From owner-svn-doc-head@freebsd.org Sun Feb 3 12:41:06 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40A2414C8477; Sun, 3 Feb 2019 12:41:06 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D90606C780; Sun, 3 Feb 2019 12:41:05 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CEB9C1EB06; Sun, 3 Feb 2019 12:41:05 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x13Cf5fS046609; Sun, 3 Feb 2019 12:41:05 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x13Cf5Gt046608; Sun, 3 Feb 2019 12:41:05 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201902031241.x13Cf5Gt046608@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Sun, 3 Feb 2019 12:41:05 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52794 - head/de_DE.ISO8859-1/books/handbook/disks X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/disks X-SVN-Commit-Revision: 52794 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: D90606C780 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.977,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2019 12:41:06 -0000 Author: bhd Date: Sun Feb 3 12:41:05 2019 New Revision: 52794 URL: https://svnweb.freebsd.org/changeset/doc/52794 Log: Update to r52711: - Make the format of memory-backed disks consistent (soft-updates) - Correct size of file-backed disk Modified: head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml Modified: head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml Fri Feb 1 18:32:17 2019 (r52793) +++ head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml Sun Feb 3 12:41:05 2019 (r52794) @@ -5,7 +5,7 @@ $FreeBSD$ $FreeBSDde: de-docproj/books/handbook/disks/chapter.xml,v 1.187 2012/04/26 19:32:48 bcr Exp $ - basiert auf: r52077 + basiert auf: r52711 --> Um ein dateibasiertes Dateisystem zu erstellen, muss zunächst ein Stück Speicher auf der Festplatte reserviert - werden. Dieses Beispiel erzeugt eine 5 KB große Datei + werden. Dieses Beispiel erzeugt eine 5 MB große Datei namens newimage: &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k @@ -2239,7 +2239,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on &prompt.root; mdconfig -f newimage -u 0 &prompt.root; bsdlabel -w md0 auto -&prompt.root; newfs md0a +&prompt.root; newfs -U md0a /dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes. super-block backups (for fsck -b #) at: From owner-svn-doc-head@freebsd.org Sun Feb 3 17:54:36 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3352D14AD019; Sun, 3 Feb 2019 17:54:36 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BE79380146; Sun, 3 Feb 2019 17:54:35 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AA70022103; Sun, 3 Feb 2019 17:54:35 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x13HsZgB015056; Sun, 3 Feb 2019 17:54:35 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x13HsZUQ015055; Sun, 3 Feb 2019 17:54:35 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201902031754.x13HsZUQ015055@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Sun, 3 Feb 2019 17:54:35 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52795 - head/de_DE.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/network-servers X-SVN-Commit-Revision: 52795 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: BE79380146 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.963,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2019 17:54:36 -0000 Author: bhd Date: Sun Feb 3 17:54:35 2019 New Revision: 52795 URL: https://svnweb.freebsd.org/changeset/doc/52795 Log: Update to r52704: Rewrite the LDAP server section of the handbook. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D19062 Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Sun Feb 3 12:41:05 2019 (r52794) +++ head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Sun Feb 3 17:54:35 2019 (r52795) @@ -5,7 +5,7 @@ $FreeBSD$ $FreeBSDde: de-docproj/books/handbook/network-servers/chapter.xml,v 1.103 2011/12/24 15:51:18 bcr Exp $ - basiert auf: r52450 + basiert auf: r52704 --> Tom Rhodes - Geschrieben von + Ursprünglich beigetragen von + Rocky + Hotas + + Aktualisiert von + + + + + Björn Heidotting @@ -2487,35 +2496,38 @@ result: 0 Success LDAP Server &os; integriert keinen LDAP-Server. - Beginnen Sie die Konfiguration durch die Installation des - Ports oder Pakets net/openldap24-server. - Da der Port viele konfigurierbare Optionen hat, ist es - empfehlenswert zu prüfen, ob die Installation des Pakets - ausreichend ist. Wenn Sie irgendwelche Optionen ändern - möchten, ist es besser den Port zu übersetzen. In den meisten - Fällen sollten die Standardwerte ausreichend sein. Wenn - Sie jedoch SQL-Unterstützung benötigen, muss diese Option - aktiviert und der Port nach den Anweisungen in übersetzt werden. + Beginnen Sie die Konfiguration mit der Installation des + Ports oder Pakets + net/openldap-server: - Als nächstes muss ein Verzeichnis für Daten sowie ein - Verzeichnis für die Zertifikate erstellt werden: + &prompt.root; pkg install openldap-server - &prompt.root; mkdir /var/db/openldap-data -&prompt.root; mkdir /usr/local/etc/openldap/private + Im + Paket sind eine große Anzahl an Optionen aktiviert. + Mit dem Befehl pkg info openldap-server + können diese überprüft werden. Falls die Optionen nicht + ausreichend sind (weil bspw. SQL-Unterstützung benötigt wird), + sollten Sie in Betracht ziehen, den Port mit dem + entsprechenden Framework neu zu übersetzen. - Kopieren Sie die Konfigurationsdatei der Datenbank: + Während der Installation wird für die Daten das + Verzeichnis /var/db/openldap-data + erstellt. Das Verzeichnis für die Ablage der Zertifikate + muss manuell angelegt werden: - &prompt.root; cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/DB_CONFIG + &prompt.root; mkdir /usr/local/etc/openldap/private Im nächsten Schritt wird die Zertifizierungsstelle konfiguriert. Die folgenden Befehle müssen in /usr/local/etc/openldap/private ausgeführt werden. Dies ist wichtig, da die Dateiberechtigungen restriktiv gesetzt werden und Benutzer - keinen direkten Zugriff auf diese Daten haben sollten. Geben - Sie folgenden Befehl ein, um die Zertifizierungsstelle zu - erstellen und folgen Sie den Anweisungen: + keinen direkten Zugriff auf diese Daten haben sollten. + Weitere Informationen über Zertifikate und deren Parameter + finden Sie im . Geben Sie folgenden + Befehl ein, um die Zertifizierungsstelle zu erstellen und + folgen Sie den Anweisungen: &prompt.root; openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt @@ -2536,7 +2548,9 @@ result: 0 Success Stellen Sie hierbei sicher, dass Common Name richtig eingetragen wird. - Anschließend muss der Schlüssel signiert werden: + Die Zertifikatsregistrierungsanforderung muss mit dem + Schlüssel der Zertifizierungsstelle unterschrieben werden, um + als gültiges Zertifikat verwendet zu werden: &prompt.root; openssl x509 -req -days 365 -in server.csr -out ../server.crt -CA ../ca.crt -CAkey ca.key -CAcreateserial @@ -2550,179 +2564,367 @@ result: 0 Success Achten Sie wieder auf das Attribut Common name. Stellen Sie außerdem sicher, dass bei diesem Verfahren acht (8) neue Dateien erzeugt worden - sind. Der nächste Schritt besteht darin, - /usr/local/etc/openldap/slapd.conf zu - editieren und folgende Optionen hinzuzufügen: + sind. - TLSCipherSuite HIGH:MEDIUM:+SSLv3 -TLSCertificateFile /usr/local/etc/openldap/server.crt -TLSCertificateKeyFile /usr/local/etc/openldap/private/server.key -TLSCACertificateFile /usr/local/etc/openldap/ca.crt + Der Daemon, auf dem der OpenLDAP-Server läuft, heißt + slapd. Die Konfiguration erfolgt über + slapd.ldif. Die alte + slapd.conf wird von OpenLDAP nicht mehr + verwendet. - Danach bearbeiten Sie - /usr/local/etc/openldap/ldap.conf und - fügen folgende Zeilen hinzu: + Konfigurationsbeispiele + für slapd.ldif finden sich auch in + /usr/local/etc/openldap/slapd.ldif.sample. + Optionen sind in slapd-config(5) dokumentiert. Jeder + Abschnitt in slapd.ldif wird, wie alle + anderen LDAP-Attributgruppen, durch einen DN eindeutig + identifiziert. Achten Sie darauf, dass keine Leerzeilen + zwischen der Anweisung dn: und dem + gewünschten Ende des Abschnitts verbleiben. Im folgenden + Beispiel wird TLS verwendet, um einen sicheren Kanal zu + implementieren. Der erste Abschnitt stellt die globale + Konfiguration dar: - TLS_CACERT /usr/local/etc/openldap/ca.crt -TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3 + # +# See slapd-config(5) for details on configuration options. +# This file should NOT be world readable. +# +dn: cn=config +objectClass: olcGlobal +cn: config +# +# +# Define global ACLs to disable default read access. +# +olcArgsFile: /var/run/openldap/slapd.args +olcPidFile: /var/run/openldap/slapd.pid +olcTLSCertificateFile: /usr/local/etc/openldap/server.crt +olcTLSCertificateKeyFile: /usr/local/etc/openldap/private/server.key +olcTLSCACertificateFile: /usr/local/etc/openldap/ca.crt +#olcTLSCipherSuite: HIGH +olcTLSProtocolMin: 3.1 +olcTLSVerifyClient: never - Kommentieren Sie die folgenden Einträge aus und setzen Sie - sie auf die gewünschten Werte: , - , und - . Setzen Sie bei - und - ein. Fügen Sie danach zwei Einträge - ein, die auf die Zertifizierungsstelle verweisen. Wenn Sie - fertig sind, sollten die Einträge wie folgt aussehen: + Hier müssen die Zertifizierungsstelle, das + Serverzertifikat und die privaten Schlüssel des Servers + angegeben werden. Es wird empfohlen, den Clients die Wahl der + Sicherheits-Chiffre zu überlassen und die Option + olcTLSCipherSuite wegzulassen (inkompatibel + mit anderen TLS-Clients als openssl). + Mit der Option olcTLSProtocolMin benötigt + der Server nur eine minimale Sicherheitsstufe. + Diese Option wird empfohlen. Während die Verfizierung für den + Server verpflichtend ist, ist sie es nicht für den Client: + olcTLSVerifyClient: never. - BASE dc=example,dc=com -URI ldap:// ldaps:// + Der zweite Abschnitt behandelt die Backend-Module und + kann wie folgt konfiguriert werden: -SIZELIMIT 12 -TIMELIMIT 15 + # +# Load dynamic backend modules: +# +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulepath: /usr/local/libexec/openldap +olcModuleload: back_mdb.la +#olcModuleload: back_bdb.la +#olcModuleload: back_hdb.la +#olcModuleload: back_ldap.la +#olcModuleload: back_passwd.la +#olcModuleload: back_shell.la -TLS_CACERT /usr/local/etc/openldap/ca.crt -TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3 + Der dritte Abschnitt widmet sich dem Laden der benötigten + ldif-Schemata, die von den Datenbanken verwendet werden + sollen. Diese Dateien sind essentiell. - Anschließend sollte das Standardpasswort für den Server - geändert werden: + dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema - &prompt.root; slappasswd -h "{SHA}" >> /usr/local/etc/openldap/slapd.conf +include: file:///usr/local/etc/openldap/schema/core.ldif +include: file:///usr/local/etc/openldap/schema/cosine.ldif +include: file:///usr/local/etc/openldap/schema/inetorgperson.ldif +include: file:///usr/local/etc/openldap/schema/nis.ldif - Dieser Befehl wird nach einem Passwort fragen und, wenn - der Prozess nicht fehlschlägt, ein Passwort-Hash an das - Ende von slapd.conf hinzufügen. Es - werden verschiedene Hash-Formate unterstützt. Weitere - Informationen hierzu finden Sie in der Manualpage von - slappasswd. + Als nächstes folgt der Abschnitt zur + Frontend-Konfiguration: - Als nächstes bearbeiten Sie - /usr/local/etc/openldap/slapd.conf und - fügen folgende Zeilen hinzu: + # Frontend settings +# +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +olcAccess: to * by * read +# +# Sample global access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# +#olcAccess: to dn.base="" by * read +#olcAccess: to dn.base="cn=Subschema" by * read +#olcAccess: to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! +# +olcPasswordHash: {SSHA} +# {SSHA} is already the default for olcPasswordHash - password-hash {sha} -allow bind_v2 + Ein weiterer Abschnitt ist dem Konfigurations-Backend + gewidmet, der einzige Weg, später auf die + OpenLDAP-Serverkonfiguration zuzugreifen, ist als globaler + Superuser. - Das Suffix in dieser Datei muss aus - /usr/local/etc/openldap/ldap.conf - entsprechen. Zudem sollte die Option - ebenfalls gesetzt werden. Ein guter Wert ist beispielsweise - . Bevor die Datei gespeichert - wird, setzen Sie die Passwortausgabe von - slappasswd hinter die Option - . Das Endergebnis sollte in etwa wie - folgt aussehen: + dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcAccess: to * by * none +olcRootPW: {SSHA}iae+lrQZILpiUdf16Z9KmDmSwT77Dj4U - TLSCipherSuite HIGH:MEDIUM:+SSLv3 -TLSCertificateFile /usr/local/etc/openldap/server.crt -TLSCertificateKeyFile /usr/local/etc/openldap/private/server.key -TLSCACertificateFile /usr/local/etc/openldap/ca.crt -rootpw {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= + Der voreingestellte Benutzername für den Administrator + lautet cn=config. Geben Sie + slappasswd in eine Shell ein, wählen Sie + ein Passwort und verwenden Sie seinen Hash in + olcRootPW. Wenn diese Option jetzt nicht + angegeben ist, kann vor dem Import der + slapd.ldif niemand später den Abschnitt + global configuration ändern. - Aktivieren Sie abschließend - OpenLDAP in - /etc/rc.conf und setzen Sie die - URI: + Der letzte Abschnitt befasst sich mit dem + Datenbank-Backend: - slapd_enable="YES" -slapd_flags="-4 -h ldaps:///" + ####################################################################### +# LMDB database definitions +####################################################################### +# +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: mdb +olcDbMaxSize: 1073741824 +olcSuffix: dc=domain,dc=example +olcRootDN: cn=mdbadmin,dc=domain,dc=example +# Cleartext passwords, especially for the rootdn, should +# be avoided. See slappasswd(8) and slapd-config(5) for details. +# Use of strong authentication encouraged. +olcRootPW: {SSHA}X2wHvIWDk6G76CQyCMS1vDCvtICWgn0+ +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +olcDbDirectory: /var/db/openldap-data +# Indices to maintain +olcDbIndex: objectClass eq - An dieser Stelle kann der Server gestartet und getestet - werden: + Diese Datenbank enthält den + eigentlichen Inhalt des + LDAP-Verzeichnisses. Neben + mdb sind weitere Versionen + verfügbar. Dessen Superuser, nicht zu verwechseln mit dem + globalen, wird hier konfiguriert: ein Benutzername in + olcRootDN und der Passworthash in + olcRootPW; slappasswd + kann wie zuvor benutzt werden. - &prompt.root; service slapd start + Dieses Repository + enthält vier Beispiele für slapd.ldif. + Lesen Sie diese Seite, um eine bestehende + slapd.conf in + slapd.ldif zu konvertieren. Beachten + Sie, dass dies einige unbrauchbare Optionen + einführen kann. - Wenn alles richtig konfiguriert ist, sollte eine Suche im - Verzeichnis, wie in diesem Beispiel, eine erfolgreiche - Verbindung mit einer Antwort liefern: + Wenn die Konfiguration abgeschlossen ist, muss + slapd.ldif in ein leeres Verzeichnis + verschoben werden. Folgendes ist die empfohlene + Vorgehensweise: - &prompt.root; ldapsearch -Z -# extended LDIF + &prompt.root; mkdir /usr/local/etc/openldap/slapd.d/ + Importieren Sie die Konfigurationsdatenbank: + + &prompt.root; /usr/local/sbin/slapadd -n0 -F /usr/local/etc/openldap/slapd.d/ -l /usr/local/etc/openldap/slapd.ldif + + Starten Sie den slapd-Daemon: + + &prompt.root; /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/ + + Die Option -d kann, wie in slapd(8) + beschrieben, zur Fehlersuche benutzt werden. Stellen Sie + sicher, dass der Server läuft und korrekt arbeitet: + + &prompt.root; ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts +# extended LDIF # # LDAPv3 -# base <dc=example,dc=com> (default) with scope subtree +# base <> with scope baseObject # filter: (objectclass=*) -# requesting: ALL +# requesting: namingContexts +# +# +dn: +namingContexts: dc=domain,dc=example + # search result -search: 3 -result: 32 No such object +search: 2 +result: 0 Success -# numResponses: 1 +# numResponses: 2 +# numEntries: 1 - - Wenn der Befehl fehlschlägt, aber die Konfiguration - richtig aussieht, stoppen Sie den - slapd-Dienst. Starten Sie anschließend - den Dienst mit - Debugging-Optionen: + Dem Server muss noch vertraut werden. Wenn dies noch nie + zuvor geschehen ist, befolgen Sie diese Anweisungen. + Installieren Sie das Paket oder den Port OpenSSL: - &prompt.root; service slapd stop -&prompt.root; /usr/local/libexec/slapd -d -1 - + &prompt.root; pkg install openssl - Sobald der Dienst antwortet, kann das Verzeichnis mit dem - Befehl ldapadd bestückt werden. In diesem - Beispiel gibt es eine Datei mit einer Liste von Benutzern, die - diesem Verzeichnis hinzugefügt werden. Die Einträge sollten - das folgende Format haben: + Aus dem Verzeichnis, in dem ca.crt + gespeichert ist (in diesem Beispiel + /usr/local/etc/openldap), starten + Sie: - dn: dc=example,dc=com -objectclass: dcObject -objectclass: organization -o: Example -dc: Example + &prompt.root; c_rehash . -dn: cn=Manager,dc=example,dc=com -objectclass: organizationalRole -cn: Manager + Sowohl die CA als auch das Serverzertifikat werden nun in + ihren jeweiligen Rollen korrekt erkannt. Um dies zu + überprüfen, führen die folgenden Befehl aus dem Verzeichnis + der server.crt aus: - Um diese Datei zu importieren, geben Sie den Dateinamen - an. Bei dem folgenden Befehl werden Sie wieder zur Eingabe - des Passworts aufgefordert, das Sie zuvor eingegeben haben. - Die Ausgabe sollte wie folgt aussehen: + &prompt.root; openssl verify -verbose -CApath . server.crt - &prompt.root; ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f import.ldif -Enter LDAP Password: -adding new entry "dc=example,dc=com" + Falls slapd ausgeführt wurde, muss + der Daemon neu gestartet werden. Wie in + /usr/local/etc/rc.d/slapd angegeben, + müssen die folgenden Zeilen in + /etc/rc.conf eingefügt werden, um + slapd beim Booten ordnungsgemäß + auszuführen: -adding new entry "cn=Manager,dc=example,dc=com" + lapd_enable="YES" +slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ +ldap://0.0.0.0/"' +slapd_sockets="/var/run/openldap/ldapi" +slapd_cn_config="YES" - Stellen Sie mit einer Suche auf dem Server sicher, dass - die Daten importiert wurden. Nutzen Sie dazu - ldapsearch: + slapd bietet beim Booten keine + Möglichkeit zur Fehlersuche. Überprüfen Sie dazu + /var/log/debug.log, + dmesg -a und + /var/log/messages. - &prompt.user; ldapsearch -Z -# extended LDIF -# -# LDAPv3 -# base <dc=example,dc=com> (default) with scope subtree -# filter: (objectclass=*) -# requesting: ALL -# + Das folgende Beispiel fügt die Gruppe + team und den Benutzer + john zur + LDAP-Datenbank domain.example + hinzu, die bislang leer ist. Erstellen Sie + zunächst die Datei + domain.ldif: -# example.com -dn: dc=example,dc=com + &prompt.root; cat domain.ldif +dn: dc=domain,dc=example objectClass: dcObject objectClass: organization -o: Example -dc: Example +o: domain.example +dc: domain -# Manager, example.com -dn: cn=Manager,dc=example,dc=com -objectClass: organizationalRole -cn: Manager +dn: ou=groups,dc=domain,dc=example +objectClass: top +objectClass: organizationalunit +ou: groups -# search result -search: 3 -result: 0 Success +dn: ou=users,dc=domain,dc=example +objectClass: top +objectClass: organizationalunit +ou: users -# numResponses: 3 -# numEntries: 2 +dn: cn=team,ou=groups,dc=domain,dc=example +objectClass: top +objectClass: posixGroup +cn: team +gidNumber: 10001 - An dieser Stelle sollte der Server konfiguriert sein und - ordnungsgemäß funktionieren. +dn: uid=john,ou=users,dc=domain,dc=example +objectClass: top +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +cn: John McUser +uid: john +uidNumber: 10001 +gidNumber: 10001 +homeDirectory: /home/john/ +loginShell: /usr/bin/bash +userPassword: secret + + Weitere Informationen finden Sie in der + OpenLDAP-Dokumentation. Benutzen Sie + slappasswd, um das Passwort + durch einen Hash in + userPassword zu ersetzen. Der in + loginShell angegebene Pfad muss in + allen Systemen existieren, in denen + john sich anmelden darf. Benutzen + Sie schließlich den mdb-Administrator, + um die Datenbank zu ändern: + + &prompt.root; ldapadd -W -D "cn=mdbadmin,dc=domain,dc=example" -f domain.ldif + + Änderungen im Bereich + global configuration können nur vom + globalen Superuser vorgenommen werden. Angenommen die Option + olcTLSCipherSuite: HIGH:MEDIUM:SSLv3 wurde + ursprünglich definiert und soll nun gelöscht werden. + Dazu erstellen Sie zunächst eine Datei mit folgendem + Inhalt: + + &prompt.root; cat global_mod +dn: cn=config +changetype: modify +delete: olcTLSCipherSuite + + Übernehmen Sie dann die Änderungen: + + &prompt.root; ldapmodify -f global_mod -x -D "cn=config" -W + + Geben Sie bei Aufforderung das im Abschnitt + configuration backend gewählte + Passwort ein. Der Benutzername ist nicht erforderlich: + Hier repräsentiert cn=config den DN des zu + ändernden Datenbankabschnitts. Alternativ können Sie mit + ldapmodify eine einzelne Zeile der + Datenbank löschen, mit ldapdelete einen + ganzen Eintrag. + + Wenn etwas schief geht oder der globale Superuser nicht + auf das Konfigurations-Backend zugreifen kann, ist es + möglich, die gesamte Konfiguration zu löschen und neu zu + schreiben: + + &prompt.root; rm -rf /usr/local/etc/openldap/slapd.d/ + + slapd.ldif kann dann bearbeitet und + erneut importiert werden. Bitte folgenden Sie dieser + Vorgehensweise nur, wenn keine andere Lösung verfügbar + ist. + + Dies ist nur die Konfiguration des Servers. Auf demselben + Rechner kann auch ein LDAP-Client mit eigener, separater + Konfiguration betrieben werden. From owner-svn-doc-head@freebsd.org Mon Feb 4 21:37:02 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07FE814B3DCC; Mon, 4 Feb 2019 21:37:02 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A2C35738CD; Mon, 4 Feb 2019 21:37:01 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9623DBE68; Mon, 4 Feb 2019 21:37:01 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x14Lb1f4095141; Mon, 4 Feb 2019 21:37:01 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x14Lb1ji095139; Mon, 4 Feb 2019 21:37:01 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201902042137.x14Lb1ji095139@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Mon, 4 Feb 2019 21:37:01 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52796 - head/en_US.ISO8859-1/articles/contributors X-SVN-Group: doc-head X-SVN-Commit-Author: rene X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/contributors X-SVN-Commit-Revision: 52796 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A2C35738CD X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.94 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.94)[-0.938,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2019 21:37:02 -0000 Author: rene Date: Mon Feb 4 21:37:00 2019 New Revision: 52796 URL: https://svnweb.freebsd.org/changeset/doc/52796 Log: Move rezny@ to the developer alumni. Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml ============================================================================== --- head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Sun Feb 3 17:54:35 2019 (r52795) +++ head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Mon Feb 4 21:37:00 2019 (r52796) @@ -1134,10 +1134,6 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5. - &a.rezny.email; - - - &a.trhodes.email; Modified: head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml ============================================================================== --- head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml Sun Feb 3 17:54:35 2019 (r52795) +++ head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml Mon Feb 4 21:37:00 2019 (r52796) @@ -4,6 +4,10 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> + &a.rezny.email; (2017 - 2019) + + + &a.jimharris.email; (2011 - 2018) From owner-svn-doc-head@freebsd.org Tue Feb 5 18:38:31 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BD4814C4BB3; Tue, 5 Feb 2019 18:38:31 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D868D8922E; Tue, 5 Feb 2019 18:38:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CC57921D11; Tue, 5 Feb 2019 18:38:30 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15IcUno063144; Tue, 5 Feb 2019 18:38:30 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15IcSka063131; Tue, 5 Feb 2019 18:38:28 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201902051838.x15IcSka063131@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 5 Feb 2019 18:38:28 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52797 - in head/share: security/advisories security/patches/EN-19:06 security/patches/EN-19:07 security/patches/SA-19:01 security/patches/SA-19:02 xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/EN-19:06 security/patches/EN-19:07 security/patches/SA-19:01 security/patches/SA-19:02 xml X-SVN-Commit-Revision: 52797 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: D868D8922E X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.978,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2019 18:38:31 -0000 Author: gordon (src,ports committer) Date: Tue Feb 5 18:38:28 2019 New Revision: 52797 URL: https://svnweb.freebsd.org/changeset/doc/52797 Log: Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:07.lle.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:02.fd.asc (contents, props changed) head/share/security/patches/EN-19:06/ head/share/security/patches/EN-19:06/dtrace.patch (contents, props changed) head/share/security/patches/EN-19:06/dtrace.patch.asc (contents, props changed) head/share/security/patches/EN-19:07/ head/share/security/patches/EN-19:07/lle.patch (contents, props changed) head/share/security/patches/EN-19:07/lle.patch.asc (contents, props changed) head/share/security/patches/SA-19:01/ head/share/security/patches/SA-19:01/syscall.11.2.patch (contents, props changed) head/share/security/patches/SA-19:01/syscall.11.2.patch.asc (contents, props changed) head/share/security/patches/SA-19:01/syscall.patch (contents, props changed) head/share/security/patches/SA-19:01/syscall.patch.asc (contents, props changed) head/share/security/patches/SA-19:02/ head/share/security/patches/SA-19:02/fd.patch (contents, props changed) head/share/security/patches/SA-19:02/fd.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:06.dtrace Errata Notice + The FreeBSD Project + +Topic: DTrace incompatibility with SMAP-enabled systems + +Category: core +Module: dtrace +Announced: 2019-02-05 +Credits: Mateusz Guzik +Affects: FreeBSD 12.0 +Corrected: 2018-12-19 23:29:44 UTC (stable/12, 12.0-STABLE) + 2019-02-05 17:54:09 UTC (releng/12.0, 12.0-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +DTrace is a dynamic tracing framework that can be used to analyze the kernel +and userspace applications in various ways. + +II. Problem Description + +When tracing userspace applications, the kernel component of DTrace may need +to access userspace memory. With the addition of SMAP support to the amd64 +kernel, the kernel is not able to arbitrarily access userspace memory: it +must set a CPU flag to enable access. The code used by DTrace to perform +such accesses was not updated accordingly. + +III. Impact + +The problem means that certain DTrace actions do not work on SMAP-enabled +systems. This does not affect the application being traced. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for errata update" + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch +# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch.asc +# gpg --verify dtrace.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r342267 +releng/12.0/ r343783 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1WhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLzHA/+MVR5AHgEorzgRkpiqRzSlmbE6VyhF07lgY5CvRLFGp4mUbspZICcwtk5 +ZOeA8MuDFiLo1p6Fo2JykJ25ipxM+cCbMlx4jO5lILwq40bYfejHiYrmC/gdfR7/ +YcuNR3DpCw4llYIXFAcyw7SXG92jYNi9kKOSol7Fji8Zq2qDTSWTFqKsoJ2Pk3rJ +LfiQaekux00JlY3TOyt6QtPWSdlkhM4WAITWp4pUkGuNT/nIA2iED5N2ohgSraxa +dtBp/r8BHHbwog9wOQEHPIRN/Di7Kv02CZk13zJySmV+yZiPlR0YWZ4gI6i69cyD +rqTfO9kU2yjaqSBIFKMuGGysswZq7ii/+cULHuHVdJLuHDdh/9jZuI9O8VujGqVh +rU8THFHOtli/nGXNdPQP3jn84SDH7jPr1SgcFv1s3/FPHXVfZW9Uq558G9ZDujgg +pAtwMYiixMHpNr+j7qJr6DCTh22BR7FjYQg1iPVzIzgTYJ+I6ZH/cexVxXOS2S4T +O793AjmvOVaXsWB7tzhewTKVBam3upbRH7WmTMdD9z6dIlWtl6xKSgHvyarHVHpA +/y5H3VcK4suh/NIHlD+ln/hooFtmPIxsJnmInaXKq7Eg/C9mQx3x7h7qQFvWffD8 +cHOVGf3LCrH76unfc7AI7YafnD67Tgm09/sbgjVnScEpVW4E6Pc= +=3+kY +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:07.lle.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:07.lle.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:07.lle Errata Notice + The FreeBSD Project + +Topic: LLE table lookup code race condition + +Category: core +Module: net +Announced: 2019-02-05 +Credits: Mark Johnston +Affects: FreeBSD 12.0 +Corrected: 2019-01-25 20:24:53 UTC (stable/12, 12.0-STABLE) + 2019-02-05 17:59:50 UTC (releng/12.0, 12.0-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +A LLE (link layer entry) table stores information about hosts on a network +and is used to translate between network layer addresses and data link layer +addresses. The ARP cache, for example, is implemented using an LLE table. +LLEs typically expire after some period, so there exist mechanisms to +automatically remove them from their tables upon expiration. + +II. Problem Description + +The LLE table lookup code for IPv4 and IPv6 contains a race which results in +a condition where the expiry period of an LLE is extended after it has been +removed from the table and freed. By the time that the updated timer fires, +the LLE structure has been freed, and so the timer code is operating on freed +memory. + +III. Impact + +When the race is triggered, the result is typically a kernel panic. It may +otherwise cause undefined system behavior. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for errata update" + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch +# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch.asc +# gpg --verify lle.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343454 +releng/12.0/ r343787 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1XtfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIYyA/8Da9XcP30o/+jISmHXjSx+livOJKyPu5UTAm7Xw4Pg8j3GR2xblzAsWie +YAT56/V88yzeY+u/3UOWG2XNAViWlzBAsfrqphJEcMuGdTwslgVlVRpzLyQeh4hY +whDkvYzPmjcxuX8+Agj/Ytwo+Q35bSfGNhls2OBSHnkqNL7HNhFePUWm5oVnlczL +APHsknLRAAhZF8UYR+PdAT5x/9exLJStmGXdAeVT4HCfx8b/AvZ/lr3b4Jwa+8fq +tCAsISOTOftGsTTpwgtWDebJ4jJB2l71EBBlWuj76yColhK9k1zhacauK3lOxoEw +cpUHgLcY+ochSijBOZIw7IScVHvR05jry7VzL7oxe1oDn3HNkbTt6pwdNgL5ftzQ +Cv7vjMGLdSfr7QyAVc/nZhg1x0mBKu+Dj0leQ9ZcjedrB0CIwslhmMYdlTCYWksA +x06NwrPRzDohtnYM4n2KZBfPQw40vxsJLP8e+hnRpyliXWtOaYdw5GZoUcwublMZ +TU7Y1n8s1C5L5KuJoYgs9jLS48nXgcSZc9pxjyGRcFQTsk/A5y4sckWImFurU9AT +cYR3nHlaGJR/TZVNtR6sU1VhzunHg8ARlvoZivsFyVS7bUC+EIUzfQvZqHEUPycR +RwX+/exDyXQSvhQVfqT1ngLwQ8e/GutI8WZ1ZFy+T6Mh6jeacPQ= +=zCSg +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:01.syscall Security Advisory + The FreeBSD Project + +Topic: System call kernel data register leak + +Category: core +Module: kernel +Announced: 2019-02-05 +Credits: Konstantin Belousov +Affects: All supported versions of FreeBSD. +Corrected: 2019-02-05 17:52:06 UTC (stable/12, 12.0-STABLE) + 2019-02-05 18:05:05 UTC (releng/12.0, 12.0-RELEASE-p3) + 2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE) + 2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9) +CVE Name: CVE-2019-5595 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The FreeBSD/amd64 architecture defines the SYSCALL instruction for syscalls, +and uses registers calling conventions for passing syscalls arguments and +return values in addition to the registers usage imposed by the SYSCALL and +SYSRET instructions in long mode. In particular, the arguments are passed in +registers specified by the C ABI, and the content of the registers specified +as caller-save, is undefined after the return from syscall. + +II. Problem Description + +The callee-save registers are used by kernel and for some of them (%r8, %r10, +and for non-PTI configurations, %r9) the content is not sanitized before +return from syscalls, potentially leaking sensitive information. + +III. Impact + +Typically an address of some kernel data structure used in the syscall +implementation, is exposed. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10m "Rebooting for security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch.asc +# gpg --verify syscall.patch.asc + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch.asc +# gpg --verify syscall.patch.11.2.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343781 +releng/12.0/ r343788 +stable/11/ r343782 +releng/11.2/ r343789 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1X9fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKPZBAAlwCVtNNIuq0s8FB9LjLaVJww1WWmbVJbhw1TJyBV2yRCkWwGDLag3dJ0 +EH8HwpWeL41lppjFeL6OMDZ2+wUnuShv3pAUGwodSRXsKWsp+aWqMPcNJifkVPxs +DENrziUHnXkbOnbnP25eA12j0ztCz8FjKoDh+wrjuY4BL8jzBK4ZJtmYaubrFEcD +GDStnEcvCNYDK8tf0rUW2lpv4oStTex5gFpZALPjq0g28kHPuctYzoOXOf9/So1i +0kwdstsIdgydsDCHv5nXij7IDohNo+5KEJuee1cIptKftmxPLuonXyP0PiO3WA0h +XQck1BbM5ENNm/0SOExctcqS+APXLf/VPhd2JwUPszRcYBV40pdqchkihoRXAKHs +Dthv+9k9KrgwUO0wsrOvIzK8vjnVC2unUCXnFNX3OD2pfxCjKvl1grKQ2lAsP4Pu +aP2VgPZyHbFKWQdOGaqOtM94CzXseXyYN3hgkNq+gPgDjkd7Xw8q5vu8d2QY/aYj +Re4aEfUOzf9S22SQT9g4kx2QfEnUuJnnae3BMeBqWGngtQ7TnTHWrw3wGhxxC2S8 +iou+BzeCv9MRn74Fpzr/xnGRUwT+0wFJVd9N9QdpErRA59oo6X4TXNl6AvKHvxY7 +1UurBJ5MqUGUUIeJg8Qv5HpgJML3BiotDbk+LwmMx7T2IL1dJdk= +=Aktj +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:02.fd.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:02.fd.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:02.fd Security Advisory + The FreeBSD Project + +Topic: File description reference count leak + +Category: core +Module: unix +Announced: 2019-02-05 +Credits: Peter Holm +Affects: FreeBSD 12.0 +Corrected: 2019-02-05 17:56:22 UTC (stable/12, 12.0-STABLE) + 2019-02-05 18:11:15 UTC (releng/12.0, 12.0-RELEASE-p3) + 2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE) +CVE Name: CVE-2019-5596 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +UNIX-domain sockets are used for inter-process communication. It is +possible to use UNIX-domain sockets to transfer rights, encoded as file +descriptors, to another process. + +II. Problem Description + +FreeBSD 12.0 attempts to handle the case where the receiving process does +not provide a sufficiently large buffer for an incoming control message +containing rights. In particular, to avoid leaking the corresponding +descriptors into the receiving process' descriptor table, the kernel handles +the truncation case by closing descriptors referenced by the discarded +message. + +The code which performs this operation failed to release a reference obtained +on the file corresponding to a received right. This bug can be used to cause +the reference counter to wrap around and free the file structure. + +III. Impact + +A local user can exploit the bug to gain root privileges or escape from +a jail. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch +# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch.asc +# gpg --verify fd.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343785 +releng/12.0/ r343790 +stable/11/ r343786 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1YFfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK7+w/+JeFIVM0QQC1R4wJFmT3bBaRumxGCx5PN5Ufe7ub/ztwsKQKJeps1aiS3 +fzw3Ck1K7+joeG+cNwZNihmAyEa2Hgk+FDhQBX531yrwF1jQ2A2oKGfkhs5e02Ng +k16MV9pVlNP1zQ3wFVBjFCCvBuVJ0A8XTxALY7ivZlj2edgSH1eL4SaP1mrSD2Xu +pR2amN7WkAaIqvATK0VkWjYp6kUXtI8CBtdP3hpKz88rpYoZfWxupqtghnxgjIqt +iuTOhbemvYuBvB+ErbtU/6Z4ffoHt9Csrk2MM56/RZRwyHmtC4CFqtxClrUpOoa2 +2OcEbR8cZyEardSES78UBjbTwlOTVd5F4o86Q1bKytHjI72ycB5yKZkyiHmdJCjs +EhlaDC/rnHxdYGvBuiLqFcNU5tJiGawZZwyozCQz67dGD89QzKQurKEWQ1YJvMsW +ZwwJRSHrllUyJQBdqV/R3Qoaz2koeE9633jtqHDdUYKCZAgeFdic/6u9r4Rx2Nj5 +JpTZU01bwvxNZPf35WbI2L+JbygR40b3FYbZ3skBqZylp+EkPGPxGpHGAxdKWeOy +rzGBukIuWnLy9pmJ574oTZymw8Psvu2DJL3Csngak1HkcA9mA5vjnDBvk9mvqTgo +YCfCewlfFwVa/exSK3q5oI9hxse0KvQI4cH2+c2b7NDMS9+DpTY= +=pr7t +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:06/dtrace.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:06/dtrace.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,256 @@ +--- sys/cddl/dev/dtrace/amd64/dtrace_asm.S.orig ++++ sys/cddl/dev/dtrace/amd64/dtrace_asm.S +@@ -208,7 +208,7 @@ + void + dtrace_copy(uintptr_t src, uintptr_t dest, size_t size) + */ +- ENTRY(dtrace_copy) ++ ENTRY(dtrace_copy_nosmap) + pushq %rbp + movq %rsp, %rbp + +@@ -218,14 +218,28 @@ + smovb /* move from %ds:rsi to %ed:rdi */ + leave + ret +- END(dtrace_copy) ++ END(dtrace_copy_nosmap) + ++ ENTRY(dtrace_copy_smap) ++ pushq %rbp ++ movq %rsp, %rbp ++ ++ xchgq %rdi, %rsi /* make %rsi source, %rdi dest */ ++ movq %rdx, %rcx /* load count */ ++ stac ++ repz /* repeat for count ... */ ++ smovb /* move from %ds:rsi to %ed:rdi */ ++ clac ++ leave ++ ret ++ END(dtrace_copy_smap) ++ + /* + void + dtrace_copystr(uintptr_t uaddr, uintptr_t kaddr, size_t size, + volatile uint16_t *flags) + */ +- ENTRY(dtrace_copystr) ++ ENTRY(dtrace_copystr_nosmap) + pushq %rbp + movq %rsp, %rbp + +@@ -248,56 +262,121 @@ + leave + ret + +- END(dtrace_copystr) ++ END(dtrace_copystr_nosmap) + ++ ENTRY(dtrace_copystr_smap) ++ pushq %rbp ++ movq %rsp, %rbp ++ ++ stac ++0: ++ movb (%rdi), %al /* load from source */ ++ movb %al, (%rsi) /* store to destination */ ++ addq $1, %rdi /* increment source pointer */ ++ addq $1, %rsi /* increment destination pointer */ ++ subq $1, %rdx /* decrement remaining count */ ++ cmpb $0, %al ++ je 2f ++ testq $0xfff, %rdx /* test if count is 4k-aligned */ ++ jnz 1f /* if not, continue with copying */ ++ testq $CPU_DTRACE_BADADDR, (%rcx) /* load and test dtrace flags */ ++ jnz 2f ++1: ++ cmpq $0, %rdx ++ jne 0b ++2: ++ clac ++ leave ++ ret ++ ++ END(dtrace_copystr_smap) ++ + /* + uintptr_t + dtrace_fulword(void *addr) + */ +- ENTRY(dtrace_fulword) ++ ENTRY(dtrace_fulword_nosmap) + movq (%rdi), %rax + ret +- END(dtrace_fulword) ++ END(dtrace_fulword_nosmap) + ++ ENTRY(dtrace_fulword_smap) ++ stac ++ movq (%rdi), %rax ++ clac ++ ret ++ END(dtrace_fulword_smap) ++ + /* + uint8_t + dtrace_fuword8_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword8_nocheck) ++ ENTRY(dtrace_fuword8_nocheck_nosmap) + xorq %rax, %rax + movb (%rdi), %al + ret +- END(dtrace_fuword8_nocheck) ++ END(dtrace_fuword8_nocheck_nosmap) + ++ ENTRY(dtrace_fuword8_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movb (%rdi), %al ++ clac ++ ret ++ END(dtrace_fuword8_nocheck_smap) ++ + /* + uint16_t + dtrace_fuword16_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword16_nocheck) ++ ENTRY(dtrace_fuword16_nocheck_nosmap) + xorq %rax, %rax + movw (%rdi), %ax + ret +- END(dtrace_fuword16_nocheck) ++ END(dtrace_fuword16_nocheck_nosmap) + ++ ENTRY(dtrace_fuword16_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movw (%rdi), %ax ++ clac ++ ret ++ END(dtrace_fuword16_nocheck_smap) ++ + /* + uint32_t + dtrace_fuword32_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword32_nocheck) ++ ENTRY(dtrace_fuword32_nocheck_nosmap) + xorq %rax, %rax + movl (%rdi), %eax + ret +- END(dtrace_fuword32_nocheck) ++ END(dtrace_fuword32_nocheck_nosmap) + ++ ENTRY(dtrace_fuword32_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movl (%rdi), %eax ++ clac ++ ret ++ END(dtrace_fuword32_nocheck_smap) ++ + /* + uint64_t + dtrace_fuword64_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword64_nocheck) ++ ENTRY(dtrace_fuword64_nocheck_nosmap) + movq (%rdi), %rax + ret +- END(dtrace_fuword64_nocheck) ++ END(dtrace_fuword64_nocheck_nosmap) + ++ ENTRY(dtrace_fuword64_nocheck_smap) ++ stac ++ movq (%rdi), %rax ++ clac ++ ret ++ END(dtrace_fuword64_nocheck_smap) ++ + /* + void + dtrace_probe_error(dtrace_state_t *state, dtrace_epid_t epid, int which, +--- sys/cddl/dev/dtrace/amd64/dtrace_isa.c.orig ++++ sys/cddl/dev/dtrace/amd64/dtrace_isa.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -664,3 +665,70 @@ + } + return (dtrace_fuword64_nocheck(uaddr)); + } ++ ++/* ++ * ifunc resolvers for SMAP support ++ */ ++void dtrace_copy_nosmap(uintptr_t, uintptr_t, size_t); ++void dtrace_copy_smap(uintptr_t, uintptr_t, size_t); ++DEFINE_IFUNC(, void, dtrace_copy, (uintptr_t, uintptr_t, size_t), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_copy_smap : dtrace_copy_nosmap); ++} ++ ++void dtrace_copystr_nosmap(uintptr_t, uintptr_t, size_t, volatile uint16_t *); ++void dtrace_copystr_smap(uintptr_t, uintptr_t, size_t, volatile uint16_t *); ++DEFINE_IFUNC(, void, dtrace_copystr, (uintptr_t, uintptr_t, size_t, ++ volatile uint16_t *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_copystr_smap : dtrace_copystr_nosmap); ++} ++ ++uintptr_t dtrace_fulword_nosmap(void *); ++uintptr_t dtrace_fulword_smap(void *); ++DEFINE_IFUNC(, uintptr_t, dtrace_fulword, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fulword_smap : dtrace_fulword_nosmap); ++} ++ ++uint8_t dtrace_fuword8_nocheck_nosmap(void *); ++uint8_t dtrace_fuword8_nocheck_smap(void *); ++DEFINE_IFUNC(, uint8_t, dtrace_fuword8_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword8_nocheck_smap : dtrace_fuword8_nocheck_nosmap); ++} ++ ++uint16_t dtrace_fuword16_nocheck_nosmap(void *); ++uint16_t dtrace_fuword16_nocheck_smap(void *); ++DEFINE_IFUNC(, uint16_t, dtrace_fuword16_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword16_nocheck_smap : dtrace_fuword16_nocheck_nosmap); ++} ++ ++uint32_t dtrace_fuword32_nocheck_nosmap(void *); ++uint32_t dtrace_fuword32_nocheck_smap(void *); ++DEFINE_IFUNC(, uint32_t, dtrace_fuword32_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword32_nocheck_smap : dtrace_fuword32_nocheck_nosmap); ++} ++ ++uint64_t dtrace_fuword64_nocheck_nosmap(void *); ++uint64_t dtrace_fuword64_nocheck_smap(void *); ++DEFINE_IFUNC(, uint64_t, dtrace_fuword64_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword64_nocheck_smap : dtrace_fuword64_nocheck_nosmap); ++} Added: head/share/security/patches/EN-19:06/dtrace.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:06/dtrace.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI/AQ//b3+UzDH6VXWyY0YODzxG/WxNZ97OvT3uVxWBXRU8KGpmXGnzqzAzxNtZ +c1JHpZi2pxfxzFxnA0eLYDK/D6pcjvxTB7CPQVJqCXXibEVQepBSnuTEWCBD8EkR +vDVVKid1aoMVofvtjQ+OGcYkOMgrrlN6eeL3voM8rrrIahupLyeSjfHdXItpI8Qx +XXNwUvMNaVNlLhymas0Gpcy/iPcXbU5dQnZbzAg9U+nTGhKIuLqkouvswTzeist8 +B6i8YHM+phiCxKMJ7f4pDLD29Eb+sDPqVUt6DL8Av10jVGw2NphXIrZplodzJYft +MZIdSDbxu9Q745EK8W60aeiIVEJxA1mIKjYhcJyCmELK29HthsuL0gUnSzruKhkD +ZawH/sC7jI+QTXTT3cHXZleVYSd6FS+1S12EGskoWfrqi94ymyA4FBP135OfPMSq +NOy+aKLNssGFlw5qyzvJirbt6Au6qI1mxVh0z6ljxskZU9DX6hoeboLZrDrTHco9 +3DHAOaSmajolFAeuMEDAuh+n4EpslzCfmies/ra/pHRR1rAcisNzgdzoBe4IMdGq +qWEiiWnd7NNUkG4FFnD8ChiCm4cEoB7oG0vXk8iaCqT4R0O/dqqvQAKZLb4pU8Vq +siAQutL5TgXvVg0faGsfekecZAa+F816zBgt0V5flmAdYlNeZyY= +=e48g +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:07/lle.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:07/lle.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,81 @@ +--- sys/netinet/in.c.orig ++++ sys/netinet/in.c +@@ -1372,15 +1372,13 @@ + IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); + KASSERT(l3addr->sa_family == AF_INET, + ("sin_family %d", l3addr->sa_family)); ++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) != ++ (LLE_UNLOCKED | LLE_EXCLUSIVE), ++ ("wrong lle request flags: %#x", flags)); ++ + lle = in_lltable_find_dst(llt, sin->sin_addr); +- + if (lle == NULL) + return (NULL); +- +- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) != +- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X", +- flags)); +- + if (flags & LLE_UNLOCKED) + return (lle); + +@@ -1389,6 +1387,17 @@ + else + LLE_RLOCK(lle); + ++ /* ++ * If the afdata lock is not held, the LLE may have been unlinked while ++ * we were blocked on the LLE lock. Check for this case. ++ */ ++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) { ++ if (flags & LLE_EXCLUSIVE) ++ LLE_WUNLOCK(lle); ++ else ++ LLE_RUNLOCK(lle); ++ return (NULL); ++ } + return (lle); + } + +--- sys/netinet6/in6.c.orig ++++ sys/netinet6/in6.c +@@ -2311,16 +2311,13 @@ + IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); + KASSERT(l3addr->sa_family == AF_INET6, + ("sin_family %d", l3addr->sa_family)); ++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) != ++ (LLE_UNLOCKED | LLE_EXCLUSIVE), ++ ("wrong lle request flags: %#x", flags)); + + lle = in6_lltable_find_dst(llt, &sin6->sin6_addr); +- + if (lle == NULL) + return (NULL); +- +- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) != +- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X", +- flags)); +- + if (flags & LLE_UNLOCKED) + return (lle); + +@@ -2328,6 +2325,18 @@ + LLE_WLOCK(lle); + else + LLE_RLOCK(lle); ++ ++ /* ++ * If the afdata lock is not held, the LLE may have been unlinked while ++ * we were blocked on the LLE lock. Check for this case. ++ */ ++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) { ++ if (flags & LLE_EXCLUSIVE) ++ LLE_WUNLOCK(lle); ++ else ++ LLE_RUNLOCK(lle); ++ return (NULL); ++ } + return (lle); + } + Added: head/share/security/patches/EN-19:07/lle.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:07/lle.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIIIhAAiMgGjXcETkoTyrua/GEu5jy1Kf0NAPnNdGDPk1bqtpMTzBIAxC6VXPkM +03bMsAaVNQLYtLPevB/uVnc2Qkr/uZNFv0L4XaGNqvL2FYqq7Fy8g9lkxXSphZ78 +gf1PVDVsHQ4Vwou9mYeGMetVwdil27p1OorT3f1y9nk8VM6m0HQgPGl5bYJjG8Se +IfiT7j0RwHkXkt9ODJL17Cs0+VjCoKZ9fTN4hWy22sLHT2ZJYLIt6zdvTK1qp6gT +IYifpEmckCiDNoL/AOrbGknG3FkbaEbwb5TV7BOjt9UiKRfKGoxxyxe6RusTwhUy +ZScuAqVtY1zRR2k6RqA0RVxGsqkbqdmxz+NUUtMn/8jzvOxPXyWPrD63Xex6rOqC +B47tpsQzozC6Xuk64EtZuEe5TOVCzQul3CRFpnbJttc/NSfSGc9sLyz/3fA8xI2e +WXBQhXI4z1zwpUQRedFU5FMKI272I3H0DtjYx/MyxUP5BTyycPbj4n7+X2pTdwi5 +/HSRBprO6dnKi4MZAzIJDRTbTJzu8DaNCfJQKt95wGBwZWPPX3lCl5n/iqkyXDra +0FDrB3N0YFKmtwCAktZazotAIejANmcdqrNaR72s2KxzzLdEzLJGLLy6giOJQvqd +aYmmGORxypiE0Y4KcuNWDpFqYYOwyLMydZro5QSygz0nVAgsPhU= +=PZ6a +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:01/syscall.11.2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.11.2.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,19 @@ +--- sys/amd64/amd64/exception.S.orig ++++ sys/amd64/amd64/exception.S +@@ -496,12 +496,14 @@ + movq TF_RFLAGS(%rsp),%r11 /* original %rflags */ + movq TF_RIP(%rsp),%rcx /* original %rip */ + movq TF_RSP(%rsp),%rsp /* user stack pointer */ ++ xorl %r8d,%r8d /* zero the rest of GPRs */ ++ xorl %r10d,%r10d + cmpb $0,pti + je 2f + movq PCPU(UCR3),%r9 + movq %r9,%cr3 +- xorl %r9d,%r9d +-2: swapgs ++2: xorl %r9d,%r9d ++ swapgs + sysretq + + 3: /* AST scheduled. */ Added: head/share/security/patches/SA-19:01/syscall.11.2.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.11.2.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1eBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKpCBAAgWL2O3tUpnwwvUIpEAKhIwNaWMqhTH8OyIF5dM8YrZlAYCc7twoPr6Y3 +2ojEMEihgC3B3+5flWZyp6Xxdni65Dpy6NcbgqiXJhbI30htC6TzETm2vhtderam +wnz7B3dmpYtdNBJpRow3kGiLKv6zZ7gG720EuhVKgPjHx+5U4FXzpBazz8cEfz4U +8F9amyqqe/7hf7kTbjBF7TZ90FpN/Uoe7FCF58L6UB8c3TYvpdfRSQMNg8ODuDIP +kLV04/QVgoZKtT3MoRhmVgkpSCYYy1/j7KfZqmx08teW+6OjISbCTotS3DgHQD0Y +sBB+GtvWxzuZjThWyIGQiDUztdyHrqYZbG5q7XFQMRpPjD7WC6MWRxeIgcLn5gjW +RVVO6WhBEeFi+uTeSnpQUhMERkwJEBg3VzqeXQ5j6eR1xB3hZynJTl9uqMac4GK3 +K8xSoi4pS0VwOJnmu1iXqkUIrS9xSuSak1x/9dk5K6j+bbMXa1kGAJ808c8PQZ0g +joqgdJjPeekK0e5U88QQ1aT4lwxBGGxdJVCPFYO55r3AzuDLT1Yo74ksn3mS4v1J +vWE23qQo4v4iIpp0IESHL0TyFffD3vy1FRmmYwS+hZCiOOQBxgx8d0Cl0wMZn3KF +Cae6mlauAgltuj2cNCjVTZ0mb+D3YU74mwUhLU4Tc8XVYrgh8Sw= +=VDU6 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:01/syscall.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,19 @@ +--- sys/amd64/amd64/exception.S.orig ++++ sys/amd64/amd64/exception.S +@@ -521,12 +521,14 @@ + movq TF_RFLAGS(%rsp),%r11 /* original %rflags */ + movq TF_RIP(%rsp),%rcx /* original %rip */ + movq TF_RSP(%rsp),%rsp /* user stack pointer */ ++ xorl %r8d,%r8d /* zero the rest of GPRs */ ++ xorl %r10d,%r10d + cmpq $~0,PCPU(UCR3) + je 2f + movq PCPU(UCR3),%r9 + movq %r9,%cr3 +- xorl %r9d,%r9d +-2: swapgs ++2: xorl %r9d,%r9d ++ swapgs + sysretq + + 3: /* AST scheduled. */ Added: head/share/security/patches/SA-19:01/syscall.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1hJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJbrA//fheN3NfAhxlgRjYwFa6WvhJgHFqoNnwWZLKwUmGdlJCIpdb6o/0FiWVw +dfH5hSUibY7+vVGYyjcMNnU2BwDFcrQJbzFK7qz8zkDX4sH5RujkGcuacIe71Ny0 *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-doc-head@freebsd.org Tue Feb 5 21:24:58 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF2D414D10C7; Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 924116B3E3; Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7F0ED239D6; Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15LOvVN052430; Tue, 5 Feb 2019 21:24:57 GMT (envelope-from bhd@FreeBSD.org) Received: (from bhd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15LOvj5052429; Tue, 5 Feb 2019 21:24:57 GMT (envelope-from bhd@FreeBSD.org) Message-Id: <201902052124.x15LOvj5052429@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org using -f From: Bjoern Heidotting Date: Tue, 5 Feb 2019 21:24:57 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52798 - head/de_DE.ISO8859-1/books/handbook X-SVN-Group: doc-head X-SVN-Commit-Author: bhd X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook X-SVN-Commit-Revision: 52798 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 924116B3E3 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.976,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2019 21:24:58 -0000 Author: bhd Date: Tue Feb 5 21:24:57 2019 New Revision: 52798 URL: https://svnweb.freebsd.org/changeset/doc/52798 Log: Update to r51914: Update version entities Modified: head/de_DE.ISO8859-1/books/handbook/book.xml Modified: head/de_DE.ISO8859-1/books/handbook/book.xml ============================================================================== --- head/de_DE.ISO8859-1/books/handbook/book.xml Tue Feb 5 18:38:28 2019 (r52797) +++ head/de_DE.ISO8859-1/books/handbook/book.xml Tue Feb 5 21:24:57 2019 (r52798) @@ -7,7 +7,7 @@ $FreeBSD$ $FreeBSDde: de-docproj/books/handbook/book.xml,v 1.91 2012/03/27 19:32:11 bcr Exp $ - basiert auf: r51744 + basiert auf: r51914 --> %chapters; %txtfiles; @@ -109,7 +109,7 @@ Willkommen bei &os;! Dieses Handbuch beschreibt die Installation und den täglichen Umgang mit &os; &rel.current;-RELEASE und - &os; &rel2.current;-RELEASE. Das + &os; &rel1.current;-RELEASE. Das Handbuch ist das Ergebnis einer fortlaufenden Arbeit vieler Einzelpersonen. Dies kann dazu führen, dass einige Abschnitte nicht aktuell sind. Bei Unklarheiten empfiehlt es sich daher From owner-svn-doc-head@freebsd.org Tue Feb 5 22:08:31 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A8BA14D2077; Tue, 5 Feb 2019 22:08:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A8A9A6CB4F; Tue, 5 Feb 2019 22:08:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 977882408D; Tue, 5 Feb 2019 22:08:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15M8Ump074577; Tue, 5 Feb 2019 22:08:30 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15M8UXH074575; Tue, 5 Feb 2019 22:08:30 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201902052208.x15M8UXH074575@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 5 Feb 2019 22:08:30 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52799 - head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml X-SVN-Commit-Revision: 52799 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A8A9A6CB4F X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2019 22:08:31 -0000 Author: gjb Date: Tue Feb 5 22:08:29 2019 New Revision: 52799 URL: https://svnweb.freebsd.org/changeset/doc/52799 Log: Document SA-19:01, SA-19:02, EN-19:06, and EN-19:07. Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Feb 5 21:24:57 2019 (r52798) +++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Feb 5 22:08:29 2019 (r52799) @@ -48,6 +48,22 @@ Timezone database information update + + + FreeBSD-EN-19:06.dtrace + 5 February 2019 + DTrace incompatibility with SMAP-enabled + systems + + + + FreeBSD-EN-19:07.lle + 5 February 2019 + LLE table lookup code race + condition + Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Feb 5 21:24:57 2019 (r52798) +++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Feb 5 22:08:29 2019 (r52799) @@ -24,6 +24,21 @@ 19 December 2018 Buffer overflow + + + FreeBSD-SA-19:01.syscall + 5 February 2019 + Kernel data register leak + + + + FreeBSD-SA-19:02.fd + 5 February 2019 + File description reference count + leak + From owner-svn-doc-head@freebsd.org Tue Feb 5 22:09:39 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E760414D2120; Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 82D0A6CD01; Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 75A5824090; Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15M9c8r074713; Tue, 5 Feb 2019 22:09:38 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15M9csA074712; Tue, 5 Feb 2019 22:09:38 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201902052209.x15M9csA074712@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 5 Feb 2019 22:09:38 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52800 - head/en_US.ISO8859-1/htdocs/releases/11.2R X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.2R X-SVN-Commit-Revision: 52800 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 82D0A6CD01 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.963,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2019 22:09:39 -0000 Author: gjb Date: Tue Feb 5 22:09:38 2019 New Revision: 52800 URL: https://svnweb.freebsd.org/changeset/doc/52800 Log: Regen after r343813. Sponsored by: The FreeBSD Foundation Modified: head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html Modified: head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html Tue Feb 5 22:08:29 2019 (r52799) +++ head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html Tue Feb 5 22:09:38 2019 (r52800) @@ -13,7 +13,7 @@ as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the - ® symbol.

Last modified on 2018-10-18 13:33:31 EDT by gjb.
Abstract

This document lists errata items for FreeBSD 11.2-RELEASE, + ® symbol.

Last modified on 2018-10-18 17:33:31 UTC by gjb.
Abstract

This document lists errata items for FreeBSD 11.2-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information @@ -38,7 +38,8 @@ reassembly

FreeBSD-SA-18:09.l1tf14 August 2018

L1 Terminal Fault (L1TF) Kernel Information Disclosure

FreeBSD-SA-18:10.ip14 August 2018

Resource exhaustion in IP fragment reassembly

FreeBSD-SA-18:11.hostapd14 August 2018

Unauthenticated EAPOL-Key Decryption - Vulnerability

FreeBSD-SA-18:12.elf12 September 2018

Improper ELF header parsing

FreeBSD-SA-18:13.nfs27 November 2018

Multiple vulnerabilities

FreeBSD-SA-18:14.bhyve4 December 2018

Insufficient bounds checking

FreeBSD-SA-18:15.bootpd19 December  2018

Buffer overflow

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-18:08.lazyfpu12 September 2018

Regression in Lazy FPU remediation

FreeBSD-EN-18:09.ip27 September 2018

IP fragment remediation causes + Vulnerability

FreeBSD-SA-18:12.elf12 September 2018

Improper ELF header parsing

FreeBSD-SA-18:13.nfs27 November 2018

Multiple vulnerabilities

FreeBSD-SA-18:14.bhyve4 December 2018

Insufficient bounds checking

FreeBSD-SA-18:15.bootpd19 December  2018

Buffer overflow

FreeBSD-SA-19:01.syscall5 February 2019

Kernel data register leak

FreeBSD-SA-19:02.fd5 February 2019

File description reference count + leak

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-18:08.lazyfpu12 September 2018

Regression in Lazy FPU remediation

FreeBSD-EN-18:09.ip27 September 2018

IP fragment remediation causes IPv6 reassembly failure

FreeBSD-EN-18:10.syscall27 September 2018

Null pointer dereference in freebsd4_getfsstat system call

FreeBSD-EN-18:11.listen27 September 2018

Denial of service in listen From owner-svn-doc-head@freebsd.org Thu Feb 7 09:14:22 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D73BD14D0DB9; Thu, 7 Feb 2019 09:14:22 +0000 (UTC) (envelope-from johalun@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7861E773C5; Thu, 7 Feb 2019 09:14:22 +0000 (UTC) (envelope-from johalun@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D10C1AE16; Thu, 7 Feb 2019 09:14:22 +0000 (UTC) (envelope-from johalun@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x179EMDV092884; Thu, 7 Feb 2019 09:14:22 GMT (envelope-from johalun@FreeBSD.org) Received: (from johalun@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x179EMEv092882; Thu, 7 Feb 2019 09:14:22 GMT (envelope-from johalun@FreeBSD.org) Message-Id: <201902070914.x179EMEv092882@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: johalun set sender to johalun@FreeBSD.org using -f From: Johannes Lundberg Date: Thu, 7 Feb 2019 09:14:22 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52801 - in head: en_US.ISO8859-1/articles/contributors share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: johalun X-SVN-Commit-Paths: in head: en_US.ISO8859-1/articles/contributors share/xml X-SVN-Commit-Revision: 52801 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 7861E773C5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.97)[-0.967,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2019 09:14:23 -0000 Author: johalun (src committer) Date: Thu Feb 7 09:14:21 2019 New Revision: 52801 URL: https://svnweb.freebsd.org/changeset/doc/52801 Log: Steps 2 and 3 for new committer. 1 and 4 previously committed by mentor. Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml head/share/xml/news.xml Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml ============================================================================== --- head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Tue Feb 5 22:09:38 2019 (r52800) +++ head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Thu Feb 7 09:14:21 2019 (r52801) @@ -822,6 +822,10 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5. + &a.johalun.email; + + + &a.luporl.email; Modified: head/share/xml/news.xml ============================================================================== --- head/share/xml/news.xml Tue Feb 5 22:09:38 2019 (r52800) +++ head/share/xml/news.xml Thu Feb 7 09:14:21 2019 (r52801) @@ -46,6 +46,22 @@ + + + 1 + + + 19 + + +

New committer: + Johannes Lundberg + (src)

+ + + + + From owner-svn-doc-head@freebsd.org Fri Feb 8 20:13:30 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07CF114C3008; Fri, 8 Feb 2019 20:13:30 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E1BD6A103; Fri, 8 Feb 2019 20:13:29 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8DAE11E22F; Fri, 8 Feb 2019 20:13:29 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18KDTAI002161; Fri, 8 Feb 2019 20:13:29 GMT (envelope-from pluknet@FreeBSD.org) Received: (from pluknet@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18KDT4N002160; Fri, 8 Feb 2019 20:13:29 GMT (envelope-from pluknet@FreeBSD.org) Message-Id: <201902082013.x18KDT4N002160@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pluknet set sender to pluknet@FreeBSD.org using -f From: Sergey Kandaurov Date: Fri, 8 Feb 2019 20:13:29 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52802 - head/en_US.ISO8859-1/articles/committers-guide X-SVN-Group: doc-head X-SVN-Commit-Author: pluknet X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/committers-guide X-SVN-Commit-Revision: 52802 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 9E1BD6A103 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.958,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2019 20:13:30 -0000 Author: pluknet Date: Fri Feb 8 20:13:29 2019 New Revision: 52802 URL: https://svnweb.freebsd.org/changeset/doc/52802 Log: Fix typo. Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml ============================================================================== --- head/en_US.ISO8859-1/articles/committers-guide/article.xml Thu Feb 7 09:14:21 2019 (r52801) +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Fri Feb 8 20:13:29 2019 (r52802) @@ -5286,7 +5286,7 @@ Do you want to commit? (no = start a shell) [y/n] - Benefits and Perks for &os; Comitters + Benefits and Perks for &os; Committers Recognition From owner-svn-doc-head@freebsd.org Fri Feb 8 20:30:53 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F9614C35E7; Fri, 8 Feb 2019 20:30:53 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C8D86A95B; Fri, 8 Feb 2019 20:30:53 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 005961E424; Fri, 8 Feb 2019 20:30:53 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18KUqmX008469; Fri, 8 Feb 2019 20:30:52 GMT (envelope-from pluknet@FreeBSD.org) Received: (from pluknet@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18KUqIb008468; Fri, 8 Feb 2019 20:30:52 GMT (envelope-from pluknet@FreeBSD.org) Message-Id: <201902082030.x18KUqIb008468@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pluknet set sender to pluknet@FreeBSD.org using -f From: Sergey Kandaurov Date: Fri, 8 Feb 2019 20:30:52 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52803 - head/ru_RU.KOI8-R/books/handbook/x11 X-SVN-Group: doc-head X-SVN-Commit-Author: pluknet X-SVN-Commit-Paths: head/ru_RU.KOI8-R/books/handbook/x11 X-SVN-Commit-Revision: 52803 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0C8D86A95B X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_SHORT(-0.96)[-0.958,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2019 20:30:53 -0000 Author: pluknet Date: Fri Feb 8 20:30:52 2019 New Revision: 52803 URL: https://svnweb.freebsd.org/changeset/doc/52803 Log: Fix typo. PR: 192504 Modified: head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml Modified: head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml ============================================================================== --- head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml Fri Feb 8 20:13:29 2019 (r52802) +++ head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml Fri Feb 8 20:30:52 2019 (r52803) @@ -1213,7 +1213,7 @@ EndSection ëÏÎÆÉÇÕÒÁÃÉÏÎÎÙÅ ÆÁÊÌÙ XDM ÎÁÈÏÄÑÔÓÑ × ËÁÔÁÌÏÇÅ /usr/local/lib/X11/xdm. ÷ Î£Í ÒÁÚÍÅÝÁÀÔÓÑ - ÎÁÓËÏÌØËÏ ÆÁÊÌÏ×, ËÏÔÏÒÙÅ ÉÓÐÏÌØÚÕÀÔÓÑ ÄÌÑ ÉÚÍÅÎÅÎÉÑ + ÎÅÓËÏÌØËÏ ÆÁÊÌÏ×, ËÏÔÏÒÙÅ ÉÓÐÏÌØÚÕÀÔÓÑ ÄÌÑ ÉÚÍÅÎÅÎÉÑ ÐÏ×ÅÄÅÎÉÑ É ×ÎÅÛÎÅÇÏ ×ÉÄÁ XDM. ïÂÙÞÎÏ ÜÔÏ ÓÌÅÄÕÀÝÉÅ ÆÁÊÌÙ: From owner-svn-doc-head@freebsd.org Fri Feb 8 21:34:45 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 923E514C6F77; Fri, 8 Feb 2019 21:34:45 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 340B16DE50; Fri, 8 Feb 2019 21:34:45 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 270561F012; Fri, 8 Feb 2019 21:34:45 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18LYjWf045502; Fri, 8 Feb 2019 21:34:45 GMT (envelope-from pluknet@FreeBSD.org) Received: (from pluknet@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18LYjiw045501; Fri, 8 Feb 2019 21:34:45 GMT (envelope-from pluknet@FreeBSD.org) Message-Id: <201902082134.x18LYjiw045501@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pluknet set sender to pluknet@FreeBSD.org using -f From: Sergey Kandaurov Date: Fri, 8 Feb 2019 21:34:45 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52804 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head X-SVN-Commit-Author: pluknet X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security X-SVN-Commit-Revision: 52804 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 340B16DE50 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.95)[-0.950,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2019 21:34:45 -0000 Author: pluknet Date: Fri Feb 8 21:34:44 2019 New Revision: 52804 URL: https://svnweb.freebsd.org/changeset/doc/52804 Log: Update supported SSL/TLS versions in the base system. Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 20:30:52 2019 (r52803) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:34:44 2019 (r52804) @@ -1787,10 +1787,12 @@ kadmind5_server_enable="YES" services. The version of OpenSSL included - in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3) - and Transport Layer Security v1 (TLSv1) network security + in &os; supports the Secure Sockets Layer 3.0 (SSLv3) + and Transport Layer Security 1.0/1.1/1.2 (TLSv1/TLSv1.1/TLSv1.2) + network security protocols and can be used as a general cryptographic - library. + library. In &os; 12.0-RELEASE and above, OpenSSL also supports + Transport Layer Security 1.3 (TLSv1.3). OpenSSL is often used to encrypt authentication of mail clients and to secure web based From owner-svn-doc-head@freebsd.org Fri Feb 8 21:57:31 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8715D14C794E; Fri, 8 Feb 2019 21:57:31 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A6EB6E99D; Fri, 8 Feb 2019 21:57:31 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1BAD71F37D; Fri, 8 Feb 2019 21:57:31 +0000 (UTC) (envelope-from pluknet@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18LvU8I056261; Fri, 8 Feb 2019 21:57:30 GMT (envelope-from pluknet@FreeBSD.org) Received: (from pluknet@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18LvUD1056260; Fri, 8 Feb 2019 21:57:30 GMT (envelope-from pluknet@FreeBSD.org) Message-Id: <201902082157.x18LvUD1056260@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pluknet set sender to pluknet@FreeBSD.org using -f From: Sergey Kandaurov Date: Fri, 8 Feb 2019 21:57:30 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52805 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head X-SVN-Commit-Author: pluknet X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security X-SVN-Commit-Revision: 52805 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2A6EB6E99D X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_SHORT(-0.95)[-0.950,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2019 21:57:31 -0000 Author: pluknet Date: Fri Feb 8 21:57:30 2019 New Revision: 52805 URL: https://svnweb.freebsd.org/changeset/doc/52805 Log: Update OpenSSL chapter after WITH_OPENSSL_PORT has gone. PR: 233315 Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:34:44 2019 (r52804) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:57:30 2019 (r52805) @@ -1800,27 +1800,14 @@ kadmind5_server_enable="YES" www/apache24 and databases/postgresql91-server, include a compile option for building with - OpenSSL. + OpenSSL. If selected, the port will + add support using OpenSSL from the + base system. To instead have the port compile against + OpenSSL from the + security/openssl port, add the following to + /etc/make.conf: - &os; provides two versions of - OpenSSL: one in the base system and - one in the Ports Collection. Users can choose which version to - use by default for other ports using the following knobs: - - - - WITH_OPENSSL_PORT: when set, the port will use - OpenSSL from the - security/openssl port, even if the - version in the base system is up to date or newer. - - - - WITH_OPENSSL_BASE: when set, the port will compile - against OpenSSL provided by the - base system. - - + DEFAULT_VERSIONS+= ssl=openssl Another common use of OpenSSL is to provide certificates for use with software applications. From owner-svn-doc-head@freebsd.org Sat Feb 9 09:02:08 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3431614DBDAE; Sat, 9 Feb 2019 09:02:08 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C71DD8B059; Sat, 9 Feb 2019 09:02:07 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A6E5026689; Sat, 9 Feb 2019 09:02:07 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19927po008177; Sat, 9 Feb 2019 09:02:07 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19927ea008176; Sat, 9 Feb 2019 09:02:07 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201902090902.x19927ea008176@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Sat, 9 Feb 2019 09:02:07 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52806 - head/en_US.ISO8859-1/books/porters-handbook/makefiles X-SVN-Group: doc-head X-SVN-Commit-Author: mat X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/makefiles X-SVN-Commit-Revision: 52806 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: C71DD8B059 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.94 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_SHORT(-0.95)[-0.948,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2019 09:02:08 -0000 Author: mat Date: Sat Feb 9 09:02:07 2019 New Revision: 52806 URL: https://svnweb.freebsd.org/changeset/doc/52806 Log: Fix ordering of a couple examples. Reported by: kbowling Modified: head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml Fri Feb 8 21:57:30 2019 (r52805) +++ head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml Sat Feb 9 09:02:07 2019 (r52806) @@ -6166,11 +6166,11 @@ OPTIONS_GROUP_GG1= OPT9 OPT10 Simple Use of <varname>OPTIONS</varname> OPTIONS_DEFINE= FOO BAR +OPTIONS_DEFAULT=FOO + FOO_DESC= Option foo support BAR_DESC= Feature bar support -OPTIONS_DEFAULT=FOO - # Will add --with-foo / --without-foo FOO_CONFIGURE_WITH= foo BAR_RUN_DEPENDS= bar:bar/bar @@ -6198,6 +6198,7 @@ EXAMPLES_CONFIGURE_WITH= examples Practical Use of <varname>OPTIONS</varname> OPTIONS_DEFINE= EXAMPLES +OPTIONS_DEFAULT= PGSQL LDAP SSL OPTIONS_SINGLE= BACKEND OPTIONS_SINGLE_BACKEND= MYSQL PGSQL BDB @@ -6212,8 +6213,6 @@ BDB_DESC= Use Berkeley DB as backend LDAP_DESC= Build with LDAP authentication support PAM_DESC= Build with PAM support SSL_DESC= Build with OpenSSL support - -OPTIONS_DEFAULT= PGSQL LDAP SSL # Will add USE_PGSQL=yes PGSQL_USE= pgsql=yes From owner-svn-doc-head@freebsd.org Sat Feb 9 15:03:42 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49D0A14E3E26; Sat, 9 Feb 2019 15:03:42 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DFD746F28C; Sat, 9 Feb 2019 15:03:41 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D1348250F; Sat, 9 Feb 2019 15:03:41 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19F3fkn095597; Sat, 9 Feb 2019 15:03:41 GMT (envelope-from ryusuke@FreeBSD.org) Received: (from ryusuke@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19F3fm6095596; Sat, 9 Feb 2019 15:03:41 GMT (envelope-from ryusuke@FreeBSD.org) Message-Id: <201902091503.x19F3fm6095596@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to ryusuke@FreeBSD.org using -f From: Ryusuke SUZUKI Date: Sat, 9 Feb 2019 15:03:41 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52807 - head/ja_JP.eucJP/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: ryusuke X-SVN-Commit-Paths: head/ja_JP.eucJP/share/xml X-SVN-Commit-Revision: 52807 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DFD746F28C X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.959,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2019 15:03:42 -0000 Author: ryusuke Date: Sat Feb 9 15:03:41 2019 New Revision: 52807 URL: https://svnweb.freebsd.org/changeset/doc/52807 Log: - Merge the following from the English version: r52537 -> r52660 head/ja_JP.eucJP/share/xml/news.xml Modified: head/ja_JP.eucJP/share/xml/news.xml Modified: head/ja_JP.eucJP/share/xml/news.xml ============================================================================== --- head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 09:02:07 2019 (r52806) +++ head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:03:41 2019 (r52807) @@ -23,7 +23,7 @@ would like to work on. *** $FreeBSD$ - Original revision: r52537 + Original revision: r52720 --> @@ -65,6 +65,20 @@ FreeBSD ¤Î¥ê¥ê¡¼¥¹¤Ë´Ø¤¹¤ë¤è¤ê¾Ü¤·¤¤¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï ¥ê¥ê¡¼¥¹¾ðÊó ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£

+ + + + Cirrus CI ¤Î &os; ¤Ø¤ÎÂбþ + +

Cirrus CI ¥·¥¹¥Æ¥à¤¬ + &os; ¤ËÂбþ¤·¤Þ¤·¤¿¡£ + Cirrus CI ¤Ï¡¢ºÇ¿·¤Î¥¯¥é¥¦¥Éµ»½Ñ¤òÍѤ¤¤ë¤³¤È¤Ç¡¢ + ³«È¯¥µ¥¤¥¯¥ë¤ò¿×®¤Ë¡¢¸úΨŪ¤½¤·¤Æ°ÂÁ´¤Ë¹Ô¤¨¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£ + Cirrus CI ¤Ï¡¢¤¢¤Ê¤¿¤Î¥Á¡¼¥à¤ÈÏ¢·È¤·¡¢ + ¥½¥Õ¥È¥¦¥§¥¢¤Î¥ê¥ê¡¼¥¹¤ò¿×®¤«¤Ä°Â²Á¤Ë¤·¤Þ¤¹¡£ + ¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢&os; Virtual + Machines ¥¬¥¤¥É¤ò¤´Í÷¤¯¤À¤µ¤¤¡£

 From owner-svn-doc-head@freebsd.org Sat Feb 9 15:09:58 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D64CD14E3F30; Sat, 9 Feb 2019 15:09:58 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 744996F396; Sat, 9 Feb 2019 15:09:58 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6349E2513; Sat, 9 Feb 2019 15:09:58 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19F9w6s095938; Sat, 9 Feb 2019 15:09:58 GMT (envelope-from ryusuke@FreeBSD.org) Received: (from ryusuke@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19F9wZO095937; Sat, 9 Feb 2019 15:09:58 GMT (envelope-from ryusuke@FreeBSD.org) Message-Id: <201902091509.x19F9wZO095937@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to ryusuke@FreeBSD.org using -f From: Ryusuke SUZUKI Date: Sat, 9 Feb 2019 15:09:58 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52808 - head/ja_JP.eucJP/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: ryusuke X-SVN-Commit-Paths: head/ja_JP.eucJP/share/xml X-SVN-Commit-Revision: 52808 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 744996F396 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_SHORT(-0.96)[-0.959,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2019 15:09:59 -0000 Author: ryusuke Date: Sat Feb 9 15:09:57 2019 New Revision: 52808 URL: https://svnweb.freebsd.org/changeset/doc/52808 Log: - Merge the following from the English version: r52720 -> r52801 head/ja_JP.eucJP/share/xml/news.xml Modified: head/ja_JP.eucJP/share/xml/news.xml Modified: head/ja_JP.eucJP/share/xml/news.xml ============================================================================== --- head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:03:41 2019 (r52807) +++ head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:09:57 2019 (r52808) @@ -23,12 +23,48 @@ would like to work on. *** $FreeBSD$ - Original revision: r52720 + Original revision: r52801 --> $FreeBSD$ + + + 2019 + + + 2 + + + 1 + + +

¿·¥³¥ß¥Ã¥¿½¢Ç¤: + Kai Knoblich + (ports)

+ + + + + + + + 1 + + + 19 + + +

¿·¥³¥ß¥Ã¥¿½¢Ç¤: + Johannes Lundberg + (src)

+ + + + + + 2018