From owner-svn-doc-all@freebsd.org Sun Mar 4 17:11:30 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 472F4F44AD4; Sun, 4 Mar 2018 17:11:30 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE99E83DF2; Sun, 4 Mar 2018 17:11:29 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D97C9183D4; Sun, 4 Mar 2018 17:11:29 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w24HBTcM053945; Sun, 4 Mar 2018 17:11:29 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w24HBTG8053944; Sun, 4 Mar 2018 17:11:29 GMT (envelope-from dim@FreeBSD.org) Message-Id: <201803041711.w24HBTG8053944@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Sun, 4 Mar 2018 17:11:29 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51459 - head/en_US.ISO8859-1/books/porters-handbook/versions X-SVN-Group: doc-head X-SVN-Commit-Author: dim X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/versions X-SVN-Commit-Revision: 51459 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Mar 2018 17:11:30 -0000 Author: dim (src committer) Date: Sun Mar 4 17:11:29 2018 New Revision: 51459 URL: https://svnweb.freebsd.org/changeset/doc/51459 Log: Document __FreeBSD_version value 1200060 (upgrading clang, llvm, lld, lldb, compiler-rt and libc++ to 6.0.0 release). PR: 224669 Modified: head/en_US.ISO8859-1/books/porters-handbook/versions/chapter.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/versions/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/versions/chapter.xml Sat Mar 3 20:55:41 2018 (r51458) +++ head/en_US.ISO8859-1/books/porters-handbook/versions/chapter.xml Sun Mar 4 17:11:29 2018 (r51459) @@ -598,6 +598,14 @@ is spelled &, < is < and > is >. struct semid_ds and struct msgid_ds. + + + 1200060 + r330384 + March 4, 2018 + 12.0-CURRENT after upgrading clang, llvm, lld, + lldb, compiler-rt and libc++ to 6.0.0 release. + From owner-svn-doc-all@freebsd.org Sun Mar 4 18:34:16 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D17EF25ACA; Sun, 4 Mar 2018 18:34:16 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C435E68ABB; Sun, 4 Mar 2018 18:34:15 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BF36C19167; Sun, 4 Mar 2018 18:34:15 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w24IYFCJ097736; Sun, 4 Mar 2018 18:34:15 GMT (envelope-from eadler@FreeBSD.org) Received: (from eadler@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w24IYF2K097735; Sun, 4 Mar 2018 18:34:15 GMT (envelope-from eadler@FreeBSD.org) Message-Id: <201803041834.w24IYF2K097735@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eadler set sender to eadler@FreeBSD.org using -f From: Eitan Adler Date: Sun, 4 Mar 2018 18:34:15 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51460 - head/en_US.ISO8859-1/books/handbook/zfs X-SVN-Group: doc-head X-SVN-Commit-Author: eadler X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/zfs X-SVN-Commit-Revision: 51460 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Mar 2018 18:34:16 -0000 Author: eadler Date: Sun Mar 4 18:34:15 2018 New Revision: 51460 URL: https://svnweb.freebsd.org/changeset/doc/51460 Log: handbook: stop talking about older FreeBSD versions FreeBSD 9.x is no longer supported. Modified: head/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/zfs/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Sun Mar 4 17:11:29 2018 (r51459) +++ head/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Sun Mar 4 18:34:15 2018 (r51460) @@ -3517,15 +3517,6 @@ vfs.zfs.vdev.cache.size="5M" by a name and a GUID. The features available are determined by the ZFS version number on the pool. - - - &os; 9.0 and 9.1 include support for - ZFS version 28. Later versions - use ZFS version 5000 with feature - flags. The new feature flags system allows greater - cross-compatibility with other implementations of - ZFS. - @@ -4034,11 +4025,6 @@ vfs.zfs.vdev.cache.size="5M" can often compress at over 500 MB/s, and decompress at over 1.5 GB/s (per single CPU core). - - - LZ4 compression is - only available after &os; 9.2. - From owner-svn-doc-all@freebsd.org Mon Mar 5 15:50:48 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C641F39B20; Mon, 5 Mar 2018 15:50:48 +0000 (UTC) (envelope-from rodrigo@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B1197F5AB; Mon, 5 Mar 2018 15:50:48 +0000 (UTC) (envelope-from rodrigo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 05FE025CB9; Mon, 5 Mar 2018 15:50:48 +0000 (UTC) (envelope-from rodrigo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w25Folgl039889; Mon, 5 Mar 2018 15:50:47 GMT (envelope-from rodrigo@FreeBSD.org) Received: (from rodrigo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w25FolFh039888; Mon, 5 Mar 2018 15:50:47 GMT (envelope-from rodrigo@FreeBSD.org) Message-Id: <201803051550.w25FolFh039888@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rodrigo set sender to rodrigo@FreeBSD.org using -f From: Rodrigo Osorio Date: Mon, 5 Mar 2018 15:50:47 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51461 - head/en_US.ISO8859-1/books/handbook/advanced-networking X-SVN-Group: doc-head X-SVN-Commit-Author: rodrigo X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/advanced-networking X-SVN-Commit-Revision: 51461 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 15:50:48 -0000 Author: rodrigo (ports committer) Date: Mon Mar 5 15:50:47 2018 New Revision: 51461 URL: https://svnweb.freebsd.org/changeset/doc/51461 Log: update/correct the Handbook Diskless operations chapter - Add the -maproot=root to the NFS export configuration - Mention base archive from the ftp server as an alternative way to install the base system - Fix the usage - Add details about how to use md_size files to increase the default mfs size for /var and /etc PR: 213175 Submitted by: Natacha Porte Reviewed by: sevan bcr ian Approved by: ian sevan Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14336 Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Sun Mar 4 18:34:15 2018 (r51460) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Mon Mar 5 15:50:47 2018 (r51461) @@ -3898,7 +3898,7 @@ ifconfig_lagg0NFS by adding the following to /etc/exports: - /b -ro -alldirs + /b -ro -alldirs -maproot=root @@ -3937,25 +3937,19 @@ ifconfig_lagg0 - Rebuild the &os; kernel and userland (refer to for more detailed - instructions): - - &prompt.root; cd /usr/src -&prompt.root; make buildworld -&prompt.root; make buildkernel + Install the base system into + ${NFSROOTDIR}, either by + decompressing the official archives or by rebuilding + the &os; kernel and userland (refer to + for more detailed + instructions, but do not forget to add + + when running the + make installkernel and + make installworld commands. - Install &os; into the directory mounted over - NFS: - - &prompt.root; make installworld DESTDIR=${NFSROOTDIR} -&prompt.root; make installkernel DESTDIR=${NFSROOTDIR} -&prompt.root; make distribution DESTDIR=${NFSROOTDIR} - - - Test that the TFTP server works and can download the boot loader which will be obtained via PXE: @@ -4026,7 +4020,16 @@ Received 264951 bytes in 0.1 seconds /etc and /var will be created and mounted and the contents of the cpio.gz files will be copied into - them. + them. By default, these file systems have a maximum capacity + of 5 megabytes. If your archives do not fit, which is + usually the case for /var when binary + packages have been installed, request a larger size by putting + the number of 512 byte sectors needed (e.g., 5 megabytes + is 10240 sectors) in + ${NFSROOTDIR}/conf/base/etc/md_size and + ${NFSROOTDIR}/conf/base/var/md_size + files for /etc and + /var file systems respectively. From owner-svn-doc-all@freebsd.org Tue Mar 6 12:55:32 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A516EF2F304; Tue, 6 Mar 2018 12:55:32 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 425D675C0F; Tue, 6 Mar 2018 12:55:32 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CCC513213; Tue, 6 Mar 2018 12:55:32 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w26CtWKL076252; Tue, 6 Mar 2018 12:55:32 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w26CtWU6076251; Tue, 6 Mar 2018 12:55:32 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201803061255.w26CtWU6076251@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Tue, 6 Mar 2018 12:55:32 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51462 - head/en_US.ISO8859-1/books/handbook/jails X-SVN-Group: doc-head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/jails X-SVN-Commit-Revision: 51462 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 12:55:32 -0000 Author: emaste (src committer) Date: Tue Mar 6 12:55:31 2018 New Revision: 51462 URL: https://svnweb.freebsd.org/changeset/doc/51462 Log: Document jail.conf Jail configuration jail.conf is the preferred method of configuring jails in all supported FreeBSD versions. Older rc.conf(5) configuration produces a warning. Update the handbook example to match based on the submission in the PR, with a few modifications. PR: 187142 Submitted by: Jack-Benny Persson Reviewed by: bcr, eadler Approved by: bcr, eadler Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14524 Modified: head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/jails/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Mon Mar 5 15:50:47 2018 (r51461) +++ head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Tue Mar 6 12:55:31 2018 (r51462) @@ -313,46 +313,41 @@ - A list of the jails which are enabled to start at boot - time should be added to the &man.rc.conf.5; file: + Configure jail parameters in + jail.conf: + www { + host.hostname = www.example.org; # Hostname + ip4.addr = 192.168.0.10; # IP address of the jail + path ="/usr/jail/www"; # Path to the jail + devfs_ruleset = "www_ruleset"; # devfs ruleset + mount.devfs; # Mount devfs inside the jail + exec.start = "/bin/sh /etc/rc"; # Start command + exec.stop = "/bin/sh /etc/rc.shutdown"; # Stop command +} - jail_enable="YES" # Set to NO to disable starting of any jails -jail_list="www" # Space separated list of names of jails + Configure jails to start at boot time in + rc.conf: - - Jail names in jail_list should - contain alphanumeric characters only. - - + jail_enable="YES" # Set to NO to disable starting of any jails - - For each jail listed in jail_list, a - group of &man.rc.conf.5; settings, which describe the - particular jail, should be added: - - jail_www_rootdir="/usr/jail/www" # jail's root directory -jail_www_hostname="www.example.org" # jail's hostname -jail_www_ip="192.168.0.10" # jail's IP address -jail_www_devfs_enable="YES" # mount devfs in the jail - The default startup of jails configured in - &man.rc.conf.5;, will run the /etc/rc + &man.jail.conf.5;, will run the /etc/rc script of the jail, which assumes the jail is a complete virtual system. For service jails, the default startup command of the jail should be changed, by setting the - jail_jailname_exec_start + exec.start option appropriately. For a full list of available options, please see the - &man.rc.conf.5; manual page. + &man.jail.conf.5; manual page. &man.service.8; can be used to start or stop a jail by hand, if an entry for it exists in - rc.conf: + jail.conf: &prompt.root; service jail start www &prompt.root; service jail stop www From owner-svn-doc-all@freebsd.org Wed Mar 7 06:45:10 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B3E0F30FE4; Wed, 7 Mar 2018 06:45:10 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D3432814E1; Wed, 7 Mar 2018 06:45:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA5341DF46; Wed, 7 Mar 2018 06:45:09 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w276j9sp013133; Wed, 7 Mar 2018 06:45:09 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w276j8Gb013118; Wed, 7 Mar 2018 06:45:08 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803070645.w276j8Gb013118@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 06:45:08 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51463 - in head/share: security/advisories security/patches/EN-18:01 security/patches/EN-18:02 security/patches/SA-18:01 security/patches/SA-18:02 xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/EN-18:01 security/patches/EN-18:02 security/patches/SA-18:01 security/patches/SA-18:02 xml X-SVN-Commit-Revision: 51463 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 06:45:10 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 06:45:08 2018 New Revision: 51463 URL: https://svnweb.freebsd.org/changeset/doc/51463 Log: Add SA-18:01, SA-18:02, EN-18:01, EN-18:02. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-18:02.file.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc (contents, props changed) head/share/security/patches/EN-18:01/ head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/ head/share/security/patches/EN-18:02/file-10.3.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/file-10.4.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/file-11.patch.asc (contents, props changed) head/share/security/patches/SA-18:01/ head/share/security/patches/SA-18:01/ipsec-10.patch.asc (contents, props changed) head/share/security/patches/SA-18:01/ipsec-11.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ head/share/security/patches/SA-18:02/ntp-10.3.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ntp-10.4.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ntp-11.1.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-18:01.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2018-03-07 +Credits: Philip Paeps +Affects: All supported versions of FreeBSD +Corrected: 2018-01-27 13:29:55 UTC (stable/11, 11.1-STABLE) + 2018-03-07 06:01:44 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-01-27 13:34:14 UTC (stable/10, 10.4-STABLE) + 2018-03-07 06:01:44 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 06:01:44 UTC (releng/10.3, 10.3-RELEASE-p27) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The tzsetup(8) program allows the user to specify the default local timezone. +Based on the selected timezone, tzsetup(8) copies one of the files from +/usr/share/zoneinfo to /etc/localtime. This file actually controls the +conversion. + +II. Problem Description + +Several changes in Daylight Savings Time happened after previous FreeBSD +releases were released that would affect many people who live in different +countries. Because of these changes, the data in the zoneinfo files need to +be updated, and if the local timezone on the running system is affected, +tzsetup(8) needs to be run so the /etc/localtime is updated. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected timezones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated timezone database from the +misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Please note that some third party software, for instance PHP, Ruby, Java and +Perl, may be using different zoneinfo data source, in such cases this +software must be updated separately. For software packages that is installed +via binary packages, they can be upgraded by executing `pkg upgrade'. + +Following the instructions in this Errata Notice will update all of the +zoneinfo files to be the same as what was released with FreeBSD release. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Restart all the affected +applications and daemons, or reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-18:01/tzdata-2018c.patch +# fetch https://security.FreeBSD.org/patches/EN-18:01/tzdata-2018c.patch.asc +# gpg --verify tzdata-2018c.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r328476 +releng/10.3/ r330568 +releng/10.4/ r330568 +stable/11/ r328475 +releng/11.1/ r330568 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhfZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJp7Q//fHWkVYNLtrjtWwhWdklnNdJq16V4Jnvd4bniw9O9tlWBZlQPwFB4Ez/l +GNLqamLhgakaFXFE9oISjqn1LvNZOoaIDKHVs9KRkTEWpGZaIVRVPyHkZsGImG4A +ale+8grJBcyepZPxXGbmEcPsrGPlOs5M3LsQabwEvuPW8yf9CLAh5IOkmD7r7qMJ +zbhLKW/rKQOq9Weka3XZSuVXXi1h536tmGPkQoj0S+k73d0X67E5jlFCOFo8Q/yh +qqsIXRNrvvfieVujUtTRwYrbCi6Omngj6lNZWCOO7QUNKd0YoEgsdj/tAxZ+cwwn +Z7J55ARBD+/dkRAFbZaqryPFuznDA3+bPS/oKJfyVdIDWC4gT38L8WUFMSRpeFbr +BdZMUdoxvj2NRjRejgO/kii7JDzg2+nztGmt8hw0z4lNt5ZXIc2W4+ou7oEaAr5i +YoM95ZxwnNe5JEgYXWOJ8f4krB1GICLk0KQZ38P1kP2jQRs52OtQKNBRw3UVZLEV +SnFSACTNYSQzE3CajEgVQ/cfg3+KMA0fYbYdmA5ZXekQqjSMPeqrui/z+9C57Bjm +6+4qTpzST8oJbNBOGlU2uncIcYllaWSrMQ2kRWmq73O/PUMhoPhukahPeYEMj8PR +STD8RLoN9Rp+6GdZfLndLBl6ZJHOFKY0yd6NYsGlj7AsjJwsgKw= +=mVpJ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-18:02.file.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-18:02.file.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-18:02.file Errata Notice + The FreeBSD Project + +Topic: Version and security update of file(1) and libmagic(3) + +Category: contrib +Module: file +Announced: 2018-03-07 +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-05 08:20:11 UTC (stable/11, 11.1-STABLE) + 2018-03-07 06:04:25 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-02-05 08:50:34 UTC (stable/10, 10.4-STABLE) + 2018-03-07 06:04:25 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 06:04:25 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2017-1000249 + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The file(1) utility attempts to classify file system objects based on +filesystem, magic number and language tests. + +The libmagic(3) library provides most of the functionality of file(1) and +may be used by other applications. + +II. Problem Description + +The file(1) utility contains a stack based buffer overflow when parsing +a specially crafted input file. + +III. Impact + +The issue lets an attacker overwrite a fixed 20 bytes stack buffer with +with a specially crafted .notes section in an ELF binary file. + +IV. Workaround + +No workaround is available, but systems where file(1) and other applications +using libmagic(3) are never run on untrusted input are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.3] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.3.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.3.patch.asc +# gpg --verify file-10.3.patch.asc + +[FreeBSD 10.4] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.4.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.4.patch.asc +# gpg --verify file-10.4.patch.asc + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-11.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-11.patch.asc +# gpg --verify file-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r328875 +releng/10.3/ r330569 +releng/10.4/ r330569 +stable/11/ r328874 +releng/11.1/ r330569 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLAmg/+Ls59X/iLsmZiRvMiqfxI78P7FYuvTZ/6It0oaElmbswoaIDs3NF1c+II +lcKYwFyXPs4ge/9P4k4pz9bWN7IZcMlGuzDalWSpywF2y3I/6zCNOU2Xyzz4LLVx +wrLuWbTYqXFq6bgYsT8BBOANIadH5tjCfvO7DXOtRHyfUK5DJqsT+xMyv6R4Kncv +VnwjyBNkutT/kAkWYYdqJYLR7uhW2NmVk/57Un6lnGxsLUMgfL8jxzsTlGOa90q9 +0fmGVTwkHxqfxqVSd9+lymISuuw4pg2Ar8bY0AKzMjhQTVMhEtLEsn0N+VbLg6Ns +6HCuPsYwDtGLJ8hd44JPCfbzxzOAW08flUwgu1U5E4e+sUIlKMTOhKxt/HrH+JFk +OyzLDytuv2364lMepThzO4++vWZkErxfa5uJFjjrax5w+WECyEddrUJG3HovOxMd +YXD/dBSulgxaAgVQLXhn1AI+BUR5rD59wsmi6rEYFDXhAfTxNtrHXp1vIoHiW4CO +a8jVPHfFcSuNzLfi+hE/QV8q2RWVOseYlOey0vme4h0upzi3HKQ8WPvUQUrHmDLw +D0Hmr6m9PpyoKFnh2UlM4RiEMf3RO4o4nkRHzPp40LPawzmOmilSmPwv/HasBe2z +X49GD/ortXLxn7UmGqjkIEApOo9me8lHxCYtODQC73BwZdFNrP4= +=PpWQ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-18:01.ipsec Security Advisory + The FreeBSD Project + +Topic: ipsec validation and use-after-free + +Category: core +Module: ipsec +Announced: 2018-03-07 +Credits: Maxime Villard +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE) + 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE) + 2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2018-6916 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The IPsec suite of protocols provide network level security for IPv4 and IPv6 +packets. FreeBSD includes software originally developed by the KAME project +which implements the various protocols that make up IPsec. + +In IPsec, the IP Authentication Header (AH) is used to provide protection +against replay attacks and connectionless integrity and data origin +authentication for IP datagrams. + +II. Problem Description + +Due to a lack of strict checking, an attacker from a trusted host can +send a specially constructed IP packet that may lead to a system crash. + +Additionally, a use-after-free vulnerability in the AH handling code could +cause unpredictable results. + +III. Impact + +Access to out of bounds or freed mbuf data can lead to a kernel panic or +other unpredictable results. + +IV. Workaround + +No workaround is available, but systems not using IPsec are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +And reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +And reboot the system + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.x] +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch.asc +# gpg --verify ipsec-10.patch.asc + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch.asc +# gpg --verify ipsec-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r330565 +releng/10.3/ r330566 +releng/10.4/ r330566 +stable/11/ r329907 +releng/11.1/ r330566 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR +VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh +ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC +SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F +bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+ +p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5 +pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw +uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs +hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/ +RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q +bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I= +=Uzqo +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,200 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-18:02.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities of ntp + +Category: contrib +Module: ntp +Announced: 2018-03-07 +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE) + 2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE) + 2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, + CVE-2018-7183 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +The ctl_getitem() function is used by ntpd(8) to process incoming "mode 6" +packets. A malicious "mode 6" packet can be sent to an ntpd instance, and +if the ntpd instance is from 4.2.8p6 through 4.2.8p10, ctl_getitem() will +read past the end of its buffer. [CVE-2018-7182] + +The ntpd(8) service can be vulnerable to Sybil attacks. If a system is +configured to use a trustedkey and if one is not using the feature introduced +in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify +which IPs can serve time, a malicious authenticated peer, i.e., one where the +attacker knows the private symmetric key, can create arbitrarily-many +ephemeral associations in order to win the clock selection of ntpd and modify +a victim's clock. [CVE-2018-7170] + +The fix for NtpBug2952 was incomplete, and while it fixed one problem it +created another. Specifically, it drops bad packets before updating the +"received" timestamp. This means a third-party can inject a packet with +a zero-origin timestamp, meaning the sender wants to reset the association, +and the transmit timestamp in this bogus packet will be saved as the most +recent "received" timestamp. The real remote peer does not know this +value and this will disrupt the association until the association resets. +[CVE-2018-7184] + +The NTP Protocol allows for both non-authenticated and authenticated +associations, in client/server, symmetric (peer), and several broadcast +modes. In addition to the basic NTP operational modes, symmetric mode and +broadcast servers can support an interleaved mode of operation. In +ntp-4.2.8p4, a bug was inadvertently introduced into the protocol engine that +allows a non-authenticated zero-origin (reset) packet to reset an +authenticated interleaved peer association. If an attacker can send a packet +with a zero-origin timestamp and the source IP address of the "other side" of +an interleaved association, the 'victim' ntpd will reset its association. +The attacker must continue sending these packets in order to maintain the +disruption of the association. [CVE-2018-7185] + +The ntpq(8) utility is a monitoring and control program for ntpd. The +internal decodearr() function of ntpq(8) that is used to decode an array in +a response string when formatted data is being displayed. This is a problem +in affected versions of ntpq if a maliciously-altered ntpd returns an array +result that will trip this bug, or if a bad actor is able to read an ntpq(8) +request on its way to a remote ntpd server and forge and send a response +before the remote ntpd sends its response. It is potentially possible that +the malicious data could become injectable/executable code. [CVE-2017-7183] + +III. Impact + +Malicious remote attackers may be able to break time synchornization, +or cause the ntpq(8) utility to crash. + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) or ntpq(8) are +not affected. Network administrators are advised to implement BCP-38 which +helps to reduce risk associated with the attacks. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-11.1.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-11.1.patch.asc +# gpg --verify ntp-11.1.patch.asc + +[FreeBSD 10.4] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.4.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.4.patch.asc +# gpg --verify ntp-10.4.patch.asc + +[FreeBSD 10.3] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.3.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.3.patch.asc +# gpg --verify ntp-10.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r330141 +releng/10.3/ r330567 +releng/10.4/ r330567 +stable/11/ r330106 +releng/11.1/ r330567 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + + + + + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL9GQ/+PLffyegsvxKngL83XWG9UuHbcGG5aWbNwCecTEzNoCI72TI03aga0ge5 +iLz5kW3SQvl8tsq778U4YbfFcCw6ifq2ws8asqNviv+u4AcJh7oD8CS3/kFuA9xM +zjAIrScdNR2taBJhBW3nwlb7RmDeKqydQ3OIxHVvs9Fj5Alc5ZEGezUjC2dueB+M +UdORg6GvHGMYQ+4AtBFRgZHAU3BFkwmgqsIICywYnUVH+AxKj34shs/pMMeJd/d9 +a+BIu/tUjAIlQp23VunNAfq7r2eZik9LOV8Y5l1Ww7+K1IwlwezxI+Iw18BMFEVn +L9baBY9RFh8v/yrZCBqUc7Prhs3ExU/lnAb05Va7TYeD4RXVmSU0jNXi/przN3y2 +PR7Z3JCm60mFKyp0/Hz2MmS1XPBVBrW4P6g9hH8TZmOHb2mZlK3zDXmil7HKp5DK +UhtMJpPEWV9k5rfP8iijHJnwkPr0ALntMUAAKUyw/6isVtHT6BZLaYsZvRYIm8YY +Mn2RUl74m+XoIhQ8R4mxRcaAHwKKXyeyP5nlAs6TQVb9QJukoRiNDr3g8TwbtT54 +iTswVu+z/a89/YIwJoc6Ud7eCZSDYe6qfuC19TVuledayjjy/ZPMH0ZkNWFWJ3AE +VAvdyvoUuNbmsv42o4AUtpE/1CmDqOjwBRZZbtV4CONCDFpk26o= +=D2ov +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhhBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIvlxAAhTIfNoLtwN+UJxpf6IX74iSYuN2xgaF5qm8iJ2Zhox+ix7EnPDzla9As +xnyuprVjU07f5JrkI2N49bf8axp4txLRkxcdm8yfin/M+XPMjcWhjG+iqwp0ipOn +qF2hHTSm70AREzZe9Lo5shQtVbotGG4yUxnb/M5+MYfhSFGBR//YF9p3kmVd7tPA +TuU7x4W7d4EbBoHBsVZb1q/Zei0ksCutg2Y0Jk8b+zjsdeFHP8sv5XyTFibZfTyg +Se64DVvwxoctZuucdnf+b83C6P2dH5m6MQC8TTK8BkHnRJALfxrlV+pwiBeJrqWZ +EMlKv6ZYoaRut1DbEIcY5ddNEajrbRB/uK8M/RNVdlw9ykE9nUqHozs8ZgAcj+EV +IQJIvKK9t11tZ5V+0Ctu6EYPXVxmmmiIWG5HA/bD5BjYuGxpf8tpLgVysUW89mYd +XP1cbWdXXSlb1bz2Op7PrsErI9K1tzB117i7DPNby1Pe6C0y7Oz8e6Dq5/hvxgAT +hvHAOPOonIZrJiQUxKPFW4fUdClJU9v2Xz4TjiBbCSOBaZNa03Nhzo+Scw+ZpwvC +BRketOTM/Vc8jmVP5gk3ROG8q1VUeBtO23iZTuYJIu5ON6EnMBf2xOBEGfqu3Nho +GSSteXDAAWLXT2G484IVDLESQheeugLuIQOMTJaBIlqkvbU6MhE= +=/Wzs +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-10.3.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-10.3.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmlfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKL4BAAo/it8SSAmCG+oS/VgCuPNDw6zOIM9qDEA5X5jWxp/uOMlCpQOuKlzOgf +qaOGfGPAoTkKPQnmCnDWIwYJWVkTRVnNi7qkKUMg3pBLCsc0HHcBhe3jsfBgfQYl +J4nJvSz3mc3+tBm0C4idX/fprzZhBNJXQ2lgxzsBPK6+DWXyBCWVyjEllIttynky +lYkPnUPRxl75Cbd0XtzDZKROobpJkch9RQnkcEHmn63QSzjHovqYdtUalJVBYGJy +yGie3CmEeYymUxjMnDowZtJJXXttzySyJwwRaRohEDf46sDDIdZaDL3Qp1hUfDH8 +16Op/fTSSUdEgL4Xoxil2oQ/9hT4VbE1pYKqHdB1Ii35KXpceNIV3PHYf5PmVt37 +2i8VUGrfBUtbpE71dPmVZ9pTw/3tsmVHFzBm5d4+qqcfgrTeyWLyQwISfsq3Wmj6 +swUmOUFGXn+P7lRrUXR+3NppwCT3J4hOrvq3/PMScsP+toSsa7ibbtjDr0ssUcv0 +IduTu22+OpKF+qxT1+17Se8Jcv30HngzEAERdICexqM76KtsA00lUGuWH4pzF4ta +uWSq3x8M93p+CO0HxEKnA3fR6hNazJsqvo8CX6oUgrjX2hKqMTsiWKkwKeTAbEVO +R3KWVB5fAXMxaLtIz3/iBZ11x+aSiWQr+N1UHOzjt/iUg/fYad0= +=l4Y6 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-10.4.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-10.4.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIUYA/6Aky+p3kYOQx1W6Xl3QmOEzy1sTc9kBXHbOgilyYzwC9qh0JLC1xCz1he +S06EG6BCoJCJ460FAb7qIG4KRREwyc5zHoWRlNfzfoGB+ablScZzJ7fGP25Rgtv0 +WvwObJwQQI/qL4xT/LsYgDzD5p1Qq6c81NzmArGpqMu7LCV9MwvS9aTqDVsqmIyV +mmrQAFYUrObVeFAYEAF6YbmsQCAygt/LwmoJNbD7cT+gnJXjf0tkdReEKFR+WGdI +X7a2xKSvNshPGOCNrOzDd25VpibgM3vEqaZx3AVTDjBX0TQQdrCsWVrd4pFvE7Nv +rCqJ/JwhtYT6ZrQnPpPEIVVw02KZX1XVzjBDEhSyOWkJ02zS4vIv5qWzedRCe1Oc +C4qHrB6tZTfXBjv/3wAbiZWlhObaWSOvfQSvnwdPP71mAXauId56xB/Nd8vbP0yP +oYuvtrPhX375wwph66zwjh1Qv6CxMelHmcPfKeiJUeewIOno2oOc0+fvPEAt4ONy +TH9ih92JxWpftq/EYjclQW5qQRIDUAquBh/RoFMJFD2PhATz/XwCdd574Wnl4sv8 +C+k/vhnNSD4TG8Zv8Pn6A8KQZeK3WU8oTvnVjJTOmjap60L1TiSHqToC0kb9Fufz +T/TEFlUPhmjpyUurF4ro3tyxfKI5hZl/9bF57nEssd18qeyO2AY= +=my4y +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-11.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIUYA/6Aky+p3kYOQx1W6Xl3QmOEzy1sTc9kBXHbOgilyYzwC9qh0JLC1xCz1he +S06EG6BCoJCJ460FAb7qIG4KRREwyc5zHoWRlNfzfoGB+ablScZzJ7fGP25Rgtv0 +WvwObJwQQI/qL4xT/LsYgDzD5p1Qq6c81NzmArGpqMu7LCV9MwvS9aTqDVsqmIyV +mmrQAFYUrObVeFAYEAF6YbmsQCAygt/LwmoJNbD7cT+gnJXjf0tkdReEKFR+WGdI +X7a2xKSvNshPGOCNrOzDd25VpibgM3vEqaZx3AVTDjBX0TQQdrCsWVrd4pFvE7Nv +rCqJ/JwhtYT6ZrQnPpPEIVVw02KZX1XVzjBDEhSyOWkJ02zS4vIv5qWzedRCe1Oc +C4qHrB6tZTfXBjv/3wAbiZWlhObaWSOvfQSvnwdPP71mAXauId56xB/Nd8vbP0yP +oYuvtrPhX375wwph66zwjh1Qv6CxMelHmcPfKeiJUeewIOno2oOc0+fvPEAt4ONy +TH9ih92JxWpftq/EYjclQW5qQRIDUAquBh/RoFMJFD2PhATz/XwCdd574Wnl4sv8 +C+k/vhnNSD4TG8Zv8Pn6A8KQZeK3WU8oTvnVjJTOmjap60L1TiSHqToC0kb9Fufz +T/TEFlUPhmjpyUurF4ro3tyxfKI5hZl/9bF57nEssd18qeyO2AY= +=my4y +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:01/ipsec-10.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-10.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas +wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa +eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv +n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO +IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo +Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX +GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ +6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I +3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA +GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd +HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc= +=9maD +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:01/ipsec-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-11.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLA2g/5AVOghpXVRDHm4763KS/M3PudEMuXyZfeRYB9pg1KyQOffJvIrTlIYcel +tJA+bf1AbQ9cawmV/vXaEJAY8weBSSrQcmn2ixlygb1dBc2HVxeQgiI9rcBSCs0M +LcHpEke2oKsqqmAbIUjRlfA5zEwBtWjI93bpDALsdqR0gLMqPOaK7aixVdnfjF9a +LWMnpQvOQto0klCNBoItsJn90FR9PtkcnyftnsI1nPV/bTszFmGL3tDHWMTV88bo +p+fZLayXX2Axcxy0FZl1p1Ufh2FmOkipR9c/i1KF6qqhPB7Y9INutJime3vuwLBQ +LVPLpH5gJwktKdRQIpkH4FMzGkA6vlXzNYV4W7oV7YCjUhV5ZzxiGOtMtU/K2RWE +kyA7mueqN3rh530EZ+ot1XiQkVCDHe/CHxxMjfs8wWkcLEUllIEma8toFvLqa3pE +qGAaQG54owj7MuZfs5TAYJsZmZ4FAcTpyC6zf5cOOTRdy786T206j04ID1tAzsbx +HcITdMnxRCKOKOzZXBpad4zwxnPHhZfuJ/mIG4IAYVJkiGlimdQ2V2E3h5TqSxKP +df+XFc21ESmy1EuWuZ6su1qQmLrPoJFqor/lJ/tSR4V8SuSUjRmB8YX8/3NZHCuK +eBE3uCX9Sm+Ef3b0En6izidwLZiSR+E/iNSvuftU75J0AB2SI/w= +=ZkFm +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-10.3.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-10.3.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKJxRAAhyl9KM4ZY0lA6JpeYUu8xRAu2cskH7c4jydBhIkjSl/vW31+R12IWiCO +oql6km8dSpLKXEbWKDxJPIlUHjZVTQNxJpv4Hlee+IFH2y/0xQ6Dx1nn8HE8xl23 +j62wCtJcHTorShWZXWLo4Jb+0mi91c8LZ8SO3XwXqfULfj0XLtilKVH/Sv4/58KC +csYmyGf3gQwPD/lWyMCH5r7/zdoHv3tJDM2klhDY4Wf2jFKtVj68iu5cTaco6saV +lxnbxTSX1r2SbZi3uIhJBgUKdJHuI6l4p/F0SwdDXu6tBWfYNF/ul1ZjCgFM28yA +fiXuHa+KQlxzkNnQ4RxMD+Wtw83WADGabFfzTBXmVbdGKt8gAd9l81c3HohQgDQw +dRSZmHq/QR8kFNQfBixo+JgzqLFgM6lryrPoVBo5Oh8MEmKY9796YJt2932Ki6BA +ctkIaoRuBERPTYtjE30zMaVkeQY8UEQjVAw4aoTHglUFEddAilY1/bRL3psL3I3U +YN4wnbL1QqAwnicFE2r43iGr+eYn5jXm9dwAf31E2al4/2yQxrSa/Lc6GyH1jeC6 +KNZ9shnhKhyK8Azk7p8mKWL2t557GMdX7tzU7tJ5I6pOF9d+OChcnQ6Gtu2EJ7wP +uf4CKXSLsu9J2Xiwig9X8MFQA2TfxCg8q1I/JucRGLbbRxzxEq8= +=iYV1 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-10.4.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-10.4.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK/dRAAk2pm/ZGwjquO0bC93OyWgdqzraNBTWl1QuHa3w4g3dDuJ0zOVyWe1fMf +YQLItXv57xjA14FUdNorz/0Zb0Sd8X+hE6adghHtoP00mdYxAGlTQlmn73T1hwHs +k633aBdp3gJ0R87fspeBl6nZNhrIN4Th273U7VTrQOh2RTY90KkFS1GZGIFFVeOc +dhxcJS4pYdggoH4SIVnhyGmRtdy4UINit2QgBI7IH8JqZQXWKkYWKhvEBTRs+BbF +RzxWUSRrZtfW1IBJ0u0+g0b8tFAexNt3xgRxOxTguAGcQ/AjrWmt6Tic/T5i65gl ++Jny0XdH67n66IZk5G2qUHYvGcaEw7vCjzRPGyKMYCt57LbBt1dxDFrm0Se1D7vI +T/UPHSgkACp+LurkWNsykGFyG+WIecQq+MyHjt6cE2IXZVVzmE6v6XfMMQcuUlq2 +6Box2Y/1fS+A6B9fN7uD1lsSicHMZ1m03UH9t4dsMqrrwlorki8+6FV88Kalf2Mb +xqaxaPhg7VJlDZ8SVqUJMRHwiaig2b5U75E+WzSyl13KUCbWnrM71ndG9q+2Pujl +n9G3oUQ5cR9cFV0Ow5br/+XLyQn1saP+ipQ9U04KC2pq1XIGRX1BJV+l2Ijz3O5B +Tj96N/g6yOwbqmZo102kJSwIGEXImscKBXRT7+ldOoHoFCJ1jYE= +=fnry +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-11.1.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-11.1.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKuYBAAn/SwhJm6JonngCaPLNI/Ak8y8layW2KJGQ01wJBntFDbiIScGe+SMfUm +KpeKCtzrwyWxs+8kAEaDgpclovFD7pMSKcPMROC4z1TK9cHgZxY5naWnUnKMl0j2 +XSSbqCg+w3KYJSbDo2bkF/yJEM8nkS2Cj0pTNHvUvIyAE5Ph6mAQcX38uDUUJhg2 +R3AVFY5SKBW0v3ZMcmOTPmj6IjLe59cZh9qgbmY6f4wJx8ywAawkjRNHyf2w9z7O +jdgqFfVU8fYl9r4/whKkqyPk3HbjqPPoq3YZ4uX4DpkMFBixwpitG1C8oRRRTEgc +MW5Manq4PYXeC7zX9cRPAn66sjWoZQN3R41JHCGN9YxzSpZEK9oIp6XnO9i22KzE +RUMU+CXaT2OAmdjIHXB+GpxRzq1WGFbsYfRGTAkdxi4uDc12YCzumCXKFXhuqne9 +G1tfDWk091DbFlRJFB6w44Bq4/t3PEETAJKrrJRDyGWBp38/D9Kzwxuf/LzYFGv6 +Ip3ccbXkbDNafE4JOgK0VjWfRgHfeSG1VVMhdGGhHPnw7vTl0NW82XVUmaS2mMUm +9CY/5dYq/d9MIgZybg7xrBKHfbazI5IWK0cdmHfYvPL5rSrdtmNJgTa6zJ4Hw1d9 +In40AnGJFBKSdCkcW1itABPIKYGHtwbISI251TaVJSgj6TweOFI= +=OQFZ +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Mar 6 12:55:31 2018 (r51462) +++ head/share/xml/advisories.xml Wed Mar 7 06:45:08 2018 (r51463) @@ -5,6 +5,26 @@ + 2018 + + + 3 + + + 7 + + + FreeBSD-SA-18:01.ipsec + + + + FreeBSD-SA-18:02.ntp + + + + + + 2017 Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Mar 6 12:55:31 2018 (r51462) +++ head/share/xml/notices.xml Wed Mar 7 06:45:08 2018 (r51463) @@ -5,6 +5,26 @@ + 2018 + + + 3 + + + 7 + + + FreeBSD-EN-18:01.tzdata + + + + FreeBSD-EN-18:02.file + + + + + + 2017 From owner-svn-doc-all@freebsd.org Wed Mar 7 07:08:39 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1B6EF32055; Wed, 7 Mar 2018 07:08:39 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 364BC81F7F; Wed, 7 Mar 2018 07:08:39 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 313EF1E27F; Wed, 7 Mar 2018 07:08:39 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2778dnT022965; Wed, 7 Mar 2018 07:08:39 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2778cLJ022963; Wed, 7 Mar 2018 07:08:38 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803070708.w2778cLJ022963@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 07:08:38 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51464 - head/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: head/share/xml X-SVN-Commit-Revision: 51464 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 07:08:39 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 07:08:38 2018 New Revision: 51464 URL: https://svnweb.freebsd.org/changeset/doc/51464 Log: Switch order of the SA and EN in the xml to sort properly. Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Wed Mar 7 06:45:08 2018 (r51463) +++ head/share/xml/advisories.xml Wed Mar 7 07:08:38 2018 (r51464) @@ -14,12 +14,13 @@ 7 - FreeBSD-SA-18:01.ipsec + FreeBSD-SA-18:02.ntp - FreeBSD-SA-18:02.ntp + FreeBSD-SA-18:01.ipsec + Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Wed Mar 7 06:45:08 2018 (r51463) +++ head/share/xml/notices.xml Wed Mar 7 07:08:38 2018 (r51464) @@ -14,12 +14,13 @@ 7 - FreeBSD-EN-18:01.tzdata + FreeBSD-EN-18:02.file - FreeBSD-EN-18:02.file + FreeBSD-EN-18:01.tzdata + From owner-svn-doc-all@freebsd.org Wed Mar 7 14:54:42 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2275F33985; Wed, 7 Mar 2018 14:54:41 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 844F77874F; Wed, 7 Mar 2018 14:54:41 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7ADCA22D76; Wed, 7 Mar 2018 14:54:41 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27Esf6j058134; Wed, 7 Mar 2018 14:54:41 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27Esfhp058132; Wed, 7 Mar 2018 14:54:41 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803071454.w27Esfhp058132@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 14:54:41 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51465 - in head/share/security/patches: EN-18:01 EN-18:02 X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share/security/patches: EN-18:01 EN-18:02 X-SVN-Commit-Revision: 51465 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:54:42 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 14:54:41 2018 New Revision: 51465 URL: https://svnweb.freebsd.org/changeset/doc/51465 Log: Add actual patches to the doc repo. This would probably help. Approved by: so Added: head/share/security/patches/EN-18:01/tzdata-2018c.patch (contents, props changed) head/share/security/patches/EN-18:02/file-10.3.patch (contents, props changed) head/share/security/patches/EN-18:02/file-10.4.patch (contents, props changed) head/share/security/patches/EN-18:02/file-11.patch (contents, props changed) Added: head/share/security/patches/EN-18:01/tzdata-2018c.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:01/tzdata-2018c.patch Wed Mar 7 14:54:41 2018 (r51465) @@ -0,0 +1,1459 @@ +--- contrib/tzdata/Makefile.orig ++++ contrib/tzdata/Makefile +@@ -42,37 +42,64 @@ + # Also see TZDEFRULESTRING below, which takes effect only + # if the time zone files cannot be accessed. + +-# Everything gets put in subdirectories of. . . + +-TOPDIR= /usr/local ++# Installation locations. ++# ++# The defaults are suitable for Debian, except that if REDO is ++# posix_right or right_posix then files that Debian puts under ++# /usr/share/zoneinfo/posix and /usr/share/zoneinfo/right are instead ++# put under /usr/share/zoneinfo-posix and /usr/share/zoneinfo-leaps, ++# respectively. Problems with the Debian approach are discussed in ++# the commentary for the right_posix rule (below). + ++# Destination directory, which can be used for staging. ++# 'make DESTDIR=/stage install' installs under /stage (e.g., to ++# /stage/etc/localtime instead of to /etc/localtime). Files under ++# /stage are not intended to work as-is, but can be copied by hand to ++# the root directory later. If DESTDIR is empty, 'make install' does ++# not stage, but installs directly into production locations. ++DESTDIR = ++ ++# Everything is installed into subdirectories of TOPDIR, and used there. ++# TOPDIR should be empty (meaning the root directory), ++# or a directory name that does not end in "/". ++# TOPDIR should be empty or an absolute name unless you're just testing. ++TOPDIR = ++ ++# The default local time zone is taken from the file TZDEFAULT. ++TZDEFAULT = $(TOPDIR)/etc/localtime ++ ++# The subdirectory containing installed program and data files, and ++# likewise for installed files that can be shared among architectures. ++# These should be relative file names. ++USRDIR = usr ++USRSHAREDIR = $(USRDIR)/share ++ + # "Compiled" time zone information is placed in the "TZDIR" directory + # (and subdirectories). +-# Use an absolute path name for TZDIR unless you're just testing the software. + # TZDIR_BASENAME should not contain "/" and should not be ".", ".." or empty. +- + TZDIR_BASENAME= zoneinfo +-TZDIR= $(TOPDIR)/etc/$(TZDIR_BASENAME) ++TZDIR = $(TOPDIR)/$(USRSHAREDIR)/$(TZDIR_BASENAME) + +-# Types to try, as an alternative to time_t. int64_t should be first. +-TIME_T_ALTERNATIVES= int64_t int32_t uint32_t uint64_t ++# The "tzselect" and (if you do "make INSTALL") "date" commands go in: ++BINDIR = $(TOPDIR)/$(USRDIR)/bin + +-# The "tzselect", "zic", and "zdump" commands get installed in. . . ++# The "zdump" command goes in: ++ZDUMPDIR = $(BINDIR) + +-ETCDIR= $(TOPDIR)/etc ++# The "zic" command goes in: ++ZICDIR = $(TOPDIR)/$(USRDIR)/sbin + +-# If you "make INSTALL", the "date" command gets installed in. . . +- +-BINDIR= $(TOPDIR)/bin +- + # Manual pages go in subdirectories of. . . ++MANDIR = $(TOPDIR)/$(USRSHAREDIR)/man + +-MANDIR= $(TOPDIR)/man +- + # Library functions are put in an archive in LIBDIR. ++LIBDIR = $(TOPDIR)/$(USRDIR)/lib + +-LIBDIR= $(TOPDIR)/lib + ++# Types to try, as an alternative to time_t. int64_t should be first. ++TIME_T_ALTERNATIVES = int64_t int32_t uint32_t uint64_t ++ + # If you want only POSIX time, with time values interpreted as + # seconds since the epoch (not counting leap seconds), use + # REDO= posix_only +@@ -105,11 +132,14 @@ + TZDATA_TEXT= leapseconds tzdata.zi + + # For backward-compatibility links for old zone names, use ++# BACKWARD= backward ++# If you also want the link US/Pacific-New, even though it is confusing ++# and is planned to be removed from the database eventually, use + # BACKWARD= backward pacificnew + # To omit these links, use + # BACKWARD= + +-BACKWARD= backward pacificnew ++BACKWARD= backward + + # If you want out-of-scope and often-wrong data from the file 'backzone', use + # PACKRATDATA= backzone +@@ -313,7 +343,7 @@ + + # How to use zic to install tz binary files. + +-ZIC_INSTALL= $(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS) ++ZIC_INSTALL= $(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS) + + # The name of a Posix-compliant 'awk' on your system. + AWK= awk +@@ -341,8 +371,8 @@ + VALIDATE = nsgmls + VALIDATE_FLAGS = -s -B -wall -wno-unused-param + VALIDATE_ENV = \ +- SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \ +- SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \ ++ SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ ++ SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ + SP_CHARSET_FIXED=YES \ + SP_ENCODING=UTF-8 + +@@ -396,7 +426,7 @@ + #MAKE= make + + cc= cc +-CC= $(cc) -DTZDIR=\"$(TZDIR)\" ++CC= $(cc) -DTZDIR='"$(TZDIR)"' + + AR= ar + +@@ -421,18 +451,19 @@ + date.1.txt + COMMON= calendars CONTRIBUTING LICENSE Makefile \ + NEWS README theory.html version +-WEB_PAGES= tz-art.htm tz-how-to.html tz-link.htm ++WEB_PAGES= tz-art.html tz-how-to.html tz-link.html + DOCS= $(MANS) date.1 $(MANTXTS) $(WEB_PAGES) + PRIMARY_YDATA= africa antarctica asia australasia \ + europe northamerica southamerica +-YDATA= $(PRIMARY_YDATA) etcetera $(BACKWARD) ++YDATA= $(PRIMARY_YDATA) etcetera + NDATA= systemv factory +-TDATA= $(YDATA) $(NDATA) ++TDATA_TO_CHECK= $(YDATA) $(NDATA) backward pacificnew ++TDATA= $(YDATA) $(NDATA) $(BACKWARD) + ZONETABLES= zone1970.tab zone.tab + TABDATA= iso3166.tab $(TZDATA_TEXT) $(ZONETABLES) + LEAP_DEPS= leapseconds.awk leap-seconds.list +-TZDATA_ZI_DEPS= zishrink.awk $(TDATA) $(PACKRATDATA) +-DATA= $(YDATA) $(NDATA) backzone iso3166.tab leap-seconds.list \ ++TZDATA_ZI_DEPS= zishrink.awk version $(TDATA) $(PACKRATDATA) ++DATA= $(TDATA_TO_CHECK) backzone iso3166.tab leap-seconds.list \ + leapseconds yearistype.sh $(ZONETABLES) + AWK_SCRIPTS= checklinks.awk checktab.awk leapseconds.awk zishrink.awk + MISC= $(AWK_SCRIPTS) zoneinfo2tdf.pl +@@ -457,7 +488,7 @@ + newctime.3 newstrftime.3 newtzset.3 northamerica \ + pacificnew private.h \ + southamerica strftime.c systemv theory.html \ +- time2posix.3 tz-art.htm tz-how-to.html tz-link.htm \ ++ time2posix.3 tz-art.html tz-how-to.html tz-link.html \ + tzfile.5 tzfile.h tzselect.8 tzselect.ksh \ + workman.sh yearistype.sh \ + zdump.8 zdump.c zic.8 zic.c \ +@@ -473,35 +504,41 @@ + ALL: all date $(ENCHILADA) + + install: all $(DATA) $(REDO) $(MANS) +- mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \ +- $(DESTDIR)$(LIBDIR) \ +- $(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \ +- $(DESTDIR)$(MANDIR)/man8 +- $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) +- cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/. +- cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/. +- cp libtz.a $(DESTDIR)$(LIBDIR)/. +- $(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a +- cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/. +- cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/. +- cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/. ++ mkdir -p '$(DESTDIR)$(BINDIR)' \ ++ '$(DESTDIR)$(ZDUMPDIR)' '$(DESTDIR)$(ZICDIR)' \ ++ '$(DESTDIR)$(LIBDIR)' \ ++ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ ++ '$(DESTDIR)$(MANDIR)/man8' ++ $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) \ ++ -t '$(DESTDIR)$(TZDEFAULT)' ++ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' ++ cp tzselect '$(DESTDIR)$(BINDIR)/.' ++ cp zdump '$(DESTDIR)$(ZDUMPDIR)/.' ++ cp zic '$(DESTDIR)$(ZICDIR)/.' ++ cp libtz.a '$(DESTDIR)$(LIBDIR)/.' ++ $(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a' ++ cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.' ++ cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.' ++ cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.' + + INSTALL: ALL install date.1 +- mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1 +- cp date $(DESTDIR)$(BINDIR)/. +- cp -f date.1 $(DESTDIR)$(MANDIR)/man1/. ++ mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1' ++ cp date '$(DESTDIR)$(BINDIR)/.' ++ cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.' + + version: $(VERSION_DEPS) + { (type git) >/dev/null 2>&1 && \ + V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \ + --abbrev=7 --dirty` || \ +- V=$(VERSION); } && \ ++ V='$(VERSION)'; } && \ + printf '%s\n' "$$V" >$@.out + mv $@.out $@ + + # This file can be tailored by setting BACKWARD, PACKRATDATA, etc. + tzdata.zi: $(TZDATA_ZI_DEPS) +- LC_ALL=C $(AWK) -f zishrink.awk $(TDATA) $(PACKRATDATA) >$@.out ++ version=`sed 1q version` && \ ++ LC_ALL=C $(AWK) -v version="$$version" -f zishrink.awk \ ++ $(TDATA) $(PACKRATDATA) >$@.out + mv $@.out $@ + + version.h: version +@@ -529,12 +566,13 @@ + # Arguments to pass to submakes of install_data. + # They can be overridden by later submake arguments. + INSTALLARGS = \ +- BACKWARD=$(BACKWARD) \ +- DESTDIR=$(DESTDIR) \ ++ BACKWARD='$(BACKWARD)' \ ++ DESTDIR='$(DESTDIR)' \ + LEAPSECONDS='$(LEAPSECONDS)' \ + PACKRATDATA='$(PACKRATDATA)' \ +- TZDIR=$(TZDIR) \ +- YEARISTYPE=$(YEARISTYPE) \ ++ TZDEFAULT='$(TZDEFAULT)' \ ++ TZDIR='$(TZDIR)' \ ++ YEARISTYPE='$(YEARISTYPE)' \ + ZIC='$(ZIC)' + + # 'make install_data' installs one set of tz binary files. +@@ -558,16 +596,16 @@ + # You must replace all of $(TZDIR) to switch from not using leap seconds + # to using them, or vice versa. + right_posix: right_only +- rm -fr $(DESTDIR)$(TZDIR)-leaps +- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \ +- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only +- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only ++ rm -fr '$(DESTDIR)$(TZDIR)-leaps' ++ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \ ++ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only ++ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only + + posix_right: posix_only +- rm -fr $(DESTDIR)$(TZDIR)-posix +- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \ +- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only +- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only ++ rm -fr '$(DESTDIR)$(TZDIR)-posix' ++ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \ ++ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only ++ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only + + # This obsolescent rule is present for backwards compatibility with + # tz releases 2014g through 2015g. It should go away eventually. +@@ -633,7 +671,7 @@ + $(MISC) $(SOURCES) $(WEB_PAGES) \ + CONTRIBUTING LICENSE Makefile README \ + version tzdata.zi && \ +- ! grep -Env $(SAFE_SHARP_LINE) $(TDATA) backzone \ ++ ! grep -Env $(SAFE_SHARP_LINE) $(TDATA_TO_CHECK) backzone \ + leapseconds yearistype.sh zone.tab && \ + ! grep -Env $(OK_LINE) $(ENCHILADA); \ + } +@@ -641,14 +679,16 @@ + check_white_space: $(ENCHILADA) + patfmt=' \t|[\f\r\v]' && pat=`printf "$$patfmt\\n"` && \ + ! grep -En "$$pat" $(ENCHILADA) +- ! grep -n '[[:space:]]$$' $(ENCHILADA) ++ ! grep -n '[[:space:]]$$' \ ++ $$(ls $(ENCHILADA) | grep -Fvx leap-seconds.list) + + PRECEDES_FILE_NAME = ^(Zone|Link[[:space:]]+[^[:space:]]+)[[:space:]]+ + FILE_NAME_COMPONENT_TOO_LONG = \ + $(PRECEDES_FILE_NAME)[^[:space:]]*[^/[:space:]]{15} + +-check_name_lengths: $(TDATA) backzone +- ! grep -En '$(FILE_NAME_COMPONENT_TOO_LONG)' $(TDATA) backzone ++check_name_lengths: $(TDATA_TO_CHECK) backzone ++ ! grep -En '$(FILE_NAME_COMPONENT_TOO_LONG)' \ ++ $(TDATA_TO_CHECK) backzone + + CHECK_CC_LIST = { n = split($$1,a,/,/); for (i=2; i<=n; i++) print a[1], a[i]; } + +@@ -662,8 +702,8 @@ + $(AWK) '/^[^#]/ $(CHECK_CC_LIST)' zone1970.tab | \ + LC_ALL=C sort -cu + +-check_links: checklinks.awk $(TDATA) +- $(AWK) -f checklinks.awk $(TDATA) ++check_links: checklinks.awk $(TDATA_TO_CHECK) ++ $(AWK) -f checklinks.awk $(TDATA_TO_CHECK) + $(AWK) -f checklinks.awk tzdata.zi + + check_tables: checktab.awk $(PRIMARY_YDATA) $(ZONETABLES) +@@ -764,12 +804,12 @@ + + check_public: + $(MAKE) maintainer-clean +- $(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL ++ $(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL + mkdir -p public.dir +- for i in $(TDATA) tzdata.zi; do \ ++ for i in $(TDATA_TO_CHECK) tzdata.zi; do \ + $(zic) -v -d public.dir $$i 2>&1 || exit; \ + done +- $(zic) -v -d public.dir $(TDATA) ++ $(zic) -v -d public.dir $(TDATA_TO_CHECK) + rm -fr public.dir + + # Check that the code works under various alternative +@@ -790,8 +830,11 @@ + REDO='$(REDO)' \ + install && \ + diff $$quiet_option -r \ +- time_t.dir/int64_t/etc/zoneinfo \ +- time_t.dir/$$type/etc/zoneinfo && \ ++ time_t.dir/int64_t/etc \ ++ time_t.dir/$$type/etc && \ ++ diff $$quiet_option -r \ ++ time_t.dir/int64_t/usr/share \ ++ time_t.dir/$$type/usr/share && \ + case $$type in \ + int32_t) range=-2147483648,2147483647;; \ + uint32_t) range=0,4294967296;; \ +@@ -800,9 +843,9 @@ + *) range=-10000000000,10000000000;; \ + esac && \ + echo checking $$type zones ... && \ +- time_t.dir/int64_t/etc/zdump -V -t $$range $$zones \ ++ time_t.dir/int64_t/usr/bin/zdump -V -t $$range $$zones \ + >time_t.dir/int64_t.out && \ +- time_t.dir/$$type/etc/zdump -V -t $$range $$zones \ ++ time_t.dir/$$type/usr/bin/zdump -V -t $$range $$zones \ + >time_t.dir/$$type.out && \ + diff -u time_t.dir/int64_t.out time_t.dir/$$type.out \ + || exit; \ +--- contrib/tzdata/NEWS.orig ++++ contrib/tzdata/NEWS +@@ -1,5 +1,147 @@ + News for the tz database + ++Release 2018c - 2018-01-22 23:00:44 -0800 ++ ++ Briefly: ++ Revert Irish changes that relied on negative DST offsets. ++ ++ Changes to tm_isdst ++ ++ Revert the 2018a change to Europe/Dublin. As before, this change ++ does not affect UT offsets or abbreviations; it affects only ++ whether timestamps are considered to be standard time or ++ daylight-saving time, as expressed in the tm_isdst flag of C's ++ struct tm type. This reversion is intended to be a temporary ++ workaround for problems discovered with downstream uses of ++ releases 2018a and 2018b, which implemented Irish time by using ++ negative DST offsets in the Eire rules of the 'europe' file. ++ Although negative DST offsets have been part of tzcode for many ++ years and are supported by many platforms, they were not ++ documented before 2018a and ICU and OpenJDK do not currently ++ support them. A mechanism to export data to platforms lacking ++ support for negative DST is planned to be developed before the ++ change is reapplied. (Problems reported by Deborah Goldsmith and ++ Stephen Colebourne.) ++ ++ Changes to past time stamps ++ ++ Japanese DST transitions (1948-1951) were Sundays at 00:00, not ++ Saturdays or Sundays at 02:00. (Thanks to Takayuki Nikai.) ++ ++ Changes to build procedure ++ ++ The build procedure now works around mawk 1.3.3's lack of support ++ for character class expressions. (Problem reported by Ohyama.) ++ ++ ++Release 2018b - 2018-01-17 23:24:48 -0800 ++ ++ Briefly: ++ Fix a packaging problem in tz2018a, which was missing 'pacificnew'. ++ ++ Changes to build procedure ++ ++ The distribution now contains the file 'pacificnew' again. ++ This file was inadvertantly omitted in the 2018a distribution. ++ (Problem reported by Matias Fonzo.) ++ ++ ++Release 2018a - 2018-01-12 22:29:21 -0800 ++ ++ Briefly: ++ São Tomé and Príncipe switched from +00 to +01. ++ Brazil's DST will now start on November's first Sunday. ++ Ireland's standard time is now in the summer, not the winter. ++ Use Debian-style installation locations, instead of 4.3BSD-style. ++ New zic option -t. ++ ++ Changes to past and future time stamps ++ ++ São Tomé and Príncipe switched from +00 to +01 on 2018-01-01 at ++ 01:00. (Thanks to Steffen Thorsen and Michael Deckers.) ++ ++ Changes to future time stamps ++ ++ Starting in 2018 southern Brazil will begin DST on November's ++ first Sunday instead of October's third Sunday. (Thanks to ++ Steffen Thorsen.) ++ ++ Changes to past time stamps ++ ++ A discrepancy of 4 s in timestamps before 1931 in South Sudan has ++ been corrected. The 'backzone' and 'zone.tab' files did not agree ++ with the 'africa' and 'zone1970.tab' files. (Problem reported by ++ Michael Deckers.) ++ ++ The abbreviation invented for Bolivia Summer Time (1931-2) is now ++ BST instead of BOST, to be more consistent with the convention ++ used for Latvian Summer Time (1918-9) and for British Summer Time. ++ ++ Changes to tm_isdst ++ ++ Change Europe/Dublin so that it observes Irish Standard Time (UT ++ +01) in summer and GMT (as negative daylight-saving) in winter, ++ instead of observing standard time (GMT) in winter and Irish ++ Summer Time (UT +01) in summer. This change does not affect UT ++ offsets or abbreviations; it affects only whether timestamps are ++ considered to be standard time or daylight-saving time, as ++ expressed in the tm_isdst flag of C's struct tm type. ++ (Discrepancy noted by Derick Rethans.) ++ ++ Changes to build procedure ++ ++ The default installation locations have been changed to mostly ++ match Debian circa 2017, instead of being designed as an add-on to ++ 4.3BSD circa 1986. This affects the Makefile macros TOPDIR, ++ TZDIR, MANDIR, and LIBDIR. New Makefile macros TZDEFAULT, USRDIR, ++ USRSHAREDIR, BINDIR, ZDUMPDIR, and ZICDIR let installers tailor ++ locations more precisely. (This responds to suggestions from ++ Brian Inglis and from Steve Summit.) ++ ++ The default installation procedure no longer creates the ++ backward-compatibility link US/Pacific-New, which causes ++ confusion during user setup (e.g., see Debian bug 815200). ++ Use 'make BACKWARD="backward pacificnew"' to create the link ++ anyway, for now. Eventually we plan to remove the link entirely. ++ ++ tzdata.zi now contains a version-number comment. ++ (Suggested by Tom Lane.) ++ ++ The Makefile now quotes values like BACKWARD more carefully when ++ passing them to the shell. (Problem reported by Zefram.) ++ ++ Builders no longer need to specify -DHAVE_SNPRINTF on platforms ++ that have snprintf and use pre-C99 compilers. (Problem reported ++ by Jon Skeet.) ++ ++ Changes to code ++ ++ zic has a new option -t FILE that specifies the location of the ++ file that determines local time when TZ is unset. The default for ++ this location can be configured via the new TZDEFAULT makefile ++ macro, which defaults to /etc/localtime. ++ ++ Diagnostics and commentary now distinguish UT from UTC more ++ carefully; see theory.html for more information about UT vs UTC. ++ ++ zic has been ported to GCC 8's -Wstringop-truncation option. ++ (Problem reported by Martin Sebor.) ++ ++ Changes to documentation and commentary ++ ++ The zic man page now documents the longstanding behavior that ++ times and years can be out of the usual range, with negative times ++ counting backwards from midnight and with year 0 preceding year 1. ++ (Problem reported by Michael Deckers.) ++ ++ The theory.html file now mentions the POSIX limit of six chars ++ per abbreviation, and lists alphabetic abbreviations used. ++ ++ The files tz-art.htm and tz-link.htm have been renamed to ++ tz-art.html and tz-link.html, respectively, for consistency with ++ other file names and to simplify web server configuration. ++ ++ + Release 2017c - 2017-10-20 14:49:34 -0700 + + Briefly: +@@ -895,8 +1037,8 @@ + (Thanks to Jon Skeet and Arthur David Olson.) Constraints on + simultaneity are now documented. + +- The two characters '%z' in a zone format now stand for the UTC +- offset, e.g., '-07' for seven hours behind UTC and '+0530' for ++ The two characters '%z' in a zone format now stand for the UT ++ offset, e.g., '-07' for seven hours behind UT and '+0530' for + five hours and thirty minutes ahead. This better supports time + zone abbreviations conforming to POSIX.1-2001 and later. + +@@ -1019,13 +1161,13 @@ + The spring 1988 transition was 1988-10-09, not 1988-10-02. + The fall 1990 transition was 1990-03-11, not 1990-03-18. + +- Assume no UTC offset change for Pacific/Easter on 1890-01-01, ++ Assume no UT offset change for Pacific/Easter on 1890-01-01, + and omit all transitions on Pacific/Easter from 1942 through 1946 + since we have no data suggesting that they existed. + + One more zone has been turned into a link, as it differed + from an existing zone only for older time stamps. As usual, +- this change affects UTC offsets in pre-1970 time stamps only. ++ this change affects UT offsets in pre-1970 time stamps only. + The zone's old contents have been moved to the 'backzone' file. + The affected zone is America/Montreal. + +@@ -1055,7 +1197,7 @@ + + Some more zones have been turned into links, when they differed + from existing zones only for older time stamps. As usual, +- these changes affect UTC offsets in pre-1970 time stamps only. ++ these changes affect UT offsets in pre-1970 time stamps only. + Their old contents have been moved to the 'backzone' file. + The affected zones are: America/Antigua, America/Cayman, + Pacific/Midway, and Pacific/Saipan. +@@ -1107,7 +1249,7 @@ + + Some more zones have been turned into links, when they differed + from existing zones only for older time stamps. As usual, +- these changes affect UTC offsets in pre-1970 time stamps only. ++ these changes affect UT offsets in pre-1970 time stamps only. + Their old contents have been moved to the 'backzone' file. + The affected zones are: Asia/Aden, Asia/Bahrain, Asia/Kuwait, + and Asia/Muscat. +@@ -1154,7 +1296,7 @@ + + Some more zones have been turned into links, when they differed + from existing zones only for older time stamps. As usual, +- these changes affect UTC offsets in pre-1970 time stamps only. ++ these changes affect UT offsets in pre-1970 time stamps only. + Their old contents have been moved to the 'backzone' file. + The affected zones are: Africa/Addis_Ababa, Africa/Asmara, + Africa/Dar_es_Salaam, Africa/Djibouti, Africa/Kampala, +@@ -1244,7 +1386,7 @@ + + Some more zones have been turned into links, when they differed + from existing zones only for older timestamps. As usual, +- these changes affect UTC offsets in pre-1970 timestamps only. ++ these changes affect UT offsets in pre-1970 timestamps only. + Their old contents have been moved to the 'backzone' file. + The affected zones are: Africa/Blantyre, Africa/Bujumbura, + Africa/Gaborone, Africa/Harare, Africa/Kigali, Africa/Lubumbashi, +@@ -1329,7 +1471,7 @@ + + Some more zones have been turned into links, when they differed + from existing zones only for older timestamps. As usual, +- these changes affect UTC offsets in pre-1970 timestamps only. ++ these changes affect UT offsets in pre-1970 timestamps only. + Their old contents have been moved to the 'backzone' file. + The affected zones are: Africa/Bangui, Africa/Brazzaville, + Africa/Douala, Africa/Kinshasa, Africa/Libreville, Africa/Luanda, +@@ -1479,7 +1621,7 @@ + standard and daylight saving time the abbreviations are AEST and AEDT + instead of the former EST for both; similarly, ACST/ACDT, ACWST/ACWDT, + and AWST/AWDT are now used instead of the former CST, CWST, and WST. +- This change does not affect UTC offsets, only time zone abbreviations. ++ This change does not affect UT offsets, only time zone abbreviations. + (Thanks to Rich Tibbett and many others.) + + Asia/Novokuznetsk shifts from NOVT to KRAT (remaining on UT +07) +@@ -1516,8 +1658,8 @@ + Treindl sent helpful translations of two papers by Guo Qingsheng.) + + Some zones have been turned into links, when they differed from existing +- zones only for older UTC offsets where data entries were likely invented. +- These changes affect UTC offsets in pre-1970 timestamps only. This is ++ zones only for older UT offsets where data entries were likely invented. ++ These changes affect UT offsets in pre-1970 timestamps only. This is + similar to the change in release 2013e, except this time for western + Africa. The affected zones are: Africa/Bamako, Africa/Banjul, + Africa/Conakry, Africa/Dakar, Africa/Freetown, Africa/Lome, +--- contrib/tzdata/README.orig ++++ contrib/tzdata/README +@@ -11,7 +11,7 @@ + and daylight-saving rules. + + See or the +-file tz-link.htm for how to acquire the code and data. Once acquired, ++file tz-link.html for how to acquire the code and data. Once acquired, + read the comments in the file 'Makefile' and make any changes needed + to make things right for your system, especially if you are using some + platform other than GNU/Linux. Then run the following commands, +@@ -18,7 +18,7 @@ + substituting your desired installation directory for "$HOME/tzdir": + + make TOPDIR=$HOME/tzdir install +- $HOME/tzdir/etc/zdump -v America/Los_Angeles ++ $HOME/tzdir/usr/bin/zdump -v America/Los_Angeles + + Historical local time information has been included here to: + +--- contrib/tzdata/africa.orig ++++ contrib/tzdata/africa +@@ -158,7 +158,6 @@ + Link Africa/Abidjan Africa/Lome # Togo + Link Africa/Abidjan Africa/Nouakchott # Mauritania + Link Africa/Abidjan Africa/Ouagadougou # Burkina Faso +-Link Africa/Abidjan Africa/Sao_Tome # São Tomé and Príncipe + Link Africa/Abidjan Atlantic/St_Helena # St Helena + + # Djibouti +@@ -425,7 +424,7 @@ + # + # The Nautical Almanac for the Year 1970, p 264, is the source for -0:44:30. + # +-# In 1972 Liberia was the last country to switch from a UTC offset ++# In 1972 Liberia was the last country to switch from a UT offset + # that was not a multiple of 15 or 20 minutes. The 1972 change was on + # 1972-01-07, according to an entry dated 1972-01-04 on p 330 of: + # Presidential Papers: First year of the administration of +@@ -1037,6 +1036,19 @@ + # Inaccessible, Nightingale: uninhabited + + # São Tomé and Príncipe ++ ++# From Steffen Thorsen (2018-01-08): ++# Multiple sources tell that São Tomé changed from UTC to UTC+1 as ++# they entered the year 2018. ++# From Michael Deckers (2018-01-08): ++# the switch is from 01:00 to 02:00 ... [Decree No. 25/2017] ++# http://www.mnec.gov.st/index.php/publicacoes/documentos/file/90-decreto-lei-n-25-2017 ++ ++Zone Africa/Sao_Tome 0:26:56 - LMT 1884 ++ -0:36:45 - LMT 1912 # Lisbon Mean Time ++ 0:00 - GMT 2018 Jan 1 01:00 ++ 1:00 - WAT ++ + # Senegal + # See Africa/Abidjan. + +--- contrib/tzdata/asia.orig ++++ contrib/tzdata/asia +@@ -50,7 +50,7 @@ + # 9:00 KST KDT Korea when at +09 + # 9:30 ACST Australian Central Standard Time + # Otherwise, these tables typically use numeric abbreviations like +03 +-# and +0330 for integer hour and minute UTC offsets. Although earlier ++# and +0330 for integer hour and minute UT offsets. Although earlier + # editions invented alphabetic time zone abbreviations for every + # offset, this did not reflect common practice. + # +@@ -647,17 +647,17 @@ + # time", in which abolished the adoption of Western Standard Time in + # western islands (listed above), which means the whole Japan + # territory, including later occupations, adopt Japan Central Time +-# (UTC+9). The adoption began on Oct 1, 1937. The original text can ++# (UT+9). The adoption began on Oct 1, 1937. The original text can + # be found on Wikisource: + # https://ja.wikisource.org/wiki/明治二å八年勅令第百六å七號標準時ニ關スル件中改正ノ件 + # +-# That is, the time zone of Taipei switched to UTC+9 on Oct 1, 1937. ++# That is, the time zone of Taipei switched to UT+9 on Oct 1, 1937. + + # From Yu-Cheng Chuang (2014-07-02): +-# I've found more evidence about when the time zone was switched from UTC+9 +-# back to UTC+8 after WW2. I believe it was on Sep 21, 1945. In a document ++# I've found more evidence about when the time zone was switched from UT+9 ++# back to UT+8 after WW2. I believe it was on Sep 21, 1945. In a document + # during Japanese era [1] in which the officer told the staff to change time +-# zone back to Western Standard Time (UTC+8) on Sep 21. And in another ++# zone back to Western Standard Time (UT+8) on Sep 21. And in another + # history page of National Cheng Kung University [2], on Sep 21 there is a + # note "from today, switch back to Western Standard Time". From these two + # materials, I believe that the time zone change happened on Sep 21. And +@@ -1464,17 +1464,17 @@ + # of the Japanese wanted to scrap daylight-saving time, as opposed to 30% who + # wanted to keep it.) + +-# From Paul Eggert (2006-03-22): +-# Shanks & Pottenger write that DST in Japan during those years was as follows: ++# From Takayuki Nikai (2018-01-19): ++# The source of information is Japanese law. ++# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00219480428029.htm ++# http://www.shugiin.go.jp/internet/itdb_housei.nsf/html/houritsu/00719500331039.htm ++# ... In summary, it is written as follows. From 24:00 on the first Saturday ++# in May, until 0:00 on the day after the second Saturday in September. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +-Rule Japan 1948 only - May Sun>=1 2:00 1:00 D +-Rule Japan 1948 1951 - Sep Sat>=8 2:00 0 S +-Rule Japan 1949 only - Apr Sun>=1 2:00 1:00 D +-Rule Japan 1950 1951 - May Sun>=1 2:00 1:00 D +-# but the only locations using it (for birth certificates, presumably, since +-# their audience is astrologers) were US military bases. For now, assume +-# that for most purposes daylight-saving time was observed; otherwise, what +-# would have been the point of the 1951 poll? ++Rule Japan 1948 only - May Sat>=1 24:00 1:00 D ++Rule Japan 1948 1951 - Sep Sun>=9 0:00 0 S ++Rule Japan 1949 only - Apr Sat>=1 24:00 1:00 D ++Rule Japan 1950 1951 - May Sat>=1 24:00 1:00 D + + # From Hideyuki Suzuki (1998-11-09): + # 'Tokyo' usually stands for the former location of Tokyo Astronomical +@@ -1505,7 +1505,7 @@ + # + # ...the Showa Emperor announced Ordinance No. 529 of Showa Year 12 ... which + # means the whole Japan territory, including later occupations, adopt Japan +-# Central Time (UTC+9). The adoption began on Oct 1, 1937. ++# Central Time (UT+9). The adoption began on Oct 1, 1937. + # https://ja.wikisource.org/wiki/明治二å八年勅令第百六å七號標準時ニ關スル件中改正ノ件 + + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +@@ -2066,8 +2066,8 @@ + + # Maldives + # Zone NAME GMTOFF RULES FORMAT [UNTIL] +-Zone Indian/Maldives 4:54:00 - LMT 1880 # Male +- 4:54:00 - MMT 1960 # Male Mean Time ++Zone Indian/Maldives 4:54:00 - LMT 1880 # Malé ++ 4:54:00 - MMT 1960 # Malé Mean Time + 5:00 - +05 + + # Mongolia +--- contrib/tzdata/australasia.orig ++++ contrib/tzdata/australasia +@@ -683,8 +683,8 @@ + # From Steffen Thorsen (2012-07-25) + # ... we double checked by calling hotels and offices based in Tokelau asking + # about the time there, and they all told a time that agrees with UTC+13.... +-# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change +-# actually was to UTC-11 back then. ++# Shanks says UT-10 from 1901 [but] ... there is a good chance the change ++# actually was to UT-11 back then. + # + # From Paul Eggert (2012-07-25) + # A Google Books snippet of Appendix to the Journals of the House of +@@ -1450,7 +1450,7 @@ + # + # From Paul Eggert (2006-03-22): + # The Department of Internal Affairs (DIA) maintains a brief history, +-# as does Carol Squires; see tz-link.htm for the full references. ++# as does Carol Squires; see tz-link.html for the full references. + # Use these sources in preference to Shanks & Pottenger. + # + # For Chatham, IATA SSIM (1991/1999) gives the NZ rules but with +--- contrib/tzdata/backzone.orig ++++ contrib/tzdata/backzone +@@ -145,11 +145,6 @@ + Zone Africa/Harare 2:04:12 - LMT 1903 Mar + 2:00 - CAT + +-# South Sudan +-Zone Africa/Juba 2:06:24 - LMT 1931 +- 2:00 Sudan CA%sT 2000 Jan 15 12:00 +- 3:00 - EAT +- + # Uganda + Zone Africa/Kampala 2:09:40 - LMT 1928 Jul + 3:00 - EAT 1930 +@@ -242,11 +237,6 @@ + 0:00 - GMT 1934 Feb 26 + 1:00 - WAT + +-# São Tomé and Príncipe +-Zone Africa/Sao_Tome 0:26:56 - LMT 1884 +- -0:36:32 - LMT 1912 # Lisbon Mean Time +- 0:00 - GMT +- + # Mali (northern) + Zone Africa/Timbuktu -0:12:04 - LMT 1912 + 0:00 - GMT +--- contrib/tzdata/europe.orig ++++ contrib/tzdata/europe +@@ -68,6 +68,7 @@ + # 0:00 WET WEST WEMT Western Europe + # 0:19:32.13 AMT* NST* Amsterdam, Netherlands Summer (1835-1937) + # 1:00 BST British Standard (1968-1971) ++# 1:00 IST GMT Irish Standard (1968-) with winter DST + # 1:00 CET CEST CEMT Central Europe + # 1:00:14 SET Swedish (1879-1899) + # 1:36:34 RMT* LST* Riga, Latvian Summer (1880-1926)* +@@ -74,8 +75,8 @@ + # 2:00 EET EEST Eastern Europe + # 3:00 MSK MSD MDST* Moscow + +-# From Peter Ilieve (1994-12-04), +-# The original six [EU members]: Belgium, France, (West) Germany, Italy, ++# From Peter Ilieve (1994-12-04), re EEC/EC/EU members: ++# The original six: Belgium, France, (West) Germany, Italy, + # Luxembourg, the Netherlands. + # Plus, from 1 Jan 73: Denmark, Ireland, United Kingdom. + # Plus, from 1 Jan 81: Greece. +@@ -278,16 +279,31 @@ + # The following claim by Shanks & Pottenger is possible though doubtful; + # we'll ignore it for now. + # * Dublin's 1971-10-31 switch was at 02:00, even though London's was 03:00. ++ ++# From Paul Eggert (2017-12-04): + # ++# Dunsink Observatory (8 km NW of Dublin's center) was to Dublin as ++# Greenwich was to London. For example: + # +-# Whitman says Dublin Mean Time was -0:25:21, which is more precise than +-# Shanks & Pottenger. +-# Perhaps this was Dunsink Observatory Time, as Dunsink Observatory +-# (8 km NW of Dublin's center) seemingly was to Dublin as Greenwich was +-# to London. For example: +-# + # "Timeball on the ballast office is down. Dunsink time." + # -- James Joyce, Ulysses ++# ++# The abbreviation DMT stood for "Dublin Mean Time" or "Dunsink Mean Time"; ++# this being Ireland, opinions differed. ++# ++# Whitman says Dublin/Dunsink Mean Time was UT-00:25:21, which agrees ++# with measurements of recent visitors to the Meridian Room of Dunsink ++# Observatory; see Malone D. Dunsink and timekeeping. 2016-01-24. ++# . Malone ++# writes that the Nautical Almanac listed UT-00:25:22 until 1896, when ++# it moved to UT-00:25:21.1 (I confirmed that the 1893 edition used ++# the former and the 1896 edition used the latter). Evidently the ++# news of this change propagated slowly, as Milne 1899 still lists ++# UT-00:25:22 and cites the International Telegraph Bureau. As it is ++# not clear that there was any practical significance to the change ++# from UT-00:25:22 to UT-00:25:21.1 in civil timekeeping, omit this ++# transition for now and just use the latter value, omitting its ++# fraction since our format cannot represent fractions. + + # "Countess Markievicz ... claimed that the [1916] abolition of Dublin Mean Time + # was among various actions undertaken by the 'English' government that +@@ -347,12 +363,28 @@ + # regulations. I spoke this morning with the Secretary of the Department of + # Justice (tel +353 1 678 9711) who confirmed to me that the correct name is + # "Irish Summer Time", abbreviated to "IST". ++# ++# From Paul Eggert (2017-12-07): ++# The 1996 anonymous contributor's goal was to determine the correct ++# abbreviation for summer time in Dublin and so the contributor ++# focused on the "IST", not on the "Irish Summer Time". Though the ++# "IST" was correct, the "Irish Summer Time" appears to have been an ++# error, as Ireland's Standard Time (Amendment) Act, 1971 states that ++# standard time in Ireland remains at UT +01 and is observed in ++# summer, and that Greenwich mean time is observed in winter. (Thanks ++# to Derick Rethans for pointing out the error.) That is, when ++# Ireland amended the 1968 act that established UT +01 as Irish ++# Standard Time, it left standard time unchanged and established GMT ++# as a negative daylight saving time in winter. So, in this database ++# IST stands for Irish Summer Time for timestamps before 1968, and for ++# Irish Standard Time after that. See: ++# http://www.irishstatutebook.ie/eli/1971/act/17/enacted/en/print + + # Michael Deckers (2017-06-01) gave the following URLs for Ireland's + # Summer Time Act, 1925 and Summer Time Orders, 1926 and 1947: +-# http://www.irishstatutebook.ie/eli/1925/act/8/enacted/en/print.html +-# http://www.irishstatutebook.ie/eli/1926/sro/919/made/en/print.html +-# http://www.irishstatutebook.ie/eli/1947/sro/71/made/en/print.html ++# http://www.irishstatutebook.ie/eli/1925/act/8/enacted/en/print ++# http://www.irishstatutebook.ie/eli/1926/sro/919/made/en/print ++# http://www.irishstatutebook.ie/eli/1947/sro/71/made/en/print + + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S + # Summer Time Act, 1916 +@@ -476,9 +508,23 @@ + Link Europe/London Europe/Guernsey + Link Europe/London Europe/Isle_of_Man + ++# From Paul Eggert (2018-01-19): ++# The following is like GB-Eire and EU, except with standard time in ++# summer and negative daylight saving time in winter. ++# Although currently commented out, this will need to become uncommented ++# once the ICU/OpenJDK workaround is removed; see below. ++# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S ++#Rule Eire 1971 only - Oct 31 2:00u -1:00 GMT ++#Rule Eire 1972 1980 - Mar Sun>=16 2:00u 0 IST ++#Rule Eire 1972 1980 - Oct Sun>=23 2:00u -1:00 GMT ++#Rule Eire 1981 max - Mar lastSun 1:00u 0 IST ++#Rule Eire 1981 1989 - Oct Sun>=23 1:00u -1:00 GMT ++#Rule Eire 1990 1995 - Oct Sun>=22 1:00u -1:00 GMT ++#Rule Eire 1996 max - Oct lastSun 1:00u -1:00 GMT ++ + # Zone NAME GMTOFF RULES FORMAT [UNTIL] + Zone Europe/Dublin -0:25:00 - LMT 1880 Aug 2 +- -0:25:21 - DMT 1916 May 21 2:00s # Dublin MT ++ -0:25:21 - DMT 1916 May 21 2:00s + -0:25:21 1:00 IST 1916 Oct 1 2:00s + 0:00 GB-Eire %s 1921 Dec 6 # independence + 0:00 GB-Eire GMT/IST 1940 Feb 25 2:00s +@@ -487,16 +533,33 @@ + 0:00 1:00 IST 1947 Nov 2 2:00s + 0:00 - GMT 1948 Apr 18 2:00s + 0:00 GB-Eire GMT/IST 1968 Oct 27 ++# From Paul Eggert (2018-01-18): ++# The next line should look like this: ++# 1:00 Eire IST/GMT ++# However, in January 2018 we discovered that the Eire rules cause ++# problems with tests for ICU: ++# https://mm.icann.org/pipermail/tz/2018-January/025825.html ++# and with tests for OpenJDK: ++# https://mm.icann.org/pipermail/tz/2018-January/025822.html ++# To work around this problem, use a traditional approximation for ++# time stamps after 1971-10-31 02:00 UTC, to give ICU and OpenJDK ++# developers breathing room to fix bugs. This approximation has ++# correct UTC offsets, but results in tm_isdst flags are the reverse ++# of what they should be. This workaround is temporary and should be ++# removed reasonably soon. + 1:00 - IST 1971 Oct 31 2:00u + 0:00 GB-Eire GMT/IST 1996 + 0:00 EU GMT/IST ++# End of workaround for ICU and OpenJDK bugs. + ++ + ############################################################################### + + # Europe + +-# EU rules are for the European Union, previously known as the EC, EEC, +-# Common Market, etc. ++# The following rules are for the European Union and for its ++# predecessor organization, the European Communities. ++# For brevity they are called "EU rules" elsewhere in this file. + + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S + Rule EU 1977 1980 - Apr Sun>=1 1:00u 1:00 S +@@ -929,7 +992,7 @@ + # The page http://www.retsinfo.dk/_GETDOCI_/ACCN/A18930008330-REGL + # confirms this, and states that the law was put forth 1893-03-29. + # +-# The EU treaty with effect from 1973: ++# The EU [actually, EEC and Euratom] treaty with effect from 1973: + # http://www.retsinfo.dk/_GETDOCI_/ACCN/A19722110030-REGL + # + # This provoked a new law from 1974 to make possible summer time changes +@@ -985,9 +1048,10 @@ + # East Greenland and Franz Josef Land, but we don't know their time zones. + # My source for this is Wilhelm Dege's book mentioned under Svalbard. + # +-# From Paul Eggert (2006-03-22): +-# Greenland joined the EU as part of Denmark, obtained home rule on 1979-05-01, +-# and left the EU on 1985-02-01. It therefore should have been using EU ++# From Paul Eggert (2017-12-10): ++# Greenland joined the European Communities as part of Denmark, ++# obtained home rule on 1979-05-01, and left the European Communities ++# on 1985-02-01. It therefore should have been using EU + # rules at least through 1984. Shanks & Pottenger say Scoresbysund and GodthÃ¥b + # used C-Eur rules after 1980, but IATA SSIM (1991/1996) says they use EU + # rules since at least 1991. Assume EU rules since 1980. +@@ -1301,7 +1365,7 @@ + # From Markus Kuhn (1998-09-29): + # The German time zone web site by the Physikalisch-Technische + # Bundesanstalt contains DST information back to 1916. +-# [See tz-link.htm for the URL.] ++# [See tz-link.html for the URL.] + + # From Jörg Schilling (2002-10-23): + # In 1945, Berlin was switched to Moscow Summer time (GMT+4) by +@@ -1398,7 +1462,7 @@ + 1:00 Greece CE%sT 1944 Apr 4 + 2:00 Greece EE%sT 1981 + # Shanks & Pottenger say it switched to C-Eur in 1981; +- # go with EU instead, since Greece joined it on Jan 1. ++ # go with EU rules instead, since Greece joined Jan 1. + 2:00 EU EE%sT + + # Hungary +@@ -2097,7 +2161,7 @@ + # IATA SSIM (1991/1992) reports that the Azores were at -1:00. + # IATA SSIM (1993-02) says +0:00; later issues (through 1996-09) say -1:00. + # Guess that the Azores changed to EU rules in 1992 (since that's when Portugal +-# harmonized with the EU), and that they stayed +0:00 that winter. ++# harmonized with EU rules), and that they stayed +0:00 that winter. + # + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S + # DSH writes that despite Decree 1,469 (1915), the change to the clocks was not +@@ -2772,9 +2836,9 @@ + # + # https://regnum.ru/news/society/1957270.html + # has some historical data for Altai Krai: +-# before 1957: west part on UTC+6, east on UTC+7 +-# after 1957: UTC+7 +-# since 1995: UTC+6 ++# before 1957: west part on UT+6, east on UT+7 ++# after 1957: UT+7 ++# since 1995: UT+6 + # http://barnaul.rusplt.ru/index/pochemu_altajskij_kraj_okazalsja_v_neprivychnom_chasovom_pojase-17648.html + # confirms that and provides more details including 1995-05-28 transition date. + +@@ -3582,6 +3646,17 @@ + # The change is permanent, so this is the new standard time in Turkey. + # It takes effect today, which is not much notice. + ++# From Kıvanç Yazan (2017-10-28): *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-doc-all@freebsd.org Wed Mar 7 14:56:32 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39F2EF33BE7; Wed, 7 Mar 2018 14:56:32 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB6E978911; Wed, 7 Mar 2018 14:56:31 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D66F622D85; Wed, 7 Mar 2018 14:56:31 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27EuVmu058444; Wed, 7 Mar 2018 14:56:31 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27EuVko058443; Wed, 7 Mar 2018 14:56:31 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803071456.w27EuVko058443@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 14:56:31 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-svnadmin@freebsd.org Subject: svn commit: r51466 - svnadmin/conf X-SVN-Group: doc-svnadmin X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: svnadmin/conf X-SVN-Commit-Revision: 51466 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:56:32 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 14:56:31 2018 New Revision: 51466 URL: https://svnweb.freebsd.org/changeset/doc/51466 Log: NTP patches are large. Exempt myself from the limit to commit them. Modified: svnadmin/conf/sizelimit.conf Modified: svnadmin/conf/sizelimit.conf ============================================================================== --- svnadmin/conf/sizelimit.conf Wed Mar 7 14:54:41 2018 (r51465) +++ svnadmin/conf/sizelimit.conf Wed Mar 7 14:56:31 2018 (r51466) @@ -17,5 +17,6 @@ blackend gabor gjb +gordon hrs wblock From owner-svn-doc-all@freebsd.org Wed Mar 7 14:57:36 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C76BF33E23; Wed, 7 Mar 2018 14:57:36 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ADAD178AD8; Wed, 7 Mar 2018 14:57:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A860922D87; Wed, 7 Mar 2018 14:57:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27EvZIg058648; Wed, 7 Mar 2018 14:57:35 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27EvZX3058644; Wed, 7 Mar 2018 14:57:35 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803071457.w27EvZX3058644@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 14:57:35 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51467 - in head/share/security/patches: SA-18:01 SA-18:02 X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share/security/patches: SA-18:01 SA-18:02 X-SVN-Commit-Revision: 51467 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:57:36 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 14:57:35 2018 New Revision: 51467 URL: https://svnweb.freebsd.org/changeset/doc/51467 Log: Add the actual patches to the doc repo. This would help people interested in actually patching their systems. Approved by: so Added: head/share/security/patches/SA-18:01/ipsec-10.patch (contents, props changed) head/share/security/patches/SA-18:01/ipsec-11.patch (contents, props changed) head/share/security/patches/SA-18:02/ntp-10.3.patch (contents, props changed) head/share/security/patches/SA-18:02/ntp-10.4.patch (contents, props changed) head/share/security/patches/SA-18:02/ntp-11.1.patch (contents, props changed) Added: head/share/security/patches/SA-18:01/ipsec-10.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-10.patch Wed Mar 7 14:57:35 2018 (r51467) @@ -0,0 +1,38 @@ +--- sys/netipsec/xform_ah.c.orig ++++ sys/netipsec/xform_ah.c +@@ -615,6 +615,16 @@ + m_freem(m); + return EACCES; + } ++ if (skip + authsize + rplen > m->m_pkthdr.len) { ++ DPRINTF(("%s: bad mbuf length %u (expecting %lu)" ++ " for packet in SA %s/%08lx\n", __func__, ++ m->m_pkthdr.len, (u_long) (skip + authsize + rplen), ++ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ++ (u_long) ntohl(sav->spi))); ++ AHSTAT_INC(ahs_badauthl); ++ error = EACCES; ++ goto bad; ++ } + AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); + + /* Get crypto descriptors. */ +@@ -680,6 +690,9 @@ + /* Zeroize the authenticator on the packet. */ + m_copyback(m, skip + rplen, authsize, ipseczeroes); + ++ /* Save ah_nxt, since ah pointer can become invalid after "massage" */ ++ hl = ah->ah_nxt; ++ + /* "Massage" the packet headers for crypto processing. */ + error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family, + skip, ahx->type, 0); +@@ -704,7 +717,7 @@ + tc->tc_spi = sav->spi; + tc->tc_dst = sav->sah->saidx.dst; + tc->tc_proto = sav->sah->saidx.proto; +- tc->tc_nxt = ah->ah_nxt; ++ tc->tc_nxt = hl; + tc->tc_protoff = protoff; + tc->tc_skip = skip; + tc->tc_ptr = (caddr_t) mtag; /* Save the mtag we've identified. */ Added: head/share/security/patches/SA-18:01/ipsec-11.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-11.patch Wed Mar 7 14:57:35 2018 (r51467) @@ -0,0 +1,38 @@ +--- sys/netipsec/xform_ah.c.orig ++++ sys/netipsec/xform_ah.c +@@ -598,6 +598,16 @@ + error = EACCES; + goto bad; + } ++ if (skip + authsize + rplen > m->m_pkthdr.len) { ++ DPRINTF(("%s: bad mbuf length %u (expecting %lu)" ++ " for packet in SA %s/%08lx\n", __func__, ++ m->m_pkthdr.len, (u_long) (skip + authsize + rplen), ++ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ++ (u_long) ntohl(sav->spi))); ++ AHSTAT_INC(ahs_badauthl); ++ error = EACCES; ++ goto bad; ++ } + AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); + + /* Get crypto descriptors. */ +@@ -642,6 +652,9 @@ + /* Zeroize the authenticator on the packet. */ + m_copyback(m, skip + rplen, authsize, ipseczeroes); + ++ /* Save ah_nxt, since ah pointer can become invalid after "massage" */ ++ hl = ah->ah_nxt; ++ + /* "Massage" the packet headers for crypto processing. */ + error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family, + skip, ahx->type, 0); +@@ -664,7 +677,7 @@ + + /* These are passed as-is to the callback. */ + xd->sav = sav; +- xd->nxt = ah->ah_nxt; ++ xd->nxt = hl; + xd->protoff = protoff; + xd->skip = skip; + xd->cryptoid = cryptoid; Added: head/share/security/patches/SA-18:02/ntp-10.3.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-10.3.patch Wed Mar 7 14:57:35 2018 (r51467) @@ -0,0 +1,46614 @@ +--- contrib/ntp/ChangeLog.orig ++++ contrib/ntp/ChangeLog +@@ -1,7 +1,108 @@ + --- +-(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn +-(4.2.8p10) + ++* [Sec 3454] Unauthenticated packet can reset authenticated interleave ++ associations. HStenn. ++* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn. ++* [Sec 3415] Permit blocking authenticated symmetric/passive associations. ++ Implement ippeerlimit. HStenn, JPerlinger. ++* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits ++ - initial patch by , extended by ++* [Sec 3412] ctl_getitem(): Don't compare names past NUL. ++* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger. ++* [Bug 3457] OpenSSL FIPS mode regression ++* [Bug 3455] ntpd doesn't use scope id when binding multicast ++ - applied patch by Sean Haugh ++* [Bug 3452] PARSE driver prints uninitialized memory. ++* [Bug 3450] Dubious error messages from plausibility checks in get_systime() ++ - removed error log caused by rounding/slew, ensured postcondition ++* [Bug 3447] AES-128-CMAC (fixes) ++ - refactoring the MAC code, too ++* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org ++* [Bug 3439] When running multiple commands / hosts in ntpq... ++ - applied patch by ggarvey ++* [Bug 3438] Negative values and values > 999 days in... ++ - applied patch by ggarvey (with minor mods) ++* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain ++ - applied patch (with mods) by Miroslav Lichvar ++* [Bug 3435] anchor NTP era alignment ++* [Bug 3433] sntp crashes when run with -a. ++* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" ++ - fixed several issues with hash algos in ntpd, sntp, ntpq, ++ ntpdc and the test suites ++* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug ++ - initial patch by Daniel Pouzzner ++* [Bug 3423] QNX adjtime() implementation error checking is ++ wrong ++* [Bug 3417] ntpq ifstats packet counters can be negative ++ made IFSTATS counter quantities unsigned ++* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 ++ - raised receive buffer size to 1200 ++* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static ++ analysis tool. ++* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. ++* [Bug 3404] Fix openSSL DLL usage under Windows ++ - fix/drop assumptions on OpenSSL libs directory layout ++* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation ++ - initial patch by timeflies@mail2tor.com ++* [Bug 3398] tests fail with core dump ++ - patch contributed by Alexander Bluhm ++* [Bug 3397] ctl_putstr() asserts that data fits in its buffer ++ rework of formatting & data transfer stuff in 'ntp_control.c' ++ avoids unecessary buffers and size limitations. ++* [Bug 3394] Leap second deletion does not work on ntpd clients ++ - fixed handling of dynamic deletion w/o leap file ++* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size ++ - increased mimimum stack size to 32kB ++* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 ++ - reverted handling of PPS kernel consumer to 4.2.6 behavior ++* [Bug 3365] Updates driver40(-ja).html and miscopt.html ++* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. ++* [Bug 3016] wrong error position reported for bad ":config pool" ++ - fixed location counter & ntpq output ++* [Bug 2900] libntp build order problem. HStenn. ++* [Bug 2878] Tests are cluttering up syslog ++* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, ++ perlinger@ntp.org ++* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. ++* [Bug 948] Trustedkey config directive leaks memory. ++* Use strlcpy() to copy strings, not memcpy(). HStenn. ++* Typos. HStenn. ++* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. ++* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. ++* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org ++* Fix trivial warnings from 'make check'. perlinger@ntp.org ++* Fix bug in the override portion of the compiler hardening macro. HStenn. ++* record_raw_stats(): Log entire packet. Log writes. HStenn. ++* AES-128-CMAC support. BInglis, HStenn, JPerlinger. ++* sntp: tweak key file logging. HStenn. ++* sntp: pkt_output(): Improve debug output. HStenn. ++* update-leap: updates from Paul McMath. ++* When using pkg-config, report --modversion. HStenn. ++* Clean up libevent configure checks. HStenn. ++* sntp: show the IP of who sent us a crypto-NAK. HStenn. ++* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. ++* authistrustedip() - use it in more places. HStenn, JPerlinger. ++* New sysstats: sys_lamport, sys_tsrounding. HStenn. ++* Update ntp.keys .../N documentation. HStenn. ++* Distribute testconf.yml. HStenn. ++* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. ++* Rename the configuration flag fifo variables. HStenn. ++* Improve saveconfig output. HStenn. ++* Decode restrict flags on receive() debug output. HStenn. ++* Decode interface flags on receive() debug output. HStenn. ++* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. ++* Update the documentation in ntp.conf.def . HStenn. ++* restrictions() must return restrict flags and ippeerlimit. HStenn. ++* Update ntpq peer documentation to describe the 'p' type. HStenn. ++* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. ++* Provide dump_restricts() for debugging. HStenn. ++* Use consistent 4th arg type for [gs]etsockopt. JPerlinger. ++* Some tests might need LIBM. HStenn. ++* update-leap: Allow -h/--help early. HStenn. ++ ++--- ++(4.2.8p10) 2017/03/21 Released by Harlan Stenn ++ + * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config + (Pentest report 01.2017) + * [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock +--- contrib/ntp/Makefile.am.orig ++++ contrib/ntp/Makefile.am +@@ -5,10 +5,10 @@ + # moved sntp first to get libtool and libevent built. + + SUBDIRS = \ +- sntp \ + scripts \ + include \ + libntp \ ++ sntp \ + libparse \ + ntpd \ + ntpdate \ +--- contrib/ntp/Makefile.in.orig ++++ contrib/ntp/Makefile.in +@@ -99,6 +99,7 @@ + $(top_srcdir)/sntp/m4/ltsugar.m4 \ + $(top_srcdir)/sntp/m4/ltversion.m4 \ + $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ ++ $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ + $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ + $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ + $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ +@@ -523,10 +524,10 @@ + + # moved sntp first to get libtool and libevent built. + SUBDIRS = \ +- sntp \ + scripts \ + include \ + libntp \ ++ sntp \ + libparse \ + ntpd \ + ntpdate \ +--- contrib/ntp/NEWS.orig ++++ contrib/ntp/NEWS +@@ -1,4 +1,331 @@ + -- ++NTP 4.2.8p11 (Harlan Stenn , 2018/02/27) ++ ++NOTE: this NEWS file will be undergoing more revisions. ++ ++Focus: Security, Bug fixes, enhancements. ++ ++Severity: MEDIUM ++ ++This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity ++vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and ++provides 65 other non-security fixes and improvements: ++ ++* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved ++ association (LOW/MED) ++ Date Resolved: Stable (4.2.8p11) 27 Feb 2018 ++ References: Sec 3454 / CVE-2018-7185 / VU#961909 ++ Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11. ++ CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between ++ 2.9 and 6.8. ++ CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could ++ score between 2.6 and 3.1 ++ Summary: ++ The NTP Protocol allows for both non-authenticated and ++ authenticated associations, in client/server, symmetric (peer), ++ and several broadcast modes. In addition to the basic NTP ++ operational modes, symmetric mode and broadcast servers can ++ support an interleaved mode of operation. In ntp-4.2.8p4 a bug ++ was inadvertently introduced into the protocol engine that ++ allows a non-authenticated zero-origin (reset) packet to reset ++ an authenticated interleaved peer association. If an attacker ++ can send a packet with a zero-origin timestamp and the source ++ IP address of the "other side" of an interleaved association, ++ the 'victim' ntpd will reset its association. The attacker must ++ continue sending these packets in order to maintain the ++ disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6, ++ interleave mode could be entered dynamically. As of ntp-4.2.8p7, ++ interleaved mode must be explicitly configured/enabled. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p11, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ If you are unable to upgrade to 4.2.8p11 or later and have ++ 'peer HOST xleave' lines in your ntp.conf file, remove the ++ 'xleave' option. ++ Have enough sources of time. ++ Properly monitor your ntpd instances. ++ If ntpd stops running, auto-restart it without -g . ++ Credit: ++ This weakness was discovered by Miroslav Lichvar of Red Hat. ++ ++* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad ++ state (LOW/MED) ++ Date Resolved: Stable (4.2.8p11) 27 Feb 2018 ++ References: Sec 3453 / CVE-2018-7184 / VU#961909 ++ Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11. ++ CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) ++ Could score between 2.9 and 6.8. ++ CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L ++ Could score between 2.6 and 6.0. ++ Summary: ++ The fix for NtpBug2952 was incomplete, and while it fixed one ++ problem it created another. Specifically, it drops bad packets ++ before updating the "received" timestamp. This means a ++ third-party can inject a packet with a zero-origin timestamp, ++ meaning the sender wants to reset the association, and the ++ transmit timestamp in this bogus packet will be saved as the ++ most recent "received" timestamp. The real remote peer does ++ not know this value and this will disrupt the association until ++ the association resets. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Use authentication with 'peer' mode. ++ Have enough sources of time. ++ Properly monitor your ntpd instances. ++ If ntpd stops running, auto-restart it without -g . ++ Credit: ++ This weakness was discovered by Miroslav Lichvar of Red Hat. ++ ++* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive ++ peering (LOW) ++ Date Resolved: Stable (4.2.8p11) 27 Feb 2018 ++ References: Sec 3415 / CVE-2018-7170 / VU#961909 ++ Sec 3012 / CVE-2016-1549 / VU#718152 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p7, and ++ 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. ++ CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) ++ CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N ++ Summary: ++ ntpd can be vulnerable to Sybil attacks. If a system is set up to ++ use a trustedkey and if one is not using the feature introduced in ++ ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to ++ specify which IPs can serve time, a malicious authenticated peer ++ -- i.e. one where the attacker knows the private symmetric key -- ++ can create arbitrarily-many ephemeral associations in order to win ++ the clock selection of ntpd and modify a victim's clock. Three ++ additional protections are offered in ntp-4.2.8p11. One is the ++ new 'noepeer' directive, which disables symmetric passive ++ ephemeral peering. Another is the new 'ippeerlimit' directive, ++ which limits the number of peers that can be created from an IP. ++ The third extends the functionality of the 4th field in the ++ ntp.keys file to include specifying a subnet range. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Use the 'noepeer' directive to prohibit symmetric passive ++ ephemeral associations. ++ Use the 'ippeerlimit' directive to limit the number of peers ++ that can be created from an IP. ++ Use the 4th argument in the ntp.keys file to limit the IPs and ++ subnets that can be time servers. ++ Have enough sources of time. ++ Properly monitor your ntpd instances. ++ If ntpd stops running, auto-restart it without -g . ++ Credit: ++ This weakness was reported as Bug 3012 by Matthew Van Gundy of ++ Cisco ASIG, and separately by Stefan Moser as Bug 3415. ++ ++* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium) ++ Date Resolved: 27 Feb 2018 ++ References: Sec 3414 / CVE-2018-7183 / VU#961909 ++ Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11. ++ CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) ++ CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L ++ Summary: ++ ntpq is a monitoring and control program for ntpd. decodearr() ++ is an internal function of ntpq that is used to -- wait for it -- ++ decode an array in a response string when formatted data is being ++ displayed. This is a problem in affected versions of ntpq if a ++ maliciously-altered ntpd returns an array result that will trip this ++ bug, or if a bad actor is able to read an ntpq request on its way to ++ a remote ntpd server and forge and send a response before the remote ++ ntpd sends its response. It's potentially possible that the ++ malicious data could become injectable/executable code. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Credit: ++ This weakness was discovered by Michael Macnair of Thales e-Security. ++ ++* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined ++ behavior and information leak (Info/Medium) ++ Date Resolved: 27 Feb 2018 ++ References: Sec 3412 / CVE-2018-7182 / VU#961909 ++ Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11. ++ CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N ++ CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ++ 0.0 if C:N ++ Summary: ++ ctl_getitem() is used by ntpd to process incoming mode 6 packets. ++ A malicious mode 6 packet can be sent to an ntpd instance, and ++ if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will ++ cause ctl_getitem() to read past the end of its buffer. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Have enough sources of time. ++ Properly monitor your ntpd instances. ++ If ntpd stops running, auto-restart it without -g . ++ Credit: ++ This weakness was discovered by Yihan Lian of Qihoo 360. ++ ++* NTP Bug 3012: Sybil vulnerability: ephemeral association attack ++ Also see Bug 3415, above. ++ Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 ++ Date Resolved: Stable (4.2.8p11) 27 Feb 2018 ++ References: Sec 3012 / CVE-2016-1549 / VU#718152 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p7, and ++ 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. ++ CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) ++ CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N ++ Summary: ++ ntpd can be vulnerable to Sybil attacks. If a system is set up ++ to use a trustedkey and if one is not using the feature ++ introduced in ntp-4.2.8p6 allowing an optional 4th field in the ++ ntp.keys file to specify which IPs can serve time, a malicious ++ authenticated peer -- i.e. one where the attacker knows the ++ private symmetric key -- can create arbitrarily-many ephemeral ++ associations in order to win the clock selection of ntpd and ++ modify a victim's clock. Two additional protections are ++ offered in ntp-4.2.8p11. One is the 'noepeer' directive, which ++ disables symmetric passive ephemeral peering. The other extends ++ the functionality of the 4th field in the ntp.keys file to ++ include specifying a subnet range. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or ++ the NTP Public Services Project Download Page. ++ Use the 'noepeer' directive to prohibit symmetric passive ++ ephemeral associations. ++ Use the 'ippeerlimit' directive to limit the number of peer ++ associations from an IP. ++ Use the 4th argument in the ntp.keys file to limit the IPs ++ and subnets that can be time servers. ++ Properly monitor your ntpd instances. ++ Credit: ++ This weakness was discovered by Matthew Van Gundy of Cisco ASIG. ++ ++* Bug fixes: ++ [Bug 3457] OpenSSL FIPS mode regression ++ [Bug 3455] ntpd doesn't use scope id when binding multicast ++ - applied patch by Sean Haugh ++ [Bug 3452] PARSE driver prints uninitialized memory. ++ [Bug 3450] Dubious error messages from plausibility checks in get_systime() ++ - removed error log caused by rounding/slew, ensured postcondition ++ [Bug 3447] AES-128-CMAC (fixes) ++ - refactoring the MAC code, too ++ [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org ++ [Bug 3439] When running multiple commands / hosts in ntpq... ++ - applied patch by ggarvey ++ [Bug 3438] Negative values and values > 999 days in... ++ - applied patch by ggarvey (with minor mods) ++ [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain ++ - applied patch (with mods) by Miroslav Lichvar ++ [Bug 3435] anchor NTP era alignment ++ [Bug 3433] sntp crashes when run with -a. ++ [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" ++ - fixed several issues with hash algos in ntpd, sntp, ntpq, ++ ntpdc and the test suites ++ [Bug 3424] Trimble Thunderbolt 1024 week millenium bug ++ - initial patch by Daniel Pouzzner ++ [Bug 3423] QNX adjtime() implementation error checking is ++ wrong ++ [Bug 3417] ntpq ifstats packet counters can be negative ++ made IFSTATS counter quantities unsigned ++ [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 ++ - raised receive buffer size to 1200 ++ [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static ++ analysis tool. ++ [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. ++ [Bug 3404] Fix openSSL DLL usage under Windows ++ - fix/drop assumptions on OpenSSL libs directory layout ++ [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation ++ - initial patch by timeflies@mail2tor.com ++ [Bug 3398] tests fail with core dump ++ - patch contributed by Alexander Bluhm ++ [Bug 3397] ctl_putstr() asserts that data fits in its buffer ++ rework of formatting & data transfer stuff in 'ntp_control.c' ++ avoids unecessary buffers and size limitations. ++ [Bug 3394] Leap second deletion does not work on ntpd clients ++ - fixed handling of dynamic deletion w/o leap file ++ [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size ++ - increased mimimum stack size to 32kB ++ [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 ++ - reverted handling of PPS kernel consumer to 4.2.6 behavior ++ [Bug 3365] Updates driver40(-ja).html and miscopt.html ++ [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. ++ [Bug 3016] wrong error position reported for bad ":config pool" ++ - fixed location counter & ntpq output ++ [Bug 2900] libntp build order problem. HStenn. ++ [Bug 2878] Tests are cluttering up syslog ++ [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, ++ perlinger@ntp.org ++ [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. ++ [Bug 948] Trustedkey config directive leaks memory. ++ Use strlcpy() to copy strings, not memcpy(). HStenn. ++ Typos. HStenn. ++ test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. ++ refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. ++ Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org ++ Fix trivial warnings from 'make check'. perlinger@ntp.org ++ Fix bug in the override portion of the compiler hardening macro. HStenn. ++ record_raw_stats(): Log entire packet. Log writes. HStenn. ++ AES-128-CMAC support. BInglis, HStenn, JPerlinger. ++ sntp: tweak key file logging. HStenn. ++ sntp: pkt_output(): Improve debug output. HStenn. ++ update-leap: updates from Paul McMath. ++ When using pkg-config, report --modversion. HStenn. ++ Clean up libevent configure checks. HStenn. ++ sntp: show the IP of who sent us a crypto-NAK. HStenn. ++ Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. ++ authistrustedip() - use it in more places. HStenn, JPerlinger. ++ New sysstats: sys_lamport, sys_tsrounding. HStenn. ++ Update ntp.keys .../N documentation. HStenn. ++ Distribute testconf.yml. HStenn. ++ Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. ++ Rename the configuration flag fifo variables. HStenn. ++ Improve saveconfig output. HStenn. ++ Decode restrict flags on receive() debug output. HStenn. ++ Decode interface flags on receive() debug output. HStenn. ++ Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. ++ Update the documentation in ntp.conf.def . HStenn. ++ restrictions() must return restrict flags and ippeerlimit. HStenn. ++ Update ntpq peer documentation to describe the 'p' type. HStenn. ++ Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. ++ Provide dump_restricts() for debugging. HStenn. ++ Use consistent 4th arg type for [gs]etsockopt. JPerlinger. ++ ++* Other items: ++ ++* update-leap needs the following perl modules: ++ Net::SSLeay ++ IO::Socket::SSL ++ ++* New sysstats variables: sys_lamport, sys_tsrounding ++See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding" ++sys_lamport counts the number of observed Lamport violations, while ++sys_tsrounding counts observed timestamp rounding events. ++ ++* New ntp.conf items: ++ ++- restrict ... noepeer ++- restrict ... ippeerlimit N ++ ++The 'noepeer' directive will disallow all ephemeral/passive peer ++requests. ++ ++The 'ippeerlimit' directive limits the number of time associations ++for each IP in the designated set of addresses. This limit does not ++apply to explicitly-configured associations. A value of -1, the current ++default, means an unlimited number of associations may connect from a ++single IP. 0 means "none", etc. Ordinarily the only way multiple ++associations would come from the same IP would be if the remote side ++was using a proxy. But a trusted machine might become compromised, ++in which case an attacker might spin up multiple authenticated sessions ++from different ports. This directive should be helpful in this case. ++ ++* New ntp.keys feature: Each IP in the optional list of IPs in the 4th ++field may contain a /subnetbits specification, which identifies the ++scope of IPs that may use this key. This IP/subnet restriction can be ++used to limit the IPs that may use the key in most all situations where ++a key is used. ++-- + NTP 4.2.8p10 (Harlan Stenn , 2017/03/21) + + Focus: Security, Bug fixes, enhancements. +@@ -960,7 +1287,7 @@ + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page +- Properly monitor your =ntpd= instances ++ Properly monitor your ntpd instances + Credit: This weakness was discovered by Stephen Gray and + Matthew Van Gundy of Cisco ASIG. + +@@ -1029,7 +1356,7 @@ + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page +- Properly monitor your =ntpd= instances ++ Properly monitor your ntpd instances + Credit: This weakness was discovered by Yihan Lian of the Cloud + Security Team, Qihoo 360. + +@@ -1266,7 +1593,7 @@ + Configure 'ntpd' to get time from multiple sources. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. +- Monitor your 'ntpd= instances. ++ Monitor your 'ntpd' instances. + Credit: This weakness was discovered by Matthey Van Gundy and + Jonathan Gardner of Cisco ASIG. + +--- contrib/ntp/aclocal.m4.orig ++++ contrib/ntp/aclocal.m4 +@@ -1339,6 +1339,7 @@ + m4_include([sntp/m4/ltsugar.m4]) + m4_include([sntp/m4/ltversion.m4]) + m4_include([sntp/m4/lt~obsolete.m4]) ++m4_include([sntp/m4/ntp_af_unspec.m4]) + m4_include([sntp/m4/ntp_cacheversion.m4]) + m4_include([sntp/m4/ntp_compiler.m4]) + m4_include([sntp/m4/ntp_crosscompile.m4]) +--- contrib/ntp/adjtimed/Makefile.in.orig ++++ contrib/ntp/adjtimed/Makefile.in +@@ -108,6 +108,7 @@ + $(top_srcdir)/sntp/m4/ltsugar.m4 \ + $(top_srcdir)/sntp/m4/ltversion.m4 \ + $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ ++ $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ + $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ + $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ + $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ +@@ -952,7 +953,6 @@ + # + + check-libntp: ../libntp/libntp.a +- @echo stamp > $@ + + ../libntp/libntp.a: + cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +--- contrib/ntp/clockstuff/Makefile.in.orig ++++ contrib/ntp/clockstuff/Makefile.in +@@ -101,6 +101,7 @@ + $(top_srcdir)/sntp/m4/ltsugar.m4 \ + $(top_srcdir)/sntp/m4/ltversion.m4 \ + $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ ++ $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ + $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ + $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ + $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ +@@ -793,7 +794,6 @@ + + + check-libntp: ../libntp/libntp.a +- @echo stamp > $@ + + ../libntp/libntp.a: + cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +--- contrib/ntp/configure.orig ++++ contrib/ntp/configure +@@ -1,6 +1,6 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10. ++# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11. + # + # Report bugs to . + # +@@ -590,8 +590,8 @@ + # Identity of this package. + PACKAGE_NAME='ntp' + PACKAGE_TARNAME='ntp' +-PACKAGE_VERSION='4.2.8p10' +-PACKAGE_STRING='ntp 4.2.8p10' ++PACKAGE_VERSION='4.2.8p11' ++PACKAGE_STRING='ntp 4.2.8p11' + PACKAGE_BUGREPORT='http://bugs.ntp.org./' + PACKAGE_URL='http://www.ntp.org./' + +@@ -944,6 +944,7 @@ + enable_option_checking + enable_silent_rules + enable_dependency_tracking ++with_hardenfile + with_locfile + enable_shared + enable_static +@@ -1613,7 +1614,7 @@ + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems. ++\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1683,7 +1684,7 @@ + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of ntp 4.2.8p10:";; ++ short | recursive ) echo "Configuration of ntp 4.2.8p11:";; + esac + cat <<\_ACEOF + +@@ -1699,6 +1700,7 @@ + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build ++ --with-hardenfile=XXX os-specific or "/dev/null" + --with-locfile=XXX os-specific or "legacy" + --enable-shared[=PKGS] build shared libraries [default=no] + --enable-static[=PKGS] build static libraries [default=yes] +@@ -1921,7 +1923,7 @@ + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-ntp configure 4.2.8p10 ++ntp configure 4.2.8p11 + generated by GNU Autoconf 2.69 + + Copyright (C) 2012 Free Software Foundation, Inc. +@@ -2630,7 +2632,7 @@ + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by ntp $as_me 4.2.8p10, which was ++It was created by ntp $as_me 4.2.8p11, which was + generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ +@@ -3631,7 +3633,7 @@ + + # Define the identity of the package. + PACKAGE='ntp' +- VERSION='4.2.8p10' ++ VERSION='4.2.8p11' + + + cat >>confdefs.h <<_ACEOF +@@ -6581,11 +6583,11 @@ + $as_echo_n "checking for compile/link hardening flags... " >&6; } + + +-# Check whether --with-locfile was given. +-if test "${with_locfile+set}" = set; then : +- withval=$with_locfile; ++# Check whether --with-hardenfile was given. ++if test "${with_hardenfile+set}" = set; then : ++ withval=$with_hardenfile; + else +- with_locfile=no ++ with_hardenfile=no + + fi + +@@ -6593,12 +6595,12 @@ + ( \ + SENTINEL_DIR="$PWD" && \ + cd $srcdir/sntp && \ +- case "$with_locfile" in \ ++ case "$with_hardenfile" in \ + yes|no|'') \ + scripts/genHardFlags -d "$SENTINEL_DIR" \ + ;; \ + *) \ +- scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile" \ ++ scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile" \ + ;; \ + esac \ + ) > genHardFlags.i 2> genHardFlags.err +@@ -15937,8 +15939,13 @@ + if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent + then + ntp_use_local_libevent=no +- { $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5 +-$as_echo "$as_me: Using the installed libevent" >&6;} ++ ntp_libevent_version="`$PKG_CONFIG --modversion libevent`" ++ case "$ntp_libevent_version" in ++ *.*) ;; ++ *) ntp_libevent_version='(unknown)' ;; ++ esac ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5 ++$as_echo "yes, version $ntp_libevent_version" >&6; } + CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` + CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent` + # HMS: I hope the following is accurate. +@@ -15966,8 +15973,6 @@ + LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads" + esac + LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } + else + ntp_use_local_libevent=yes + # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS +@@ -26468,6 +26473,36 @@ + done + + ++ ++ ++# We could do a cv check here, but is it worth it? ++ ++cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++ ++ #include ++ #ifndef AF_UNSPEC ++ #include "Bletch: AF_UNSPEC is undefined!" ++ #endif ++ #if AF_UNSPEC != 0 ++ #include "Bletch: AF_UNSPEC != 0" ++ #endif ++ ++int ++main () ++{ ++{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5 ++$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;} ++ ; ++ return 0; ++} ++ ++_ACEOF ++if ac_fn_c_try_compile "$LINENO"; then : ++ ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 + $as_echo_n "checking return type of signal handlers... " >&6; } + if ${ac_cv_type_signal+:} false; then : +@@ -30114,8 +30149,13 @@ + VER_SUFFIX=o + ntp_openssl=yes + ntp_openssl_from_pkg_config=yes +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" ++ case "$ntp_openssl_version" in ++ *.*) ;; ++ *) ntp_openssl_version='(unknown)' ;; ++ esac ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 ++$as_echo "yes, version $ntp_openssl_version" >&6; } + + break + fi +@@ -33924,7 +33964,7 @@ + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by ntp $as_me 4.2.8p10, which was ++This file was extended by ntp $as_me 4.2.8p11, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -33991,7 +34031,7 @@ + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-ntp config.status 4.2.8p10 ++ntp config.status 4.2.8p11 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +--- contrib/ntp/configure.ac.orig ++++ contrib/ntp/configure.ac +@@ -528,6 +528,8 @@ + #endif + ]) + ++NTP_AF_UNSPEC ++ + AC_TYPE_SIGNAL + AC_TYPE_OFF_T + AC_STRUCT_TM dnl defines TM_IN_SYS_TIME used by refclock_parse.c +--- contrib/ntp/html/access.html.orig ++++ contrib/ntp/html/access.html +@@ -19,7 +19,7 @@ +

giffrom Pogo, Walt Kelly

+

The skunk watches for intruders and sprays.

+

Last update: +- 11-Sep-2010 05:53 ++ 26-Jul-2017 20:10 + UTC

+
+

Related Links

+@@ -32,7 +32,7 @@ +

The ACL is specified as a list of restrict commands in the following format:

+

restrict address [mask mask] [flag][...]

+

The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. restrict default, with no mask option, modifies both IPv4 and IPv6 default entries. restrict source configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.

+-

Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.

++

Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.

+

An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:

+ 
+ restrict default nopeer					# deny new associations
+--- contrib/ntp/html/accopt.html.orig
++++ contrib/ntp/html/accopt.html
+@@ -3,89 +3,185 @@
+ 
+ 
+ 
+-Access Control Commands and Options
+-
++Access Control Commands and Options 
+ 
+ 
+ 
+ 
+ 
Access Control Commands and Options

+-giffrom Pogo, Walt Kelly
++giffrom Pogo,
++Walt Kelly
+ 
The skunk watches for intruders and sprays.

+-
Last update:
+-  13-Nov-2014  03:00
+-  UTC

++
Last update: 7-Jan-2018 23:56 UTC

+ 

+ 
Related Links

+-
+-
++
++
+ 

+ 
Commands and Options

+-
Unless noted otherwise, further information about these ccommands is on the Access Control Support page.

++
Unless noted otherwise, further information about these ccommands is on
++the Access Control Support page.

+ 

+-  
discard [ average avg ][ minimum min ] [ monitor prob ]

+-  
Set the parameters of the rate control facility which protects the server from client abuse. If the limited flag is present in the ACL, packets that violate these limits are discarded. If, in addition, the kod flag is present, a kiss-o'-death packet is returned. See the Rate Management page for further information. The options are:
++  
discard [ average avg ][ minimum min ]
++      [ monitor prob ]

++  
Set the parameters of the rate control facility which protects the
++    server from client abuse. If the limited flag is present in the
++    ACL, packets that violate these limits are discarded. If, in addition,
++    the kod flag is present, a kiss-o'-death packet is
++    returned. See the Rate Management page for
++    further information. The options are:
+     

+       
average avg

+-      
Specify the minimum average interpacket spacing (minimum average headway
+-        time) in log2 s with default 3.

++      
Specify the minimum average interpacket spacing (minimum average
++        headway time) in log2 s with default 3.

+       
minimum min

+-      
Specify the minimum interpacket spacing (guard time) in seconds with default 2.

++      
Specify the minimum interpacket spacing (guard time) in seconds
++	with default 2.

+       
monitor

+-      
Specify the probability of being recorded for packets that overflow the MRU list size limit set by mru maxmem or mru maxdepth. This is a performance optimization for servers with aggregate arrivals of 1000 packets per second or more.

++      
Specify the probability of being recorded for packets that
++	overflow the MRU list size limit set by mru maxmem
++	or mru maxdepth. This is a performance optimization for
++	servers with aggregate arrivals of 1000 packets per second or
++	more.

+     

+   

+-  
restrict default [flag][...]

+-    restrict source [flag][...]

+-    restrict address [mask mask] [flag][...]

+-  
The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0,	mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. restrict default, with no mask option, modifies both IPv4 and IPv6 default entries. restrict source configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptible, and removed when the association is demobilized.

+-  
Some flags have the effect to deny service, some  have the effect to enable service and some are  conditioned by other flags. The  flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:

++  
restrict [-4 | -6] default [ippeerlimit num]
++      [flag][...]
  restrict source [ippeerlimit num]
++      [flag][...]
  restrict address [mask mask]
++      [ippeerlimit num] [flag][...]

++  
The address argument expressed in IPv4 or IPv6 numeric
++    address form is the address of a host or network. Alternatively,
++    the address argument can be a valid host DNS
++    name. The mask argument expressed in IPv4 or IPv6
++    numeric address form defaults to all mask bits on, meaning that
++    the address is treated as the address of an individual
++    host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and
++    address :: mask :: for IPv6) is always the first entry in the
++    list. restrict default, with no mask option, modifies both IPv4
++    and IPv6 default entries. restrict source configures a template
++    restriction automatically added at runtime for each association, whether
++    configured, ephemeral, or preemptible, and removed when the association
++    is demobilized.

++  
The optional ippeerlimit takes a numeric argument that
++    indicates how many incoming (at present) peer requests will be permitted
++    for each IP, regardless of whether or not the request comes from an
++    authenticated source.  A value of -1 means "unlimited", which is the
++    current default.  A value of 0 means "none".  Ordinarily one would
++    expect at most 1 of these sessions to exist per IP, however if the
++    remote side is operating thru a proxy there would be one association for
++    each remote peer at that IP.

++  
Some flags have the effect to deny service, some have the effect to
++    enable service and some are conditioned by other flags. The flags are
++    not orthogonal, in that more restrictive flags will often make less
++    restrictive ones redundant. The flags that deny service are classed in
++    two categories, those that restrict time service and those that restrict
++    informational queries and attempts to do run-time reconfiguration of the
++    server. One or more of the following flags may be specified:

+   

+     

+       
flake

+-      
Discard received NTP packets with probability 0.1; that is, on average drop one packet in ten. This is for testing and amusement. The name comes from Bob Braden's flakeway, which once did a similar thing for early Internet testing.

++      
Discard received NTP packets with probability 0.1; that is, on
++	average drop one packet in ten. This is for testing and

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-doc-all@freebsd.org  Wed Mar  7 14:58:03 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 457ABF33EF0;
 Wed,  7 Mar 2018 14:58:03 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E3ACB78B46;
 Wed,  7 Mar 2018 14:58:02 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DE14122D89;
 Wed,  7 Mar 2018 14:58:02 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27Ew25O058706;
 Wed, 7 Mar 2018 14:58:02 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27Ew25Y058705;
 Wed, 7 Mar 2018 14:58:02 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201803071458.w27Ew25Y058705@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
 gordon@FreeBSD.org using -f
From: Gordon Tetlow 
Date: Wed, 7 Mar 2018 14:58:02 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-svnadmin@freebsd.org
Subject: svn commit: r51468 - svnadmin/conf
X-SVN-Group: doc-svnadmin
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: svnadmin/conf
X-SVN-Commit-Revision: 51468
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Wed, 07 Mar 2018 14:58:03 -0000

Author: gordon (src,ports committer)
Date: Wed Mar  7 14:58:02 2018
New Revision: 51468
URL: https://svnweb.freebsd.org/changeset/doc/51468

Log:
  Remove myself now that I have commited the NTP patches.

Modified:
  svnadmin/conf/sizelimit.conf

Modified: svnadmin/conf/sizelimit.conf
==============================================================================
--- svnadmin/conf/sizelimit.conf	Wed Mar  7 14:57:35 2018	(r51467)
+++ svnadmin/conf/sizelimit.conf	Wed Mar  7 14:58:02 2018	(r51468)
@@ -17,6 +17,5 @@
 blackend
 gabor
 gjb
-gordon
 hrs
 wblock

From owner-svn-doc-all@freebsd.org  Wed Mar  7 15:06:10 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1EBAF34B61;
 Wed,  7 Mar 2018 15:06:09 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 827997960D;
 Wed,  7 Mar 2018 15:06:09 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7D45122F35;
 Wed,  7 Mar 2018 15:06:09 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27F69IX064020;
 Wed, 7 Mar 2018 15:06:09 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27F699H064018;
 Wed, 7 Mar 2018 15:06:09 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201803071506.w27F699H064018@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber 
Date: Wed, 7 Mar 2018 15:06:09 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51469 - in head/en_US.ISO8859-1/htdocs/releases: 10.4R
 11.1R
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases: 10.4R 11.1R
X-SVN-Commit-Revision: 51469
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Wed, 07 Mar 2018 15:06:10 -0000

Author: gjb
Date: Wed Mar  7 15:06:09 2018
New Revision: 51469
URL: https://svnweb.freebsd.org/changeset/doc/51469

Log:
  Regen after r330605.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/en_US.ISO8859-1/htdocs/releases/10.4R/errata.html
  head/en_US.ISO8859-1/htdocs/releases/11.1R/errata.html

Modified: head/en_US.ISO8859-1/htdocs/releases/10.4R/errata.html
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/10.4R/errata.html	Wed Mar  7 14:58:02 2018	(r51468)
+++ head/en_US.ISO8859-1/htdocs/releases/10.4R/errata.html	Wed Mar  7 15:06:09 2018	(r51469)
@@ -1,5 +1,5 @@
 
-FreeBSD 10.4-RELEASE Errata
FreeBSD 10.4-RELEASE Errata
The FreeBSD Project
Copyright © 2017 The FreeBSD Documentation
+FreeBSD 10.4-RELEASE Errata
FreeBSD 10.4-RELEASE Errata
The FreeBSD Project
Copyright © 2017 The FreeBSD Documentation
 	Project
FreeBSD is a registered trademark of
   the FreeBSD Foundation. 
Intel, Celeron, Centrino, Core, EtherExpress, i386,
   i486, Itanium, Pentium, and Xeon are trademarks or registered
@@ -13,7 +13,7 @@
   as trademarks.  Where those designations appear in this document,
   and the FreeBSD Project was aware of the trademark claim, the
   designations have been followed by the  or the
-  ® symbol. 
Last modified on 2017-10-03 12:08:16 by gjb.
Abstract
This document lists errata items for FreeBSD 10.4-RELEASE,
+  ® symbol. 
Last modified on 2017-10-03 15:08:17 EDT by gjb.
Abstract
This document lists errata items for FreeBSD 10.4-RELEASE,
 	containing significant information discovered after the
 	release or too late in the release cycle to be otherwise
 	included in the release documentation.  This information
@@ -37,8 +37,10 @@
       contain up-to-date copies of this document (as of the time of
       the snapshot). 
For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/. 
2. Security Advisories
AdvisoryDateTopic
FreeBSD-SA-17:06.openssh10 August 2017
Denial of Service vulnerability 
FreeBSD-SA-17:07.wpa16 October 2017
WPA2 protocol vulnerability 
FreeBSD-SA-17:08.ptrace15 November 2017
Kernel data leak via
 	    ptrace(PT_LWPINFO) 
FreeBSD-SA-17:09.shm15 November 2017
POSIX shm allows jails to access global
-	    namespace 
FreeBSD-SA-17:10.kldstat15 November 2017
Information leak 
FreeBSD-SA-17:11.openssl09 December 2017
Multiple vulnerabilities 
FreeBSD-SA-17:12.openssl29 November 2017
Multiple vulnerabilities 
3. Errata Notices
ErrataDateTopic
FreeBSD-EN-17:09.tzdata2 November 2017
Timezone database information
-	    update 
4. Open Issues
3. Errata Notices
ErrataDateTopic
FreeBSD-EN-17:09.tzdata2 November 2017
Timezone database information
+	    update 
FreeBSD-EN-18:01.tzdata07 March 2018
Timezone database information
+	    update 
FreeBSD-EN-18:02.file07 March 2018
Stack-based buffer overflow 
4. Open Issues
  • FreeBSD/i386 10.4-RELEASE running as a guest
 	  operating system on VirtualBox
 	  can have a problem with disk I/O access.  It depends on some
 	  specific hardware configuration and does not depend on a

Modified: head/en_US.ISO8859-1/htdocs/releases/11.1R/errata.html
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/11.1R/errata.html	Wed Mar  7 14:58:02 2018	(r51468)
+++ head/en_US.ISO8859-1/htdocs/releases/11.1R/errata.html	Wed Mar  7 15:06:09 2018	(r51469)
@@ -1,5 +1,5 @@
 
-FreeBSD 11.1-RELEASE Errata
    FreeBSD 11.1-RELEASE Errata
    The FreeBSD Project
    Copyright © 2017 The FreeBSD Documentation
+FreeBSD 11.1-RELEASE Errata
    FreeBSD 11.1-RELEASE Errata
    The FreeBSD Project
    Copyright © 2017 The FreeBSD Documentation
 	Project
    FreeBSD is a registered trademark of
   the FreeBSD Foundation. 
    Intel, Celeron, Centrino, Core, EtherExpress, i386,
   i486, Itanium, Pentium, and Xeon are trademarks or registered
@@ -13,7 +13,7 @@
   as trademarks.  Where those designations appear in this document,
   and the FreeBSD Project was aware of the trademark claim, the
   designations have been followed by the  or the
-  ® symbol. 
    Last modified on 2017-11-06 09:27:50 by gjb.
    Abstract
    This document lists errata items for FreeBSD 11.1-RELEASE,
+  ® symbol. 
    Last modified on 2017-11-06 12:27:50 EST by gjb.
    Abstract
    This document lists errata items for FreeBSD 11.1-RELEASE,
 	containing significant information discovered after the
 	release or too late in the release cycle to be otherwise
 	included in the release documentation.  This information
@@ -35,10 +35,12 @@
       sites which keep up-to-date mirrors of this location. 
    Source and binary snapshots of FreeBSD 11.1-STABLE also
       contain up-to-date copies of this document (as of the time of
       the snapshot). 
    For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/. 
    2. Security Advisories
    AdvisoryDateTopic
    FreeBSD-SA-17:06.openssh10 August 2017
    Denial of Service vulnerability 
    FreeBSD-SA-17:07.wpa16 October 2017
    WPA2 protocol vulnerability 
    FreeBSD-SA-17:08.ptrace15 November 2017
    Kernel data leak via
-	    ptrace(PT_LWPINFO) 
    FreeBSD-SA-17:10.kldstat15 November 2017
    Information leak 
    FreeBSD-SA-17:11.openssl29 November 2017
    Multiple vulnerabilities 
    FreeBSD-SA-17:12.openssl09 December 2017
    Multiple vulnerabilities 
    3. Errata Notices
    ErrataDateTopic
    FreeBSD-EN-17:07.vnet10 August 2017
    VNET kernel panic with asynchronous
+	    ptrace(PT_LWPINFO) 
    FreeBSD-SA-17:10.kldstat15 November 2017
    Information leak 
    FreeBSD-SA-17:11.openssl29 November 2017
    Multiple vulnerabilities 
    FreeBSD-SA-17:12.openssl09 December 2017
    Multiple vulnerabilities 
    FreeBSD-SA-18:01.ipsec07 March 2018
    Fix IPSEC validation and
+	  use-after-free 
    FreeBSD-SA-18:02.ntp07 March 2018
    Multiple vulnerabilities 
    3. Errata Notices
    ErrataDateTopic
    FreeBSD-EN-17:07.vnet10 August 2017
    VNET kernel panic with asynchronous
 	    I/O 
    FreeBSD-EN-17:08.pf10 August 2017
    pf(4) housekeeping thread causes kernel
 	    panic 
    FreeBSD-EN-17:09.tzdata2 November 2017
    Timezone database information
-	    update 
    4. Open Issues
    4. Open Issues
    • FreeBSD/i386 installed on ZFS may crash during boot
 	  when the ZFS pool mount is attempted while booting an
 	  unmodified GENERIC kernel. 
      A system tunable has been added as of revision
 	  r286584 to make the

From owner-svn-doc-all@freebsd.org  Wed Mar  7 17:30:49 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 04044F42EF1;
 Wed,  7 Mar 2018 17:30:49 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id ADDBE82D5F;
 Wed,  7 Mar 2018 17:30:48 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A8C6324CB0;
 Wed,  7 Mar 2018 17:30:48 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27HUmMg035559;
 Wed, 7 Mar 2018 17:30:48 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27HUmA2035556;
 Wed, 7 Mar 2018 17:30:48 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201803071730.w27HUmA2035556@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
 gordon@FreeBSD.org using -f
From: Gordon Tetlow 
Date: Wed, 7 Mar 2018 17:30:48 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51470 - in head/share/security: advisories
 patches/SA-18:01
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share/security: advisories patches/SA-18:01
X-SVN-Commit-Revision: 51470
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Wed, 07 Mar 2018 17:30:49 -0000

Author: gordon (src,ports committer)
Date: Wed Mar  7 17:30:48 2018
New Revision: 51470
URL: https://svnweb.freebsd.org/changeset/doc/51470

Log:
  Correct patches for 10.x along with updated advisory.

Modified:
  head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
  head/share/security/patches/SA-18:01/ipsec-10.patch
  head/share/security/patches/SA-18:01/ipsec-10.patch.asc

Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc	Wed Mar  7 15:06:09 2018	(r51469)
+++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc	Wed Mar  7 17:30:48 2018	(r51470)
@@ -14,15 +14,20 @@ Credits:        Maxime Villard
 Affects:        All supported versions of FreeBSD.
 Corrected:      2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
                 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
-                2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE)
-                2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6)
-                2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27)
+                2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE)
+                2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6)
+                2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27)
 CVE Name:       CVE-2018-6916
 
 For general information regarding FreeBSD Security Advisories,
 including descriptions of the fields above, security branches, and the
 following sections, please visit .
 
+0.   Revision History
+
+v1.0  2018-03-07 Initial release.
+v1.1  2018-03-07 Correct patch for 10.x releases.
+
 I.   Background
 
 The IPsec suite of protocols provide network level security for IPv4 and IPv6
@@ -101,9 +106,9 @@ affected branch.
 
 Branch/path                                                      Revision
 - -------------------------------------------------------------------------
-stable/10/                                                        r330565
-releng/10.3/                                                      r330566
-releng/10.4/                                                      r330566
+stable/10/                                                        r330609
+releng/10.3/                                                      r330611
+releng/10.4/                                                      r330611
 stable/11/                                                        r329907
 releng/11.1/                                                      r330566
 - -------------------------------------------------------------------------
@@ -126,19 +131,19 @@ The latest revision of this advisory is available at
 
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR
-VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh
-ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC
-SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F
-bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+
-p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5
-pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw
-uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs
-hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/
-RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q
-bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I=
-=Uzqo
+5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX
+vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4
+4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc
+GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX
+ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8
+aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y
+8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo
+Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa
+b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz
+NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG
+nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ=
+=Yb3u
 -----END PGP SIGNATURE-----

Modified: head/share/security/patches/SA-18:01/ipsec-10.patch
==============================================================================
--- head/share/security/patches/SA-18:01/ipsec-10.patch	Wed Mar  7 15:06:09 2018	(r51469)
+++ head/share/security/patches/SA-18:01/ipsec-10.patch	Wed Mar  7 17:30:48 2018	(r51470)
@@ -8,11 +8,11 @@
 +		DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
 +		    " for packet in SA %s/%08lx\n", __func__,
 +		    m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
-+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
++		    ipsec_address(&sav->sah->saidx.dst),
 +		    (u_long) ntohl(sav->spi)));
 +		AHSTAT_INC(ahs_badauthl);
-+		error = EACCES;
-+		goto bad;
++		m_freem(m);
++		return EACCES;
 +	}
  	AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
  

Modified: head/share/security/patches/SA-18:01/ipsec-10.patch.asc
==============================================================================
--- head/share/security/patches/SA-18:01/ipsec-10.patch.asc	Wed Mar  7 15:06:09 2018	(r51469)
+++ head/share/security/patches/SA-18:01/ipsec-10.patch.asc	Wed Mar  7 17:30:48 2018	(r51470)
@@ -1,18 +1,18 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIOxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas
-wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa
-eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv
-n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO
-IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo
-Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX
-GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ
-6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I
-3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA
-GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd
-HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc=
-=9maD
+5cIdaBAAmNj+4+bMUdvUlsv5wYLWVmsEzVQi8uFJ95RqYZZYlH1VTBZLs0lu03gk
+mKzelKexiwoW5tljdZPG7FfInXdy7uaat3iu95tI1QVMW/6x5bVuDIkDf2nr8D5Y
+qYNyAQKKE0cMxoe/J8faSuABTpdNTAXTc0ZnTV1wcUC0KQDBQMCgDaMRCsR5DjJV
+KErca5fnfidB57wf8XJpj/K/jkmGvuPj0g1ere2GAaQAXaiWSRnl5nyWTX64TXI5
+yhrGt0QqpjCkcU3sJPlUIupFe38x13tlLMYuNPZbLFBmL2nwrPluNftBnMA/iGiR
+i/PBG3UKYoA0VjX6IMU2UGHZXBZFF8r7P+NTIOJ5qWlJoluqO/SliU11tzcgl9MM
+Hq81nbSNa4I12eB/PTI2x3PRcs0Hc6LWMHSY/oomciHykzb+oCTtimN+vYbqzXzf
+6VdeHZbuOEhNVyHd9kUWzQv3CY8OsnFZ3zja7IsxkYgDBmbrcVBzdPbf3j/31kSq
+AdbErhlz30UVzGEZEiL8ZvIg7Z32MW3etauUYR9QFz5EcKNSd0C9+1+VGVofZEMJ
+x//XRvXRIkcY1YY195d2iiRceBa+IZ2XtvKS0ByB+4ZImw0Emeq4Er9A3/GCnyp3
+KFj4udpGmUpjh5xXoEl0Pjt3q/JUhTkC0JWtvcrGQJ5kCO1y77A=
+=gdOo
 -----END PGP SIGNATURE-----

From owner-svn-doc-all@freebsd.org  Thu Mar  8 04:29:31 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69A90F2FE4E;
 Thu,  8 Mar 2018 04:29:31 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1ADBF8393F;
 Thu,  8 Mar 2018 04:29:31 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 155E03EFD;
 Thu,  8 Mar 2018 04:29:31 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w284TUen069656;
 Thu, 8 Mar 2018 04:29:30 GMT (envelope-from kp@FreeBSD.org)
Received: (from kp@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w284TUrM069655;
 Thu, 8 Mar 2018 04:29:30 GMT (envelope-from kp@FreeBSD.org)
Message-Id: <201803080429.w284TUrM069655@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org
 using -f
From: Kristof Provost 
Date: Thu, 8 Mar 2018 04:29:30 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51471 - head/share/pgpkeys
X-SVN-Group: doc-head
X-SVN-Commit-Author: kp
X-SVN-Commit-Paths: head/share/pgpkeys
X-SVN-Commit-Revision: 51471
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Thu, 08 Mar 2018 04:29:31 -0000

Author: kp (src committer)
Date: Thu Mar  8 04:29:30 2018
New Revision: 51471
URL: https://svnweb.freebsd.org/changeset/doc/51471

Log:
  Bump expiration date of kp.key

Modified:
  head/share/pgpkeys/kp.key

Modified: head/share/pgpkeys/kp.key
==============================================================================
--- head/share/pgpkeys/kp.key	Wed Mar  7 17:30:48 2018	(r51470)
+++ head/share/pgpkeys/kp.key	Thu Mar  8 04:29:30 2018	(r51471)
@@ -3,10 +3,10 @@
 sh addkey.sh kp 6FC4DC71FB5E4A46 ;
 -->
 
-sub   rsa2048/7287BC16FB5B8FA1 2015-03-23 [expires: 2018-03-22]
+uid                            Kristof Provost 
+sub   rsa2048/7287BC16FB5B8FA1 2015-03-23 [E] [expires: 2020-03-23]
 
 ]]>
 

From owner-svn-doc-all@freebsd.org  Thu Mar  8 06:17:32 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19218F36E2E;
 Thu,  8 Mar 2018 06:17:32 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BE49D87C95;
 Thu,  8 Mar 2018 06:17:31 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B91CB50BD;
 Thu,  8 Mar 2018 06:17:31 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w286HV53025294;
 Thu, 8 Mar 2018 06:17:31 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w286HVFa025291;
 Thu, 8 Mar 2018 06:17:31 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201803080617.w286HVFa025291@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
 gordon@FreeBSD.org using -f
From: Gordon Tetlow 
Date: Thu, 8 Mar 2018 06:17:31 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51472 - in head/share/security: advisories
 patches/SA-18:01
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share/security: advisories patches/SA-18:01
X-SVN-Commit-Revision: 51472
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Thu, 08 Mar 2018 06:17:32 -0000

Author: gordon (src,ports committer)
Date: Thu Mar  8 06:17:31 2018
New Revision: 51472
URL: https://svnweb.freebsd.org/changeset/doc/51472

Log:
  Update SA-18:01 with revision and a new patch.

Added:
  head/share/security/patches/SA-18:01/ipsec-10.rev1.patch   (contents, props changed)
  head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc   (contents, props changed)
Modified:
  head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc

Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc	Thu Mar  8 04:29:30 2018	(r51471)
+++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc	Thu Mar  8 06:17:31 2018	(r51472)
@@ -2,7 +2,7 @@
 Hash: SHA512
 
 =============================================================================
-FreeBSD-SA-18:01.ipsec                                      Security Advisory
+FreeBSD-SA-18:01.ipsec [REVISED]                            Security Advisory
                                                           The FreeBSD Project
 
 Topic:          ipsec validation and use-after-free
@@ -15,8 +15,8 @@ Affects:        All supported versions of FreeBSD.
 Corrected:      2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
                 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
                 2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE)
-                2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6)
-                2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27)
+                2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p7)
+                2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p28)
 CVE Name:       CVE-2018-6916
 
 For general information regarding FreeBSD Security Advisories,
@@ -26,7 +26,7 @@ following sections, please visit 
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqg1K9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX
-vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4
-4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc
-GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX
-ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8
-aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y
-8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo
-Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa
-b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz
-NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG
-nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ=
-=Yb3u
+5cJCDQ/+OpTS1PrKiwuRsJ5i0RWnS8C9d/dIn9C83JJtuxhGb+CEY5bYSVKufsW/
+ilkUK3fiOWWwDHYecZW15qvt1E2E6Hm608b+K37bqL+FKobNj78B+KQr4erb0183
+/Kqo0TKDtsUzr20sNFWgeQWgHP/EqyWyJuB2zfOSb1vGUViiuxJfMxajzfE2tKqh
+IDG/QpMvRolJFKSWdQnF08NIYLXfffZ4Sz9+VDCdfeLEQKi+LT6DJnlGDz/rR5iB
+TwyMg3AbobpGuuV0puOZTul2GiHaPwh/fJR8JoG13+kK5VznvrOXopLAl2CVAjtj
+mNuHeQHwaSQanSXgKtYxZG4/w1JDMSr60FKgG7FizhJ+9WAbjPySbb+wV5qJD4oY
+a8F2urt3Tj1c1l4juOctVW+NVSS96idpf9NsmsmticTujgBu+2k63+cSIchiNj1B
+ZcPw5PLgiC/r0P6FITrwXa7zJLNHdFrPvNihKTlEHJAgGno7FJJpdagxmcfGnpb2
+74VlbQF7Tq+9NQJU23y9Vj3YL0XERB/b45oRHkBEoVJKgK9/4U4mzFufn4PfANUt
+0hcgMlxTOVKt0S405dh4I6ok51iq6XDol18QoYbXJHqMuEq7Lo80fKuq8gpKmCJ0
+h3NBYJKPUsngfJUisXS7VrQx3zTB8Yyp1BykpCDKET8LVJGmV7c=
+=RMG/
 -----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-18:01/ipsec-10.rev1.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-18:01/ipsec-10.rev1.patch	Thu Mar  8 06:17:31 2018	(r51472)
@@ -0,0 +1,17 @@
+--- sys/netipsec/xform_ah.c.orig
++++ sys/netipsec/xform_ah.c
+@@ -619,11 +619,11 @@
+ 		DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
+ 		    " for packet in SA %s/%08lx\n", __func__,
+ 		    m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
+-		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
++		    ipsec_address(&sav->sah->saidx.dst),
+ 		    (u_long) ntohl(sav->spi)));
+ 		AHSTAT_INC(ahs_badauthl);
+-		error = EACCES;
+-		goto bad;
++		m_freem(m);
++		return EACCES;
+ 	}
+ 	AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
+ 

Added: head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc	Thu Mar  8 06:17:31 2018	(r51472)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgutVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI6Yg//dYhm+VAIs8cB/n3asDDqTdNY1TfSse5U8YXDXN0fvZGBfa5Fg+hrqQFk
+CkFuwJrnsiBQ2d0HEBTG5jrQGjPCfGszKlCQoLzoCF+nv2nEqQZISBgdjTkRRhFB
+LfDbSPhlgHqQVHpNjp03hSJlz/57svLVIdmbZYKqITRMhuE9yR1RK5x51br88Jse
+ImcmZpojG1p/5ECiLunf/fEwh1riN2kWwZWStQCqEX0XF9aV55unCkM4OQdiUEyJ
+WUXlS0XljkG2BwopAVMUkYx8G5N/Mj6VRogkohitEpdToQXJ+EdwzE5bOqkEZMwx
+k9gwUNwpGqZeuThGa1ZeqJ3Izf1iF+6DNEOhxSYNfVgGY7Kjf5AtS+lSUdxMjTmZ
+/hpgIW86QvSBjV7H7b0NZGXZQ2fItzPfVnVQ9agBpEzYG4IJiuGPXRfgmFKg33qp
+q+ip+PgkO1rwJSMg4PVUa5t8VR2ITTbgamLDK9NHylBPHwbUR9CeYgiBOjRljs4b
+j/QJi6TOQ/5vyUccW8ilGSGr0UQ3yrOZhkW298mn8o9FS6aoj8dbr9DXKLitSbkj
+iQssnB2xe6K2F6XYILK+Zi154zvGaXdzUFXZE8DE7XScDugM2QHqRNe7FlTc8IjJ
+fk9HdL55a+vzpFgu54TIz/tO/Rvz3rIGMVQ/WGF1wNIz36285Vs=
+=O3Zi
+-----END PGP SIGNATURE-----

From owner-svn-doc-all@freebsd.org  Thu Mar  8 12:51:10 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA9E9F2E685;
 Thu,  8 Mar 2018 12:51:10 +0000 (UTC)
 (envelope-from slavash@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7561279035;
 Thu,  8 Mar 2018 12:51:10 +0000 (UTC)
 (envelope-from slavash@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6FE4B10F21;
 Thu,  8 Mar 2018 12:51:10 +0000 (UTC)
 (envelope-from slavash@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w28CpAC3023596;
 Thu, 8 Mar 2018 12:51:10 GMT (envelope-from slavash@FreeBSD.org)
Received: (from slavash@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w28Cp9LZ023589;
 Thu, 8 Mar 2018 12:51:09 GMT (envelope-from slavash@FreeBSD.org)
Message-Id: <201803081251.w28Cp9LZ023589@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: slavash set sender to
 slavash@FreeBSD.org using -f
From: Slava Shwartsman 
Date: Thu, 8 Mar 2018 12:51:09 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51473 - in head: en_US.ISO8859-1/articles/contributors
 share/pgpkeys share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: slavash
X-SVN-Commit-Paths: in head: en_US.ISO8859-1/articles/contributors
 share/pgpkeys share/xml
X-SVN-Commit-Revision: 51473
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Thu, 08 Mar 2018 12:51:11 -0000

Author: slavash (src committer)
Date: Thu Mar  8 12:51:09 2018
New Revision: 51473
URL: https://svnweb.freebsd.org/changeset/doc/51473

Log:
  Add Slava Shwartsman to contributors
  
  Approved by:    hselasky (mentor), kib (mentor)
  Sponsored by:   Mellanox Technologies

Added:
  head/share/pgpkeys/slavash.key   (contents, props changed)
Modified:
  head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
  head/share/pgpkeys/pgpkeys-developers.xml
  head/share/pgpkeys/pgpkeys.ent
  head/share/xml/authors.ent
  head/share/xml/news.xml

Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml	Thu Mar  8 06:17:31 2018	(r51472)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml	Thu Mar  8 12:51:09 2018	(r51473)
@@ -833,6 +833,10 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.
   
 
   
+    &a.slavash.email;
+  
+
+  
     &a.slm.email;
   
 

Modified: head/share/pgpkeys/pgpkeys-developers.xml
==============================================================================
--- head/share/pgpkeys/pgpkeys-developers.xml	Thu Mar  8 06:17:31 2018	(r51472)
+++ head/share/pgpkeys/pgpkeys-developers.xml	Thu Mar  8 12:51:09 2018	(r51473)
@@ -2595,3 +2595,8 @@
       &a.yuri.email;
       &pgpkey.yuri;
     
+
+    
+      &a.slavash.email;
+      &pgpkey.slavash;
+    

Modified: head/share/pgpkeys/pgpkeys.ent
==============================================================================
--- head/share/pgpkeys/pgpkeys.ent	Thu Mar  8 06:17:31 2018	(r51472)
+++ head/share/pgpkeys/pgpkeys.ent	Thu Mar  8 12:51:09 2018	(r51473)
@@ -471,6 +471,7 @@
 
 
 
+
 
 
 

Added: head/share/pgpkeys/slavash.key
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/pgpkeys/slavash.key	Thu Mar  8 12:51:09 2018	(r51473)
@@ -0,0 +1,62 @@
+
+
+
+uid                            Slava Shwartsman 
+uid                            Slava Shwartsman 
+sub   rsa2048/63E8D18A494FE57D 2018-02-20 [E] [expires: 2021-02-19]
+
+]]>
+

Modified: head/share/xml/authors.ent
==============================================================================
--- head/share/xml/authors.ent	Thu Mar  8 06:17:31 2018	(r51472)
+++ head/share/xml/authors.ent	Thu Mar  8 12:51:09 2018	(r51473)
@@ -2133,6 +2133,9 @@
 
 skv@FreeBSD.org">
 
+
+slavash@FreeBSD.org">
+
 
 slm@FreeBSD.org">
 

Modified: head/share/xml/news.xml
==============================================================================
--- head/share/xml/news.xml	Thu Mar  8 06:17:31 2018	(r51472)
+++ head/share/xml/news.xml	Thu Mar  8 12:51:09 2018	(r51473)
@@ -65,6 +65,20 @@
     
 
     
+      2
+
+      
+	8
+
+	
+	   
      New committer:
+	     Slava Shwartsman
+	     (src)
      
+	
+      
+    
+
+    
       1
       
 	4

From owner-svn-doc-all@freebsd.org  Fri Mar  9 02:06:39 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D270DF47181;
 Fri,  9 Mar 2018 02:06:39 +0000 (UTC) (envelope-from bjk@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 87ECC7CED8;
 Fri,  9 Mar 2018 02:06:39 +0000 (UTC) (envelope-from bjk@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 82C4E1907E;
 Fri,  9 Mar 2018 02:06:39 +0000 (UTC) (envelope-from bjk@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2926dST037116;
 Fri, 9 Mar 2018 02:06:39 GMT (envelope-from bjk@FreeBSD.org)
Received: (from bjk@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2926dFn037115;
 Fri, 9 Mar 2018 02:06:39 GMT (envelope-from bjk@FreeBSD.org)
Message-Id: <201803090206.w2926dFn037115@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bjk set sender to bjk@FreeBSD.org
 using -f
From: Benjamin Kaduk 
Date: Fri, 9 Mar 2018 02:06:39 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51474 -
 head/en_US.ISO8859-1/books/developers-handbook/kerneldebug
X-SVN-Group: doc-head
X-SVN-Commit-Author: bjk
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/developers-handbook/kerneldebug
X-SVN-Commit-Revision: 51474
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Fri, 09 Mar 2018 02:06:40 -0000

Author: bjk
Date: Fri Mar  9 02:06:39 2018
New Revision: 51474
URL: https://svnweb.freebsd.org/changeset/doc/51474

Log:
  Update kgdb instructions
  
  The port/package should be used now, and build system changes have
  moved the kernel images in the object tree to a new location (on
  newer systems)
  
  PR:		226015
  Submitted by:	Phil Eaton 

Modified:
  head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml

Modified: head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Thu Mar  8 12:51:09 2018	(r51473)
+++ head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Fri Mar  9 02:06:39 2018	(r51474)
@@ -169,7 +169,9 @@
     
       This section covers &man.kgdb.1; as found in &os; 5.3
 	and later.  In previous versions, one must use
-	gdb -k to read a core dump file.
+	gdb -k to read a core dump file.
+	Since &os; 12 kgdb is acquired by installing
+	devel/gdb.
     
 
     Once a dump has been obtained, getting useful information
@@ -178,8 +180,12 @@
       the crash dump, locate the debug version of your kernel
       (normally called kernel.debug) and the path
       to the source files used to build your kernel (normally
-      /usr/obj/usr/src/sys/KERNCONF,
-      where KERNCONF
+      /usr/obj/usr/src/sys/KERNCONF
+      or
+      /usr/obj/usr/src/amd64.amd64/sys/KERNCONF,
+      where amd64.amd64
+      is the architecture and
+      KERNCONF
       is the ident specified in a kernel
       &man.config.5;).  With those two pieces of info, let the
       debugging commence!

From owner-svn-doc-all@freebsd.org  Fri Mar  9 19:22:35 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3828EF44AB4;
 Fri,  9 Mar 2018 19:22:35 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from mail.baldwin.cx (bigwig.baldwin.cx [96.47.65.170])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 89E9D68214;
 Fri,  9 Mar 2018 19:22:33 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from ralph.baldwin.cx (ralph.baldwin.cx [66.234.199.215])
 by mail.baldwin.cx (Postfix) with ESMTPSA id 91EF510A8BA;
 Fri,  9 Mar 2018 14:22:27 -0500 (EST)
From: John Baldwin 
To: Benjamin Kaduk 
Cc: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: Re: svn commit: r51474 -
 head/en_US.ISO8859-1/books/developers-handbook/kerneldebug
Date: Fri, 09 Mar 2018 10:37:26 -0800
Message-ID: <3862948.D1s2xhDMta@ralph.baldwin.cx>
User-Agent: KMail/4.14.10 (FreeBSD/11.1-STABLE; KDE/4.14.30; amd64; ; )
In-Reply-To: <201803090206.w2926dFn037115@repo.freebsd.org>
References: <201803090206.w2926dFn037115@repo.freebsd.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3
 (mail.baldwin.cx); Fri, 09 Mar 2018 14:22:27 -0500 (EST)
X-Virus-Scanned: clamav-milter 0.99.2 at mail.baldwin.cx
X-Virus-Status: Clean
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Fri, 09 Mar 2018 19:22:35 -0000

On Friday, March 09, 2018 02:06:39 AM Benjamin Kaduk wrote:
> Author: bjk
> Date: Fri Mar  9 02:06:39 2018
> New Revision: 51474
> URL: https://svnweb.freebsd.org/changeset/doc/51474
> 
> Log:
>   Update kgdb instructions
>   
>   The port/package should be used now, and build system changes have
>   moved the kernel images in the object tree to a new location (on
>   newer systems)
>   
>   PR:		226015
>   Submitted by:	Phil Eaton 
> 
> Modified:
>   head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> 
> Modified: head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> ==============================================================================
> --- head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Thu Mar  8 12:51:09 2018	(r51473)
> +++ head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Fri Mar  9 02:06:39 2018	(r51474)
> @@ -169,7 +169,9 @@
>      
>        This section covers &man.kgdb.1; as found in &os; 5.3
>  	and later.  In previous versions, one must use
> -	gdb -k to read a core dump file.
> +	gdb -k to read a core dump file.
> +	Since &os; 12 kgdb is acquired by installing
> +	devel/gdb.

All mention of gdb -k should probably be axed as well.  Thanks for updating this.

>      
>  
>      Once a dump has been obtained, getting useful information
> @@ -178,8 +180,12 @@
>        the crash dump, locate the debug version of your kernel
>        (normally called kernel.debug) and the path
>        to the source files used to build your kernel (normally
> -      /usr/obj/usr/src/sys/KERNCONF,
> -      where KERNCONF
> +      /usr/obj/usr/src/sys/KERNCONF
> +      or
> +      /usr/obj/usr/src/amd64.amd64/sys/KERNCONF,
> +      where amd64.amd64
> +      is the architecture and
> +      KERNCONF
>        is the ident specified in a kernel
>        &man.config.5;).  With those two pieces of info, let the
>        debugging commence!

Hmm, I'd need to look at the larger context, but kgdb can usually find the
matching kernel for you if you just use 'kgdb -n last' (using kgdb from
ports).  Also, kernel.debug is the wrong thing to use now in the obj tree.
You would want to use kernel.full, but even better is to run kgdb against the
installed kernel binary (e.g. /boot/foo/kernel) and let it find the debug
symbols in /usr/lib/debug/boot/foo/kernel.debug automatically.

-- 
John Baldwin

From owner-svn-doc-all@freebsd.org  Sat Mar 10 00:18:23 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 718C1F338CC;
 Sat, 10 Mar 2018 00:18:23 +0000 (UTC) (envelope-from kaduk@mit.edu)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu
 [18.7.68.37])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A7D275242;
 Sat, 10 Mar 2018 00:18:22 +0000 (UTC) (envelope-from kaduk@mit.edu)
X-AuditID: 12074425-32fff70000001b33-06-5aa3244432cb
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36])
 (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id
 A8.02.06963.64423AA5; Fri,  9 Mar 2018 19:18:14 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11])
 by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w2A0I9Zq019681;
 Fri, 9 Mar 2018 19:18:10 -0500
Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com
 [24.107.191.124]) (authenticated bits=56)
 (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2A0I5Jg029854
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Fri, 9 Mar 2018 19:18:07 -0500
Date: Fri, 9 Mar 2018 18:18:05 -0600
From: Benjamin Kaduk 
To: John Baldwin 
Cc: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: Re: svn commit: r51474 -
 head/en_US.ISO8859-1/books/developers-handbook/kerneldebug
Message-ID: <20180310001805.GL27850@mit.edu>
References: <201803090206.w2926dFn037115@repo.freebsd.org>
 <3862948.D1s2xhDMta@ralph.baldwin.cx>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3862948.D1s2xhDMta@ralph.baldwin.cx>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA01Sa0hTURzn3Ht1x7Vbx6vi8RHVnVlYW5kKG4QkVFgfIiwK9iF3dSc33EPu
 neKsD+KrGPT40EOntpzQ0OglfghyiSMKIyZopEQPwgQfBNlMRpB1r8PHt///9+Qc/pDm/jCZ
 0OZ0E9Ep2PlENcOpinN0x3N6TQfn+vYYYothyhB6NUkbpgLDlOHFjWv0Eaa0/ZefOQ1M6sMW
 YrfVEfFAsVltjUwEVTXBjPposEXVCLpTvSAJYlSIo+FxxgvUkEO9FA5OX6Xjy1OAn0SuJMSX
 dxRe6viSqFgYlIM7+3+uzokoF0+HmmURhKmIx7eXcxWYRibc+XtBpcAp6ALueeBSYBbtx6NN
 EaDMHKrAj37EqDiejEc7vjNxax6eWpmjFCuNsnBwBSpwEjqEW9+8ppU5DWlx6HpYdRMg3ya3
 b5Pbt+G+D+h+sN3iaNA5BJtdIpU6qVJwOomoM+gdNreeWGoHwOq3Ht39HHT9PRkGCAJew6L2
 gIlLEOokjyMMMiDFp7E6vwxtrXBZPFZBspaLtXYihQGGNJ/K4kmZYy2Cp4GIrjUqCzJ8Olta
 uM/EoSrBTaoJqSHiGpsNIY/ZvdpeE5cskipSf9Fmd2/QFExSwjVyOKVoWKlGcEi2qjj/Fujg
 1OxCG80xTpeTZKazs7wsQorIWutcz1FOBlcPX54H6fKzUtidSpRGPqj1pHm5hJJLQhP3lRK3
 sEFlNoIi7bMZXyiqYy41c4Y82p/w4SM8e69A5Z8xlgV6lpYnKozb2jIacwt2BR6fqoulGKNd
 57oX9Itlqk/zgyN949o7hh6zHox4zZ4SsoPE8j+7vwpDRcaB8i3fBsf+uZqO3Yr1nx8qeT8m
 NJeXnDhjbh17GCliWrxGTWtT9su7PCNZhfw8WpSE/6LpfXwNAwAA
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Sat, 10 Mar 2018 00:18:23 -0000

On Fri, Mar 09, 2018 at 10:37:26AM -0800, John Baldwin wrote:
> On Friday, March 09, 2018 02:06:39 AM Benjamin Kaduk wrote:
> > Author: bjk
> > Date: Fri Mar  9 02:06:39 2018
> > New Revision: 51474
> > URL: https://svnweb.freebsd.org/changeset/doc/51474
> > 
> > Log:
> >   Update kgdb instructions
> >   
> >   The port/package should be used now, and build system changes have
> >   moved the kernel images in the object tree to a new location (on
> >   newer systems)
> >   
> >   PR:		226015
> >   Submitted by:	Phil Eaton 
> > 
> > Modified:
> >   head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> > 
> > Modified: head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> > ==============================================================================
> > --- head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Thu Mar  8 12:51:09 2018	(r51473)
> > +++ head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Fri Mar  9 02:06:39 2018	(r51474)
> > @@ -169,7 +169,9 @@
> >      
> >        This section covers &man.kgdb.1; as found in &os; 5.3
> >  	and later.  In previous versions, one must use
> > -	gdb -k to read a core dump file.
> > +	gdb -k to read a core dump file.
> > +	Since &os; 12 kgdb is acquired by installing
> > +	devel/gdb.
> 
> All mention of gdb -k should probably be axed as well.  Thanks for updating this.

Good point.

> >      
> >  
> >      Once a dump has been obtained, getting useful information
> > @@ -178,8 +180,12 @@
> >        the crash dump, locate the debug version of your kernel
> >        (normally called kernel.debug) and the path
> >        to the source files used to build your kernel (normally
> > -      /usr/obj/usr/src/sys/KERNCONF,
> > -      where KERNCONF
> > +      /usr/obj/usr/src/sys/KERNCONF
> > +      or
> > +      /usr/obj/usr/src/amd64.amd64/sys/KERNCONF,
> > +      where amd64.amd64
> > +      is the architecture and
> > +      KERNCONF
> >        is the ident specified in a kernel
> >        &man.config.5;).  With those two pieces of info, let the
> >        debugging commence!
> 
> Hmm, I'd need to look at the larger context, but kgdb can usually find the
> matching kernel for you if you just use 'kgdb -n last' (using kgdb from
> ports).  Also, kernel.debug is the wrong thing to use now in the obj tree.
> You would want to use kernel.full, but even better is to run kgdb against the
> installed kernel binary (e.g. /boot/foo/kernel) and let it find the debug
> symbols in /usr/lib/debug/boot/foo/kernel.debug automatically.

Any chance you'd be able to do this?  My schedule is pretty booked
in the lead up to IETF 101.

-Ben

From owner-svn-doc-all@freebsd.org  Sat Mar 10 01:18:29 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18FB6F387AA;
 Sat, 10 Mar 2018 01:18:29 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BA93178119;
 Sat, 10 Mar 2018 01:18:28 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B59BF26B8D;
 Sat, 10 Mar 2018 01:18:28 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2A1ISoc043847;
 Sat, 10 Mar 2018 01:18:28 GMT (envelope-from dbaio@FreeBSD.org)
Received: (from dbaio@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2A1ISui043846;
 Sat, 10 Mar 2018 01:18:28 GMT (envelope-from dbaio@FreeBSD.org)
Message-Id: <201803100118.w2A1ISui043846@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: dbaio set sender to
 dbaio@FreeBSD.org using -f
From: "Danilo G. Baio" 
Date: Sat, 10 Mar 2018 01:18:28 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51475 - head/en_US.ISO8859-1/articles/contributors
X-SVN-Group: doc-head
X-SVN-Commit-Author: dbaio
X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/contributors
X-SVN-Commit-Revision: 51475
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Sat, 10 Mar 2018 01:18:29 -0000

Author: dbaio (ports committer)
Date: Sat Mar 10 01:18:28 2018
New Revision: 51475
URL: https://svnweb.freebsd.org/changeset/doc/51475

Log:
  Add Yuichiro NAITO to contributors
  
  Maintainer of these ports:
  		devel/rubygem-rspec-its
  		devel/rubygem-schash
  		misc/timediff
  		sysutils/asmctl
  		sysutils/rubygem-itamae
  		sysutils/rubygem-serverspec
  		sysutils/rubygem-specinfra
  
  PR:		225552

Modified:
  head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml

Modified: head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml	Fri Mar  9 02:06:39 2018	(r51474)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml	Sat Mar 10 01:18:28 2018	(r51475)
@@ -11483,6 +11483,11 @@
   
 
   
+    Yuichiro NAITO
+      naito.yuichiro@gmail.com
+  
+
+  
     Yujiro MIYATA
       miyata@bioele.nuee.nagoya-u.ac.jp
   

From owner-svn-doc-all@freebsd.org  Sat Mar 10 01:31:45 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 949C5F39B1C;
 Sat, 10 Mar 2018 01:31:45 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from mail.baldwin.cx (bigwig.baldwin.cx [96.47.65.170])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 393FF78EE5;
 Sat, 10 Mar 2018 01:31:45 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from ralph.baldwin.cx (ralph.baldwin.cx [66.234.199.215])
 by mail.baldwin.cx (Postfix) with ESMTPSA id 97DAB10A8BE;
 Fri,  9 Mar 2018 20:31:44 -0500 (EST)
From: John Baldwin 
To: Benjamin Kaduk 
Cc: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: Re: svn commit: r51474 -
 head/en_US.ISO8859-1/books/developers-handbook/kerneldebug
Date: Fri, 09 Mar 2018 17:04:58 -0800
Message-ID: <6549365.qv21SCyx3h@ralph.baldwin.cx>
User-Agent: KMail/4.14.10 (FreeBSD/11.1-STABLE; KDE/4.14.30; amd64; ; )
In-Reply-To: <20180310001805.GL27850@mit.edu>
References: <201803090206.w2926dFn037115@repo.freebsd.org>
 <3862948.D1s2xhDMta@ralph.baldwin.cx> <20180310001805.GL27850@mit.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3
 (mail.baldwin.cx); Fri, 09 Mar 2018 20:31:44 -0500 (EST)
X-Virus-Scanned: clamav-milter 0.99.2 at mail.baldwin.cx
X-Virus-Status: Clean
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Sat, 10 Mar 2018 01:31:45 -0000

On Friday, March 09, 2018 06:18:05 PM Benjamin Kaduk wrote:
> On Fri, Mar 09, 2018 at 10:37:26AM -0800, John Baldwin wrote:
> > On Friday, March 09, 2018 02:06:39 AM Benjamin Kaduk wrote:
> > > Author: bjk
> > > Date: Fri Mar  9 02:06:39 2018
> > > New Revision: 51474
> > > URL: https://svnweb.freebsd.org/changeset/doc/51474
> > > 
> > > Log:
> > >   Update kgdb instructions
> > >   
> > >   The port/package should be used now, and build system changes have
> > >   moved the kernel images in the object tree to a new location (on
> > >   newer systems)
> > >   
> > >   PR:		226015
> > >   Submitted by:	Phil Eaton 
> > > 
> > > Modified:
> > >   head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> > > 
> > > Modified: head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
> > > ==============================================================================
> > > --- head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Thu Mar  8 12:51:09 2018	(r51473)
> > > +++ head/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml	Fri Mar  9 02:06:39 2018	(r51474)
> > > @@ -169,7 +169,9 @@
> > >      
> > >        This section covers &man.kgdb.1; as found in &os; 5.3
> > >  	and later.  In previous versions, one must use
> > > -	gdb -k to read a core dump file.
> > > +	gdb -k to read a core dump file.
> > > +	Since &os; 12 kgdb is acquired by installing
> > > +	devel/gdb.
> > 
> > All mention of gdb -k should probably be axed as well.  Thanks for updating this.
> 
> Good point.
> 
> > >      
> > >  
> > >      Once a dump has been obtained, getting useful information
> > > @@ -178,8 +180,12 @@
> > >        the crash dump, locate the debug version of your kernel
> > >        (normally called kernel.debug) and the path
> > >        to the source files used to build your kernel (normally
> > > -      /usr/obj/usr/src/sys/KERNCONF,
> > > -      where KERNCONF
> > > +      /usr/obj/usr/src/sys/KERNCONF
> > > +      or
> > > +      /usr/obj/usr/src/amd64.amd64/sys/KERNCONF,
> > > +      where amd64.amd64
> > > +      is the architecture and
> > > +      KERNCONF
> > >        is the ident specified in a kernel
> > >        &man.config.5;).  With those two pieces of info, let the
> > >        debugging commence!
> > 
> > Hmm, I'd need to look at the larger context, but kgdb can usually find the
> > matching kernel for you if you just use 'kgdb -n last' (using kgdb from
> > ports).  Also, kernel.debug is the wrong thing to use now in the obj tree.
> > You would want to use kernel.full, but even better is to run kgdb against the
> > installed kernel binary (e.g. /boot/foo/kernel) and let it find the debug
> > symbols in /usr/lib/debug/boot/foo/kernel.debug automatically.
> 
> Any chance you'd be able to do this?  My schedule is pretty booked
> in the lead up to IETF 101.

Yeah, I'll try to take a stab.

-- 
John Baldwin

From owner-svn-doc-all@freebsd.org  Sat Mar 10 18:30:26 2018
Return-Path: 
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8A7E8F4EA4A;
 Sat, 10 Mar 2018 18:30:26 +0000 (UTC)
 (envelope-from fernape@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 39F867EB78;
 Sat, 10 Mar 2018 18:30:26 +0000 (UTC)
 (envelope-from fernape@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3480F117B4;
 Sat, 10 Mar 2018 18:30:26 +0000 (UTC)
 (envelope-from fernape@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2AIUQKC084057;
 Sat, 10 Mar 2018 18:30:26 GMT (envelope-from fernape@FreeBSD.org)
Received: (from fernape@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2AIUPbB084050;
 Sat, 10 Mar 2018 18:30:25 GMT (envelope-from fernape@FreeBSD.org)
Message-Id: <201803101830.w2AIUPbB084050@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: fernape set sender to
 fernape@FreeBSD.org using -f
From: =?UTF-8?Q?Fernando_Apestegu=c3=ada?= 
Date: Sat, 10 Mar 2018 18:30:25 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r51476 - in head: en_US.ISO8859-1/articles/contributors
 share/pgpkeys share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: fernape
X-SVN-Commit-Paths: in head: en_US.ISO8859-1/articles/contributors
 share/pgpkeys share/xml
X-SVN-Commit-Revision: 51476
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
 user" , " projects" , and " translations"
 \)" 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Sat, 10 Mar 2018 18:30:26 -0000

Author: fernape (ports committer)
Date: Sat Mar 10 18:30:25 2018
New Revision: 51476
URL: https://svnweb.freebsd.org/changeset/doc/51476

Log:
  Add myself (fernape) as a developer
  
  As of Committers Guide "Procedure 1. Steps for New Committers":
  
  * Add an Author Entity
  * Update the List of Developers and Contributors
  * Add a News Item
  * Add a PGP Key
  
  Approved by:	tcberner (mentor)
  Differential Revision:	https://reviews.freebsd.org/D14636

Added:
  head/share/pgpkeys/fernape.key   (contents, props changed)
Modified:
  head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
  head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
  head/share/pgpkeys/pgpkeys-developers.xml
  head/share/pgpkeys/pgpkeys.ent
  head/share/xml/authors.ent
  head/share/xml/news.xml

Modified: head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml	Sat Mar 10 18:30:25 2018	(r51476)
@@ -3299,11 +3299,6 @@
   
 
   
-    Fernando Apesteguia
-      fernando.apesteguia@gmail.com
-  
-
-  
     Ferruccio Vitale
       vitale@cs.tin.it
   

Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml	Sat Mar 10 18:30:25 2018	(r51476)
@@ -41,6 +41,10 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.
   
 
   
+    &a.fernape.email;
+  
+
+  
     &a.araujo.email;
   
 

Added: head/share/pgpkeys/fernape.key
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/pgpkeys/fernape.key	Sat Mar 10 18:30:25 2018	(r51476)
@@ -0,0 +1,53 @@
+
+
+
+uid                            Fernando Apesteguia 
+sub   rsa2048/D6A9B96A0E696E0E 2018-03-09 [E] [caduca: 2021-03-08]
+
+]]>
+

Modified: head/share/pgpkeys/pgpkeys-developers.xml
==============================================================================
--- head/share/pgpkeys/pgpkeys-developers.xml	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/share/pgpkeys/pgpkeys-developers.xml	Sat Mar 10 18:30:25 2018	(r51476)
@@ -54,6 +54,11 @@
       &pgpkey.anholt;
     
 
+    
+      &a.fernape.email;
+      &pgpkey.fernape;
+    
+
     
       &a.mva.email;
       &pgpkey.mva;

Modified: head/share/pgpkeys/pgpkeys.ent
==============================================================================
--- head/share/pgpkeys/pgpkeys.ent	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/share/pgpkeys/pgpkeys.ent	Sat Mar 10 18:30:25 2018	(r51476)
@@ -161,6 +161,7 @@
 
 
 
+
 
 
 

Modified: head/share/xml/authors.ent
==============================================================================
--- head/share/xml/authors.ent	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/share/xml/authors.ent	Sat Mar 10 18:30:25 2018	(r51476)
@@ -753,6 +753,9 @@
 
 fenner@FreeBSD.org">
 
+
+fernape@FreeBSD.org">
+
 
 fjoe@FreeBSD.org">
 

Modified: head/share/xml/news.xml
==============================================================================
--- head/share/xml/news.xml	Sat Mar 10 01:18:28 2018	(r51475)
+++ head/share/xml/news.xml	Sat Mar 10 18:30:25 2018	(r51476)
@@ -29,6 +29,17 @@
   
 
   
+    
+      3
+      
+	3
+	
+	   
      New committer:
+	     Fernando Apesteguia
+	     (ports)
      
+	      
+            
+          
     2018
     
       2