From owner-svn-doc-all@freebsd.org Mon Aug 5 16:59:16 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D786C7D12; Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 462PBD2jY3z3Qys; Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3B33A1EC46; Mon, 5 Aug 2019 16:59:16 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75GxGDY068621; Mon, 5 Aug 2019 16:59:16 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75GxGRa068620; Mon, 5 Aug 2019 16:59:16 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201908051659.x75GxGRa068620@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Mon, 5 Aug 2019 16:59:16 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53293 - head/de_DE.ISO8859-1/books/handbook/introduction X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/introduction X-SVN-Commit-Revision: 53293 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Aug 2019 16:59:16 -0000 Author: bhd Date: Mon Aug 5 16:59:15 2019 New Revision: 53293 URL: https://svnweb.freebsd.org/changeset/doc/53293 Log: Update to r53172: Change name and links from Dell KACE to Quest KACE. Modified: head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml Modified: head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml Fri Aug 2 15:06:06 2019 (r53292) +++ head/de_DE.ISO8859-1/books/handbook/introduction/chapter.xml Mon Aug 5 16:59:15 2019 (r53293) @@ -4,7 +4,7 @@ The FreeBSD German Documentation Project $FreeBSD$ - basiert auf: r52781 + basiert auf: r53172 --> - Dell - KACE Dell KACE + Quest + KACE Quest KACE - Die KACE Systemmanagement-Appliances nutzen &os; wegen seiner Zuverlässigkeit, Skalierbarkeit und Gemeinschaft, welche deren zukünftige Weiterentwicklung From owner-svn-doc-all@freebsd.org Mon Aug 5 17:13:13 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 19B1CA85C9; Mon, 5 Aug 2019 17:13:13 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 462PVJ6ztjz3xFG; Mon, 5 Aug 2019 17:13:12 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D18451EFCB; Mon, 5 Aug 2019 17:13:12 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75HDCCM080213; Mon, 5 Aug 2019 17:13:12 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75HDCNw080212; Mon, 5 Aug 2019 17:13:12 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201908051713.x75HDCNw080212@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Mon, 5 Aug 2019 17:13:12 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53294 - head/en_US.ISO8859-1/books/handbook/virtualization X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/virtualization X-SVN-Commit-Revision: 53294 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Aug 2019 17:13:13 -0000 Author: bhd Date: Mon Aug 5 17:13:12 2019 New Revision: 53294 URL: https://svnweb.freebsd.org/changeset/doc/53294 Log: - Typo: mount_vboxfs -> mount_vboxvfs - Use Virtualbox makro in title - Visible indentation fix Modified: head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml Mon Aug 5 16:59:15 2019 (r53293) +++ head/en_US.ISO8859-1/books/handbook/virtualization/chapter.xml Mon Aug 5 17:13:12 2019 (r53294) @@ -823,7 +823,7 @@ EndSection Shared folders for file transfers between host and VM are accessible by mounting them using - mount_vboxfs. A shared folder can be created + mount_vboxvfs. A shared folder can be created on the host using the VirtualBox GUI or via vboxmanage. For example, to create a shared folder called myshare under @@ -840,8 +840,7 @@ EndSection - &os; as a Host with - <application>VirtualBox</application> + &os; as a Host with &virtualbox; &virtualbox; is an actively developed, complete virtualization package, that is available @@ -1553,8 +1552,8 @@ kld_list="nmdm vmm" interface name. &prompt.root; sysrc cloned_interfaces="bridge0" - &prompt.root; sysrc ifconfig_bridge0="addm em0 SYNCDHCP" - &prompt.root; sysrc ifconfig_em0="up" +&prompt.root; sysrc ifconfig_bridge0="addm em0 SYNCDHCP" +&prompt.root; sysrc ifconfig_em0="up" Restart the host to load the &xen; kernel and start the Dom0. From owner-svn-doc-all@freebsd.org Mon Aug 5 18:45:11 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B5894AA593; Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 462RXR3WdMz43RS; Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 560C320012; Mon, 5 Aug 2019 18:45:11 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x75IjBLa033979; Mon, 5 Aug 2019 18:45:11 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x75IjAIo033978; Mon, 5 Aug 2019 18:45:10 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201908051845.x75IjAIo033978@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Mon, 5 Aug 2019 18:45:10 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53295 - in head/de_DE.ISO8859-1/books/handbook: network-servers security X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: in head/de_DE.ISO8859-1/books/handbook: network-servers security X-SVN-Commit-Revision: 53295 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Aug 2019 18:45:11 -0000 Author: bhd Date: Mon Aug 5 18:45:10 2019 New Revision: 53295 URL: https://svnweb.freebsd.org/changeset/doc/53295 Log: Update to r53262: Consistent use of /usr/sbin/nologin. Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml head/de_DE.ISO8859-1/books/handbook/security/chapter.xml Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Aug 5 17:13:12 2019 (r53294) +++ head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Aug 5 18:45:10 2019 (r53295) @@ -5,7 +5,7 @@ $FreeBSD$ $FreeBSDde: de-docproj/books/handbook/network-servers/chapter.xml,v 1.103 2011/12/24 15:51:18 bcr Exp $ - basiert auf: r52704 + basiert auf: r53262 --> basie&prompt.root; cat /etc/master.passwd root:[password]:0:0::0:0:The super-user:/root:/bin/csh toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh -daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin -operator:*:2:5::0:0:System &:/:/sbin/nologin -bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin -tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin -kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin -games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin -news:*:8:8::0:0:News Subsystem:/:/sbin/nologin -man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin -bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin +daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5::0:0:System &:/:/usr/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/usr/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin +man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico -xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin -pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin -nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/usr/sbin/nologin +pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin -bill::::::::: +::::::::: @@ -2208,17 +2208,17 @@ ellington&prompt.user; ypcat -k netgroup.by anzumelden. Dies kann durch das Hinzufügen einer zusätzlichen Zeile erreicht werden: - +:::::::::/sbin/nologin + +:::::::::/usr/sbin/nologin Diese Zeile weist den Client an, alle Einträge zu importieren, aber die Shell in diesen Einträgen durch - /sbin/nologin zu ersetzen. + /usr/sbin/nologin zu ersetzen. Stellen Sie sicher, dass die zusätzliche Zeile nach der Zeile +@IT_EMP::::::::: eingetragen ist. Andernfalls haben alle via NIS - importierten Benutzerkonten /sbin/nologin + importierten Benutzerkonten /usr/sbin/nologin als Loginshell und niemand wird sich mehr am System anmelden können. @@ -2228,13 +2228,13 @@ ellington&prompt.user; ypcat -k netgroup.by +@IT_EMP::::::::: +@IT_APP::::::::: -+:::::::::/sbin/nologin ++:::::::::/usr/sbin/nologin Die entsprechenden Zeilen für Arbeitsplätze lauten: +@IT_EMP::::::::: +@USERS::::::::: -+:::::::::/sbin/nologin ++:::::::::/usr/sbin/nologin NIS ist in der Lage, Netzgruppen aus anderen Netzgruppen zu bilden. Dies kann nützlich sein, wenn @@ -2266,12 +2266,12 @@ USERBOX IT_EMP ITINTERN USERS mit + beginnende Zeilen. Die erste Zeile legt die Netzgruppe mit den Benutzern fest, die sich auf diesem Rechner anmelden dürfen. Die zweite Zeile weist allen anderen - Benutzern /sbin/nologin als Shell zu. + Benutzern /usr/sbin/nologin als Shell zu. Verwenden Sie auch hier (analog zu den Netzgruppen) Großbuchstaben für die Rechnernamen: +@BOXNAME::::::::: -+:::::::::/sbin/nologin ++:::::::::/usr/sbin/nologin Sobald dies für alle Rechner erledigt ist, müssen die lokalen Versionen von /etc/master.passwd Modified: head/de_DE.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/security/chapter.xml Mon Aug 5 17:13:12 2019 (r53294) +++ head/de_DE.ISO8859-1/books/handbook/security/chapter.xml Mon Aug 5 18:45:10 2019 (r53295) @@ -5,7 +5,7 @@ $FreeBSD$ $FreeBSDde: de-docproj/books/handbook/security/chapter.xml,v 1.178 2012/04/30 17:07:41 bcr Exp $ - basiert auf: r52835 + basiert auf: r53262 --> Bei der zweiten Methode wird der Anmeldevorgang verhindert, indem die Shell auf - /sbin/nologin gesetzt wird. Nur der + /usr/sbin/nologin gesetzt wird. Nur der Superuser kann die Shell für andere Benutzer ändern: &prompt.root; chsh -s /usr/sbin/nologin toor From owner-svn-doc-all@freebsd.org Tue Aug 6 17:31:21 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7611C65A4; Tue, 6 Aug 2019 17:31:21 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4631rn5K2Lz4G9p; Tue, 6 Aug 2019 17:31:21 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9920C2F51B; Tue, 6 Aug 2019 17:31:21 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76HVL9c052558; Tue, 6 Aug 2019 17:31:21 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76HVJHL052544; Tue, 6 Aug 2019 17:31:19 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201908061731.x76HVJHL052544@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 6 Aug 2019 17:31:19 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53296 - in head/share: security/advisories security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18 security/patches/SA-19:19 security/patches/SA-19:20 security/pa... X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18 security/patches/SA-19:19 security/patches/SA-19:20 security/patches/SA-19:21 xml X-SVN-Commit-Revision: 53296 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Aug 2019 17:31:21 -0000 Author: gordon (src committer) Date: Tue Aug 6 17:31:19 2019 New Revision: 53296 URL: https://svnweb.freebsd.org/changeset/doc/53296 Log: Add EN-19:14, EN-19:15, and SA-19:18 to SA-19:21. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc (contents, props changed) head/share/security/patches/EN-19:14/ head/share/security/patches/EN-19:14/epoch.patch (contents, props changed) head/share/security/patches/EN-19:14/epoch.patch.asc (contents, props changed) head/share/security/patches/EN-19:15/ head/share/security/patches/EN-19:15/libunwind.patch (contents, props changed) head/share/security/patches/EN-19:15/libunwind.patch.asc (contents, props changed) head/share/security/patches/SA-19:18/ head/share/security/patches/SA-19:18/bzip2.patch (contents, props changed) head/share/security/patches/SA-19:18/bzip2.patch.asc (contents, props changed) head/share/security/patches/SA-19:19/ head/share/security/patches/SA-19:19/mldv2.11.patch (contents, props changed) head/share/security/patches/SA-19:19/mldv2.11.patch.asc (contents, props changed) head/share/security/patches/SA-19:19/mldv2.12.patch (contents, props changed) head/share/security/patches/SA-19:19/mldv2.12.patch.asc (contents, props changed) head/share/security/patches/SA-19:20/ head/share/security/patches/SA-19:20/bsnmp.patch (contents, props changed) head/share/security/patches/SA-19:20/bsnmp.patch.asc (contents, props changed) head/share/security/patches/SA-19:21/ head/share/security/patches/SA-19:21/bhyve.patch (contents, props changed) head/share/security/patches/SA-19:21/bhyve.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:14.epoch Errata Notice + The FreeBSD Project + +Topic: Incorrect locking in epoch(9) + +Category: core +Module: kernel +Announced: 2019-08-06 +Credits: Mark Johnston +Affects: FreeBSD 12.0 +Corrected: 2019-07-27 16:11:04 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:07:43 UTC (releng/12.0, 12.0-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Some parts of the kernel use a new synchronization primitive, epoch(9), +which can be used to implement safe memory reclamation. In this usage, +threads can use the epoch(9) KPI to ensure that no other threads hold +a reference to a given object in memory. + +II. Problem Description + +In the case where epoch(9) must wait for a thread that is blocked on +a lock, it will use the turnstile(9) KPI to propagate the current +thread's priority to the lock holder. However, in the case where the +lock has no designated owner - for example, it is a reader-writer lock +owned by one or more readers - a bug in the interaction with the +turnstile meant that pair of spin locks were left locked when they +should have been unlocked. + +III. Impact + +In rare cases and under heavy load, the kernel may panic or lock up. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch +# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch.asc +# gpg --verify epoch.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350373 +releng/12.0/ r350641 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1JtztfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJgXA//Wbh6Nv6OL+Aer7oZ8uiZEhDTj+a+IMG617uCyeD+x4/8Hj73J7Pg6vaT +CGqGAslxy8GMmvrO8Jmn0RFDyfJb+mW1M9FqQS4u9DNm1r7nNuOBWj9UcAC9TQOY +rIEoqe/wD6a+EKQ01tgsWm2TYA2hX/WwtKJiYuPJOyuTzm9d3PhQ2SPmU0NaqyfU ++0YT3QHRYUEYHU/tZwAV3axcihYP7NfrgEWmE3LY7fBX1ShxFOYZVlexY4604wyc +SLxCMVnfqFiB8vH5X8R4J9OlsK00j1W2B+PJodocDzNjvHgnRb3RSHeo+EC+3y7k +/P3qRCxtgPzb/VHCCRry0LAmeijxQDWVf4vydjaMVDQEv/zQ+Y5ujAucRAtvtjRm +gYLRTOHnXVTpZk/c8h2Gch9g3sB9aqrsMYtPUqSfRRUFDYJjN3NVmVLo4ciAhjwY +EvGr7HloO3O4n+zYWOagvSvu05TjOA1SGGURAkslthjTXRpmiqDSS6yawW23v7Jw +gC7pvVUnmGSGzlwGPojE6LBSX3CWlgwJV/6g2s0wizPGv3K/IQMMQn7NaaLl09xw +X6TND7mVGqk2w3do1k9ZSkvqI+jr4MkJbGh5Vl8q1J/oW9KPTVO3+mQEi91SvgU+ +YEyzryregBP69ta7gqT0Pgb2+LR9733qPLSh3Hgn/4zRI/seSkU= +=pBEN +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:15.libunwind Errata Notice + The FreeBSD Project + +Topic: Incorrect exception handling + +Category: contrib +Module: libunwind +Announced: 2019-08-06 +Affects: FreeBSD 11.2, FreeBSD 12.0 +Corrected: 2019-08-06 17:08:30 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 17:08:30 UTC (releng/11.2, 11.2-RELEASE-p13) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The libunwind library, which originates from the LLVM project, is responsible +for handling the unwinding of stack frames, when programs throw C or C++ +style exceptions. It uses exception handling information embedded in the +executable file to determine the layout of the stack, at the time the +exception is being processed. + +II. Problem Description + +In some cases, the exception handling information embedded in executables is +not correctly interpreted by libunwind. This causes it to emit a runtime +error, and abort the affected program. + +III. Impact + +Affected programs will show an message on the standard error stream, when +they attempt to throw an exception: + +libunwind: getEncodedP \ + /usr/src/contrib/llvm/projects/libunwind/src/AddressSpace.hpp:280 - \ + unknown pointer encoding + +After this message, the program will be aborted using the abort(3) function, +which usually results in a core dump. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch +# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch.asc +# gpg --verify libunwind.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in , and +reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +releng/12.0/ r350642 +releng/11.2/ r350642 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt0pfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJOkQ/+N8Esx4GPWNOzNOGJAnBgtujVeCDjbubny9ktMElEw6mZJKWqcgFmG1bm +hdz5iAz6xn/W6Y5fUR07aM6KFLTN7Is0LqaC+4mWFgbmPu9t0DVgjjsSHAJk6+fu +NpkSMDYq0tUqhNUFlP36EoTHUuM7KlD3/a1dlGZwSOmT3tQitosD8MYNm8bXdsiG +Fx8xXJz8l7qtSw5a1HI2yrRmR7hZHEblGVDP1BjU+QVh7O+0oTeSWHjtriCeYXOl +KUNypPNU5HTySLI0XE+wXJ8S3SblmCOJSdEy/EDZYd8KxG2ib+abn6KdewQl0dIL +0evKaSeIfrVyHfbQporrUotpuTgHrxdD63vowtyH4fL/JzNmw38ZBRzu/4Lib4eF +uaMr7IXyUvifJRBNHCSV5waEQXdcaZ4/YiNg93kiBCC1FhqKEEel0TLARTqtCEVu +ByQVjjZ5v45OAq74uFSYfnSReLt96VnQFD8J5JIKlYaR145tSUKzgetUy+iekjq2 +7sRr0kh7lGFFNoOhbFDBURr3HrFgfpWgRA12/AuAVelXPTG4ik8tU6X/vNlvysK6 +TJel41R8++MPUQuaQPU9KfUiAycvV4P9/hHEodnjhNY7NaWkXaP+fJpxCtctcFGd +eIcI3nIoJX+6W2KjZkJcrbuZsqkVSsz0MXgfLNuoNZruzdppLAY= +=Sq9+ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:18.bzip2 Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in bzip2 + +Category: contrib +Module: bzip2 +Announced: 2019-08-06 +Affects: All supported versions of FreeBSD. +Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2016-3189, CVE-2019-12900 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and +decompress files using an algorithm based on the Burrows-Wheeler transform. +They are generally slower than Lempel-Ziv compressors such as gzip, but +usually provide a greater compression ratio. + +The bzip2recover utility extracts blocks from a damaged bzip2(1) file, +permitting partial recovery of the contents of the file. + +II. Problem Description + +The decompressor used in bzip2 contains a bug which can lead to an +out-of-bounds write when processing a specially crafted bzip2(1) file. + +bzip2recover contains a heap use-after-free bug which can be triggered +when processing a specially crafted bzip2(1) file. + +III. Impact + +An attacker who can cause maliciously crafted input to be processed +may trigger either of these bugs. The bzip2recover bug may cause a +crash, permitting a denial-of-service. The bzip2 decompressor bug +could potentially be exploited to execute arbitrary code. + +Note that some utilities, including the tar(1) archiver and the bspatch(1) +binary patching utility (used in portsnap(8) and freebsd-update(8)) +decompress bzip2(1)-compressed data internally; system administrators should +assume that their systems will at some point decompress bzip2(1)-compressed +data even if they never explicitly invoke the bunzip2(1) utility. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart daemons if necessary. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch +# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc +# gpg --verify bzip2.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r349717 +releng/12.0/ r350643 +stable/11/ r349718 +releng/11.3/ r350643 +releng/11.2/ r350643 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt09fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJWEQ//dBiFwPCKcUaeSBuM9opVUxWzFYrpWdYwwagQXzNqO3Z77Vi2hHQnfpkD +bM8WgWwChOJmlTja7sjnF+QjoV9/elzYhFrD6q0W1nLZ2XHcXyHrbFLMJ+CrvCWR +AuVCEkmT2fchE/5c71l/v8I452EpGZG7P0fwG1bpf84p1PFLl3esfeo8+CzN1x2h +YLnvfp69/tC18LR0/yozRUuFSqoYBhbnJsclB1JkrGx0fPOcE9y3sudVhBIDbH7h +nYSTJl/KkTHf6tbJVXWUVr5gJzCgGvvhUer49RCdJMAwj6hKYT49vWnOFl1T8DAL ++co0ZzTiKoCdrrrguijh4QTEUe4UAGS3PPAwhUiOu+y8Bry06/U565uO9y9iILef +M5oYTbM7h/TErPxSE421fWeexeK0seCHqmj/rO1Yf7RkRvLg/QaJk5YWM0KoP3NH +QQRdX8qNiy4liEqGvJwfUdNcVXA3d7BKifl6MKH+5/2i5B23wHItIeuIGYo5LgdI +mnH59L5wylhWGa0Dc+N9fP0jFvBfk7/4a0joXYIQ7/KDQg0X+WdiGZ/mzZ4GEisX +hwI2laAh/oyksInrMcLCbvgWql+lrUvK3ltHo17U+wrMeb+8btDLR5T/9XlLPWGp +s101XS6ewcwpZ8g5uBtlFBLmp8BGkALTAJtwwqJ2eoLfLYCXq3I= +=3O6m +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:19.mldv2 Security Advisory + The FreeBSD Project + +Topic: ICMPv6 / MLDv2 out-of-bounds memory access + +Category: core +Module: net +Announced: 2019-08-06 +Credits: CJD of Apple +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5608 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used +by IPv6 routers to discover multicast listeners. + +II. Problem Description + +The ICMPv6 input path incorrectly handles cases where an MLDv2 listener +query packet is internally fragmented across multiple mbufs. + +III. Impact + +A remote attacker may be able to cause an out-of-bounds read or write that +may cause the kernel to attempt to access an unmapped page and subsequently +panic. + +IV. Workaround + +No workaround is available. Systems not using IPv6 are not affected. + +V. Solution + +Perform one of the following: + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Reboot for security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2, FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc +# gpg --verify mldv2.11.patch.asc + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch +# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc +# gpg --verify mldv2.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350648 +releng/12.0/ r350644 +stable/11/ r350650 +releng/11.3/ r350644 +releng/11.2/ r350644 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r +NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR +VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h +oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW ++UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0 +15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo ++F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ +Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ +gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl +5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO +LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU= +=WaXC +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:20.bsnmp Security Advisory + The FreeBSD Project + +Topic: Insufficient message length validation in bsnmp library + +Category: contrib +Module: bsnmp +Announced: 2019-08-06 +Credits: Guido Vranken +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-06 16:11:16 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:12:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-06 16:12:43 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:12:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:12:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5610 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The bsnmp software library is used for the Internet SNMP (Simple Network +Management Protocol). As part of this it includes functions to handle ASN.1 +(Abstract Syntax Notation One). + +II. Problem Description + +A function extracting the length from type-length-value encoding is not +properly validating the submitted length. + +III. Impact + +A remote user could cause, for example, an out-of-bounds read, decoding of +unrelated data, or trigger a crash of the software such as bsnmpd resulting +in a denial of service. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch +# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch.asc +# gpg --verify bsnmp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350637 +releng/12.0/ r350646 +stable/11/ r350638 +releng/11.3/ r350646 +releng/11.2/ r350646 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1lfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKtBBAAltxFzxuMqWCgJoL9SemLRQxGGk0hRFdN5b78mgVdk2lfDgVz8U7mVM6v +XbcCa4lIy7wMYpUdEySAZLR2ENt0xdpx7oQ6lAg5fnnvrUvom4wU9ruxEs5txFVL +K6RaJnQJyOkI2c/LYvI/ZYmuc29/Nt3p/DvVe7wq86taoqUufN11MXkrRHgn68N3 +7vewixzWpqH5L/aY2qP1d+Xe3QmHX0IcFqeo4U3/3G4wUGRCfHtaENY4w5eUbCa2 +1Qk0oS9iUdX1IJjM5l1ccoFqsjbcO6vNS337qeYNKhLspXMQPwoS0K0HfB6LKt1D +dCBFoXu/qUFjf3qqbpcqGEFrFPZjlNmC4R0Ngx1rfZ1t1dXbj83NOOE1okd3Gb/V +TPDU/jzwt+/6DE6ryNQpeanPdim83w/j+qeA0UaTyxlbj+oSz1gU9Ckaauf+9peI +GT8TPnrgmFlYg2tkYl4tbq5LtRstPGZYguqEt5SHCxBOg3dxByMPzikSFUL9oNxS +9GX7JZT36J20f62hG8Watp2y3W0QsMjJpxF9OojRU6B15Z4Q2aCht4F6DnvEkVfN +1GvS5NAHPHU09TniSgYK3ThkoYrLYykhsXPmJmETV7DU1Qhny1p8H0NwIwB20DEm +AOAcYzLhiXHGpniE5y+MT9Pvt3BDBt36k6WgZ4eZ4RWuzGOumiU= +=rH6X +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:21.bhyve Security Advisory + The FreeBSD Project + +Topic: Insufficient validation of guest-supplied data (e1000 device) + +Category: core +Module: bhyve +Announced: 2019-08-06 +Credits: Reno Robert +Affects: All supported versions of FreeBSD. +Corrected: 2019-08-05 22:04:16 UTC (stable/12, 12.0-STABLE) + 2019-08-06 17:13:17 UTC (releng/12.0, 12.0-RELEASE-p9) + 2019-08-05 22:04:16 UTC (stable/11, 11.3-STABLE) + 2019-08-06 17:13:17 UTC (releng/11.3, 11.3-RELEASE-p2) + 2019-08-06 17:13:17 UTC (releng/11.2, 11.2-RELEASE-p13) +CVE Name: CVE-2019-5609 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +bhyve(8) is a hypervisor that supports running a variety of guest operating +systems in virtual machines. bhyve(8) includes an emulated Intel 82545 +network interface adapter ("e1000"). + +II. Problem Description + +The e1000 network adapters permit a variety of modifications to an Ethernet +packet when it is being transmitted. These include the insertion of IP and +TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation +offload ("TSO"). The e1000 device model uses an on-stack buffer to generate +the modified packet header when simulating these modifications on transmitted +packets. + +When TCP segmentation offload is requested for a transmitted packet, the +e1000 device model used a guest-provided value to determine the size of the +on-stack buffer without validation. The subsequent header generation could +overflow an incorrectly sized buffer or indirect a pointer composed of stack +garbage. + +III. Impact + +A misbehaving bhyve guest could overwrite memory in the bhyve process on the +host. + +IV. Workaround + +Only the e1000 device model is affected; the virtio-net device is not +affected by this issue. If supported by the guest operating system +presenting only the virtio-net device to the guest is a suitable workaround. +No workaround is available if the e1000 device model is required. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart any affected virtual machines. + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch +# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch.asc +# gpg --verify bhyve.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable virtual machines, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r350619 +releng/12.0/ r350647 +stable/11/ r350619 +releng/11.3/ r350647 +releng/11.2/ r350647 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1xfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL0qA//ZdapXUMl6KuuvtZIveMZgNdMVLYaqB1K8yHXO5udd58fTsH6+Khei0LT +gYGxDEJkHinM1EWy688xE+PSzb9twmEmawW4N4WMhWB9oMoTuLQ5E4Zm9my1TdDh +ducK6Q4GqOojIXJ0LtHDqs9qveAfkgB6L6jmLt/1jpZelLupte3S+bPmI4yta7ge +7k54V9GcN05i7wX2TaZA7H3ROQziW537ZeoRB8BQwt7bekFw2uBfO9s0CWcJZPnG ++0D6QEsRqbtYMJr5RkUCc1y4qaqnWBBn/Zyyr0P+bXZklU/IW2GJTDWNObXN7DPE +NOhuVY7PQHN6jv3u+nKa1AY7mjI3zBo009iAfPQFCb9Kn08tJ2A9WrExEMwZdcbI +nXVqCRdp7xCSPO73vjNv4btzvAU7iwbaBkpGFs721cH72ImvmXi7TwepPEAul0do +VwKYMxhStZtoDQhEea1eq41KNvqxmA/mkbEjpKcTZCUJq7xVyV4uaVme3Uq45uaa +mKMWx+Gg09A2Y5NfSCiz9AGuMkIGn05hKIOK39yAG159uTks60Ybsw/bOnE9WnMJ +5igcI+U6utIMi2M6nH4rn/wKBYM9cHWmQLfo6kECUi2CCTmR5VL8BTJ/8vHCqXi1 +vCcAPacKYAROsvGQyynSVLiXJAXOrc8/VyoXRHC5cAapVeParcw= +=0XzG +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:14/epoch.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:14/epoch.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,87 @@ +--- sys/kern/subr_epoch.c.orig ++++ sys/kern/subr_epoch.c +@@ -325,24 +325,20 @@ + */ + critical_enter(); + thread_unlock(td); +- owner = turnstile_lock(ts, &lock); +- /* +- * The owner pointer indicates that the lock succeeded. Only +- * in case we hold the lock and the turnstile we locked is still +- * the one that curwaittd is blocked on can we continue. Otherwise +- * The turnstile pointer has been changed out from underneath +- * us, as in the case where the lock holder has signalled curwaittd, +- * and we need to continue. +- */ +- if (owner != NULL && ts == curwaittd->td_blocked) { +- MPASS(TD_IS_INHIBITED(curwaittd) && TD_ON_LOCK(curwaittd)); +- critical_exit(); +- turnstile_wait(ts, owner, curwaittd->td_tsqueue); +- counter_u64_add(turnstile_count, 1); +- thread_lock(td); +- return; +- } else if (owner != NULL) ++ ++ if (turnstile_lock(ts, &lock, &owner)) { ++ if (ts == curwaittd->td_blocked) { ++ MPASS(TD_IS_INHIBITED(curwaittd) && ++ TD_ON_LOCK(curwaittd)); ++ critical_exit(); ++ turnstile_wait(ts, owner, ++ curwaittd->td_tsqueue); ++ counter_u64_add(turnstile_count, 1); ++ thread_lock(td); ++ return; ++ } + turnstile_unlock(ts, lock); ++ } + thread_lock(td); + critical_exit(); + KASSERT(td->td_locks == locksheld, +--- sys/kern/subr_turnstile.c.orig ++++ sys/kern/subr_turnstile.c +@@ -566,14 +566,15 @@ + return (ts); + } + +-struct thread * +-turnstile_lock(struct turnstile *ts, struct lock_object **lockp) ++bool ++turnstile_lock(struct turnstile *ts, struct lock_object **lockp, ++ struct thread **tdp) + { + struct turnstile_chain *tc; + struct lock_object *lock; + + if ((lock = ts->ts_lockobj) == NULL) +- return (NULL); ++ return (false); + tc = TC_LOOKUP(lock); + mtx_lock_spin(&tc->tc_lock); + mtx_lock_spin(&ts->ts_lock); +@@ -580,10 +581,11 @@ + if (__predict_false(lock != ts->ts_lockobj)) { + mtx_unlock_spin(&tc->tc_lock); + mtx_unlock_spin(&ts->ts_lock); +- return (NULL); ++ return (false); + } + *lockp = lock; +- return (ts->ts_owner); ++ *tdp = ts->ts_owner; ++ return (true); + } + + void +--- sys/sys/turnstile.h.orig ++++ sys/sys/turnstile.h +@@ -100,7 +100,8 @@ + struct turnstile *turnstile_trywait(struct lock_object *); + void turnstile_unpend(struct turnstile *); + void turnstile_wait(struct turnstile *, struct thread *, int); +-struct thread *turnstile_lock(struct turnstile *, struct lock_object **); ++bool turnstile_lock(struct turnstile *, struct lock_object **, ++ struct thread **); + void turnstile_unlock(struct turnstile *, struct lock_object *); + void turnstile_assert(struct turnstile *); + #endif /* _KERNEL */ Added: head/share/security/patches/EN-19:14/epoch.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:14/epoch.patch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt2lfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLIBg//ekpEak+WE5KSx7vvkel/UzUPtLMDHdcgb6w4xps5I0/jvbjGLp0JuNsW +Tj73NBDA3KkzTlZSaus38yauUzq8Io6Q11/6ovI15TR58V6R35RSDnI2Df9ML0Wg +GcTnm1bTYbJ1TADQtILO6hxCNR1rvHcj0GycT8NGRNFSerNAhpF+YfMba+Tc3rOU +BeOacXDr8WCTgpa46nltcKE7Qmov2JdMS4yMH21KqXSU3ZCnwHZK+pWthPbeAVyO +NzsRPDn9PKp6sYVc5t7BE5Vn3cg76QNYZBNrHcHJNxhJ1IXOyL/SWg1j3zeiOygp +lDxZPja+mKXerEALBdGVfr/eg1ZeySlKRdETezCuzKnUSMbrQEVGL4pgaPepBCg6 +eGa6PRiwVz+y93w1UpVl8aDOTr/u2O/LeRZX5lLBSa4nBp7sOLilzbDQNsgHWXCX +R4G72PnAkPNwA158u+/vvz1moLWggVeO8edjKNEwiH/i2gyNllXFOtG1TuBL1+EV +T8ySrByEJ/0/Hq+prZCr7ELry+EZcnaag6+Jg29bfxMOK8RAfjqFHgmtSzblWllg +RCTr6Wttw85XcAKYwTXR9CwBf7yuIJb3taMp7XXHljjaMAvQIybRiHphwZSFOh1q +mktgzP1Yp/CdUw8BKFR1cbB5kkQY6Ezq1XTUDH3qebdWLpTqizI= +=Wj+f +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:15/libunwind.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:15/libunwind.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,13 @@ +--- contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp.orig ++++ contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp +@@ -68,7 +68,9 @@ + ehHdrInfo.eh_frame_ptr = + addressSpace.getEncodedP(p, ehHdrEnd, eh_frame_ptr_enc, ehHdrStart); + ehHdrInfo.fde_count = +- addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart); ++ fde_count_enc == DW_EH_PE_omit ++ ? 0 ++ : addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart); + ehHdrInfo.table = p; + } + Added: head/share/security/patches/EN-19:15/libunwind.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:15/libunwind.patch.asc Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt25fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJ1hw/+I2Gj+htbN2MhOodcLa4e4LsgxP9rGW9NZw3F9MbjgDNlVnlVLXrvyKjB +sCBuzLWGWMPkrhyh8zkHTHBq+0An3dCPk5LW5jHy6k31mofL8Jj7SyqQVigK93BN +24NcJP51ScUV0sBrhArd2We1bqmVWXsw0ZZYwm0iHVNFqaxJ1+kkvcw4KQmer+/d +E8+bCKszDyPU3rVVlb6OIsXhMrLgW8Qu0LDP9Ym6qNsfXIGwpFhrtuG1OUiSLiT8 +lnDpB9x5tDYTBVv9//XVZinoTQY4aJ/IcMdK8B7TS2CTyjCL+n+xXgW3bj0u8zKE +gNoxFwH8JNg3srVSelvEkhxGta35JefjIxu0aqD38DHTcyWoqOfdHFcnsQob9SEq +5/afVzFFUutqjfENmYoQ2CvSt3d4GALRGeoNbp0uysIhw1IqIGGuYt5loAYwDApc +4ic6l4bZ+eNXz7GNYBS+CRqHhMdJH5/YxT0UO2uY7Cpd/FtgcM1kHf9xItnL5Kru +cgo35Aw/LWWC5xI1B9ivERtYuQkvQ1KA4wabAhiblA/2bzbEzuc+zB9NDof1nqFp +4BPSYOm8CYYPX8psoKLvxQzeWind1VlJ8NNKQijTmlSsJcR9OjGq5P5KiGYM41X7 +29hUiG8WFFn/3+VglGM6MrGxTCwYTGJ3ry0yFq5LhxDTdH1Yrrg= +=pcMq +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:18/bzip2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:18/bzip2.patch Tue Aug 6 17:31:19 2019 (r53296) @@ -0,0 +1,490 @@ +--- contrib/bzip2/CHANGES.orig ++++ contrib/bzip2/CHANGES +@@ -2,8 +2,8 @@ + This file is part of bzip2/libbzip2, a program and library for + lossless, block-sorting data compression. + +- bzip2/libbzip2 version 1.0.6 of 6 September 2010 +- Copyright (C) 1996-2010 Julian Seward ++ bzip2/libbzip2 version 1.0.7 of 27 June 2019 ++ Copyright (C) 1996-2010 Julian Seward + + Please read the WARNING, DISCLAIMER and PATENTS sections in the + README file. +@@ -325,3 +325,16 @@ + Izdebski. + + * Make the documentation build on Ubuntu 10.04 ++ ++1.0.7 (27 Jun 19) ++~~~~~~~~~~~~~~~~~ ++ ++* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-doc-all@freebsd.org Tue Aug 6 22:37:18 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 410DBB050F; Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4638dp0zBtz3HrZ; Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0487B2D81; Tue, 6 Aug 2019 22:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76MbHAs036481; Tue, 6 Aug 2019 22:37:17 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76MbH2I036480; Tue, 6 Aug 2019 22:37:17 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908062237.x76MbH2I036480@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 6 Aug 2019 22:37:17 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53298 - head/en_US.ISO8859-1/htdocs/releases/11.3R X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.3R X-SVN-Commit-Revision: 53298 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Aug 2019 22:37:18 -0000 Author: gjb Date: Tue Aug 6 22:37:17 2019 New Revision: 53298 URL: https://svnweb.freebsd.org/changeset/doc/53298 Log: Regen after r350660. Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Modified: head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Aug 6 22:36:02 2019 (r53297) +++ head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Aug 6 22:37:17 2019 (r53298) @@ -13,7 +13,7 @@ as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the - ® symbol.

Last modified on 2019-07-09 13:44:33 UTC by gjb.
Abstract

This document lists errata items for FreeBSD 11.3-RELEASE, + ® symbol.

Last modified on 2019-07-09 09:44:33 EDT by gjb.
Abstract

This document lists errata items for FreeBSD 11.3-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information @@ -35,8 +35,10 @@ errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.

Source and binary snapshots of FreeBSD 11.3-STABLE also contain up-to-date copies of this document (as of the time of - the snapshot).

For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.

2. Security Advisories

AdvisoryDateTopic
FreeBSD-SA-19:12.telnet24 July 2019

Multiple vulnerabilities

FreeBSD-SA-19:13.pts24 July 2019

Write-after-free vulnerability

FreeBSD-SA-19:14.freebsd3224 July 2019

Kernel memory disclosure

FreeBSD-SA-19:15.mqueuefs24 July 2019

Reference count overflow

FreeBSD-SA-19:16.bhyve24 July 2019

xhci(4) out-of-bounds read

FreeBSD-SA-19:17.fd24 July 2019

Reference count leak

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-19:13.mds24 July 2019

System crash from Intel CPU vulnerability - mitigation

4. Open Issues

2. Security Advisories

AdvisoryDateTopic
FreeBSD-SA-19:12.telnet24 July 2019

Multiple vulnerabilities

FreeBSD-SA-19:13.pts24 July 2019

Write-after-free vulnerability

FreeBSD-SA-19:14.freebsd3224 July 2019

Kernel memory disclosure

FreeBSD-SA-19:15.mqueuefs24 July 2019

Reference count overflow

FreeBSD-SA-19:16.bhyve24 July 2019

xhci(4) out-of-bounds read

FreeBSD-SA-19:17.fd24 July 2019

Reference count leak

FreeBSD-SA-19:18.bzip26 August 2019

Multiple vulnerabilities

FreeBSD-SA-19:19.mldv26 August 2019

Out-of-bounds memor y access

FreeBSD-SA-19:20.bsnmp6 August 2019

Insufficient message length + validation

FreeBSD-SA-19:21.bhyve6 August 2019

Insufficient validation of guest-supplied + data

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-19:13.mds24 July 2019

System crash from Intel CPU vulnerability + mitigation

FreeBSD-EN-19:15.libunwind6 August 2019

Incorrect exception handling

4. Open Issues

  • [2019-07-04] An issue which can cause a crash when connecting to a bhyve(4) instance with a VNC client under certain circumstances had been reported. An errata notice is planned From owner-svn-doc-all@freebsd.org Tue Aug 6 22:36:03 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46413B01DC; Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4638cM18p1z3HjJ; Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1E4A72D7F; Tue, 6 Aug 2019 22:36:03 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x76Ma2Df036323; Tue, 6 Aug 2019 22:36:02 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x76Ma2gB036321; Tue, 6 Aug 2019 22:36:02 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908062236.x76Ma2gB036321@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 6 Aug 2019 22:36:02 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53297 - head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml X-SVN-Commit-Revision: 53297 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Aug 2019 22:36:03 -0000 Author: gjb Date: Tue Aug 6 22:36:02 2019 New Revision: 53297 URL: https://svnweb.freebsd.org/changeset/doc/53297 Log: Document EN-19:14, EN-19:15, SA-19:18-21. Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Aug 6 17:31:19 2019 (r53296) +++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Aug 6 22:36:02 2019 (r53297) @@ -112,6 +112,20 @@ System crash from Intel CPU vulnerability mitigation + + + FreeBSD-EN-19:14.epoch + 6 August 2019 + Incorrect locking + + + + FreeBSD-EN-19:15.libunwind + 6 August 2019 + Incorrect exception handling + Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Aug 6 17:31:19 2019 (r53296) +++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Aug 6 22:36:02 2019 (r53297) @@ -141,6 +141,36 @@ 24 July 2019 Reference count leak + + + FreeBSD-SA-19:18.bzip2 + 6 August 2019 + Multiple vulnerabilities + + + + FreeBSD-SA-19:19.mldv2 + 6 August 2019 + Out-of-bounds memory access + + + + FreeBSD-SA-19:20.bsnmp + 6 August 2019 + Insufficient message length + validation + + + + FreeBSD-SA-19:21.bhyve + 6 August 2019 + Insufficient validation of guest-supplied + data + From owner-svn-doc-all@freebsd.org Wed Aug 7 15:15:49 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B0C5DAD4D1; Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463Znx3nnrz3Kyv; Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 63663E837; Wed, 7 Aug 2019 15:15:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77FFnnp028067; Wed, 7 Aug 2019 15:15:49 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77FFnpG028065; Wed, 7 Aug 2019 15:15:49 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908071515.x77FFnpG028065@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 7 Aug 2019 15:15:49 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53299 - in head/en_US.ISO8859-1/htdocs/releases/12.1R: . relnotes X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases/12.1R: . relnotes X-SVN-Commit-Revision: 53299 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2019 15:15:49 -0000 Author: gjb Date: Wed Aug 7 15:15:48 2019 New Revision: 53299 URL: https://svnweb.freebsd.org/changeset/doc/53299 Log: - Copy 12.0R/relnotes to 12.1R/relnotes. - Prune entries from 12.0-RELEASE. - Split SUBDIR definitions in 12.1R/Makefile, and connect 12.1R/relnotes to the build. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (Netgate) Added: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/ - copied from r53013, head/en_US.ISO8859-1/htdocs/releases/12.0R/relnotes/ Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile Tue Aug 6 22:37:17 2019 (r53298) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/Makefile Wed Aug 7 15:15:48 2019 (r53299) @@ -17,7 +17,10 @@ DOCS= index.xml \ DATA= docbook.css -#SUBDIR= errata readme relnotes installation +#SUBDIR= errata +#SUBDIR+= readme +SUBDIR+= relnotes +#SUBDIR+= installation #.if exists(${SVN}) #SUBDIR+=hardware Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.0R/relnotes/relnotes.xml Tue May 14 05:29:50 2019 (r53013) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 15:15:48 2019 (r53299) @@ -21,12 +21,8 @@ $FreeBSD$ - - - - - 2018 + 2019 The &os; Documentation Project @@ -141,55 +137,13 @@ Security Advisories - - - - - - - - Advisory - Date - Topic - - - - - - No advisories. -   -   - - - - + &security; Errata Notices - - - - - - - - Errata - Date - Topic - - - - - - No errata notices. -   -   - - - - + &errata; @@ -202,297 +156,44 @@ Userland Configuration Changes - Group permissions on - /dev/acpi have been changed to allow - users in the operator - GID to invoke &man.acpiconf.8; to suspend - the system. - - The default &man.devfs.rules.5; - configuration has been updated to allow &man.mount.fusefs.8; - with &man.jail.8;. - - The default PAGER now - defaults to &man.less.1; for most commands. - - The &man.newsyslog.8; utility has been - updated to reject configuration entries that specify - &man.setuid.2; or executable log files. - - The - WITH_REPRODUCIBLE_BUILD &man.src.conf.5; - knob has been enabled by default. - - LDNS now - enables DANE-TA, and - GOST has been removed. - - A new - &man.src.conf.5; knob, WITH_RETPOLINE, has - been added to enable the retpoline mitigation for userland - builds. +   Userland Application Changes - xlint and the ability to build lint libraries or lint - source code has been removed. - - The &man.dtrace.1; utility has been - updated to support if and - else statements. - - The legacy &man.gdb.1; utility included - in the base system is now installed to /usr/libexec for use with - &man.crashinfo.8;. The gdbserver - and gdbtui utilities are no longer - installed. For interactive debugging, &man.lldb.1; or - a modern version of &man.gdb.1; from devel/gdb should be used. A new - &man.src.conf.5; knob, WITHOUT_GDB_LIBEXEC - has been added to disable building &man.gdb.1;. The - &man.gdb.1; utility is still installed in /usr/bin on - &arch.sparc64;. - - The - &man.setfacl.1; utility has been updated to include a new - flag, -R, used to operate recursively on - directories. - - The &man.cat.1; utility has been updated - to print output aligned the same regardless of if invoked with - -ne or -be. - - The - default bootstrap linker has been changed to &man.ld.lld.1; - for &arch.amd64;. - - The &man.dhclient.8; utility has been - updated to add a configuration knob to allow superseding the - interface-mtu option provided by an - incorrectly-configured DHCP server. - - The - &man.asf.8; utility has been removed, as &man.kgdb.1; now - handles kernel module state internally. - - The sha224(1) utility - has been added. - - The &man.geli.8; utility has been - updated to provide support for initializing multiple providers - at once when they use the same passphrase and/or key. - - The - default bootstrap linker has been changed to &man.ld.lld.1; - for &arch.i386;. - - The - default bootstrap linker has been changed to &man.ld.lld.1; - for &arch.armv7;. - - The &man.dd.1; utility has been updated - to add the status=progress option, which - prints the status of its operation on a single line once per - second, similar to GNU &man.dd.1;. - - The &man.date.1; utility has been - updated to include a new flag, -I, which - prints its output in ISO 8601 - formatting. - - The &man.bectl.8; utility has been - added, providing an administrative interface for managing - ZFS boot environments, similar to - sysutils/beadm. - - The &man.ls.1; utility has been updated - to include a new - --color=when - flag, where when can be one of - always, auto (default), - or never. - - The - &man.bhyve.8; utility has been updated to add a new subcommand - to the -l and -s flags, - help, which when used, prints a list of - supported LPC and PCI - devices, respectively. - - The &man.tftp.1; utility has been - updated to change the default transfer mode from - ASCII to binary. - - The &man.last.1; utility has been - updated to include &man.libxo.3; support. - - The &man.lastlogin.8; utility has been - updated to include &man.libxo.3; support. - - The &man.chown.8; utility has been updated - to prevent overflow of UID or - GID arguments where the argument exceeded - UID_MAX or GID_MAX, - respectively. - - The &man.ctm.1; and related utilities - have been marked as deprecated for removal in - &os; 13.0. +   Contributed Software - The - ELF Tool Chain has been updated - to version r3614. - - The &man.zstd.1; utility has been updated - to version 1.3.4. - - The - &man.vt.4; Terminus BSD Console font has been updated to - version 4.46. - - The &man.xz.1; utility has been updated - to version 5.2.4. - - The clang, - llvm, - lld, - lldb, - compiler-rt utilities and - libc++ have been updated to version - 6.0.1. - - The bsnmp - utility has been updated to version 1.13. - - The WPA utilities - have been updated to version 2.6. - - The &man.ntpd.8; utility has been - updated to allow being run as a non-root user. - - - Source-based upgrades from &os; 11.x and earlier - require the ntpd UID - (123) and GID (123) to exist before the - installworld target is run. See the - "rebuild everything and install" section of - UPDATING for the documented procedure - for source-based upgrades for more details. - - - Support for UDP-lite - has been added to &man.dtrace.udplite.4;. - - The &man.file.1; utility has been - updated to version 5.34. - - The lua - utility has been updated to version 5.3.5. - - Support for send, receive, and - state-change providers have been added to - &man.dtrace.sctp.4;. - - The &man.ntpd.8; utility has been - updated to version 4.2.8p12. - - OpenSSH has - been updated to version 7.8p1. - - The &man.mandoc.1; utility has been - updated to version 1.14.4. - - Additional &man.capsicum.4; support has - been added to &man.sshd.8;. - - Serf has been - updated to version 1.3.9. - - ACPICA has - been updated to version 20181003. - - Unbound has - been updated to version 1.8.1. - - The timezone database files have been - updated to version 2018g. - - OpenSSL has - been updated to version 1.1.1a. +   Installation and Configuration Tools - The - &man.bsdinstall.8; installer and &man.zfsboot.8; boot code - have been updated to allow an - UEFI+GELI installation - option. +   <filename class="directory">/etc/rc.d</filename> Scripts - A new - &man.rc.8; has been added to create &man.cfumass.4; - LUNs. - - The &man.geli.8; &man.rc.8; script has - been updated to include support for a new variable, - geli_groups, which provides support to - attach multiple providers when set in &man.rc.conf.5;. - - The - &man.rc.8; subsystem has been updated to support new keywords - in &man.rc.conf.5;, enable, - disable, and - delete with &man.rc.d.8; scripts and the - &man.service.8; utility. See &man.rc.conf.5; for usage - information. +   Runtime Libraries and API - The &man.getrandom.2; system call and - &man.getentropy.3; library have been added, compatible with - &linux; and OpenBSD implementations. - - The &man.arc4random.3; library has been - updated to match the OpenBSD version 1.35. - - The &man.libarchive.3; library has been - updated to version 3.3.3. +   ABI Compatibility - get_s(3) has been - added. - - The &man.pthread.3; library has been - updated to incorporate - POSIX/SUSv4-2018 - compliance improvements. - - The &man.arc4random.3; library has been - updated to remove arc4random_stir() and - arc4random_addrandom(). +   @@ -506,78 +207,13 @@ Kernel Bug Fixes - The ACPI subsystem has - been updated to implement Device object - types for ACPI 6.0 support, required for - some &dell; Poweredge™ &amd; Epyc™ systems. - - An issue with IPv6-AH - IPSEC padding has been fixed to match - RFC4302. - - The &man.amdsmn.4; and &man.amdtemp.4; - drivers have been updated to attach to - &amd; Ryzen 2™ host bridges. - - The &man.amdtemp.4; driver has been - updated to fix temperature reporting for &amd; 2990WX - CPUs. +   Kernel Configuration - The VIMAGE kernel - configuration option has been enabled by default. - - The &man.dumpon.8; utility has been - updated to add support for compressed kernel crash dumps when - the kernel configuration file includes the - GZIO option. See &man.rc.conf.5; and - &man.dumpon.8; for additional information. - - The &man.ext2fs.5; filesystem has been - updated to support full read/write support for ext4. - - The pmtimer device - has been removed from the &arch.i386; - GENERIC kernel configuration. Its - functionality is now part of &man.apm.4;. - - The &man.dumpon.8; utility has been - updated to add support for &man.zstd.1;-compressed kernel - crash dumps when the kernel configuration file includes the - ZSTDIO option. See &man.rc.conf.5; and - &man.dumpon.8; for additional information. - - A new - &man.src.conf.5; knob, - WITH_KERNEL_RETPOLINE, has been added to - enable the retpoline mitigation for kernel builds. - - The EKCD, - GZIO, ZSTDIO, and - NETDUMP kernel configuration options have - been enabled by default for &arch.amd64;, &arch.i386;, - &arch.arm64;, &arch.powerpc;, &arch.powerpc64;, and - &arch.sparc64; architectures. - - A new kernel configuration option, - KASSERT_PANIC_OPTIONAL, has been added - that allows runtime &man.KASSERT.9; behavior changes without - necessarily invoking &man.panic.9;. The option is disabled - by default. - - The NUMA - option has been enabled by default in the &arch.amd64; - GENERIC and MINIMAL - kernel configurations. +   @@ -590,110 +226,19 @@ Device Drivers - The &man.random.4; device has been updated - to allow terminating large reads with - ^C. - - Support - for the Microchip® LAN78xx™ USB3-GigE controller has - been added. - - A new - multifunction device has been added to - &man.usb.template.4;, providing mass storage, - CDC ACM (serial), and - CDC ECM (ethernet) - simultaneously. - - The &man.random.4; driver has been - updated to remove the Yarrow algorithm. The Fortuna algorithm - remains the default, and now only, available algorithm. - - The &man.netdump.4; driver has been added, - providing a facility through which kernel crash dumps can be - transmitted to a remote host after a system panic. See - &man.netdump.4; and &man.dumpon.8; for more information and - configuration details. - - The &man.random.4; driver has been - updated to fix excessive activity during pseudo-random number - generation. - - The &man.vt.4; driver has been updated - with performance improvements, drawing text at rates ranging - from 2- to 6-times faster. - - The &man.ichwd.4; driver has been updated - to add TCO watchdog timer support for - &intel; Lewisburg PCH (C620) - chipsets. +   Network Drivers - The &man.ixl.4; driver has been updated - to version 1.9.9-k. - - The &man.cxgbe.4; driver has been updated - to provide hardware support for the - SO_MAX_PACING_RATE &man.setsockopt.2; - option when the kernel configuration contains the - RATELIMIT option. - - The &man.ixlv.4; driver has been renamed - to &man.iavf.4; and updated to use &man.iflib.9;. The - &man.ixlv.4; kernel module is now a hard link to &man.iavf.4; - for backwards compatibility for upgrading from earlier &os; - releases. +   Deprecated Drivers - The - &man.lmc.4; driver has been removed. - - The &man.ixgb.4; driver has been - removed. - - The &man.nxge.4; driver has been - removed. - - The &man.vxge.4; driver has been - removed. - - The &man.jedec.ts.4; driver has been - removed in &release.current;, and its functionality replaced - by &man.jedec.dimm.4;. - - The DRM driver for - modern graphics chipsets has been marked deprecated and marked - for removal in &os; 13. The DRM - kernel modules are available from graphics/drm-stable-kmod or - graphics/drm-legacy-kmod - in the Ports Collection as well as via &man.pkg.8;. - Additionally, the kernel modules have been added to the lua - &man.loader.conf.5; module_blacklist, as - installation from the Ports Collection or &man.pkg.8; is - strongly recommended. - - The following drivers have been - deprecated in &os; 12.0, and not present in - &os; 13.0: &man.ae.4;, &man.de.4;, &man.ed.4;, - &man.ep.4;, &man.ex.4;, &man.fe.4;, &man.pcn.4;, &man.sf.4;, - &man.sn.4;, &man.tl.4;, &man.tx.4;, &man.txp.4;, &man.vx.4;, - &man.wb.4;, &man.xe.4; +   @@ -708,136 +253,25 @@ Hardware Support - Support for powernv POWER9 - MMU initialization has been added. +   Graphics Support - &os; has changed the way graphics drivers are handled on - &arch.amd64; and &arch.i386;. Graphics drivers for modern - ATI/&amd; and &intel; graphics cards are now available in the - Ports Collection. The base drivers are still available and - will be installed by default, but they lack support for - current generation laptop and desktop systems. - - In most cases it is enough to install graphics/drm-kmod - from ports or packages to install a driver appropriate for the - system, then adding the appropriate driver to - kld_list in &man.rc.conf.5;. - - For &intel; (i915) systems after Broadwell™, the - &man.rc.conf.5; entry is: - - kld_list="/boot/modules/i915kms.ko" - - Systems with ATI/&amd; graphics cards have two options. - Modern systems starting with the HD7000 series GPU should - use: - - kld_list="/boot/modules/amdgpu.ko" - - Systems with cards released before the HD7000 GPU - use: - - kld_list="/boot/modules/radeonkms.ko" - - - Users must be added to the video - GID after installing graphics/drm-kmod in order for - X to start properly. - - - - There are known issues with the - xserver driver provided by x11-drivers/xf86-video-ati - when using graphics drivers from the base system; - x11-drivers/xf86-video-ati-legacy - should be used instead. - - - - There is a known issue where booting with - UEFI and using the ATI/&amd; graphics - driver may cause the screen to be garbled before the - appropriate driver is loaded. - - - For additional information regarding graphics support on - &os;, please see the Graphics Wiki - Page. +   Virtualization Support - Amazon® EC2™ AMI instances now - have sysutils/amazon-ssm-agent - installed by default, though the service is not enabled by - default in &man.rc.conf.5;. To enable the service, - add: - - >>/etc/rc.conf - amazon_ssm_agent_enable="YES" - - to the EC2™ user-data. - - Amazon® EC2™ AMI instances now - disable ChallengeResponseAuthentication in - &man.sshd.config.5; by default. - - Amazon® EC2™ AMI instances now - use the Amazon® internal NTP - service by default. - - The &man.bhyve.8; utility has been - updated to allow controlling CPU topology - from userland. - - The - &man.bhyve.8; utility has been updated to add - &man.virtio.scsi.4; storage support. - - The - &man.bhyve.8; utility has been updated to add - NVMe device emulation. - - A new &man.sysctl.8;, - security.jail.vmm_allowed, has been added, - which when set to 1 allows &man.bhyve.8; - use within a &man.jail.8;. - - Amazon® EC2™ AMI instances now - disable the PS/2 keyboard and mouse devices by default, - reducing overall boot time by 2.5 seconds. +   ARM Support - Support - for the USB OTG serial - terminal has been enabled on &arch.arm; systems by - default. - - The &arch.armv6; and &arch.armv7; images - now default to boot with EFI. - - Support has been added for building - &arch.arm64; images for the PINE64-LTS - system. - - Support - for &man.capsicum.4; has been enabled on &arch.armv6; and - &arch.armv7; by default. +   @@ -850,73 +284,19 @@ General Storage - The - UFS/FFS filesystem - has been updated to support check hashes to cylinder-group - maps. Support for check hashes is available only for - UFS2. - - The - CAM Target Layer (CTL) - frontend and backend options have been overhauled to use - &man.nv.3; allowing creating multiple &man.ioctl.2; frontend - ports. - - The default &man.auto.master.5; - configuration has been updated to add the - noautoro &man.automount.8; flag to the - /media mount - point (commented by default). - - The - UFS/FFS filesystem has - been updated to consolidate - TRIM/BIO_DELETE - commands, reducing read/write requests due to fewer - TRIM messages being sent - simultaneously. - - TRIM consolidation - support has been enabled by default in the - UFS/FFS filesystem. - TRIM consolidation can be disabled by - setting the vfs.ffs.dotrimcons - &man.sysctl.8; to 0, or adding - vfs.ffs.dotrimcons=0 to - &man.sysctl.conf.5;. - - The &man.geom.8; utility has been - updated to add a new flag, -p, which - prints the GEOM class of the specified - provider. - - The &man.geom.8; utility has been - updated to add a new flag, -t, which - prints the GEOM hierarchy. +   Networked Storage - The NFS version 4.1 - server has been updated to include pNFS - server support. +   ZFS - ZFS has been updated - to include new &man.sysctl.8;s, - vfs.zfs.arc_min_prefetch_ms and - vfs.zfs.arc_min_prescient_prefetch_ms, - which improve performance of the &man.zpool.8; - scrub subcommand. +   @@ -929,45 +309,7 @@ Boot Loader Changes - The lua &man.loader.8; has been updated to - detect a list of installed kernels to boot. - - The &man.loader.8; has been updated to - support &man.geli.8; for all architectures and all disk-like - devices. - - The &man.init.8; utility has been - updated to be able to run an executable written in languages - other than &man.sh.1;, such as - Python, for example. - - The - &man.loader.8; has been updated to add support for loading - &intel; microcode updates early during the boot - process. - - A new &man.kenv.1; variable, - init_exec, has been added to &man.loader.8; - which allows &man.init.8; to execute a file after opening the - console, replacing &man.init.8; as PID - 1. - - The default &man.libstand.3; interpreter - has been changed to Lua. - - The lua &man.loader.8; has been updated - to support module blacklists. - - The default lua &man.loader.conf.5; has - been updated to include the - kernels_autodetect option, which defaults - to YES, supplementing the &man.loader.8; - support to list available kernels to boot introduced in - revision 329501. +   @@ -980,45 +322,13 @@ General Network - The - &man.carp.4; interface has been updated to keep the state as - INIT instead of MASTER - when the net.inet.carp.allow &man.sysctl.8; - is set to 0. - - The &man.pf.4; packet filter is now usable within - a &man.jail.8; using &man.vnet.9;. - - The &man.pf.4; packet filter has been - updated to use &man.rmlock.9; instead of &man.rwlock.9;, - resulting in significant performance improvements. - - The SO_REUSEPORT_LB - option has been added to the network stack, allowing multiple - programs or threads to bind to the same port, and incoming - connections load balanced using a hash function. - - The &man.pf.4; ioctl interface and - &man.pfctl.8; now support &man.altq.4; bandwidth parameters of - 2^32 bps or greater. The - HFSC discipline has been upgraded to - operate correctly with bandwidth parameters up to 100 Gbps, - and bandwidth parameters supplied to the non-upgraded - disciplines will now be saturated at the prior 32-bit - limit. +   Network Protocols - Support for token-ring networks has - been removed. - - Support for the Arcnet protocol has - been removed. +   @@ -1032,17 +342,7 @@ Packaging Changes - The &man.pkg.8; utility has been updated to verson - 1.10.5_5. - - KDE has been updated to version - 5.12.5. - - Perl has been updated to - version 5.26.2. - - Python has been updated to - version 2.7. +   @@ -1055,9 +355,7 @@ Documentation Source Changes - The - &man.arch.7; manual page has been added, containing details - specific to certain architectures. +   @@ -1070,17 +368,7 @@ Integration Changes - The - &os;/&arch.i386; memory stick installation images have been - changed to use the MBR partitioning scheme - instead of GPT to address boot issues with - some BIOSes. - - The - &os;/&arch.amd64; memory stick installation images have been - changed to use the MBR partitioning scheme - instead of GPT to address boot issues with - some BIOSes. +   From owner-svn-doc-all@freebsd.org Wed Aug 7 20:16:51 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 406A5B6757; Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463jTH0zjnz4H9m; Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 04AEA1A04D; Wed, 7 Aug 2019 20:16:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77KGoaT015304; Wed, 7 Aug 2019 20:16:50 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77KGodJ015302; Wed, 7 Aug 2019 20:16:50 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908072016.x77KGodJ015302@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 7 Aug 2019 20:16:50 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53300 - in head/en_US.ISO8859-1/htdocs/releases/12.1R: relnotes share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in head/en_US.ISO8859-1/htdocs/releases/12.1R: relnotes share/xml X-SVN-Commit-Revision: 53300 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2019 20:16:51 -0000 Author: gjb Date: Wed Aug 7 20:16:50 2019 New Revision: 53300 URL: https://svnweb.freebsd.org/changeset/doc/53300 Log: Release notes documentation: - r340444: ctm(1) deprecation. - r342705: ktrdump(8) '-l' flag addition. - r343281: bearssl import. - r343940: timed(8) deprecation. - r344667: ipfw(8) fix showing headers outside of 'all'. - r344688: trim(1) addition. - r344884: ntpd(8) version 4.2.8p13. - r345487: sh(1) '-o pipefail' addition. - r345569: lockf(1) return EX_UNAVAILABLE when no lock file with '-n'. - r346980: WPA version 2.7. - r346986: tcpdump(8) '-E' flag disables capsicum(4). - r346987: bsnmpd(1) IPv6 transport support. - r347384: camcontrol(8) ATA power mode support. - r347752: mlx5tool(8) userspace firmware update support. - r348233: GRE-in-UDP encapsulation support (RFC 8086). - r348341: OpenSSL version 1.1.1c. - r349013: mandoc(1) version 1.14.5. - r349523: libarchive(3) version 3.4.0. - r349597: tzdata 2019b. - r349717: bzip2(1) version 1.0.7. - r350256: clang (and friends) updated to 8.0.1. - r350634: bzip2recover addition. While here: - Add Mellanox to the sponsors.ent file. - Fix the sponsors.ent entry for Netgate. Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 15:15:48 2019 (r53299) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:50 2019 (r53300) @@ -162,15 +162,96 @@ Userland Application Changes -   + The &man.lockf.1; utility has been + updated to return EX_UNAVAILABLE if the + -n flag is used and the lock file does not + exist. + + The &man.ktrdump.8; utility has been + updated to include the -l flag which + enables "live" mode when specified. + + The &man.mlx5tool.8; utility has been + updated to implement firmware update capability for + ConnectX-4®, ConnectX-5®, and ConnectX-6®. + + The &man.gzip.1; utility has been + updated to add -l support for &man.xz.1; + files. + + The &man.trim.8; utility has been added, + which deletes content for blocks on flash-based storage + devices that use wear-leveling algorithms. + + The &man.sh.1; utility has been updated + to include a new pipefail option, which + when set, changes the exit status of a pipeline to the last + non-zero exit status of any command in the pipeline. + + The &man.posixshmcontrol.1; utility has + been added. Contributed Software -   + BearSSL has + been imported to the base system. + + The &man.ntpd.8; suite of utilities have + been updated to version 4.2.8p13. + + The WPA utilities + have been updated to version 2.7. + + The &man.tcpdump.1; utility has been + updated to disable &man.capsicum.4; support when the + -E flag is used. + + The &man.bsnmpd.1; utility has been + updated to includeIPv6 transport + support. + + OpenSSL has + been updated to version 1.1.1c. + + The &man.mandoc.1; utility has been + updated to version 1.14.5. + + The &man.libarchive.3; library has + been updated to version 3.4.0. + + The timezone database files have been + updated to version 2019b. + + The &man.bzip2.1; utility has been + updated to version 1.0.7. + + The clang, + llvm, + lld, + lldb, + compiler-rt utilities and + libc++ have been updated to version + 8.0.1. + + The + bzip2recover utility has been + added. + + Deprecated Applications + + The &man.ctm.1; utility has been marked + as deprecated, and has been removed in &os; 13.0. + + The &man.timed.8; utility has been + marked as deprecated, and has been removed in + &os; 13.0. + + Installation and Configuration Tools @@ -284,7 +365,10 @@ General Storage -   + The &man.camcontrol.8; utility has been + updated to add ATA power mode + support. @@ -322,7 +406,19 @@ General Network -   + The &man.ipfw.8; utility has been + updated to fix showing headers outside of "all" + when executing ipfw table list. + + Support for NAT64 + CLAT has been added, as defined in + RFC6877. + + Support for + GRE-in-UDP encapsulation + has been added, as defined in + RFC8086. Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent Wed Aug 7 15:15:48 2019 (r53299) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/sponsor.ent Wed Aug 7 20:16:50 2019 (r53300) @@ -45,13 +45,14 @@ + - + From owner-svn-doc-all@freebsd.org Wed Aug 7 20:16:52 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B66BEB677C; Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463jTJ4KhBz4H9r; Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5DFD91A04E; Wed, 7 Aug 2019 20:16:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77KGqe1015343; Wed, 7 Aug 2019 20:16:52 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77KGqx2015342; Wed, 7 Aug 2019 20:16:52 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908072016.x77KGqx2015342@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 7 Aug 2019 20:16:52 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53301 - head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes X-SVN-Commit-Revision: 53301 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2019 20:16:52 -0000 Author: gjb Date: Wed Aug 7 20:16:51 2019 New Revision: 53301 URL: https://svnweb.freebsd.org/changeset/doc/53301 Log: Release notes documentation: - Populate the Security Advisories and Errata Notices sections with the contents of the 12.0R/share/xml/{security,errata}.xml files. Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:50 2019 (r53300) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 20:16:51 2019 (r53301) @@ -137,13 +137,311 @@ Security Advisories - &security; + + + + + + + + Advisory + Date + Topic + + + + + + FreeBSD-SA-18:15.bootpd + 19 December 2018 + Buffer overflow + + + + FreeBSD-SA-19:01.syscall + 5 February 2019 + Kernel data register leak + + + + FreeBSD-SA-19:02.fd + 5 February 2019 + File description reference count + leak + + + + FreeBSD-SA-19:03.wpa + 14 May 2019 + Multiple vulnerabilities + + + + FreeBSD-SA-19:04.ntp + 14 May 2019 + Authenticated denial of service in + &man.ntpd.8; + + + + FreeBSD-SA-19:05.pf + 14 May 2019 + IPv6 fragment reassembly panic in + &man.pf.4; + + + + FreeBSD-SA-19:06.pf + 14 May 2019 + ICMP/ICMP6 packet filter bypass in + &man.pf.4; + + + + FreeBSD-SA-19:07.mds + 14 May 2019 + Microarchitectural Data + Sampling + + + + FreeBSD-SA-19:08.rack + 19 June 2019 + Resource exhaustion in non-default RACK TCP + stack + + + + FreeBSD-SA-19:09.iconv + 2 July 2019 + &man.iconv.3; buffer + overflow + + + + FreeBSD-SA-19:10.ufs + 2 July 2019 + Kernel stack disclosure + + + + FreeBSD-SA-19:11.cd_ioctl + 2 July 2019 + Privilege escalation in + &man.cd.4; + + + + FreeBSD-SA-19:12.telnet + 24 July 2019 + Multiple vulnerabilities + + + + FreeBSD-SA-19:13.pts + 24 July 2019 + Write-after-free + vulnerability + + + + FreeBSD-SA-19:15.mqueuefs + 24 July 2019 + Reference count overflow + + + + FreeBSD-SA-19:16.bhyve + 24 July 2019 + &man.xhci.4; out-of-bounds + read + + + + FreeBSD-SA-19:17.fd + 24 July 2019 + Reference count leak + + + + FreeBSD-SA-19:18.bzip2 + 6 August 2019 + Multiple vulnerabilities + + + + FreeBSD-SA-19:19.mldv2 + 6 August 2019 + Out-of-bounds memory access + + + + FreeBSD-SA-19:20.bsnmp + 6 August 2019 + Insufficient message length + validation + + + + FreeBSD-SA-19:21.bhyve + 6 August 2019 + Insufficient validation of guest-supplied + data + + + + Errata Notices - &errata; + + + + + + + + Errata + Date + Topic + + + + + + FreeBSD-EN-19:01.cc_cubic + 9 January 2019 + Connection stalls with CUBIC congestion + control + + + + FreeBSD-EN-19:02.tcp + 9 January 2019 + TCP connections may stall and eventually + fail in case of packet loss + + + + FreeBSD-EN-19:03.sqlite + 9 January 2019 + sqlite update + + + + FreeBSD-EN-19:04.tzdata + 9 January 2019 + Timezone database information + update + + + + FreeBSD-EN-19:06.dtrace + 5 February 2019 + DTrace incompatibility with SMAP-enabled + systems + + + + FreeBSD-EN-19:07.lle + 5 February 2019 + LLE table lookup code race + condition + + + + FreeBSD-EN-19:08.tzdata + 14 May 2019 + Timezone database information + update + + + + FreeBSD-EN-19:09.xinstall + 14 May 2019 + &man.install.1; broken with partially + matching relative paths + + + + FreeBSD-EN-19:10.scp + 14 May 2019 + Insufficient filename validation in + &man.scp.1; client + + + + FreeBSD-EN-19:11.net + 19 June 2019 + Incorrect locking in networking + stack + + + + FreeBSD-EN-19:12.tzdata + 2 July 2019 + Timezone database information + update + + + + FreeBSD-EN-19:13.mds + 24 July 2019 + System crash from Intel CPU vulnerability + mitigation + + + + FreeBSD-EN-19:14.epoch + 6 August 2019 + Incorrect locking + + + + FreeBSD-EN-19:15.libunwind + 6 August 2019 + Incorrect exception handling + + + + From owner-svn-doc-all@freebsd.org Wed Aug 7 23:43:10 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B4409BBC72; Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463p3L49gCz4VLq; Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 70DA81C635; Wed, 7 Aug 2019 23:43:10 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77NhAb7042117; Wed, 7 Aug 2019 23:43:10 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77NhAVw042116; Wed, 7 Aug 2019 23:43:10 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908072343.x77NhAVw042116@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 7 Aug 2019 23:43:10 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53302 - head/en_US.ISO8859-1/articles/freebsd-releng X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/freebsd-releng X-SVN-Commit-Revision: 53302 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2019 23:43:10 -0000 Author: gjb Date: Wed Aug 7 23:43:10 2019 New Revision: 53302 URL: https://svnweb.freebsd.org/changeset/doc/53302 Log: Update the freebsd-releng article to note to move the REPRODUCIBLE_BUILD knob from __DEFAULT_NO_OPTIONS to __DEFAULT_YES_OPTIONS. Submitted by: jhb Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml Modified: head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml ============================================================================== --- head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml Wed Aug 7 20:16:51 2019 (r53301) +++ head/en_US.ISO8859-1/articles/freebsd-releng/releng-major-version.xml Wed Aug 7 23:43:10 2019 (r53302) @@ -113,6 +113,13 @@ + stable/12/share/mk/src.opts.mk + Move REPRODUCIBLE_BUILD from + __DEFAULT_NO_OPTIONS to + __DEFAULT_YES_OPTIONS + + + stable/12/libexec/rc/rc.conf Set dumpdev from AUTO to NO (it is From owner-svn-doc-all@freebsd.org Fri Aug 9 20:24:01 2019 Return-Path: Delivered-To: svn-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD044A928A; Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 464xXd56GQz414H; Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9250A1B147; Fri, 9 Aug 2019 20:24:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x79KO1r4039391; Fri, 9 Aug 2019 20:24:01 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x79KO1tM039390; Fri, 9 Aug 2019 20:24:01 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201908092024.x79KO1tM039390@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 9 Aug 2019 20:24:01 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53303 - head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes X-SVN-Commit-Revision: 53303 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2019 20:24:01 -0000 Author: gjb Date: Fri Aug 9 20:24:01 2019 New Revision: 53303 URL: https://svnweb.freebsd.org/changeset/doc/53303 Log: Release notes documentation: - r346331: libomp addition. - r347110: net.inet.tcp.rexmit_initial sysctl addition. - r349930: swapon(8) support to trim swap devices. - r343735: pci_vendors version 2019.02.29. - r350297: lld enabled as system linker on i386. While here, move an entry mis-sorted by revision number. Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Wed Aug 7 23:43:10 2019 (r53302) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/relnotes/relnotes.xml Fri Aug 9 20:24:01 2019 (r53303) @@ -469,11 +469,6 @@ updated to include the -l flag which enables "live" mode when specified. - The &man.mlx5tool.8; utility has been - updated to implement firmware update capability for - ConnectX-4®, ConnectX-5®, and ConnectX-6®. - The &man.gzip.1; utility has been updated to add -l support for &man.xz.1; files. @@ -487,8 +482,19 @@ when set, changes the exit status of a pipeline to the last non-zero exit status of any command in the pipeline. + The &man.mlx5tool.8; utility has been + updated to implement firmware update capability for + ConnectX-4®, ConnectX-5®, and ConnectX-6®. + The &man.posixshmcontrol.1; utility has been added. + + The &man.swapon.8; utility has been + updated to invoke BIO_DELETE to trim + swap devices if either the -E flag is used + on the command line, or if the trimonce + option is included in &man.fstab.5;. @@ -534,6 +540,10 @@ libc++ have been updated to version 8.0.1. + The + lld linker has been enabled by + default for &arch.i386;. + The bzip2recover utility has been added. @@ -566,7 +576,8 @@ Runtime Libraries and API -   + The libomp library + has been added. @@ -583,6 +594,13 @@ tuning, and system control parameters that are not otherwise categorized. + + General Kernel Changes + + The pci_vendors + list has been updated to version 2019.01.29. + + Kernel Bug Fixes @@ -712,6 +730,13 @@ sponsor="&yandex;">Support for NAT64 CLAT has been added, as defined in RFC6877. + + The + net.inet.tcp.rexmit_initial &man.sysctl.8; + has been added, used for setting + RTO.Initial, used by + TCP. Support for GRE-in-UDP encapsulation