git: ba3b824455 - main - Add EN-22:09 to EN-22:12 and SA-22:02 to SA-22:03.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 15 Mar 2022 19:22:32 UTC
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=ba3b824455f82aeca72ef6cd34cabf09672a2640
commit ba3b824455f82aeca72ef6cd34cabf09672a2640
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-03-15 19:18:42 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-03-15 19:21:16 +0000
Add EN-22:09 to EN-22:12 and SA-22:02 to SA-22:03.
Approved by: so
---
website/data/security/advisories.toml | 8 +
website/data/security/errata.toml | 16 +
.../advisories/FreeBSD-EN-22:09.freebsd-update.asc | 125 +++++++
.../security/advisories/FreeBSD-EN-22:10.zfs.asc | 134 +++++++
.../security/advisories/FreeBSD-EN-22:11.zfs.asc | 133 +++++++
.../security/advisories/FreeBSD-EN-22:12.zfs.asc | 128 +++++++
.../security/advisories/FreeBSD-SA-22:02.wifi.asc | 165 +++++++++
.../advisories/FreeBSD-SA-22:03.openssl.asc | 153 ++++++++
.../security/patches/EN-22:09/freebsd-update.patch | 25 ++
.../patches/EN-22:09/freebsd-update.patch.asc | 16 +
website/static/security/patches/EN-22:10/zfs.patch | 45 +++
.../static/security/patches/EN-22:10/zfs.patch.asc | 16 +
website/static/security/patches/EN-22:11/zfs.patch | 199 +++++++++++
.../static/security/patches/EN-22:11/zfs.patch.asc | 16 +
website/static/security/patches/EN-22:12/zfs.patch | 44 +++
.../static/security/patches/EN-22:12/zfs.patch.asc | 16 +
.../static/security/patches/SA-22:02/wifi.12.patch | 389 +++++++++++++++++++++
.../security/patches/SA-22:02/wifi.12.patch.asc | 16 +
.../static/security/patches/SA-22:02/wifi.13.patch | 367 +++++++++++++++++++
.../security/patches/SA-22:02/wifi.13.patch.asc | 16 +
.../static/security/patches/SA-22:03/openssl.patch | 92 +++++
.../security/patches/SA-22:03/openssl.patch.asc | 16 +
22 files changed, 2135 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index bfacfbf277..6a60b5b67b 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,14 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-22:03.openssl"
+date = "2022-03-15"
+
+[[advisories]]
+name = "FreeBSD-SA-22:02.wifi"
+date = "2022-03-15"
+
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 3ab79b1502..b246718740 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,22 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:12.zfs"
+date = "2022-03-15"
+
+[[notices]]
+name = "FreeBSD-EN-22:11.zfs"
+date = "2022-03-15"
+
+[[notices]]
+name = "FreeBSD-EN-22:10.zfs"
+date = "2022-03-15"
+
+[[notices]]
+name = "FreeBSD-EN-22:09.freebsd-update"
+date = "2022-03-15"
+
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc
new file mode 100644
index 0000000000..a85ee4d0cf
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:09.freebsd-update Errata Notice
+ The FreeBSD Project
+
+Topic: freebsd-update creating erroneous boot environments
+
+Category: core
+Module: freebsd-update
+Announced: 2022-03-15
+Affects: FreeBSD 12.3
+Corrected: 2022-02-15 06:09:41 UTC (stable/12, 12.3-STABLE)
+ 2022-03-15 18:17:55 UTC (releng/12.3, 12.3-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+By default, freebsd-update(8) is configured to create new ZFS boot environments
+on systems that are compatible with bectl(8).
+
+II. Problem Description
+
+When updating a jail or another root that isn't the system root using -b,
+freebsd-update(8) will create a spurious boot environment despite the updated
+root not causing a change in the boot environment.
+
+III. Impact
+
+Users that have used freebsd-update(8) with the -b or -j flags may have some
+extra boot environments present on the system that did not meaningfully impact
+the boot environment.
+
+IV. Workaround
+
+No workaround is available. Systems with "CreateBootEnv" set to "no" in their
+/etc/freebsd-update.conf are not affected. Systems that do not use ZFS are also
+not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. No reboot is required.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.3]
+# fetch https://security.FreeBSD.org/patches/EN-22:09/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:09/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/12/ r371637
+releng/12.3/ r371743
+- -------------------------------------------------------------------------
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261446>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:09.freebsd-update.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44sACgkQ05eS9J6n
+5cLudhAAmVnJH5dbgVkjuaiGI2fvdoKCZKlMIwvA+kUqgio6MaoiXIygWXgzbLmV
+M3BSzEvyrB/pBen/Af3R+3hljjhiOId/3RCKP596fT53bpmWQh4TyAryDX9SmY/+
+mXfARp4MgkAi7bDjKQQMpDlyA5Lp3i/Hqyq6IjIZnk2O1PxhAAer+yoqnjBsDQUl
+1SzM+T802NbclKx0nsM6ODFk8IvKmBjK1d6esApihDRzFX4qCXjuP+QMFSKAYEb4
+shZx6pGeDfqMhn8TkIydVhsjO16f7rUSxYoM1i93QZecVfxpWdQhh2OMG91G6ELu
+9aQ+CsYPcQoWgkLqsnTuJXVpKQ+PmzIwfD/DHahFvXvkXhL7cXFNgctp/2kb/lPW
+mgwPvguUzSJBu3tOs2RyVQTOTSzB+7Cf6hadhuBlzI4p/ZSViSIhI4hsE0Wln2TK
+3k+WCCfhEoGZRt6pR1YEjqvjeSin9Rcjd5nSS0vE137pXpjzheXxGQFVtPDtjq28
+mkr4HM6XUafvCs8oqoitpzFRMRwYODEah+z5PXWSpvguhFfehihFBW82e/3YZhLF
+2Ub4WkTFXhGx98lH5ofjnWS3kuqy7stG/5fk5gNHayCzPZjH2O6ecSGbBh4IZ9Xw
+5vFR0Tfbzo+N/eTiyTq0pj0QK2JTE4cns+xxfEczfLYiGGyFmPE=
+=Uh7O
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc
new file mode 100644
index 0000000000..83b00d4553
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:10.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS writes fail to update file size
+
+Category: contrib
+Module: zfs
+Announced: 2022-03-15
+Affects: FreeBSD 13.0
+Corrected: 2022-02-21 14:59:58 UTC (stable/13, 13.0-STABLE)
+ 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+FreeBSD's virtual filesystem layer includes a deadlock-avoidance
+mechanism to handle situations where a read(2) or write(2) system call
+is invoked and the user-supplied buffer lies within a mmap(2)-created
+mapping of the target file. Individual filesystems, such as ZFS, must
+implement a portion of the deadlock avoidance protocol.
+
+II. Problem Description
+
+The implementation of the deadlock avoidance protocol in ZFS's
+implementation of write(2) was incorrect and could, in certain
+circumstances, cause an appending write to a file to fail to update the
+file size despite returning success to the caller.
+
+III. Impact
+
+The bug may cause application misbehavior; the precise effects depend
+on the nature of the application triggering the bug.
+
+IV. Workaround
+
+No workaround is available, but systems not using ZFS are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:10/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:10/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ b55a7f3422d7 stable/13-n249621
+releng/13.0/ 9dc74c5a4b3d releng/13.0-n244783
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260453>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:10.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44sACgkQ05eS9J6n
+5cJP2Q//fDLZ876IGCxtcyCc5eNrOgI7V4P/ajQ2Jz3VYvd3NAag4bbfV8OQKTy8
+dn62/bhjmKEDGjLAs2oHrlT+G0gEEYLnxZGzgcHo0UFo9FIEmCV18zEFXGipFMeH
+b9pCexvy1a7EH97voS7Mr6V+Bktj3Vcq3B0yIXRxoGxcRvTFTpc5rpYzs8RZWHiu
+tzUij2bmtrtXh7oJgmF83roujwNEJele9IY2+AMJ/URtGmxuJ54KN1hNTkeGknMd
+WtEarFz7HDoXuy7WDysgwUSdq6s+o+rWm/+knflCFXvYqetjm3Kwl35wBr0hch6f
+rb59AIZ1RVN8LsZZT6UNaxsQINEPb4RF9T132nYlMlQPdulEBjWiKI7Y4VSMUSXr
+Xtz54FMouRXi/WdgJL7P7CxY3+t+1zWorBvI25jnkEp5mhEhd7DVTgy2Sw0sNI4F
+iAYGBmpFyE6pGmJOaz6WLGV96sK9m0/RmmZXwPah5cwBMy4qUFnuPgoT91h8LRIr
+5SKLm010lyPxsThcb1NRrqsd4LIUhYb6bZNgOmCd5OcSC03+aUjxEyrmM90Hjtb4
+yhANSTVExJB9bXNnb1rWtdO1inrjb3YAUpd6CpuK3vct/LWw9b0ehuRdJKFDgLtC
+dVPQZYc89dcjZNnDWFJ94D2Inoae7oT0o2+nULURXyLABWSDYs0=
+=+FRE
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc
new file mode 100644
index 0000000000..60462a6f36
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:11.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS lseek(2) inconsistencies
+
+Category: contrib
+Module: zfs
+Announced: 2022-03-15
+Affects: FreeBSD 13.0
+Corrected: 2021-12-19 15:25:26 UTC (stable/13, 13.0-STABLE)
+ 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+File "holes" are used by filesystems to limit the amount of storage
+space occupied by a file containing long runs of zero bytes. Rather
+than filling disk blocks with zeroes, file metadata can indicate the
+extent of such a run and the filesystem hides the distinction from user
+applications.
+
+II. Problem Description
+
+When a file containing holes is mapped using mmap(2), mapped regions
+of the file may be ignored by lseek(2) when SEEK_HOLE or SEEK_DATA are
+passed as the "whence" parameter.
+
+III. Impact
+
+The bug may cause application misbehavior; the precise effects depend
+on the nature of the application triggering the bug.
+
+IV. Workaround
+
+No workaround is available, but systems not using ZFS are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:11/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:11/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 3aa1cabca37d stable/13-n248633
+releng/13.0/ f5be20afc356 releng/13.0-n244785
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256205>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:11.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44wACgkQ05eS9J6n
+5cIYqA/9HFBfFjdHnU6exTxpeSC3Rf2EcNqkPd/nbT3jP1TGUXHMHCO72rNOuUZB
+xVWT7+js4zRkJCAKkqkW9Xww5N3nzrIISFzYKHK5rgzIDA/tlKvcau8WLiRDe8JD
+HC1vOVn44tdS9UorxG01lNhSuoNkqoTf1I7ReOzt2L305rzlqVX61T5JzOHMhnFh
+enPXcrrVUdw99TgYjUBXrD7qOjDEGP2ZdsUUwnRPLJ6slQQDzE2R2mNRd6tIM8In
+RgAZUxkHZ+QDhGYJs7d7uRXDkvXAOgOtzZt/EO+3vOmLvth8b9DzN5TSSv6oZ8le
+wWLBPbW8SMBzBAJ6pBbg+AZGg1qMlO8rGyGKyeGOF9hk78SunbdPQ116DYDZS2Yj
+jzIu9JXyLLonpXLIIzhQ2alo8xm5vvDN4Hqay92xKJvGJdq+M1hTQ7sVYioxBYP/
+l6gGSgKEJuMukW0qryGvcm5a4qpfpcJYnCMegwDGHwLY+jHkA+Rl54kYKFQQ6OlO
+P7/PW+JytcLiD6vuQ+9++6ccM3l2/otyGYhEyLvBmeTnxfy8S3L409NEeYQJrsXW
+tjnfXP18rHReI01nBpCU88+HalxDH+Ge1iwY+RkoLpbd2g/VQF1py73mJkjTY8He
+N+3Gvx77vmuGzPoGFWo6WNsBt2WQIEGowpTm9Z6i4RIUF9c7LOo=
+=X7kd
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc
new file mode 100644
index 0000000000..dcb85ca049
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:12.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS panic upon concurrent 'zfs list' calls
+
+Category: contrib
+Module: zfs
+Announced: 2022-03-15
+Affects: FreeBSD 13.0
+Corrected: 2021-04-04 13:18:45 UTC (stable/13, 13.0-STABLE)
+ 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+II. Problem Description
+
+A race condition due to incorrect locking can cause a panic when multiple
+invocations of 'zfs list' occur in rapid succession.
+
+III. Impact
+
+An unprivileged user can trigger the race condition, resulting in a
+panic and denial of service.
+
+IV. Workaround
+
+No workaround is available, but systems not using ZFS are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:12/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:12/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ cf2a72643460 stable/13-n245102
+releng/13.0/ 0abaf7f63023 releng/13.0-n244784
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260884>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:12.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44wACgkQ05eS9J6n
+5cLz+Q/9FTU5djSE02eqK6IKqWOZDre30OF8KFnBZz9CwnCagyTlxWFvZNscZe30
+a4vm01GyPhKXzWcCgkze5kc8h0E4hGD2zFU0N+oYRGRBQyl3B+DEpKKMZ+SUlYdo
+fRAhW4j1btD/zUhK9F5xshtMsbswMyN9wWu8iuK7QDReEgTnQj21Ca4r/Qwn+Y2z
+5vMfjeUdBxfMZNomESBTfFtI6FYgpAQmjmdaT0nfJzOjm+uf+Xe5qTzka+XMjj6/
+7mveWg7qv2OsTa9Wj0isbydGooVH65RBdtFacabWfh8MsNVZaFztHsfxGhyDAIwA
+A4YhD8fkFdQk7KpB8R1i2TTWJF+zt0tMQwBVMsv41rUDytINmwVF+y18XGLzKggY
+rb0YRsIGLjI6V35ESiepUPYqgNLrhQiYG/uGOX5cs+5vwsm1ecbq3gHB7TL3ZiDR
+RimxtHfrXM3wMsFacgcKpYZ+lYlF8QS/xcc+p8FrBztPjnRxco7Pxw7ZAm5jJqlk
+AbAN0gMCwyeX4kBX99NKYVrYOiTO6XsE/DDuyO/UCTiLnxh1onKUJZiolgpbatz/
+z1hnBvA6BrXtWuRA5+9SM3zNKNjHh6pmsSCrG/3XAQhOXzI7gwhzKIlunccA8yaJ
+4ytPNW16OO+mhpewszXvBU/3OG937W3XmFpgNjzkCtVRGBfUUts=
+=YnFH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc b/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc
new file mode 100644
index 0000000000..f2ae1d0acf
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:02.wifi Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple WiFi issues
+
+Category: core
+Module: net80211
+Announced: 2022-03-15
+Affects: FreeBSD 12.x and FreeBSD 13.0
+Corrected: 2021-11-19 00:01:25 UTC (stable/13, 13.0-STABLE)
+ 2022-03-15 17:45:36 UTC (releng/13.0, 13.0-RELEASE-p8)
+ 2022-02-15 16:05:49 UTC (stable/12, 12.3-STABLE)
+ 2022-03-15 18:18:08 UTC (releng/12.3, 12.3-RELEASE-p3)
+ 2022-03-15 18:17:30 UTC (releng/12.2, 12.2-RELEASE-p14)
+CVE Name: CVE-2020-26147, CVE-2020-24588, CVE-2020-26144
+
+Note: This issue is already fixed in FreeBSD 13.1-BETA1.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD's net80211 kernel subsystem provides infrastructure and drivers
+for IEEE 802.11 wireless (Wi-Fi) communications.
+
+II. Problem Description
+
+The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and
+Fragmentation" reported a number of security vulnerabilities in 802.11
+specificaiton related to frame aggregation and fragmentation.
+
+Additionally, FreeBSD 12.x missed length validation of SSIDs and Information
+Elements (IEs).
+
+III. Impact
+
+As reported on the FragAttacks website, the "design flaws are hard to abuse
+because doing so requires user interaction or is only possible when using
+uncommon network settings." Under suitable conditions an attacker may be
+able to extract sensitive data or inject data.
+
+IV. Workaround
+
+No workaround is available, but the ability to extract or inject data is
+mitigated by the use of application (e.g. HTTPS) or transport (e.g. TLS,
+IPSEC) layer encryption.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.13.patch.asc
+# gpg --verify wifi.13.patch.asc
+
+[FreeBSD 12.x]
+# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.12.patch.asc
+# gpg --verify wifi.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 6acb9d5f955b stable/13-n248098
+releng/13.0/ 0d1db5c3257e releng/13.0-n244782
+stable/12/ r371640
+releng/12.3/ r371748
+releng/12.2/ r371740
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144>
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254737>
+<URL:https://www.fragattacks.com/>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:02.wifi.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw5aoACgkQ05eS9J6n
+5cLuYw/+OtkGeEYFTmwoZrFn105OOhi1MHjopUmW3B3FDeIMP2BnULkCodLKpDqx
+WNROwaLBZ/FSHdX+rwcFhZVKksGuXafRY2bywDfJNCRmSIRjSEiSozIkJbihmKYq
+SAWxUwbZxkg+MPtgoiUNocXZhFplN4E1VmfZl6XDfcd9jrFTuNiMKPKWzW8haI7R
+H3Tovh6GgRLFfP5nnY2X8xZSSrxqkzXj4iRHJDedu6nmBFtsB34kjhW42fpycM/c
+irhHBApfgl9XW31sLSFP2lwhq36AVD27SaYKDWxAv4ywp6PiwPTTNr8lwk05Z0jp
+z76f3ZIBDhz3M3qzphMQ5wj6CB7SqTrgSD0WDZchdgDk904BdNum3vNRTO4x9iSB
+czlXk/utMbupW8AU9rjdKWeMz0DBpDGckjZq1Ot8+fSwbiLkPCjpYTDsxqiLZs6i
+xp/qjDW8rUKbgQSztSq3svF58dY74TLZ34rN0cqVPgvfpG1/fbM4W63vR0b4YG/5
+mv4OKXe5whJmh1OVrrVSX/ttyTFm6JpNFRxpXCkRKOgNICevw9yHlvx8uE6rVKde
+P7PXAdRT48gcmN9gIscFuRwt2glvChYuH6ncF1jMQmfoAMTlDGRATQUuDy81fIw9
+va3fiGDy2FsenAQYa4UwaA/iCodjaC0cNjNnf2cc9nZEnuq86l8=
+=Cjzd
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc b/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc
new file mode 100644
index 0000000000..79aa990d28
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:03.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSL certificate parsing infinite loop
+
+Category: contrib
+Module: openssl
+Announced: 2022-03-15
+Credits: Tavis Ormandy from Google
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-03-15 16:51:46 UTC (stable/13, 13.1-STABLE)
+ 2022-03-15 17:42:48 UTC (releng/13.1, 13.1-BETA1-p1)
+ 2022-03-15 17:43:02 UTC (releng/13.0, 13.0-RELEASE-p8)
+ 2022-03-15 16:56:09 UTC (stable/12, 12.3-STABLE)
+ 2022-03-15 18:17:50 UTC (releng/12.3, 12.3-RELEASE-p3)
+ 2022-03-15 18:17:16 UTC (releng/12.2, 12.2-RELEASE-p14)
+CVE Name: CVE-2022-0778
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+The BN_mod_sqrt() function, which computes a modular square root, contains
+a bug that can cause it to loop forever for non-prime moduli. This function
+is used when parsing certificates that contain certain forms of elliptic
+curves.
+
+III. Impact
+
+A specially crafted certificate with invalid explicit curve parameters may
+trigger an infinite loop, leading to a denial of service. Since certificate
+parsing happens prior to verification of the certificate signature, any
+process that parses an externally supplied certificate may be affected.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:03/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:03/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 5f3d952f6e6b stable/13-n250020
+releng/13.1/ 942b5e156d41 releng/13.1-n249979
+releng/13.0/ 3847c17aa23a releng/13.0-n244777
+stable/12/ r371734
+releng/12.3/ r371742
+releng/12.2/ r371735
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:03.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw5a0ACgkQ05eS9J6n
+5cKZqQ/8D7qHRsnXGENtJqjN9Nt2VRiBeO5GKrhBJFVS8/cgVvlgDPFIrWOA/b7v
+p386eSIRPA3BGpEzP6cQddM/pogHFjSuskSznkNvfsUeZ7B9avODNvHykiODMajU
+ACv/JZ8IU9rWR2C3DqtlnVqKt3N8Pa8ZpxUCpYDeBEMIaYn/UOUZ9PmZZtaCJ1jz
+ZSsel99VvA7RdSd58ahb9Mga6KLDdp4bVVftfpepihTOu7pfmxZqrG7W+1pld/wd
+R88yGEDxyDD9/qDToA13i8+gAU5P5ASmzfNNqVwzJ4QLlkk2OrJBFKCLl+1BrR2p
+w6r3eZzx9SexCSJ9jLw54rezpXgLyJ/+fURHtKVOu39ELqZmftBgBYS0gxWiQ6jH
+Wx3lrPjjskFBp4MO5uBChnF8BIpGZN2guLpQkPtHCiaa469OI/NI5zarvXYvGPJL
+j4BMZtQQWGj2WIFWmMu7fvkhYOgVWmyjS4SWEwom7UGLq1EJKb9Rau9e4TOr8bYw
+EQV5c71Wn7IV9Oga1rPVRUe2hHAX1VkvhVm49G47V2gyvmPwXwwbVe7byW8Mz46j
+znkTSmAzHNbXFcJV+aPXejGRDvg0H+wfDyQFlN32IXdyVrbphRjekOu2Ftn8eWS9
+SkEdbvYP5x192NpBgfpHo5tc2CJHcM4xKg7WAIUk0vrK7aSgPoc=
+=TDUh
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:09/freebsd-update.patch b/website/static/security/patches/EN-22:09/freebsd-update.patch
new file mode 100644
index 0000000000..abd72d631c
--- /dev/null
+++ b/website/static/security/patches/EN-22:09/freebsd-update.patch
@@ -0,0 +1,25 @@
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -890,7 +890,12 @@
+ install_create_be () {
+ # Figure out if we're running in a jail and return if we are
+ if [ `sysctl -n security.jail.jailed` = 1 ]; then
+- return 1
++ return 1
++ fi
++ # Operating on roots that aren't located at / will, more often than not,
++ # not touch the boot environment.
++ if [ "$BASEDIR" != "/" ]; then
++ return 1
+ fi
+ # Create a boot environment if enabled
+ if [ ${BOOTENV} = yes ]; then
+@@ -911,7 +916,7 @@
+ esac
+ if [ ${CREATEBE} = yes ]; then
+ echo -n "Creating snapshot of existing boot environment... "
+- VERSION=`freebsd-version -k`
++ VERSION=`freebsd-version -ku | sort -V | tail -n 1`
+ TIMESTAMP=`date +"%Y-%m-%d_%H%M%S"`
*** 1328 LINES SKIPPED ***