From owner-svn-doc-all@freebsd.org Sun Oct 15 09:09:55 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CE13E3E5E8; Sun, 15 Oct 2017 09:09:55 +0000 (UTC) (envelope-from wosch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FAB57006A; Sun, 15 Oct 2017 09:09:55 +0000 (UTC) (envelope-from wosch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9F99sKm016034; Sun, 15 Oct 2017 09:09:54 GMT (envelope-from wosch@FreeBSD.org) Received: (from wosch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9F99sHm016033; Sun, 15 Oct 2017 09:09:54 GMT (envelope-from wosch@FreeBSD.org) Message-Id: <201710150909.v9F99sHm016033@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: wosch set sender to wosch@FreeBSD.org using -f From: Wolfram Schneider Date: Sun, 15 Oct 2017 09:09:54 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51123 - head/share/mk X-SVN-Group: doc-head X-SVN-Commit-Author: wosch X-SVN-Commit-Paths: head/share/mk X-SVN-Commit-Revision: 51123 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2017 09:09:55 -0000 Author: wosch Date: Sun Oct 15 09:09:54 2017 New Revision: 51123 URL: https://svnweb.freebsd.org/changeset/doc/51123 Log: support parallel "po" $ make p-po Modified: head/share/mk/doc.project.mk Modified: head/share/mk/doc.project.mk ============================================================================== --- head/share/mk/doc.project.mk Sat Oct 14 13:30:11 2017 (r51122) +++ head/share/mk/doc.project.mk Sun Oct 15 09:09:54 2017 (r51123) @@ -115,7 +115,8 @@ DOC_LOCAL_MK= ${DOC_PREFIX}/${LANGCODE}/share/mk/doc.l # parallel build for target "all" and "clean" NCPU?= ${.MAKE.JOBS} -p-all p-clean: + +p-all p-clean p-po: make -V SUBDIR | sed -E 's/[ ]+$$//' | tr " " "\n" | \ sed -E 's/^/make -C /; s/$$/ ${.TARGET:S/^p-//}/' | \ tr '\n' '\0' | xargs -0 -n1 -P${NCPU:S/^$$/8/} /bin/sh -c From owner-svn-doc-all@freebsd.org Sun Oct 15 16:17:57 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3181FE4612D; Sun, 15 Oct 2017 16:17:57 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0561E7EE44; Sun, 15 Oct 2017 16:17:56 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9FGHuZD095848; Sun, 15 Oct 2017 16:17:56 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9FGHuCo095845; Sun, 15 Oct 2017 16:17:56 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201710151617.v9FGHuCo095845@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Sun, 15 Oct 2017 16:17:56 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51124 - head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Group: doc-head X-SVN-Commit-Author: rene X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Commit-Revision: 51124 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2017 16:17:57 -0000 Author: rene Date: Sun Oct 15 16:17:55 2017 New Revision: 51124 URL: https://svnweb.freebsd.org/changeset/doc/51124 Log: Modernize the portmgr part of the website (part 1). - Replace pointyhat.FreeBSD.org by pkg-status.FreeBSD.org - The ports tree is branched now - Remove mentions of "repocopies", these were leftovers from the CVS era. - Update instructions for handling PRs Parts of the PR were already committed independently by rene at 2017-01-01 when FreeBSD 9.3, 10.1 and 10.2 reached their EOL. Apply some igor fixes while here. PR: 213056 Submitted by: linimon Reviewed by: mat Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies.xml head/en_US.ISO8859-1/htdocs/portmgr/policies_contributors.xml head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/portmgr/policies.xml Sun Oct 15 09:09:54 2017 (r51123) +++ head/en_US.ISO8859-1/htdocs/portmgr/policies.xml Sun Oct 15 16:17:55 2017 (r51124) @@ -31,7 +31,8 @@

portmgr also runs periodic builds of proposed large changes to the Ports Collection on a dedicated area of the automated - ports building cluster. + ports building cluster. + These are termed experimental builds (often referred to as "exp-runs"). Examples of changes that should be tested here before committing include:

@@ -41,13 +42,13 @@ X11 servers, GNOME, KDE, autotools, and so forth

  • changes that change the "accepted best practice" for ports Makefiles, such as definitions or usage of common make - variables (or Makevars). (e.g. consolidation of + variables (or Makevars). (e.g., consolidation of various implementations of USE_*, WITH_*, and so forth)

    • -

  • large repocopies (such as when an existing port category +

  • large changes to the repository (such as when an existing port category is divided up)

    • -

    Again, since the ports tree is not branched, any large-scale +

    Any large-scale failures that might be caused by any of the above need to be caught first before a large number of user installations are affected.

    @@ -59,11 +60,10 @@ commits in certain unusual cases, such as: commits that in their opinion destabilize the Ports Collection; violate the Principle Of Least Astonishment for FreeBSD's users; or in cases - of inter-committer disputes that can not be solved among the + of inter-committer disputes that cannot be solved among the committers themselves.

    -

    Maintain The Automated - Ports Building Cluster

    +

    Maintain The Automated Ports Building Cluster

    portmgr maintains a set of machines that automatically build packages on combinations of FreeBSD source tree versus CPU @@ -167,7 +167,7 @@ their status and interest in continuing to work with the ports tree. Committers who do not respond to such email, or who respond in the negative, have their commit bits reclaimed for safekeeping. - Currrently, this period is one year.

    + Currently, this period is one year.

    In unusual cases it may become necessary to remove Ports Committers for other reasons. This will only be done after serious deliberation, Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_contributors.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/portmgr/policies_contributors.xml Sun Oct 15 09:09:54 2017 (r51123) +++ head/en_US.ISO8859-1/htdocs/portmgr/policies_contributors.xml Sun Oct 15 16:17:55 2017 (r51124) @@ -21,12 +21,12 @@ responses to issues brought to their attention via ema

    The time limit for a maintainer to respond to a PR is two weeks. After that period, if it is a minor change, any ports committer can - commit the change. If it is a major change (e.g. would require a + commit the change. If it is a major change (e.g., would require a regression run), please contact portmgr first.

    We have an add-on to the Problem Reports database known as the auto-assigner, which attempts to automatically notify maintainers of PRs; however, - it depends on the Synopsis containing category/portname. In general, + it depends on the Summary containing category/portname. In general, various people attempt to catch and fix cases where it does not work, but you should not assume so. Therefore, please check to see whether or not the maintainer knows about the PR before @@ -43,8 +43,7 @@ responses to issues brought to their attention via ema

    This period may be shortened by portmgr if the email address returns with a hard bounce. In this case, it is probably desirable to reset - all the maintainer's ports and change any PRs set to 'feedback' back - to 'open'.

    + all the maintainer's ports and check the status of any PRs.

    Commit Privileges

    Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 09:09:54 2017 (r51123) +++ head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 16:17:55 2017 (r51124) @@ -14,14 +14,15 @@

    Support of FreeBSD releases by ports and the ports infrastructure - matches the policies + currently matches the policies set out by the FreeBSD Security Officer. Once a major branch X reaches its EOL date, the "last known good" ports tree will be tagged with the RELEASE_X_EOL tag as a convenience to those remaining users who intend to self-support their installations. This tag is not supported in any way and security fixes will not be applied. Usage is therefore highly discouraged and should only be - used as a last resort.

    + used if there is no other option; consumers are expected to provide + their own support.

    For all supported major src branches, all ports will be included in an automated quality assurance procedure which will build, install, @@ -29,7 +30,7 @@ href="&base;/doc/en_US.ISO8859-1/articles/committers-guide/archs.html#AEN1259"> Tier 1 platforms. Maintainers and committers are notified of failures detected during testing. Ports that are known not to build - or run on a given supported branch or platform will be marked as + or run on a given supported branch and/or platform will be marked as such.

    Prebuilt binary packages will also be provided for all major branches @@ -128,7 +129,7 @@ -

    Older releases are not maintained, ports and packages may not be able +

    Older releases are not maintained; ports and packages may not be able to install or run. Users are strongly encouraged to upgrade to one of the supported releases mentioned above.

    From owner-svn-doc-all@freebsd.org Sun Oct 15 16:38:03 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BDF1E46B4E; Sun, 15 Oct 2017 16:38:03 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 182E17FD56; Sun, 15 Oct 2017 16:38:03 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9FGc2xT004654; Sun, 15 Oct 2017 16:38:02 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9FGc2ZG004653; Sun, 15 Oct 2017 16:38:02 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201710151638.v9FGc2ZG004653@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Sun, 15 Oct 2017 16:38:02 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51125 - head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Group: doc-head X-SVN-Commit-Author: rene X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Commit-Revision: 51125 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2017 16:38:03 -0000 Author: rene Date: Sun Oct 15 16:38:02 2017 New Revision: 51125 URL: https://svnweb.freebsd.org/changeset/doc/51125 Log: Add FreeBSD 10.4-RELEASE and 11.1-RELEASE to the supported releases of the portmgr website. While here, re-list 12-aarch64 and sort architectures. Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 16:17:55 2017 (r51124) +++ head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 16:38:02 2017 (r51125) @@ -80,14 +80,26 @@ April 30, 2018 + releng/10.4 + 10.4-RELEASE + releng/10.3 + +
      +
    • FreeBSD:10:amd64
      • +
    • FreeBSD:10:i386
      • +
    + + October 31, 2018 + + stable/11 n/a releng/11.0
    • FreeBSD:11:aarch64
      • -
    • FreeBSD:11:armv6
    • FreeBSD:11:amd64
      • +
    • FreeBSD:11:armv6
    • FreeBSD:11:i386
    • FreeBSD:11:mips
    • FreeBSD:11:mips64
      • @@ -102,8 +114,8 @@
      • FreeBSD:11:aarch64
        • -
      • FreeBSD:11:armv6
      • FreeBSD:11:amd64
        • +
      • FreeBSD:11:armv6
      • FreeBSD:11:i386
      • FreeBSD:11:mips
      • FreeBSD:11:mips64
        • @@ -112,17 +124,34 @@ 11.1-RELEASE + 3 months + releng/11.1 + 11.1-RELEASE + releng/11.0 + +
          +
        • FreeBSD:11:aarch64
          • +
        • FreeBSD:11:amd64
          • +
        • FreeBSD:11:armv6
          • +
        • FreeBSD:11:i386
          • +
        • FreeBSD:11:mips
          • +
        • FreeBSD:11:mips64
          • +
        + + 11.2-RELEASE + 3 months + + HEAD n/a HEAD
          - -
        • FreeBSD:12:armv6
          • +
        • FreeBSD:12:aarch64
        • FreeBSD:12:amd64
          • +
        • FreeBSD:12:armv6
        • FreeBSD:12:i386
        • FreeBSD:12:mips
        • FreeBSD:12:mips64
          • +
        • FreeBSD:12:powerpc64
        Best Effort From owner-svn-doc-all@freebsd.org Sun Oct 15 18:24:59 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3F9AE48583; Sun, 15 Oct 2017 18:24:59 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9608C8240B; Sun, 15 Oct 2017 18:24:59 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9FIOwWi051453; Sun, 15 Oct 2017 18:24:58 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9FIOw2O051452; Sun, 15 Oct 2017 18:24:58 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201710151824.v9FIOw2O051452@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Sun, 15 Oct 2017 18:24:58 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51126 - head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Group: doc-head X-SVN-Commit-Author: rene X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/portmgr X-SVN-Commit-Revision: 51126 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2017 18:24:59 -0000 Author: rene Date: Sun Oct 15 18:24:58 2017 New Revision: 51126 URL: https://svnweb.freebsd.org/changeset/doc/51126 Log: Sync EoL date of stable/10 on the portmgr pages with that of the security pages. Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Modified: head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 16:38:02 2017 (r51125) +++ head/en_US.ISO8859-1/htdocs/portmgr/policies_eol.xml Sun Oct 15 18:24:58 2017 (r51126) @@ -65,7 +65,7 @@
      • FreeBSD:10:i386
      - last release + 2 years + October 31, 2018 releng/10.3 From owner-svn-doc-all@freebsd.org Tue Oct 17 17:43:46 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 660CBE41811; Tue, 17 Oct 2017 17:43:46 +0000 (UTC) (envelope-from romain@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33D877700B; Tue, 17 Oct 2017 17:43:46 +0000 (UTC) (envelope-from romain@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9HHhj0Y057643; Tue, 17 Oct 2017 17:43:45 GMT (envelope-from romain@FreeBSD.org) Received: (from romain@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9HHhj0Q057642; Tue, 17 Oct 2017 17:43:45 GMT (envelope-from romain@FreeBSD.org) Message-Id: <201710171743.v9HHhj0Q057642@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: romain set sender to romain@FreeBSD.org using -f From: =?UTF-8?Q?Romain_Tarti=c3=a8re?= Date: Tue, 17 Oct 2017 17:43:45 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51127 - head/en_US.ISO8859-1/articles/committers-guide X-SVN-Group: doc-head X-SVN-Commit-Author: romain X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/committers-guide X-SVN-Commit-Revision: 51127 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 17:43:46 -0000 Author: romain (ports committer) Date: Tue Oct 17 17:43:45 2017 New Revision: 51127 URL: https://svnweb.freebsd.org/changeset/doc/51127 Log: The documentation incorrectly states that % svn copy foo.c bar.c and % cp foo.c bar.c % svn add bar.c are equivalent. However, the first one keeps foo.c history and the second gets rid of it. Fix this and explain the difference. Reviewed by: brd, allanjude Approved by: allanjude Differential Revision: https://reviews.freebsd.org/D12678 Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml ============================================================================== --- head/en_US.ISO8859-1/articles/committers-guide/article.xml Sun Oct 15 18:24:58 2017 (r51126) +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Tue Oct 17 17:43:45 2017 (r51127) @@ -960,14 +960,15 @@ You need a Passphrase to protect your secret key.This command creates a copy of foo.c named bar.c, - with the new file also under version control: + with the new file also under version control and with the full + history of foo.c: &prompt.user; svn copy foo.c bar.c - The example above is equivalent to: - - &prompt.user; cp foo.c bar.c -&prompt.user; svn add bar.c + This is usually preferred to copying the file with + cp and adding it to the repository with + svn add because this way the new file does not + inherit the original one's history. To move and rename a file: From owner-svn-doc-all@freebsd.org Tue Oct 17 18:11:24 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2266E4282D; Tue, 17 Oct 2017 18:11:24 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 88DAC7C83D; Tue, 17 Oct 2017 18:11:24 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9HIBNqf069528; Tue, 17 Oct 2017 18:11:23 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9HIBNZ0069524; Tue, 17 Oct 2017 18:11:23 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201710171811.v9HIBNZ0069524@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 17 Oct 2017 18:11:23 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51128 - in head/share: security/advisories security/patches/SA-17:07 xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/SA-17:07 xml X-SVN-Commit-Revision: 51128 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 18:11:25 -0000 Author: gordon (src,ports committer) Date: Tue Oct 17 18:11:23 2017 New Revision: 51128 URL: https://svnweb.freebsd.org/changeset/doc/51128 Log: Add SA-17:07. Added: head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc (contents, props changed) head/share/security/patches/SA-17:07/ head/share/security/patches/SA-17:07/wpa-11.patch (contents, props changed) head/share/security/patches/SA-17:07/wpa-11.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc Tue Oct 17 18:11:23 2017 (r51128) @@ -0,0 +1,159 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-17:07.wpa Security Advisory + The FreeBSD Project + +Topic: WPA2 protocol vulnerability + +Category: contrib +Module: wpa +Announced: 2017-10-16 +Credits: Mathy Vanhoef +Affects: All supported versions of FreeBSD. +Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) + 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) + 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) +CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, + CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, + CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Wi-Fi Protected Access II (WPA2) is a security protocol developed by the +Wi-Fi Alliance to secure wireless computer networks. + +hostapd and wpa_supplicant are implementations of user space daemon for +access points and wireless client that implements the WPA2 protocol. + +II. Problem Description + +A vulnerability was found in how a number of implementations can be +triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by +replaying a specific frame that is used to manage the keys. + +III. Impact + +Such reinstallation of the encryption key can result in two different +types of vulnerabilities: disabling replay protection and significantly +reducing the security of encryption to the point of allowing frames to +be decrypted or some parts of the keys to be determined by an attacker +depending on which cipher is used. + +IV. Workaround + +An updated version of wpa_supplicant is available in the FreeBSD Ports +Collection. Install version 2.6_2 or later of the +security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf +to use the new binary: + +wpa_supplicant_program="/usr/local/sbin/wpa_supplicant" + +and restart networking. + +An updated version of hostapd is available in the FreeBSD Ports +Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. +Once installed, update /etc/rc.conf to use the new binary: + +hostapd_program="/usr/local/sbin/hostapd" + +and restart hostapd. + +V. Solution + +Patches are currently available for stable/11, releng/11.0, and +releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are +still being evaluated. + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Restart the Wi-Fi network interfaces/hostapd or reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart the Wi-Fi network interfaces/hostapd or reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] +# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch +# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc +# gpg --verify wpa-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r324697 +releng/11.0/ r324698 +releng/11.1/ r324699 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnmRUZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +aueKcxAAwObogcEZAgGioU4uZvk9kKIpmG/NwvUjcZ0viFhePowKnh6/UoFDd+13 +NsjriznPNKbXPch2Gp3Zwgd/hff10vlvr69QOFXnI3/Y8b+thxkl1kCAxC0xkfEl +eQBzjllMrjtrSgfKtoWInxnZLIrghuJAg4Jvvz+uWd3VTggM0pQgLUuhR/a8lWHd +3HBj5//sOhmVW2OFYC5dskYAn6TqyHtlMP9AT32h6QEyEzJeNWMlToELxy6OK59j +MYaS0vclz7QT+4SATvcl8RCmxmYfyWxEtFhDmPNz4mfQ915AxTjGFv7KbjTZtunl +k3niR3O8F450xduw5Yj9Mz3YdZ4ZYmvHbDgQLsMNwAmtQvXSteXUUBVNVAg9PsjR +4kxlEFsStWh6CtJVKYUvKDThnHrWYLiVUh6o/FtRm5fx2ws/gcj7H9csr8mQ0pkO +zm9jVOgMe7pqI7gygOfb61Rjz6PnLgVQcnP2LoC9pB21O5Q/Q2rv9d6XN3mQ6CQ2 ++mUEZ5M7TWyd6gFrP2Eu6srec1nT1NjVjzyyupgusiQve3xV0wacG0jwgy7+VXE8 +Ls2a/SObVDZkvFhOYMrLVui33l7f/vgT0KImyO2fkaWjbDcEyVcm1f+A7K+hqwp8 +2O/Eh+NVSG0GIbt9pro0BxsZhMb/V4WmWV+4WnLKPwCQZ9fimKA= +=aNWn +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-17:07/wpa-11.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:07/wpa-11.patch Tue Oct 17 18:11:23 2017 (r51128) @@ -0,0 +1,656 @@ +--- contrib/wpa/src/ap/wpa_auth.c.orig ++++ contrib/wpa/src/ap/wpa_auth.c +@@ -1893,6 +1893,21 @@ + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2414,9 +2429,12 @@ + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +@@ -3209,6 +3227,14 @@ + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +--- contrib/wpa/src/ap/wpa_auth.h.orig ++++ contrib/wpa/src/ap/wpa_auth.h +@@ -271,6 +271,7 @@ + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +--- contrib/wpa/src/ap/wpa_auth_ft.c.orig ++++ contrib/wpa/src/ap/wpa_auth_ft.c +@@ -780,6 +780,14 @@ + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -792,6 +800,7 @@ + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -898,6 +907,7 @@ + + sm->pairwise = pairwise; + sm->PTK_valid = TRUE; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +--- contrib/wpa/src/ap/wpa_auth_i.h.orig ++++ contrib/wpa/src/ap/wpa_auth_i.h +@@ -64,6 +64,7 @@ + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +--- contrib/wpa/src/common/wpa_common.h.orig ++++ contrib/wpa/src/common/wpa_common.h +@@ -213,9 +213,21 @@ + size_t kck_len; + size_t kek_len; + size_t tk_len; ++ int installed; /* 1 if key has already been installed to driver */ + }; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; + ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ ++ + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) + * 0x01 0x00 (version; little endian) +--- contrib/wpa/src/rsn_supp/tdls.c.orig ++++ contrib/wpa/src/rsn_supp/tdls.c +@@ -112,6 +112,7 @@ + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + int tpk_in_progress; + +@@ -192,6 +193,20 @@ + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -209,6 +224,8 @@ + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " +@@ -215,6 +232,7 @@ + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -690,7 +708,7 @@ + peer->cipher = 0; + peer->qos_info = 0; + peer->wmm_capable = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + peer->chan_switch_enabled = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); +@@ -1153,6 +1171,7 @@ + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1745,6 +1764,19 @@ + } + + ++static int tdls_nonce_set(const u8 *nonce) ++{ ++ int i; ++ ++ for (i = 0; i < WPA_NONCE_LEN; i++) { ++ if (nonce[i]) ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, + const u8 *buf, size_t len) + { +@@ -1998,7 +2030,8 @@ + peer->rsnie_i_len = kde.rsn_ie_len; + peer->cipher = cipher; + +- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { ++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || ++ !tdls_nonce_set(peer->inonce)) { + /* + * There is no point in updating the RNonce for every obtained + * TPK M1 frame (e.g., retransmission due to timeout) with the +@@ -2014,6 +2047,7 @@ + "TDLS: Failed to get random data for responder nonce"); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + } + + #if 0 +@@ -2170,6 +2204,14 @@ + "ignore TPK M2 from " MACSTR, MAC2STR(src_addr)); + return -1; + } ++ ++ if (peer->tpk_success) { ++ wpa_printf(MSG_INFO, "TDLS: Ignore incoming TPK M2 retry, from " ++ MACSTR " as TPK M3 was already sent", ++ MAC2STR(src_addr)); ++ return 0; ++ } ++ + wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST); + + if (len < 3 + 2 + 1) { +--- contrib/wpa/src/rsn_supp/wpa.c.orig ++++ contrib/wpa/src/rsn_supp/wpa.c +@@ -605,6 +605,12 @@ + const u8 *key_rsc; + u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + ++ if (sm->ptk.installed) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Do not re-install same PTK to the driver"); ++ return 0; ++ } ++ + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing PTK to the driver"); + +@@ -643,6 +649,7 @@ + + /* TK is not needed anymore in supplicant */ + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); ++ sm->ptk.installed = 1; + + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); +@@ -692,11 +699,23 @@ + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -731,6 +750,15 @@ + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } ++ + return 0; + } + +@@ -788,7 +816,7 @@ + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) { ++ wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + os_memset(&gd, 0, sizeof(gd)); +@@ -802,6 +830,58 @@ + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) ++{ ++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), ++ broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, len) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -812,30 +892,14 @@ + if (ie->igtk) { + size_t len; + const struct wpa_igtk_kde *igtk; +- u16 keyidx; ++ + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, len); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; +- } +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, len) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); +- return -1; +- } + } + + return 0; +@@ -1483,7 +1547,7 @@ + if (ret) + goto failed; + +- if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) + goto failed; + os_memset(&gd, 0, sizeof(gd)); +@@ -2251,7 +2315,7 @@ + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2277,11 +2341,11 @@ + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. +@@ -2291,6 +2355,12 @@ + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2322,6 +2392,9 @@ + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +@@ -2807,6 +2880,12 @@ + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); ++#endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); + os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); +@@ -2870,7 +2949,7 @@ + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + os_memset(&gd, 0, sizeof(gd)); + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); +@@ -2879,29 +2958,11 @@ + os_memset(&gd, 0, sizeof(gd)); + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- struct wpa_igtk_kde igd; +- u16 keyidx; ++ const struct wpa_igtk_kde *igtk; + +- os_memset(&igd, 0, sizeof(igd)); +- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); +- +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, keylen); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, keylen); +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, keylen) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); +- os_memset(&igd, 0, sizeof(igd)); ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; +- } +- os_memset(&igd, 0, sizeof(igd)); + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +--- contrib/wpa/src/rsn_supp/wpa_ft.c.orig ++++ contrib/wpa/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +--- contrib/wpa/src/rsn_supp/wpa_i.h.orig ++++ contrib/wpa/src/rsn_supp/wpa_i.h +@@ -30,6 +30,12 @@ + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +@@ -121,6 +127,7 @@ + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +--- contrib/wpa/wpa_supplicant/ctrl_iface.c.orig ++++ contrib/wpa/wpa_supplicant/ctrl_iface.c +@@ -6891,6 +6891,7 @@ + } + + eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL); ++ wpa_s->wnmsleep_used = 0; + } + + +--- contrib/wpa/wpa_supplicant/events.c.orig ++++ contrib/wpa/wpa_supplicant/events.c +@@ -303,6 +303,7 @@ + wpa_s->key_mgmt = 0; + + wpas_rrm_reset(wpa_s); ++ wpa_s->wnmsleep_used = 0; + } + + +--- contrib/wpa/wpa_supplicant/wnm_sta.c.orig ++++ contrib/wpa/wpa_supplicant/wnm_sta.c +@@ -137,6 +137,8 @@ + if (res < 0) + wpa_printf(MSG_DEBUG, "Failed to send WNM-Sleep Request " + "(action=%d, intval=%d)", action, intval); ++ else ++ wpa_s->wnmsleep_used = 1; + + os_free(wnmsleep_ie); + os_free(wnmtfs_ie); +@@ -187,6 +189,12 @@ + end = ptr + key_len_total; + wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total); + ++ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) { ++ wpa_msg(wpa_s, MSG_INFO, ++ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled"); ++ return; ++ } ++ + while (ptr + 1 < end) { + if (ptr + 2 + ptr[1] > end) { + wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element " +@@ -247,6 +255,12 @@ + u8 *tfsresp_ie_end = NULL; + size_t left; + ++ if (!wpa_s->wnmsleep_used) { ++ wpa_printf(MSG_DEBUG, ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); ++ return; ++ } ++ + if (len < 3) + return; + key_len_total = WPA_GET_LE16(frm + 1); +@@ -282,6 +296,8 @@ + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +--- contrib/wpa/wpa_supplicant/wpa_supplicant_i.h.orig ++++ contrib/wpa/wpa_supplicant/wpa_supplicant_i.h +@@ -658,6 +658,7 @@ + unsigned int reattach:1; /* reassociation to the same BSS requested */ + unsigned int mac_addr_changed:1; + unsigned int added_vif:1; ++ unsigned int wnmsleep_used:1; + + struct os_reltime last_mac_addr_change; + int last_mac_addr_style; Added: head/share/security/patches/SA-17:07/wpa-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:07/wpa-11.patch.asc Tue Oct 17 18:11:23 2017 (r51128) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnmRVxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +aueRhRAAmv4P5U4e6PpiJHsgVTaZbegTzCAHpTKjvvA2gnSweZdY3aqiKvuFcqjJ +A/Vtm/4GYeAFeBctZhEbb0bxBKod5vvTaC/VOwR+es1uP8rAHnhsvSXkv/UwJWo8 +p77SV7eSrNNhb2UGG4xSd3WyQPVFkyFgX+xB8EVszBGAEgQwog+ZfVnTLEotSYZ6 +hg4gKQxOAMCCdONslh3kBRepk8VpWgLjdX2rMZjaM8UBBNhqFAAbdPCBHldqU7Ra +cELsKGlI8ZrKBZGRUv7d6l0TRyErC6sMcHjV+zvuPl0s7g6GKX+7hXQhtT0Rj9aR +r7rd4JFUPdyA7QExWkm2yR+XMoaziWe1f1HfGdGO3QVUPfojNIDXU4/W6XtGo3vm +dlD+2fNz6LFPNSbWETxHr8vvMJLhbWU2/1q34dj1aFIf7D00cN+TzIFLdspm0x0u +5dVDw16NL5Z7W3stAxGAoeS18ZKIg3ZlndtSOydrt6lF8BZtSlS4mOikO/qX1ySs +vE2yFNslvwG63Pr1fEeme9j1SFd32m2+UuWgIihYxUxyIfAF/ohtNTEfefmKaAJQ +hNj41nFzvR9sxKlGmNosPTBybbvjP5P/nFeC3Azk1BAmkadlasueIRUwgagAxgQQ +WwU3LOCxQ4zoLe4mLDMguo4GrbO9p2LNhsI03rEDYD+iDLXzKzs= +=hrIq +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Oct 17 17:43:45 2017 (r51127) +++ head/share/xml/advisories.xml Tue Oct 17 18:11:23 2017 (r51128) @@ -8,6 +8,18 @@ 2017 + 10 + + + 17 + + + FreeBSD-SA-17:07.wpa + + + + + 8 From owner-svn-doc-all@freebsd.org Wed Oct 18 14:53:50 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D5E0E3B288; Wed, 18 Oct 2017 14:53:50 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2856880B40; Wed, 18 Oct 2017 14:53:50 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9IErn39089483; Wed, 18 Oct 2017 14:53:49 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9IErnMh089482; Wed, 18 Oct 2017 14:53:49 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201710181453.v9IErnMh089482@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Wed, 18 Oct 2017 14:53:49 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51129 - head/en_US.ISO8859-1/books/porters-handbook/uses X-SVN-Group: doc-head X-SVN-Commit-Author: mat X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/uses X-SVN-Commit-Revision: 51129 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 14:53:50 -0000 Author: mat Date: Wed Oct 18 14:53:49 2017 New Revision: 51129 URL: https://svnweb.freebsd.org/changeset/doc/51129 Log: Add a link to where scons is used. Sponsored by: Absolight Modified: head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Tue Oct 17 18:11:23 2017 (r51128) +++ head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Wed Oct 18 14:53:49 2017 (r51129) @@ -2586,7 +2586,8 @@ USE_PYQT= core doc_build designer_run Possible arguments: (none) Provide support for the use of devel/scons + role="port">devel/scons. See for more information. From owner-svn-doc-all@freebsd.org Thu Oct 19 00:01:48 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A672E474F6; Thu, 19 Oct 2017 00:01:48 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27F936F55C; Thu, 19 Oct 2017 00:01:48 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J01lXY019342; Thu, 19 Oct 2017 00:01:47 GMT (envelope-from dbaio@FreeBSD.org) Received: (from dbaio@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J01lpr019341; Thu, 19 Oct 2017 00:01:47 GMT (envelope-from dbaio@FreeBSD.org) Message-Id: <201710190001.v9J01lpr019341@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dbaio set sender to dbaio@FreeBSD.org using -f From: "Danilo G. Baio" Date: Thu, 19 Oct 2017 00:01:47 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51130 - head/en_US.ISO8859-1/articles/contributors X-SVN-Group: doc-head X-SVN-Commit-Author: dbaio X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/contributors X-SVN-Commit-Revision: 51130 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 00:01:48 -0000 Author: dbaio (ports committer) Date: Thu Oct 19 00:01:47 2017 New Revision: 51130 URL: https://svnweb.freebsd.org/changeset/doc/51130 Log: Add new contributors Lacey Powers for databases/pg_partman and security/chkrootkit [1] Neal Nelson for devel/nimble and lang/nim [2] Sebastian Schwarz for of mail/py-afew [3] PR: 222926 [1] PR: 222427 [2] PR: 222629 [3] Modified: head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml Modified: head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml ============================================================================== --- head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml Wed Oct 18 14:53:49 2017 (r51129) +++ head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml Thu Oct 19 00:01:47 2017 (r51130) @@ -5980,6 +5980,11 @@ + Lacey Powers + lacey.leanne@gmail.com + + + Lapo Luchini lapo@lapo.it @@ -7565,6 +7570,11 @@ + Neal Nelson + ports@nicandneal.net + + + Necati Ersen Siseci siseci@enderunix.org @@ -9525,6 +9535,11 @@ Sébastian Santoro dereckson@gmail.com + + + + Sebastian Schwarz + seschwar@gmail.com From owner-svn-doc-all@freebsd.org Thu Oct 19 01:10:42 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39D64E48679; Thu, 19 Oct 2017 01:10:42 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EEACC71312; Thu, 19 Oct 2017 01:10:41 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J1AfdV046069; Thu, 19 Oct 2017 01:10:41 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J1AffX046068; Thu, 19 Oct 2017 01:10:41 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201710190110.v9J1AffX046068@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Thu, 19 Oct 2017 01:10:41 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51131 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: bjk X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 51131 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 01:10:42 -0000 Author: bjk Date: Thu Oct 19 01:10:40 2017 New Revision: 51131 URL: https://svnweb.freebsd.org/changeset/doc/51131 Log: Add per-category descriptive paragraphs to the status report template Reviewed by: no one Differential Revision: https://reviews.freebsd.org/D12642 Modified: head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-template.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Thu Oct 19 00:01:47 2017 (r51130) +++ head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Thu Oct 19 01:10:40 2017 (r51131) @@ -51,48 +51,72 @@ team &os; Team Reports + +

      Entries from the various official and semi-official teams, + as found in the Administration + Page.

      proj Projects + +

      Projects that span multiple categories, from the kernel and userspace + to the Ports Collection or external projects.

       kern Kernel + +

      Updates to kernel subsystems/features, driver support, + filesystems, and more.

       arch Architectures + +

      Updating platform-specific features and bringing in support + for new hardware platforms.

      .       bin Userland Programs + +

      Changes affecting the base system and programs in it.

       ports Ports + +

      Changes affecting the Ports Collection, whether sweeping + changes that touch most of the tree, or individual ports + themselves.

       doc Documentation + +

      Noteworthy changes in the documentation tree or new external + books/documents.

       misc Miscellaneous + +

      Objects that defy categorization.

       From owner-svn-doc-all@freebsd.org Thu Oct 19 01:38:12 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD731E492C6; Thu, 19 Oct 2017 01:38:12 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C97C71F1B; Thu, 19 Oct 2017 01:38:12 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J1cB2d058320; Thu, 19 Oct 2017 01:38:11 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J1cBqu058319; Thu, 19 Oct 2017 01:38:11 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201710190138.v9J1cBqu058319@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Thu, 19 Oct 2017 01:38:11 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51132 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: bjk X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 51132 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 01:38:12 -0000 Author: bjk Date: Thu Oct 19 01:38:11 2017 New Revision: 51132 URL: https://svnweb.freebsd.org/changeset/doc/51132 Log: Fix typo from r51131 Since the template itself is not built, the missing semicolon was overlooked. Modified: head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-template.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Thu Oct 19 01:10:40 2017 (r51131) +++ head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Thu Oct 19 01:38:11 2017 (r51132) @@ -53,7 +53,7 @@ &os; Team Reports

      Entries from the various official and semi-official teams, - as found in the Administration + as found in the Administration Page.

       From owner-svn-doc-all@freebsd.org Thu Oct 19 01:45:53 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D35A3E498A0; Thu, 19 Oct 2017 01:45:53 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AF9D572534; Thu, 19 Oct 2017 01:45:53 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J1jqK9062476; Thu, 19 Oct 2017 01:45:52 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J1jqXT062473; Thu, 19 Oct 2017 01:45:52 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201710190145.v9J1jqXT062473@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Thu, 19 Oct 2017 01:45:52 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51133 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: bjk X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 51133 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 01:45:53 -0000 Author: bjk Date: Thu Oct 19 01:45:52 2017 New Revision: 51133 URL: https://svnweb.freebsd.org/changeset/doc/51133 Log: Copy report template for 2017Q3 status report Copy over the report template for the next quarterly status report and hook it up to the build. Nothing links to it, yet, though. Added: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml - copied unchanged from r51132, head/en_US.ISO8859-1/htdocs/news/status/report-template.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/Makefile Modified: head/en_US.ISO8859-1/htdocs/news/status/Makefile ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/Makefile Thu Oct 19 01:38:11 2017 (r51132) +++ head/en_US.ISO8859-1/htdocs/news/status/Makefile Thu Oct 19 01:45:52 2017 (r51133) @@ -78,6 +78,7 @@ XMLDOCS+= report-2016-07-2016-09 XMLDOCS+= report-2016-10-2016-12 XMLDOCS+= report-2017-01-2017-03 XMLDOCS+= report-2017-04-2017-06 +XMLDOCS+= report-2017-07-2017-09 XSLT.DEFAULT= report.xsl Copied: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml (from r51132, head/en_US.ISO8859-1/htdocs/news/status/report-template.xml) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Thu Oct 19 01:45:52 2017 (r51133, copy of r51132, head/en_US.ISO8859-1/htdocs/news/status/report-template.xml) @@ -0,0 +1,135 @@ + + + + + + + + + + %%START%%-%%STOP%% + + %%YEAR%% + + +
      + Introduction + +

      This is a draft of the %%START%%–%%STOP%% %%YEAR%% + status report. Please check back after it is finalized, and + an announcement email is sent to the &os;-Announce mailing + list.

      + + This report covers &os;-related projects between %%START%% and + %%STOP%% %%YEAR%%. This is the %%NUM%% of four reports planned for + %%YEAR%%.

      + +

      The %%NUM%% quarter of %%YEAR%% was another productive quarter for + the &os; project and community. [...]

      + +

      Thanks to all the reporters for the excellent work!

      + +

      The deadline for submissions covering the period from %%STARTNEXT%% + to %%STOPNEXT%% %%YEARNEXT%% is %%DUENEXT%%, %%YEARNEXT%%.

      + ?> +
      + + + team + + &os; Team Reports + +

      Entries from the various official and semi-official teams, + as found in the Administration + Page.

      +       + + + proj + + Projects + +

      Projects that span multiple categories, from the kernel and userspace + to the Ports Collection or external projects.

      +       + + + kern + + Kernel + +

      Updates to kernel subsystems/features, driver support, + filesystems, and more.

      +       + + + arch + + Architectures + +

      Updating platform-specific features and bringing in support + for new hardware platforms.

      . +       + + + bin + + Userland Programs + +

      Changes affecting the base system and programs in it.

      +       + + + ports + + Ports + +

      Changes affecting the Ports Collection, whether sweeping + changes that touch most of the tree, or individual ports + themselves.

      +       + + + doc + + Documentation + +

      Noteworthy changes in the documentation tree or new external + books/documents.

      +       + + + misc + + Miscellaneous + +

      Objects that defy categorization.

      +       + + + third + + Third-Party Projects + +

      Many projects build upon &os; or incorporate components of + &os; into their project. As these projects may be of interest + to the broader &os; community, we sometimes include brief + updates submitted by these projects in our quarterly report. + The &os; project makes no representation as to the accuracy or + veracity of any claims in these submissions.

      +       + +       From owner-svn-doc-all@freebsd.org Thu Oct 19 02:08:25 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B81FE4A6E9; Thu, 19 Oct 2017 02:08:25 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A79872FAB; Thu, 19 Oct 2017 02:08:25 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J28Osx070845; Thu, 19 Oct 2017 02:08:24 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J28OXq070844; Thu, 19 Oct 2017 02:08:24 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201710190208.v9J28OXq070844@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Thu, 19 Oct 2017 02:08:24 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51134 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: bjk X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 51134 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 02:08:25 -0000 Author: bjk Date: Thu Oct 19 02:08:24 2017 New Revision: 51134 URL: https://svnweb.freebsd.org/changeset/doc/51134 Log: Add 2017Q3 re entry, from gjb Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Thu Oct 19 01:45:52 2017 (r51133) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Thu Oct 19 02:08:24 2017 (r51134) @@ -132,4 +132,52 @@ veracity of any claims in these submissions.

      + + &os; Release Engineering Team + + + + &os; Release Engineering Team + re@FreeBSD.org + + + + + &os; 11.1-RELEASE Announcement + &os; 10.4-RELEASE Schedule + &os; Development Snapshots + + + +

      The &os; Release Engineering Team is responsible for setting + and publishing release schedules for official project releases + of &os;, announcing code freezes, and maintaining the + respective branches, among other things.

      + +

      The &os; Release Engineering Team continued finalizing the + 11.1-RELEASE cycle, with the final release builds starting on + July 21 and the official release announcement email sent on + July 26. Thank you to everyone who helped test 11.1-RELEASE, + ensuring its quality and stability. [1]

      + +

      &os; 11.1-RELEASE is the second release from the + stable/11 branch.

      + +

      Additionally, the &os; Release Engineering Team started the + 10.4-RELEASE cycle, with the code slush starting on July 28. + With the final release build expected to start on September 29 + and the official announcement overlapping the end of the + quarter, everything is on schedule as of this + writing. [2]

      + +

      &os; 10.4-RELEASE will be the fifth release from the + stable/10 branch, and is planned to be the final release + of the 10.x series.

      + + + The &os; Foundation [1] + + The &os; Foundation [2] +       + From owner-svn-doc-all@freebsd.org Thu Oct 19 02:48:29 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3DEAE4BE94; Thu, 19 Oct 2017 02:48:28 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CDD28742B8; Thu, 19 Oct 2017 02:48:28 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J2mR28087342; Thu, 19 Oct 2017 02:48:27 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J2mR5W087341; Thu, 19 Oct 2017 02:48:27 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201710190248.v9J2mR5W087341@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Thu, 19 Oct 2017 02:48:27 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51135 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: bjk X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 51135 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 02:48:29 -0000 Author: bjk Date: Thu Oct 19 02:48:27 2017 New Revision: 51135 URL: https://svnweb.freebsd.org/changeset/doc/51135 Log: Add 2017Q3 AMD Zen architecture support entry from cem Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Thu Oct 19 02:08:24 2017 (r51134) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2017-07-2017-09.xml Thu Oct 19 02:48:27 2017 (r51135) @@ -180,4 +180,78 @@ The &os; Foundation [2] + + AMD Zen (family 17h) support + + + + + Conrad + Meyer + cem@FreeBSD.org + + + + + +

      This quarter, a bit of work was done to enhance platform + support for AMD Zen (Ryzen, Threadripper, Epyc) processors:

      + +
        +
      • The CPU topology detection code was enhanced to properly + detect Zen dies and CCXes. This gives the scheduler more + locality information to make scheduling decisions.
        • + +
      • The x86 topology analysis was enhanced to report dies and + CCXes, in addition to the existing reporting on packages, + cores, and threads. An example of the new output is + "FreeBSD/SMP: 1 package(s) x 2 groups x 2 cache groups + x 4 core(s) x 2 hardware threads".
        • + +
      • The amdsmn(4) driver for accessing SMN (System Management + Network) registers was added.
        • + +
      • CPU temperature monitoring support for Zen was added to + amdtemp(4).
        • + +
      • In cpufreq(4): +
          +
        • Added support for decoding Zen P-state info from MSRs + (mostly not necessary due to ACPI P-state information, + but potentially useful)
          • + +
        • Work around the apparent Ryzen inability to achieve + the P1 state by not busying cores waiting to + transition.
          • +
        +
        • + +
      • The intpm(4) smbus driver was fixed to attach to FCH + (Fusion Controller Hub).
        • + +
      • All MCA banks are now enabled and monitored on Zen + CPUs.
        • + +
      • Feature bit decoding was added for: CLZERO, SVM features, + RAS capabilities.
        • + +
      • SHA intrinsic support was added to the aesni(4) driver. + Ryzen is currently the only desktop processor to feature + these intrinsics. Support is also present in Intel's + Goldmont line of low end SoCs.
        • +
      + +

      Overall, Zen is now a very usable platform for x86 + workstations and servers.

      + + + Dell EMC Isilon + + + Add HWPMC support for new performance counters in + Zen. + + Add support for the CCP (Crypto Co-Processor). + +       From owner-svn-doc-all@freebsd.org Thu Oct 19 03:28:01 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8E2EE4D947; Thu, 19 Oct 2017 03:28:01 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7388A76192; Thu, 19 Oct 2017 03:28:01 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J3S0nn005029; Thu, 19 Oct 2017 03:28:00 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J3S0Fp005026; Thu, 19 Oct 2017 03:28:00 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201710190328.v9J3S0Fp005026@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 19 Oct 2017 03:28:00 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51136 - in head/share/security: advisories patches/SA-17:07 X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share/security: advisories patches/SA-17:07 X-SVN-Commit-Revision: 51136 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 03:28:01 -0000 Author: gordon (src,ports committer) Date: Thu Oct 19 03:28:00 2017 New Revision: 51136 URL: https://svnweb.freebsd.org/changeset/doc/51136 Log: Update SA-17:07 with patches for 10.x. Added: head/share/security/patches/SA-17:07/wpa-10.patch (contents, props changed) head/share/security/patches/SA-17:07/wpa-10.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc Modified: head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc Thu Oct 19 02:48:27 2017 (r51135) +++ head/share/security/advisories/FreeBSD-SA-17:07.wpa.asc Thu Oct 19 03:28:00 2017 (r51136) @@ -15,6 +15,9 @@ Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) + 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) + 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) + 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 @@ -23,6 +26,11 @@ For general information regarding FreeBSD Security Adv including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision history + +v1.0 2017-10-17 Initial release. +v1.1 2017-10-19 Add patches for 10.x releases. + I. Background Wi-Fi Protected Access II (WPA2) is a security protocol developed by the @@ -66,10 +74,6 @@ and restart hostapd. V. Solution -Patches are currently available for stable/11, releng/11.0, and -releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are -still being evaluated. - Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or @@ -100,6 +104,11 @@ detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc # gpg --verify wpa-11.patch.asc +[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE] +# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch +# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc +# gpg --verify wpa-10.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -120,6 +129,9 @@ Branch/path stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 +stable/10/ r324739 +releng/10.3/ r324740 +releng/10.4/ r324741 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -141,19 +153,19 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnmRUZfFIAAAAAALgAo +iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P -aueKcxAAwObogcEZAgGioU4uZvk9kKIpmG/NwvUjcZ0viFhePowKnh6/UoFDd+13 -NsjriznPNKbXPch2Gp3Zwgd/hff10vlvr69QOFXnI3/Y8b+thxkl1kCAxC0xkfEl -eQBzjllMrjtrSgfKtoWInxnZLIrghuJAg4Jvvz+uWd3VTggM0pQgLUuhR/a8lWHd -3HBj5//sOhmVW2OFYC5dskYAn6TqyHtlMP9AT32h6QEyEzJeNWMlToELxy6OK59j -MYaS0vclz7QT+4SATvcl8RCmxmYfyWxEtFhDmPNz4mfQ915AxTjGFv7KbjTZtunl -k3niR3O8F450xduw5Yj9Mz3YdZ4ZYmvHbDgQLsMNwAmtQvXSteXUUBVNVAg9PsjR -4kxlEFsStWh6CtJVKYUvKDThnHrWYLiVUh6o/FtRm5fx2ws/gcj7H9csr8mQ0pkO -zm9jVOgMe7pqI7gygOfb61Rjz6PnLgVQcnP2LoC9pB21O5Q/Q2rv9d6XN3mQ6CQ2 -+mUEZ5M7TWyd6gFrP2Eu6srec1nT1NjVjzyyupgusiQve3xV0wacG0jwgy7+VXE8 -Ls2a/SObVDZkvFhOYMrLVui33l7f/vgT0KImyO2fkaWjbDcEyVcm1f+A7K+hqwp8 -2O/Eh+NVSG0GIbt9pro0BxsZhMb/V4WmWV+4WnLKPwCQZ9fimKA= -=aNWn +auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf +uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ +F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp +gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM +4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 +VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd +OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O +y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K +xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr +SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K +ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= +=h/5q -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-17:07/wpa-10.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:07/wpa-10.patch Thu Oct 19 03:28:00 2017 (r51136) @@ -0,0 +1,606 @@ +--- contrib/wpa/src/ap/wpa_auth.h.orig ++++ contrib/wpa/src/ap/wpa_auth.h +@@ -247,6 +247,7 @@ + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +--- contrib/wpa/src/ap/wpa_auth.c.orig ++++ contrib/wpa/src/ap/wpa_auth.c +@@ -1623,6 +1623,21 @@ + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2111,9 +2126,12 @@ + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +@@ -2866,6 +2884,14 @@ + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +--- contrib/wpa/src/ap/wpa_auth_ft.c.orig ++++ contrib/wpa/src/ap/wpa_auth_ft.c +@@ -762,6 +762,14 @@ + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -774,6 +782,7 @@ + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -887,6 +896,7 @@ + wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN); + + sm->pairwise = pairwise; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +--- contrib/wpa/src/ap/wpa_auth_i.h.orig ++++ contrib/wpa/src/ap/wpa_auth_i.h +@@ -61,6 +61,7 @@ + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +--- contrib/wpa/src/common/wpa_common.h.orig ++++ contrib/wpa/src/common/wpa_common.h +@@ -187,6 +187,17 @@ + } u; + } STRUCT_PACKED; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; ++ ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ + + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) +--- contrib/wpa/src/rsn_supp/tdls.c.orig ++++ contrib/wpa/src/rsn_supp/tdls.c +@@ -103,6 +103,7 @@ + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + + struct tpk_timer { +@@ -160,6 +161,20 @@ + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -177,12 +192,15 @@ + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -613,7 +631,7 @@ + peer->sm_tmr.buf = NULL; + peer->rsnie_i_len = peer->rsnie_p_len = 0; + peer->cipher = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); + os_memset(peer->rnonce, 0, WPA_NONCE_LEN); +@@ -1002,6 +1020,7 @@ + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1583,6 +1602,7 @@ + wpa_tdls_peer_free(sm, peer); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + + #if 0 + /* get version info from RSNIE received from Peer */ +@@ -1710,6 +1730,14 @@ + "TPK M2: " MACSTR, MAC2STR(src_addr)); + return -1; + } ++ ++ if (peer->tpk_success) { ++ wpa_printf(MSG_INFO, "TDLS: Ignore incoming TPK M2 retry, from " ++ MACSTR " as TPK M3 was already sent", ++ MAC2STR(src_addr)); ++ return 0; ++ } ++ + wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST); + + if (len < 3 + 2 + 1) +--- contrib/wpa/src/rsn_supp/wpa.c.orig ++++ contrib/wpa/src/rsn_supp/wpa.c +@@ -517,6 +517,12 @@ + const u8 *key_rsc; + u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + ++ if (sm->ptk_installed) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Do not re-install same PTK to the driver"); ++ return 0; ++ } ++ + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing PTK to the driver"); + +@@ -553,6 +559,8 @@ + return -1; + } + ++ sm->ptk_installed = 1; ++ + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); + eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, +@@ -601,11 +609,23 @@ + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -637,6 +657,15 @@ + return -1; + } + ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } ++ + return 0; + } + +@@ -694,7 +723,7 @@ + if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) { ++ wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + return -1; +@@ -709,6 +738,57 @@ + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) ++{ ++ size_t len = WPA_IGTK_LEN; ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, WPA_IGTK_LEN) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -718,28 +798,12 @@ + + if (ie->igtk) { + const struct wpa_igtk_kde *igtk; +- u16 keyidx; + if (ie->igtk_len != sizeof(*igtk)) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, WPA_IGTK_LEN); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; +- } +- if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, WPA_IGTK_LEN) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); +- return -1; +- } + } + + return 0; +@@ -1343,7 +1407,7 @@ + if (ret) + goto failed; + +- if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) + goto failed; + +@@ -2043,7 +2107,7 @@ + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2069,18 +2133,24 @@ + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. + */ + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); + sm->ptk_set = 0; + sm->tptk_set = 0; ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2105,6 +2175,9 @@ + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + } + + +@@ -2602,6 +2675,12 @@ + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); ++#endif /* CONFIG_IEEE80211W */ + } + + +@@ -2669,28 +2748,18 @@ + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); + return -1; + } + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); ++ const struct wpa_igtk_kde *igtk; + +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, WPA_IGTK_LEN); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, WPA_IGTK_LEN); +- if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, WPA_IGTK_LEN) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; +- } + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +--- contrib/wpa/src/rsn_supp/wpa_ft.c.orig ++++ contrib/wpa/src/rsn_supp/wpa_ft.c +@@ -156,6 +156,7 @@ + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -671,6 +672,11 @@ + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -769,6 +775,8 @@ + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +--- contrib/wpa/src/rsn_supp/wpa_i.h.orig ++++ contrib/wpa/src/rsn_supp/wpa_i.h +@@ -23,12 +23,19 @@ + size_t pmk_len; + struct wpa_ptk ptk, tptk; + int ptk_set, tptk_set; ++ int ptk_installed; + u8 snonce[WPA_NONCE_LEN]; + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ + int renew_snonce; + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +@@ -115,6 +122,7 @@ + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +--- contrib/wpa/wpa_supplicant/events.c.orig ++++ contrib/wpa/wpa_supplicant/events.c +@@ -181,6 +181,7 @@ + wpa_s->ap_ies_from_associnfo = 0; + wpa_s->current_ssid = NULL; + wpa_s->key_mgmt = 0; ++ wpa_s->wnmsleep_used = 0; + } + + +--- contrib/wpa/wpa_supplicant/wnm_sta.c.orig ++++ contrib/wpa/wpa_supplicant/wnm_sta.c +@@ -130,6 +130,8 @@ + if (res < 0) + wpa_printf(MSG_DEBUG, "Failed to send WNM-Sleep Request " + "(action=%d, intval=%d)", action, intval); ++ else ++ wpa_s->wnmsleep_used = 1; + + os_free(wnmsleep_ie); + os_free(wnmtfs_ie); +@@ -180,6 +182,12 @@ + end = ptr + key_len_total; + wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total); + ++ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) { ++ wpa_msg(wpa_s, MSG_INFO, ++ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled"); ++ return; ++ } ++ + while (ptr + 1 < end) { + if (ptr + 2 + ptr[1] > end) { + wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element " +@@ -239,6 +247,12 @@ + u8 *tfsresp_ie_start = NULL; + u8 *tfsresp_ie_end = NULL; + ++ if (!wpa_s->wnmsleep_used) { ++ wpa_printf(MSG_DEBUG, ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); ++ return; ++ } ++ + wpa_printf(MSG_DEBUG, "action=%d token = %d key_len_total = %d", + frm[0], frm[1], key_len_total); + pos += 4 + key_len_total; +@@ -269,6 +283,8 @@ + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +--- contrib/wpa/wpa_supplicant/wpa_supplicant_i.h.orig ++++ contrib/wpa/wpa_supplicant/wpa_supplicant_i.h +@@ -478,6 +478,7 @@ + struct os_time pending_eapol_rx_time; + u8 pending_eapol_rx_src[ETH_ALEN]; + unsigned int last_eapol_matches_bssid:1; ++ unsigned int wnmsleep_used:1; + + struct ibss_rsn *ibss_rsn; + Added: head/share/security/patches/SA-17:07/wpa-10.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:07/wpa-10.patch.asc Thu Oct 19 03:28:00 2017 (r51136) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGtRfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +aucCEQ/8DaxuDr39Gr9kzRvIxSlC2/zDcY8voV87+usheH4g7bnvUtgCzaBg1fB6 +XePSOPyga9GmZ/DOci+5gof2uVlV4h52BxHTyc5fv6T4fPH+deCe+lSOwnyWIT3C +fVBTiCsiveV14iwTylAPssc2ZP+SSG3IV2bPWUmShRMbt3xHWAZcN+o56M3KuHed +8wtR2hqwaQ4sYXnPjrrO032UbQjy3Mb8NXthgezkJPXd5bL1y2Zl2n/mr6CAtYZz +HsjBf/Qzna9IFOPCtDiiqWPubtxH0CCZsCjeKOIVSFrdLTvyTafRA6IoUVPKtIdn +5ftJqp4V/9NCo2lYVNW2P9zMcv8gl8lyYStGz1Az3tgAa0aCs/VZdoyouxRBVHAY +HQJIQ9/0YXJ2KUSmwcek2i5oy1Knb9uTMawgBQoJsEjMuzxxUw/yzmrW1rAsR8se +smlcZTtkbUd//062icsYu8Qve4pOPuMCnmALjXDCvlWA7juQ7zZWxPgaEXqarPcK +VROxDn18LgIS05TSRdNyju6nghpnlEYAYmVbLxfehMFq5Dvh0qivwRdIvJaPeVfj +rOGG8GhCoS30CSZxFpk9aTOApuAEL34we88pMANDbUa/K/9ymF1+g83Zd0sPgsas +RvP6Zabw51dyJoPzNW4ctKZJ3AK1cDYDrm3w0X7crnMTKLL+XPQ= +=RB18 +-----END PGP SIGNATURE----- From owner-svn-doc-all@freebsd.org Fri Oct 20 15:28:14 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F227E38B40; Fri, 20 Oct 2017 15:28:14 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF2507F77C; Fri, 20 Oct 2017 15:28:13 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9KFSDQi013673; Fri, 20 Oct 2017 15:28:13 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9KFSDPU013672; Fri, 20 Oct 2017 15:28:13 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201710201528.v9KFSDPU013672@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 20 Oct 2017 15:28:13 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51137 - head/en_US.ISO8859-1/htdocs X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs X-SVN-Commit-Revision: 51137 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 15:28:14 -0000 Author: gjb Date: Fri Oct 20 15:28:12 2017 New Revision: 51137 URL: https://svnweb.freebsd.org/changeset/doc/51137 Log: Correct download URLs for arm SoC images following the arm/armv6 to arm/armv7 conversion. Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/htdocs/where.xml Modified: head/en_US.ISO8859-1/htdocs/where.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/where.xml Thu Oct 19 03:28:00 2017 (r51136) +++ head/en_US.ISO8859-1/htdocs/where.xml Fri Oct 20 15:28:12 2017 (r51137) @@ -345,17 +345,17 @@ From owner-svn-doc-all@freebsd.org Fri Oct 20 17:33:01 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BCC1E3BC9D; Fri, 20 Oct 2017 17:33:01 +0000 (UTC) (envelope-from ak@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 67D52106; Fri, 20 Oct 2017 17:33:01 +0000 (UTC) (envelope-from ak@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9KHX0o4068715; Fri, 20 Oct 2017 17:33:00 GMT (envelope-from ak@FreeBSD.org) Received: (from ak@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9KHX01t068714; Fri, 20 Oct 2017 17:33:00 GMT (envelope-from ak@FreeBSD.org) Message-Id: <201710201733.v9KHX01t068714@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ak set sender to ak@FreeBSD.org using -f From: Alex Kozlov Date: Fri, 20 Oct 2017 17:33:00 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51138 - head/en_US.ISO8859-1/books/porters-handbook/uses X-SVN-Group: doc-head X-SVN-Commit-Author: ak X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/uses X-SVN-Commit-Revision: 51138 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 17:33:01 -0000 Author: ak (ports committer) Date: Fri Oct 20 17:33:00 2017 New Revision: 51138 URL: https://svnweb.freebsd.org/changeset/doc/51138 Log: - Remove USES=fmake description. It was created to help migration from old FreeBSD make (pmake) and there are no more users of it left in the ports tree. Differential Revision: https://reviews.freebsd.org/D12634 Approved by: portmgr (bapt, mat) Modified: head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Fri Oct 20 15:28:12 2017 (r51137) +++ head/en_US.ISO8859-1/books/porters-handbook/uses/chapter.xml Fri Oct 20 17:33:00 2017 (r51138) @@ -543,15 +543,6 @@ database.       - - <literal>fmake</literal> - - Possible arguments: (none) - - Uses devel/fmake as a - build-time dependency. - - <literal>fonts</literal> From owner-svn-doc-all@freebsd.org Fri Oct 20 19:26:08 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 203BEE3DE8F; Fri, 20 Oct 2017 19:26:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E39BE39C8; Fri, 20 Oct 2017 19:26:07 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9KJQ7sk014532; Fri, 20 Oct 2017 19:26:07 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9KJQ7Pa014531; Fri, 20 Oct 2017 19:26:07 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201710201926.v9KJQ7Pa014531@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Fri, 20 Oct 2017 19:26:07 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51139 - head/en_US.ISO8859-1/htdocs/security X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/security X-SVN-Commit-Revision: 51139 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 19:26:08 -0000 Author: gordon (src,ports committer) Date: Fri Oct 20 19:26:06 2017 New Revision: 51139 URL: https://svnweb.freebsd.org/changeset/doc/51139 Log: Set 11.0 end of life date. Modified: head/en_US.ISO8859-1/htdocs/security/security.xml Modified: head/en_US.ISO8859-1/htdocs/security/security.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/security.xml Fri Oct 20 17:33:00 2017 (r51138) +++ head/en_US.ISO8859-1/htdocs/security/security.xml Fri Oct 20 19:26:06 2017 (r51139) @@ -184,7 +184,7 @@ 11.0-RELEASE n/a October 10, 2016 - 11.1-RELEASE + 3 months + November 30, 2017 releng/11.1 From owner-svn-doc-all@freebsd.org Sat Oct 21 03:53:49 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11576E4B58D; Sat, 21 Oct 2017 03:53:49 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D273C716FD; Sat, 21 Oct 2017 03:53:48 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9L3rl8q025452; Sat, 21 Oct 2017 03:53:47 GMT (envelope-from ryusuke@FreeBSD.org) Received: (from ryusuke@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9L3rlPD025451; Sat, 21 Oct 2017 03:53:47 GMT (envelope-from ryusuke@FreeBSD.org) Message-Id: <201710210353.v9L3rlPD025451@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to ryusuke@FreeBSD.org using -f From: Ryusuke SUZUKI Date: Sat, 21 Oct 2017 03:53:47 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51140 - head/ja_JP.eucJP/htdocs/security X-SVN-Group: doc-head X-SVN-Commit-Author: ryusuke X-SVN-Commit-Paths: head/ja_JP.eucJP/htdocs/security X-SVN-Commit-Revision: 51140 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2017 03:53:49 -0000 Author: ryusuke Date: Sat Oct 21 03:53:47 2017 New Revision: 51140 URL: https://svnweb.freebsd.org/changeset/doc/51140 Log: - Merge the following from the English version: r51033 -> r51139 head/ja_JP.eucJP/htdocs/security/security.xml Modified: head/ja_JP.eucJP/htdocs/security/security.xml Modified: head/ja_JP.eucJP/htdocs/security/security.xml ============================================================================== --- head/ja_JP.eucJP/htdocs/security/security.xml Fri Oct 20 19:26:06 2017 (r51139) +++ head/ja_JP.eucJP/htdocs/security/security.xml Sat Oct 21 03:53:47 2017 (r51140) @@ -5,7 +5,7 @@ ]> - + @@ -180,7 +180,7 @@ 11.0-RELEASE n/a 2016 年 10 月 10 日 - 11.1-RELEASE 公開から 3 ヵ月後 + 2017 年 11 月 30 日 releng/11.1