git: 4c85a69d0f - main - Add EN-23:13, EN-23:14, SA-23:15, and SA-23:16.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Nov 2023 06:30:37 UTC
The branch main has been updated by gordon:
URL: https://cgit.FreeBSD.org/doc/commit/?id=4c85a69d0f11b191ee161ff8fdba6162d46c0ff4
commit 4c85a69d0f11b191ee161ff8fdba6162d46c0ff4
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2023-11-08 06:29:21 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-11-08 06:29:21 +0000
Add EN-23:13, EN-23:14, SA-23:15, and SA-23:16.
Approved by: so
---
website/data/security/advisories.toml | 8 +
website/data/security/errata.toml | 8 +
.../advisories/FreeBSD-EN-23:13.freebsd-update.asc | 153 +++++++++++++++++++
.../advisories/FreeBSD-EN-23:14.regcomp.asc | 151 +++++++++++++++++++
.../security/advisories/FreeBSD-SA-23:15.stdio.asc | 167 +++++++++++++++++++++
.../advisories/FreeBSD-SA-23:16.cap_net.asc | 140 +++++++++++++++++
.../security/patches/EN-23:13/freebsd-update.patch | 11 ++
.../patches/EN-23:13/freebsd-update.patch.asc | 16 ++
.../static/security/patches/EN-23:14/regcomp.patch | 33 ++++
.../security/patches/EN-23:14/regcomp.patch.asc | 16 ++
.../security/patches/SA-23:15/stdio.12.patch | 42 ++++++
.../security/patches/SA-23:15/stdio.12.patch.asc | 16 ++
.../security/patches/SA-23:15/stdio.13.patch | 125 +++++++++++++++
.../security/patches/SA-23:15/stdio.13.patch.asc | 16 ++
.../security/patches/SA-23:15/stdio.14.patch | 125 +++++++++++++++
.../security/patches/SA-23:15/stdio.14.patch.asc | 16 ++
.../static/security/patches/SA-23:16/cap_net.patch | 32 ++++
.../security/patches/SA-23:16/cap_net.patch.asc | 16 ++
18 files changed, 1091 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 6432cceb40..d3995fcc48 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,14 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-23:16.cap_net"
+date = "2023-11-08"
+
+[[advisories]]
+name = "FreeBSD-SA-23:15.stdio"
+date = "2023-11-08"
+
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 8c61975a0c..df128aa134 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-23:14.regcomp"
+date = "2023-11-08"
+
+[[notices]]
+name = "FreeBSD-EN-23:13.freebsd-update"
+date = "2023-11-08"
+
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
diff --git a/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc
new file mode 100644
index 0000000000..08dafcfa78
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:13.freebsd-update Errata Notice
+ The FreeBSD Project
+
+Topic: freebsd-update does not handle deep boot environments
+
+Category: core
+Announced: 2023-11-08
+Affects: All supported versions of FreeBSD.
+Corrected: 2023-10-24 00:04:14 UTC (stable/14, 14.0-STABLE)
+ 2023-10-24 16:12:01 UTC (releng/14.0, 14.0-RC3)
+ 2023-10-24 00:04:18 UTC (stable/13, 13.2-STABLE)
+ 2023-11-08 00:59:45 UTC (releng/13.2, 13.2-RELEASE-p5)
+ 2023-10-24 00:05:10 UTC (stable/12, 12.4-STABLE)
+ 2023-11-08 01:10:13 UTC (releng/12.4, 12.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+freebsd-update will create a new boot environment as a backup when performing
+updates.
+
+II. Problem Description
+
+Some systems use non-default configurations referred to as "deep" boot
+environments. Deep boot environments place datasets belonging to the boot
+environment subordinate to the boot environment dataset itself, rather than
+elsewhere in the pool structure.
+
+This kind of boot environment requires the -r flag to bectl(8) for most
+operations in order to recurse on these subordinate datasets, but
+freebsd-update(8) was not recursing when creating a backup boot environment.
+
+III. Impact
+
+Without recursing in bectl(8), backups taken of a deep boot environment are not
+complete snapshots of the system state before the upgrade takes place. This
+means that it's potentially painful to try and rollback to the pre-upgrade state
+after the upgrade has completed.
+
+IV. Workaround
+
+No workaround is available, but the default configuration is not affected and
+deep boot environment users may create their own backups prior to an upgrade
+with a manual `bectl create -r ...`
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 5c2a559876d1 stable/14-n265583
+releng/14.0/ e34fdb7c119e releng/14.0-n265341
+stable/13/ 80f747781f12 stable/13-n256596
+releng/13.2/ e79edfaf68c5 releng/13.2-n254641
+stable/12/ r373256
+releng/12.4/ r373266
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267535>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:13.freebsd-update.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKZUACgkQbljekB8A
+Gu+SVw/9FKEzcR7kUudFRwnNsY1LI7YphmuEA7xT6pdiMxizHmh/iWOF8yc5l3Ky
+lpXcIhbNXwOcI06Jv9OswIZyOXTtLZat+MVLyx4uoMgdHuM4wuPx4N9lo6FwvE1v
+Ehtf1GkEnOANcxou0PdrS+fHzUKx/hjn/WVKcdp+YmYzf19LnIqj2H58QWTP7INr
+cP/rj3EiqGi7XkBEh4te6nTyy27Wu+ihZZDdLFv43sf/cOEl2wsd8HJxVxfz9aEP
+lhJSBVMFq46YfNSLIsYLLN5v6d2C5ag4JJ2tvuX2sazLl3TXafDZ+OtAok0h8iiE
+qGrad3dt/g/5/WnSVK68GQ4MfyXJtfywxK18CX3fojeCuDJ5D9j7XUUXaqHHty9r
+CdcI4yZkswijkKIhtBRYdGh7Nvue54br6cnf7L8i/6hbPnLbdue3gs+v5OLNEttm
+LthNPViDJWid2TD+mRDS/2JubpiHspzb06Z+q2Hpt5wLRdISu1qPnjgGXgzXgPNB
+3PYbsPp2i1rHmz52K08hK+582QL5PMS5/hpB6pN2bakugvAGz5ocrBn1C5ejNIeo
+4FAFV5w4cvgaJJf7eI8Lo+IzEcg4gA6h8ibDsFXIzMf3Fnn9p7qH7cw85AoemW4a
+ZZBDYL81fEy9hJBqhQC4cmjEdzuvptPV5arFzX8J9M6Hirrnt9g=
+=l1ce
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc
new file mode 100644
index 0000000000..796c1e6368
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc
@@ -0,0 +1,151 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:14.regcomp Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect regular expression escape handling
+
+Category: core
+Module: libc
+Announced: 2023-11-08
+Affects: All supported versions of FreeBSD.
+Corrected: 2023-09-30 01:40:59 UTC (stable/14, 14.0-STABLE)
+ 2023-10-01 04:46:02 UTC (releng/14.0, 14.0-BETA5)
+ 2023-09-30 01:41:23 UTC (stable/13, 13.2-STABLE)
+ 2023-11-08 00:59:51 UTC (releng/13.2, 13.2-RELEASE-p5)
+ 2023-09-30 01:41:57 UTC (stable/12, 12.4-STABLE)
+ 2023-11-08 01:11:09 UTC (releng/12.4, 12.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The libc regex(3) implementation is responsible for compiling and applying
+regular expressions as used in, e.g., grep(1) and sed(1).
+
+II. Problem Description
+
+In some instances, the regcomp() implementation would inadvertently sign-extend
+a character in the regular expression. Additionally, alphabetic wide-characters
+were not properly being considered as such.
+
+III. Impact
+
+Regular expressions supplied to grep(1) or sed(1) that contained an alphabetic
+wide-character would incorrectly error out as if a bogus trailing backslash had
+been supplied.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Rebooting after the update is not strictly necessary, but it is recommended
+in case the error affects some daemon in use.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch.asc
+# gpg --verify regcomp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 56b09feb23d9 stable/14-n265274
+releng/14.0/ 408daf2caa92 releng/14.0-n265163
+stable/13/ ac695744e2cf stable/13-n256440
+releng/13.2/ 67264bfe4992 releng/13.2-n254642
+stable/12/ r373222
+releng/12.4/ r373267
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264275>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:14.regcomp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaAACgkQbljekB8A
+Gu+LkRAA3/sUdxhrZ2iv6JBThfYSW0d3aTNLz9z4bv41wGqXoYyXnUaQqwi0bxqN
+ckbtEB6jpoAArlZvcYnP6vmS7BdFHjaeXCI5pFsVtbhz7xlLVjlEgZwPNv69MT+2
+Uzg+cyHF0PU+7Mfh+Pxx3yURnBCXMljdMKrIkFK61nyHjHjL1HFMS07DxkZh3m24
+rG/WOJ9/fT+ICa3SAeREuydUUbXVvr1nmff8BJDV2PjQp2y8RaeYCjshfvHBA7AJ
+kC7y2TNUYtosFZkGAU33d0HZw/LNiWGQR0t4xjDBRNbQOF7vmOwmVHXqb+47bq6Z
+DajjnHTZcIs8edXpHC99EQu/1GVpc4zqPYZeO7VRZJg/EnYgXv2WYZr0zr0PsSw5
+mrnXIqt9c1YRZ6h5XEFv6G4L++8/FjbjZZUqriBurvYWwbXRr8Y6UY1r9Mbz6W+z
+h5jDwbrXB9kd+7az6m+jF5hFRe+74NQDtPFlRfP5ZpWZUb1NAmfU3x2s28m4ovWk
+Pg5kbiU4mDmml0pnLuIEOtr4ukvURY+V9NVhN7QW3WhP6TTvHwilgdfO8QNG847x
+eh2xFIF1cH/Ce1PK0PuvNwmWu8RlHaQpDIKWZ5qMzehk3Sk7da+p9cGzXGUyrWTC
+AdEAuIwPiNo0Lcj9isRaMB7TDDu4Wgv0Z9UVQtHikRrs1ul5s1c=
+=TY3O
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc
new file mode 100644
index 0000000000..0e367ac3a7
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-23:15.libc Security Advisory
+ The FreeBSD Project
+
+Topic: libc stdio buffer overflow
+
+Category: core
+Module: libc
+Announced: 2023-11-07
+Credits: inooo
+ All supported versions of FreeBSD.
+Corrected: 2023-11-07 17:29:20 UTC (stable/14, 14.0-STABLE)
+ 2023-11-08 00:45:25 UTC (releng/14.0, 14.0-RC4-p1)
+ 2023-11-07 18:41:49 UTC (stable/13, 13.2-STABLE)
+ 2023-11-08 00:48:03 UTC (releng/13.2, 13.2-RELEASE-p5)
+ 2023-11-08 14:30:51 UTC (stable/12, 12.4-STABLE)
+ 2023-11-08 01:09:31 UTC (releng/12.4, 12.4-RELEASE-p7)
+CVE Name: CVE-2023-5941
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD C library (libc) Standard I/O (stdio) component provides
+essential functionality for input and output operations including file
+handling and buffering. It includes functions like "fopen", "printf", and
+"fflush". Streams may be unbuffered, line buffered, or fully buffered.
+The library writes buffered data when the buffer is full or when the
+application explicitly requests so by calling the fflush(3) function.
+
+II. Problem Description
+
+For line-buffered streams the __sflush() function did not correctly update
+the FILE object's write space member when the write(2) system call returns
+an error.
+
+III. Impact
+
+Depending on the nature of an application that calls libc's stdio functions
+and the presence of errors returned from the write(2) system call (or an
+overridden stdio write routine) a heap buffer overfly may occur. Such
+overflows may lead to data corruption or the execution of arbitrary code at
+the privilege level of the calling program.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.0]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch.asc
+# gpg --verify stdio.14.patch.asc
+
+[FreeBSD 13.2]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch.asc
+# gpg --verify stdio.13.patch.asc
+
+[FreeBSD 12.4]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch.asc
+# gpg --verify stdio.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ abe12d2f4ce3 stable/14-n265706
+releng/14.0/ 1f9c4610dde5 releng/14.0-n265376
+stable/13/ 59ec3ffdd7ce stable/13-n256680
+releng/13.2/ d51a39b13ee4 releng/13.2-n254639
+stable/12/ r373263
+releng/12.4/ r373265
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5941>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:15.stdio.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaIACgkQbljekB8A
+Gu/MXBAA1Aayy2tPhgpV7uwRZWHKLsda8Am0/7Ok6fswejrxntVIlOwg+Vyo1pTW
+ojDTG2HS9BovXwdhWdSEObNwk+KxZlF8YIYHMOv5HyU4/iTxiBYVUjnk14J0YQAw
+mywyBjOyULXv1gOlvA8FUMk6M8I/RE9fN8dR0D6xHwdY/a/LUbpqqo3H7fftF5D7
+CVZy4Uw0rSJXvJEZIWhgbaqKRyjydXoClX4NS/aMEfLFGDcSQtblVotUVpDedsRZ
+uhVKLibhNqoaausR75oLB6izclHQXzXz3eh7UefM7Udz4R/M8IfFtxwtpsWl3KGH
+bB/2BfrWgrj6Emhmy455NShd7YDcw4VdIZZUVwofS8kmw9NMxvtU2EgdFp/TITMD
+fo/XqMtrwpNTjuyWPY9xM41QansEeidhVBeHsA6B8kmsiZ1XVo8uaAmj5aHldEZx
+TCCVWOlg8D/OnHHtOY0nBz50f57Lt8z2UcSlR3nZL/wRgxsGDdwh1doeFJupIxbE
+1ZS6x4DoQInUhVNTXmSngMCfNOywatVCaOnS2swZETEawI4xAYKUHVJswpA3E0R4
+MhUEo5gk2dEYhuvvr51eewvNSE9mIt7rPhNxhSU7hioraWkdLqE7rUkv9eeaSOOu
+BWaAaCnyS/Vft6aC5nqTg/+2EeRPNJg7JkTHl+pu00h3Y+Q2g48=
+=wgNS
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc
new file mode 100644
index 0000000000..249a838ac8
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-23:16.cap_net Security Advisory
+ The FreeBSD Project
+
+Topic: Incorrect libcap_net limitation list manipulation
+
+Category: core
+Module: libcap_net
+Announced: 2023-11-08
+Credits: Shawn Webb, Mariusz Zaborski
+Affects: FreeBSD 13.2 and later
+Corrected: 2023-11-06 19:19:04 UTC (stable/14, 14.0-STABLE)
+ 2023-11-08 00:45:34 UTC (releng/14.0, 14.0-RC4-p1)
+ 2023-11-06 19:19:54 UTC (stable/13, 13.2-STABLE)
+ 2023-11-08 00:49:31 UTC (releng/13.2, 13.2-RELEASE-p5)
+CVE Name: CVE-2023-5978
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+libcasper(3) allows Capsicum-sandboxed applications to define and use system
+interfaces which would otherwise be disallowed, through implementing special
+services. One of these services, libcap_net, enables networking capabilities
+within the restriced environment.
+
+II. Problem Description
+
+Casper services allow limiting operations that a process can perform. Each
+service maintains a specific list of permitted operations. Certain operations
+can be further restricted, such as specifying which domain names can be
+resolved. During the verification of limits, the service must ensure that the
+new set of constraints is a subset of the previous one. In the case of the
+cap_net service, the currently limited set of domain names was fetched
+incorrectly.
+
+III. Impact
+
+In certain scenarios, if only a list of resolvable domain names was specified
+without setting any other limitations, the application could submit a new list
+of domains including include entries not previously in the list.
+
+IV. Workaround
+
+No workaround is available. Note that no FreeBSD base system software is
+vulnerable to this issue.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch.asc
+# gpg --verify cap_net.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 765757c6301f stable/14-n265696
+releng/14.0/ 5f4fc91cc87c releng/14.0-n265377
+stable/13/ 114c6d9bef76 stable/13-n256672
+releng/13.2/ acd860c3622d releng/13.2-n254640
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5978>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:16.cap_net.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaYACgkQbljekB8A
+Gu8Ofg/6AxzPey7hIS6rRO5Mv5ufiKEiYDwPo3t6epUiaLid21KhkLry1CofqFHd
+pC0zsYDJiWCkvieGBHhCkNYmffL9TCgLqNxSSH7plwMHwrLLQKxYRVn9V0ReGdc9
+qRY5XB1W0Ocns0CbpEXuMRNde5UNwc63xN0/xlnBESfex6+fP9kPNB7VLoYY4Foj
+jDzn6s8YNaUOVO7YtlZDjPRRazwVLriQ3Bf+lCNkJFq4VyyhRPFkeknOFHt5olA2
+dp+DIVQGUVRGjeaZDlxLZ4j0Nw39ZK8T6mSXSskjtSfQtHd6DPgDFBzZKjhtzRFd
++5lutnrXpZemQjUcOKqVG1ZmlbDQChIWVlJ1kyORRjb8ZO+vknhFo/w3a5o4sq1A
+ZtK1w2CFo0+jL+oWxJdFEiRFR0jwMtVfMCzZAoLsDXnYbmni/353BKGMlBFgdsAy
+Php3E/LsxCoFaZ+r87Z6O2UefEYMCr1FDM99SQkU1Ui3kzWEskHEvPR6JS31Htu2
+9ry3c4T08r1Qhp7J9Zdfnwvtd0fyEWn16ewzeiV4M6+gPErWZncar+86b87IRKof
+bTJ4XiK7kcORyD5ksgcBINUd5njOvXGIYTfkqSmlyikAhnoM7MN3npUGyRq6KQTE
+NPAr3gWrch7pegBVP3JuDQaYwfJarg6BmPb9sWWfkzQHRf9pfOI=
+=XNt1
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:13/freebsd-update.patch b/website/static/security/patches/EN-23:13/freebsd-update.patch
new file mode 100644
index 0000000000..76c6b9ff9a
--- /dev/null
+++ b/website/static/security/patches/EN-23:13/freebsd-update.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -916,7 +916,7 @@
+ echo -n "Creating snapshot of existing boot environment... "
+ VERSION=`freebsd-version -ku | sort -V | tail -n 1`
+ TIMESTAMP=`date +"%Y-%m-%d_%H%M%S"`
+- bectl create ${VERSION}_${TIMESTAMP}
++ bectl create -r ${VERSION}_${TIMESTAMP}
+ if [ $? -eq 0 ]; then
+ echo "done.";
+ else
diff --git a/website/static/security/patches/EN-23:13/freebsd-update.patch.asc b/website/static/security/patches/EN-23:13/freebsd-update.patch.asc
new file mode 100644
index 0000000000..48d1aa9979
--- /dev/null
+++ b/website/static/security/patches/EN-23:13/freebsd-update.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKZ8ACgkQbljekB8A
+Gu/EDRAAzEfC1ThckV63SsbfX/0KSm2XXHIpDppl86ML8F/WpPUhLAHu7KcmSVSG
+mxqlqhB9eUa/gMLCibrjBVFOugBwWi3BAiiZIVpwdnH5ycgn0Dpu1ngCxI0PxlLC
+sRuwuXMBhDdTRhqq5A1nqMF6pCaAtrhfbThKQU9d/dQTOigHCqB9AILJcM2mf8Kd
+pbo/uTidNdFhLkCWueN9hwJOLZwrtlFoIzd3OuEtlnbq5C9OPd2IhIMBHq1EB6vV
+cenxpdwxszuuAAawCnKsDq6+8BwFhI5hsubMuWhs1XkR2JLCn8ZmifSD9cEqO4ai
+3LxmN8j3CIZiWflWbgB9Kv6dDvDkcZ4wD+pGbRwNpmpLzt2obbrJFvTbV1g8vWaG
+03Y3Kt9lsnw2GaXRNtGA5WQrdA8PRgboOvq2ZB6SOEviFQ6IDOO+PspVF48OyS2g
+khMQhvZPQxyM5vxgJR3z2q3c+GpBKq5qIzfs2YErCi6y5JSDyzlpiOX0doXNjPc7
+6czhO4bIpXG7XuAerVS1ZnO7KpwxBBO3pK9iTivsR8Yo4gP5h7o73SD8TKCQ4Oq7
+b7wVDKncExUtK/1firP90QWDLETeev+QX87Rt5b0+RnWG+lZiWlnUbMMjkLQoHMh
+JNSFsqPNkt06Oc2LgzBnoNAkTOIBqKdfpBx6HmZchn3JdbY0g9U=
+=mz0x
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:14/regcomp.patch b/website/static/security/patches/EN-23:14/regcomp.patch
new file mode 100644
index 0000000000..b3cf36ebd5
--- /dev/null
+++ b/website/static/security/patches/EN-23:14/regcomp.patch
@@ -0,0 +1,33 @@
+--- lib/libc/regex/regcomp.c.orig
++++ lib/libc/regex/regcomp.c
+@@ -828,10 +828,10 @@
+ handled = false;
+
+ assert(MORE()); /* caller should have ensured this */
+- c = GETNEXT();
++ c = (uch)GETNEXT();
+ if (c == '\\') {
+ (void)REQUIRE(MORE(), REG_EESCAPE);
+- cc = GETNEXT();
++ cc = (uch)GETNEXT();
+ c = BACKSL | cc;
+ #ifdef LIBREGEX
+ if (p->gnuext) {
+@@ -992,7 +992,7 @@
+ int ndigits = 0;
+
+ while (MORE() && isdigit((uch)PEEK()) && count <= DUPMAX) {
+- count = count*10 + (GETNEXT() - '0');
++ count = count*10 + ((uch)GETNEXT() - '0');
+ ndigits++;
+ }
+
+@@ -1302,7 +1302,7 @@
+
+ if ((p->pflags & PFLAG_LEGACY_ESC) != 0)
+ return (true);
+- if (isalpha(ch) || ch == '\'' || ch == '`')
++ if (iswalpha(ch) || ch == '\'' || ch == '`')
+ return (false);
+ return (true);
+ #ifdef NOTYET
diff --git a/website/static/security/patches/EN-23:14/regcomp.patch.asc b/website/static/security/patches/EN-23:14/regcomp.patch.asc
new file mode 100644
index 0000000000..a39e86454f
--- /dev/null
+++ b/website/static/security/patches/EN-23:14/regcomp.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaEACgkQbljekB8A
+Gu+pIA//Wifwi3NMr++co8mYoIbszyN6kkaA30d5guB8gNdqL834Ipcpai+pYj6Z
+Z9ARlVHZkawwBEfPQOXi+0Q1c1o55QsSwpunUJ2gbtcFrAnh7huXLT3gE4QSEEKu
+XvepH/mCOmBL4tPC2lGiiRXH7xZ9AGS8N0vyOfryks39DG1N0s900a56qaUs5sQx
+6/7Th2tucHM5XR7J6fp2PL2vd4U3/EbtdeYpf3uvdRF01u1qiyHL1gwANLs944wD
+u7Clh+3rgHDcuMoZuU+29DRiAAhhB53CMoK+nb981vmYEZ0BvaQ6D1RE+TrLdyaR
+YBTHcwUaY4J330hxMAeI+pHD82fZeVze1REepizIaG6zBvYJ0ZgArkJ5kF7zPicq
+8cuMx/AnFwjhNj/1HuBSbRcPNj6qjDwbrIM3bh7N0O+r28IrhJdhCkbN4N90shBn
+eBx3s2gIQHkvFwpIOzlfF6RagTWJfIoX90agFQcdhzujZaFdYj8u5xXkkGqrlBoL
+j/myQeaX34rkus72370EowT5XfmcM7du7968shIU/NvDpT4RKml4yivjFPP4mLNS
+9VCj8l9VAeFSv/hLHWkmUh/Y6VS5GCdKGm+bBwVOdHOKUInDNIS0AyPfUjmk4bWw
+hT3S0dK7jyKYVG6/TlVhrRsbJ58iOOGBF6fsCBALd9cPZHOyiTE=
+=uTh+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-23:15/stdio.12.patch b/website/static/security/patches/SA-23:15/stdio.12.patch
new file mode 100644
index 0000000000..238780a3d5
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.12.patch
@@ -0,0 +1,42 @@
+--- lib/libc/stdio/fflush.c.orig
++++ lib/libc/stdio/fflush.c
+@@ -106,10 +106,10 @@
+ __sflush(FILE *fp)
+ {
+ unsigned char *p;
+- int n, t;
++ int n, f, t;
+
+- t = fp->_flags;
+- if ((t & __SWR) == 0)
++ f = fp->_flags;
++ if ((f & __SWR) == 0)
+ return (0);
+
+ if ((p = fp->_bf._base) == NULL)
+@@ -122,19 +122,18 @@
+ * exchange buffering (via setvbuf) in user write function.
+ */
+ fp->_p = p;
+- fp->_w = t & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
++ fp->_w = f & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
+
+ for (; n > 0; n -= t, p += t) {
+ t = _swrite(fp, (char *)p, n);
+ if (t <= 0) {
+- /* Reset _p and _w. */
+- if (p > fp->_p) {
++ if (p > fp->_p)
+ /* Some was written. */
+ memmove(fp->_p, p, n);
+- fp->_p += n;
+- if ((fp->_flags & (__SLBF | __SNBF)) == 0)
+- fp->_w -= n;
+- }
++ /* Reset _p and _w. */
++ fp->_p += n;
++ if ((fp->_flags & __SNBF) == 0)
++ fp->_w -= n;
+ fp->_flags |= __SERR;
+ return (EOF);
+ }
diff --git a/website/static/security/patches/SA-23:15/stdio.12.patch.asc b/website/static/security/patches/SA-23:15/stdio.12.patch.asc
new file mode 100644
index 0000000000..4f33a02361
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaMACgkQbljekB8A
+Gu9duhAAnc7k//U2XNdC4H7Czu9QTZBHwJFh6kMZBN8H70iauT+jrsMfImtHq4CC
+rm1n7y0ke63LqA9OTjFzYqYxd13gWC2XxB6Ct/FGEZ+gKqYE4zdGL2qDuQEvU0+C
+Z06ZKN6HdR2fXKPxxw5O5/18YEgRg+XANw2kZ9c2+6cd6Gj4QkrCDURFhqYbwTma
+hXRK4Bk7eZc/D/rE98M1T1lUObjWiknJYsmEnYwWgVbQuldaAulxhFCKOaU7Nc/4
+czIYP6cQtCKtBq9UdW/kZfqZL1r1mnmZu0gJh4CvhcSOXuBQE5ir8ffHJ0aKSknG
+4tenkPpC6IcJ957HYSFanA5q+3lJ2jwzO9Z6lSjS05CGD0mThIwrNcEKtK2EhF9q
+4WlY8GpU3QI0gxPfZZDxF40faGc8V7Vx6UhcP/I05hDbUiB4HVtSRyJJU5yq+AXW
+TckXDME4N8ix6Ceu4b3frwBXXsAOD9lPPuQkMBjkwRbRei3hnPNaoifhzEhiGU8U
+OCDS1CueXZ7gAM62VBWHOylgIfoXdPv2QAn6+p7iFinKz0qPi4ucSxUENbkbR9/u
+oRCsmIZIiTjsQaFGgL7HppBEQzMmd5BreHatq5o7488KUxAuS9Eszorn1b8zbnTW
+UsjOLrRf5xfYWN+YOp5/gWUFNyGlY2QZHTZ5iQ2j5UoWPB1IyCc=
+=yCZH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-23:15/stdio.13.patch b/website/static/security/patches/SA-23:15/stdio.13.patch
new file mode 100644
index 0000000000..3ac8741c35
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.13.patch
@@ -0,0 +1,125 @@
+--- lib/libc/stdio/fflush.c.orig
++++ lib/libc/stdio/fflush.c
+@@ -105,11 +105,11 @@
+ int
+ __sflush(FILE *fp)
+ {
+- unsigned char *p, *old_p;
+- int n, t, old_w;
++ unsigned char *p;
++ int n, f, t;
+
+- t = fp->_flags;
+- if ((t & __SWR) == 0)
++ f = fp->_flags;
++ if ((f & __SWR) == 0)
+ return (0);
+
+ if ((p = fp->_bf._base) == NULL)
+@@ -121,26 +121,19 @@
+ * Set these immediately to avoid problems with longjmp and to allow
+ * exchange buffering (via setvbuf) in user write function.
+ */
+- old_p = fp->_p;
+ fp->_p = p;
+- old_w = fp->_w;
+- fp->_w = t & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
++ fp->_w = f & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
+
+ for (; n > 0; n -= t, p += t) {
+ t = _swrite(fp, (char *)p, n);
+ if (t <= 0) {
+- /* Reset _p and _w. */
+- if (p > fp->_p) {
++ if (p > fp->_p)
+ /* Some was written. */
+ memmove(fp->_p, p, n);
+- fp->_p += n;
+- if ((fp->_flags & (__SLBF | __SNBF)) == 0)
+- fp->_w -= n;
+- /* conditional to handle setvbuf */
+- } else if (p == fp->_p && errno == EINTR) {
+- fp->_p = old_p;
+- fp->_w = old_w;
+- }
++ /* Reset _p and _w. */
++ fp->_p += n;
++ if ((fp->_flags & __SNBF) == 0)
++ fp->_w -= n;
+ fp->_flags |= __SERR;
+ return (EOF);
+ }
+--- lib/libc/stdio/fvwrite.c.orig
++++ lib/libc/stdio/fvwrite.c
+@@ -38,7 +38,6 @@
+ #include <sys/cdefs.h>
+ __FBSDID("$FreeBSD$");
+
+-#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -55,7 +54,6 @@
+ __sfvwrite(FILE *fp, struct __suio *uio)
+ {
+ size_t len;
+- unsigned char *old_p;
+ char *p;
+ struct __siov *iov;
+ int w, s;
+@@ -139,12 +137,8 @@
+ COPY(w);
+ /* fp->_w -= w; */ /* unneeded */
+ fp->_p += w;
+- old_p = fp->_p;
+- if (__fflush(fp) == EOF) {
+- if (old_p == fp->_p && errno == EINTR)
+- fp->_p -= w;
++ if (__fflush(fp))
+ goto err;
+- }
+ } else if (len >= (w = fp->_bf._size)) {
+ /* write directly */
+ w = _swrite(fp, p, w);
+@@ -183,12 +177,8 @@
+ COPY(w);
+ /* fp->_w -= w; */
+ fp->_p += w;
+- old_p = fp->_p;
+- if (__fflush(fp) == EOF) {
+- if (old_p == fp->_p && errno == EINTR)
+- fp->_p -= w;
++ if (__fflush(fp))
+ goto err;
+- }
+ } else if (s >= (w = fp->_bf._size)) {
+ w = _swrite(fp, p, w);
+ if (w <= 0)
+--- lib/libc/stdio/wbuf.c.orig
++++ lib/libc/stdio/wbuf.c
+@@ -52,7 +52,6 @@
+ int
+ __swbuf(int c, FILE *fp)
+ {
*** 257 LINES SKIPPED ***