os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add EN-19:12 and SA-19:09 to SA-19:11

Browse source 
Approved by:	so
This commit is contained in:
Gordon Tetlow 2019-07-03 00:30:17 +00:00
parent 8a203447b9
commit edbd0a5360
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=53209
18 changed files with 4703 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

148
share/security/advisories/FreeBSD-EN-19:12.tzdata.asc Normal file
View file

@ -0,0 +1,148 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-19:12.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2019-07-02
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-02 12:22:27 UTC (stable/12, 12.0-STABLE)
2019-07-02 23:59:45 UTC (releng/12.0, 12.0-RELEASE-p7)
2019-07-02 12:22:54 UTC (stable/11, 11.3-PRERELEASE)
2019-07-02 23:59:45 UTC (releng/11.3, 11.3-RC3-p1)
2019-07-02 23:59:45 UTC (releng/11.2, 11.2-RELEASE-p11)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local timezone.
Based on the selected timezone, tzsetup(8) copies one of the files from
/usr/share/zoneinfo to /etc/localtime. This file actually controls the
conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous FreeBSD
releases were released that would affect many people who live in different
countries. Because of these changes, the data in the zoneinfo files need to
be updated, and if the local timezone on the running system is affected,
tzsetup(8) needs to be run so the /etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one of the
affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from the
misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby, Java and
Perl, may be using different zoneinfo data source, in such cases this
software must be updated separately. For software packages that is installed
via binary packages, they can be upgraded by executing `pkg upgrade'.
Following the instructions in this Errata Notice will update all of the
zoneinfo files to be the same as what was released with FreeBSD release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch
# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch.asc
# gpg --verify tzdata-2019b.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r349597
releng/12.0/ r349620
stable/11/ r349598
releng/11.3/ r349620
releng/11.2/ r349620
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:12.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9VZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKxjRAAjlhQOby/rOVo/+MPrPrdNin5t2MNBOTRawTARwkl4hE6qFirdSHY9/92
9MI1f6YuQinF32UgEKGkXwDsCSr73NqdNCvZ3BFML8dqp9ij3xN4lQraLyFJLQJq
gR3Iy8uL0ANjMfveE0PW4bDKuqAp2SZdvl4PNio2ddWOyW5FIbXTYEkhkhIbFn9k
zjtifmr4KFL+cZ494e4GnLx0epqY7J2l9livGHmAYEPKPuaGMzJn0qA6ac6SwGba
c1VDcTa3hCICUmZtWekkGa6H2EAVDcn+I7rv+x08afMDASl7CuKGd5dvwO65HHPP
5cFUKjnB4YKadtONt73rRxSGdkb5XqeOdnhoHdDb8RQaouPJGburedlP/xbvg8b/
/lL1c4k+Bz1WlNiNoTahPwRTelIg/wzFwdvd4pTmb6DWzmYxPh8SI5hlRJ3dznQG
h1DVXTWYtDnxIvyL3c8KZjDrsIuP7wmDnHjbB89Dw8hVf+jLVZLWm4DFoz7FfAri
qhFIAm0izmABttUpNeWmfOs3yVgtYAMCZBXLdj3JJBx/v5S1VpKnXxkcj+rsZV1A
SczZO7w6BMEMi9HN5tzZqr1OX6H2LXfi7OSYn8fzeUhtXtraP5W9Ds/dWxu1rQna
Kvv9pF4KP4dq6zo4T/V5VHCT6O9FuP/DnjaHUWLtEYR2sol1GTE=
=Dl0I
-----END PGP SIGNATURE-----

134
share/security/advisories/FreeBSD-SA-19:09.iconv.asc Normal file
View file

@ -0,0 +1,134 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:09.iconv Security Advisory
The FreeBSD Project
Topic: iconv buffer overflow
Category: core
Module: libc
Announced: 2019-07-02
Credits: Andrea Venturoli <security@netfence.it>, NetFence
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE)
2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7)
2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE)
2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1)
2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name: CVE-2019-5600
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The iconv(3) API converts text data from one character encoding to another
and is available as part of the standard C library (libc).
II. Problem Description
With certain inputs, iconv may write beyond the end of the output buffer.
III. Impact
Depending on the way in which iconv is used, an attacker may be able to
create a denial of service, provoke incorrect program behavior, or induce a
remote code execution. iconv is a libc library function and the nature of
possible attacks will depend on the way in which iconv is used by
applications or daemons.
IV. Workaround
No workaround is available. Stack canaries (-fstack-protector), which are
enabled by default, provide a degreee of defense against code injection but
not against denial of service.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or release /
security branch (releng) dated after the correction date. Restart any
potentially affected daemons.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch
# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch.asc
# gpg --verify iconv.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r349622
releng/12.0/ r349621
stable/11/ r349624
releng/11.3/ r349621
releng/11.2/ r349621
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5600>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK8qg//bXSYMJQUBC0POTT5zGXSAmXfKjxbCi4N67cfTrQkEvW672QX4Jw9smkK
D3PwyQs8QWIwsXL69rRgKDFHhPplOmTkx1vaPrA3DckYliwNvLRV3I6G2bRnx3E3
DoAyDmBvFK5lJWa3WxbCpeJA69yZ/JbX1Yw6HsRLk74hGkfvlkruKkfxsNjXzaq4
0+d+ZYs/vRDmIW5/R/bYy1+iyDamyCMl2xXtlZBKrGe6lhj8Vi4/evJjipFtskc2
RnGKolNoZQc03pgX0QS2JZDb+ay23elkOCbhYPqGr1f++M95oOktX3epsJNSH++u
pmJ72FNRsnZSVFxoX7o14eh4k6OGYIvGFSkXQ9VG1NV7PQO8VZAQk9gw264O/1Mi
2aW88e78GLallQOg32VM+Ybys9MamBHByiYRz+GXhh91gg9WPJK5Imt0ExUuukGn
SS65SW1AhO72xC2eplbM0pQY0FNn8l+QA4XjhqNfW03gPSvPwbdYhbSDXm9bgV3W
+VnW2R0tekgiD3glf9GwXMKizostS67jvpJyEDqvx3A1Dx3R2sJ27/6c5HDLpJss
hrhEbqnJhudl10gQTdK9hkFg1LeqxFCYhsw0NDb7PgRWeu3MZcLP6pO3wy/aacfd
OyGJWeqTzKZ4o596OyrTsYIa75MymN3/PkdfDYfRMU0GdAo+acQ=
=ItWl
-----END PGP SIGNATURE-----

153
share/security/advisories/FreeBSD-SA-19:10.ufs.asc Normal file
View file

@ -0,0 +1,153 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:10.ufs Security Advisory
The FreeBSD Project
Topic: Kernel stack disclosure in UFS/FFS
Category: core
Module: Kernel
Announced: 2019-07-02
Credits: David G. Lawrence <dg@dglawrence.com>
Affects: All supported versions of FreeBSD.
Corrected: 2019-05-10 23:45:16 UTC (stable/12, 12.0-STABLE)
2019-07-02 00:02:16 UTC (releng/12.0, 12.0-RELEASE-p7)
2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE)
2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name: CVE-2019-5601
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The Berkeley Fast File System (FFS) is an implementation of the UNIX File
System (UFS) filesystem used by FreeBSD.
II. Problem Description
A bug causes up to three bytes of kernel stack memory to be written to disk
as uninitialized directory entry padding. This data can be viewed by any
user with read access to the directory. Additionally, a malicious user with
write access to a directory can cause up to 254 bytes of kernel stack memory
to be exposed.
III. Impact
Some amount of the kernel stack is disclosed and written out to the
filesystem.
IV. Workaround
No workaround is available but systems not using UFS/FFS are not affected.
V. Solution
Special note: This update also adds the -z flag to fsck_ffs to have it scrub
the leaked information in the name padding of existing directories. It only
needs to be run once on each UFS/FFS filesystem after a patched kernel is
installed and running.
Upgrade your vulnerable system to a supported FreeBSD stable or release /
security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, reboot the system and run:
# fsck -t ufs -f -p -T ufs:-z
to clean up your existing filesystems.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch
# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch.asc
# gpg --verify ufs.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch
# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch.asc
# gpg --verify ufs.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system and run:
# fsck -t ufs -f -p -T ufs:-z
to clean up your existing filesystems.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r347474
releng/12.0/ r349623
stable/11/ r347475
releng/11.2/ r349623
- -------------------------------------------------------------------------
Note: This patch was applied to the stable/11 branch before the branch point
for releng/11.3. As such, no patch is needed for any 11.3-BETA or -RC.
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5601>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJgRhAAic+yb4boY5k2TotBe9xBBO2VEGwvcolARpvUg+78ya4RGh1d3FBH5R36
N6uEvaAclrRsPHnDSeCD3BVmQkWBzD5a7t+z+m5Siye+01mA4XjKycNDl9BXm7sT
t01GP7TPBmaJZ45RPqT4M/iB1Ulud0kdKvi/apwDLbqJrbzcuxyBNs+wiQhbG2Ip
07REBqabnsL8dV2ysPtBlHd1nxyNyyF8EzkDUKYUWDnwPxzlrfrJAt+F7sneRrPf
tL3UsN+qh3JThI39CjFWPllVRv412QCFBDmGXHdbm+mWrxIecX5pUEoLfQQLJ82x
03TOYbZpu4d4CvgeSEXl3VkbHl6F6u/ii8ls/7aUDNnZcHWamraP84aJpLBG2cUa
ExDDL6K0x1LMhlGWxjGr0qp2ObdQ0sKTgQZ/RUmJO4pc4zuPc0yY3jOv4U+kP2G/
znHEVVRs8/X95OYA0fdvnG0rOdcKGdqKEDxeTvFhyvxM372erT/dMz9flGnptA51
30eAwyKmzj5Mzpo5y/NARyGLRTfOB2F6++BFrlqbsKCXcyK1R5jtxu1TLaliPvA/
Aux8D4OQHIXIGk/sVQSJKOO4oH6U7S2aNtYTxaYHAJrtbC9udnyjVau2txlObEZr
pCbd+a02Btid0bBRUSFYugl4XHtakTVvtu93Fa19wASYDnZJIUE=
=uUz9
-----END PGP SIGNATURE-----

147
share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc Normal file
View file

@ -0,0 +1,147 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-19:11.cd_ioctl Security Advisory
The FreeBSD Project
Topic: Privilege escalation in cd(4) driver
Category: core
Module: kernel
Announced: 2019-07-02
Credits: Alex Fortune
Affects: All supported versions of FreeBSD.
Corrected: 2019-07-03 00:11:31 UTC (stable/12, 12.0-STABLE)
2019-07-02 00:03:55 UTC (releng/12.0, 12.0-RELEASE-p7)
2019-07-03 00:12:50 UTC (stable/11, 11.3-PRERELEASE)
2019-07-02 00:03:55 UTC (releng/11.3, 11.3-RC3-p1)
2019-07-02 00:03:55 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name: CVE-2019-5602
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The cd(4) driver implements a number of ioctls to permit low-level access to
the media in the CD-ROM device. The Linux emulation layer provides a
corresponding set of ioctls, some of which are implemented as wrappers of
native cd(4) ioctls.
These ioctls are available to users in the operator group, which gets
read-only access to cd(4) devices by default.
II. Problem Description
To implement one particular ioctl, the Linux emulation code used a special
interface present in the cd(4) driver which allows it to copy subchannel
information directly to a kernel address. This interface was erroneously
made accessible to userland, allowing users with read access to a cd(4)
device to arbitrarily overwrite kernel memory when some media is present in
the device.
III. Impact
A user in the operator group can make use of this interface to gain root
privileges on a system with a cd(4) device when some media is present in the
device.
IV. Workaround
devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from
cd(4) devices.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or release /
security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Afterwards, reboot the system.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch
# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch.asc
# gpg --verify cd_ioctl.12.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch
# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch.asc
# gpg --verify cd_ioctl.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r349628
releng/12.0/ r349625
stable/11/ r349629
releng/11.3/ r349625
releng/11.2/ r349625
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5602>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK+nBAAqVz2kEviqpD6wTqwmDexacApQ8aRrnxUDA/PSU/ZStdU3/E3OHAEwMOr
k3qNBbMYUO5alXyLfe9Gv2iP2eTD8QP6xafMiwvcMxS2aJe6ieRmRTLUbep0QBEN
weIaafjvIlLElJTWb9Rr5CTUs6sSdq7Jc84dHPHSOQehhkCFydTdHCaYtvRS2tg1
YYyzMdTlT1VRCL3Rb6iHkqLG7JKX1fTLsPxXGqv/IjYAcDREZjVNhxjvcsQsMQxD
2tTBDVZZLJBOHshGg/kyCRB++d36JNED0kb7/lfohGBvZS6wtmbe9z3a1+S4MN9i
sxNdLc4a/Qr3iP4SzgGf6YuD/BmXg/7HWZnBj220VncVHYjQThAZih0VDUSy9zBy
EplpqcRYebzvAQkq63e2LE66rveX58L7KAzZDG2QJUrPDJAfxgdc1fslgm/+/Yck
/lHVG8gxJNr+tpC80vKxssS7WhNUnd1zThKa2D5rrFnsWUR5da66mxJelUrq+vPT
bhs/nHOzqqXpojh+j/8a6q8Wi2CDSGnJ9vtt0FZu7SG0/r7hlUAAuI0o9VJV/Uh4
CyJeVlJ65+4bUm+k9qFBxsmd7S08f1Z6UND8/1ffFOYm4POVJcRa1wUswYjXPfjp
Sf0rZ5vCq8TG7EOcdMHqHBgAumx3gAXj+I73Lwm73vnP4jMoqmw=
=Bc/8
-----END PGP SIGNATURE-----

3069
share/security/patches/EN-19:12/tzdata-2019b.patch Normal file
View file

File diff suppressed because it is too large Load diff

18
share/security/patches/EN-19:12/tzdata-2019b.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9XxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJuRg//X8SzMWUt3ZqAQEVqRxYPouBZFuL9avfKo6vTjJZ27nKNHjtmeoElhKw7
9bffgA9nbeWnzmo9EtOmVLGVmRYe/doqtZN/2tc8w9W1RmoUYd/MsqCg0qt9Y14v
8wUPtfWlz5BRkWHCAyamEz/sK7LRvYfniS+vVX3bo/Rw7l+txp+fhER9zBloTuW5
/4b1pjIPmWJMPAORCUeUc/4ZOBiI3MDb5HYQgoOo3yWGn6SMs7RHtLZBbaqy8LVW
KZyAjBn3TNoqxxLZZ0VfomFzrnc45Sm2PxoqSwGbP1hsom4hKfvdFpWybYgGqnUx
JRjvA8rAyHvr64NhoVavEKg514HYVZZT9qPe3hFvTD7oCvtuRTLYF0N7huF9R2h6
E51iCAPlPKelyxv5FUhyD6FAKtZWkBhda52ZlFZSMmLxShAvbGibwkKVj49mcKBT
yBJ9+Ik3W3FaWQmgZ+G73imZlXwV7DHR4UDuG/DWuT77wPO9nk5M2SQxe7tsO/qo
WeT5P8rGk/ZJxTBrJR6JBa17JpsuHS3spMx8I5lp4tqZWP089bjyzfcdKUYVqju0
sIonbeuzzvwMvrRoJ7a/j9cP44P7Bet11xtcoucJkB6WxLiDX++FyWdBzUaKnG3Z
d27co2rLq/xoHGPFYkj4UhBVyRzz5E1rY00BrVmN9FrgFZdG/fw=
=n8zD
-----END PGP SIGNATURE-----

11
share/security/patches/SA-19:09/iconv.patch Normal file
View file

@ -0,0 +1,11 @@
--- lib/libc/iconv/citrus_none.c.orig
+++ lib/libc/iconv/citrus_none.c
@@ -144,7 +144,7 @@
s[2] = (char)(idx >> 16);
*nresult = 3;
} else {
- if (n < 3) {
+ if (n < 4) {
*nresult = (size_t)-1;
return (E2BIG);
}

18
share/security/patches/SA-19:09/iconv.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9YlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJR6xAAmPrRDXyil1P/HfAKIsjxoUx1C+fg99S2IEebgZYleUOr16m6TWmp8miT
5yEgGFKEc1WF9ieryIDITgvDrh44wSmI2r4V1WNocHB89x+IAVZgbmNXyTiTcbZA
G1QDwH97oNAB38+L1Ev0qDjgwX+mhnLpIV846NDNUiXBb4iTRjOejCTYyfd+t6Hr
fHsGN5WllKYegx7j8taEFaix4SzgZmwOxEnJpx/WG9cfZDkKBsRC+Vg7haIdFsNY
fHBPeLWpokYyZu8i7m2Hnw36z+1FQTFXCF7ZqGL5nLsYghkSXFYN9u/w2MJKgbkB
uMWC1DxE+3UmdaStx+2gZc9t/pM/AyU/eCeV+T3guCj8pHb8A125HaGWCgYVVVcd
4rvhFUqBERqLKk+Kp8SZO5Iu8zdhawk9fAaPX9zriLKoDukfJYjWcMLKlq2lTFjS
/39ULR+iIcVAkNyqIkcw8FT2+s+iVjZZqTioQabDQPAFeGpK0VPIg/R6qGG1qNu0
itOTwi9eaea7Bp3sGgKcoQZrwkPI1AD3DHHeVqqvEyPNfbyZ3JjCtO7XctTRAlB4
SXQfq1mZ93z/FHwLAK/iRBhKcqoJtFF8a9qa0AWX76RoNDkywhxyDk65Zomw+ffk
kUHguRj433i4db/yBKcqfOVG9zU5tUgsMAQMwBTHBXeW/5BHnQ4=
=wCOy
-----END PGP SIGNATURE-----

311
share/security/patches/SA-19:10/ufs.11.patch Normal file
View file

@ -0,0 +1,311 @@
--- sbin/fsck_ffs/dir.c.orig
+++ sbin/fsck_ffs/dir.c
@@ -145,6 +145,7 @@
struct direct *dp, *ndp;
struct bufarea *bp;
long size, blksiz, fix, dploc;
+ int dc;
blksiz = idesc->id_numfrags * sblock.fs_fsize;
bp = getdirblk(idesc->id_blkno, blksiz);
@@ -151,8 +152,16 @@
if (idesc->id_loc % DIRBLKSIZ == 0 && idesc->id_filesize > 0 &&
idesc->id_loc < blksiz) {
dp = (struct direct *)(bp->b_un.b_buf + idesc->id_loc);
- if (dircheck(idesc, dp))
+ if ((dc = dircheck(idesc, dp)) > 0) {
+ if (dc == 2) {
+ /*
+ * dircheck() cleared unused directory space.
+ * Mark the buffer as dirty to write it out.
+ */
+ dirty(bp);
+ }
goto dpok;
+ }
if (idesc->id_fix == IGNORE)
return (0);
fix = dofix(idesc, "DIRECTORY CORRUPTED");
@@ -179,19 +188,26 @@
if ((idesc->id_loc % DIRBLKSIZ) == 0)
return (dp);
ndp = (struct direct *)(bp->b_un.b_buf + idesc->id_loc);
- if (idesc->id_loc < blksiz && idesc->id_filesize > 0 &&
- dircheck(idesc, ndp) == 0) {
- size = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
- idesc->id_loc += size;
- idesc->id_filesize -= size;
- if (idesc->id_fix == IGNORE)
- return (0);
- fix = dofix(idesc, "DIRECTORY CORRUPTED");
- bp = getdirblk(idesc->id_blkno, blksiz);
- dp = (struct direct *)(bp->b_un.b_buf + dploc);
- dp->d_reclen += size;
- if (fix)
+ if (idesc->id_loc < blksiz && idesc->id_filesize > 0) {
+ if ((dc = dircheck(idesc, ndp)) == 0) {
+ size = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
+ idesc->id_loc += size;
+ idesc->id_filesize -= size;
+ if (idesc->id_fix == IGNORE)
+ return (0);
+ fix = dofix(idesc, "DIRECTORY CORRUPTED");
+ bp = getdirblk(idesc->id_blkno, blksiz);
+ dp = (struct direct *)(bp->b_un.b_buf + dploc);
+ dp->d_reclen += size;
+ if (fix)
+ dirty(bp);
+ } else if (dc == 2) {
+ /*
+ * dircheck() cleared unused directory space.
+ * Mark the buffer as dirty to write it out.
+ */
dirty(bp);
+ }
}
return (dp);
}
@@ -199,6 +215,11 @@
/*
* Verify that a directory entry is valid.
* This is a superset of the checks made in the kernel.
+ * Also optionally clears padding and unused directory space.
+ *
+ * Returns 0 if the entry is bad, 1 if the entry is good and no changes
+ * were made, and 2 if the entry is good but modified to clear out padding
+ * and unused space and needs to be written back to disk.
*/
static int
dircheck(struct inodesc *idesc, struct direct *dp)
@@ -207,15 +228,39 @@
char *cp;
u_char type;
u_int8_t namlen;
- int spaceleft;
+ int spaceleft, modified, unused;
+ modified = 0;
spaceleft = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
if (dp->d_reclen == 0 ||
dp->d_reclen > spaceleft ||
- (dp->d_reclen & 0x3) != 0)
+ (dp->d_reclen & (DIR_ROUNDUP - 1)) != 0)
goto bad;
- if (dp->d_ino == 0)
- return (1);
+ if (dp->d_ino == 0) {
+ /*
+ * Special case of an unused directory entry. Normally
+ * the kernel would coalesce unused space with the previous
+ * entry by extending its d_reclen, but there are situations
+ * (e.g. fsck) where that doesn't occur.
+ * If we're clearing out directory cruft (-z flag), then make
+ * sure this entry gets fully cleared as well.
+ */
+ if (zflag && fswritefd >= 0) {
+ if (dp->d_type != 0) {
+ dp->d_type = 0;
+ modified = 1;
+ }
+ if (dp->d_namlen != 0) {
+ dp->d_namlen = 0;
+ modified = 1;
+ }
+ if (dp->d_name[0] != '\0') {
+ dp->d_name[0] = '\0';
+ modified = 1;
+ }
+ }
+ goto good;
+ }
size = DIRSIZ(0, dp);
namlen = dp->d_namlen;
type = dp->d_type;
@@ -229,7 +274,37 @@
goto bad;
if (*cp != '\0')
goto bad;
+
+good:
+ if (zflag && fswritefd >= 0) {
+ /*
+ * Clear unused directory entry space, including the d_name
+ * padding.
+ */
+ /* First figure the number of pad bytes. */
+ unused = roundup2(namlen + 1, DIR_ROUNDUP) - (namlen + 1);
+
+ /* Add in the free space to the end of the record. */
+ unused += dp->d_reclen - DIRSIZ(0, dp);
+
+ /*
+ * Now clear out the unused space, keeping track if we actually
+ * changed anything.
+ */
+ for (cp = &dp->d_name[namlen + 1]; unused > 0; unused--, cp++) {
+ if (*cp != '\0') {
+ *cp = '\0';
+ modified = 1;
+ }
+ }
+
+ if (modified) {
+ return 2;
+ }
+ }
+
return (1);
+
bad:
if (debug)
printf("Bad dir: ino %d reclen %d namlen %d type %d name %s\n",
--- sbin/fsck_ffs/fsck.h.orig
+++ sbin/fsck_ffs/fsck.h
@@ -313,6 +313,7 @@
extern int debug; /* output debugging info */
extern int Eflag; /* delete empty data blocks */
extern int Zflag; /* zero empty data blocks */
+extern int zflag; /* zero unused directory space */
extern int inoopt; /* trim out unused inodes */
extern char ckclean; /* only do work if not cleanly unmounted */
extern int cvtlevel; /* convert to newer file system format */
--- sbin/fsck_ffs/fsck_ffs.8.orig
+++ sbin/fsck_ffs/fsck_ffs.8
@@ -29,7 +29,7 @@
.\" @(#)fsck.8 8.4 (Berkeley) 5/9/95
.\" $FreeBSD$
.\"
-.Dd January 13, 2018
+.Dd May 3, 2019
.Dt FSCK_FFS 8
.Os
.Sh NAME
@@ -38,7 +38,7 @@
.Nd file system consistency check and interactive repair
.Sh SYNOPSIS
.Nm
-.Op Fl BCdEFfnpRrSyZ
+.Op Fl BCdEFfnpRrSyZz
.Op Fl b Ar block
.Op Fl c Ar level
.Op Fl m Ar mode
@@ -301,6 +301,9 @@
and
.Fl Z
are specified, blocks are first zeroed and then erased.
+.It Fl z
+Clear unused directory space.
+The cleared space includes deleted file names and name padding.
.El
.Pp
Inconsistencies checked are as follows:
--- sbin/fsck_ffs/globs.c.orig
+++ sbin/fsck_ffs/globs.c
@@ -83,6 +83,7 @@
int debug; /* output debugging info */
int Eflag; /* delete empty data blocks */
int Zflag; /* zero empty data blocks */
+int zflag; /* zero unused directory space */
int inoopt; /* trim out unused inodes */
char ckclean; /* only do work if not cleanly unmounted */
int cvtlevel; /* convert to newer file system format */
--- sbin/fsck_ffs/main.c.orig
+++ sbin/fsck_ffs/main.c
@@ -86,7 +86,7 @@
sync();
skipclean = 1;
inoopt = 0;
- while ((ch = getopt(argc, argv, "b:Bc:CdEfFm:npRrSyZ")) != -1) {
+ while ((ch = getopt(argc, argv, "b:Bc:CdEfFm:npRrSyZz")) != -1) {
switch (ch) {
case 'b':
skipclean = 0;
@@ -163,6 +163,10 @@
Zflag++;
break;
+ case 'z':
+ zflag++;
+ break;
+
default:
usage();
}
--- sys/ufs/ufs/dir.h.orig
+++ sys/ufs/ufs/dir.h
@@ -105,13 +105,11 @@
* The DIRSIZ macro gives the minimum record length which will hold
* the directory entry. This requires the amount of space in struct direct
* without the d_name field, plus enough space for the name with a terminating
- * null byte (dp->d_namlen+1), rounded up to a 4 byte boundary.
- *
- *
+ * null byte (dp->d_namlen + 1), rounded up to a 4 byte boundary.
*/
-#define DIRECTSIZ(namlen) \
- ((__offsetof(struct direct, d_name) + \
- ((namlen)+1)*sizeof(((struct direct *)0)->d_name[0]) + 3) & ~3)
+#define DIR_ROUNDUP 4 /* Directory name roundup size */
+#define DIRECTSIZ(namlen) \
+ (roundup2(__offsetof(struct direct, d_name) + (namlen) + 1, DIR_ROUNDUP))
#if (BYTE_ORDER == LITTLE_ENDIAN)
#define DIRSIZ(oldfmt, dp) \
((oldfmt) ? DIRECTSIZ((dp)->d_type) : DIRECTSIZ((dp)->d_namlen))
--- sys/ufs/ufs/ufs_lookup.c.orig
+++ sys/ufs/ufs/ufs_lookup.c
@@ -823,14 +823,21 @@
struct componentname *cnp;
struct direct *newdirp;
{
+ u_int namelen;
-#ifdef INVARIANTS
- if ((cnp->cn_flags & SAVENAME) == 0)
- panic("ufs_makedirentry: missing name");
-#endif
+ namelen = (unsigned)cnp->cn_namelen;
+ KASSERT((cnp->cn_flags & SAVENAME) != 0,
+ ("ufs_makedirentry: missing name"));
+ KASSERT(namelen <= MAXNAMLEN,
+ ("ufs_makedirentry: name too long"));
newdirp->d_ino = ip->i_number;
- newdirp->d_namlen = cnp->cn_namelen;
- bcopy(cnp->cn_nameptr, newdirp->d_name, (unsigned)cnp->cn_namelen + 1);
+ newdirp->d_namlen = namelen;
+
+ /* Zero out after-name padding */
+ *(u_int32_t *)(&newdirp->d_name[namelen & ~(DIR_ROUNDUP - 1)]) = 0;
+
+ bcopy(cnp->cn_nameptr, newdirp->d_name, namelen);
+
if (ITOV(ip)->v_mount->mnt_maxsymlinklen > 0)
newdirp->d_type = IFTODT(ip->i_mode);
else {
@@ -1209,16 +1216,21 @@
if (ip && rep->d_ino != ip->i_number)
panic("ufs_dirremove: ip %ju does not match dirent ino %ju\n",
(uintmax_t)ip->i_number, (uintmax_t)rep->d_ino);
- if (dp->i_count == 0) {
+ /*
+ * Zero out the file directory entry metadata to reduce disk
+ * scavenging disclosure.
+ */
+ bzero(&rep->d_name[0], rep->d_namlen);
+ rep->d_namlen = 0;
+ rep->d_type = 0;
+ rep->d_ino = 0;
+
+ if (dp->i_count != 0) {
/*
- * First entry in block: set d_ino to zero.
- */
- ep->d_ino = 0;
- } else {
- /*
* Collapse new free space into previous entry.
*/
ep->d_reclen += rep->d_reclen;
+ rep->d_reclen = 0;
}
#ifdef UFS_DIRHASH
if (dp->i_dirhash != NULL)

18
share/security/patches/SA-19:10/ufs.11.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9ZNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLSAw//fBSV+MIQNSJaq2Ux5SMQ1zvGG2vVbdX3pTFH764EL6A8s1cdQnLkFqCT
W93kH1lyMqxb64WQ6gC1sLk41GHTDUGRM94KjkqqmkfCAy+q24ZFnSHEsq11Umks
quVJQ4yehJXnFjfFNtIbat0FAVl1t2YzEtu33UzWyefoeQh6jOdebN22gYV5X4Od
FiaKngO83tr7dHkamvrQ7eQZNgeC05kJYsKLTlkhoujnGfNyelmaiRj/KmICjWYj
M9uCEccfSqTPaqYfE7qj7CzH4+rUCmBmULiuUVJEoxWGxQndhULqvSpAglq90bN5
iZgVrfodheWBROtIJaov+0d2+GWjQ63jN6KHYKPOY75vQf/l9s8TxCXxCQ6pT3xB
JHjLV6tRRaSnLZj/Xzd4RKHlg1tMxkjp0vtSRKaltyJISAu+gzqFUBkylGx9mvSb
ar2iAvOWAlmCOfCbIG2xs/sPY4U8GV0JixEGPv8ghdusDnVxJeQa724vbnd9hWox
UjE7VM3ynDtx+zQJ0aWr1K6JYZNgZ3KQjJvAN4vVWbw3ta/cyQ0uyaBrqk6zJZov
R/E5DHV9LHQUfA7FC7tXMgHJLAAlMYWkRimmdKnsHbHSLjbgBpPhbOsSg4LpSDn5
GCjkeA9XpuKd40YIixWUuM9X7GYS/yHamfofpWPIQTMXnGbNxSk=
=WvjT
-----END PGP SIGNATURE-----

311
share/security/patches/SA-19:10/ufs.12.patch Normal file
View file

@ -0,0 +1,311 @@
--- sbin/fsck_ffs/dir.c.orig
+++ sbin/fsck_ffs/dir.c
@@ -147,6 +147,7 @@
struct direct *dp, *ndp;
struct bufarea *bp;
long size, blksiz, fix, dploc;
+ int dc;
blksiz = idesc->id_numfrags * sblock.fs_fsize;
bp = getdirblk(idesc->id_blkno, blksiz);
@@ -153,8 +154,16 @@
if (idesc->id_loc % DIRBLKSIZ == 0 && idesc->id_filesize > 0 &&
idesc->id_loc < blksiz) {
dp = (struct direct *)(bp->b_un.b_buf + idesc->id_loc);
- if (dircheck(idesc, dp))
+ if ((dc = dircheck(idesc, dp)) > 0) {
+ if (dc == 2) {
+ /*
+ * dircheck() cleared unused directory space.
+ * Mark the buffer as dirty to write it out.
+ */
+ dirty(bp);
+ }
goto dpok;
+ }
if (idesc->id_fix == IGNORE)
return (0);
fix = dofix(idesc, "DIRECTORY CORRUPTED");
@@ -181,19 +190,26 @@
if ((idesc->id_loc % DIRBLKSIZ) == 0)
return (dp);
ndp = (struct direct *)(bp->b_un.b_buf + idesc->id_loc);
- if (idesc->id_loc < blksiz && idesc->id_filesize > 0 &&
- dircheck(idesc, ndp) == 0) {
- size = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
- idesc->id_loc += size;
- idesc->id_filesize -= size;
- if (idesc->id_fix == IGNORE)
- return (0);
- fix = dofix(idesc, "DIRECTORY CORRUPTED");
- bp = getdirblk(idesc->id_blkno, blksiz);
- dp = (struct direct *)(bp->b_un.b_buf + dploc);
- dp->d_reclen += size;
- if (fix)
+ if (idesc->id_loc < blksiz && idesc->id_filesize > 0) {
+ if ((dc = dircheck(idesc, ndp)) == 0) {
+ size = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
+ idesc->id_loc += size;
+ idesc->id_filesize -= size;
+ if (idesc->id_fix == IGNORE)
+ return (0);
+ fix = dofix(idesc, "DIRECTORY CORRUPTED");
+ bp = getdirblk(idesc->id_blkno, blksiz);
+ dp = (struct direct *)(bp->b_un.b_buf + dploc);
+ dp->d_reclen += size;
+ if (fix)
+ dirty(bp);
+ } else if (dc == 2) {
+ /*
+ * dircheck() cleared unused directory space.
+ * Mark the buffer as dirty to write it out.
+ */
dirty(bp);
+ }
}
return (dp);
}
@@ -201,6 +217,11 @@
/*
* Verify that a directory entry is valid.
* This is a superset of the checks made in the kernel.
+ * Also optionally clears padding and unused directory space.
+ *
+ * Returns 0 if the entry is bad, 1 if the entry is good and no changes
+ * were made, and 2 if the entry is good but modified to clear out padding
+ * and unused space and needs to be written back to disk.
*/
static int
dircheck(struct inodesc *idesc, struct direct *dp)
@@ -209,15 +230,39 @@
char *cp;
u_char type;
u_int8_t namlen;
- int spaceleft;
+ int spaceleft, modified, unused;
+ modified = 0;
spaceleft = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
if (dp->d_reclen == 0 ||
dp->d_reclen > spaceleft ||
- (dp->d_reclen & 0x3) != 0)
+ (dp->d_reclen & (DIR_ROUNDUP - 1)) != 0)
goto bad;
- if (dp->d_ino == 0)
- return (1);
+ if (dp->d_ino == 0) {
+ /*
+ * Special case of an unused directory entry. Normally
+ * the kernel would coalesce unused space with the previous
+ * entry by extending its d_reclen, but there are situations
+ * (e.g. fsck) where that doesn't occur.
+ * If we're clearing out directory cruft (-z flag), then make
+ * sure this entry gets fully cleared as well.
+ */
+ if (zflag && fswritefd >= 0) {
+ if (dp->d_type != 0) {
+ dp->d_type = 0;
+ modified = 1;
+ }
+ if (dp->d_namlen != 0) {
+ dp->d_namlen = 0;
+ modified = 1;
+ }
+ if (dp->d_name[0] != '\0') {
+ dp->d_name[0] = '\0';
+ modified = 1;
+ }
+ }
+ goto good;
+ }
size = DIRSIZ(0, dp);
namlen = dp->d_namlen;
type = dp->d_type;
@@ -231,7 +276,37 @@
goto bad;
if (*cp != '\0')
goto bad;
+
+good:
+ if (zflag && fswritefd >= 0) {
+ /*
+ * Clear unused directory entry space, including the d_name
+ * padding.
+ */
+ /* First figure the number of pad bytes. */
+ unused = roundup2(namlen + 1, DIR_ROUNDUP) - (namlen + 1);
+
+ /* Add in the free space to the end of the record. */
+ unused += dp->d_reclen - DIRSIZ(0, dp);
+
+ /*
+ * Now clear out the unused space, keeping track if we actually
+ * changed anything.
+ */
+ for (cp = &dp->d_name[namlen + 1]; unused > 0; unused--, cp++) {
+ if (*cp != '\0') {
+ *cp = '\0';
+ modified = 1;
+ }
+ }
+
+ if (modified) {
+ return 2;
+ }
+ }
+
return (1);
+
bad:
if (debug)
printf("Bad dir: ino %d reclen %d namlen %d type %d name %s\n",
--- sbin/fsck_ffs/fsck.h.orig
+++ sbin/fsck_ffs/fsck.h
@@ -315,6 +315,7 @@
extern int debug; /* output debugging info */
extern int Eflag; /* delete empty data blocks */
extern int Zflag; /* zero empty data blocks */
+extern int zflag; /* zero unused directory space */
extern int inoopt; /* trim out unused inodes */
extern char ckclean; /* only do work if not cleanly unmounted */
extern int cvtlevel; /* convert to newer file system format */
--- sbin/fsck_ffs/fsck_ffs.8.orig
+++ sbin/fsck_ffs/fsck_ffs.8
@@ -29,7 +29,7 @@
.\" @(#)fsck.8 8.4 (Berkeley) 5/9/95
.\" $FreeBSD$
.\"
-.Dd January 13, 2018
+.Dd May 3, 2019
.Dt FSCK_FFS 8
.Os
.Sh NAME
@@ -38,7 +38,7 @@
.Nd file system consistency check and interactive repair
.Sh SYNOPSIS
.Nm
-.Op Fl BCdEFfnpRrSyZ
+.Op Fl BCdEFfnpRrSyZz
.Op Fl b Ar block
.Op Fl c Ar level
.Op Fl m Ar mode
@@ -301,6 +301,9 @@
and
.Fl Z
are specified, blocks are first zeroed and then erased.
+.It Fl z
+Clear unused directory space.
+The cleared space includes deleted file names and name padding.
.El
.Pp
Inconsistencies checked are as follows:
--- sbin/fsck_ffs/globs.c.orig
+++ sbin/fsck_ffs/globs.c
@@ -85,6 +85,7 @@
int debug; /* output debugging info */
int Eflag; /* delete empty data blocks */
int Zflag; /* zero empty data blocks */
+int zflag; /* zero unused directory space */
int inoopt; /* trim out unused inodes */
char ckclean; /* only do work if not cleanly unmounted */
int cvtlevel; /* convert to newer file system format */
--- sbin/fsck_ffs/main.c.orig
+++ sbin/fsck_ffs/main.c
@@ -89,7 +89,7 @@
sync();
skipclean = 1;
inoopt = 0;
- while ((ch = getopt(argc, argv, "b:Bc:CdEfFm:npRrSyZ")) != -1) {
+ while ((ch = getopt(argc, argv, "b:Bc:CdEfFm:npRrSyZz")) != -1) {
switch (ch) {
case 'b':
skipclean = 0;
@@ -166,6 +166,10 @@
Zflag++;
break;
+ case 'z':
+ zflag++;
+ break;
+
default:
usage();
}
--- sys/ufs/ufs/dir.h.orig
+++ sys/ufs/ufs/dir.h
@@ -108,13 +108,11 @@
* The DIRSIZ macro gives the minimum record length which will hold
* the directory entry. This requires the amount of space in struct direct
* without the d_name field, plus enough space for the name with a terminating
- * null byte (dp->d_namlen+1), rounded up to a 4 byte boundary.
- *
- *
+ * null byte (dp->d_namlen + 1), rounded up to a 4 byte boundary.
*/
-#define DIRECTSIZ(namlen) \
- ((__offsetof(struct direct, d_name) + \
- ((namlen)+1)*sizeof(((struct direct *)0)->d_name[0]) + 3) & ~3)
+#define DIR_ROUNDUP 4 /* Directory name roundup size */
+#define DIRECTSIZ(namlen) \
+ (roundup2(__offsetof(struct direct, d_name) + (namlen) + 1, DIR_ROUNDUP))
#if (BYTE_ORDER == LITTLE_ENDIAN)
#define DIRSIZ(oldfmt, dp) \
((oldfmt) ? DIRECTSIZ((dp)->d_type) : DIRECTSIZ((dp)->d_namlen))
--- sys/ufs/ufs/ufs_lookup.c.orig
+++ sys/ufs/ufs/ufs_lookup.c
@@ -825,14 +825,21 @@
struct componentname *cnp;
struct direct *newdirp;
{
+ u_int namelen;
-#ifdef INVARIANTS
- if ((cnp->cn_flags & SAVENAME) == 0)
- panic("ufs_makedirentry: missing name");
-#endif
+ namelen = (unsigned)cnp->cn_namelen;
+ KASSERT((cnp->cn_flags & SAVENAME) != 0,
+ ("ufs_makedirentry: missing name"));
+ KASSERT(namelen <= UFS_MAXNAMLEN,
+ ("ufs_makedirentry: name too long"));
newdirp->d_ino = ip->i_number;
- newdirp->d_namlen = cnp->cn_namelen;
- bcopy(cnp->cn_nameptr, newdirp->d_name, (unsigned)cnp->cn_namelen + 1);
+ newdirp->d_namlen = namelen;
+
+ /* Zero out after-name padding */
+ *(u_int32_t *)(&newdirp->d_name[namelen & ~(DIR_ROUNDUP - 1)]) = 0;
+
+ bcopy(cnp->cn_nameptr, newdirp->d_name, namelen);
+
if (ITOV(ip)->v_mount->mnt_maxsymlinklen > 0)
newdirp->d_type = IFTODT(ip->i_mode);
else {
@@ -1211,16 +1218,21 @@
if (ip && rep->d_ino != ip->i_number)
panic("ufs_dirremove: ip %ju does not match dirent ino %ju\n",
(uintmax_t)ip->i_number, (uintmax_t)rep->d_ino);
- if (dp->i_count == 0) {
+ /*
+ * Zero out the file directory entry metadata to reduce disk
+ * scavenging disclosure.
+ */
+ bzero(&rep->d_name[0], rep->d_namlen);
+ rep->d_namlen = 0;
+ rep->d_type = 0;
+ rep->d_ino = 0;
+
+ if (dp->i_count != 0) {
/*
- * First entry in block: set d_ino to zero.
- */
- ep->d_ino = 0;
- } else {
- /*
* Collapse new free space into previous entry.
*/
ep->d_reclen += rep->d_reclen;
+ rep->d_reclen = 0;
}
#ifdef UFS_DIRHASH
if (dp->i_dirhash != NULL)

18
share/security/patches/SA-19:10/ufs.12.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9ZdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKqKRAAjnl9PFeoSWEWhpszLDoMxytsZbCE+paF7FrNnEgIzuhaE8k+uah+okP2
7schte688xS+zav1rBlc+WSChzV6UsAiUZsU/UDojhJeFmeOFsThiKJo/Ccp2hr0
7k7pv3NyAylBhVoUTH/QKuGO7UktPzC5KbWXjBv0gB4N+2fHfpY7iIB5/SF5LVnl
DNVSA/JsDn8Iyk2ymqJTJUFe6jzJzMZQgcO7NxkKZnhsv6sYkJHDmOSmYhi7fly5
+hg4t3gg2UMUlHDnIY/NmM4OaC5UiznW7wcXgU7ID+w35R8h2sMN0pwEZk3U+h4N
Xpe9y16MuPQX2u6RVBDl2GTEJEZLvPMt/eS9lH4grIQ2maU7UyTHxpraQ01i83NX
eLSHnnZuArrQZ4c5NAo4j8+kCrxgoqVhl0987pt8VKmPRqteTRhgX6k5OCxRFneQ
mO8OvtTzNKDMXjDymMbP4WoLn1bMgXvqM/9CGD1K5j78BkzioZemlUlly9t56I8b
RVUDL8dDajIpmAbzlq0JgDQ8SYzEj2qowmjaTKhKihbSlF1riC0bXcRAgufmt8FH
RFF4m8cjq4FKMX5t6ZLlHSoW6hC7yOpVe2IPfbnTV8PT6Fpot5SOkyw8plBAAu87
YZdxZp/jdczLFQCI2M/4BafAEHIQOlx3Vm7bPlw+ZLMN/u+k6R0=
=MGNg
-----END PGP SIGNATURE-----

184
share/security/patches/SA-19:11/cd_ioctl.11.patch Normal file
View file

@ -0,0 +1,184 @@
--- sys/cam/scsi/scsi_cd.c.orig
+++ sys/cam/scsi/scsi_cd.c
@@ -1281,7 +1281,7 @@
struct cam_periph *periph;
struct cd_softc *softc;
- int nocopyout, error = 0;
+ int error = 0;
periph = (struct cam_periph *)dp->d_drv1;
cam_periph_lock(periph);
@@ -1323,7 +1323,6 @@
*/
cam_periph_unlock(periph);
- nocopyout = 0;
switch (cmd) {
case CDIOCPLAYTRACKS:
@@ -1499,9 +1498,6 @@
cam_periph_unlock(periph);
}
break;
- case CDIOCREADSUBCHANNEL_SYSSPACE:
- nocopyout = 1;
- /* Fallthrough */
case CDIOCREADSUBCHANNEL:
{
struct ioc_read_subchannel *args
@@ -1546,13 +1542,7 @@
data->header.data_len[1] +
sizeof(struct cd_sub_channel_header)));
cam_periph_unlock(periph);
- if (nocopyout == 0) {
- if (copyout(data, args->data, len) != 0) {
- error = EFAULT;
- }
- } else {
- bcopy(data, args->data, len);
- }
+ error = copyout(data, args->data, len);
free(data, M_SCSICD);
}
break;
--- sys/compat/linux/linux_ioctl.c.orig
+++ sys/compat/linux/linux_ioctl.c
@@ -1549,16 +1549,26 @@
struct ioc_read_subchannel bsdsc;
struct cd_sub_channel_info bsdinfo;
+ error = copyin((void *)args->arg, &sc, sizeof(sc));
+ if (error)
+ break;
+
+ /*
+ * Invoke the native ioctl and bounce the returned data through
+ * the userspace buffer. This works because the Linux structure
+ * is the same size as our structures for the subchannel header
+ * and position data.
+ */
bsdsc.address_format = CD_LBA_FORMAT;
bsdsc.data_format = CD_CURRENT_POSITION;
bsdsc.track = 0;
- bsdsc.data_len = sizeof(bsdinfo);
- bsdsc.data = &bsdinfo;
- error = fo_ioctl(fp, CDIOCREADSUBCHANNEL_SYSSPACE,
- (caddr_t)&bsdsc, td->td_ucred, td);
+ bsdsc.data_len = sizeof(sc);
+ bsdsc.data = (void *)args->arg;
+ error = fo_ioctl(fp, CDIOCREADSUBCHANNEL, (caddr_t)&bsdsc,
+ td->td_ucred, td);
if (error)
break;
- error = copyin((void *)args->arg, &sc, sizeof(sc));
+ error = copyin((void *)args->arg, &bsdinfo, sizeof(bsdinfo));
if (error)
break;
sc.cdsc_audiostatus = bsdinfo.header.audio_status;
--- sys/dev/mcd/mcd.c.orig
+++ sys/dev/mcd/mcd.c
@@ -134,8 +134,7 @@
static int mcd_hard_reset(struct mcd_softc *);
static int mcd_setmode(struct mcd_softc *, int mode);
static int mcd_getqchan(struct mcd_softc *, struct mcd_qchninfo *q);
-static int mcd_subchan(struct mcd_softc *, struct ioc_read_subchannel *sc,
- int nocopyout);
+static int mcd_subchan(struct mcd_softc *, struct ioc_read_subchannel *sc);
static int mcd_toc_header(struct mcd_softc *, struct ioc_toc_header *th);
static int mcd_read_toc(struct mcd_softc *);
static int mcd_toc_entrys(struct mcd_softc *, struct ioc_read_toc_entry *te);
@@ -482,10 +481,8 @@
case CDIOCPLAYMSF:
r = mcd_playmsf(sc, (struct ioc_play_msf *) addr);
break;
- case CDIOCREADSUBCHANNEL_SYSSPACE:
- return mcd_subchan(sc, (struct ioc_read_subchannel *) addr, 1);
case CDIOCREADSUBCHANNEL:
- return mcd_subchan(sc, (struct ioc_read_subchannel *) addr, 0);
+ return mcd_subchan(sc, (struct ioc_read_subchannel *) addr);
case CDIOREADTOCHEADER:
r = mcd_toc_header(sc, (struct ioc_toc_header *) addr);
break;
@@ -1411,7 +1408,7 @@
}
static int
-mcd_subchan(struct mcd_softc *sc, struct ioc_read_subchannel *sch, int nocopyout)
+mcd_subchan(struct mcd_softc *sc, struct ioc_read_subchannel *sch)
{
struct mcd_qchninfo q;
struct cd_sub_channel_info data;
@@ -1478,10 +1475,7 @@
}
MCD_UNLOCK(sc);
- if (nocopyout == 0)
- return copyout(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len));
- bcopy(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len));
- return (0);
+ return (copyout(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len)));
}
static int
--- sys/dev/scd/scd.c.orig
+++ sys/dev/scd/scd.c
@@ -130,7 +130,7 @@
static int scd_playtracks(struct scd_softc *, struct ioc_play_track *pt);
static int scd_playmsf(struct scd_softc *, struct ioc_play_msf *msf);
static int scd_play(struct scd_softc *, struct ioc_play_msf *msf);
-static int scd_subchan(struct scd_softc *, struct ioc_read_subchannel *sch, int nocopyout);
+static int scd_subchan(struct scd_softc *, struct ioc_read_subchannel *sch);
static int read_subcode(struct scd_softc *, struct sony_subchannel_position_data *sch);
/* for xcdplayer */
@@ -357,10 +357,8 @@
case CDIOCPLAYMSF:
error = scd_playmsf(sc, (struct ioc_play_msf *) addr);
break;
- case CDIOCREADSUBCHANNEL_SYSSPACE:
- return scd_subchan(sc, (struct ioc_read_subchannel *) addr, 1);
case CDIOCREADSUBCHANNEL:
- return scd_subchan(sc, (struct ioc_read_subchannel *) addr, 0);
+ return scd_subchan(sc, (struct ioc_read_subchannel *) addr);
case CDIOREADTOCHEADER:
error = scd_toc_header (sc, (struct ioc_toc_header *) addr);
break;
@@ -564,7 +562,7 @@
}
static int
-scd_subchan(struct scd_softc *sc, struct ioc_read_subchannel *sch, int nocopyout)
+scd_subchan(struct scd_softc *sc, struct ioc_read_subchannel *sch)
{
struct sony_subchannel_position_data q;
struct cd_sub_channel_info data;
@@ -594,12 +592,8 @@
data.what.position.absaddr.msf.frame = bcd2bin(q.abs_msf[2]);
SCD_UNLOCK(sc);
- if (nocopyout == 0) {
- if (copyout(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len))!=0)
- return (EFAULT);
- } else {
- bcopy(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len));
- }
+ if (copyout(&data, sch->data, min(sizeof(struct cd_sub_channel_info), sch->data_len))!=0)
+ return (EFAULT);
return (0);
}
--- sys/sys/cdio.h.orig
+++ sys/sys/cdio.h
@@ -274,11 +274,4 @@
#define CDIOCCAPABILITY _IOR('c',30,struct ioc_capability) /*<2>*/
-/*
- * Special version of CDIOCREADSUBCHANNEL which assumes that
- * ioc_read_subchannel->data points to the kernel memory. For
- * use in compatibility layers.
- */
-#define CDIOCREADSUBCHANNEL_SYSSPACE _IOWR('c', 31, struct ioc_read_subchannel)
-
#endif /* !_SYS_CDIO_H_ */

18
share/security/patches/SA-19:11/cd_ioctl.11.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9aFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cI3Vw/+Mc8GXRbl0iHi5N7Xyy0Myc7nFATusTCOJH/nf6eQO/BYgeJjxTgBuqxX
1s9/ivxZE/V1wZiJ8HX99qXlHUYRTrCe0/eetkTRMkndohOloiE3gJ6PxmLv49pw
TM/b9RZ/pNG9hKJmSMIx7fMGumN0Wk20TsYsAVm447ZOIj7DMQHIv9Rn5m0ZkLke
7M70Hha9uJmAv4AYxJ1GI5R9ugw59jd9K1RuAe/htSv+quPWMCu0HEehRHN8dYNR
59yuL4751ypGcDt7whl+CKU63ZwDCBy9DM21fd5kKw3xLBQDGU4bJcR+ncGLt8B3
AJH27WuNnSZ8YS0bNs7YXRoUe4k7pedmTL2To9XiMSKrWza9dr8n++aIHe8gNWEF
5JVKEds20tZo3s+SzLHIHRVKZC3MxoCaIRkkJ5uOD59PqBvYJKBFn83qQ71F6oyZ
mnqhOqp0lrZ1Xckmr49iYNXgjpCu3cVHOUrGzDg3N4u6GlTr79bqkWzGnKwR+tim
5Lq7Fy34ljzdVBqx2rsQN44GFwB0xiumXnTskDT6J0O8UQwZgcOABCrruA2DUli3
vYIUyoHT0+sXe0nFEWLGI/RopEk9C+33lh7R+GUIDmln8iZYBHx0XipOuhlZVeCI
YvO1uKixz9UuG3IStBidWpPZAsNAZI2RGR56c4bckB6KobovErg=
=LP7V
-----END PGP SIGNATURE-----

92
share/security/patches/SA-19:11/cd_ioctl.12.patch Normal file
View file

@ -0,0 +1,92 @@
--- sys/cam/scsi/scsi_cd.c.orig
+++ sys/cam/scsi/scsi_cd.c
@@ -1314,7 +1314,7 @@
struct cam_periph *periph;
struct cd_softc *softc;
- int nocopyout, error = 0;
+ int error = 0;
periph = (struct cam_periph *)dp->d_drv1;
cam_periph_lock(periph);
@@ -1356,7 +1356,6 @@
*/
cam_periph_unlock(periph);
- nocopyout = 0;
switch (cmd) {
case CDIOCPLAYTRACKS:
@@ -1532,9 +1531,6 @@
cam_periph_unlock(periph);
}
break;
- case CDIOCREADSUBCHANNEL_SYSSPACE:
- nocopyout = 1;
- /* Fallthrough */
case CDIOCREADSUBCHANNEL:
{
struct ioc_read_subchannel *args
@@ -1579,13 +1575,7 @@
data->header.data_len[1] +
sizeof(struct cd_sub_channel_header)));
cam_periph_unlock(periph);
- if (nocopyout == 0) {
- if (copyout(data, args->data, len) != 0) {
- error = EFAULT;
- }
- } else {
- bcopy(data, args->data, len);
- }
+ error = copyout(data, args->data, len);
free(data, M_SCSICD);
}
break;
--- sys/compat/linux/linux_ioctl.c.orig
+++ sys/compat/linux/linux_ioctl.c
@@ -1489,16 +1489,26 @@
struct ioc_read_subchannel bsdsc;
struct cd_sub_channel_info bsdinfo;
+ error = copyin((void *)args->arg, &sc, sizeof(sc));
+ if (error)
+ break;
+
+ /*
+ * Invoke the native ioctl and bounce the returned data through
+ * the userspace buffer. This works because the Linux structure
+ * is the same size as our structures for the subchannel header
+ * and position data.
+ */
bsdsc.address_format = CD_LBA_FORMAT;
bsdsc.data_format = CD_CURRENT_POSITION;
bsdsc.track = 0;
- bsdsc.data_len = sizeof(bsdinfo);
- bsdsc.data = &bsdinfo;
- error = fo_ioctl(fp, CDIOCREADSUBCHANNEL_SYSSPACE,
- (caddr_t)&bsdsc, td->td_ucred, td);
+ bsdsc.data_len = sizeof(sc);
+ bsdsc.data = (void *)args->arg;
+ error = fo_ioctl(fp, CDIOCREADSUBCHANNEL, (caddr_t)&bsdsc,
+ td->td_ucred, td);
if (error)
break;
- error = copyin((void *)args->arg, &sc, sizeof(sc));
+ error = copyin((void *)args->arg, &bsdinfo, sizeof(bsdinfo));
if (error)
break;
sc.cdsc_audiostatus = bsdinfo.header.audio_status;
--- sys/sys/cdio.h.orig
+++ sys/sys/cdio.h
@@ -274,11 +274,4 @@
#define CDIOCCAPABILITY _IOR('c',30,struct ioc_capability) /*<2>*/
-/*
- * Special version of CDIOCREADSUBCHANNEL which assumes that
- * ioc_read_subchannel->data points to the kernel memory. For
- * use in compatibility layers.
- */
-#define CDIOCREADSUBCHANNEL_SYSSPACE _IOWR('c', 31, struct ioc_read_subchannel)
-
#endif /* !_SYS_CDIO_H_ */

18
share/security/patches/SA-19:11/cd_ioctl.12.patch.asc Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9aRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKFvA//c5t8a5Abb13ttJyT2EoBJYKVYA/i9cWqJLT8/whxVSMZKCI68hIebx0W
qLJmuJOSdZJjLSZjvoFuQJTqeC4KkMXR+6xAjdVZjWCQDLA1QIKO0a+HedbIijZg
NRCkkbSvu4pkBOpQjDkgJJIVsZmLvvWhHCdFvtTy/rS/cSEqBU/MNJXvsaTc9gz5
byhXrFWg9/NS9t0mK++dI5Z6wTFqyhMKwPYA94IK4zDnyOFQlIvylRBNzQy0gs+v
+EWMeyqDJoh/GGqmF564xdY7XxFEwhxVuQNTrLv/ypQgUFprVcezDI4ZmqXM4ghw
k8pIRfdn6QSwR2INx2mRWDJakNG1aZ3ijdXEZVt4kClnJpbBp/B/xtNem9US3+E1
E2O31CxHm/FlkqhJxMYSZl8JSp3PWCJ7hc7xo3HYM28maLoziuPB9XBdVtqkdB3h
01IIIsQzb9ZpR61OCV/eMohMVima7Os7iBl4SZY49Ke8X0NKcmxl2ZSFXmsjrhyh
ZogBkAyIlO9GuQ46z4z8DhXwy5t1KB6fJmnP2lif6vFYJZopj183hF5qAaDf0jOD
86YfXynXqGomizJm+BMd5/tFCTrnT5wIz0K5CDViL3iNEwBqE4j6+HeNNgvpAKkI
tWPQa2R1MRiywDytEBYaPia9wSnhXH8sF1j8/FxvFiEG39NNCV8=
=l/O+
-----END PGP SIGNATURE-----

22
share/xml/advisories.xml
View file

@ -7,6 +7,28 @@
<year> <year>
<name>2019</name> <name>2019</name>
<month>
<name>7</name>
<day>
<name>2</name>
<advisory>
<name>FreeBSD-SA-19:11.cd_ioctl</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:10.ufs</name>
</advisory>
<advisory>
<name>FreeBSD-SA-19:09.iconv</name>
</advisory>
</day>
</month>
<month> <month>
<name>6</name> <name>6</name>

13
share/xml/notices.xml
View file

@ -7,6 +7,19 @@
<year> <year>
<name>2019</name> <name>2019</name>
<month>
<name>7</name>
<day>
<name>2</name>
<notice>
<name>FreeBSD-EN-19:12.tzdata</name>
</notice>
</day>
</month>
<month> <month>
<name>6</name> <name>6</name>