svn commit: r52756 - in head/share: security/advisories security/patches/EN-19:01 security/patches/EN-19:02 security/patches/EN-19:03 security/patches/EN-19:04 security/patches/EN-19:05 xml
Gordon Tetlow
gordon at FreeBSD.org
Wed Jan 9 19:17:58 UTC 2019
Author: gordon (src,ports committer)
Date: Wed Jan 9 19:17:54 2019
New Revision: 52756
URL: https://svnweb.freebsd.org/changeset/doc/52756
Log:
Add EN-19:01 through EN-19:05.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc (contents, props changed)
head/share/security/patches/EN-19:01/
head/share/security/patches/EN-19:01/cc_cubic.patch (contents, props changed)
head/share/security/patches/EN-19:01/cc_cubic.patch.asc (contents, props changed)
head/share/security/patches/EN-19:02/
head/share/security/patches/EN-19:02/tcp.patch (contents, props changed)
head/share/security/patches/EN-19:02/tcp.patch.asc (contents, props changed)
head/share/security/patches/EN-19:03/
head/share/security/patches/EN-19:03/sqlite-11.patch (contents, props changed)
head/share/security/patches/EN-19:03/sqlite-11.patch.asc (contents, props changed)
head/share/security/patches/EN-19:03/sqlite-12.patch (contents, props changed)
head/share/security/patches/EN-19:03/sqlite-12.patch.asc (contents, props changed)
head/share/security/patches/EN-19:04/
head/share/security/patches/EN-19:04/tzdata-2018i.patch (contents, props changed)
head/share/security/patches/EN-19:04/tzdata-2018i.patch.asc (contents, props changed)
head/share/security/patches/EN-19:05/
head/share/security/patches/EN-19:05/kqueue.patch (contents, props changed)
head/share/security/patches/EN-19:05/kqueue.patch.asc (contents, props changed)
Modified:
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:01.cc_cubic Errata Notice
+ The FreeBSD Project
+
+Topic: Connection stalls with CUBIC congestion control
+
+Category: core
+Module: tcp
+Announced: 2019-01-09
+Credits: Matt Garber, Hiren Panchasara
+Affects: FreeBSD 12.0
+Corrected: 2018-12-17 21:46:42 UTC (stable/12, 12.0-STABLE)
+ 2019-01-09 18:38:35 UTC (releng/12.0, 12.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+CUBIC is a modern congestion control algorithm for the Transmission Control
+Protocol (TCP), which along with its predecessor BIC TCP is specifically
+optimized for high bandwidth, high latency networks. It is widely
+implemented across a variety of operating systems, and is the default TCP
+implementation or enabled by default in recent versions of Linux and
+Microsoft Windows. CUBIC is available as an alternate congestion control
+algorithm since FreeBSD 9.0 using the cc_cubic module.
+
+II. Problem Description
+
+Changes to the cc_cubic module in FreeBSD 12.0 can cause network stuttering
+or connection stalls when loaded and enabled as default.
+
+III. Impact
+
+FreeBSD 12.0 systems loading cc_cubic and setting non-default sysctl value
+net.inet.tcp.cc.algorithm=cubic exhibit stuttering and complete stalls of
+network connections. Under certain conditions, this may cause loss of system
+availability over the network or service unreachability.
+
+IV. Workaround
+
+Disabling cc_cubic and selecting one of the alternate included congestion
+control algorithms (e.g., newreno, htcp) will restore normal network
+connectivity and alleviate stuttering and stalls. Note that disabling CUBIC
+may cause a reduction in expected performance based on specific, unique
+network condition characteristics and the module used as a workaround.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for FreeBSD errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch.asc
+# gpg --verify cc_cubic.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342181
+releng/12.0/ r342893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:01.cc_cubic.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rb5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJGyRAAnpturBqU4XIZMdvInaVHOXA5P6KemeFuJkwz/aMtIbgefm49lvZVS4q6
+RO8/GytONX1OHaoJQDdincVfRbe9x+ID+ulCJfSLuZMhjLYpxDQJo9d4NWZtvpBn
+3wJNEQEXB0AjrYUOrebiT7yd3zA4f+7zSHu0Uvq4k5Tk0Xxsqxsx3/MG5ezEmdxx
+IWub1RnYvgmUVJBKn/C5A4v17dE12VnZtLrnfhZ4K3U3mVZYc3cJxF34wSscVqYd
+iAsntF786FV+hAXBX7wHa3JIqe+uXE2uemrquNmxgup+zrbVWPWPirgku2TVcvsm
+m9aQILNc9RvJ/XkViLV8+ypqCymBFsl3VhO3dzmOnsbL72G9rqjQtgdYWT2dp69p
+VyU4EWsTULXIbIBNxyrYhinT+DAqyt8bdrtyT3AhcVJaVk5B5APWnXiwjgS4mPN9
+hf2mCjZw10tJgsqYYrBlTERomgHU/pyliu0Rt2sof5+iGArbe7ZhEorHrM7YhD9n
+Hc+3oNzA0dYDStJQpEb4rJ7dEKP/mpppwIosMhPbku6u3ViafCJVq2dIGNQpDope
+Mh00Kk7cY0o3Rukw2lGNc9vDbIyUSqT/jV4lBDhp4k5ilQynvkMZETLlynI+KQUH
+J2uOOvYzkIZLzZyXtaQfkmrkV6DxzmjxDsqwiMz5DB7o70w/M54=
+=e8Wg
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:02.tcp Errata Notice
+ The FreeBSD Project
+
+Topic: TCP connections may stall and eventually fail in case of
+ packet loss
+
+Category: core
+Module: kernel
+Announced: 2019-01-09
+Credits: Michael Tuexen
+Affects: FreeBSD 12.0
+Corrected: 2018-12-23 09:48:36 UTC (stable/12, 12.0-STABLE)
+ 2019-09-09 18:42:40 UTC (releng/12.0, 12.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The TCP stack limits the resources used for TCP connections. Once a limit
+is reached, further received TCP segments for the TCP connection are dropped.
+
+II. Problem Description
+
+To continue delivering data to the application, accepting the TCP segment
+with the next expected sequence number is required. If this TCP segment is
+dropped due to a resource limit, no further progress can be made. Therefore
+exceptions for this particular TCP segment have to be implemented.
+
+III. Impact
+
+In case of lost TCP segments, TCP connections may stall and then eventually
+fail.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch.asc
+# gpg --verify tcp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342378
+releng/12.0/ r342894
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:02.tcp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rc1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJtnxAAgOIJjP9Dg76onxJUPJWiKTAR5VZeZ8od0RJREIeZMUpgFiVUVH82fr8z
+ajAzGZbVFhEgFvYwQRU4R/MokNqONoG1O3YPdjcMFyW5HPBoAG+9h67qD3CtLgTN
+xnXMR72ed83oY8ts1WSfYVAKF+9X6U5G6FtchBgAhap2k9tI22QKiEmTTmqzUnoy
+ddLZatOyKmig8MZKshMmleEpvU+BoYR66d2K9CYxcjHqgNNJOQwQK6yLR3oX41Z9
+n5Akkg/KC7wD02CPFjmO9008ZC4fFiQ8D4eGt9D/lPI4AzLcfkvRdzt5CjMlamXm
+Rjf2H5/2f4iYSXiEi2wkChFJHh+MQuYgcfTqRJdNB0qf3DbLwTL5wULfrMVNn7LU
+rLHd8CNRTN4+d+//p7nZ/atFbuLjJE08YFqE2ODcMa8eJFaY09/+X+NMIqO6AdTE
+hGzqDuiVmI/1MSFjD7dxUotw6Y2iRf+DiLx+JUmb0L+C0FXfl/u8x1ErYbzuLyyL
+vD1qb66fDuuSC8aNWO6Qv55bBWAhYhO668CQwfmvEgree72ShbzJPEn3vUN2dIX4
+zg0kTs30QOlizAT2lxQchiPBKkQ+IExPurTT7lW0cZ5PID8y/FSKl49yeQo/nhrD
+j/vnF7yMgc6roCyasNlREdi20yTYbp2PItfhaSXWVrtYAFN1jNc=
+=3a3w
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:03.sqlite Errata Notice
+ The FreeBSD Project
+
+Topic: sqlite update
+
+Category: contrib
+Module: sqlite3
+Announced: 2019-01-09
+Credits: Cy Schubert
+Affects: All supported versions of FreeBSD.
+Corrected: 2018-12-21 01:58:01 UTC (stable/12, 12.0-STABLE)
+ 2019-01-09 18:47:10 UTC (releng/12.0, 12.0-RELEASE-p2)
+ 2018-12-21 02:04:15 UTC (stable/11, 11.2-STABLE)
+ 2019-01-09 18:50:27 UTC (releng/11.2, 11.2-RELEASE-p8)
+CVE Name: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+SQLite is an SQL database engine in a C library. Programs that link the
+SQLite library can have SQL database access without running a separate RDBMS
+process. The distribution comes with a standalone command-line access
+program (sqlite3) that can be used to administer an SQLite database and which
+serves as an example of how to use the SQLite library.
+
+II. Problem Description
+
+According to https://blade.tencent.com/magellan/index_en.html, the
+vulnerabilities known as Magellan are a group vulnerabilities that exist
+in sqlite3, documented by CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506.
+
+When the FTS3 extension is enabled an integer overflow resulting in a buffer
+overflow when allowing remote attackers to run arbitrary SQL statements which
+can be leveraged to execute arbitrary code.
+
+III. Impact
+
+The vulnerabilities were discovered by Tencent Blade Team and verified to be
+able to successfully implement remote code execution in Chromium browsers.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch.asc
+# gpg --verify sqlite-11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch.asc
+# gpg --verify sqlite-12.patch.asc
+
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342291
+releng/12.0/ r342895
+stable/11/ r342292
+releng/11.2/ r342896
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://blade.tencent.com/magellan/index_en.html>
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234113>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:03.sqlite.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdFfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLtJg/9EM0jQbTBrSgVy5X1AyQ2rcFz9KbjtA0L48wOuOLiAh7eeYxh4Wxuz9k1
+QnEJavMbpVr71yhmt6maEAbRzyGUvemDh4vlu0wjcYSlEzcvk7xaRzfXimippxky
+GumFBCvs7UKDIiGRr62ukmxu3FgfEaTM/Cc4bNcuV5k4za+DWIGTu+97i0+B2ieX
+/IZ5hQq42w1YIUY5QOy2vj87rnQf2t+uShcBjRg8HsnPsG9BfQfI8vfuWjjtaKMI
+iva++F5UJWcsykjZo5J3aaZFxnHsW2hs3buQN+AhoEt7oKdGquOHdweSw8xtSlp9
+3Y+qj+veD7u4Mt95OtnYrJOg8Kynlrzg5uMDbNGbyqktbxfpi2gqBbPEVmx2+nGj
+Aj9PDSHMliBZsVKvr1opExfYp4HL0LB9Kqhato08lFxs05TUxiT6LRcel/iXiIfl
+vCqfWhKJYVZ+alAW+Kjic6iWw7AtmVLbV64dDu03jxS/14RtRp1Hbk1BRCrnJeLn
+sLSdFj6bi2mQx6OXAd9G9jhReoxylyZwRXyhPSsPG1E4mzX6ZRbJfnkriSazW4hq
+F+PjTyXidn3uhS6z6CZB08Ltw2NBd3baRl/TQBEiFHd6SSGByqX6gMguK/tQV92U
+uM/Q4Ak4H/Q+nEN8/LdXioW0P7ZEC6X/9GXKWv+bUs6LjcZXftA=
+=TG5W
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:04.tzdata Errata Notice
+ The FreeBSD Project
+
+Topic: Timezone database information update
+
+Category: contrib
+Module: zoneinfo
+Announced: 2019-01-09
+Credits: Philip Paeps
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-01-01 10:04:49 UTC (stable/12, 12.0-STABLE)
+ 2019-01-09 18:53:35 UTC (releng/12.0, 12.0-RELEASE-p2)
+ 2019-01-01 10:05:12 UTC (stable/11, 11.2-STABLE)
+ 2019-01-09 18:54:42 UTC (releng/11.2, 11.2-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime. This file actually controls the
+conversion.
+
+II. Problem Description
+
+Several changes in Daylight Savings Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+countries. Because of these changes, the data in the zoneinfo files need to
+be updated, and if the local timezone on the running system is affected,
+tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV. Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V. Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately. For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch.asc
+# gpg --verify tzdata-2018i.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342667
+releng/12.0/ r342897
+stable/11/ r342668
+releng/11.2/ r342898
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:04.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKd+Q//QYBUcMdBnW6URT8bWCrIOTPP84aGpMKmU4ZZYidUfI6CJiiWVaGQHJgD
+tmdQjaHemSRfxQ+yAZ5XR8oUIBxrzBhA51cM5QMNnJMXBkpqz9yCbHefH3Fxfr6n
+Dg+Vt2cZ745MHPK9uhjtUTmLYRF2iztUqlATr3R1NxBbJ6QQzQuVEyeAvTSY9Jdw
+/+cQM72m28iHPP+ff5v9n2MLqoTg74HbchwJthtDvgK9elfQFuC1F07i8I6F4krT
+FHnPRISpg4EEOKYG/Jjedk9FQBUpKiOhsDz+siGtjQoivz8TemaH5nTMI7P/WP/7
+jFJ6+jQirc2vCvcUzmiPGrBXRx3OptYcIiLOeKfgc+wCtgEHap4Nrl4Damt1QC13
+T4kpaOi3TcqtDtKxZyxwR8tOtJGEayqXFHA5FL1Fgr63JcvbZTXlBg0BT4oAd7mX
+DuvDkap5hXh6jlQ2BM4L9J+I+GNMfrpULsM4drsqd7GVBcLrnu06po3M8jgja44T
+rVzNB62FuOX19Q2W8kZ7LOfAwW+ho02GNzwuYWiLCpP4JSTaxtHrd1LexpCzO4Lg
+zsttA2bkNjmzHxfcbAPbS5IMX539iJdTgZiDlBNzUi+QqiCG83/fRcVvgD7qH1iM
+kF7DipZUURjlV/RbtCZFU/fsKVzR7rF5MSQl9q7llwe5uMto6lQ=
+=1NIG
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:05.kqueue Errata Notice
+ The FreeBSD Project
+
+Topic: kqueue race condition and kernel panic
+
+Category: core
+Module: kqueue
+Announced: 2019-01-09
+Credits: Mark Johnston
+Affects: FreeBSD 11.2
+Corrected: 2019-11-24 17:11:47 UTC (stable/11, 11.2-STABLE)
+ 2019-01-09 18:57:38 UTC (releng/11.2, 11.2-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+kevent(2) is a system call which provides a generic method of notifying the
+caller when a caller-specified event happens or a condition holds. One use
+for kevent(2) is to wait for a specified timeout to elapse.
+
+II. Problem Description
+
+The kevent(2) implementation in the kernel contains a race condition which
+can be triggered when an event is added and fires shortly after. Most event
+types are not affected, but timer events can trigger the race if the timeout
+duration is very short.
+
+III. Impact
+
+The race condition can cause corruption of a queue structure, leading to
+a kernel panic when it is later accessed. Applications using kevent(2) may
+trigger the panic if their usage causes the race condition to occur.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch.asc
+# gpg --verify kqueue.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r340904
+releng/11.2/ r342899
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:05.kqueue.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK0nRAAgPsdkc/TyBTqpvJrvvNaVd0xgNC2lxnYK3HxOPbo5kqj6XHZxb3KvrrN
+He6TyGvwGCPHNzlFwHILH+FtFkgrvGVBoPu/U0e/NKRrkhyxPHJMz0bZPu7yqQoG
+GDFRIsw5D3JKZW38yMD9Menh3mag81OVZii1LfzkcDLLKfwX/zcx1vV7MSwMzoNs
+5L7Fm8lg0uIxrrlKvvmrPxfWoZENhCr9CAAdg8moL3thl64NaVVmPo7tXDXosNGo
+EQYT19SY0FBSboUcpVaChgyZaCFzOeCPuXuJPoUYppIWNiv2S8ZTjuq9d1g4R4SD
+7GBMozz8EG1rN0pzhx8mVEECZBzdt5rjggiWKjkOVxH/sy5LQjppONK3VVOygoCz
+dve2wGq6S1ke/b2NDRpAinmIr8I3x3b7JLNkE5OvNJ6bTLk3ZmpIRYQNYT+eu8Fx
+GNe/oTU9DRbB4yv0kcKsypHqQ0cKdn6+duYzKGZ4+c86B7IHJgsYoG/NTKYfFzQx
+BHWuI/P/9pakHESNiDidKRz+z5w679+jIfZDcbBIXaw+PCqzg5a1GFN8Bub2mGLw
+2wmVQJV1nbdE+6UbWvaV2seV/bo+N/L8k4QS6OPIDUefLPGgCdRFr/MlLoiTaJ43
+p+L3iVlVbiOTCfsCGI/QVQq+IOngKzqSUXN3Ys7PXvvAzSyaTFg=
+=fD2U
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:01/cc_cubic.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:01/cc_cubic.patch Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,194 @@
+--- sys/netinet/cc/cc.h.orig
++++ sys/netinet/cc/cc.h
+@@ -102,8 +102,6 @@
+ #define CCF_ACKNOW 0x0008 /* Will this ack be sent now? */
+ #define CCF_IPHDR_CE 0x0010 /* Does this packet set CE bit? */
+ #define CCF_TCPHDR_CWR 0x0020 /* Does this packet set CWR bit? */
+-#define CCF_MAX_CWND 0x0040 /* Have we reached maximum cwnd? */
+-#define CCF_CHG_MAX_CWND 0x0080 /* Cubic max_cwnd changed, for K */
+
+ /* ACK types passed to the ack_received() hook. */
+ #define CC_ACK 0x0001 /* Regular in sequence ACK. */
+--- sys/netinet/cc/cc_cubic.c.orig
++++ sys/netinet/cc/cc_cubic.c
+@@ -88,8 +88,6 @@
+ unsigned long max_cwnd;
+ /* cwnd at the previous congestion event. */
+ unsigned long prev_max_cwnd;
+- /* Cached value for t_maxseg when K was computed */
+- uint32_t k_maxseg;
+ /* Number of congestion events. */
+ uint32_t num_cong_events;
+ /* Minimum observed rtt in ticks. */
+@@ -126,9 +124,6 @@
+ cubic_data = ccv->cc_data;
+ cubic_record_rtt(ccv);
+
+- if (ccv->flags & CCF_MAX_CWND)
+- return;
+-
+ /*
+ * Regular ACK and we're not in cong/fast recovery and we're cwnd
+ * limited and we're either not doing ABC or are slow starting or are
+@@ -156,12 +151,6 @@
+ cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
+ CCV(ccv, t_maxseg));
+
+- if (ccv->flags & CCF_CHG_MAX_CWND || cubic_data->k_maxseg != CCV(ccv, t_maxseg)) {
+- cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
+- cubic_data->k_maxseg = CCV(ccv, t_maxseg);
+- ccv->flags &= ~(CCF_MAX_CWND|CCF_CHG_MAX_CWND);
+- }
+-
+ w_cubic_next = cubic_cwnd(ticks_since_cong +
+ cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
+ CCV(ccv, t_maxseg), cubic_data->K);
+@@ -173,18 +162,13 @@
+ * TCP-friendly region, follow tf
+ * cwnd growth.
+ */
+- CCV(ccv, snd_cwnd) = ulmin(w_tf, TCP_MAXWIN << CCV(ccv, snd_scale));
++ CCV(ccv, snd_cwnd) = w_tf;
+
+ else if (CCV(ccv, snd_cwnd) < w_cubic_next) {
+ /*
+ * Concave or convex region, follow CUBIC
+ * cwnd growth.
+ */
+- if (w_cubic_next >= TCP_MAXWIN << CCV(ccv, snd_scale)) {
+- w_cubic_next = TCP_MAXWIN << CCV(ccv, snd_scale);
+- ccv->flags |= CCF_MAX_CWND;
+- }
+- w_cubic_next = ulmin(w_cubic_next, TCP_MAXWIN << CCV(ccv, snd_scale));
+ if (V_tcp_do_rfc3465)
+ CCV(ccv, snd_cwnd) = w_cubic_next;
+ else
+@@ -202,10 +186,8 @@
+ * max_cwnd.
+ */
+ if (cubic_data->num_cong_events == 0 &&
+- cubic_data->max_cwnd < CCV(ccv, snd_cwnd)) {
++ cubic_data->max_cwnd < CCV(ccv, snd_cwnd))
+ cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+- ccv->flags |= CCF_CHG_MAX_CWND;
+- }
+ }
+ }
+ }
+@@ -254,7 +236,6 @@
+ cubic_data->num_cong_events++;
+ cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
+ cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+- ccv->flags |= CCF_CHG_MAX_CWND;
+ }
+ ENTER_RECOVERY(CCV(ccv, t_flags));
+ }
+@@ -267,8 +248,6 @@
+ cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
+ cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+ cubic_data->t_last_cong = ticks;
+- ccv->flags |= CCF_CHG_MAX_CWND;
+- ccv->flags &= ~CCF_MAX_CWND;
+ CCV(ccv, snd_cwnd) = CCV(ccv, snd_ssthresh);
+ ENTER_CONGRECOVERY(CCV(ccv, t_flags));
+ }
+@@ -285,7 +264,6 @@
+ if (CCV(ccv, t_rxtshift) >= 2) {
+ cubic_data->num_cong_events++;
+ cubic_data->t_last_cong = ticks;
+- ccv->flags &= ~CCF_MAX_CWND;
+ }
+ break;
+ }
+@@ -304,7 +282,6 @@
+ * get used.
+ */
+ cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+- ccv->flags |= CCF_CHG_MAX_CWND;
+ }
+
+ static int
+@@ -329,11 +306,9 @@
+ pipe = 0;
+
+ /* Fast convergence heuristic. */
+- if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd) {
++ if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd)
+ cubic_data->max_cwnd = (cubic_data->max_cwnd * CUBIC_FC_FACTOR)
+ >> CUBIC_SHIFT;
+- ccv->flags |= CCF_CHG_MAX_CWND;
+- }
+
+ if (IN_FASTRECOVERY(CCV(ccv, t_flags))) {
+ /*
+@@ -356,7 +331,6 @@
+ cubic_data->max_cwnd) >> CUBIC_SHIFT));
+ }
+ cubic_data->t_last_cong = ticks;
+- ccv->flags &= ~CCF_MAX_CWND;
+
+ /* Calculate the average RTT between congestion epochs. */
+ if (cubic_data->epoch_ack_count > 0 &&
+@@ -367,6 +341,7 @@
+
+ cubic_data->epoch_ack_count = 0;
+ cubic_data->sum_rtt_ticks = 0;
++ cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
+ }
+
+ /*
+--- sys/netinet/cc/cc_cubic.h.orig
++++ sys/netinet/cc/cc_cubic.h
+@@ -41,8 +41,6 @@
+ #ifndef _NETINET_CC_CUBIC_H_
+ #define _NETINET_CC_CUBIC_H_
+
+-#include <sys/limits.h>
+-
+ /* Number of bits of precision for fixed point math calcs. */
+ #define CUBIC_SHIFT 8
+
+@@ -163,6 +161,8 @@
+ /*
+ * Compute the new cwnd value using an implementation of eqn 1 from the I-D.
+ * Thanks to Kip Macy for help debugging this function.
++ *
++ * XXXLAS: Characterise bounds for overflow.
+ */
+ static __inline unsigned long
+ cubic_cwnd(int ticks_since_cong, unsigned long wmax, uint32_t smss, int64_t K)
+@@ -174,15 +174,6 @@
+ /* t - K, with CUBIC_SHIFT worth of precision. */
+ cwnd = ((int64_t)(ticks_since_cong << CUBIC_SHIFT) - (K * hz)) / hz;
+
+- /* moved this calculation up because it cannot overflow or underflow */
+- cwnd *= CUBIC_C_FACTOR * smss;
+-
+- if (cwnd > 2097151) /* 2^21 cubed is long max */
+- return INT_MAX;
+-
+- if (cwnd < -2097152) /* -2^21 cubed is long min */
+- return smss;
+-
+ /* (t - K)^3, with CUBIC_SHIFT^3 worth of precision. */
+ cwnd *= (cwnd * cwnd);
+
+@@ -191,17 +182,8 @@
+ * The down shift by CUBIC_SHIFT_4 is because cwnd has 4 lots of
+ * CUBIC_SHIFT included in the value. 3 from the cubing of cwnd above,
+ * and an extra from multiplying through by CUBIC_C_FACTOR.
+- *
+- * The original formula was this:
+- * cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
+- *
+- * CUBIC_C_FACTOR and smss factors were moved up to an earlier
+- * calculation to simplify overflow and underflow detection.
+ */
+- cwnd = (cwnd >> CUBIC_SHIFT_4) + wmax;
+-
+- if (cwnd < 0)
+- return 1;
++ cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
+
+ return ((unsigned long)cwnd);
+ }
Added: head/share/security/patches/EN-19:01/cc_cubic.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:01/cc_cubic.patch.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK6Bw/+NJXfzNxz2c9hS4RgZSeDZxtqPEC6ZG5aKN2vc7RzwYsGgv5f4VzuU40A
+MsRNRmbDjoQYj9zkBKOYUWaIX6ZffOjUwc7DZ1Us4ykXRxlB2Ys4R98z5lY6mQDA
+hcTnCPvKTMChcXO3hQ77W3bUPk+p5+XvcDhks8K8N5/Xixj1xoy5J8dmbGvQ9i/R
+JZa2loacsPab/c2Fr/6L7DyHU3bbXIh+27HknCUOyK0dekbZ8g0oP+u/qb4VX/7s
+BkSbIkLUNq3dBkb0vOAoTry/M2kKpU8Dz/SITuW4bSJqfvNWN2hiT7YTQaNg+E0J
+VaaKHhpGO5TrYDnYRfmJyrAiobROEbpoGXg9TvfZ9VLk0sGOPcBN598DNJLkiZCa
+dzMrimOOcgeeyPhvG0Mq4ZGBkYgqj88jb29bwJbkCLvjTfaL3kPeKxky1bylgEmR
+Vevzqlp9IhrnSW21u0Kd8ZWuXka8ni+uKe2B24FyOZntziODWOi/rFAE7DV21y1V
+gZsX2v9kwr/M2ApFpAhtEnF3JHX0sl5J8mF9Wnv0CdJP3fTpC9M0byZsCc2qy84g
+5f6KPu57CgvuHG/YRKLDxG7tt1jXYi/LFsR7iGbbCCbthx5pImQrYfKMOdSR81s+
+Iwa8j657nxF+YjM+aq8l7E3g1uonJ2aWT95WFssUnv2ww+O14fw=
+=4RIV
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:02/tcp.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:02/tcp.patch Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,56 @@
+--- sys/netinet/tcp_reass.c.orig
++++ sys/netinet/tcp_reass.c
+@@ -579,7 +579,8 @@
+ */
+ lenofoh = tcp_reass_overhead_of_chain(m, &mlast);
+ sb = &tp->t_inpcb->inp_socket->so_rcv;
+- if ((sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
++ if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
++ (sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
+ /* No room */
+ TCPSTAT_INC(tcps_rcvreassfull);
+ #ifdef TCP_REASS_COUNTERS
+@@ -588,6 +589,11 @@
+ #ifdef TCP_REASS_LOGGING
+ tcp_log_reassm(tp, NULL, NULL, th->th_seq, lenofoh, TCP_R_LOG_LIMIT_REACHED, 0);
+ #endif
++ if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) {
++ log(LOG_DEBUG, "%s; %s: mbuf count limit reached, "
++ "segment dropped\n", s, __func__);
++ free(s, M_TCPLOG);
++ }
+ m_freem(m);
+ *tlenp = 0;
+ #ifdef TCP_REASS_LOGGING
+@@ -936,6 +942,20 @@
+ * is understood.
+ */
+ new_entry:
++ if (th->th_seq == tp->rcv_nxt && TCPS_HAVEESTABLISHED(tp->t_state)) {
++ tp->rcv_nxt += *tlenp;
++ flags = th->th_flags & TH_FIN;
++ TCPSTAT_INC(tcps_rcvoopack);
++ TCPSTAT_ADD(tcps_rcvoobyte, *tlenp);
++ SOCKBUF_LOCK(&so->so_rcv);
++ if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
++ m_freem(m);
++ } else {
++ sbappendstream_locked(&so->so_rcv, m, 0);
++ }
++ sorwakeup_locked(so);
++ return (flags);
++ }
+ if (tcp_new_limits) {
+ if ((tp->t_segqlen > tcp_reass_queue_guard) &&
+ (*tlenp < MSIZE)) {
+@@ -960,9 +980,7 @@
+ return (0);
+ }
+ } else {
+-
+- if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
+- tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
++ if (tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
+ tcp_reass_maxqueuelen)) {
+ TCPSTAT_INC(tcps_rcvreassfull);
+ *tlenp = 0;
Added: head/share/security/patches/EN-19:02/tcp.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:02/tcp.patch.asc Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhxfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIsjBAAiM9K9Y/ci+sVsH0HrunEbdJT5dI4oabI6Z7zV7X2F5OZobC0neXYCpqH
+sknU/phwdWTmSdLlqxI37At2rQPRFnnAF0sfyByJEmnrNq3CPg/cFabvuNWfetPh
+wpHQc7XUJAz58Lk5o382Dn4POZP+aBmo1e6ULHIXCcgR8xHvGAtQoCLJFh9VXKZx
+tSP+PiwCfHXjIF1J+bEPhv6IO3H59COb5daj1qhTbUnkCmacPBDCFzrSqqbUPOru
+MAvXxcUP3mhPDrIx5eDUNo5C1t54PF6fPzBj8Pq+SUKXrHI1PYHxw2yL+y0vn7vT
+TImWde+rRdDwzab2mt/IP2WaRnC5wVNS+QHZc9M+QB+ujAx8e278uK/eiJwKkm59
+MShtZ46YB96aoZuLYibk+i53jW7OOJbCH9xwFXvZb2n3ObBfJcqig4aXtvug7BOr
+v/90s6Q72jKpJUopgzFut6E2XtJ6ImAvq8qDxo0qLix5vASu57tst/5vyfj4dt79
+AJ05x20KKKKhaNzpnwyOWW4/egeElJPLHg8WsWzwtsRW1ZMWBRIqAzS+dLlDNod9
+ywSbOYb0FMmYe0rtv1gbm5wWjAQ8QYEe/8JoD7y5O04mUVmxmubeYYQ2vAxtxDPs
+ODiJtLdALWkPidb8ynn4r5LBYDjQRvni1+3j2E+nCh9Z08nHzzs=
+=KVpY
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:03/sqlite-11.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:03/sqlite-11.patch Wed Jan 9 19:17:54 2019 (r52756)
@@ -0,0 +1,76146 @@
+--- contrib/sqlite3/Makefile.am.orig
++++ contrib/sqlite3/Makefile.am
+@@ -1,6 +1,5 @@
+
+-AM_CFLAGS = @THREADSAFE_FLAGS@ @DYNAMIC_EXTENSION_FLAGS@ @FTS5_FLAGS@ @JSON1_FLAGS@ @SESSION_FLAGS@ -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_RTREE
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list