Document EN-16:19.tzcode, EN-16:20.tzdata, EN-16:21.localedef;

SA-16:36.telnetd, SA-16:37.libc, SA-16:38.bhyve;

share/security/advisories/FreeBSD-EN-16:19.tzcode.asc

@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:19.tzcode                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Avoid warnings about valid time zone abbreviations
+
+Category:       contrib
+Module:         tzcode
+Announced:      2016-12-06
+Credits:        Baptiste Daroussin
+Affects:        All supported versions of FreeBSD
+Corrected:      2016-10-15 12:37:57 UTC (stable/11, 11.0-STABLE)
+                2016-12-05 23:17:05 UTC (releng/11.0, 11.0-RELEASE-p4)
+                2016-10-15 12:38:21 UTC (stable/10, 10.3-STABLE)
+                2016-12-05 23:13:16 UTC (releng/10.3, 10.3-RELEASE-p13)
+                2016-12-05 23:12:22 UTC (releng/10.2, 10.2-RELEASE-p26)
+                2016-12-05 23:09:54 UTC (releng/10.1, 10.1-RELEASE-p43)
+                2016-10-15 12:38:50 UTC (stable/9, 9.3-STABLE)
+                2016-12-05 22:43:24 UTC (releng/9.3, 9.3-RELEASE-p51)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The zic(8) utility reads text from the file(s) named on the command line
+and creates the time conversion information files specified in this input.
+
+The zdump(8) utility prints the current time in each zonename named on the
+command line.
+
+II.  Problem Description
+
+Until 2000, timezone abbreviations starting with ':', and could not contain
+',', '-', '+', NUL, or a digit for POSIX compatibility.  In 2001, the POSIX
+compatibility rules changed, and timezone abbreviations can contain only
+'-', '+', and alphanumeric characters from the portable character set in the
+current locale.
+
+III. Impact
+
+This is needed to be able to update tzdata to a newer version.
+
+IV.  Workaround
+
+No workaround is available, however systems configured to use Coordinated
+Universal Time (UTC) are not affected.
+
+V.   Solution
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:19/tzcode.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:19/tzcode.patch.asc
+# gpg --verify tzcode.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r307360
+releng/9.3/                                                       r309567
+stable/10/                                                        r307359
+releng/10.1/                                                      r309570
+releng/10.2/                                                      r309571
+releng/10.3/                                                      r309572
+stable/11/                                                        r307358
+releng/11.0/                                                      r309573
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:19.tzcode.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1nAAoJEO1n7NZdz2rnaowQAM/QDvH9LzIUfnydfZklBvPM
+vCF0M6aDsGZNONQCik/ZdyICZ8lws/DcVKG4cz3Fth8XRI0GYsFQPO1m1AJICdVX
+CH8bVmgFN0ajChezScYgXNG3qIlQKkeZK1dMaZwLkI02wtn9InqPW4vdecIUcegr
+cLK8ppPTB51iWZp0HGXcURzCJRy444l6KhFwfPJdB0dzjrBRkQZXP4ewW1hVuZMK
+/trACy5TzKahEzwbqtyNjC22Ou73rb39kH5XweGIx38WfyXeqh3mLwC1qny7PCcI
+44V60ovwNyxzUHFFueriDeTeNp+rPkzn6MbjMbtJIhN4K3rO3ekw3KyR6lpZN0WI
+VM9Lvz0+vuTHjDuJqte/yiztyexj+aol7xOMv0Ak/0JlXigFwsOVqx0zHn6cHUey
+oB9cgNlmb8N51HRX0UiI6x/MJO5ZQm53LsD+YTr1y8iQDHtE2JJfnLj9v/rnFK/q
+cPqwxD1vYWQa9rnImFMdI6Ahix3LvSNQLQybWYgSkq+AH5Nbsqfl3CbJdE5ry7Xn
+bllPD5cbLTZVqA4hdGpptEAPFBiHgsExxPHswn1uvkMQEettVKb7hzNXkVF4p1GB
+CSq80neXh2GyvyA+G07I/7uNmFqzthnGQRsI0PJAItazZnwGlnyGDDtF7okpOkYO
+M70LiIMI27QIqMdiWfO5
+=68Rp
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-16:20.tzdata.asc

@@ -0,0 +1,176 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:20.tzdata                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Timezone database information update
+
+Category:       contrib
+Module:         zoneinfo
+Announced:      2016-12-06
+Credits:        Maxim Sobolev
+Affects:        All supported versions of FreeBSD
+Corrected:      2016-11-04 17:55:50 UTC (stable/11, 11.0-STABLE)
+                2016-12-06 00:06:16 UTC (releng/11.0, 11.0-RELEASE-p4)
+                2016-11-04 17:55:50 UTC (stable/10, 10.3-STABLE)
+                2016-12-05 23:30:13 UTC (releng/10.3, 10.3-RELEASE-p13)
+                2016-12-05 23:26:06 UTC (releng/10.2, 10.2-RELEASE-p26)
+                2016-12-05 23:23:13 UTC (releng/10.1, 10.1-RELEASE-p43)
+                2016-11-04 17:55:50 UTC (stable/9, 9.3-STABLE)
+                2016-12-05 23:02:02 UTC (releng/9.3, 9.3-RELEASE-p51)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local
+timezone.  Based on the selected timezone, tzsetup(8) copies one of the
+files from /usr/share/zoneinfo to /etc/localtime.  This file actually
+controls the conversion.
+
+II.  Problem Description
+
+Several changes in Daylight Savings Time happened after previous
+FreeBSD releases were released that would affect many people who
+live in different countries.  Because of these changes, the data in
+the zoneinfo files need to be updated, and if the local timezone on
+the running system is affected, tzsetup(8) needs to be run so the
+/etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one
+of the affected timezones if the /usr/share/zoneinfo and /etc/localtime
+files are not updated, and all applications on the system that rely on
+the system time, such as cron(8) and syslog(8), will be affected.
+
+IV.  Workaround
+
+The system administrator can install an updated timezone database from
+the misc/zoneinfo port and run tzsetup(8) to get the timezone database
+corrected.
+
+Applications that store and display times in Coordinated Universal Time
+(UTC) are not affected.
+
+V.   Solution
+
+Please note that some third party software, for instance PHP, Ruby,
+Java and Perl, may be using different zoneinfo data source, in such
+cases these software has to be updated separately.  For software
+packages that is installed via package collection, they can be
+upgraded by doing a `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of
+the zoneinfo files to be the same as what was released with FreeBSD
+release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.0]
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-11.0.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-11.0.patch.asc
+# gpg --verify tzdata-11.0.patch.asc
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.3.patch.asc
+# gpg --verify tzdata-10.3.patch.asc
+
+[FreeBSD 10.2]
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.2.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.2.patch.asc
+# gpg --verify tzdata-10.2.patch.asc
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-10.1.patch.asc
+# gpg --verify tzdata-10.1.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-9.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:20/tzdata-9.3.patch.asc
+# gpg --verify tzdata-9.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r308302
+releng/9.3/                                                       r309568
+stable/10/                                                        r308302
+releng/10.1/                                                      r309574
+releng/10.2/                                                      r309576
+releng/10.3/                                                      r309577
+stable/11/                                                        r308302
+releng/11.0/                                                      r309583
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:20.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1qAAoJEO1n7NZdz2rnGCwQALsF2A+HnuJMUsbVUXfLCa92
+zzId31hBC039WwyAjsSeYO1GjKu/KRfsjV4yzJ9uArLBsx+wRRltMeuoMgl4P/z4
+huqh9huQJaRACPdgPoGfrPZItbKeo63sAOzMpBa0Z9TBaxN8NzTCAkcFt+iFM/Oi
+eQaGH3JlfASFwIRN+CIlVhhUwfufsXf5KI5Vk2k3CmF88n5uQCUwybwckZYp2Cl5
+vHGJh5wkyh/pkZ3W4NljQdRXQYkosj27IIaAym4RCQnQgOlJYRxxEJWMw631EFRw
+PIUgDfOcLKwG1e2V9XF0TnyKXvj7Uwt8lSUNyGUmfiBAdrWiSzfbL81+puKYzwOY
+wisSNnEXpXBBhAMSVvWvt91o/Oe4HxJ7ZAT4w9FlUjbaJ3ahPh3phb9VPBXPuHhT
+IJ+mWoEG3atQafJCPAwNmuIXh4V+Vo0UyimCrNBqWNOMqepyto93sdlYYcYhV/Bg
+zhOWxbSObKPhoLrsaIKVRVVEvTeotDEZKNgKu6U+twaBv5JMnyUdlqQKfxYfmzAR
+4N8YwFFSwrYiSVfGVBOM62AicSICNBxvzzb0xrvEw8c2KYbNv+MnE7/sQ/Wd/aR2
+t6PJIwYk7hAPSFmKLNf3ebYaTuybCyYWjYmzpplcRxBF9MuHxdd8bGuVvo/ZK1Jv
+Lb0DmoBUk7O77KJxeqTI
+=Pj/k
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-16:21.localedef.asc

@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:21.localedef                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Incorrectly defined unicode character(s)
+
+Category:       core
+Module:         localedef
+Announced:      2016-12-06
+Credits:        
+Affects:        FreeBSD 11.0
+Corrected:      2016-11-05 09:46:48 UTC (stable/11, 11.0-STABLE)
+                2016-12-06 00:09:52 UTC (releng/11.0, 11.0-RELEASE-p4)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The localedef(1) utility converts source definitions for locale categories
+into a format usable by the functions and utilities whose operational
+behavior is determined by the setting of the locale environment variables.
+
+II.  Problem Description
+
+When compiling character class definitions, localedef(1) may incorrectly
+coalesce non-consecutive ranges, so that unused codepoints located in a
+gap between two ranges of characters belonging to a same class will be
+included in that class.
+
+III. Impact
+
+Some Unicode codepoints that are reserved for later use may be reported as
+valid by the ctype(3) / wctype(3) functions.  Incorrect classification may
+result in input validation errors.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that are running with unicode locale, or reboot the
+system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:21/localedef.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:21/localedef.patch.asc
+# gpg --verify localedef.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Note that rebuilding the localedef(1) utility only isn't enough to
+fix already installed locales on your system.
+
+Restart all daemons that are running with unicode locale, or reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r308330
+releng/11.0/                                                      r309584
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213013>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:21.localedef.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1tAAoJEO1n7NZdz2rn+l8QAKBNhMxJ4Gkqh/B8EwU0MR/v
+flI0pOWEnxSyzGdMgL8KFng1YXCp77SlSp+uG5ASNBbJDroEVGQ2LcDQWEsr2QfE
+I6a7xLNXx5l3ytiR50/eZRyIhWt7/aLzrtYvabJckvxkZCUZ8Itolvha7gu8HGk/
+Is5chXNQxOAYXOjJuiOY99o6oe9tXqGA+eKBkyjOyEUoYK0D402fkPaXvEajmYqD
+ynS2N72zmyNp9ZT6d/UWwCPBr7VM9yXgx9cYhYBwxlYBfOeAAHIfjG6LULGyr+7Y
+tDj+Q+1I1vEE3OtsnLeGFJw21sPZtnXVM4Dmly4OJoSngYrM+mb8DY96QGqAgRjh
+5G4EqxIKUQQsoiCmqfFSy9zT2o0RHLjfCvMgBJS4jznijsY6YufodmG6P2Px+yMw
+vW4PeCravUvCjMtJTfYDMoyxW1068m8JZk2X2ehDMCLh6gk8ytJn9z/E1TpEzEiM
+5coP//KPmBQFrgYkSmj2FH1fuWCrU6Cw5JrWhATgw8+GLi5r42r44BQ5mj3rW8rz
+5VVugAht06hR9jmkH8+c/OEOkhyrnU+Psvk9YfqN4yn5Etoa03taZw/L0UHRk0M1
+vb/krFMtbGBeh4XOH4N8YJ+jaO2pw1bLIBKpdGB6fSgyHuN5vNhi0eO3NOy7HSuh
+hEh9Vaqvzd8mefLV653c
+=XdaZ
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-16:36.telnetd.asc

@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:36.telnetd                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Possible login(1) argument injection in telnetd(8)
+
+Category:       core
+Module:         telnetd
+Announced:      2016-12-06
+Credits:        Brooks Davis (sponsored by: DARPA, AFRL)
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-12-06 18:52:02 UTC (stable/11, 11.0-STABLE)
+                2016-12-06 18:49:38 UTC (releng/11.0, 11.0-RELEASE-p4)
+                2016-12-06 18:52:18 UTC (stable/10, 10.3-STABLE)
+                2016-12-06 18:49:48 UTC (releng/10.3, 10.3-RELEASE-p13)
+                2016-12-06 18:49:54 UTC (releng/10.2, 10.2-RELEASE-p26)
+                2016-12-06 18:49:59 UTC (releng/10.1, 10.1-RELEASE-p43)
+                2016-12-06 18:52:33 UTC (stable/9, 9.3-STABLE)
+                2016-12-06 18:50:06 UTC (releng/9.3, 9.3-RELEASE-p51)
+CVE Name:       CVE-2016-1888
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD telnet daemon, telnetd(8), implements the server side of the
+TELNET virtual terminal protocol.  It has been disabled by default in
+FreeBSD since August 2001, and due to the lack of cryptographic security
+in the TELNET protocol, it is strongly recommended that the SSH protocol
+be used instead.  The FreeBSD telnet daemon can be enabled via the
+/etc/inetd.conf configuration file and the inetd(8) daemon.
+
+After a user is connected, telnetd executes the login(1) program or a
+similar program specified by the -p <loginprog> argument.  In order to do
+so, it constructs an array of command line arguments which are passed to
+execv(3).
+
+II.  Problem Description
+
+An unexpected sequence of memory allocation failures combined with
+insufficient error checking could result in the construction and
+execution of an argument sequence that was not intended.
+
+III. Impact
+
+An attacker who controls the sequence of memory allocation failures and
+success may cause login(1) to run without authentication and may be able
+to cause misbehavior of login(1) replacements.
+
+No practical way of controlling these memory allocation failures is
+known at this time.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the telnet daemon
+are not vulnerable.
+
+Note that the telnet daemon is usually run via inetd, and consequently
+will not show up in a process listing unless a connection is currently
+active; to determine if it is enabled, run
+
+$ ps ax | grep telnetd | grep -v grep
+$ grep telnetd /etc/inetd.conf | grep -vE '^#'
+
+If any output is produced, your system may be vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:36/telnetd.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:36/telnetd.patch.asc
+# gpg --verify telnetd.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Kill any running telnetd processes, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r309643
+releng/9.3/                                                       r309637
+stable/10/                                                        r309642
+releng/10.1/                                                      r309636
+releng/10.2/                                                      r309635
+releng/10.3/                                                      r309634
+stable/11/                                                        r309641
+releng/11.0/                                                      r309633
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1888>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:36.telnetd.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1uAAoJEO1n7NZdz2rnUC0P/3R7UoeNFknnYEXs25NnTS3h
+oDZnGEbLloqQC4mAtPsC2v9WdSRh318J7UMOpko+uYlvxwsJe9TXRgUwP24atdtJ
+a0Al8BvbmIHckIxG7cFJ6Xsw5NDXBgHo2JWBgdU2xvRafZYvFmjlGyxGrvg6Ok0s
+LCz+cnOwni+J4R0CUHTb7eyoeW4HYsg5bVBnzmDwdqQTiig4PsIBVSu+VbOM8kTT
+u7JCzxibzwm9TE0orxDBsY60//hbJRMm12SXj+tVJS3w+qK2iY+Aq02llyTqlGHd
+Tpz4++d9UlS5QSPnu42ev/wzfPDZoxhbb5yciEUDSZA7vG5RD0pCfxfOf+8zORXA
+PLp8XRrl76DJonULUjtNPo8xE3gFOztbUZyTFpxChXUPzZGp0oPRQgTIBTMEPejH
+jC7O5ic0q7aA8UcQk5tqn6lNS6eK6z2UoKGYN4qCjTlC18s1u9dPwHzeSAzjg5YF
+fHX0t/MB8zJ5ts0pUs6OTMOu6umrP4SUJF9hpACFG16vzjJ1S573tuPr9L4HMNCv
+XTX9kjcFwmHqpbrFYW38Fk90x14TT3tigi+xYvCruS1XQeLQM48ThgYAdEboGJvT
+8LGVI8rbwjaglrEk670RlnWVKQInqtPBmbV/GXL9AtE4zzsTHXDT/7iJ30pb4RJq
+rA+cnK1Bog6FHCWGTxjF
+=uYUg
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-16:37.libc.asc

@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:37.libc                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          link_ntoa(3) buffer overflow 
+
+Category:       core
+Module:         libc
+Announced:      2016-12-06
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-12-06 18:53:21 UTC (stable/11, 11.0-STABLE)
+                2016-12-06 18:49:38 UTC (releng/11.0, 11.0-RELEASE-p4)
+                2016-12-06 18:53:46 UTC (stable/10, 10.3-STABLE)
+                2016-12-06 18:49:48 UTC (releng/10.3, 10.3-RELEASE-p13)
+                2016-12-06 18:49:54 UTC (releng/10.2, 10.2-RELEASE-p26)
+                2016-12-06 18:49:59 UTC (releng/10.1, 10.1-RELEASE-p43)
+                2016-12-06 18:54:04 UTC (stable/9, 9.3-STABLE)
+                2016-12-06 18:50:06 UTC (releng/9.3, 9.3-RELEASE-p51)
+CVE Name:       CVE-2016-6559
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The link_ntoa(3) function generates ASCII representation of a link-level
+address and is avaliable as part of standard C library (libc).
+
+II.  Problem Description
+
+A specially crafted argument can trigger a static buffer overflow in the
+library, with possibility to rewrite following static buffers that belong to
+other library functions.
+
+III. Impact
+
+Due to very limited use of the function in the existing applications,
+and limited length of the overflow, exploitation of the vulnerability
+does not seem feasible.  None of the utilities and daemons in the base
+system are known to be vulnerable.  However, careful review of third
+party software that may use the function was not performed.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch.asc
+# gpg --verify libc.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r309646
+releng/9.3/                                                       r309637
+stable/10/                                                        r309645
+releng/10.1/                                                      r309636
+releng/10.2/                                                      r309635
+releng/10.3/                                                      r309634
+stable/11/                                                        r309644
+releng/11.0/                                                      r309633
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://www.kb.cert.org/vuls/id/548487>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6559>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:37.libc.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1vAAoJEO1n7NZdz2rnk5sP/18NuTRoit3jfa1uHCYMyTOB
+vOGtNtn5xs8NNY4wAdYx2cF3CscTZEWyQtXWsMWzXgbWI0KrWteacGDaDlFwraCu
+9/TJmkCQC5FCfYsgQFOpOPtMl9W+gY2ZrmEPXsfc/smjvIas3fPCBjnoRM2qQlfc
+25YIut+S6OFhm2XM42t/jljbLs6b/PJikeKt7kEEEjKKXWHNwLEYjbtEyelKxD1i
+1IBVe4Run2RajERg99yCznAGGvRo2hbGmnV59kDAilanJK+s3pzCOBFdnKyZd/2l
+Ie8B/fKEXRJyFgJF7A9eSuElTV5fCFfX05AC3PXMoi+GsVPQqhEpNb1FvJoANiFL
+l61nbqkM5KEteIWvf1udHZo6kjhYY4YlvutXW7o41XaUhnaO3dC+4+VpfTycH/no
+j8kVFS1Y9oun31TTZ/+aQqnCfozAMKFaZtrZI3UkSR1kjz5Z5Rqrc4isBhXXP1dQ
+QC87THCyW2D1+E0LvMyJEWKtjGMd8OO5KZjvTxcmxDSrqEOn+yGT1Lp8G/NLuQ4D
+zcarPPl2eE0bikvL/T/k7OdpplTDXoaCOHiMIr02WpbJwipw6HD4FZrg1IQu/Db9
+2cHihr/tS1mbr7k/VKUyIZvQQhZ9j72m4wwBk0CFEG8DeZtMeSum1xgLTEjUerHe
+rWrKG2feWv//R0BvVNhu
+=8y53
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-SA-16:38.bhyve.asc

@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:38.bhyve                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          bhyve(8) virtual machine escape
+
+Category:       core
+Module:         bhyve
+Announced:      2016-12-06
+Credits:        Felix Wilhelm
+Affects:	FreeBSD 10.x, FreeBSD 11.0
+Corrected:      2016-12-06 18:54:43 UTC (stable/11, 11.0-STABLE)
+                2016-12-06 18:49:38 UTC (releng/11.0, 11.0-RELEASE-p4)
+                2016-12-06 18:55:01 UTC (stable/10, 10.3-STABLE)
+                2016-12-06 18:49:48 UTC (releng/10.3, 10.3-RELEASE-p13)
+                2016-12-06 18:49:54 UTC (releng/10.2, 10.2-RELEASE-p26)
+                2016-12-06 18:49:59 UTC (releng/10.1, 10.1-RELEASE-p43)
+CVE Name:       CVE-2016-1889
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+bhyve(8) is a hypervisor that supports running a variety of virtual
+machines (guests).
+
+II.  Problem Description
+
+The bounds checking of accesses to guest memory greater than 4GB by
+device emulations is subject to integer overflow.
+
+III. Impact
+
+For a bhyve virtual machine with more than 3GB of guest memory configured,
+a malicious guest could craft device descriptors that could give it access
+to the heap of the bhyve process.  Since the bhyve process is running as root,
+this may allow guests to obtain full control of the hosts they're running on.
+
+IV.  Workaround
+
+No workaround is available, however, systems not using bhyve(8) for
+virtualization are not vulnerable. Additionally, systems using bhyve(8) with
+3GB or less of configured guest memory are not vulnerable.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.  Rather the bhyve(8) process for vulnerable virtual
+machines should be restarted.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64
+platform can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.0, FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:38/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:38/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+[FreeBSD 10.2, FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/SA-16:38/bhyve-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:38/bhyve-10.patch.asc
+# gpg --verify bhyve-10.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r309648
+releng/10.1/                                                      r309636
+releng/10.2/                                                      r309635
+releng/10.3/                                                      r309634
+stable/11/                                                        r309647
+releng/11.0/                                                      r309633
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1889>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:38.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYRw1wAAoJEO1n7NZdz2rnepoP/1b6uXh8BFW8Qi9cVyfUkldC
+aRfAdmE3azyJCwTY2cipIA+qp9SJUxnLf1lPicERIPZY6iiC6Zm1Qi+cfwCvgczu
+ksY9aYOM7/v1jKuUrPf7tJZ5OokRzkL8W2uCKqAn2BODBK1mA4yy8yGthgyCT6bH
+JzvINPnlQzJKHCdp/8goRVITxa+kMF7UBbpPDAkHuBNKKNRLOYb50Z9G7BZp9/u6
+/Y8avPVCOnU7WKDehG6FgyfE0Z+pUw6dAgpYNblsdQc148xGCSoHyHjXIX1jHzCv
+ZChUhj+6m7CQkjh/GG6x1Bz1lCcsIgsnPAAuQC0WqsaQRnUWJXjTyPMHwkxIHlD7
+sFGPdM4RdMI0O95xMm9Dy05baNsAtBr6DExd48jFv/qbUio9FhUNUJ5rfQEAnyp2
+aAZL34rd90KPFn5zp8EhskOPWGJp7lr+5FpV1m85R07qRES9875eWWYUW5H+yZK+
+kwUcRKiYyvAFTx7Ag38pCtH4SVZ4zRV0mBZnOvchNosMSJz+tZYxApaXHY/nBJck
+wCr+v4DlB9x4LKt9CnB1ow+YqVsMuPyXwyj4e9Pyw/zkvW1aA/TJeUonmm1c2vI4
+07b64wnTsvLGgbhN2ei8LPtAEwpN/DBn7D098Zwf4CfCGQ2VZQeC5AjyTSX9bvy/
+WnKlRTDLDrFSpAD/1/Dz
+=ts3q
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:19/tzcode.patch

@@ -0,0 +1,70 @@
+--- contrib/tzcode/zic/zdump.c.orig
++++ contrib/tzcode/zic/zdump.c
+@@ -212,24 +212,16 @@
+ 		return;
+ 	cp = abbrp;
+ 	wp = NULL;
+-	while (isascii((unsigned char) *cp) && isalpha((unsigned char) *cp))
++	while (isascii((unsigned char) *cp) &&
++		(isalnum((unsigned char)*cp) || *cp == '-' || *cp == '+'))
+ 		++cp;
+-	if (cp - abbrp == 0)
+-		wp = _("lacks alphabetic at start");
+-	else if (cp - abbrp < 3)
+-		wp = _("has fewer than 3 alphabetics");
++	if (cp - abbrp < 3)
++		wp = _("has fewer than 3 characters");
+ 	else if (cp - abbrp > 6)
+-		wp = _("has more than 6 alphabetics");
+-	if (wp == NULL && (*cp == '+' || *cp == '-')) {
+-		++cp;
+-		if (isascii((unsigned char) *cp) &&
+-			isdigit((unsigned char) *cp))
+-				if (*cp++ == '1' && *cp >= '0' && *cp <= '4')
+-					++cp;
+-		if (*cp != '\0')
+-			wp = _("differs from POSIX standard");
+-	}
+-	if (wp == NULL)
++		wp = _("has more than 6 characters");
++	else if (*cp)
++		wp = "has characters other than ASCII alphanumerics, '-' or '+'";
++	else
+ 		return;
+ 	(void) fflush(stdout);
+ 	(void) fprintf(stderr,
+--- contrib/tzcode/zic/zic.c.orig
++++ contrib/tzcode/zic/zic.c
+@@ -2615,29 +2615,15 @@
+ 		register const char *	cp;
+ 		register char *		wp;
+ 
+-		/*
+-		** Want one to ZIC_MAX_ABBR_LEN_WO_WARN alphabetics
+-		** optionally followed by a + or - and a number from 1 to 14.
+-		*/
+ 		cp = string;
+ 		wp = NULL;
+ 		while (isascii((unsigned char) *cp) &&
+-			isalpha((unsigned char) *cp))
++			(isalnum((unsigned char)*cp) || *cp == '-' || *cp == '+'))
+ 				++cp;
+-		if (cp - string == 0)
+-wp = _("time zone abbreviation lacks alphabetic at start");
+ 		if (noise && cp - string > 3)
+-wp = _("time zone abbreviation has more than 3 alphabetics");
++wp = _("time zone abbreviation has more than 3 characters");
+ 		if (cp - string > ZIC_MAX_ABBR_LEN_WO_WARN)
+-wp = _("time zone abbreviation has too many alphabetics");
+-		if (wp == NULL && (*cp == '+' || *cp == '-')) {
+-			++cp;
+-			if (isascii((unsigned char) *cp) &&
+-				isdigit((unsigned char) *cp))
+-					if (*cp++ == '1' &&
+-						*cp >= '0' && *cp <= '4')
+-							++cp;
+-		}
++wp = _("time zone abbreviation has too many characters");
+ 		if (*cp != '\0')
+ wp = _("time zone abbreviation differs from POSIX standard");
+ 		if (wp != NULL) {

share/security/patches/EN-16:19/tzcode.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1pAAoJEO1n7NZdz2rn52EP/itjGSb9xqDAmCNvcNxFgPvJ
+fBZ+bBre8eh908lmMbnLJvXRmz/wTxljqmt+6dHwsoAPDo+FGLudZyWTrA2dqTZm
+fPu8GBTtFlynmwAqXjNePTk+Z4EcqkY1ZwyNuJuOVtnsOpqTb9gTRDlNyrVwcz19
+IlUUJuylCC7hf7v51nheVXY799EywUYznKqPfsfTp0qRxQfwvi1dku1nbCc/dR+/
+qjLhFzl58yjiprpnWxUsU+SJKie2svsM9UEg62aZgs7ZWXZ2RP7QP4rSrwJSf5x1
+6NI7PUM17HqQK1peG8pwwoeeKjP7r1kbFY5udGHY/KWrtLg/0U2erENScUvv8RkJ
+8Dl8FMdWUpoWd3/Xs/W82b0r0sEVDS65JPZJNYy2iMegZUHji6+y1i4UUywhXtoj
+5GU0p1voD8g+6JmP90NC7w2mg7UgYvBovW9osKH5s01CntG+XmWoQLwCCHWJwK9G
+Uan949xMT5VoaUn9UyXhLQ9xAD5mUTkNRy8JFbUjblBR6Rrk1mdHdhZq6I3pQ/3i
+QSsH44cyrVLCZ3j0AeITPZDtvN8Iw34D8yM0uTenRXWTRdzQEEFBoxwl7QBGD3I6
+Og9lZJ5J53GCx37vyMmyb+FHaMjZnWFBMUDnrNfK0eImlEXjSH797Iz7JAlDEv2e
+jSrQ0ZFzbbUgMN9f1xxj
+=DGoh
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:20/tzdata-10.1.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1qAAoJEO1n7NZdz2rnhg4QAJQe6cfJHpcCUhAyhyAnYgU8
+Oqi67i8fw+kKfkP8mRxLrMdtUXSokR+pAWmHjl+vNLm3cUYyeu1DL1GrcOxGNfcb
+CbyNcABUM5B4q7i+ql/HAavjOYi1G9IzibRCS4Zk6En5aork/V2PovtUdVyz+gwk
+APzJ42Ff703hg/KsNnbrrgPx7Bqu5OHoK6rtHLPAgh5M/TnX1BmseSLCIjWQNnKO
+iPYKHsIBTfG3NlvaAohzWnd6j/n61IsAy748BrDMchOR9WZRB3QNTeAiuvEBczku
+qBKG0wwKac3z8BnsoBWGd0snkCa1367sNHBUL1+xiVjKEQF/mVToHcuROSi+ddcz
+Mxjt+hf/C0IWFppzStVHP9xl8toE5ZhmpQcHhvkdKRRvBUOuRZHsCuS7HmLxIl9V
+0g1qKOfQPqx3L6j/rQBmY4PbkLIkaXt9NuvJbyVGtug02/ZMqI92Tzpnj/Eht3QJ
+afGrnIkj4IBLZ/l438ua/ohkiZD9jfboys9z57XJPe+ktPkBiIX3OIbHSypehkDG
+1HE+KNtuaVqd1bvRYw5hPAK9oAVzaYtgJtP2wDmol92DuIsWu4ZgXWbSEAhasxYy
+ersY42kFnSTe22lw5QQyVy9bw99YwRccvxHAOjph/ox8XvNQkn4Lj7zqhujLhJbd
+J5V+rqKKn7f+rc6b5zhc
+=X0Hm
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:20/tzdata-10.2.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1rAAoJEO1n7NZdz2rngakQAOIT07earAHkhoiIEiU+x9Ai
+rAV41bYSIxfBZ8X5Sp3g1/TC7HrMWzM68ar9Uqm9iM5nDWWBTxwXZYwcFSvVUrF0
+T4SVztyiksyzQQmypreaSY1msPIk/aIr1YVtGsyvPv0KbvvldFGQEWAUrcLykCaG
+LUamzrzMXWrFpZwN/TLnykIPXhRrrV1O+l8xBH7qm4JWp8PkoeFe6xtCuj1E+ZZg
++h24AMxoaDD6/fDXHZ+ht8MuY3/zz39oVCc6vFxAg0iCbO/MOy0Rwq8Uh0raSPE6
+aSWQGEQB8jrml24WAc6nozL6j9dyv5uKUr0mKCc9x00ZW2Ml4WNw4BIZ4FSJXJGU
+nMnIK/5aS5SJ5+JuBeoqwh0Qim6Z6SRz+gLsrA45pa2tY3mMjKn21WFpKyFlug9S
+bDqgeapTv4Cau38NPATGScSn3qzxeW9tSQ//Njj4XTD5sYhH1a0+VEUooo8bGvt0
+ANtOmeJXqH7vJmA/JA7V5rfEZts75eKDPWBg4DgW4KX8N0spkgHkCphfwF8ZEgTM
+0UkEpxRhWAeZ/DECr5MNdJ1g+koxk5Ijj0mc4TiRftGYL3ttIo+Q1YfWaLTGUazD
+/8fE0SCu417DC/MwQeLMge7nfQC0sW4NOTDjYpxgi39O/UJkKwn4WX/qyT2/RmdW
+5iPHnGay+FX6w0vSuMwU
+=CtTo
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:20/tzdata-10.3.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1rAAoJEO1n7NZdz2rnaioQALum72PK209dPIUB9BkXDrjG
+SImE+wglkK9noM97NzFF4oQfHmXNaVI/ILOEM3aT7Kcqc7ls6h2n41lsVSu8aFZt
+ydtu0NC7Y55FKIss2JpbQyHAaSiXIVEr2bnBMFjYIvLe4ABnHYRvlUr653A3wYm2
+/dvsnxBF0mwcymBT7F2p4+koGpPDgeQ8CcABGinDS+QtquLmR2mnpq4CrDmtROvd
+52oBg5vLvgamsGEsIoAjygr5/MkWjPo4Xv/tiABxSSwHRHg81rf0Zf+7OdR24DYE
+qJnIEyMCjLPM/NPxL0yckyvArQAQLqyZTFxyzuLJXOIw7U9kY3vmu7phbXajifl1
+aJuYnH8jQFKcmaFbNKP7Pf1+vYNaa90ult3SI9HtuPRmR36T+bFs9kiYmbzd3UyM
+vtdOnaeQFt0DH2dE5EEfXOW6/jux6QG2CU4DXFbOjLyMoHW0b1lsnql0u/zjsvWX
+PAz2TmXWCYY3+4r2qIEi4r9AJyoNDIp1IPmG+LFz22gg8BZncaHV7f/DHQkRzDHb
+KlUMTCVV3+lhIWh2rfgpEEPNQjkn8F38rd924Nq8x1w0n+k+SbLc0TdYWhpkwf5+
+vYWDgPKXlTbBtdA3FvksHMcnHARhjDKDqYXfVc6hR2Pn6cdap+4UAWg6+Zc/g6hf
+MrxKZtJElQl2ITBT6Rzp
+=D16j
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:20/tzdata-11.0.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1sAAoJEO1n7NZdz2rndsAQAL+3rzd73YkJJ0m/SzLGVDy5
+pt2f94JVigBt3808UVzDpwlUeqQCBl5SWfjz1zCFIRS84NCypTZIiRudEpsIQgQa
+OW39WVM4Iv4GQRAOAHuGP8xzgZJUewjVSrEQp56hQ0CbGbn4S/ckJf4ak+XcR+Mg
+IfIdL2EnlFOjDSZeh+217anBGX6ztTzApx0++FGux4Sgrgby0AffrDc9HUK7pzIo
+b8dXN/UuNbnRXFhjcmqY+vy4KiiQgCTDeIdngsKtV+DKLpmMM7PGwlW2mBUT/EfU
+6JyVaJiZPjj2fNqB1ezVXncmebupLCr25ZoelNxqTpWbzuEjxzpI3wD/wLT1U0n/
+xxWU4ySbJUgIWSYvcoZk6hNUheUEoutqHKi7QuOa1j6FF5+2Gi9jQgNCuK/jbjai
+hxS3e+yvXOFY9dt8NZRP8Rv+m4DIUV1Mcf13KINC3c5lofGuINfc06q51Ly2C9S2
+dmxB35sNXEDV4q6kWgUr/cALHaYoQgqBfB4Lta8mxWAR3ROCsIhDqVM6rlzU+cvP
+Jr8mXEg8gkz8C6C2THjYQkieZwJ2X5sYr5t1sNtB4I40neo9StqYnYGNu3RgJPK2
+d1ui0NH0gaIMIAsMcZTHbmxTZKeSjvbhk4g2elWwTZ6H7819Sm4yBJ8OPEbfvkqH
+LDN/7yH0l0YZrBEJBOUu
+=bpne
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:20/tzdata-9.3.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1sAAoJEO1n7NZdz2rnen0QAKWZS5ORCqx9YkmgNXb97kA5
+GoHXOFgvKZapLY2fUNgZj45nnrnuH2Xjx/A72KrtRhWdQhxX0SEKLq/oBrgEuSNO
+aN/8iZcblP4U0SRsdvpemDmZlNOTD1V+aCIgw/4fqB+lekH1gTY4eb2Ag+oCUy7C
+ImTzRpq8rktXZDH8thNnVcTdMN5Vc6qewqwCMx1SxG5FsSLFXoVG0QykStl6bXql
+43ub1DGchiEEqDQMW75KwxFcMOMlMVQzMKQG6kH12bfpaWu576ZZVCXHQv2oVAIt
+auNd8cV0mlB7xgE/0BDfWoChSIxN8etAS05k75ib7de26PRc+wXYCCS7EqK28Xtq
+vpuRPQr3VhoJ2nfrlPBiZCzw8DSmk0gu7HDawrz+/B2VmsTuNK2DpPE/vFb5bfyM
+6J9uvEaPMr3o21dR0/+lFst2xZI+GJtMMPsS1GWDOxVsKXyD/oau0hQJrkB/V5i8
+ekbQTySUaguP1Hd/Z+R5lT2d3X8xtYN7C/taFrtBGHTQ0cojCeoFKBHBRBttzTFk
+Ptl5r5B7vueeYygFMvTJBGCUV5oVh8SmR9mqHUfqdT1yFULfqa/5ZbgUypsgcdET
+FnEds9bDpElLsc2mBEBHGLPoG1y/sy4yQhPz+J0Cu/6pLpQnu9A59CHjsPf9BBiV
+tlA2MUnU3mPXzt2T7bjS
+=XU0U
+-----END PGP SIGNATURE-----

share/security/patches/EN-16:21/localedef.patch

@@ -0,0 +1,78 @@
+--- contrib/netbsd-tests/lib/libc/locale/t_mbstowcs.c.orig
++++ contrib/netbsd-tests/lib/libc/locale/t_mbstowcs.c
+@@ -88,7 +88,7 @@
+ 		0xFFFF, 0x5D, 0x5B, 0x10000, 0x10FFFF, 0x5D, 0x0A
+ 	},
+ #ifdef __FreeBSD__
+-	{	 1, -1, -1,  1,  1, -1, 1,  1,  1, 1, -1,  1,  1, -1, -1,
++	{	 1, -1, -1,  1,  1, -1, -1,  1,  1, 1, -1,  1,  1, -1, -1,
+ #else
+ 	{	 1, -1, -1,  1,  1, -1, -1,  1,  1, -1, -1,  1,  1, -1, -1,
+ #endif
+--- usr.bin/localedef/ctype.c.orig
++++ usr.bin/localedef/ctype.c
+@@ -407,9 +407,9 @@
+ 			continue;
+ 		}
+ 
+-		if ((last_ct != NULL) && (last_ct->ctype == ctn->ctype)) {
++		if ((last_ct != NULL) && (last_ct->ctype == ctn->ctype) &&
++		    (last_ct->wc + 1 == wc)) {
+ 			ct[rl.runetype_ext_nranges-1].max = wc;
+-			last_ct = ctn;
+ 		} else {
+ 			rl.runetype_ext_nranges++;
+ 			ct = realloc(ct,
+@@ -417,8 +417,8 @@
+ 			ct[rl.runetype_ext_nranges - 1].min = wc;
+ 			ct[rl.runetype_ext_nranges - 1].max = wc;
+ 			ct[rl.runetype_ext_nranges - 1].map = ctn->ctype;
+-			last_ct = ctn;
+ 		}
++		last_ct = ctn;
+ 		if (ctn->tolower == 0) {
+ 			last_lo = NULL;
+ 		} else if ((last_lo != NULL) &&
+--- usr.bin/localedef/parser.y.orig
++++ usr.bin/localedef/parser.y
+@@ -27,6 +27,8 @@
+  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+  * POSSIBILITY OF SUCH DAMAGE.
++ *
++ * $FreeBSD$
+  */
+ 
+ /*
+@@ -321,22 +323,19 @@
+ 		| T_TOLOWER conv_list T_NL
+ 		;
+ 
++cc_list		: cc_list T_SEMI cc_range_end
++		| cc_list T_SEMI cc_char
++		| cc_char
++		;
+ 
+-cc_list		: cc_list T_SEMI T_CHAR
++cc_range_end	: T_ELLIPSIS T_SEMI T_CHAR
+ 		{
+-			add_ctype($3);
++			add_ctype_range($3);
+ 		}
+-		| cc_list T_SEMI T_SYMBOL
++		;
++
++cc_char		: T_CHAR
+ 		{
+-			add_charmap_undefined($3);
+-		}
+-		| cc_list T_SEMI T_ELLIPSIS T_SEMI T_CHAR
+-		{
+-			/* note that the endpoints *must* be characters */
+-			add_ctype_range($5);
+-		}
+-		| T_CHAR
+-		{
+ 			add_ctype($1);
+ 		}
+ 		| T_SYMBOL

share/security/patches/EN-16:21/localedef.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1tAAoJEO1n7NZdz2rn64MQAIvo/c5zlJN213CfGtBL2PeC
+ZO6O0pC7c4mFA/C2TR2WKWMjFtwlkCxlln6wq54T0m4s/O1pYeKFiXNIeNzkjs9G
+MfRwbFr3bsacfVoYpREFODYerxkN6zL31LB37oL+jKZApvoUz1aQh1gqsshQWBx6
+chaSfbWDIltA3gyDm8ONiifCebeqgCyvk6L8blVZOCD6HNC706GUiTnLYaIytWFX
+jXT7x6vlYjVF6xfPQCAVpLG/OwkFYlqbr6NfIXSr0zcVzIYdq0r/6oYSLG/DYZNZ
+LsItycwHSWP7inFOwV6Xuluv9KdfFMf6YjMempxk21Gq0qqTYkzemI0CuCjYWegA
+ffSiCIJP3KwMvtznS65bYivYo0KJT3B4GFAf1DkKYPCZWYoiEd3Hmx9rOr3Z0ZFW
+vmt0KphhfUlWvPnoqAWy71ihf4hjxf4SBxMX2RuUNSGNq6+4StfUuiqYHJYtX8Nv
+G7b37D9T6b5xqYJ46bQC2OA65bOmr41/vYGxmq3mm/GxpGf/NfSpMn45tp0lpG/v
+cPV8d5VVxqiZDscPmDThqRwbnZ9YP0nsMiQN3RtFa23gJanC1mWMnLwVLVpXyIR/
+KgbHrOQ0kFQSsSYLngkLwyhab6Oz4cLepUDxlWoTOdjL/Esr1CzZz7jap4egjPMI
+Hih/OXbF4dLE5cXgbAq+
+=Cle8
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:36/telnetd.patch

@@ -0,0 +1,26 @@
+--- contrib/telnet/telnetd/sys_term.c.orig
++++ contrib/telnet/telnetd/sys_term.c
+@@ -1159,7 +1159,7 @@
+ 		 */
+ 		argv = (char **)malloc(sizeof(*argv) * 12);
+ 		if (argv == NULL)
+-			return(NULL);
++			fatal(net, "failure allocating argument space");
+ 		*argv++ = (char *)10;
+ 		*argv = (char *)0;
+ 	}
+@@ -1170,11 +1170,12 @@
+ 		*argv = (char *)((long)(*argv) + 10);
+ 		argv = (char **)realloc(argv, sizeof(*argv)*((long)(*argv) + 2));
+ 		if (argv == NULL)
+-			return(NULL);
++			fatal(net, "failure allocating argument space");
+ 		argv++;
+ 		cpp = &argv[(long)argv[-1] - 10];
+ 	}
+-	*cpp++ = strdup(val);
++	if ((*cpp++ = strdup(val)) == NULL)
++		fatal(net, "failure allocating argument space");
+ 	*cpp = 0;
+ 	return(argv);
+ }

share/security/patches/SA-16:36/telnetd.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1uAAoJEO1n7NZdz2rn22kP/RhWrm5MQlipB7qojG+NdeFo
+KI+FFAPCFvDvqj1r+zXOlhwuBrI+E09PlbeUg1qkG2G4BO67Mu7WkzwQ4GtK6Pis
+pDI8mrkfZKEigy2GRUHHuYhWoY5V7bEAl5PL4X1gIifJsuXFKoyb/9JF6O8OXjZQ
+dE8pGkAtdXmlBF2dfjsDXxCpLXuJpBU7os0DlOmQ/0y6Xxj7CauLU1CLpBURsE/Q
+KlONRPWmneEzFdaQHyIKB/l2tEAOY6vndDMFy7M7sM0N5KIwmZEHNgkhDu6waen8
+jiF6XxXBDeEk6YvI2cyG1Y1mR3RokrfuVr/MzKfwnM7Mxd/9VIKnMFIjEHQaFg79
+GRt5Qg6sqVzpqmeIdhxQaHzwNAI4ytUuNGuGGst+vTYH3UTzSe4EC0RRzZpQALS7
+K4wIHqn676v8gEr6FlZmerjwoKFMV1KZw8O1OzIDWjtK4OyEZCR1ozGYlOT3IqhF
+NC6xtK4enhQRTkb8YRUnXsgDceO2T5SARiVadSPqQGOYe1469qD9BjquTGG9xRcE
+KPU11VEzRBUrI6D0Bf5GH+WvTkxVKnTxit7Vo4i0MqkbhziVgFKshKVzTskyqnxz
+zMUNHh/hWRC9+0v1afVlvtjt+8SucRgy085+x9LHHv7k5xgF1Q36iAucSQLM6R6e
+OnLF+t0NpquvI9+vhvKl
+=pzU/
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:37/libc.patch

@@ -0,0 +1,75 @@
+--- lib/libc/net/linkaddr.c.orig
++++ lib/libc/net/linkaddr.c
+@@ -35,6 +35,7 @@
+ 
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#include <net/if.h>
+ #include <net/if_dl.h>
+ #include <string.h>
+ 
+@@ -122,31 +123,47 @@
+ link_ntoa(const struct sockaddr_dl *sdl)
+ {
+ 	static char obuf[64];
+-	char *out = obuf;
+-	int i;
+-	u_char *in = (u_char *)LLADDR(sdl);
+-	u_char *inlim = in + sdl->sdl_alen;
+-	int firsttime = 1;
++	_Static_assert(sizeof(obuf) >= IFNAMSIZ + 20, "obuf is too small");
++	char *out;
++	const char *in, *inlim;
++	int namelen, i, rem;
+ 
+-	if (sdl->sdl_nlen) {
+-		bcopy(sdl->sdl_data, obuf, sdl->sdl_nlen);
+-		out += sdl->sdl_nlen;
+-		if (sdl->sdl_alen)
++	namelen = (sdl->sdl_nlen <= IFNAMSIZ) ? sdl->sdl_nlen : IFNAMSIZ;
++
++	out = obuf;
++	rem = sizeof(obuf);
++	if (namelen > 0) {
++		bcopy(sdl->sdl_data, out, namelen);
++		out += namelen;
++		rem -= namelen;
++		if (sdl->sdl_alen > 0) {
+ 			*out++ = ':';
++			rem--;
++		}
+ 	}
+-	while (in < inlim) {
+-		if (firsttime)
+-			firsttime = 0;
+-		else
++
++	in = (const char *)sdl->sdl_data + sdl->sdl_nlen;
++	inlim = in + sdl->sdl_alen;
++
++	while (in < inlim && rem > 1) {
++		if (in != (const char *)sdl->sdl_data + sdl->sdl_nlen) {
+ 			*out++ = '.';
++			rem--;
++		}
+ 		i = *in++;
+ 		if (i > 0xf) {
+-			out[1] = hexlist[i & 0xf];
++			if (rem < 3)
++				break;
++			*out++ = hexlist[i & 0xf];
+ 			i >>= 4;
+-			out[0] = hexlist[i];
+-			out += 2;
+-		} else
+ 			*out++ = hexlist[i];
++			rem -= 2;
++		} else {
++			if (rem < 2)
++				break;
++			*out++ = hexlist[i];
++			rem++;
++		}
+ 	}
+ 	*out = 0;
+ 	return (obuf);

share/security/patches/SA-16:37/libc.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1vAAoJEO1n7NZdz2rnH2QP/jQF/xtjDHJoEKk3h6DGZUC4
+GM27jneyYt/SWbGVHchYhD6y+67304OeUCZ7N6aEUI3cVgoZObDuVNoNrtfBnSPB
+gTtAOUQchlF0ZP/TKZSrONz6Pz+1R/N9QryJSDYr3KUsLDuU6I2nob7kR+Iwxn1V
+pX8MakPMSOUH8tHHpXlQySN8rjobtiCdvulDyi0IX92Ajdq7fqLlu2oiHsMYdtfW
+hzWahmHJZUFe0CqLc+78vGB5WTsIXcwSfrkq5MVy8hDlbtmFrgyXcReEBnXSw+kC
+Y751w+W674Cck/60inzA3is7Iy84/yE0fGuBmFWPhOatTbVqI6dG+gK0CqlzW8g7
+M9ven4K9S9vO52oMSlQJi1VGx66r1P4+7RpiqIC6GFpBZ4ItEYvD4/SP3y75eIGD
+LRSzV+LHJarwNslznAFWxg0rWoHbOhH2x0XT2Ve7rXXm4jzIMTL6LSczYlppQ6d2
+DBfyFHykY4iA0VbSBJYXueQrDHc4njJnr4Kl1ZSOZq9HhUbwVcVM0Wse+ZZJ7veQ
+Xe83iqX6+bbRM8GFLtSw/mJa1h+TMW6N8T/qQXdokYCpVASLDnwfLinqkeC1mh+H
+Wr5kf9pbrBTLcnR/LRnVDZ9ySN6AaZdbLea+7RnPZ46MyQIG14yIvJMPk1LnQB9L
+dO+RStwsKHuz2O37ENqi
+=lrl6
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:38/bhyve-10.patch

@@ -0,0 +1,19 @@
+--- lib/libvmmapi/vmmapi.c.orig
++++ lib/libvmmapi/vmmapi.c
+@@ -263,12 +263,14 @@
+ 	/* XXX VM_MMAP_SPARSE not implemented yet */
+ 	assert(ctx->vms == VM_MMAP_ALL);
+ 
+-	if (gaddr < ctx->lowmem && gaddr + len <= ctx->lowmem)
++	if (gaddr < ctx->lowmem && len <= ctx->lowmem &&
++	    gaddr + len <= ctx->lowmem)
+ 		return ((void *)(ctx->lowmem_addr + gaddr));
+ 
+ 	if (gaddr >= 4*GB) {
+ 		gaddr -= 4*GB;
+-		if (gaddr < ctx->highmem && gaddr + len <= ctx->highmem)
++		if (gaddr < ctx->highmem && len <= ctx->highmem &&
++		    gaddr + len <= ctx->highmem)
+ 			return ((void *)(ctx->highmem_addr + gaddr));
+ 	}
+ 

share/security/patches/SA-16:38/bhyve-10.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1wAAoJEO1n7NZdz2rnd+kP+wYnUY3tGokDR46N0MbjmkdY
+X8bedjtyUPzQdIW2gexICCLzMrxkN9a4yVEmOOHwTKmtoaFtjXNbn82T8ge1Pf10
+cX4qZg48WYOF4Ei188ZaD9xbnyabuBC5oxAMz4zkTVPlu5FuDI9kP1XyVvzA/8hA
+Q3d1106bxMrkJ/kvqyXy+tt8Rfmp5WG+D0D7zSQc4lREs+l5D49e5d1UFI0TrX1Y
+PTumDnzLZMfH6DO4rzMXRy+yohkGb8D5AW9IHbBVDaeLEeLnkzpHiiMcth3cg5LS
+2Nw+sDmAOaHJ4ea/B820T01mRpd3s8M1gfQz9bAoEd+wVuIBse2hBvaQMrXGJ5G3
+bsJtark4yi8rHg2mQ+z7hgkl1yJ/owIVVo0PvenuzFeRiKf93vxX8nFJvl2zdzDt
+hJWwzNTxg9zPsyWI4VnRqBQIw1ZUhNLwt1Y8buMwVUMv7n0nsqQ/tpKIG1KnFTl5
+no4agfA23+DksTPeZ/OuLTEq/lxRIzEdlAaSlSb6jp3RASHcGfYuf+A9+N2tyGT0
+4rhjvo9juHLsoqDXfMewKBLgyKJFfzMPDQ0Ykun7yrQKWoGG+9o1ZNvMVTMjQn9u
+ZdFMc5WHZAQPlYjB55ldTfeQ4ZX2yBaUTT+WREl2P4zsURM0DV6c7KbQB+XWQzIc
+cWECaLYiir4QRwA+atBZ
+=qWsA
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:38/bhyve.patch

@@ -0,0 +1,24 @@
+--- lib/libvmmapi/vmmapi.c.orig
++++ lib/libvmmapi/vmmapi.c
+@@ -426,13 +426,18 @@
+ {
+ 
+ 	if (ctx->lowmem > 0) {
+-		if (gaddr < ctx->lowmem && gaddr + len <= ctx->lowmem)
++		if (gaddr < ctx->lowmem && len <= ctx->lowmem &&
++		    gaddr + len <= ctx->lowmem)
+ 			return (ctx->baseaddr + gaddr);
+ 	}
+ 
+ 	if (ctx->highmem > 0) {
+-		if (gaddr >= 4*GB && gaddr + len <= 4*GB + ctx->highmem)
+-			return (ctx->baseaddr + gaddr);
++                if (gaddr >= 4*GB) {
++			if (gaddr < 4*GB + ctx->highmem &&
++			    len <= ctx->highmem &&
++			    gaddr + len <= 4*GB + ctx->highmem)
++				return (ctx->baseaddr + gaddr);
++		}
+ 	}
+ 
+ 	return (NULL);

share/security/patches/SA-16:38/bhyve.patch.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYRw1xAAoJEO1n7NZdz2rnBkgQAJWvZDz/GCdcuqp7jUfLvhKR
+/TZaPIe4v702RnoHEsR0pQqNx6wrXSswieiY8VIVE0IIyR6bMO1JgUE7HbSG2m/0
+uI6sgnlTmPKTpKipHmS+lHk/1Rr/bTIAUagyO5XFeq5LinHWdkvKpAgbk0WAFdR4
+0fzOMtyTyW+3+wRAKNG15aoZkscjU4gcEQzS1yVZWEoHQBHIV39sRteqr4/AT2vY
+3wiIjVuW5OwWFqRfX5vamwe/BK3ps07P+OaylnedyScgmI11csCbB6AOxDhlz5/r
+vkLzByMvSwZB7V4EEIvVMmTO57LRaUE5iJ7YNNFyh+4lVHbE+otetAgrf9KE4VIz
+d3DyGELIrAdxUNTx1A/Isog3MAMayxcItNu1kJZz93VxlWJVmrGFufwQigPwNQEd
+R+FeQNGDXYZBDSnl3k16ImL1QW0WLtQqCzSLE+y0Xna3HHUJcddunwLs5duDkaUT
+bHbPL8irN5FBY1WAPWmeusFO0GM1zaWjqYhVCyJLkv+H6aS+4nBIFF2hAmKXyzAc
++PK+rOl2G0HGs09ALKR8DgfzIbeGbB3mvknhUBmX527t6RrA3rWR4gZEwrvCYe4I
+q9lbvvPVoC/xJi3Lsa8xliuo1f7YazEgDNmzkzFjWJQinJKQn4ow3XSiXXqarUm2
+CSrOQJY+0UF23sJScppo
+=nJXA
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -7,6 +7,26 @@
   <year>
     <name>2016</name>
 
+    <month>
+      <name>12</name>
+
+      <day>
+        <name>6</name>
+
+        <advisory>
+          <name>FreeBSD-SA-16:38.bhyve</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:37.libc</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:36.telnetd</name>
+        </advisory>
+      </day>
+    </month>
+
     <month>
       <name>11</name>
 

share/xml/notices.xml

@@ -7,6 +7,26 @@
   <year>
     <name>2016</name>
 
+    <month>
+      <name>12</name>
+
+      <day>
+        <name>6</name>
+
+        <notice>
+          <name>FreeBSD-EN-16:21.localedef</name>
+        </notice>
+
+        <notice>
+          <name>FreeBSD-EN-16:20.tzdata</name>
+        </notice>
+
+        <notice>
+          <name>FreeBSD-EN-16:19.tzcode</name>
+        </notice>
+      </day>
+    </month>
+
     <month>
       <name>10</name>