svn commit: r49582 - in head/share: security/advisories security/patches/EN-16:17 security/patches/EN-16:18 security/patches/SA-16:15 security/patches/SA-16:32 xml
Gleb Smirnoff
glebius at FreeBSD.org
Tue Oct 25 17:32:51 UTC 2016
Author: glebius (src committer)
Date: Tue Oct 25 17:32:49 2016
New Revision: 49582
URL: https://svnweb.freebsd.org/changeset/doc/49582
Log:
Publish SA-16:15 revised, SA-16:32, EN-16:17, EN-16:18.
Added:
head/share/security/advisories/FreeBSD-EN-16:17.vm.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-16:18.loader.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-16:32.bhyve.asc (contents, props changed)
head/share/security/patches/EN-16:17/
head/share/security/patches/EN-16:17/vm.patch (contents, props changed)
head/share/security/patches/EN-16:17/vm.patch.asc (contents, props changed)
head/share/security/patches/EN-16:18/
head/share/security/patches/EN-16:18/loader.patch (contents, props changed)
head/share/security/patches/EN-16:18/loader.patch.asc (contents, props changed)
head/share/security/patches/SA-16:15/sysarch-01.patch (contents, props changed)
head/share/security/patches/SA-16:15/sysarch-01.patch.asc (contents, props changed)
head/share/security/patches/SA-16:32/
head/share/security/patches/SA-16:32/bhyve.patch (contents, props changed)
head/share/security/patches/SA-16:32/bhyve.patch.asc (contents, props changed)
Modified:
head/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-16:17.vm.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:17.vm.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:17.vm Errata Notice
+ The FreeBSD Project
+
+Topic: Virtual Memory issues
+
+Category: core
+Module: Virtual Memory subsystem
+Announced: 2016-10-25
+Credits:
+Affects: FreeBSD 10.3
+Corrected: 2016-07-25 13:31:18 UTC (stable/10, 10.3-STABLE)
+ 2016-10-25 16:45:55 UTC (releng/10.3, 10.3-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security branches,
+and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The virtual memory subsystem manages address spaces of the processes, and
+tightly cooperates with the file systems and process management to provide
+the execution environment for the applications.
+
+II. Problem Description
+
+Due to increased parallelism and optimizations in several parts of the
+system, the previously latent bugs in VM become much easier to trigger,
+affecting a significant number of the FreeBSD users. The exact technical
+details of the issues are provided in the commit messages of the merged
+revisions, which are listed below with short summaries.
+
+r301184 prevent parallel object collapses, fixes object lifecycle
+r301436 do not leak the vm object lock, fixes overcommit disable
+r302243 avoid the active object marking for vm.vmtotal sysctl, fixes
+ "vodead" hangs
+r302513 vm_fault() race with the vm_object_collapse(), fixes spurious
+ SIGSEGV
+r303291 postpone BO_DEAD, fixes panic on fast vnode reclaim
+
+III. Impact
+
+Due to the bugs, spurious SIGSEGV might be delivered to processes, causing
+hangs on the "vodead" state on filesystem operations might be observed,
+system might hang or panic during rapid UFS vnodes reclamation.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/EN-16:17/vm.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:17/vm.patch.asc
+# gpg --verify vm.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r303291
+releng/10.3/ r307929
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204764>
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204426>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-16:17.vm.asc
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYD5UUAAoJEO1n7NZdz2rnxWUQAJ/yL3KpTFuhaHnnOg84mpwE
+KguSEpFB4BqxPVntuwuutyvRf1aibdrcjOESJ62U86Nw3Yn+umYFQaq6ySTzWhbY
+6JlARZEGQa0kt+kP8etx1Z/AjCiplHFjhi1HSdq/nhnYwwVlrw5vu5IiN66Vu9vu
+OyfjmC3Zxx9Zf8CByTk7S9qGzhrsJPZvlkgVnOgUEwEq+zbYFAYk+vNVvF7KwSI5
+WxlOhkt6OdJUTUV+lOl5xZlGU3LlvE+2/+LpOOyNbgK/alAuPpt3JGiVnRYje6YI
+lQnJXdM6Y5cITawkOhaePNRlgIphSKOjiomlVfpzDVKaoEvKTaTA0QNcTG7cF5vD
+AeO/k2J15ARJQo/SRmTGE2/kOC7RSlAPBAYcBYy83LXDRxrhWtkz12LHzGu85IBy
+TzgWgJX9IBiQDXKBg+7BLzkWAb4lX5sg38fZzGn80GD2EhkZ8vSnzjQyCgVQdxKD
+T4XVVbiRSDywxelhRI9L/xLTM8kPNbL4ZQLrtS5VvQt/PSNubcFMkLgvP+lbOvKB
+eE44FX8jQrs5YNbFamksOHJ6qDSzQk4Rxk6Nd6BlYAD/xFT+h5MnqydBtl4cWua1
+zpaCUjqA2OxQHANiauFRj71fjjWfKF/pbEsfHaJmtyx55PyVwhgeATjbo02kuWug
+sk7U5vuJxdMO+iRBHQKZ
+=Jq+g
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-16:18.loader.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:18.loader.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:18 Errata Notice
+ The FreeBSD Project
+
+Topic: Loader may hang during boot
+
+Category: core
+Module: loader
+Announced: 2016-10-25
+Affects: FreeBSD 11.0
+Corrected: 2016-10-08 00:01:07 UTC (stable/11, 11.0-STABLE)
+ 2016-10-25 16:50:10 UTC (releng/11.0, 11.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The loader is the final stage (boot3) of the boot process and is responsible
+for loading the kernel and starting the operating system. GELIBoot is a
+feature present in the loader that allows it to boot the system from an
+encrypted disks.
+
+II. Problem Description
+
+A programming error in GELIBoot causes the loader to attempt to read past
+the end of the disk if the size of the final partition is not a multiple of
+4 kB.
+
+III. Impact
+
+On most systems, reading past the end of the disk will result in the read
+failing, and the boot process will continue normally. On some systems, the
+read past the end of the disk will be retried a number of times and will
+result in the boot process being slower than usual. On Amazon EC2 instances,
+and possibly other virtualization platforms, this issue causes the boot
+process to hang and never complete.
+
+IV. Workaround
+
+No workaround is available, but systems with 4 kB aligned partitions will not
+result in an attempt to read past the end of the disk.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.0]
+# fetch https://security.FreeBSD.org/patches/EN-16:18/loader.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:18/loader.patch.asc
+# gpg --verify loader.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r306834
+releng/11.0/ r307930
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213196>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:18.loader.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYD5UZAAoJEO1n7NZdz2rnNNEQAL+Rdn8eEtmUU4AVfa1pnIrc
+/+owfHzB6NS5N+qcsFJmWGyrP6X3HAgNTfiJuNdJBV8HgcAtCQCPie/jork9A/q1
+U0ur8FDr91Y6Cr2H8BINmf7Oe3vwY6S7pPbwbHaHCzAAI/JyDtjGlN4VlEr7lKh/
+3J6xizMDHTBj198SopMIDUWl+qFeLxEMb60WV0Z8NDRyQzV0yXbveUkg35FZhqaW
+w/aAH0hTh3qhxjQCyh34GrJ/peuvPtWxZLfPP7zowIKKAGQR+PfFnN9PrGQFAzht
+yQVk8WrvTrlzZbay6U5BGFcwaxVSgW8PLIHET01BAyd//HBGdfofEMcVXoiQqf5x
+1kX0fdiop02JZX49rzknAGtLlUivniBSCZTnPZrFCjhOHE+TZhhhnqB/jT+RBazx
+m5xFScvfcZZ8ZXK1e68Jn1/SpIOtX+lXmKpoFwE4HoPtJkZV3SDIRYgAsxuWRlMy
+R0I7HuGc7RgJNSJWFhGWcUkyq0yZhy7+x0vVzV3tDZClYrv82ZbVxzTCSCH2se3L
+TLnIruK3nPt4KPWPka7H0jaVzICjqJHzy30IsNMHYHZg8dQ0/CR7pYm2zgCu9B84
+qbemY0YKlhsccM0/R/P9OMNDTcxP6l/Yhqb9A/upBhn2Vlw9OGamvuKfgX4WOTIE
+gOcI7hQW4U/U3ioTTS1T
+=vmGn
+-----END PGP SIGNATURE-----
Modified: head/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc Tue Oct 25 16:44:58 2016 (r49581)
+++ head/share/security/advisories/FreeBSD-SA-16:15.sysarch.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -2,27 +2,36 @@
Hash: SHA512
=============================================================================
-FreeBSD-SA-16:15.sysarch Security Advisory
+FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project
Topic: Incorrect argument validation in sysarch(2)
Category: core
Module: kernel
-Announced: 2016-03-16
-Credits: Core Security
+Announced: 2016-10-25
+Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.
-Corrected: 2016-03-16 22:35:55 UTC (stable/10, 10.2-STABLE)
- 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
- 2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
- 2016-03-16 22:36:02 UTC (stable/9, 9.3-STABLE)
- 2016-03-16 22:30:03 UTC (releng/9.3, 9.3-RELEASE-p39)
+Corrected: 2016-10-25 17:14:50 UTC (stable/11, 11.0-STABLE)
+ 2016-10-25 17:11:20 UTC (releng/11.0, 11.0-RELEASE-p2)
+ 2016-10-25 17:16:08 UTC (stable/10, 10.3-STABLE)
+ 2016-10-25 17:11:15 UTC (releng/10.3, 10.3-RELEASE-p11)
+ 2016-10-25 17:11:11 UTC (releng/10.2, 10.2-RELEASE-p24)
+ 2016-10-25 17:11:07 UTC (releng/10.1, 10.1-RELEASE-p41)
+ 2016-10-25 17:16:58 UTC (stable/9, 9.3-STABLE)
+ 2016-10-25 17:11:02 UTC (releng/9.3, 9.3-RELEASE-p49)
CVE Name: CVE-2016-1885
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history
+
+v1.0 2016-03-16 Initial release.
+v1.1 2016-10-25 Revised patch to address a problem pointed out by
+ ahaha from Chaitin Tech.
+
I. Background
The IA-32 architecture allows programs to define segments, which provides
@@ -38,10 +47,10 @@ II. Problem Description
A special combination of sysarch(2) arguments, specify a request to
uninstall a set of descriptors from the LDT. The start descriptor
-is cleared and the number of descriptors are provided. Due to invalid
-use of a signed intermediate value in the bounds checking during argument
-validity verification, unbound zero'ing of the process LDT and adjacent
-memory can be initiated from usermode.
+is cleared and the number of descriptors are provided. Due to lack
+of sufficient bounds checking during argument validity verification,
+unbound zero'ing of the process LDT and adjacent memory can be initiated
+from usermode.
III. Impact
@@ -77,14 +86,27 @@ Reboot is required.
The following patches have been verified to apply to the applicable
FreeBSD release branches.
+[*** v1.1 NOTE ***] If your sources are not yet patched using the initially
+published advisory patches, then you need to apply both sysarch.patch and
+sysarch-01.patch. If your sources are already updated, or patched with
+patches from the initial advisory, then you need to apply sysarch-01.patch
+only.
+
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
+[ FreeBSD system not patched with original SA-16:15 patch]
# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch
# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch.patch.asc
# gpg --verify sysarch.patch.asc
-b) Apply the patch. Execute the following commands as root:
+[ FreeBSD system that has been patched with original SA-16:15 patch]
+# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch-01.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:15/sysarch-01.patch.asc
+# gpg --verify sysarch-01.patch.asc
+
+b) Apply the patch(es). Execute the following commands as root for
+every patch file downloaded:
# cd /usr/src
# patch < /path/to/patch
@@ -100,11 +122,14 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/9/ r296958
-releng/9.3/ r296953
-stable/10/ r296957
-releng/10.1/ r296954
-releng/10.2/ r296955
+stable/9/ r307941
+releng/9.3/ r307931
+stable/10/ r307940
+releng/10.1/ r307932
+releng/10.2/ r307933
+releng/10.3/ r307934
+stable/11/ r307938
+releng/11.0/ r307935
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@@ -125,17 +150,17 @@ The latest revision of this advisory is
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc>
-----BEGIN PGP SIGNATURE-----
-iQIcBAEBCgAGBQJW6eO/AAoJEO1n7NZdz2rn0UMP/iU/orN0P6+Rsj9hY2B6M0VS
-H6CMMVvketkIIWl9oKX9D/G0g/HyD8uFy06qL2OBz+h99h1oaF5ELl4G6TkF69Ra
-yOKrLcWnyi3eWLUaPvGkrLakVpG0+pU3QRvBT+d0nsTarOMPq+nhooarMfAluF3p
-c3bXEjzn/lTA5T0zTcGS2o9IgORvYrKRIGW0KJDsCWsDgVyWngsJAJdIrzwx022Q
-ENoIGmgLnYsx7TY1cuMtdb3TVyJsZv8zjrrmcLzw67Vly7wShs22CKK23ydDDyy9
-xFYsbWA+X8CarV2uSk8xJCIbWjJSlfc9XvOlHLZEiT7PNCZIk2c2fNLENxHvyNl1
-vgIUBoD/wzzS5QqdnT4r726aQt3pNezns1NDxujwUovVn5nQaXnKOTJHsOthDJ99
-PakEMa93iZqOfzbVouBIBH1IPgNLHof9Jdq3wYiKhrQVJXRespdpCfh3/wdph9LB
-ElBOTlrCcShV+N6deO4KI2wNK5h704D4hOMsqlInLwGQmGi7qa4ouWASgzQQmU/8
-6va3mJsgCvzHUpRCMQo7pIZm6SnOIYLdg7S4vV7P6q5oOIBnjFa8bK/Cq+zOR42e
-gJs9ou65JTTC0KG+26wXaD2Wx8uriO/+ZfCT/YM29FUUqIdayqHxhACjF0lkY83P
-02CAQXURVoI7kbjHaGT7
-=jV9z
+iQIcBAEBCgAGBQJYD5VZAAoJEO1n7NZdz2rnYT4QAMmnfUBnxiNHfzaEDMe2oU+H
+WIVFzFtU5FTAm3wJ3JORU1euqhusDoB7D8nova30alM2bHHd86epBGgym1Q+hxR2
+qTI+d8QimvQUWelz7DWPh0h3ZNlVfDxY8vKlr5SS0W/HOMjbG/O6U1AIw5p7cPaa
+LkDpqo2IN8xBL6tJFUKNEQS/GzuU2HtfKhQK0/ojT4DW61AkOZn4SZzzYBz3iO4p
+a8Otv4+aHzyNjTZRm/33SrFzdG0RZWyT/WXsEHlv5NiXVMPML+oY918jppqClkoO
+pwjcneWTqgYrE4vvVOADKOlWyNa4jFmPQSW7MmNEaF4RMd8TMcE/cBTKOi41YuOp
+la1JzvtWUnou7oQqy/xKr0S/Wa2x6ZhR4vBg28fkfrQhn55N+qqDicQ3F907dOm5
+A0ERHKgImlWSGM+Sf2CJyrUJUNUye0bVQMhrM4e3psZ7Jr20IXjnhppr1mufCjTH
+H+aEHv43o/1HuoltnjstiBZ/CZpFdIXkBpsHtzteZR2y+pmZFA9bB4uZeeML0mj3
+/cxj8rgPRmcjk6nSsnLWhq2YEFAZBC/lv43wqSrXE9+BBpSh6zM5NCTPb50/dBqf
+V553uuGEvJlHmOAoveXxYyxKcGpgZAcgJjWpAkCpoVxgdrbtLcPY5Z+8cy8fMO3G
+YHOkZydbLPaXOXimZfut
+=NWuL
-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:32.bhyve.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:32.bhyve.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:32.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: bhyve - privilege escalation vulnerability
+
+Category: core
+Module: bhyve
+Announced: 2016-10-25
+Credits: Ilja van Sprundel, IOActive
+Affects: FreeBSD 11.0 amd64
+Corrected: 2016-10-25 17:15:32 UTC (stable/11, 11.0-STABLE)
+ 2016-10-25 17:11:20 UTC (releng/11.0, 11.0-RELEASE-p2)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve is a BSD licensed hypervisor that supports running a variety of
+virtual machines (guests).
+
+II. Problem Description
+
+An unchecked array reference in the VGA device emulation code could
+potentially allow guests access to the heap of the bhyve process.
+Since the bhyve process is running as root, this may allow guests to
+obtain full control of the hosts they are running on.
+
+III. Impact
+
+For bhyve virtual machines with the "fbuf" framebuffer device
+configured, if exploited, a malicious guest could obtain full access
+to not just the host system, but to other virtual machines running on
+the system.
+
+IV. Workaround
+
+No workaround is available, however systems not using bhyve for
+virtualization are not vulnerable. Additionally systems using bhyve
+but without the "fbuf" framebuffer device configured are not
+vulnerable.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed. Rather the bhyve process for vulnerable virtual
+machines should be restarted.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 platforms
+can be updated via the freebsd-update(8) utility.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:32/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:32/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the bhyve process(es).
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r307939
+releng/11.0/ r307935
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:32.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJYD5UbAAoJEO1n7NZdz2rnOAcP/03LJPbzVE05gIkN+j8z4jz5
+Q/EX+zGgid5omIqslsiM6obDNupnH3HYE7Suv5sCJky9pyX8mv1g3jTkxXzm+32k
+9rCcBtGdIviKKG8GNuMa56ZU5EvgUkwndn4qTi7KmZ/+1l8UGRCAsU04L6qQHwb2
+Si7WcgZLse+epkYAgzyje+YFR/Ib2xc3vdXXpj+uxlQWs6U3RZ95v+6M5ARhBHes
+YJ34QKphy/PaT02hI9AvLU6aB4hkN5XVE2uHgpciNRLp0DF3XwqHRYbDx2bACifS
+ge7hbpsSCZuOayYWdtw8gcbzJXxX1fMv1q9ntj5XLh/a4av7coHWYPHDYmIC7Inb
+RNAhynR8W9SWFZ1EqUEWhKeWPwpKgiy1e4+CpDm5wbnj+CzJLc08tMU77jIUV6In
+ilJkZ04sv25mjOdnjSkjt6PnXmT1n+UrWdKjOYsAkaWiHpAUzGT2dSgRfn8zh5wv
+hc1368Z2v2v43HJ+Y4x0M0VVuuEydEHB+sWBhn8evxlQ6KIAC2sdi7juP4TLAgkj
+A1kA3Oob4+pGlxzTGgHDE+/HzHnGEfmoWHS/u0dmDiUuTlQDKQCdCEUnjfRdJYuc
+3fbigdY70d2wx6igs4VZszSQLu4c4ranewy3ORS1OghpOjnvO7mvJVUbseusLaNC
+fYkumZ2XfUaJuya63z7z
+=gyCa
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-16:17/vm.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-16:17/vm.patch Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,235 @@
+--- sys/kern/vfs_subr.c.orig
++++ sys/kern/vfs_subr.c
+@@ -2934,7 +2934,13 @@
+ TAILQ_EMPTY(&vp->v_bufobj.bo_clean.bv_hd) &&
+ vp->v_bufobj.bo_clean.bv_cnt == 0,
+ ("vp %p bufobj not invalidated", vp));
+- vp->v_bufobj.bo_flag |= BO_DEAD;
++
++ /*
++ * For VMIO bufobj, BO_DEAD is set in vm_object_terminate()
++ * after the object's page queue is flushed.
++ */
++ if (vp->v_bufobj.bo_object == NULL)
++ vp->v_bufobj.bo_flag |= BO_DEAD;
+ BO_UNLOCK(&vp->v_bufobj);
+
+ /*
+--- sys/vm/vm_fault.c.orig
++++ sys/vm/vm_fault.c
+@@ -286,7 +286,7 @@
+ vm_prot_t prot;
+ long ahead, behind;
+ int alloc_req, era, faultcount, nera, reqpage, result;
+- boolean_t growstack, is_first_object_locked, wired;
++ boolean_t dead, growstack, is_first_object_locked, wired;
+ int map_generation;
+ vm_object_t next_object;
+ vm_page_t marray[VM_FAULT_READ_MAX];
+@@ -423,11 +423,18 @@
+ fs.pindex = fs.first_pindex;
+ while (TRUE) {
+ /*
+- * If the object is dead, we stop here
++ * If the object is marked for imminent termination,
++ * we retry here, since the collapse pass has raced
++ * with us. Otherwise, if we see terminally dead
++ * object, return fail.
+ */
+- if (fs.object->flags & OBJ_DEAD) {
++ if ((fs.object->flags & OBJ_DEAD) != 0) {
++ dead = fs.object->type == OBJT_DEAD;
+ unlock_and_deallocate(&fs);
+- return (KERN_PROTECTION_FAILURE);
++ if (dead)
++ return (KERN_PROTECTION_FAILURE);
++ pause("vmf_de", 1);
++ goto RetryFault;
+ }
+
+ /*
+--- sys/vm/vm_meter.c.orig
++++ sys/vm/vm_meter.c
+@@ -93,30 +93,32 @@
+ CTLFLAG_MPSAFE, NULL, 0, sysctl_vm_loadavg, "S,loadavg",
+ "Machine loadaverage history");
+
++/*
++ * This function aims to determine if the object is mapped,
++ * specifically, if it is referenced by a vm_map_entry. Because
++ * objects occasionally acquire transient references that do not
++ * represent a mapping, the method used here is inexact. However, it
++ * has very low overhead and is good enough for the advisory
++ * vm.vmtotal sysctl.
++ */
++static bool
++is_object_active(vm_object_t obj)
++{
++
++ return (obj->ref_count > obj->shadow_count);
++}
++
+ static int
+ vmtotal(SYSCTL_HANDLER_ARGS)
+ {
+- struct proc *p;
+ struct vmtotal total;
+- vm_map_entry_t entry;
+ vm_object_t object;
+- vm_map_t map;
+- int paging;
++ struct proc *p;
+ struct thread *td;
+- struct vmspace *vm;
+
+ bzero(&total, sizeof(total));
++
+ /*
+- * Mark all objects as inactive.
+- */
+- mtx_lock(&vm_object_list_mtx);
+- TAILQ_FOREACH(object, &vm_object_list, object_list) {
+- VM_OBJECT_WLOCK(object);
+- vm_object_clear_flag(object, OBJ_ACTIVE);
+- VM_OBJECT_WUNLOCK(object);
+- }
+- mtx_unlock(&vm_object_list_mtx);
+- /*
+ * Calculate process statistics.
+ */
+ sx_slock(&allproc_lock);
+@@ -136,11 +138,15 @@
+ case TDS_INHIBITED:
+ if (TD_IS_SWAPPED(td))
+ total.t_sw++;
+- else if (TD_IS_SLEEPING(td) &&
+- td->td_priority <= PZERO)
+- total.t_dw++;
+- else
+- total.t_sl++;
++ else if (TD_IS_SLEEPING(td)) {
++ if (td->td_priority <= PZERO)
++ total.t_dw++;
++ else
++ total.t_sl++;
++ if (td->td_wchan ==
++ &cnt.v_free_count)
++ total.t_pw++;
++ }
+ break;
+
+ case TDS_CAN_RUN:
+@@ -158,29 +164,6 @@
+ }
+ }
+ PROC_UNLOCK(p);
+- /*
+- * Note active objects.
+- */
+- paging = 0;
+- vm = vmspace_acquire_ref(p);
+- if (vm == NULL)
+- continue;
+- map = &vm->vm_map;
+- vm_map_lock_read(map);
+- for (entry = map->header.next;
+- entry != &map->header; entry = entry->next) {
+- if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) ||
+- (object = entry->object.vm_object) == NULL)
+- continue;
+- VM_OBJECT_WLOCK(object);
+- vm_object_set_flag(object, OBJ_ACTIVE);
+- paging |= object->paging_in_progress;
+- VM_OBJECT_WUNLOCK(object);
+- }
+- vm_map_unlock_read(map);
+- vmspace_free(vm);
+- if (paging)
+- total.t_pw++;
+ }
+ sx_sunlock(&allproc_lock);
+ /*
+@@ -206,9 +189,18 @@
+ */
+ continue;
+ }
++ if (object->ref_count == 1 &&
++ (object->flags & OBJ_NOSPLIT) != 0) {
++ /*
++ * Also skip otherwise unreferenced swap
++ * objects backing tmpfs vnodes, and POSIX or
++ * SysV shared memory.
++ */
++ continue;
++ }
+ total.t_vm += object->size;
+ total.t_rm += object->resident_page_count;
+- if (object->flags & OBJ_ACTIVE) {
++ if (is_object_active(object)) {
+ total.t_avm += object->size;
+ total.t_arm += object->resident_page_count;
+ }
+@@ -216,7 +208,7 @@
+ /* shared object */
+ total.t_vmshr += object->size;
+ total.t_rmshr += object->resident_page_count;
+- if (object->flags & OBJ_ACTIVE) {
++ if (is_object_active(object)) {
+ total.t_avmshr += object->size;
+ total.t_armshr += object->resident_page_count;
+ }
+--- sys/vm/vm_object.c.orig
++++ sys/vm/vm_object.c
+@@ -737,6 +737,10 @@
+
+ vinvalbuf(vp, V_SAVE, 0, 0);
+
++ BO_LOCK(&vp->v_bufobj);
++ vp->v_bufobj.bo_flag |= BO_DEAD;
++ BO_UNLOCK(&vp->v_bufobj);
++
+ VM_OBJECT_WLOCK(object);
+ }
+
+@@ -1722,6 +1726,9 @@
+ * case.
+ */
+ if (backing_object->ref_count == 1) {
++ vm_object_pip_add(object, 1);
++ vm_object_pip_add(backing_object, 1);
++
+ /*
+ * If there is exactly one reference to the backing
+ * object, we can collapse it into the parent.
+@@ -1793,11 +1800,13 @@
+ KASSERT(backing_object->ref_count == 1, (
+ "backing_object %p was somehow re-referenced during collapse!",
+ backing_object));
++ vm_object_pip_wakeup(backing_object);
+ backing_object->type = OBJT_DEAD;
+ backing_object->ref_count = 0;
+ VM_OBJECT_WUNLOCK(backing_object);
+ vm_object_destroy(backing_object);
+
++ vm_object_pip_wakeup(object);
+ object_collapses++;
+ } else {
+ vm_object_t new_backing_object;
+@@ -2130,6 +2139,7 @@
+ */
+ if (!reserved && !swap_reserve_by_cred(ptoa(next_size),
+ prev_object->cred)) {
++ VM_OBJECT_WUNLOCK(prev_object);
+ return (FALSE);
+ }
+ prev_object->charge += ptoa(next_size);
+--- sys/vm/vm_object.h.orig
++++ sys/vm/vm_object.h
+@@ -181,7 +181,6 @@
+ */
+ #define OBJ_FICTITIOUS 0x0001 /* (c) contains fictitious pages */
+ #define OBJ_UNMANAGED 0x0002 /* (c) contains unmanaged pages */
+-#define OBJ_ACTIVE 0x0004 /* active objects */
+ #define OBJ_DEAD 0x0008 /* dead objects (during rundown) */
+ #define OBJ_NOSPLIT 0x0010 /* dont split this object */
+ #define OBJ_PIPWNT 0x0040 /* paging in progress wanted */
Added: head/share/security/patches/EN-16:17/vm.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-16:17/vm.patch.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYD5UZAAoJEO1n7NZdz2rnveQP/18XosglN8If641FhVryq35Y
+JHRydPexwxGiYPyviA4Q97PmZVJoeXCLzzXBQG5aznHLTd3LzBmiKpjTU5c7l8XC
+sfbEXoHP7z3Qoxwopx8mCzxmGYOhbCGajXBlP9pIkZV1cqW802AD0W7PUfNpg9Bv
+/2Z/GTChrXZsX8uVUka8S7y8Bm+bGXr2dDuf/P9EWIjRmW/2QFdmTAI5WGxLXA03
+NdIs2YrAB5BmMJmRFueV38NvvDaBmFtfUPtDM+ZAwMfEu6yGB20sj4OR9bT5DLt4
+SuhaCY6CEaaPSOWMYq9TTpCQt/hL6G7S6ij+T76wF7WbqKl1wJWf7i89MeAtv6B+
+lsSSb52oHqxL1KVTUiv4j47QPxc5wNmhtkDiTn5VYP81Nnw/f2tLtQnUeUPAcIBn
+YMFGU+zuKaZmjoQeU0EG31q4UtUwIjHMs4cn9zwgYAj0oK+85UU4UgYh1PM68sbB
+wu6kwqJirb/zGZHzC8YD+Ypfp2c/6dYnPk9Mxu/6FCP5MHuTX6/+wlqI92cGM8Fo
+x9nROaTsZB+Kx3drNSiYiroyeKlrDPrapoTwg68NNjjI/Wgs/Mr9QVN/DvSAOlpH
+V54wGrm0GL8IQlnEWA+knE+8nRHsiTb3Wnz123QQLDk4ah6/hvRfaBn57R1oVlYT
+wi0AfTZtOXd8uZHwPP5q
+=NTrZ
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-16:18/loader.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-16:18/loader.patch Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,34 @@
+--- sys/boot/geli/geliboot.c.orig
++++ sys/boot/geli/geliboot.c
+@@ -77,17 +77,25 @@
+ int error;
+ off_t alignsector;
+
+- alignsector = (lastsector * DEV_BSIZE) &
+- ~(off_t)(DEV_GELIBOOT_BSIZE - 1);
++ alignsector = rounddown2(lastsector * DEV_BSIZE, DEV_GELIBOOT_BSIZE);
++ if (alignsector + DEV_GELIBOOT_BSIZE > ((lastsector + 1) * DEV_BSIZE)) {
++ /* Don't read past the end of the disk */
++ alignsector = (lastsector * DEV_BSIZE) + DEV_BSIZE
++ - DEV_GELIBOOT_BSIZE;
++ }
+ error = read_func(NULL, dskp, alignsector, &buf, DEV_GELIBOOT_BSIZE);
+ if (error != 0) {
+ return (error);
+ }
+- /* Extract the last DEV_BSIZE bytes from the block. */
+- error = eli_metadata_decode(buf + (DEV_GELIBOOT_BSIZE - DEV_BSIZE),
+- &md);
++ /* Extract the last 4k sector of the disk. */
++ error = eli_metadata_decode(buf, &md);
+ if (error != 0) {
+- return (error);
++ /* Try the last 512 byte sector instead. */
++ error = eli_metadata_decode(buf +
++ (DEV_GELIBOOT_BSIZE - DEV_BSIZE), &md);
++ if (error != 0) {
++ return (error);
++ }
+ }
+
+ if (!(md.md_flags & G_ELI_FLAG_GELIBOOT)) {
Added: head/share/security/patches/EN-16:18/loader.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-16:18/loader.patch.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYD5UaAAoJEO1n7NZdz2rnZeQP/A7rKnV8s+QKgS2KypSuk9pO
+N0DQsAx/M3qIOvkkCE3JjfV/iYpQZ8qVbFodI+Q6gy8EXPttEKotc9+Fqf3gyIvD
++YGeCmeALRqjziCqg5Yzfm+Vq4jhHK0EPxjzaPFTSfrWY1zKTnO9UILWBOeX+rff
+mYKWch2UzmXDLoOGm25v9Ov5tMyzTNDRqoMWUFPIbCt054Q1UqJBLKrlUXSRLQyi
+uc0Zhs3es27MfBE37ZEjGnm5hn8Zx9krsyqVuYp+ZWrugn4W/Ur36QEzETd7b3ZF
+MBDPQz8rJ1degserJDVPD3bF5aADjylNtsKffwo65F2qLnK6OcGjqRY93aQeJcjv
+bxDn1pqYsC/uT76k05AK+1IaFCXRufek4g+Z5BMsaGQyhmaqfN2opzAnrEmXnPY7
+0FI3p8uu6xH6JkfaOQwO71DvD00907/cAJq3HHUvbWSrgB/6ksqxQoElu/l8QyzG
+X2wDkwVKA9fF5ExMTDquvt725enikdoPCp3T2CiCfRv6N/xTuH/M54V0b/F+vHCT
+24eLVbdrdgQhrw0Hqk6bYhxt3VzpkIQPxNot8IpbtfJfJersrsDDC5o7PvSj04YJ
+01A9gTm/XGqSRfdET2GmoYvX+zbnQ10EuqXh57boPKDA8WuwmOvrsEylXW3BUpaz
+jx167sv08GgW5fdZmVxe
+=6m5C
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:15/sysarch-01.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:15/sysarch-01.patch Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,21 @@
+--- sys/amd64/amd64/sys_machdep.c.orig
++++ sys/amd64/amd64/sys_machdep.c
+@@ -608,6 +608,8 @@
+ largest_ld = uap->start + uap->num;
+ if (largest_ld > max_ldt_segment)
+ largest_ld = max_ldt_segment;
++ if (largest_ld < uap->start)
++ return (EINVAL);
+ i = largest_ld - uap->start;
+ mtx_lock(&dt_lock);
+ bzero(&((struct user_segment_descriptor *)(pldt->ldt_base))
+@@ -620,7 +622,8 @@
+ /* verify range of descriptors to modify */
+ largest_ld = uap->start + uap->num;
+ if (uap->start >= max_ldt_segment ||
+- largest_ld > max_ldt_segment)
++ largest_ld > max_ldt_segment ||
++ largest_ld < uap->start)
+ return (EINVAL);
+ }
+
Added: head/share/security/patches/SA-16:15/sysarch-01.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:15/sysarch-01.patch.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYD5VaAAoJEO1n7NZdz2rn4WAP/3JhfEQ0ZUNAcMR3VGpKHEE3
+wWW3a0Y2vOBqRZwz3+tXKC2iaGj1jmgZ3gLIEDGrvqD952X2vbqAyliYpPbGwH5e
+g1bKn0A07Ede/rSdiCS2/j2ys3l9jV0hNc4M6mx703+QpwqoL3U2b7lIiT3AcaWx
+ZqOvnoiVOMLB7hXzeprI+EQMq92A5oNg79kM2K7wPepQlM2l3imbUv1kyTr+QqR6
+oMpV1lYw5YEG22d29Kh2BRBnCpy6wpek9ZynLmQ+hkPTPnsLA8phymjwT51SnoHx
+QfIlR9L/PhgpNgGyTSWM+rG0z2unETHztNkszFVg5zgDmjHI/l2MGEKCHZ3k8WA9
+a20rIvZu3uXUqcnhtluFY64e5qS71fuWFZ6j4DvTUib0Xuu71BHoHmWF1ek32rTv
+Z0IOfV56QSl9syGEMQQ8hdHIQcg2TQ/mBpwOUEIr37dotUKQH8lOXYgL0tVRglQw
+iV0VroPCmUeMIEDb41DrL6K3zH4R6/n5bE3zFiWBIpCa4pCycyLYWEZzemfTc1rn
+0Q18PiWTCoizta2JngTvO9HUnsgCZ/gkl+6homU5OPvK4z2OcuLQY+Re1MhIfAe8
+wtgJa9gyB6+kV8W0I6ZIpQMU//dpyOrRxXOY5bgy51vNxDt4EPWhf5PQZn4WFprN
+tlJAYOs6yjZ/71OrHziO
+=8ocC
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:32/bhyve.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:32/bhyve.patch Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,17 @@
+--- usr.sbin/bhyve/vga.c.orig
++++ usr.sbin/bhyve/vga.c
+@@ -161,10 +161,10 @@
+ */
+ struct {
+ uint8_t dac_state;
+- int dac_rd_index;
+- int dac_rd_subindex;
+- int dac_wr_index;
+- int dac_wr_subindex;
++ uint8_t dac_rd_index;
++ uint8_t dac_rd_subindex;
++ uint8_t dac_wr_index;
++ uint8_t dac_wr_subindex;
+ uint8_t dac_palette[3 * 256];
+ uint32_t dac_palette_rgb[256];
+ } vga_dac;
Added: head/share/security/patches/SA-16:32/bhyve.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:32/bhyve.patch.asc Tue Oct 25 17:32:49 2016 (r49582)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYD5UcAAoJEO1n7NZdz2rno3UQALGbFZ52rbPAMch04Vd2B+1U
+7SYydFXf3/ZBV3ldp6wpiWvbGw8E5wmqkw7vZD3IYfeUQ1KT+FjDGrXtVI5KqvLB
+14hxqJzIP5+B4dNwTN03MhlNBCEiyRnNEIin2Z443v3Ub4KwnHNrwubiw+TKh8pb
+k3hqFFIw5eBm+9PgHYM533RjTfPo6OgB3Pcz31aE8ukS8bwIxkWu3aCKCXLEhbk2
+lYl0ACthDTxoCh0ZzDQLGFlhKGk/aiByqu6lSw3yvT9X+JpfEwQq6Pgi1PDKEazi
+6M6kx5mky772CzYrwpzFN3znUOG9mTaNKbB8/up88SfkmAuKRnfGOrZlL4cap4NP
+JvaeErYqdzyCUOZ2HWQTY6kkpm8kfWhORKD15fQa+VmojAxOgyubxqV008RypSYy
+0YxVv0W3U9CrcL03o7B7QdXBiA4uvto0ZLBhqLR6spLxaAYVyeUnV2Zcg593xh9e
+zGeYR8Y40GdvmbX2X9mJir1Dm6gvVkGkm31ZRDRVbvL8Cy72Hzi+W6clogwwT+O5
+xpM+Ti565IleHf0AxA0Pp1UI86duV3mUkJGe7nlrQwHOxDsK/mBU0sR+qrw3jvDJ
+48e+3mn62HmonpV9vhI+XWkvmbnjti5YJzRCcT5aAwaS6DF8fUbjbnXoX+SO1nQV
+ScohGEhHQCRosWesJVNh
+=JYG2
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Tue Oct 25 16:44:58 2016 (r49581)
+++ head/share/xml/advisories.xml Tue Oct 25 17:32:49 2016 (r49582)
@@ -11,6 +11,18 @@
<name>10</name>
<day>
+ <name>25</name>
+
+ <advisory>
+ <name>FreeBSD-SA-16:32.bhyve</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-16:15.sysarch</name>
+ </advisory>
+ </day>
+
+ <day>
<name>10</name>
<advisory>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Tue Oct 25 16:44:58 2016 (r49581)
+++ head/share/xml/notices.xml Tue Oct 25 17:32:49 2016 (r49582)
@@ -8,6 +8,22 @@
<name>2016</name>
<month>
+ <name>10</name>
+
+ <day>
+ <name>25</name>
+
+ <notice>
+ <name>FreeBSD-EN-16:18.loader</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-16:17.vm</name>
+ </notice>
+ </day>
+ </month>
+
+ <month>
<name>8</name>
<day>
More information about the svn-doc-all
mailing list