svn commit: r53296 - in head/share: security/advisories security/patches/EN-19:14 security/patches/EN-19:15 security/patches/SA-19:18 security/patches/SA-19:19 security/patches/SA-19:20 security/pa...
Gordon Tetlow
gordon at FreeBSD.org
Tue Aug 6 17:31:21 UTC 2019
Author: gordon (src committer)
Date: Tue Aug 6 17:31:19 2019
New Revision: 53296
URL: https://svnweb.freebsd.org/changeset/doc/53296
Log:
Add EN-19:14, EN-19:15, and SA-19:18 to SA-19:21.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc (contents, props changed)
head/share/security/patches/EN-19:14/
head/share/security/patches/EN-19:14/epoch.patch (contents, props changed)
head/share/security/patches/EN-19:14/epoch.patch.asc (contents, props changed)
head/share/security/patches/EN-19:15/
head/share/security/patches/EN-19:15/libunwind.patch (contents, props changed)
head/share/security/patches/EN-19:15/libunwind.patch.asc (contents, props changed)
head/share/security/patches/SA-19:18/
head/share/security/patches/SA-19:18/bzip2.patch (contents, props changed)
head/share/security/patches/SA-19:18/bzip2.patch.asc (contents, props changed)
head/share/security/patches/SA-19:19/
head/share/security/patches/SA-19:19/mldv2.11.patch (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.11.patch.asc (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.12.patch (contents, props changed)
head/share/security/patches/SA-19:19/mldv2.12.patch.asc (contents, props changed)
head/share/security/patches/SA-19:20/
head/share/security/patches/SA-19:20/bsnmp.patch (contents, props changed)
head/share/security/patches/SA-19:20/bsnmp.patch.asc (contents, props changed)
head/share/security/patches/SA-19:21/
head/share/security/patches/SA-19:21/bhyve.patch (contents, props changed)
head/share/security/patches/SA-19:21/bhyve.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:14.epoch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:14.epoch Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect locking in epoch(9)
+
+Category: core
+Module: kernel
+Announced: 2019-08-06
+Credits: Mark Johnston
+Affects: FreeBSD 12.0
+Corrected: 2019-07-27 16:11:04 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:07:43 UTC (releng/12.0, 12.0-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Some parts of the kernel use a new synchronization primitive, epoch(9),
+which can be used to implement safe memory reclamation. In this usage,
+threads can use the epoch(9) KPI to ensure that no other threads hold
+a reference to a given object in memory.
+
+II. Problem Description
+
+In the case where epoch(9) must wait for a thread that is blocked on
+a lock, it will use the turnstile(9) KPI to propagate the current
+thread's priority to the lock holder. However, in the case where the
+lock has no designated owner - for example, it is a reader-writer lock
+owned by one or more readers - a bug in the interaction with the
+turnstile meant that pair of spin locks were left locked when they
+should have been unlocked.
+
+III. Impact
+
+In rare cases and under heavy load, the kernel may panic or lock up.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch.asc
+# gpg --verify epoch.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350373
+releng/12.0/ r350641
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:14.epoch.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1JtztfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJgXA//Wbh6Nv6OL+Aer7oZ8uiZEhDTj+a+IMG617uCyeD+x4/8Hj73J7Pg6vaT
+CGqGAslxy8GMmvrO8Jmn0RFDyfJb+mW1M9FqQS4u9DNm1r7nNuOBWj9UcAC9TQOY
+rIEoqe/wD6a+EKQ01tgsWm2TYA2hX/WwtKJiYuPJOyuTzm9d3PhQ2SPmU0NaqyfU
++0YT3QHRYUEYHU/tZwAV3axcihYP7NfrgEWmE3LY7fBX1ShxFOYZVlexY4604wyc
+SLxCMVnfqFiB8vH5X8R4J9OlsK00j1W2B+PJodocDzNjvHgnRb3RSHeo+EC+3y7k
+/P3qRCxtgPzb/VHCCRry0LAmeijxQDWVf4vydjaMVDQEv/zQ+Y5ujAucRAtvtjRm
+gYLRTOHnXVTpZk/c8h2Gch9g3sB9aqrsMYtPUqSfRRUFDYJjN3NVmVLo4ciAhjwY
+EvGr7HloO3O4n+zYWOagvSvu05TjOA1SGGURAkslthjTXRpmiqDSS6yawW23v7Jw
+gC7pvVUnmGSGzlwGPojE6LBSX3CWlgwJV/6g2s0wizPGv3K/IQMMQn7NaaLl09xw
+X6TND7mVGqk2w3do1k9ZSkvqI+jr4MkJbGh5Vl8q1J/oW9KPTVO3+mQEi91SvgU+
+YEyzryregBP69ta7gqT0Pgb2+LR9733qPLSh3Hgn/4zRI/seSkU=
+=pBEN
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:15.libunwind.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:15.libunwind Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect exception handling
+
+Category: contrib
+Module: libunwind
+Announced: 2019-08-06
+Affects: FreeBSD 11.2, FreeBSD 12.0
+Corrected: 2019-08-06 17:08:30 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 17:08:30 UTC (releng/11.2, 11.2-RELEASE-p13)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The libunwind library, which originates from the LLVM project, is responsible
+for handling the unwinding of stack frames, when programs throw C or C++
+style exceptions. It uses exception handling information embedded in the
+executable file to determine the layout of the stack, at the time the
+exception is being processed.
+
+II. Problem Description
+
+In some cases, the exception handling information embedded in executables is
+not correctly interpreted by libunwind. This causes it to emit a runtime
+error, and abort the affected program.
+
+III. Impact
+
+Affected programs will show an message on the standard error stream, when
+they attempt to throw an exception:
+
+libunwind: getEncodedP \
+ /usr/src/contrib/llvm/projects/libunwind/src/AddressSpace.hpp:280 - \
+ unknown pointer encoding
+
+After this message, the program will be aborted using the abort(3) function,
+which usually results in a core dump.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:15/libunwind.patch.asc
+# gpg --verify libunwind.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>, and
+reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+releng/12.0/ r350642
+releng/11.2/ r350642
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234201>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:15.libunwind.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt0pfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJOkQ/+N8Esx4GPWNOzNOGJAnBgtujVeCDjbubny9ktMElEw6mZJKWqcgFmG1bm
+hdz5iAz6xn/W6Y5fUR07aM6KFLTN7Is0LqaC+4mWFgbmPu9t0DVgjjsSHAJk6+fu
+NpkSMDYq0tUqhNUFlP36EoTHUuM7KlD3/a1dlGZwSOmT3tQitosD8MYNm8bXdsiG
+Fx8xXJz8l7qtSw5a1HI2yrRmR7hZHEblGVDP1BjU+QVh7O+0oTeSWHjtriCeYXOl
+KUNypPNU5HTySLI0XE+wXJ8S3SblmCOJSdEy/EDZYd8KxG2ib+abn6KdewQl0dIL
+0evKaSeIfrVyHfbQporrUotpuTgHrxdD63vowtyH4fL/JzNmw38ZBRzu/4Lib4eF
+uaMr7IXyUvifJRBNHCSV5waEQXdcaZ4/YiNg93kiBCC1FhqKEEel0TLARTqtCEVu
+ByQVjjZ5v45OAq74uFSYfnSReLt96VnQFD8J5JIKlYaR145tSUKzgetUy+iekjq2
+7sRr0kh7lGFFNoOhbFDBURr3HrFgfpWgRA12/AuAVelXPTG4ik8tU6X/vNlvysK6
+TJel41R8++MPUQuaQPU9KfUiAycvV4P9/hHEodnjhNY7NaWkXaP+fJpxCtctcFGd
+eIcI3nIoJX+6W2KjZkJcrbuZsqkVSsz0MXgfLNuoNZruzdppLAY=
+=Sq9+
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:18.bzip2.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:18.bzip2 Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in bzip2
+
+Category: contrib
+Module: bzip2
+Announced: 2019-08-06
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-04 07:29:18 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:09:47 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-07-04 07:32:25 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:09:47 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:09:47 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2016-3189, CVE-2019-12900
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The bzip2(1)/bunzip2(1) utilities and the libbz2 library compress and
+decompress files using an algorithm based on the Burrows-Wheeler transform.
+They are generally slower than Lempel-Ziv compressors such as gzip, but
+usually provide a greater compression ratio.
+
+The bzip2recover utility extracts blocks from a damaged bzip2(1) file,
+permitting partial recovery of the contents of the file.
+
+II. Problem Description
+
+The decompressor used in bzip2 contains a bug which can lead to an
+out-of-bounds write when processing a specially crafted bzip2(1) file.
+
+bzip2recover contains a heap use-after-free bug which can be triggered
+when processing a specially crafted bzip2(1) file.
+
+III. Impact
+
+An attacker who can cause maliciously crafted input to be processed
+may trigger either of these bugs. The bzip2recover bug may cause a
+crash, permitting a denial-of-service. The bzip2 decompressor bug
+could potentially be exploited to execute arbitrary code.
+
+Note that some utilities, including the tar(1) archiver and the bspatch(1)
+binary patching utility (used in portsnap(8) and freebsd-update(8))
+decompress bzip2(1)-compressed data internally; system administrators should
+assume that their systems will at some point decompress bzip2(1)-compressed
+data even if they never explicitly invoke the bunzip2(1) utility.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and restart daemons if necessary.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:18/bzip2.patch.asc
+# gpg --verify bzip2.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349717
+releng/12.0/ r350643
+stable/11/ r349718
+releng/11.3/ r350643
+releng/11.2/ r350643
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt09fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJWEQ//dBiFwPCKcUaeSBuM9opVUxWzFYrpWdYwwagQXzNqO3Z77Vi2hHQnfpkD
+bM8WgWwChOJmlTja7sjnF+QjoV9/elzYhFrD6q0W1nLZ2XHcXyHrbFLMJ+CrvCWR
+AuVCEkmT2fchE/5c71l/v8I452EpGZG7P0fwG1bpf84p1PFLl3esfeo8+CzN1x2h
+YLnvfp69/tC18LR0/yozRUuFSqoYBhbnJsclB1JkrGx0fPOcE9y3sudVhBIDbH7h
+nYSTJl/KkTHf6tbJVXWUVr5gJzCgGvvhUer49RCdJMAwj6hKYT49vWnOFl1T8DAL
++co0ZzTiKoCdrrrguijh4QTEUe4UAGS3PPAwhUiOu+y8Bry06/U565uO9y9iILef
+M5oYTbM7h/TErPxSE421fWeexeK0seCHqmj/rO1Yf7RkRvLg/QaJk5YWM0KoP3NH
+QQRdX8qNiy4liEqGvJwfUdNcVXA3d7BKifl6MKH+5/2i5B23wHItIeuIGYo5LgdI
+mnH59L5wylhWGa0Dc+N9fP0jFvBfk7/4a0joXYIQ7/KDQg0X+WdiGZ/mzZ4GEisX
+hwI2laAh/oyksInrMcLCbvgWql+lrUvK3ltHo17U+wrMeb+8btDLR5T/9XlLPWGp
+s101XS6ewcwpZ8g5uBtlFBLmp8BGkALTAJtwwqJ2eoLfLYCXq3I=
+=3O6m
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:19.mldv2.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:19.mldv2 Security Advisory
+ The FreeBSD Project
+
+Topic: ICMPv6 / MLDv2 out-of-bounds memory access
+
+Category: core
+Module: net
+Announced: 2019-08-06
+Credits: CJD of Apple
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5608
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used
+by IPv6 routers to discover multicast listeners.
+
+II. Problem Description
+
+The ICMPv6 input path incorrectly handles cases where an MLDv2 listener
+query packet is internally fragmented across multiple mbufs.
+
+III. Impact
+
+A remote attacker may be able to cause an out-of-bounds read or write that
+may cause the kernel to attempt to access an unmapped page and subsequently
+panic.
+
+IV. Workaround
+
+No workaround is available. Systems not using IPv6 are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Reboot for security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2, FreeBSD 11.3]
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc
+# gpg --verify mldv2.11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc
+# gpg --verify mldv2.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350648
+releng/12.0/ r350644
+stable/11/ r350650
+releng/11.3/ r350644
+releng/11.2/ r350644
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5608>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r
+NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR
+VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h
+oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW
++UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0
+15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo
++F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ
+Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ
+gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl
+5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO
+LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU=
+=WaXC
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:20.bsnmp.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:20.bsnmp Security Advisory
+ The FreeBSD Project
+
+Topic: Insufficient message length validation in bsnmp library
+
+Category: contrib
+Module: bsnmp
+Announced: 2019-08-06
+Credits: Guido Vranken <guidovranken at gmail.com>
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-06 16:11:16 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:12:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-06 16:12:43 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:12:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:12:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5610
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The bsnmp software library is used for the Internet SNMP (Simple Network
+Management Protocol). As part of this it includes functions to handle ASN.1
+(Abstract Syntax Notation One).
+
+II. Problem Description
+
+A function extracting the length from type-length-value encoding is not
+properly validating the submitted length.
+
+III. Impact
+
+A remote user could cause, for example, an out-of-bounds read, decoding of
+unrelated data, or trigger a crash of the software such as bsnmpd resulting
+in a denial of service.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch.asc
+# gpg --verify bsnmp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350637
+releng/12.0/ r350646
+stable/11/ r350638
+releng/11.3/ r350646
+releng/11.2/ r350646
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5610>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1lfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKtBBAAltxFzxuMqWCgJoL9SemLRQxGGk0hRFdN5b78mgVdk2lfDgVz8U7mVM6v
+XbcCa4lIy7wMYpUdEySAZLR2ENt0xdpx7oQ6lAg5fnnvrUvom4wU9ruxEs5txFVL
+K6RaJnQJyOkI2c/LYvI/ZYmuc29/Nt3p/DvVe7wq86taoqUufN11MXkrRHgn68N3
+7vewixzWpqH5L/aY2qP1d+Xe3QmHX0IcFqeo4U3/3G4wUGRCfHtaENY4w5eUbCa2
+1Qk0oS9iUdX1IJjM5l1ccoFqsjbcO6vNS337qeYNKhLspXMQPwoS0K0HfB6LKt1D
+dCBFoXu/qUFjf3qqbpcqGEFrFPZjlNmC4R0Ngx1rfZ1t1dXbj83NOOE1okd3Gb/V
+TPDU/jzwt+/6DE6ryNQpeanPdim83w/j+qeA0UaTyxlbj+oSz1gU9Ckaauf+9peI
+GT8TPnrgmFlYg2tkYl4tbq5LtRstPGZYguqEt5SHCxBOg3dxByMPzikSFUL9oNxS
+9GX7JZT36J20f62hG8Watp2y3W0QsMjJpxF9OojRU6B15Z4Q2aCht4F6DnvEkVfN
+1GvS5NAHPHU09TniSgYK3ThkoYrLYykhsXPmJmETV7DU1Qhny1p8H0NwIwB20DEm
+AOAcYzLhiXHGpniE5y+MT9Pvt3BDBt36k6WgZ4eZ4RWuzGOumiU=
+=rH6X
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:21.bhyve.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:21.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Insufficient validation of guest-supplied data (e1000 device)
+
+Category: core
+Module: bhyve
+Announced: 2019-08-06
+Credits: Reno Robert
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-08-05 22:04:16 UTC (stable/12, 12.0-STABLE)
+ 2019-08-06 17:13:17 UTC (releng/12.0, 12.0-RELEASE-p9)
+ 2019-08-05 22:04:16 UTC (stable/11, 11.3-STABLE)
+ 2019-08-06 17:13:17 UTC (releng/11.3, 11.3-RELEASE-p2)
+ 2019-08-06 17:13:17 UTC (releng/11.2, 11.2-RELEASE-p13)
+CVE Name: CVE-2019-5609
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest operating
+systems in virtual machines. bhyve(8) includes an emulated Intel 82545
+network interface adapter ("e1000").
+
+II. Problem Description
+
+The e1000 network adapters permit a variety of modifications to an Ethernet
+packet when it is being transmitted. These include the insertion of IP and
+TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation
+offload ("TSO"). The e1000 device model uses an on-stack buffer to generate
+the modified packet header when simulating these modifications on transmitted
+packets.
+
+When TCP segmentation offload is requested for a transmitted packet, the
+e1000 device model used a guest-provided value to determine the size of the
+on-stack buffer without validation. The subsequent header generation could
+overflow an incorrectly sized buffer or indirect a pointer composed of stack
+garbage.
+
+III. Impact
+
+A misbehaving bhyve guest could overwrite memory in the bhyve process on the
+host.
+
+IV. Workaround
+
+Only the e1000 device model is affected; the virtio-net device is not
+affected by this issue. If supported by the guest operating system
+presenting only the virtio-net device to the guest is a suitable workaround.
+No workaround is available if the e1000 device model is required.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and restart any affected virtual machines.
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable virtual machines, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r350619
+releng/12.0/ r350647
+stable/11/ r350619
+releng/11.3/ r350647
+releng/11.2/ r350647
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5609>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1xfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cL0qA//ZdapXUMl6KuuvtZIveMZgNdMVLYaqB1K8yHXO5udd58fTsH6+Khei0LT
+gYGxDEJkHinM1EWy688xE+PSzb9twmEmawW4N4WMhWB9oMoTuLQ5E4Zm9my1TdDh
+ducK6Q4GqOojIXJ0LtHDqs9qveAfkgB6L6jmLt/1jpZelLupte3S+bPmI4yta7ge
+7k54V9GcN05i7wX2TaZA7H3ROQziW537ZeoRB8BQwt7bekFw2uBfO9s0CWcJZPnG
++0D6QEsRqbtYMJr5RkUCc1y4qaqnWBBn/Zyyr0P+bXZklU/IW2GJTDWNObXN7DPE
+NOhuVY7PQHN6jv3u+nKa1AY7mjI3zBo009iAfPQFCb9Kn08tJ2A9WrExEMwZdcbI
+nXVqCRdp7xCSPO73vjNv4btzvAU7iwbaBkpGFs721cH72ImvmXi7TwepPEAul0do
+VwKYMxhStZtoDQhEea1eq41KNvqxmA/mkbEjpKcTZCUJq7xVyV4uaVme3Uq45uaa
+mKMWx+Gg09A2Y5NfSCiz9AGuMkIGn05hKIOK39yAG159uTks60Ybsw/bOnE9WnMJ
+5igcI+U6utIMi2M6nH4rn/wKBYM9cHWmQLfo6kECUi2CCTmR5VL8BTJ/8vHCqXi1
+vCcAPacKYAROsvGQyynSVLiXJAXOrc8/VyoXRHC5cAapVeParcw=
+=0XzG
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:14/epoch.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:14/epoch.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,87 @@
+--- sys/kern/subr_epoch.c.orig
++++ sys/kern/subr_epoch.c
+@@ -325,24 +325,20 @@
+ */
+ critical_enter();
+ thread_unlock(td);
+- owner = turnstile_lock(ts, &lock);
+- /*
+- * The owner pointer indicates that the lock succeeded. Only
+- * in case we hold the lock and the turnstile we locked is still
+- * the one that curwaittd is blocked on can we continue. Otherwise
+- * The turnstile pointer has been changed out from underneath
+- * us, as in the case where the lock holder has signalled curwaittd,
+- * and we need to continue.
+- */
+- if (owner != NULL && ts == curwaittd->td_blocked) {
+- MPASS(TD_IS_INHIBITED(curwaittd) && TD_ON_LOCK(curwaittd));
+- critical_exit();
+- turnstile_wait(ts, owner, curwaittd->td_tsqueue);
+- counter_u64_add(turnstile_count, 1);
+- thread_lock(td);
+- return;
+- } else if (owner != NULL)
++
++ if (turnstile_lock(ts, &lock, &owner)) {
++ if (ts == curwaittd->td_blocked) {
++ MPASS(TD_IS_INHIBITED(curwaittd) &&
++ TD_ON_LOCK(curwaittd));
++ critical_exit();
++ turnstile_wait(ts, owner,
++ curwaittd->td_tsqueue);
++ counter_u64_add(turnstile_count, 1);
++ thread_lock(td);
++ return;
++ }
+ turnstile_unlock(ts, lock);
++ }
+ thread_lock(td);
+ critical_exit();
+ KASSERT(td->td_locks == locksheld,
+--- sys/kern/subr_turnstile.c.orig
++++ sys/kern/subr_turnstile.c
+@@ -566,14 +566,15 @@
+ return (ts);
+ }
+
+-struct thread *
+-turnstile_lock(struct turnstile *ts, struct lock_object **lockp)
++bool
++turnstile_lock(struct turnstile *ts, struct lock_object **lockp,
++ struct thread **tdp)
+ {
+ struct turnstile_chain *tc;
+ struct lock_object *lock;
+
+ if ((lock = ts->ts_lockobj) == NULL)
+- return (NULL);
++ return (false);
+ tc = TC_LOOKUP(lock);
+ mtx_lock_spin(&tc->tc_lock);
+ mtx_lock_spin(&ts->ts_lock);
+@@ -580,10 +581,11 @@
+ if (__predict_false(lock != ts->ts_lockobj)) {
+ mtx_unlock_spin(&tc->tc_lock);
+ mtx_unlock_spin(&ts->ts_lock);
+- return (NULL);
++ return (false);
+ }
+ *lockp = lock;
+- return (ts->ts_owner);
++ *tdp = ts->ts_owner;
++ return (true);
+ }
+
+ void
+--- sys/sys/turnstile.h.orig
++++ sys/sys/turnstile.h
+@@ -100,7 +100,8 @@
+ struct turnstile *turnstile_trywait(struct lock_object *);
+ void turnstile_unpend(struct turnstile *);
+ void turnstile_wait(struct turnstile *, struct thread *, int);
+-struct thread *turnstile_lock(struct turnstile *, struct lock_object **);
++bool turnstile_lock(struct turnstile *, struct lock_object **,
++ struct thread **);
+ void turnstile_unlock(struct turnstile *, struct lock_object *);
+ void turnstile_assert(struct turnstile *);
+ #endif /* _KERNEL */
Added: head/share/security/patches/EN-19:14/epoch.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:14/epoch.patch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt2lfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLIBg//ekpEak+WE5KSx7vvkel/UzUPtLMDHdcgb6w4xps5I0/jvbjGLp0JuNsW
+Tj73NBDA3KkzTlZSaus38yauUzq8Io6Q11/6ovI15TR58V6R35RSDnI2Df9ML0Wg
+GcTnm1bTYbJ1TADQtILO6hxCNR1rvHcj0GycT8NGRNFSerNAhpF+YfMba+Tc3rOU
+BeOacXDr8WCTgpa46nltcKE7Qmov2JdMS4yMH21KqXSU3ZCnwHZK+pWthPbeAVyO
+NzsRPDn9PKp6sYVc5t7BE5Vn3cg76QNYZBNrHcHJNxhJ1IXOyL/SWg1j3zeiOygp
+lDxZPja+mKXerEALBdGVfr/eg1ZeySlKRdETezCuzKnUSMbrQEVGL4pgaPepBCg6
+eGa6PRiwVz+y93w1UpVl8aDOTr/u2O/LeRZX5lLBSa4nBp7sOLilzbDQNsgHWXCX
+R4G72PnAkPNwA158u+/vvz1moLWggVeO8edjKNEwiH/i2gyNllXFOtG1TuBL1+EV
+T8ySrByEJ/0/Hq+prZCr7ELry+EZcnaag6+Jg29bfxMOK8RAfjqFHgmtSzblWllg
+RCTr6Wttw85XcAKYwTXR9CwBf7yuIJb3taMp7XXHljjaMAvQIybRiHphwZSFOh1q
+mktgzP1Yp/CdUw8BKFR1cbB5kkQY6Ezq1XTUDH3qebdWLpTqizI=
+=Wj+f
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:15/libunwind.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:15/libunwind.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,13 @@
+--- contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp.orig
++++ contrib/llvm/projects/libunwind/src/EHHeaderParser.hpp
+@@ -68,7 +68,9 @@
+ ehHdrInfo.eh_frame_ptr =
+ addressSpace.getEncodedP(p, ehHdrEnd, eh_frame_ptr_enc, ehHdrStart);
+ ehHdrInfo.fde_count =
+- addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart);
++ fde_count_enc == DW_EH_PE_omit
++ ? 0
++ : addressSpace.getEncodedP(p, ehHdrEnd, fde_count_enc, ehHdrStart);
+ ehHdrInfo.table = p;
+ }
+
Added: head/share/security/patches/EN-19:15/libunwind.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:15/libunwind.patch.asc Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt25fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJ1hw/+I2Gj+htbN2MhOodcLa4e4LsgxP9rGW9NZw3F9MbjgDNlVnlVLXrvyKjB
+sCBuzLWGWMPkrhyh8zkHTHBq+0An3dCPk5LW5jHy6k31mofL8Jj7SyqQVigK93BN
+24NcJP51ScUV0sBrhArd2We1bqmVWXsw0ZZYwm0iHVNFqaxJ1+kkvcw4KQmer+/d
+E8+bCKszDyPU3rVVlb6OIsXhMrLgW8Qu0LDP9Ym6qNsfXIGwpFhrtuG1OUiSLiT8
+lnDpB9x5tDYTBVv9//XVZinoTQY4aJ/IcMdK8B7TS2CTyjCL+n+xXgW3bj0u8zKE
+gNoxFwH8JNg3srVSelvEkhxGta35JefjIxu0aqD38DHTcyWoqOfdHFcnsQob9SEq
+5/afVzFFUutqjfENmYoQ2CvSt3d4GALRGeoNbp0uysIhw1IqIGGuYt5loAYwDApc
+4ic6l4bZ+eNXz7GNYBS+CRqHhMdJH5/YxT0UO2uY7Cpd/FtgcM1kHf9xItnL5Kru
+cgo35Aw/LWWC5xI1B9ivERtYuQkvQ1KA4wabAhiblA/2bzbEzuc+zB9NDof1nqFp
+4BPSYOm8CYYPX8psoKLvxQzeWind1VlJ8NNKQijTmlSsJcR9OjGq5P5KiGYM41X7
+29hUiG8WFFn/3+VglGM6MrGxTCwYTGJ3ry0yFq5LhxDTdH1Yrrg=
+=pcMq
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-19:18/bzip2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:18/bzip2.patch Tue Aug 6 17:31:19 2019 (r53296)
@@ -0,0 +1,490 @@
+--- contrib/bzip2/CHANGES.orig
++++ contrib/bzip2/CHANGES
+@@ -2,8 +2,8 @@
+ This file is part of bzip2/libbzip2, a program and library for
+ lossless, block-sorting data compression.
+
+- bzip2/libbzip2 version 1.0.6 of 6 September 2010
+- Copyright (C) 1996-2010 Julian Seward <jseward at bzip.org>
++ bzip2/libbzip2 version 1.0.7 of 27 June 2019
++ Copyright (C) 1996-2010 Julian Seward <jseward at acm.org>
+
+ Please read the WARNING, DISCLAIMER and PATENTS sections in the
+ README file.
+@@ -325,3 +325,16 @@
+ Izdebski.
+
+ * Make the documentation build on Ubuntu 10.04
++
++1.0.7 (27 Jun 19)
++~~~~~~~~~~~~~~~~~
++
++* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list