zPmWMJ3rbLGaJy5NimUl+ef/y8LRXmUyzrK3vExN/NXt+ACwndZxPiXLQ7PC
+qATgsksuzLrTkYhW1lbX3yewU2R4DTiDoe2ytx1W9BFIE+AhtuEGb4mk4sAaqXzf
+cL4NWDETq6BDldYo9hXikHzZL8hzE5zyuFK/wYQ7a4JN05KqI0iSiMMhlhe4g0ui
+BzurSSSKPvJRHaA6YD3HWTPOZBv9rGf4xFRAAjZpjOlT+iWPMO73rdQQkEIbHBQc
+JWm6fOGodnP01qVjNpYXpjgGyzDvFoI3b1YMktPy0o8tYadHzHYsinH883Ihik97
+i9EqjxacqBoAK3XKatDNM83ZIE1VfanULktCZ1eloxIrlkBqjjHw2VmiWgB6s7j7
+t0o3+SP7gfusBmagHRdv9pfDd8Jp5RDG8aRhZP7Gd2zb2lNop9TfdyxMGMEFEh3f
+IG5X8/UED3MBjwVgem74k0Pov/NUzW3x9TB14hoPO5Z1CewlKWCirDXn5l1qhpkf
+4pGXZdd10QW1UGRG7NQ+dbRLiqX0YdfUGJm78ntoczYP1zNBpH0=
+=lZrt
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-19:13/mds.12.patch b/share/security/patches/EN-19:13/mds.12.patch
new file mode 100644
index 0000000000..7da39f2028
--- /dev/null
+++ b/share/security/patches/EN-19:13/mds.12.patch
@@ -0,0 +1,18 @@
+--- sys/x86/x86/cpu_machdep.c.orig
++++ sys/x86/x86/cpu_machdep.c
+@@ -924,7 +924,6 @@
+ * architectural state except possibly %rflags. Also, it is always
+ * called with interrupts disabled.
+ */
+-void (*mds_handler)(void);
+ void mds_handler_void(void);
+ void mds_handler_verw(void);
+ void mds_handler_ivb(void);
+@@ -933,6 +932,7 @@
+ void mds_handler_skl_avx(void);
+ void mds_handler_skl_avx512(void);
+ void mds_handler_silvermont(void);
++void (*mds_handler)(void) = mds_handler_void;
+
+ static int
+ sysctl_hw_mds_disable_state_handler(SYSCTL_HANDLER_ARGS)
diff --git a/share/security/patches/EN-19:13/mds.12.patch.asc b/share/security/patches/EN-19:13/mds.12.patch.asc
new file mode 100644
index 0000000000..fbef69aa21
--- /dev/null
+++ b/share/security/patches/EN-19:13/mds.12.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WohfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKNWQ//S9SPs5aLAn548fpti++SamgqLC+OpBWilFxruB+Y4i1J8EKYde58DzIw
+GSpJya11QZz+oHUhHGuR3gqxCeaUK3Qyvld1NNqPg5nRDPBdEWWxkX0slliRbKWM
+VYQdak5SkRozvc1A7Ssy8bZ3krqgpRLCdETvy2RCFURPXWs7lAFqCYP6FiJvPd5n
+gzi49FFLMXr5REtHe9D2i3z1/3v0mwOwSE7uvgBHHqf9/Cu7cypSLpZc4b9nwmta
+r9gB2jLM+9+Stocsilht5fdH2X2+3iTIxuYKkkjvkqKcLD0cOYdm+CvnaRqf5GhA
+9lFC/wsbcTz6itn0MmBgPReN6fTRGAmr0dACkU6mtPHke8x9Cii8u5GQD/W+Q6Zs
+UJ9CMvE4EuaUFCfooigHDCeLM4jRBzF6auZL6BXPDENC0btJaU9iYnwkuxH7jyFy
+LWcm67asSqDy9YMhip4SUmeQZe03wMvxPnDf9QXGclo9AhWAH2YxjFxIXOZlQOwO
+fbVedzyxEtBjYLZz8c9GSoklKnS0d7FEGK9hZxAx4QFMsAMTiidPFhSUiP65F1du
+Y5kkDw3a8xFeBegA+43s1ds+Y7YGKyrEwao/L7N1NZ2fvqHNUnbpa/A0uTvr17Dc
+1Ja/FDSLV2X3bffidbn4BkBuWXIEjJJHuKVPl10tMgV4BbrJPMQ=
+=rBsY
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:12/telnet.patch b/share/security/patches/SA-19:12/telnet.patch
new file mode 100644
index 0000000000..9d3deaeb02
--- /dev/null
+++ b/share/security/patches/SA-19:12/telnet.patch
@@ -0,0 +1,60 @@
+--- contrib/telnet/telnet/commands.c.orig
++++ contrib/telnet/telnet/commands.c
+@@ -45,6 +45,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+
++#include <assert.h>
+ #include <ctype.h>
+ #include <err.h>
+ #include <errno.h>
+@@ -1654,11 +1655,14 @@
+ || (strncmp((char *)ep->value, "unix:", 5) == 0))) {
+ char hbuf[256+1];
+ char *cp2 = strchr((char *)ep->value, ':');
++ size_t buflen;
+
+- gethostname(hbuf, 256);
+- hbuf[256] = '\0';
+- cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
+- sprintf((char *)cp, "%s%s", hbuf, cp2);
++ gethostname(hbuf, sizeof(hbuf));
++ hbuf[sizeof(hbuf)-1] = '\0';
++ buflen = strlen(hbuf) + strlen(cp2) + 1;
++ cp = (char *)malloc(sizeof(char)*buflen);
++ assert(cp != NULL);
++ snprintf((char *)cp, buflen, "%s%s", hbuf, cp2);
+ free(ep->value);
+ ep->value = (unsigned char *)cp;
+ }
+--- contrib/telnet/telnet/utilities.c.orig
++++ contrib/telnet/telnet/utilities.c
+@@ -629,7 +629,7 @@
+ }
+ {
+ char tbuf[64];
+- sprintf(tbuf, "%s%s%s%s%s",
++ snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s",
+ pointer[2]&MODE_EDIT ? "|EDIT" : "",
+ pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+ pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+--- contrib/telnet/telnet/telnet.c.orig
++++ contrib/telnet/telnet/telnet.c
+@@ -785,7 +785,7 @@
+ name = gettermname();
+ len = strlen(name) + 4 + 2;
+ if (len < NETROOM()) {
+- sprintf(temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
++ snprintf(temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+ TELQUAL_IS, name, IAC, SE);
+ ring_supply_data(&netoring, temp, len);
+ printsub('>', &temp[2], len-2);
+@@ -807,7 +807,7 @@
+
+ TerminalSpeeds(&ispeed, &ospeed);
+
+- sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED,
++ snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED,
+ TELQUAL_IS, ospeed, ispeed, IAC, SE);
+ len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
+
diff --git a/share/security/patches/SA-19:12/telnet.patch.asc b/share/security/patches/SA-19:12/telnet.patch.asc
new file mode 100644
index 0000000000..eeca9b6f38
--- /dev/null
+++ b/share/security/patches/SA-19:12/telnet.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJr9Q//SGYP2npXtSX0LVpT8luManWEbjjhTTz12ZW80R/QOwheoJXq9zJ4R812
+WlHtEtFi4PBIqGAdvSOUISHVJTzpLy9jOVoavW5jynFDUiE2gFikirVxu+ERWxDm
+MMYJ6b/0P7VWAlyp0+05NuOGSOxFEiGs43qP8rVYUVLQF7zUYwR8nKVRxvxwSm9E
+xp5gy0bM00O2Ct8cH1IS9lJjFFopIHXU0Xv2HxxURSZUJfbHKvc4+3mPXqTeyBmw
+YEziisxeUuU2h4z4dbbsv3Vhz1RiN+4+7EfaFDcFLryn1h5LSqdrlHkqgea6K8gW
+CMYUE4MWYOWHzZIWLQJ0nb2R+7qo8xCbPjSsOf6qQ+x5NWqb7SX6HPNGy7LAKpXa
+xGY7Ffefl2qtHwe3If7O4PKG30VGMdQfhn9OBgiX0gGf3Datyihcn9GwiSF7NrHs
+bIh8RIAM1AbmpI3tkNrUhFyV7N1aAF08wjkn9G8AaUtqHwnjkfWXlzegJGYidRmx
+7AU/oem/7jm7NqjccrglEkRpKUz2f9fTPnpAVdqs18XfZfCgqkVeaz284WRDWV5r
+QXd64u38lyitZBBCnGR6tbeD429437ZbWtX4X97bdVUaUUIg2YUzkDsnFFSYBJh9
+7POO792tDemfPvgQdIvq9+OMGMULus+4SQ9D+gQ7DWKRQVxsAiE=
+=eI9w
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:13/pts.patch b/share/security/patches/SA-19:13/pts.patch
new file mode 100644
index 0000000000..3ab7161764
--- /dev/null
+++ b/share/security/patches/SA-19:13/pts.patch
@@ -0,0 +1,22 @@
+--- sys/kern/tty.c.orig
++++ sys/kern/tty.c
+@@ -231,9 +231,6 @@
+
+ tp->t_flags |= TF_OPENCLOSE;
+
+- /* Stop asynchronous I/O. */
+- funsetown(&tp->t_sigio);
+-
+ /* Remove console TTY. */
+ if (constty == tp)
+ constty_clear();
+@@ -1124,6 +1121,9 @@
+ return;
+ }
+
++ /* Stop asynchronous I/O. */
++ funsetown(&tp->t_sigio);
++
+ /* TTY can be deallocated. */
+ dev = tp->t_dev;
+ tp->t_dev = NULL;
diff --git a/share/security/patches/SA-19:13/pts.patch.asc b/share/security/patches/SA-19:13/pts.patch.asc
new file mode 100644
index 0000000000..80f43e6966
--- /dev/null
+++ b/share/security/patches/SA-19:13/pts.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKlaw//dbfqbTg1CcRs+IrcUydAbJIk4uLnrw69HIWYTGt0kN0Kcv6WoVxY5ecM
+KkQMRMq9e+8L0Sy7FH9A9QV99FoQeAxlzZsy1tXpqrVd50SCgpzC0XaBtaqzT7vY
+q00IWIXUXlbAnoIeKs/mnNjoeLRnesLLt7swWiUXQYtD2xPeJIA01TFaG0EwvBC5
+wZ0S9UD0dwQZzUVxXz+SI6V+3seYLkGtL8csnfom1LiGRX6M3OuMz6Kgoss3St8R
+Lvq3pFwdWnAHm2ewv7rpF0M8R4vbLQw/sikoK3xTCbv+Wi9xbv85OR2HN6NDLsjs
+g11zvnHt5fDYnWtZvoplUFNg98rxKc0T1zcae91ZaenPqV+F4dsVvs4RdO2MmNmf
+ye2GyzO/QkiOzZsgAQm+C7hUIkYfe16swAhd8qYLw7AQkF0ax10HKw+0QVMfQPTK
+jRT79IHILRzMm4wIyE18n6WPFuvQP+PHcJ4ky+PY8lTtZFpuLZTTOIM7KJNAAFtS
+dtJnHDZiJuxcDeGZHRQJW6WFgk+oFpiB2Pe0rSmZIZYe2yJ6rwoPubEenWEMUKrr
+mOqCBGIB8kVSixZX8dQeDacrPN5qjuQkEoh1H+jG/CtYEYdgFm/ybyKFY9Qqz/X4
+UPnAQMRrZpXLjqbd6/5qcDiDUXDwrBryEcgSsLXOSQSPXxgy8Dw=
+=/BMl
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:14/freebsd32.patch b/share/security/patches/SA-19:14/freebsd32.patch
new file mode 100644
index 0000000000..be10d46550
--- /dev/null
+++ b/share/security/patches/SA-19:14/freebsd32.patch
@@ -0,0 +1,11 @@
+--- sys/compat/freebsd32/freebsd32_ioctl.c.orig
++++ sys/compat/freebsd32/freebsd32_ioctl.c
+@@ -262,6 +262,8 @@
+ vm_offset_t addr;
+ int error;
+
++ memset(&pmc, 0, sizeof(pmc));
++ memset(&pc32, 0, sizeof(pc32));
+ if ((error = copyin(uap->data, &pci32, sizeof(pci32))) != 0)
+ return (error);
+
diff --git a/share/security/patches/SA-19:14/freebsd32.patch.asc b/share/security/patches/SA-19:14/freebsd32.patch.asc
new file mode 100644
index 0000000000..5f3f699c0a
--- /dev/null
+++ b/share/security/patches/SA-19:14/freebsd32.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIa8xAAnsULsYOMNQbGeBE3LMOa3RfB0PQ2EElLcEnkAgnmTYY/rEaX4ekTFZV8
+W7uC111kJCvbJQOWgT2w28Xn0+rqY4Jp2zQKoJ8bqxSxGkKjVls2dsywa50NehD4
+YOBWW2B6G9LxFYFOmkSNq/lFHKSkacwC7wP4/NjRqJ36Ky+AJYRTUwdguTlAO/DU
+dYbmuXTiZSryxiyYglRJi+ZhQ8BnIkseSuZMn+4KuKMp9CMpxTB+qIIAmCcf0Mdt
+ac/VTVmrnnBvaSjRGQdrwzpX2e23cThCuaSY0M5R4/KfaNoZQ6Jhejm4hJm+XPw2
+S4ZT9ZGdqNK/qFBgZrunWrJA2AxXxG8SJtC/kDb6H1pikrfE8TmE74IzWBOCfDJ9
+XioQF7OvV1pNDgGMhP3O5FYrUeTCe2OyQsAjYJu371i0YsoDTMuL5d8Gj/0JAX0U
+DDZPW/0eOb0rMnLE9jc++cNdFuBhJXbkfP8TQ2hef224/WXoQYsq1g6sPgnUCAkS
+fE4HDUAzfxAwNNHsF8ZLI2KonCIY8fBTT3NvNXihBxQvPDiXg/RlEKS7EYlR65CC
+6mwlnKgBmmeQT3F1C3FSMt9T9ncwZxvCaVk2u7gpH/TiycuSF7H1D226HcRYXKyu
+8Q6GhnOBbS2TXBCKca/1HS/WfvyNA4FXUDvK0ZSch3nFGbEJVmA=
+=fjwv
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:15/mqueuefs.patch b/share/security/patches/SA-19:15/mqueuefs.patch
new file mode 100644
index 0000000000..e0b7f2cc33
--- /dev/null
+++ b/share/security/patches/SA-19:15/mqueuefs.patch
@@ -0,0 +1,51 @@
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -2283,13 +2283,14 @@
+ if (uap->abs_timeout != NULL) {
+ error = copyin(uap->abs_timeout, &ets, sizeof(ets));
+ if (error != 0)
+- return (error);
++ goto out;
+ abs_timeout = &ets;
+ } else
+ abs_timeout = NULL;
+ waitok = !(fp->f_flag & O_NONBLOCK);
+ error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
+ uap->msg_prio, waitok, abs_timeout);
++out:
+ fdrop(fp, td);
+ return (error);
+ }
+@@ -2309,13 +2310,14 @@
+ if (uap->abs_timeout != NULL) {
+ error = copyin(uap->abs_timeout, &ets, sizeof(ets));
+ if (error != 0)
+- return (error);
++ goto out;
+ abs_timeout = &ets;
+ } else
+ abs_timeout = NULL;
+ waitok = !(fp->f_flag & O_NONBLOCK);
+ error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
+ uap->msg_prio, waitok, abs_timeout);
++out:
+ fdrop(fp, td);
+ return (error);
+ }
+@@ -2834,7 +2836,7 @@
+ if (uap->abs_timeout != NULL) {
+ error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
+ if (error != 0)
+- return (error);
++ goto out;
+ CP(ets32, ets, tv_sec);
+ CP(ets32, ets, tv_nsec);
+ abs_timeout = &ets;
+@@ -2843,6 +2845,7 @@
+ waitok = !(fp->f_flag & O_NONBLOCK);
+ error = mqueue_receive(mq, uap->msg_ptr, uap->msg_len,
+ uap->msg_prio, waitok, abs_timeout);
++out:
+ fdrop(fp, td);
+ return (error);
+ }
diff --git a/share/security/patches/SA-19:15/mqueuefs.patch.asc b/share/security/patches/SA-19:15/mqueuefs.patch.asc
new file mode 100644
index 0000000000..ffb17b9c7d
--- /dev/null
+++ b/share/security/patches/SA-19:15/mqueuefs.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKwuw//cbOammnRyK+06gajcjueERuZUL8F3YGwnMfok0Afx0QXGS/OGYsCFbmx
+CeuX6ZICoGlNo94kWT0Gv8g7fZy2XuZMIcjaG1PHmPODIz27zo1DeMXvB9Yj4oEp
+oeGbf7mXqwgxHVQxY94j8oFRunTFRAUkjIJZfeLWq5JZTnLNWm2WhJBR0prH4SL/
+pkGWca/QdnrFiDYBm02FLcUF3lXgSkZLLm63FDb7P+ouahlTzL0CMzV/TaMMwTGS
+XFOvIwkeeU0ni8BPRUpbamFo4caTlffC2n+FPa6/wmoW9URW9SHLkkAsPfq9IfBC
+UUF8DXYkOkpbduXpmXK7IzE3eINW7zJD3dz3AvjpXq9GxUXIgXN76cOnbM/pur5p
+BTVdEgcpmM8h8crERS+nXC3uh9w0mSJg/66qRjpOF8SfI59uUqVkd1vvenTke/zF
+etgGRjQtm4f8kHH6S6b96kQWmBRD1xZwwXS2sJgvd1VVcb0dB0GFFv/FJ8hWNWKl
+nY/JaUUYf6sxC4Lm1X9g5cCluiSnGNBGOlKeNoOIj20NvUa6dgi5CBWxGlzwUTOP
+GzO9dkwij8wb9sHPXk3INpOLzSzwua9a8YQVNQf5aFErPiw3nuU6Bc16qJ/GV+Rg
+F2D49u63NrIak1JwQ27PNmoNs7XpEI4QCF7ASoqWqu+2YGwCigs=
+=Zirz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:16/bhyve.patch b/share/security/patches/SA-19:16/bhyve.patch
new file mode 100644
index 0000000000..eefea38c70
--- /dev/null
+++ b/share/security/patches/SA-19:16/bhyve.patch
@@ -0,0 +1,49 @@
+--- usr.sbin/bhyve/pci_xhci.c.orig
++++ usr.sbin/bhyve/pci_xhci.c
+@@ -1900,6 +1900,11 @@
+ return;
+ }
+
++ if (epid == 0 || epid >= XHCI_MAX_ENDPOINTS) {
++ DPRINTF(("pci_xhci: invalid endpoint %u\r\n", epid));
++ return;
++ }
++
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ devep = &dev->eps[epid];
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
+@@ -1925,6 +1930,23 @@
+
+ /* get next trb work item */
+ if (XHCI_EPCTX_0_MAXP_STREAMS_GET(ep_ctx->dwEpCtx0) != 0) {
++ struct xhci_stream_ctx *sctx;
++
++ /*
++ * Stream IDs of 0, 65535 (any stream), and 65534
++ * (prime) are invalid.
++ */
++ if (streamid == 0 || streamid == 65534 || streamid == 65535) {
++ DPRINTF(("pci_xhci: invalid stream %u\r\n", streamid));
++ return;
++ }
++
++ sctx = NULL;
++ pci_xhci_find_stream(sc, ep_ctx, streamid, &sctx);
++ if (sctx == NULL) {
++ DPRINTF(("pci_xhci: invalid stream %u\r\n", streamid));
++ return;
++ }
+ sctx_tr = &devep->ep_sctx_trbs[streamid];
+ ringaddr = sctx_tr->ringaddr;
+ ccs = sctx_tr->ccs;
+@@ -1933,6 +1955,10 @@
+ streamid, ep_ctx->qwEpCtx2 & XHCI_TRB_3_CYCLE_BIT,
+ trb->dwTrb3 & XHCI_TRB_3_CYCLE_BIT));
+ } else {
++ if (streamid != 0) {
++ DPRINTF(("pci_xhci: invalid stream %u\r\n", streamid));
++ return;
++ }
+ ringaddr = devep->ep_ringaddr;
+ ccs = devep->ep_ccs;
+ trb = devep->ep_tr;
diff --git a/share/security/patches/SA-19:16/bhyve.patch.asc b/share/security/patches/SA-19:16/bhyve.patch.asc
new file mode 100644
index 0000000000..c587ea6c34
--- /dev/null
+++ b/share/security/patches/SA-19:16/bhyve.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqlfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLhbQ//fufmu/lZgce6Y+GGMZdBCEIAE305OqASgpXt0ifC5/swQ83ky3P/yJcI
+Qh9YeH57JZ5YI+K29mqP+lkTrYiBKqHl1zAK4qm+XUkXAq+5GOSQqDB4ZJdq12za
+wDO8toOtNkv6Yz1L+dYnG3iFEzbdz8FzoZMv2FTbZ22o0NobzH3YHtODS4nsLuJT
+lCaoJctYnpZ+4ajhnvSfBiQbFr3zwCpLvbLLox0QGZ+v/Pjn976c//RRj0z6ed5J
+bmyr6nFPIleqJ8T+W36E00W3EB7sc/h1gxtyJtKJm4lqgTCY+qREr1/4gXIiqHwd
+m8S13X39J9E4PhLbtw2m5f6yth/Qfjyh70wgOdb3LItjfZG6Swdo8NR6tuXJu+ZR
+XcYCsqeQkn8sivT3GZvvJlPx8DUJe0MtiB4pOy2MpLWTEcUM8S9sBCcFz9EMA06M
+rK1pE+4W1fWxYbISXY5UNEOQgQE82+aJDFmACKmIJhKO+bbgH9RjekklUbtoSUdD
+Qeu4yVrhliFUWqCv0phhIZz3UPlU+Ewqb8imH6b5tAX1+XM9kMeSZdO80qZKK20J
+9/jXGuMt9MX4bpErdFY1l0GtGblNa1XASaOGGGTs8dwPRq1jBaVKSus4AslVkbuj
+6UZEdaNn4ysAWpe/B1z0nr0TThGyA9wWX+AqPfKAD5VAJV+xTpU=
+=qjT1
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:17/fd.11.2.patch b/share/security/patches/SA-19:17/fd.11.2.patch
new file mode 100644
index 0000000000..1302dce25f
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.11.2.patch
@@ -0,0 +1,72 @@
+--- sys/kern/uipc_usrreq.c.orig
++++ sys/kern/uipc_usrreq.c
+@@ -1896,29 +1896,52 @@
+ UNP_DEFERRED_LOCK_INIT();
+ }
+
++static void
++unp_internalize_cleanup_rights(struct mbuf *control)
++{
++ struct cmsghdr *cp;
++ struct mbuf *m;
++ void *data;
++ socklen_t datalen;
++
++ for (m = control; m != NULL; m = m->m_next) {
++ cp = mtod(m, struct cmsghdr *);
++ if (cp->cmsg_level != SOL_SOCKET ||
++ cp->cmsg_type != SCM_RIGHTS)
++ continue;
++ data = CMSG_DATA(cp);
++ datalen = (caddr_t)cp + cp->cmsg_len - (caddr_t)data;
++ unp_freerights(data, datalen / sizeof(struct filedesc *));
++ }
++}
++
+ static int
+ unp_internalize(struct mbuf **controlp, struct thread *td)
+ {
+- struct mbuf *control = *controlp;
+- struct proc *p = td->td_proc;
+- struct filedesc *fdesc = p->p_fd;
++ struct mbuf *control, **initial_controlp;
++ struct proc *p;
++ struct filedesc *fdesc;
+ struct bintime *bt;
+- struct cmsghdr *cm = mtod(control, struct cmsghdr *);
++ struct cmsghdr *cm;
+ struct cmsgcred *cmcred;
+ struct filedescent *fde, **fdep, *fdev;
+ struct file *fp;
+ struct timeval *tv;
+- int i, *fdp;
+ void *data;
+- socklen_t clen = control->m_len, datalen;
+- int error, oldfds;
++ socklen_t clen, datalen;
++ int i, error, *fdp, oldfds;
+ u_int newlen;
+
+ UNP_LINK_UNLOCK_ASSERT();
+
++ p = td->td_proc;
++ fdesc = p->p_fd;
+ error = 0;
++ control = *controlp;
++ clen = control->m_len;
+ *controlp = NULL;
+- while (cm != NULL) {
++ initial_controlp = controlp;
++ for (cm = mtod(control, struct cmsghdr *); cm != NULL;) {
+ if (sizeof(*cm) > clen || cm->cmsg_level != SOL_SOCKET
+ || cm->cmsg_len > clen || cm->cmsg_len < sizeof(*cm)) {
+ error = EINVAL;
+@@ -2045,6 +2068,8 @@
+ }
+
+ out:
++ if (error != 0 && initial_controlp != NULL)
++ unp_internalize_cleanup_rights(*initial_controlp);
+ m_freem(control);
+ return (error);
+ }
diff --git a/share/security/patches/SA-19:17/fd.11.2.patch.asc b/share/security/patches/SA-19:17/fd.11.2.patch.asc
new file mode 100644
index 0000000000..0655ff7d8b
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.11.2.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqlfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI3nw/+NnAFVvmg//5FWzm6875s9mJ51hJaG0svbq7xp9qfyc8m+E8rQihZsyX1
+0/oNuOnthlqfO3qGPjxDi5WpQ6bHeVjx//73wxUtYmCHr1vVNHttKjWdR5jyfafX
+dvacX9lWmNJhKl6r4eC/Fn79R7ARqWy52+bQruTRqyJvMPna7ck/7dhqbOq+FFEN
+5ld+5DSfIycp5u4gMqB9a6QneUw93tBnF1LqRw4v4OOmreZ2OZj3khDiQ+ALOU/b
+LJgn/nuDwVxLeStMPZSlrz+Gvg92ZjlcPt4krS4tK3Wana9su/0pr+QjhjLvog51
+TtCZmnw3geDj7BdL4YWqv/odnU9vFZJ/j97Aa7WJldH89g1egN6a5TIw8FPqDyS5
+Z+VHWczypGxLL8hLOkK76GbqqbwQDhomosl4GDOOiNoAHrflB+qWm1Eyq7hlOKEF
+aghZPSa31LJ5wbX7PxSPK+LBp/3wV1ukGbbUok7UHAjnUaU4NeE643Gv1q1xXNeR
+PwvJVTdXSwuOgdUA3Da+6np45K6ysPgKiHpwy53sNfdLsTDftfCxC4+nYrqeAy3b
+2Vl7UZpherBns95HBYTZ2jIrxjhF19KYRatfsGAGA0yEvmG96vKk59P/+Br9Hpui
+YJ+xZFDgU25+VpMHGLtiE5YQeQ4Vdsqr6LNlkPnwUVH5aRBH/Ys=
+=trQX
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:17/fd.11.patch b/share/security/patches/SA-19:17/fd.11.patch
new file mode 100644
index 0000000000..24fa145565
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.11.patch
@@ -0,0 +1,73 @@
+--- sys/kern/uipc_usrreq.c.orig
++++ sys/kern/uipc_usrreq.c
+@@ -1908,30 +1908,53 @@
+ UNP_DEFERRED_LOCK_INIT();
+ }
+
++static void
++unp_internalize_cleanup_rights(struct mbuf *control)
++{
++ struct cmsghdr *cp;
++ struct mbuf *m;
++ void *data;
++ socklen_t datalen;
++
++ for (m = control; m != NULL; m = m->m_next) {
++ cp = mtod(m, struct cmsghdr *);
++ if (cp->cmsg_level != SOL_SOCKET ||
++ cp->cmsg_type != SCM_RIGHTS)
++ continue;
++ data = CMSG_DATA(cp);
++ datalen = (caddr_t)cp + cp->cmsg_len - (caddr_t)data;
++ unp_freerights(data, datalen / sizeof(struct filedesc *));
++ }
++}
++
+ static int
+ unp_internalize(struct mbuf **controlp, struct thread *td)
+ {
+- struct mbuf *control = *controlp;
+- struct proc *p = td->td_proc;
+- struct filedesc *fdesc = p->p_fd;
++ struct mbuf *control, **initial_controlp;
++ struct proc *p;
++ struct filedesc *fdesc;
+ struct bintime *bt;
+- struct cmsghdr *cm = mtod(control, struct cmsghdr *);
++ struct cmsghdr *cm;
+ struct cmsgcred *cmcred;
+ struct filedescent *fde, **fdep, *fdev;
+ struct file *fp;
+ struct timeval *tv;
+ struct timespec *ts;
+- int i, *fdp;
+ void *data;
+- socklen_t clen = control->m_len, datalen;
+- int error, oldfds;
++ socklen_t clen, datalen;
++ int i, error, *fdp, oldfds;
+ u_int newlen;
+
+ UNP_LINK_UNLOCK_ASSERT();
+
++ p = td->td_proc;
++ fdesc = p->p_fd;
+ error = 0;
++ control = *controlp;
++ clen = control->m_len;
+ *controlp = NULL;
+- while (cm != NULL) {
++ initial_controlp = controlp;
++ for (cm = mtod(control, struct cmsghdr *); cm != NULL;) {
+ if (sizeof(*cm) > clen || cm->cmsg_level != SOL_SOCKET
+ || cm->cmsg_len > clen || cm->cmsg_len < sizeof(*cm)) {
+ error = EINVAL;
+@@ -2082,6 +2105,8 @@
+ }
+
+ out:
++ if (error != 0 && initial_controlp != NULL)
++ unp_internalize_cleanup_rights(*initial_controlp);
+ m_freem(control);
+ return (error);
+ }
diff --git a/share/security/patches/SA-19:17/fd.11.patch.asc b/share/security/patches/SA-19:17/fd.11.patch.asc
new file mode 100644
index 0000000000..577378d261
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.11.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqlfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJmTxAAjBscnsnRUzIkRuvJ+5F6VrwduZye14G5jwbW6/fUnmI6mt2wyGSkHVHQ
+bcVTAaF5g8fN1xBk0urta1q3nlGJRCKIyVp+qkBLxiiMvrZlryZ2nsgVmylRZ7oA
+kQK96WWORU8fptXqeG0q3N+i3EoZPMqd2d38Xh4TlqupYlFYOJUcTJOFV/Hb4qZC
+Sd1bIj3DdtX+2hhXPr5LOe3w2ootgqxF7l/LloQ2LXpPqsPm31EXYTexetowyMXz
+2PaXPLKE44eVseaazS/S/F9bG6weFgxqjjbzzzXI1uiXqctwODL4f1QDEz/G1/+g
+SlrR6pXD2wtFZGWTJr8FjwwpJl78sH0ov9NvtO5MdRUvCB7p4lp6DGP+tIbzugbH
++D5nlpEUFBUGwM3VNQ79zAzNQkSlAm551RxGgGA8RxlXQrwqZQ7TYSgoDonABfCm
+ELkMv/3GcuaEtljXBTN44rCJZjuRlGi/k2nDs5phlUGnN5fk6nQtWdzo7p63kdYE
+mR9vR9VVO11KAFm1SVp4w9hmIRTtt1Vd9Rm2PKAxiAJzwZTWWmjUfSg2DO6DFOb8
+rlK5pqgOml3FIDAfegrhvjsyrsc7Fbp6Rjny+MM58fcKBpuJNAOIgB+lqN8GbTaV
+sZsSZiiTtBSV93JvcwWe+My+59GbpoAEwex0OMkuxa/T0+yeh5E=
+=ptiz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-19:17/fd.12.patch b/share/security/patches/SA-19:17/fd.12.patch
new file mode 100644
index 0000000000..fb48d5e0eb
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.12.patch
@@ -0,0 +1,73 @@
+--- sys/kern/uipc_usrreq.c.orig
++++ sys/kern/uipc_usrreq.c
+@@ -2120,30 +2120,53 @@
+ UNP_DEFERRED_LOCK_INIT();
+ }
+
++static void
++unp_internalize_cleanup_rights(struct mbuf *control)
++{
++ struct cmsghdr *cp;
++ struct mbuf *m;
++ void *data;
++ socklen_t datalen;
++
++ for (m = control; m != NULL; m = m->m_next) {
++ cp = mtod(m, struct cmsghdr *);
++ if (cp->cmsg_level != SOL_SOCKET ||
++ cp->cmsg_type != SCM_RIGHTS)
++ continue;
++ data = CMSG_DATA(cp);
++ datalen = (caddr_t)cp + cp->cmsg_len - (caddr_t)data;
++ unp_freerights(data, datalen / sizeof(struct filedesc *));
++ }
++}
++
+ static int
+ unp_internalize(struct mbuf **controlp, struct thread *td)
+ {
+- struct mbuf *control = *controlp;
+- struct proc *p = td->td_proc;
+- struct filedesc *fdesc = p->p_fd;
++ struct mbuf *control, **initial_controlp;
++ struct proc *p;
++ struct filedesc *fdesc;
+ struct bintime *bt;
+- struct cmsghdr *cm = mtod(control, struct cmsghdr *);
++ struct cmsghdr *cm;
+ struct cmsgcred *cmcred;
+ struct filedescent *fde, **fdep, *fdev;
+ struct file *fp;
+ struct timeval *tv;
+ struct timespec *ts;
+- int i, *fdp;
+ void *data;
+- socklen_t clen = control->m_len, datalen;
+- int error, oldfds;
++ socklen_t clen, datalen;
++ int i, error, *fdp, oldfds;
+ u_int newlen;
+
+ UNP_LINK_UNLOCK_ASSERT();
+
++ p = td->td_proc;
++ fdesc = p->p_fd;
+ error = 0;
++ control = *controlp;
++ clen = control->m_len;
+ *controlp = NULL;
+- while (cm != NULL) {
++ initial_controlp = controlp;
++ for (cm = mtod(control, struct cmsghdr *); cm != NULL;) {
+ if (sizeof(*cm) > clen || cm->cmsg_level != SOL_SOCKET
+ || cm->cmsg_len > clen || cm->cmsg_len < sizeof(*cm)) {
+ error = EINVAL;
+@@ -2294,6 +2317,8 @@
+ }
+
+ out:
++ if (error != 0 && initial_controlp != NULL)
++ unp_internalize_cleanup_rights(*initial_controlp);
+ m_freem(control);
+ return (error);
+ }
diff --git a/share/security/patches/SA-19:17/fd.12.patch.asc b/share/security/patches/SA-19:17/fd.12.patch.asc
new file mode 100644
index 0000000000..d95ddff4b9
--- /dev/null
+++ b/share/security/patches/SA-19:17/fd.12.patch.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WqlfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI9ChAAiOmOES6zvuVjCZayU6TCnSvyeMIAqVEpJHEqJrHUVbjXZrxnGrz8Tc3D
+yQ62leplJY4H+BPf1k4MqTQNQej6cEbbUOL6OqwOqXq3Ej3IKIGSqW/0S0xNZi6s
+JhAw2GkS8UHsWzpTkyMaqsl4m3PSx/L8T1qOHNZ/EwMes64pBRLPyAH2ePU4eOdP
+cZV3Tug4TzeCfz/j8R+bBcHWjpPcfumgXkvR1QH+uEd8GjkRuw1U7dsnj7EpXQeF
+JH4Ap/QA5V1vfPCO0KJBRI8scwnXB6WAzQ4VHcmk6euNDHAWDCVS4RcmyFk7baA+
+NFbr+JhyDQ+fzLGmPUGmNElQGx9ypckxd3KAt4Q1LasXyzHbmx8qFBmvxqoPhg0r
+uYRXBpaDDdChm1zMRuEKvqHEW4Kr/WIXIevY0vSgsebZEB0LnhxSY0syHJiPF7FD
+TY7u7Am59FtxLbXsWOnyfdOiQBDPppSyUZ1YhEKeqMJ4qih0h9bJFanZWixGGzHa
+1nXwN1UMbF01NCzxDSt3NGfKYEbW1ogeV8B81aqxxQDKuf71PL84WN/+C31ZZXNJ
+IFFH/arlmacriXKHlIzAJ/bU2maX7F3y5WjFsMVEgMiP6V4qkragSHCJqfSdwJkP
+wrf2nA3RFErqVlG9wMVbCuvzZrEZ/q+oixQdrdE7D++oCNdVrjY=
+=29X3
+-----END PGP SIGNATURE-----
diff --git a/share/xml/advisories.xml b/share/xml/advisories.xml
index c4bcf06268..38bb2ee12d 100644
--- a/share/xml/advisories.xml
+++ b/share/xml/advisories.xml
@@ -10,6 +10,35 @@
<month>
<name>7</name>
+ <day>
+ <name>24</name>
+
+ <advisory>
+ <name>FreeBSD-SA-19:17.fd</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-19:16.bhyve</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-19:15.mqueuefs</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-19:14.freebsd32</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-19:13.pts</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-19:12.telnet</name>
+ </advisory>
+
+ </day>
+
<day>
<name>2</name>
diff --git a/share/xml/notices.xml b/share/xml/notices.xml
index b1f4db1fc1..4ff7895bbf 100644
--- a/share/xml/notices.xml
+++ b/share/xml/notices.xml
@@ -10,6 +10,15 @@
<month>
<name>7</name>
+ <day>
+ <name>24</name>
+
+ <notice>
+ <name>FreeBSD-EN-19:13.mds</name>
+ </notice>
+
+ </day>
+
<day>
<name>2</name>