From owner-svn-doc-all@freebsd.org Mon Aug 5 16:59:16 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D786C7D12;
Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 462PBD2jY3z3Qys;
Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3B33A1EC46;
Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75GxGDY068621;
Mon, 5 Aug 2019 16:59:16 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75GxGRa068620;
Mon, 5 Aug 2019 16:59:16 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201908051659.x75GxGRa068620@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Mon, 5 Aug 2019 16:59:16 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53293 - head/de_DE.ISO8859-1/books/handbook/introduction
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/introduction
X-SVN-Commit-Revision: 53293
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Mon, 05 Aug 2019 16:59:16 -0000
Author: bhd
Date: Mon Aug 5 16:59:15 2019
New Revision: 53293
URL: https://svnweb.freebsd.org/changeset/doc/53293
Log:
Update to r53172:
Change name and links from Dell KACE to Quest KACE.
Modified:
head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml
Modified: head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml Fri Aug 2 15:06:06 2019 (r53292)
+++ head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml Mon Aug 5 16:59:15 2019 (r53293)
@@ -4,7 +4,7 @@
The FreeBSD German Documentation Project
$FreeBSD$
- basiert auf: r52781
+ basiert auf: r53172
-->
- Dell
- KACE Dell KACE
+ Quest
+ KACE Quest KACE- Die KACE Systemmanagement-Appliances nutzen
&os; wegen seiner Zuverlässigkeit, Skalierbarkeit und
Gemeinschaft, welche deren zukünftige Weiterentwicklung
From owner-svn-doc-all@freebsd.org Mon Aug 5 17:13:13 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 19B1CA85C9;
Mon, 5 Aug 2019 17:13:13 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 462PVJ6ztjz3xFG;
Mon, 5 Aug 2019 17:13:12 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D18451EFCB;
Mon, 5 Aug 2019 17:13:12 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75HDCCM080213;
Mon, 5 Aug 2019 17:13:12 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75HDCNw080212;
Mon, 5 Aug 2019 17:13:12 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201908051713.x75HDCNw080212@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Mon, 5 Aug 2019 17:13:12 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53294 -
head/en_US.ISO8859-1/books/handbook/virtualization
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/virtualization
X-SVN-Commit-Revision: 53294
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Mon, 05 Aug 2019 17:13:13 -0000
Author: bhd
Date: Mon Aug 5 17:13:12 2019
New Revision: 53294
URL: https://svnweb.freebsd.org/changeset/doc/53294
Log:
- Typo: mount_vboxfs -> mount_vboxvfs
- Use Virtualbox makro in title
- Visible indentation fix
Modified:
head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml Mon Aug 5 16:59:15 2019 (r53293)
+++ head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml Mon Aug 5 17:13:12 2019 (r53294)
@@ -823,7 +823,7 @@ EndSection
Shared folders for file transfers between host and VM are
accessible by mounting them using
- mount_vboxfs. A shared folder can be created
+ mount_vboxvfs. A shared folder can be created
on the host using the VirtualBox GUI or via
vboxmanage. For example, to create a shared
folder called myshare under
@@ -840,8 +840,7 @@ EndSection
- &os; as a Host with
- VirtualBox
+ &os; as a Host with &virtualbox;&virtualbox; is an actively
developed, complete virtualization package, that is available
@@ -1553,8 +1552,8 @@ kld_list="nmdm vmm"
interface name.&prompt.root; sysrc cloned_interfaces="bridge0"
- &prompt.root; sysrc ifconfig_bridge0="addm em0 SYNCDHCP"
- &prompt.root; sysrc ifconfig_em0="up"
+&prompt.root; sysrc ifconfig_bridge0="addm em0 SYNCDHCP"
+&prompt.root; sysrc ifconfig_em0="up"Restart the host to load the &xen; kernel and start the
Dom0.
From owner-svn-doc-all@freebsd.org Mon Aug 5 18:45:11 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id B5894AA593;
Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 462RXR3WdMz43RS;
Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 560C320012;
Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75IjBLa033979;
Mon, 5 Aug 2019 18:45:11 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75IjAIo033978;
Mon, 5 Aug 2019 18:45:10 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201908051845.x75IjAIo033978@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Mon, 5 Aug 2019 18:45:10 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53295 - in head/de_DE.ISO8859-1/books/handbook:
network-servers security
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: in head/de_DE.ISO8859-1/books/handbook: network-servers
security
X-SVN-Commit-Revision: 53295
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Mon, 05 Aug 2019 18:45:11 -0000
Author: bhd
Date: Mon Aug 5 18:45:10 2019
New Revision: 53295
URL: https://svnweb.freebsd.org/changeset/doc/53295
Log:
Update to r53262:
Consistent use of /usr/sbin/nologin.
Modified:
head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml
head/de_DE.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Aug 5 17:13:12 2019 (r53294)
+++ head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Aug 5 18:45:10 2019 (r53295)
@@ -5,7 +5,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/handbook/network-servers/chapter.xml,v 1.103 2011/12/24 15:51:18 bcr Exp $
- basiert auf: r52704
+ basiert auf: r53262
-->
basie&prompt.root; cat /etc/master.passwd
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
-daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
-operator:*:2:5::0:0:System &:/:/sbin/nologin
-bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
-tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
-kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
-games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
-news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
-man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
-bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
+daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
+operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
+bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/usr/sbin/nologin
+tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
+kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
+games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
+news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
+man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
+bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
-xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
-pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
-nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/usr/sbin/nologin
+pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
-bill:::::::::
+:::::::::
@@ -2208,17 +2208,17 @@ ellington&prompt.user; ypcat -k netgroup.by
anzumelden. Dies kann durch das Hinzufügen einer zusätzlichen
Zeile erreicht werden:
- +:::::::::/sbin/nologin
+ +:::::::::/usr/sbin/nologinDiese Zeile weist den Client an, alle Einträge zu
importieren, aber die Shell in diesen Einträgen durch
- /sbin/nologin zu ersetzen.
+ /usr/sbin/nologin zu ersetzen.Stellen Sie sicher, dass die zusätzliche Zeile
nach der Zeile
+@IT_EMP::::::::: eingetragen ist.
Andernfalls haben alle via NIS
- importierten Benutzerkonten /sbin/nologin
+ importierten Benutzerkonten /usr/sbin/nologin
als Loginshell und niemand wird sich mehr am System anmelden
können.
@@ -2228,13 +2228,13 @@ ellington&prompt.user; ypcat -k netgroup.by
+@IT_EMP:::::::::
+@IT_APP:::::::::
-+:::::::::/sbin/nologin
++:::::::::/usr/sbin/nologin
Die entsprechenden Zeilen für Arbeitsplätze lauten:+@IT_EMP:::::::::
+@USERS:::::::::
-+:::::::::/sbin/nologin
++:::::::::/usr/sbin/nologin
NIS ist in der Lage, Netzgruppen aus
anderen Netzgruppen zu bilden. Dies kann nützlich sein, wenn
@@ -2266,12 +2266,12 @@ USERBOX IT_EMP ITINTERN USERS
mit + beginnende Zeilen. Die erste Zeile legt
die Netzgruppe mit den Benutzern fest, die sich auf diesem
Rechner anmelden dürfen. Die zweite Zeile weist allen anderen
- Benutzern /sbin/nologin als Shell zu.
+ Benutzern /usr/sbin/nologin als Shell zu.
Verwenden Sie auch hier (analog zu den Netzgruppen)
Großbuchstaben für die Rechnernamen:+@BOXNAME:::::::::
-+:::::::::/sbin/nologin
++:::::::::/usr/sbin/nologin
Sobald dies für alle Rechner erledigt ist, müssen die
lokalen Versionen von /etc/master.passwd
Modified: head/de_DE.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/security/chapter.xml Mon Aug 5 17:13:12 2019 (r53294)
+++ head/de_DE.ISO8859-1/books/handbook/security/chapter.xml Mon Aug 5 18:45:10 2019 (r53295)
@@ -5,7 +5,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/handbook/security/chapter.xml,v 1.178 2012/04/30 17:07:41 bcr Exp $
- basiert auf: r52835
+ basiert auf: r53262
-->
Bei der zweiten Methode wird der Anmeldevorgang
verhindert, indem die Shell auf
- /sbin/nologin gesetzt wird. Nur der
+ /usr/sbin/nologin gesetzt wird. Nur der
Superuser kann die Shell für andere Benutzer ändern:&prompt.root; chsh -s /usr/sbin/nologin toor
From owner-svn-doc-all@freebsd.org Tue Aug 6 17:31:21 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7611C65A4;
Tue, 6 Aug 2019 17:31:21 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4631rn5K2Lz4G9p;
Tue, 6 Aug 2019 17:31:21 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9920C2F51B;
Tue, 6 Aug 2019 17:31:21 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76HVL9c052558;
Tue, 6 Aug 2019 17:31:21 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76HVJHL052544;
Tue, 6 Aug 2019 17:31:19 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201908061731.x76HVJHL052544@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
gordon@FreeBSD.org using -f
From: Gordon Tetlow
Date: Tue, 6 Aug 2019 17:31:19 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53296 - in head/share: security/advisories
security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18
security/patches/SA-19:19 security/patches/SA-19:20 security/pa...
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share: security/advisories
security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18
security/patches/SA-19:19 security/patches/SA-19:20 security/patches/SA-19:21
xml
X-SVN-Commit-Revision: 53296
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 06 Aug 2019 17:31:21 -0000
Author: gordon (src committer)
Date: Tue Aug 6 17:31:19 2019
New Revision: 53296
URL: https://svnweb.freebsd.org/changeset/doc/53296
Log:
Add EN-19:14, EN-19:15, and SA-19:18 to SA-19:21.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc (contents, props changed)
head/share/security/patches/EN-19:14/
head/share/security/patches/EN-19:14/epoch.patch (contents, props changed)
head/share/security/patches/EN-19:14/epoch.patch.asc (contents, props changed)
head/share/security/patches/EN-19:15/
head/share/security/patches/EN-19:15/libunwind.patch (contents, props changed)
head/share/security/patches/EN-19:15/libunwind.patch.asc (contents, props changed)
head/share/security/patches/SA-19:18/
head/share/security/patches/SA-19:18/bzip2.patch (contents, props changed)
head/share/security/patches/SA-19:18/bzip2.patch.asc (contents, props changed)
head/share/security/patches/SA-19:19/
head/share/security/patches/SA-19:19/mldv2.11.patch (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.11.patch.asc (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.12.patch (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.12.patch.asc (contents, props changed)
head/share/security/patches/SA-19:20/
head/share/security/patches/SA-19:20/bsnmp.patch (contents, props changed)
head/share/security/patches/SA-19:20/bsnmp.patch.asc (contents, props changed)
head/share/security/patches/SA-19:21/
head/share/security/patches/SA-19:21/bhyve.patch (contents, props changed)
head/share/security/patches/SA-19:21/bhyve.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:14.epoch Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect locking in epoch(9)
+
+Category: core
+Module: kernel
+Announced: 2019-08-06
+Credits: Mark Johnston
+Affects: FreeBSD 12.0
+Corrected: 2019-07-27 16:11:04 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:07:43 UTC (releng/12.0, 12.0-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Some parts of the kernel use a new synchronization primitive, epoch(9),
+which can be used to implement safe memory reclamation. In this usage,
+threads can use the epoch(9) KPI to ensure that no other threads hold
+a reference to a given object in memory.
+
+II. Problem Description
+
+In the case where epoch(9) must wait for a thread that is blocked on
+a lock, it will use the turnstile(9) KPI to propagate the current
+thread's priority to the lock holder. However, in the case where the
+lock has no designated owner - for example, it is a reader-writer lock
+owned by one or more readers - a bug in the interaction with the
+turnstile meant that pair of spin locks were left locked when they
+should have been unlocked.
+
+III. Impact
+
+In rare cases and under heavy load, the kernel may panic or lock up.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch.asc
+# gpg --verify epoch.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350373
+releng/12.0/ r350641
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1JtztfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJgXA//Wbh6Nv6OL+Aer7oZ8uiZEhDTj+a+IMG617uCyeD+x4/8Hj73J7Pg6vaT
+CGqGAslxy8GMmvrO8Jmn0RFDyfJb+mW1M9FqQS4u9DNm1r7nNuOBWj9UcAC9TQOY
+rIEoqe/wD6a+EKQ01tgsWm2TYA2hX/WwtKJiYuPJOyuTzm9d3PhQ2SPmU0NaqyfU
++0YT3QHRYUEYHU/tZwAV3axcihYP7NfrgEWmE3LY7fBX1ShxFOYZVlexY4604wyc
+SLxCMVnfqFiB8vH5X8R4J9OlsK00j1W2B+PJodocDzNjvHgnRb3RSHeo+EC+3y7k
+/P3qRCxtgPzb/VHCCRry0LAmeijxQDWVf4vydjaMVDQEv/zQ+Y5ujAucRAtvtjRm
+gYLRTOHnXVTpZk/c8h2Gch9g3sB9aqrsMYtPUqSfRRUFDYJjN3NVmVLo4ciAhjwY
+EvGr7HloO3O4n+zYWOagvSvu05TjOA1SGGURAkslthjTXRpmiqDSS6yawW23v7Jw
+gC7pvVUnmGSGzlwGPojE6LBSX3CWlgwJV/6g2s0wizPGv3K/IQMMQn7NaaLl09xw
+X6TND7mVGqk2w3do1k9ZSkvqI+jr4MkJbGh5Vl8q1J/oW9KPTVO3+mQEi91SvgU+
+YEyzryregBP69ta7gqT0Pgb2+LR9733qPLSh3Hgn/4zRI/seSkU=
+=pBEN
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:15.libunwind Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect exception handling
+
+Category: contrib
+Module: libunwind
+Announced: 2019-08-06
+Affects: FreeBSD 11.2, FreeBSD 12.0
+Corrected: 2019-08-06 17:08:30 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 17:08:30 UTC (releng/11.2, 11.2-RELEASE-p13)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The libunwind library, which originates from the LLVM project, is responsible
+for handling the unwinding of stack frames, when programs throw C or C++
+style exceptions. It uses exception handling information embedded in the
+executable file to determine the layout of the stack, at the time the
+exception is being processed.
+
+II. Problem Description
+
+In some cases, the exception handling information embedded in executables is
+not correctly interpreted by libunwind. This causes it to emit a runtime
+error, and abort the affected program.
+
+III. Impact
+
+Affected programs will show an message on the standard error stream, when
+they attempt to throw an exception:
+
+libunwind: getEncodedP \
+ /usr/src/contrib/llvm/projects/libunwind/src/AddressSpace.hpp:280 - \
+ unknown pointer encoding
+
+After this message, the program will be aborted using the abort(3) function,
+which usually results in a core dump.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch.asc
+# gpg --verify libunwind.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in , and
+reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+releng/12.0/ r350642
+releng/11.2/ r350642
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt0pfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJOkQ/+N8Esx4GPWNOzNOGJAnBgtujVeCDjbubny9ktMElEw6mZJKWqcgFmG1bm
+hdz5iAz6xn/W6Y5fUR07aM6KFLTN7Is0LqaC+4mWFgbmPu9t0DVgjjsSHAJk6+fu
+NpkSMDYq0tUqhNUFlP36EoTHUuM7KlD3/a1dlGZwSOmT3tQitosD8MYNm8bXdsiG
+Fx8xXJz8l7qtSw5a1HI2yrRmR7hZHEblGVDP1BjU+QVh7O+0oTeSWHjtriCeYXOl
+KUNypPNU5HTySLI0XE+wXJ8S3SblmCOJSdEy/EDZYd8KxG2ib+abn6KdewQl0dIL
+0evKaSeIfrVyHfbQporrUotpuTgHrxdD63vowtyH4fL/JzNmw38ZBRzu/4Lib4eF
+uaMr7IXyUvifJRBNHCSV5waEQXdcaZ4/YiNg93kiBCC1FhqKEEel0TLARTqtCEVu
+ByQVjjZ5v45OAq74uFSYfnSReLt96VnQFD8J5JIKlYaR145tSUKzgetUy+iekjq2
+7sRr0kh7lGFFNoOhbFDBURr3HrFgfpWgRA12/AuAVelXPTG4ik8tU6X/vNlvysK6
+TJel41R8++MPUQuaQPU9KfUiAycvV4P9/hHEodnjhNY7NaWkXaP+fJpxCtctcFGd
+eIcI3nIoJX+6W2KjZkJcrbuZsqkVSsz0MXgfLNuoNZruzdppLAY=
+=Sq9+
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:18.bzip2 Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in bzip2
+
+Category: contrib
+Module: bzip2
+Announced: 2019-08-06
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2016-3189, CVE-2019-12900
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and
+decompress files using an algorithm based on the Burrows-Wheeler transform.
+They are generally slower than Lempel-Ziv compressors such as gzip, but
+usually provide a greater compression ratio.
+
+The bzip2recover utility extracts blocks from a damaged bzip2(1) file,
+permitting partial recovery of the contents of the file.
+
+II. Problem Description
+
+The decompressor used in bzip2 contains a bug which can lead to an
+out-of-bounds write when processing a specially crafted bzip2(1) file.
+
+bzip2recover contains a heap use-after-free bug which can be triggered
+when processing a specially crafted bzip2(1) file.
+
+III. Impact
+
+An attacker who can cause maliciously crafted input to be processed
+may trigger either of these bugs. The bzip2recover bug may cause a
+crash, permitting a denial-of-service. The bzip2 decompressor bug
+could potentially be exploited to execute arbitrary code.
+
+Note that some utilities, including the tar(1) archiver and the bspatch(1)
+binary patching utility (used in portsnap(8) and freebsd-update(8))
+decompress bzip2(1)-compressed data internally; system administrators should
+assume that their systems will at some point decompress bzip2(1)-compressed
+data even if they never explicitly invoke the bunzip2(1) utility.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and restart daemons if necessary.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc
+# gpg --verify bzip2.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349717
+releng/12.0/ r350643
+stable/11/ r349718
+releng/11.3/ r350643
+releng/11.2/ r350643
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt09fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJWEQ//dBiFwPCKcUaeSBuM9opVUxWzFYrpWdYwwagQXzNqO3Z77Vi2hHQnfpkD
+bM8WgWwChOJmlTja7sjnF+QjoV9/elzYhFrD6q0W1nLZ2XHcXyHrbFLMJ+CrvCWR
+AuVCEkmT2fchE/5c71l/v8I452EpGZG7P0fwG1bpf84p1PFLl3esfeo8+CzN1x2h
+YLnvfp69/tC18LR0/yozRUuFSqoYBhbnJsclB1JkrGx0fPOcE9y3sudVhBIDbH7h
+nYSTJl/KkTHf6tbJVXWUVr5gJzCgGvvhUer49RCdJMAwj6hKYT49vWnOFl1T8DAL
++co0ZzTiKoCdrrrguijh4QTEUe4UAGS3PPAwhUiOu+y8Bry06/U565uO9y9iILef
+M5oYTbM7h/TErPxSE421fWeexeK0seCHqmj/rO1Yf7RkRvLg/QaJk5YWM0KoP3NH
+QQRdX8qNiy4liEqGvJwfUdNcVXA3d7BKifl6MKH+5/2i5B23wHItIeuIGYo5LgdI
+mnH59L5wylhWGa0Dc+N9fP0jFvBfk7/4a0joXYIQ7/KDQg0X+WdiGZ/mzZ4GEisX
+hwI2laAh/oyksInrMcLCbvgWql+lrUvK3ltHo17U+wrMeb+8btDLR5T/9XlLPWGp
+s101XS6ewcwpZ8g5uBtlFBLmp8BGkALTAJtwwqJ2eoLfLYCXq3I=
+=3O6m
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:19.mldv2 Security Advisory
+ The FreeBSD Project
+
+Topic: ICMPv6 / MLDv2 out-of-bounds memory access
+
+Category: core
+Module: net
+Announced: 2019-08-06
+Credits: CJD of Apple
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5608
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used
+by IPv6 routers to discover multicast listeners.
+
+II. Problem Description
+
+The ICMPv6 input path incorrectly handles cases where an MLDv2 listener
+query packet is internally fragmented across multiple mbufs.
+
+III. Impact
+
+A remote attacker may be able to cause an out-of-bounds read or write that
+may cause the kernel to attempt to access an unmapped page and subsequently
+panic.
+
+IV. Workaround
+
+No workaround is available. Systems not using IPv6 are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Reboot for security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2, FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc
+# gpg --verify mldv2.11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc
+# gpg --verify mldv2.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350648
+releng/12.0/ r350644
+stable/11/ r350650
+releng/11.3/ r350644
+releng/11.2/ r350644
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r
+NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR
+VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h
+oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW
++UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0
+15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo
++F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ
+Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ
+gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl
+5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO
+LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU=
+=WaXC
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:20.bsnmp Security Advisory
+ The FreeBSD Project
+
+Topic: Insufficient message length validation in bsnmp library
+
+Category: contrib
+Module: bsnmp
+Announced: 2019-08-06
+Credits: Guido Vranken
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-06 16:11:16 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:12:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 16:12:43 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:12:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:12:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5610
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The bsnmp software library is used for the Internet SNMP (Simple Network
+Management Protocol). As part of this it includes functions to handle ASN.1
+(Abstract Syntax Notation One).
+
+II. Problem Description
+
+A function extracting the length from type-length-value encoding is not
+properly validating the submitted length.
+
+III. Impact
+
+A remote user could cause, for example, an out-of-bounds read, decoding of
+unrelated data, or trigger a crash of the software such as bsnmpd resulting
+in a denial of service.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch.asc
+# gpg --verify bsnmp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350637
+releng/12.0/ r350646
+stable/11/ r350638
+releng/11.3/ r350646
+releng/11.2/ r350646
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1lfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKtBBAAltxFzxuMqWCgJoL9SemLRQxGGk0hRFdN5b78mgVdk2lfDgVz8U7mVM6v
+XbcCa4lIy7wMYpUdEySAZLR2ENt0xdpx7oQ6lAg5fnnvrUvom4wU9ruxEs5txFVL
+K6RaJnQJyOkI2c/LYvI/ZYmuc29/Nt3p/DvVe7wq86taoqUufN11MXkrRHgn68N3
+7vewixzWpqH5L/aY2qP1d+Xe3QmHX0IcFqeo4U3/3G4wUGRCfHtaENY4w5eUbCa2
+1Qk0oS9iUdX1IJjM5l1ccoFqsjbcO6vNS337qeYNKhLspXMQPwoS0K0HfB6LKt1D
+dCBFoXu/qUFjf3qqbpcqGEFrFPZjlNmC4R0Ngx1rfZ1t1dXbj83NOOE1okd3Gb/V
+TPDU/jzwt+/6DE6ryNQpeanPdim83w/j+qeA0UaTyxlbj+oSz1gU9Ckaauf+9peI
+GT8TPnrgmFlYg2tkYl4tbq5LtRstPGZYguqEt5SHCxBOg3dxByMPzikSFUL9oNxS
+9GX7JZT36J20f62hG8Watp2y3W0QsMjJpxF9OojRU6B15Z4Q2aCht4F6DnvEkVfN
+1GvS5NAHPHU09TniSgYK3ThkoYrLYykhsXPmJmETV7DU1Qhny1p8H0NwIwB20DEm
+AOAcYzLhiXHGpniE5y+MT9Pvt3BDBt36k6WgZ4eZ4RWuzGOumiU=
+=rH6X
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:21.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Insufficient validation of guest-supplied data (e1000 device)
+
+Category: core
+Module: bhyve
+Announced: 2019-08-06
+Credits: Reno Robert
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-05 22:04:16 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:13:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-05 22:04:16 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:13:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:13:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5609
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest operating
+systems in virtual machines. bhyve(8) includes an emulated Intel 82545
+network interface adapter ("e1000").
+
+II. Problem Description
+
+The e1000 network adapters permit a variety of modifications to an Ethernet
+packet when it is being transmitted. These include the insertion of IP and
+TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation
+offload ("TSO"). The e1000 device model uses an on-stack buffer to generate
+the modified packet header when simulating these modifications on transmitted
+packets.
+
+When TCP segmentation offload is requested for a transmitted packet, the
+e1000 device model used a guest-provided value to determine the size of the
+on-stack buffer without validation. The subsequent header generation could
+overflow an incorrectly sized buffer or indirect a pointer composed of stack
+garbage.
+
+III. Impact
+
+A misbehaving bhyve guest could overwrite memory in the bhyve process on the
+host.
+
+IV. Workaround
+
+Only the e1000 device model is affected; the virtio-net device is not
+affected by this issue. If supported by the guest operating system
+presenting only the virtio-net device to the guest is a suitable workaround.
+No workaround is available if the e1000 device model is required.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and restart any affected virtual machines.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable virtual machines, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350619
+releng/12.0/ r350647
+stable/11/ r350619
+releng/11.3/ r350647
+releng/11.2/ r350647
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1xfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cL0qA//ZdapXUMl6KuuvtZIveMZgNdMVLYaqB1K8yHXO5udd58fTsH6+Khei0LT
+gYGxDEJkHinM1EWy688xE+PSzb9twmEmawW4N4WMhWB9oMoTuLQ5E4Zm9my1TdDh
+ducK6Q4GqOojIXJ0LtHDqs9qveAfkgB6L6jmLt/1jpZelLupte3S+bPmI4yta7ge
+7k54V9GcN05i7wX2TaZA7H3ROQziW537ZeoRB8BQwt7bekFw2uBfO9s0CWcJZPnG
++0D6QEsRqbtYMJr5RkUCc1y4qaqnWBBn/Zyyr0P+bXZklU/IW2GJTDWNObXN7DPE
+NOhuVY7PQHN6jv3u+nKa1AY7mjI3zBo009iAfPQFCb9Kn08tJ2A9WrExEMwZdcbI
+nXVqCRdp7xCSPO73vjNv4btzvAU7iwbaBkpGFs721cH72ImvmXi7TwepPEAul0do
+VwKYMxhStZtoDQhEea1eq41KNvqxmA/mkbEjpKcTZCUJq7xVyV4uaVme3Uq45uaa
+mKMWx+Gg09A2Y5NfSCiz9AGuMkIGn05hKIOK39yAG159uTks60Ybsw/bOnE9WnMJ
+5igcI+U6utIMi2M6nH4rn/wKBYM9cHWmQLfo6kECUi2CCTmR5VL8BTJ/8vHCqXi1
+vCcAPacKYAROsvGQyynSVLiXJAXOrc8/VyoXRHC5cAapVeParcw=
+=0XzG
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:14/epoch.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:14/epoch.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,87 @@
+--- sys/kern/subr_epoch.c.orig
++++ sys/kern/subr_epoch.c
+@@ -325,24 +325,20 @@
+ */
+ critical_enter();
+ thread_unlock(td);
+- owner = turnstile_lock(ts, &lock);
+- /*
+- * The owner pointer indicates that the lock succeeded. Only
+- * in case we hold the lock and the turnstile we locked is still
+- * the one that curwaittd is blocked on can we continue. Otherwise
+- * The turnstile pointer has been changed out from underneath
+- * us, as in the case where the lock holder has signalled curwaittd,
+- * and we need to continue.
+- */
+- if (owner != NULL && ts == curwaittd->td_blocked) {
+- MPASS(TD_IS_INHIBITED(curwaittd) && TD_ON_LOCK(curwaittd));
+- critical_exit();
+- turnstile_wait(ts, owner, curwaittd->td_tsqueue);
+- counter_u64_add(turnstile_count, 1);
+- thread_lock(td);
+- return;
+- } else if (owner != NULL)
++
++ if (turnstile_lock(ts, &lock, &owner)) {
++ if (ts == curwaittd->td_blocked) {
++ MPASS(TD_IS_INHIBITED(curwaittd) &&
++ TD_ON_LOCK(curwaittd));
++ critical_exit();
++ turnstile_wait(ts, owner,
++ curwaittd->td_tsqueue);
++ counter_u64_add(turnstile_count, 1);
++ thread_lock(td);
++ return;
++ }
+ turnstile_unlock(ts, lock);
++ }
+ thread_lock(td);
+ critical_exit();
+ KASSERT(td->td_locks == locksheld,
+--- sys/kern/subr_turnstile.c.orig
++++ sys/kern/subr_turnstile.c
+@@ -566,14 +566,15 @@
+ return (ts);
+ }
+
+-struct thread *
+-turnstile_lock(struct turnstile *ts, struct lock_object **lockp)
++bool
++turnstile_lock(struct turnstile *ts, struct lock_object **lockp,
++ struct thread **tdp)
+ {
+ struct turnstile_chain *tc;
+ struct lock_object *lock;
+
+ if ((lock = ts->ts_lockobj) == NULL)
+- return (NULL);
++ return (false);
+ tc = TC_LOOKUP(lock);
+ mtx_lock_spin(&tc->tc_lock);
+ mtx_lock_spin(&ts->ts_lock);
+@@ -580,10 +581,11 @@
+ if (__predict_false(lock != ts->ts_lockobj)) {
+ mtx_unlock_spin(&tc->tc_lock);
+ mtx_unlock_spin(&ts->ts_lock);
+- return (NULL);
++ return (false);
+ }
+ *lockp = lock;
+- return (ts->ts_owner);
++ *tdp = ts->ts_owner;
++ return (true);
+ }
+
+ void
+--- sys/sys/turnstile.h.orig
++++ sys/sys/turnstile.h
+@@ -100,7 +100,8 @@
+ struct turnstile *turnstile_trywait(struct lock_object *);
+ void turnstile_unpend(struct turnstile *);
+ void turnstile_wait(struct turnstile *, struct thread *, int);
+-struct thread *turnstile_lock(struct turnstile *, struct lock_object **);
++bool turnstile_lock(struct turnstile *, struct lock_object **,
++ struct thread **);
+ void turnstile_unlock(struct turnstile *, struct lock_object *);
+ void turnstile_assert(struct turnstile *);
+ #endif /* _KERNEL */
Added: head/share/security/patches/EN-19:14/epoch.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:14/epoch.patch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt2lfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLIBg//ekpEak+WE5KSx7vvkel/UzUPtLMDHdcgb6w4xps5I0/jvbjGLp0JuNsW
+Tj73NBDA3KkzTlZSaus38yauUzq8Io6Q11/6ovI15TR58V6R35RSDnI2Df9ML0Wg
+GcTnm1bTYbJ1TADQtILO6hxCNR1rvHcj0GycT8NGRNFSerNAhpF+YfMba+Tc3rOU
+BeOacXDr8WCTgpa46nltcKE7Qmov2JdMS4yMH21KqXSU3ZCnwHZK+pWthPbeAVyO
+NzsRPDn9PKp6sYVc5t7BE5Vn3cg76QNYZBNrHcHJNxhJ1IXOyL/SWg1j3zeiOygp
+lDxZPja+mKXerEALBdGVfr/eg1ZeySlKRdETezCuzKnUSMbrQEVGL4pgaPepBCg6
+eGa6PRiwVz+y93w1UpVl8aDOTr/u2O/LeRZX5lLBSa4nBp7sOLilzbDQNsgHWXCX
+R4G72PnAkPNwA158u+/vvz1moLWggVeO8edjKNEwiH/i2gyNllXFOtG1TuBL1+EV
+T8ySrByEJ/0/Hq+prZCr7ELry+EZcnaag6+Jg29bfxMOK8RAfjqFHgmtSzblWllg
+RCTr6Wttw85XcAKYwTXR9CwBf7yuIJb3taMp7XXHljjaMAvQIybRiHphwZSFOh1q
+mktgzP1Yp/CdUw8BKFR1cbB5kkQY6Ezq1XTUDH3qebdWLpTqizI=
+=Wj+f
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:15/libunwind.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:15/libunwind.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,13 @@
+--- contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp.orig
++++ contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp
+@@ -68,7 +68,9 @@
+ ehHdrInfo.eh_frame_ptr =
+ addressSpace.getEncodedP(p, ehHdrEnd, eh_frame_ptr_enc, ehHdrStart);
+ ehHdrInfo.fde_count =
+- addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart);
++ fde_count_enc == DW_EH_PE_omit
++ ? 0
++ : addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart);
+ ehHdrInfo.table = p;
+ }
+
Added: head/share/security/patches/EN-19:15/libunwind.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:15/libunwind.patch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt25fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJ1hw/+I2Gj+htbN2MhOodcLa4e4LsgxP9rGW9NZw3F9MbjgDNlVnlVLXrvyKjB
+sCBuzLWGWMPkrhyh8zkHTHBq+0An3dCPk5LW5jHy6k31mofL8Jj7SyqQVigK93BN
+24NcJP51ScUV0sBrhArd2We1bqmVWXsw0ZZYwm0iHVNFqaxJ1+kkvcw4KQmer+/d
+E8+bCKszDyPU3rVVlb6OIsXhMrLgW8Qu0LDP9Ym6qNsfXIGwpFhrtuG1OUiSLiT8
+lnDpB9x5tDYTBVv9//XVZinoTQY4aJ/IcMdK8B7TS2CTyjCL+n+xXgW3bj0u8zKE
+gNoxFwH8JNg3srVSelvEkhxGta35JefjIxu0aqD38DHTcyWoqOfdHFcnsQob9SEq
+5/afVzFFUutqjfENmYoQ2CvSt3d4GALRGeoNbp0uysIhw1IqIGGuYt5loAYwDApc
+4ic6l4bZ+eNXz7GNYBS+CRqHhMdJH5/YxT0UO2uY7Cpd/FtgcM1kHf9xItnL5Kru
+cgo35Aw/LWWC5xI1B9ivERtYuQkvQ1KA4wabAhiblA/2bzbEzuc+zB9NDof1nqFp
+4BPSYOm8CYYPX8psoKLvxQzeWind1VlJ8NNKQijTmlSsJcR9OjGq5P5KiGYM41X7
+29hUiG8WFFn/3+VglGM6MrGxTCwYTGJ3ry0yFq5LhxDTdH1Yrrg=
+=pcMq
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-19:18/bzip2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:18/bzip2.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,490 @@
+--- contrib/bzip2/CHANGES.orig
++++ contrib/bzip2/CHANGES
+@@ -2,8 +2,8 @@
+ This file is part of bzip2/libbzip2, a program and library for
+ lossless, block-sorting data compression.
+
+- bzip2/libbzip2 version 1.0.6 of 6 September 2010
+- Copyright (C) 1996-2010 Julian Seward
++ bzip2/libbzip2 version 1.0.7 of 27 June 2019
++ Copyright (C) 1996-2010 Julian Seward
+
+ Please read the WARNING, DISCLAIMER and PATENTS sections in the
+ README file.
+@@ -325,3 +325,16 @@
+ Izdebski.
+
+ * Make the documentation build on Ubuntu 10.04
++
++1.0.7 (27 Jun 19)
++~~~~~~~~~~~~~~~~~
++
++* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
From owner-svn-doc-all@freebsd.org Tue Aug 6 22:37:18 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 410DBB050F;
Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4638dp0zBtz3HrZ;
Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0487B2D81;
Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76MbHAs036481;
Tue, 6 Aug 2019 22:37:17 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76MbH2I036480;
Tue, 6 Aug 2019 22:37:17 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908062237.x76MbH2I036480@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Tue, 6 Aug 2019 22:37:17 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53298 - head/en_US.ISO8859-1/htdocs/releases/11.3R
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.3R
X-SVN-Commit-Revision: 53298
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 06 Aug 2019 22:37:18 -0000
Author: gjb
Date: Tue Aug 6 22:37:17 2019
New Revision: 53298
URL: https://svnweb.freebsd.org/changeset/doc/53298
Log:
Regen after r350660.
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html
Modified: head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Aug 6 22:36:02 2019 (r53297)
+++ head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Aug 6 22:37:17 2019 (r53298)
@@ -13,7 +13,7 @@
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the “™” or the
- “®” symbol.
Last modified on 2019-07-09 13:44:33 UTC by gjb.
Abstract
This document lists errata items for FreeBSD 11.3-RELEASE,
+ “®” symbol.
Last modified on 2019-07-09 09:44:33 EDT by gjb.
Abstract
This document lists errata items for FreeBSD 11.3-RELEASE,
containing significant information discovered after the
release or too late in the release cycle to be otherwise
included in the release documentation. This information
@@ -35,8 +35,10 @@
errata are located at https://www.FreeBSD.org/releases/, plus any
sites which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 11.3-STABLE also
contain up-to-date copies of this document (as of the time of
- the snapshot).
[2019-07-04] An issue which can cause a crash when
connecting to a bhyve(4) instance with
a VNC client under certain circumstances
had been reported. An errata notice is planned
From owner-svn-doc-all@freebsd.org Tue Aug 6 22:36:03 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46413B01DC;
Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4638cM18p1z3HjJ;
Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1E4A72D7F;
Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76Ma2Df036323;
Tue, 6 Aug 2019 22:36:02 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76Ma2gB036321;
Tue, 6 Aug 2019 22:36:02 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908062236.x76Ma2gB036321@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Tue, 6 Aug 2019 22:36:02 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53297 -
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml
X-SVN-Commit-Revision: 53297
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 06 Aug 2019 22:36:03 -0000
Author: gjb
Date: Tue Aug 6 22:36:02 2019
New Revision: 53297
URL: https://svnweb.freebsd.org/changeset/doc/53297
Log:
Document EN-19:14, EN-19:15, SA-19:18-21.
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml
Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Aug 6 17:31:19 2019 (r53296)
+++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Aug 6 22:36:02 2019 (r53297)
@@ -112,6 +112,20 @@
System crash from Intel CPU vulnerability
mitigation
+
+
+ FreeBSD-EN-19:14.epoch
+ 6 August 2019
+ Incorrect locking
+
+
+
+ FreeBSD-EN-19:15.libunwind
+ 6 August 2019
+ Incorrect exception handling
+
Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Aug 6 17:31:19 2019 (r53296)
+++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Aug 6 22:36:02 2019 (r53297)
@@ -141,6 +141,36 @@
24 July 2019Reference count leak
+
+
+ FreeBSD-SA-19:18.bzip2
+ 6 August 2019
+ Multiple vulnerabilities
+
+
+
+ FreeBSD-SA-19:19.mldv2
+ 6 August 2019
+ Out-of-bounds memory access
+
+
+
+ FreeBSD-SA-19:20.bsnmp
+ 6 August 2019
+ Insufficient message length
+ validation
+
+
+
+ FreeBSD-SA-19:21.bhyve
+ 6 August 2019
+ Insufficient validation of guest-supplied
+ data
+
From owner-svn-doc-all@freebsd.org Wed Aug 7 15:15:49 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id B0C5DAD4D1;
Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 463Znx3nnrz3Kyv;
Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 63663E837;
Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77FFnnp028067;
Wed, 7 Aug 2019 15:15:49 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77FFnpG028065;
Wed, 7 Aug 2019 15:15:49 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908071515.x77FFnpG028065@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Wed, 7 Aug 2019 15:15:49 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53299 - in head/en_US.ISO8859-1/htdocs/releases/12.1R: .
relnotes
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases/12.1R: . relnotes
X-SVN-Commit-Revision: 53299
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 07 Aug 2019 15:15:49 -0000
Author: gjb
Date: Wed Aug 7 15:15:48 2019
New Revision: 53299
URL: https://svnweb.freebsd.org/changeset/doc/53299
Log:
- Copy 12.0R/relnotes to 12.1R/relnotes.
- Prune entries from 12.0-RELEASE.
- Split SUBDIR definitions in 12.1R/Makefile, and connect
12.1R/relnotes to the build.
Approved by: re (implicit)
Sponsored by: Rubicon Communications, LLC (Netgate)
Added:
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/
- copied from r53013, head/en_US.ISO8859-1/htdocs/releases/12.0R/relnotes/
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile Tue Aug 6 22:37:17 2019 (r53298)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile Wed Aug 7 15:15:48 2019 (r53299)
@@ -17,7 +17,10 @@ DOCS= index.xml \
DATA= docbook.css
-#SUBDIR= errata readme relnotes installation
+#SUBDIR= errata
+#SUBDIR+= readme
+SUBDIR+= relnotes
+#SUBDIR+= installation
#.if exists(${SVN})
#SUBDIR+=hardware
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/relnotes/relnotes.xml Tue May 14 05:29:50 2019 (r53013)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 15:15:48 2019 (r53299)
@@ -21,12 +21,8 @@
$FreeBSD$
-
-
-
-
- 2018
+ 2019The &os; Documentation
Project
@@ -141,55 +137,13 @@
Security Advisories
-
-
-
-
-
-
-
- Advisory
- Date
- Topic
-
-
-
-
-
- No advisories.
-
-
-
-
-
-
+ &security;
Errata Notices
-
-
-
-
-
-
-
- Errata
- Date
- Topic
-
-
-
-
-
- No errata notices.
-
-
-
-
-
-
+ &errata;
@@ -202,297 +156,44 @@
Userland Configuration Changes
- Group permissions on
- /dev/acpi have been changed to allow
- users in the operator
- GID to invoke &man.acpiconf.8; to suspend
- the system.
-
- The default &man.devfs.rules.5;
- configuration has been updated to allow &man.mount.fusefs.8;
- with &man.jail.8;.
-
- The default PAGER now
- defaults to &man.less.1; for most commands.
-
- The &man.newsyslog.8; utility has been
- updated to reject configuration entries that specify
- &man.setuid.2; or executable log files.
-
- The
- WITH_REPRODUCIBLE_BUILD &man.src.conf.5;
- knob has been enabled by default.
-
- LDNS now
- enables DANE-TA, and
- GOST has been removed.
-
- A new
- &man.src.conf.5; knob, WITH_RETPOLINE, has
- been added to enable the retpoline mitigation for userland
- builds.
+ Userland Application Changes
- xlint and the ability to build lint libraries or lint
- source code has been removed.
-
- The &man.dtrace.1; utility has been
- updated to support if and
- else statements.
-
- The legacy &man.gdb.1; utility included
- in the base system is now installed to /usr/libexec for use with
- &man.crashinfo.8;. The gdbserver
- and gdbtui utilities are no longer
- installed. For interactive debugging, &man.lldb.1; or
- a modern version of &man.gdb.1; from devel/gdb should be used. A new
- &man.src.conf.5; knob, WITHOUT_GDB_LIBEXEC
- has been added to disable building &man.gdb.1;. The
- &man.gdb.1; utility is still installed in /usr/bin on
- &arch.sparc64;.
-
- The
- &man.setfacl.1; utility has been updated to include a new
- flag, -R, used to operate recursively on
- directories.
-
- The &man.cat.1; utility has been updated
- to print output aligned the same regardless of if invoked with
- -ne or -be.
-
- The
- default bootstrap linker has been changed to &man.ld.lld.1;
- for &arch.amd64;.
-
- The &man.dhclient.8; utility has been
- updated to add a configuration knob to allow superseding the
- interface-mtu option provided by an
- incorrectly-configured DHCP server.
-
- The
- &man.asf.8; utility has been removed, as &man.kgdb.1; now
- handles kernel module state internally.
-
- The sha224(1) utility
- has been added.
-
- The &man.geli.8; utility has been
- updated to provide support for initializing multiple providers
- at once when they use the same passphrase and/or key.
-
- The
- default bootstrap linker has been changed to &man.ld.lld.1;
- for &arch.i386;.
-
- The
- default bootstrap linker has been changed to &man.ld.lld.1;
- for &arch.armv7;.
-
- The &man.dd.1; utility has been updated
- to add the status=progress option, which
- prints the status of its operation on a single line once per
- second, similar to GNU &man.dd.1;.
-
- The &man.date.1; utility has been
- updated to include a new flag, -I, which
- prints its output in ISO 8601
- formatting.
-
- The &man.bectl.8; utility has been
- added, providing an administrative interface for managing
- ZFS boot environments, similar to
- sysutils/beadm.
-
- The &man.ls.1; utility has been updated
- to include a new
- --color=when
- flag, where when can be one of
- always, auto (default),
- or never.
-
- The
- &man.bhyve.8; utility has been updated to add a new subcommand
- to the -l and -s flags,
- help, which when used, prints a list of
- supported LPC and PCI
- devices, respectively.
-
- The &man.tftp.1; utility has been
- updated to change the default transfer mode from
- ASCII to binary.
-
- The &man.last.1; utility has been
- updated to include &man.libxo.3; support.
-
- The &man.lastlogin.8; utility has been
- updated to include &man.libxo.3; support.
-
- The &man.chown.8; utility has been updated
- to prevent overflow of UID or
- GID arguments where the argument exceeded
- UID_MAX or GID_MAX,
- respectively.
-
- The &man.ctm.1; and related utilities
- have been marked as deprecated for removal in
- &os; 13.0.
+ Contributed Software
- The
- ELF Tool Chain has been updated
- to version r3614.
-
- The &man.zstd.1; utility has been updated
- to version 1.3.4.
-
- The
- &man.vt.4; Terminus BSD Console font has been updated to
- version 4.46.
-
- The &man.xz.1; utility has been updated
- to version 5.2.4.
-
- The clang,
- llvm,
- lld,
- lldb,
- compiler-rt utilities and
- libc++ have been updated to version
- 6.0.1.
-
- The bsnmp
- utility has been updated to version 1.13.
-
- The WPA utilities
- have been updated to version 2.6.
-
- The &man.ntpd.8; utility has been
- updated to allow being run as a non-root user.
-
-
- Source-based upgrades from &os; 11.x and earlier
- require the ntpd UID
- (123) and GID (123) to exist before the
- installworld target is run. See the
- "rebuild everything and install" section of
- UPDATING for the documented procedure
- for source-based upgrades for more details.
-
-
- Support for UDP-lite
- has been added to &man.dtrace.udplite.4;.
-
- The &man.file.1; utility has been
- updated to version 5.34.
-
- The lua
- utility has been updated to version 5.3.5.
-
- Support for send, receive, and
- state-change providers have been added to
- &man.dtrace.sctp.4;.
-
- The &man.ntpd.8; utility has been
- updated to version 4.2.8p12.
-
- OpenSSH has
- been updated to version 7.8p1.
-
- The &man.mandoc.1; utility has been
- updated to version 1.14.4.
-
- Additional &man.capsicum.4; support has
- been added to &man.sshd.8;.
-
- Serf has been
- updated to version 1.3.9.
-
- ACPICA has
- been updated to version 20181003.
-
- Unbound has
- been updated to version 1.8.1.
-
- The timezone database files have been
- updated to version 2018g.
-
- OpenSSL has
- been updated to version 1.1.1a.
+ Installation and Configuration Tools
- The
- &man.bsdinstall.8; installer and &man.zfsboot.8; boot code
- have been updated to allow an
- UEFI+GELI installation
- option.
+ /etc/rc.d
Scripts
- A new
- &man.rc.8; has been added to create &man.cfumass.4;
- LUNs.
-
- The &man.geli.8; &man.rc.8; script has
- been updated to include support for a new variable,
- geli_groups, which provides support to
- attach multiple providers when set in &man.rc.conf.5;.
-
- The
- &man.rc.8; subsystem has been updated to support new keywords
- in &man.rc.conf.5;, enable,
- disable, and
- delete with &man.rc.d.8; scripts and the
- &man.service.8; utility. See &man.rc.conf.5; for usage
- information.
+ Runtime Libraries and API
- The &man.getrandom.2; system call and
- &man.getentropy.3; library have been added, compatible with
- &linux; and OpenBSD implementations.
-
- The &man.arc4random.3; library has been
- updated to match the OpenBSD version 1.35.
-
- The &man.libarchive.3; library has been
- updated to version 3.3.3.
+ ABI Compatibility
- get_s(3) has been
- added.
-
- The &man.pthread.3; library has been
- updated to incorporate
- POSIX/SUSv4-2018
- compliance improvements.
-
- The &man.arc4random.3; library has been
- updated to remove arc4random_stir() and
- arc4random_addrandom().
+
@@ -506,78 +207,13 @@
Kernel Bug Fixes
- The ACPI subsystem has
- been updated to implement Device object
- types for ACPI 6.0 support, required for
- some &dell; Poweredge™ &amd; Epyc™ systems.
-
- An issue with IPv6-AH
- IPSEC padding has been fixed to match
- RFC4302.
-
- The &man.amdsmn.4; and &man.amdtemp.4;
- drivers have been updated to attach to
- &amd; Ryzen 2™ host bridges.
-
- The &man.amdtemp.4; driver has been
- updated to fix temperature reporting for &amd; 2990WX
- CPUs.
+ Kernel Configuration
- The VIMAGE kernel
- configuration option has been enabled by default.
-
- The &man.dumpon.8; utility has been
- updated to add support for compressed kernel crash dumps when
- the kernel configuration file includes the
- GZIO option. See &man.rc.conf.5; and
- &man.dumpon.8; for additional information.
-
- The &man.ext2fs.5; filesystem has been
- updated to support full read/write support for ext4.
-
- The pmtimer device
- has been removed from the &arch.i386;
- GENERIC kernel configuration. Its
- functionality is now part of &man.apm.4;.
-
- The &man.dumpon.8; utility has been
- updated to add support for &man.zstd.1;-compressed kernel
- crash dumps when the kernel configuration file includes the
- ZSTDIO option. See &man.rc.conf.5; and
- &man.dumpon.8; for additional information.
-
- A new
- &man.src.conf.5; knob,
- WITH_KERNEL_RETPOLINE, has been added to
- enable the retpoline mitigation for kernel builds.
-
- The EKCD,
- GZIO, ZSTDIO, and
- NETDUMP kernel configuration options have
- been enabled by default for &arch.amd64;, &arch.i386;,
- &arch.arm64;, &arch.powerpc;, &arch.powerpc64;, and
- &arch.sparc64; architectures.
-
- A new kernel configuration option,
- KASSERT_PANIC_OPTIONAL, has been added
- that allows runtime &man.KASSERT.9; behavior changes without
- necessarily invoking &man.panic.9;. The option is disabled
- by default.
-
- The NUMA
- option has been enabled by default in the &arch.amd64;
- GENERIC and MINIMAL
- kernel configurations.
+
@@ -590,110 +226,19 @@
Device Drivers
- The &man.random.4; device has been updated
- to allow terminating large reads with
- ^C.
-
- Support
- for the Microchip® LAN78xx™ USB3-GigE controller has
- been added.
-
- A new
- multifunction device has been added to
- &man.usb.template.4;, providing mass storage,
- CDC ACM (serial), and
- CDC ECM (ethernet)
- simultaneously.
-
- The &man.random.4; driver has been
- updated to remove the Yarrow algorithm. The Fortuna algorithm
- remains the default, and now only, available algorithm.
-
- The &man.netdump.4; driver has been added,
- providing a facility through which kernel crash dumps can be
- transmitted to a remote host after a system panic. See
- &man.netdump.4; and &man.dumpon.8; for more information and
- configuration details.
-
- The &man.random.4; driver has been
- updated to fix excessive activity during pseudo-random number
- generation.
-
- The &man.vt.4; driver has been updated
- with performance improvements, drawing text at rates ranging
- from 2- to 6-times faster.
-
- The &man.ichwd.4; driver has been updated
- to add TCO watchdog timer support for
- &intel; Lewisburg PCH (C620)
- chipsets.
+ Network Drivers
- The &man.ixl.4; driver has been updated
- to version 1.9.9-k.
-
- The &man.cxgbe.4; driver has been updated
- to provide hardware support for the
- SO_MAX_PACING_RATE &man.setsockopt.2;
- option when the kernel configuration contains the
- RATELIMIT option.
-
- The &man.ixlv.4; driver has been renamed
- to &man.iavf.4; and updated to use &man.iflib.9;. The
- &man.ixlv.4; kernel module is now a hard link to &man.iavf.4;
- for backwards compatibility for upgrading from earlier &os;
- releases.
+ Deprecated Drivers
- The
- &man.lmc.4; driver has been removed.
-
- The &man.ixgb.4; driver has been
- removed.
-
- The &man.nxge.4; driver has been
- removed.
-
- The &man.vxge.4; driver has been
- removed.
-
- The &man.jedec.ts.4; driver has been
- removed in &release.current;, and its functionality replaced
- by &man.jedec.dimm.4;.
-
- The DRM driver for
- modern graphics chipsets has been marked deprecated and marked
- for removal in &os; 13. The DRM
- kernel modules are available from graphics/drm-stable-kmod or
- graphics/drm-legacy-kmod
- in the Ports Collection as well as via &man.pkg.8;.
- Additionally, the kernel modules have been added to the lua
- &man.loader.conf.5; module_blacklist, as
- installation from the Ports Collection or &man.pkg.8; is
- strongly recommended.
-
- The following drivers have been
- deprecated in &os; 12.0, and not present in
- &os; 13.0: &man.ae.4;, &man.de.4;, &man.ed.4;,
- &man.ep.4;, &man.ex.4;, &man.fe.4;, &man.pcn.4;, &man.sf.4;,
- &man.sn.4;, &man.tl.4;, &man.tx.4;, &man.txp.4;, &man.vx.4;,
- &man.wb.4;, &man.xe.4;
+
@@ -708,136 +253,25 @@
Hardware Support
- Support for powernv POWER9
- MMU initialization has been added.
+ Graphics Support
- &os; has changed the way graphics drivers are handled on
- &arch.amd64; and &arch.i386;. Graphics drivers for modern
- ATI/&amd; and &intel; graphics cards are now available in the
- Ports Collection. The base drivers are still available and
- will be installed by default, but they lack support for
- current generation laptop and desktop systems.
-
- In most cases it is enough to install graphics/drm-kmod
- from ports or packages to install a driver appropriate for the
- system, then adding the appropriate driver to
- kld_list in &man.rc.conf.5;.
-
- For &intel; (i915) systems after Broadwell™, the
- &man.rc.conf.5; entry is:
-
- kld_list="/boot/modules/i915kms.ko"
-
- Systems with ATI/&amd; graphics cards have two options.
- Modern systems starting with the HD7000 series GPU should
- use:
-
- kld_list="/boot/modules/amdgpu.ko"
-
- Systems with cards released before the HD7000 GPU
- use:
-
- kld_list="/boot/modules/radeonkms.ko"
-
-
- Users must be added to the video
- GID after installing graphics/drm-kmod in order for
- X to start properly.
-
-
-
- There are known issues with the
- xserver driver provided by x11-drivers/xf86-video-ati
- when using graphics drivers from the base system;
- x11-drivers/xf86-video-ati-legacy
- should be used instead.
-
-
-
- There is a known issue where booting with
- UEFI and using the ATI/&amd; graphics
- driver may cause the screen to be garbled before the
- appropriate driver is loaded.
-
-
- For additional information regarding graphics support on
- &os;, please see the Graphics Wiki
- Page.
+ Virtualization Support
- Amazon® EC2™ AMI instances now
- have sysutils/amazon-ssm-agent
- installed by default, though the service is not enabled by
- default in &man.rc.conf.5;. To enable the service,
- add:
-
- >>/etc/rc.conf
- amazon_ssm_agent_enable="YES"
-
- to the EC2™ user-data.
-
- Amazon® EC2™ AMI instances now
- disable ChallengeResponseAuthentication in
- &man.sshd.config.5; by default.
-
- Amazon® EC2™ AMI instances now
- use the Amazon® internal NTP
- service by default.
-
- The &man.bhyve.8; utility has been
- updated to allow controlling CPU topology
- from userland.
-
- The
- &man.bhyve.8; utility has been updated to add
- &man.virtio.scsi.4; storage support.
-
- The
- &man.bhyve.8; utility has been updated to add
- NVMe device emulation.
-
- A new &man.sysctl.8;,
- security.jail.vmm_allowed, has been added,
- which when set to 1 allows &man.bhyve.8;
- use within a &man.jail.8;.
-
- Amazon® EC2™ AMI instances now
- disable the PS/2 keyboard and mouse devices by default,
- reducing overall boot time by 2.5 seconds.
+ ARM Support
- Support
- for the USB OTG serial
- terminal has been enabled on &arch.arm; systems by
- default.
-
- The &arch.armv6; and &arch.armv7; images
- now default to boot with EFI.
-
- Support has been added for building
- &arch.arm64; images for the PINE64-LTS
- system.
-
- Support
- for &man.capsicum.4; has been enabled on &arch.armv6; and
- &arch.armv7; by default.
+
@@ -850,73 +284,19 @@
General Storage
- The
- UFS/FFS filesystem
- has been updated to support check hashes to cylinder-group
- maps. Support for check hashes is available only for
- UFS2.
-
- The
- CAM Target Layer (CTL)
- frontend and backend options have been overhauled to use
- &man.nv.3; allowing creating multiple &man.ioctl.2; frontend
- ports.
-
- The default &man.auto.master.5;
- configuration has been updated to add the
- noautoro &man.automount.8; flag to the
- /media mount
- point (commented by default).
-
- The
- UFS/FFS filesystem has
- been updated to consolidate
- TRIM/BIO_DELETE
- commands, reducing read/write requests due to fewer
- TRIM messages being sent
- simultaneously.
-
- TRIM consolidation
- support has been enabled by default in the
- UFS/FFS filesystem.
- TRIM consolidation can be disabled by
- setting the vfs.ffs.dotrimcons
- &man.sysctl.8; to 0, or adding
- vfs.ffs.dotrimcons=0 to
- &man.sysctl.conf.5;.
-
- The &man.geom.8; utility has been
- updated to add a new flag, -p, which
- prints the GEOM class of the specified
- provider.
-
- The &man.geom.8; utility has been
- updated to add a new flag, -t, which
- prints the GEOM hierarchy.
+ Networked Storage
- The NFS version 4.1
- server has been updated to include pNFS
- server support.
+ ZFS
- ZFS has been updated
- to include new &man.sysctl.8;s,
- vfs.zfs.arc_min_prefetch_ms and
- vfs.zfs.arc_min_prescient_prefetch_ms,
- which improve performance of the &man.zpool.8;
- scrub subcommand.
+
@@ -929,45 +309,7 @@
Boot Loader Changes
- The lua &man.loader.8; has been updated to
- detect a list of installed kernels to boot.
-
- The &man.loader.8; has been updated to
- support &man.geli.8; for all architectures and all disk-like
- devices.
-
- The &man.init.8; utility has been
- updated to be able to run an executable written in languages
- other than &man.sh.1;, such as
- Python, for example.
-
- The
- &man.loader.8; has been updated to add support for loading
- &intel; microcode updates early during the boot
- process.
-
- A new &man.kenv.1; variable,
- init_exec, has been added to &man.loader.8;
- which allows &man.init.8; to execute a file after opening the
- console, replacing &man.init.8; as PID
- 1.
-
- The default &man.libstand.3; interpreter
- has been changed to Lua.
-
- The lua &man.loader.8; has been updated
- to support module blacklists.
-
- The default lua &man.loader.conf.5; has
- been updated to include the
- kernels_autodetect option, which defaults
- to YES, supplementing the &man.loader.8;
- support to list available kernels to boot introduced in
- revision 329501.
+
@@ -980,45 +322,13 @@
General Network
- The
- &man.carp.4; interface has been updated to keep the state as
- INIT instead of MASTER
- when the net.inet.carp.allow &man.sysctl.8;
- is set to 0.
-
- The &man.pf.4; packet filter is now usable within
- a &man.jail.8; using &man.vnet.9;.
-
- The &man.pf.4; packet filter has been
- updated to use &man.rmlock.9; instead of &man.rwlock.9;,
- resulting in significant performance improvements.
-
- The SO_REUSEPORT_LB
- option has been added to the network stack, allowing multiple
- programs or threads to bind to the same port, and incoming
- connections load balanced using a hash function.
-
- The &man.pf.4; ioctl interface and
- &man.pfctl.8; now support &man.altq.4; bandwidth parameters of
- 2^32 bps or greater. The
- HFSC discipline has been upgraded to
- operate correctly with bandwidth parameters up to 100 Gbps,
- and bandwidth parameters supplied to the non-upgraded
- disciplines will now be saturated at the prior 32-bit
- limit.
+ Network Protocols
- Support for token-ring networks has
- been removed.
-
- Support for the Arcnet protocol has
- been removed.
+
@@ -1032,17 +342,7 @@
Packaging Changes
- The &man.pkg.8; utility has been updated to verson
- 1.10.5_5.
-
- KDE has been updated to version
- 5.12.5.
-
- Perl has been updated to
- version 5.26.2.
-
- Python has been updated to
- version 2.7.
+
@@ -1055,9 +355,7 @@
Documentation Source Changes
- The
- &man.arch.7; manual page has been added, containing details
- specific to certain architectures.
+
@@ -1070,17 +368,7 @@
Integration Changes
- The
- &os;/&arch.i386; memory stick installation images have been
- changed to use the MBR partitioning scheme
- instead of GPT to address boot issues with
- some BIOSes.
-
- The
- &os;/&arch.amd64; memory stick installation images have been
- changed to use the MBR partitioning scheme
- instead of GPT to address boot issues with
- some BIOSes.
+
From owner-svn-doc-all@freebsd.org Wed Aug 7 20:16:51 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 406A5B6757;
Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 463jTH0zjnz4H9m;
Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 04AEA1A04D;
Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77KGoaT015304;
Wed, 7 Aug 2019 20:16:50 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77KGodJ015302;
Wed, 7 Aug 2019 20:16:50 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908072016.x77KGodJ015302@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Wed, 7 Aug 2019 20:16:50 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53300 - in head/en_US.ISO8859-1/htdocs/releases/12.1R:
relnotes share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases/12.1R: relnotes
share/xml
X-SVN-Commit-Revision: 53300
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 07 Aug 2019 20:16:51 -0000
Author: gjb
Date: Wed Aug 7 20:16:50 2019
New Revision: 53300
URL: https://svnweb.freebsd.org/changeset/doc/53300
Log:
Release notes documentation:
- r340444: ctm(1) deprecation.
- r342705: ktrdump(8) '-l' flag addition.
- r343281: bearssl import.
- r343940: timed(8) deprecation.
- r344667: ipfw(8) fix showing headers outside of 'all'.
- r344688: trim(1) addition.
- r344884: ntpd(8) version 4.2.8p13.
- r345487: sh(1) '-o pipefail' addition.
- r345569: lockf(1) return EX_UNAVAILABLE when no lock file with '-n'.
- r346980: WPA version 2.7.
- r346986: tcpdump(8) '-E' flag disables capsicum(4).
- r346987: bsnmpd(1) IPv6 transport support.
- r347384: camcontrol(8) ATA power mode support.
- r347752: mlx5tool(8) userspace firmware update support.
- r348233: GRE-in-UDP encapsulation support (RFC 8086).
- r348341: OpenSSL version 1.1.1c.
- r349013: mandoc(1) version 1.14.5.
- r349523: libarchive(3) version 3.4.0.
- r349597: tzdata 2019b.
- r349717: bzip2(1) version 1.0.7.
- r350256: clang (and friends) updated to 8.0.1.
- r350634: bzip2recover addition.
While here:
- Add Mellanox to the sponsors.ent file.
- Fix the sponsors.ent entry for Netgate.
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 15:15:48 2019 (r53299)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:50 2019 (r53300)
@@ -162,15 +162,96 @@
Userland Application Changes
-
+ The &man.lockf.1; utility has been
+ updated to return EX_UNAVAILABLE if the
+ -n flag is used and the lock file does not
+ exist.
+
+ The &man.ktrdump.8; utility has been
+ updated to include the -l flag which
+ enables "live" mode when specified.
+
+ The &man.mlx5tool.8; utility has been
+ updated to implement firmware update capability for
+ ConnectX-4®, ConnectX-5®, and ConnectX-6®.
+
+ The &man.gzip.1; utility has been
+ updated to add -l support for &man.xz.1;
+ files.
+
+ The &man.trim.8; utility has been added,
+ which deletes content for blocks on flash-based storage
+ devices that use wear-leveling algorithms.
+
+ The &man.sh.1; utility has been updated
+ to include a new pipefail option, which
+ when set, changes the exit status of a pipeline to the last
+ non-zero exit status of any command in the pipeline.
+
+ The &man.posixshmcontrol.1; utility has
+ been added.Contributed Software
-
+ BearSSL has
+ been imported to the base system.
+
+ The &man.ntpd.8; suite of utilities have
+ been updated to version 4.2.8p13.
+
+ The WPA utilities
+ have been updated to version 2.7.
+
+ The &man.tcpdump.1; utility has been
+ updated to disable &man.capsicum.4; support when the
+ -E flag is used.
+
+ The &man.bsnmpd.1; utility has been
+ updated to includeIPv6 transport
+ support.
+
+ OpenSSL has
+ been updated to version 1.1.1c.
+
+ The &man.mandoc.1; utility has been
+ updated to version 1.14.5.
+
+ The &man.libarchive.3; library has
+ been updated to version 3.4.0.
+
+ The timezone database files have been
+ updated to version 2019b.
+
+ The &man.bzip2.1; utility has been
+ updated to version 1.0.7.
+
+ The clang,
+ llvm,
+ lld,
+ lldb,
+ compiler-rt utilities and
+ libc++ have been updated to version
+ 8.0.1.
+
+ The
+ bzip2recover utility has been
+ added.
+
+ Deprecated Applications
+
+ The &man.ctm.1; utility has been marked
+ as deprecated, and has been removed in &os; 13.0.
+
+ The &man.timed.8; utility has been
+ marked as deprecated, and has been removed in
+ &os; 13.0.
+
+
Installation and Configuration Tools
@@ -284,7 +365,10 @@
General Storage
-
+ The &man.camcontrol.8; utility has been
+ updated to add ATA power mode
+ support.
@@ -322,7 +406,19 @@
General Network
-
+ The &man.ipfw.8; utility has been
+ updated to fix showing headers outside of "all"
+ when executing ipfw table list.
+
+ Support for NAT64
+ CLAT has been added, as defined in
+ RFC6877.
+
+ Support for
+ GRE-in-UDP encapsulation
+ has been added, as defined in
+ RFC8086.
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent Wed Aug 7 15:15:48 2019 (r53299)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent Wed Aug 7 20:16:50 2019 (r53300)
@@ -45,13 +45,14 @@
+
-
+
From owner-svn-doc-all@freebsd.org Wed Aug 7 20:16:52 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id B66BEB677C;
Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 463jTJ4KhBz4H9r;
Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5DFD91A04E;
Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77KGqe1015343;
Wed, 7 Aug 2019 20:16:52 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77KGqx2015342;
Wed, 7 Aug 2019 20:16:52 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908072016.x77KGqx2015342@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Wed, 7 Aug 2019 20:16:52 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53301 -
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes
X-SVN-Commit-Revision: 53301
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 07 Aug 2019 20:16:52 -0000
Author: gjb
Date: Wed Aug 7 20:16:51 2019
New Revision: 53301
URL: https://svnweb.freebsd.org/changeset/doc/53301
Log:
Release notes documentation:
- Populate the Security Advisories and Errata Notices sections
with the contents of the 12.0R/share/xml/{security,errata}.xml
files.
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:50 2019 (r53300)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:51 2019 (r53301)
@@ -137,13 +137,311 @@
Security Advisories
- &security;
+
+
+
+
+
+
+
+ Advisory
+ Date
+ Topic
+
+
+
+
+
+ FreeBSD-SA-18:15.bootpd
+ 19 December 2018
+ Buffer overflow
+
+
+
+ FreeBSD-SA-19:01.syscall
+ 5 February 2019
+ Kernel data register leak
+
+
+
+ FreeBSD-SA-19:02.fd
+ 5 February 2019
+ File description reference count
+ leak
+
+
+
+ FreeBSD-SA-19:03.wpa
+ 14 May 2019
+ Multiple vulnerabilities
+
+
+
+ FreeBSD-SA-19:04.ntp
+ 14 May 2019
+ Authenticated denial of service in
+ &man.ntpd.8;
+
+
+
+ FreeBSD-SA-19:05.pf
+ 14 May 2019
+ IPv6 fragment reassembly panic in
+ &man.pf.4;
+
+
+
+ FreeBSD-SA-19:06.pf
+ 14 May 2019
+ ICMP/ICMP6 packet filter bypass in
+ &man.pf.4;
+
+
+
+ FreeBSD-SA-19:07.mds
+ 14 May 2019
+ Microarchitectural Data
+ Sampling
+
+
+
+ FreeBSD-SA-19:08.rack
+ 19 June 2019
+ Resource exhaustion in non-default RACK TCP
+ stack
+
+
+
+ FreeBSD-SA-19:09.iconv
+ 2 July 2019
+ &man.iconv.3; buffer
+ overflow
+
+
+
+ FreeBSD-SA-19:10.ufs
+ 2 July 2019
+ Kernel stack disclosure
+
+
+
+ FreeBSD-SA-19:11.cd_ioctl
+ 2 July 2019
+ Privilege escalation in
+ &man.cd.4;
+
+
+
+ FreeBSD-SA-19:12.telnet
+ 24 July 2019
+ Multiple vulnerabilities
+
+
+
+ FreeBSD-SA-19:13.pts
+ 24 July 2019
+ Write-after-free
+ vulnerability
+
+
+
+ FreeBSD-SA-19:15.mqueuefs
+ 24 July 2019
+ Reference count overflow
+
+
+
+ FreeBSD-SA-19:16.bhyve
+ 24 July 2019
+ &man.xhci.4; out-of-bounds
+ read
+
+
+
+ FreeBSD-SA-19:17.fd
+ 24 July 2019
+ Reference count leak
+
+
+
+ FreeBSD-SA-19:18.bzip2
+ 6 August 2019
+ Multiple vulnerabilities
+
+
+
+ FreeBSD-SA-19:19.mldv2
+ 6 August 2019
+ Out-of-bounds memory access
+
+
+
+ FreeBSD-SA-19:20.bsnmp
+ 6 August 2019
+ Insufficient message length
+ validation
+
+
+
+ FreeBSD-SA-19:21.bhyve
+ 6 August 2019
+ Insufficient validation of guest-supplied
+ data
+
+
+
+ Errata Notices
- &errata;
+
+
+
+
+
+
+
+ Errata
+ Date
+ Topic
+
+
+
+
+
+ FreeBSD-EN-19:01.cc_cubic
+ 9 January 2019
+ Connection stalls with CUBIC congestion
+ control
+
+
+
+ FreeBSD-EN-19:02.tcp
+ 9 January 2019
+ TCP connections may stall and eventually
+ fail in case of packet loss
+
+
+
+ FreeBSD-EN-19:03.sqlite
+ 9 January 2019
+ sqlite update
+
+
+
+ FreeBSD-EN-19:04.tzdata
+ 9 January 2019
+ Timezone database information
+ update
+
+
+
+ FreeBSD-EN-19:06.dtrace
+ 5 February 2019
+ DTrace incompatibility with SMAP-enabled
+ systems
+
+
+
+ FreeBSD-EN-19:07.lle
+ 5 February 2019
+ LLE table lookup code race
+ condition
+
+
+
+ FreeBSD-EN-19:08.tzdata
+ 14 May 2019
+ Timezone database information
+ update
+
+
+
+ FreeBSD-EN-19:09.xinstall
+ 14 May 2019
+ &man.install.1; broken with partially
+ matching relative paths
+
+
+
+ FreeBSD-EN-19:10.scp
+ 14 May 2019
+ Insufficient filename validation in
+ &man.scp.1; client
+
+
+
+ FreeBSD-EN-19:11.net
+ 19 June 2019
+ Incorrect locking in networking
+ stack
+
+
+
+ FreeBSD-EN-19:12.tzdata
+ 2 July 2019
+ Timezone database information
+ update
+
+
+
+ FreeBSD-EN-19:13.mds
+ 24 July 2019
+ System crash from Intel CPU vulnerability
+ mitigation
+
+
+
+ FreeBSD-EN-19:14.epoch
+ 6 August 2019
+ Incorrect locking
+
+
+
+ FreeBSD-EN-19:15.libunwind
+ 6 August 2019
+ Incorrect exception handling
+
+
+
+
From owner-svn-doc-all@freebsd.org Wed Aug 7 23:43:10 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id B4409BBC72;
Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 463p3L49gCz4VLq;
Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 70DA81C635;
Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77NhAb7042117;
Wed, 7 Aug 2019 23:43:10 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77NhAVw042116;
Wed, 7 Aug 2019 23:43:10 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908072343.x77NhAVw042116@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Wed, 7 Aug 2019 23:43:10 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53302 - head/en_US.ISO8859-1/articles/freebsd-releng
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/freebsd-releng
X-SVN-Commit-Revision: 53302
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Wed, 07 Aug 2019 23:43:10 -0000
Author: gjb
Date: Wed Aug 7 23:43:10 2019
New Revision: 53302
URL: https://svnweb.freebsd.org/changeset/doc/53302
Log:
Update the freebsd-releng article to note to move the REPRODUCIBLE_BUILD
knob from __DEFAULT_NO_OPTIONS to __DEFAULT_YES_OPTIONS.
Submitted by: jhb
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml
Modified: head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml Wed Aug 7 20:16:51 2019 (r53301)
+++ head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml Wed Aug 7 23:43:10 2019 (r53302)
@@ -113,6 +113,13 @@
+ stable/12/share/mk/src.opts.mk
+ Move REPRODUCIBLE_BUILD from
+ __DEFAULT_NO_OPTIONS to
+ __DEFAULT_YES_OPTIONS
+
+
+ stable/12/libexec/rc/rc.confSet dumpdev from
AUTO to NO (it is
From owner-svn-doc-all@freebsd.org Fri Aug 9 20:24:01 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD044A928A;
Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 464xXd56GQz414H;
Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9250A1B147;
Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x79KO1r4039391;
Fri, 9 Aug 2019 20:24:01 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x79KO1tM039390;
Fri, 9 Aug 2019 20:24:01 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201908092024.x79KO1tM039390@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Fri, 9 Aug 2019 20:24:01 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r53303 -
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes
X-SVN-Commit-Revision: 53303
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Fri, 09 Aug 2019 20:24:01 -0000
Author: gjb
Date: Fri Aug 9 20:24:01 2019
New Revision: 53303
URL: https://svnweb.freebsd.org/changeset/doc/53303
Log:
Release notes documentation:
- r346331: libomp addition.
- r347110: net.inet.tcp.rexmit_initial sysctl addition.
- r349930: swapon(8) support to trim swap devices.
- r343735: pci_vendors version 2019.02.29.
- r350297: lld enabled as system linker on i386.
While here, move an entry mis-sorted by revision number.
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 23:43:10 2019 (r53302)
+++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Fri Aug 9 20:24:01 2019 (r53303)
@@ -469,11 +469,6 @@
updated to include the -l flag which
enables "live" mode when specified.
- The &man.mlx5tool.8; utility has been
- updated to implement firmware update capability for
- ConnectX-4®, ConnectX-5®, and ConnectX-6®.
-
The &man.gzip.1; utility has been
updated to add -l support for &man.xz.1;
files.
@@ -487,8 +482,19 @@
when set, changes the exit status of a pipeline to the last
non-zero exit status of any command in the pipeline.
+ The &man.mlx5tool.8; utility has been
+ updated to implement firmware update capability for
+ ConnectX-4®, ConnectX-5®, and ConnectX-6®.
+
The &man.posixshmcontrol.1; utility has
been added.
+
+ The &man.swapon.8; utility has been
+ updated to invoke BIO_DELETE to trim
+ swap devices if either the -E flag is used
+ on the command line, or if the trimonce
+ option is included in &man.fstab.5;.
@@ -534,6 +540,10 @@
libc++ have been updated to version
8.0.1.
+ The
+ lld linker has been enabled by
+ default for &arch.i386;.
+
The
bzip2recover utility has been
added.
@@ -566,7 +576,8 @@
Runtime Libraries and API
-
+ The libomp library
+ has been added.
@@ -583,6 +594,13 @@
tuning, and system control parameters that are not otherwise
categorized.
+
+ General Kernel Changes
+
+ The pci_vendors
+ list has been updated to version 2019.01.29.
+
+
Kernel Bug Fixes
@@ -712,6 +730,13 @@
sponsor="&yandex;">Support for NAT64
CLAT has been added, as defined in
RFC6877.
+
+ The
+ net.inet.tcp.rexmit_initial &man.sysctl.8;
+ has been added, used for setting
+ RTO.Initial, used by
+ TCP.Support for
GRE-in-UDP encapsulation