From owner-svn-doc-head@freebsd.org Sun Apr 19 17:01:17 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8726627B24F; Sun, 19 Apr 2020 17:01:17 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 494x1T2wpbz4bHh; Sun, 19 Apr 2020 17:01:17 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5C375107E; Sun, 19 Apr 2020 17:01:17 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03JH1H9O002837; Sun, 19 Apr 2020 17:01:17 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03JH1HDk002836; Sun, 19 Apr 2020 17:01:17 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202004191701.03JH1HDk002836@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Sun, 19 Apr 2020 17:01:17 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54063 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security X-SVN-Commit-Revision: 54063 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Apr 2020 17:01:17 -0000 Author: cy (src,ports committer) Date: Sun Apr 19 17:01:16 2020 New Revision: 54063 URL: https://svnweb.freebsd.org/changeset/doc/54063 Log: Properly document invoking MIT Kerberos daemons through rc.conf. This commit chases r270782 in base which renamed the kerberos5_* varibales to their current form. PR: 197337 Reported by: Adam McDougall Reviewed by: delphij, bcr Approved by: delphij, bcr Differential Revision: https://reviews.freebsd.org/D24253 Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sat Apr 18 18:55:04 2020 (r54062) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sun Apr 19 17:01:16 2020 (r54063) @@ -1542,11 +1542,11 @@ jdoe@example.org &os;, the following edits should also be made to rc.conf: - kerberos5_server="/usr/local/sbin/krb5kdc" -kadmind5_server="/usr/local/sbin/kadmind" -kerberos5_server_flags="" -kerberos5_server_enable="YES" -kadmind5_server_enable="YES" + kdc_program="/usr/local/sbin/kdc" +kadmind_program="/usr/local/sbin/kadmind" +kdc_flags="" +kdc_enable="YES" +kadmind_enable="YES" From owner-svn-doc-head@freebsd.org Mon Apr 20 14:14:06 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFA672C446F; Mon, 20 Apr 2020 14:14:06 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 495TG65hFSz4R6d; Mon, 20 Apr 2020 14:14:06 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BE5B418AED; Mon, 20 Apr 2020 14:14:06 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03KEE6HM099826; Mon, 20 Apr 2020 14:14:06 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03KEE6cY099825; Mon, 20 Apr 2020 14:14:06 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202004201414.03KEE6cY099825@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Mon, 20 Apr 2020 14:14:06 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54064 - head/en_US.ISO8859-1/books/developers-handbook/ipv6 X-SVN-Group: doc-head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/developers-handbook/ipv6 X-SVN-Commit-Revision: 54064 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2020 14:14:06 -0000 Author: cy (src,ports committer) Date: Mon Apr 20 14:14:06 2020 New Revision: 54064 URL: https://svnweb.freebsd.org/changeset/doc/54064 Log: fiathd(8) and faith(4) were removed in r274331. Catch up to src and remove their documentation in the developers handbook. Reviewed by: bcr Approved by: bcr Differential Revision: https://reviews.freebsd.org/D24509 Modified: head/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml Modified: head/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml Sun Apr 19 17:01:16 2020 (r54063) +++ head/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml Mon Apr 20 14:14:06 2020 (r54064) @@ -1257,40 +1257,6 @@ FreeBSD 4.x configurable supported to an IPv4 host in an IPv4 island. - - TCP relay translator for category A is supported. This is - called "FAITH". We also provide IP header translator for - category A. (The latter is not yet put into FreeBSD 4.x - yet.) - - - FAITH TCP Relay Translator - - FAITH system uses TCP relay daemon called &man.faithd.8; - helped by the kernel. FAITH will reserve an IPv6 address - prefix, and relay TCP connection toward that prefix to IPv4 - destination. - - For example, if the reserved IPv6 prefix is - 2001:0DB8:0200:ffff::, and the IPv6 destination for TCP - connection is 2001:0DB8:0200:ffff::163.221.202.12, the - connection will be relayed toward IPv4 destination - 163.221.202.12. - - destination IPv4 node (163.221.202.12) - ^ - | IPv4 tcp toward 163.221.202.12 - FAITH-relay dual stack node - ^ - | IPv6 TCP toward 2001:0DB8:0200:ffff::163.221.202.12 - source IPv6 node - - &man.faithd.8; must be invoked on FAITH-relay dual stack - node. - - For more details, consult - src/usr.sbin/faithd/README - From owner-svn-doc-head@freebsd.org Tue Apr 21 01:36:40 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5ECCB2B691B; Tue, 21 Apr 2020 01:36:40 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 495mPf5lyxz4VQn; Tue, 21 Apr 2020 01:36:38 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 03L1aY6c009551 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Apr 2020 21:36:36 -0400 Date: Mon, 20 Apr 2020 18:36:33 -0700 From: Benjamin Kaduk To: Cy Schubert Cc: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: Re: svn commit: r54063 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <20200421013633.GI27494@kduck.mit.edu> References: <202004191701.03JH1HDk002836@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202004191701.03JH1HDk002836@repo.freebsd.org> User-Agent: Mutt/1.12.1 (2019-06-15) X-Rspamd-Queue-Id: 495mPf5lyxz4VQn X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kaduk@mit.edu designates 18.9.28.11 as permitted sender) smtp.mailfrom=kaduk@mit.edu X-Spamd-Result: default: False [-5.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:18.9.28.0/24]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[mit.edu]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-2.91)[ip: (-9.66), ipnet: 18.9.0.0/16(-4.80), asn: 3(-0.05), country: US(-0.05)]; RCVD_IN_DNSWL_MED(-0.20)[11.28.9.18.list.dnswl.org : 127.0.11.2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3, ipnet:18.9.0.0/16, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 01:36:40 -0000 On Sun, Apr 19, 2020 at 05:01:17PM +0000, Cy Schubert wrote: > Author: cy (src,ports committer) > Date: Sun Apr 19 17:01:16 2020 > New Revision: 54063 > URL: https://svnweb.freebsd.org/changeset/doc/54063 > > Log: > Properly document invoking MIT Kerberos daemons through rc.conf. > This commit chases r270782 in base which renamed the kerberos5_* > varibales to their current form. Thanks! This has come up a couple times in the past but it seemed convenient and/or expedient to wait to update the docs until the FreeBSD versions that only had the old variables had aged out, since documenting two things that are version-dependent is a challenge for the reader even when done well. -Ben From owner-svn-doc-head@freebsd.org Tue Apr 21 16:29:35 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BBA52AAE0A; Tue, 21 Apr 2020 16:29:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4968Cz3WGnz4Xg0; Tue, 21 Apr 2020 16:29:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 598433F75; Tue, 21 Apr 2020 16:29:35 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LGTZrP068737; Tue, 21 Apr 2020 16:29:35 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LGTWWq068723; Tue, 21 Apr 2020 16:29:32 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <202004211629.03LGTWWq068723@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Tue, 21 Apr 2020 16:29:32 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54065 - in head/share: security/advisories security/patches/EN-20:07 security/patches/SA-20:10 security/patches/SA-20:11 xml X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share: security/advisories security/patches/EN-20:07 security/patches/SA-20:10 security/patches/SA-20:11 xml X-SVN-Commit-Revision: 54065 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 16:29:35 -0000 Author: gordon (src committer) Date: Tue Apr 21 16:29:32 2020 New Revision: 54065 URL: https://svnweb.freebsd.org/changeset/doc/54065 Log: Add EN-20:07, SA-20:10, and SA-20:11. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-20:07.quotad.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:10.ipfw.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:11.openssl.asc (contents, props changed) head/share/security/patches/EN-20:07/ head/share/security/patches/EN-20:07/quotad.patch (contents, props changed) head/share/security/patches/EN-20:07/quotad.patch.asc (contents, props changed) head/share/security/patches/SA-20:10/ head/share/security/patches/SA-20:10/ipfw.11.patch (contents, props changed) head/share/security/patches/SA-20:10/ipfw.11.patch.asc (contents, props changed) head/share/security/patches/SA-20:10/ipfw.12.patch (contents, props changed) head/share/security/patches/SA-20:10/ipfw.12.patch.asc (contents, props changed) head/share/security/patches/SA-20:11/ head/share/security/patches/SA-20:11/openssl.patch (contents, props changed) head/share/security/patches/SA-20:11/openssl.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-20:07.quotad.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:07.quotad.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:07.quotad Errata Notice + The FreeBSD Project + +Topic: Regression in rpc.rquotad with certain NFS servers + +Category: core +Module: rpc.quotad +Announced: 2020-04-21 +Affects: All supported versions of FreeBSD +Corrected: 2019-09-21 14:03:41 UTC (stable/12, 12.1-STABLE) + 2020-04-21 15:50:57 UTC (releng/12.1, 12.1-RELEASE-p4) + 2019-09-21 14:06:16 UTC (stable/11, 11.3-STABLE) + 2020-04-21 15:50:57 UTC (releng/11.3, 11.3-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The Network File System (NFS) allows a system to share directories and files +with others over a network. By using this, users and programs can access +files on remote systems almost as if they were local files. + +The rpc.rquotad utility is an rpc(3) server which returns quotas for a user +of a local file system which is NFS-mounted onto a remote machine. + +II. Problem Description + +A change in rpc.rquotad made it send RQUOTA v2 requests instead of RQUOTA v1 +requests. Some vendors would send RPC_PROGNOTREGISTERED ("Program Not +Registered") response instead of the desired RPC_PROGVERSMISMATCH ("Program +Version Mismatch") response, preventing the mechanism from working. + +III. Impact + +The quota(8) command will not be able obtain quota information for some NFS +server vendors. + +IV. Workaround + +No workaround is available. Systems not using quotas on NFS mounted file +systems are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:07/quotad.patch +# fetch https://security.FreeBSD.org/patches/EN-20:07/quotad.patch.asc +# gpg --verify quotad.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r352575 +releng/12.1/ r360148 +stable/11/ r352576 +releng/11.3/ r360148 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHKNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKrMg/+LLZH7D0fPM2gvxxgDi078N0yfnb4hjbJxI+xdDrbWMEqy/Y9k5hi6+AD +iEnSdQ1/Ak6n174b4Xz2L+Dpih4BEzLumfwb9oFCudUFvyuxNwQmO9tkGLCdu9ps +wRp2quYw0T/whnIS2tTsOM/TPCNZa72mym19OTZi9pgSh82Z+raUeRlfXyOS6HlL +8GkIqkMBBEXRYEQnWX7FAcN+4G1kUHCzHIsyLImCaic8YL/+rX2bqalhFGdLGbJd +epKQQ8FvT1kMns6XVkzSfL35LDoOfbOYjWYTwp3D5Fxk0I5gSK1u3LTrhVZpEV0p +EBO7l2ivee/cwtdOjkIZR1NF+Lp+gHeXxWaJFz0tE6skB2fCYdZq4EeIjXg1okqQ +piWmiesIDpmzz5P2e1OEbkrh5yKr/FeLYDOlge3D1jFZd7iBxeS/BvdGGhSVZI4F +wssveFUnGiKm47kFRzXJnSPz0Nji2R2KyKaaNSB6dqZGW0ZelgPgjh09j09FijbH +mvFPSsxWSKH3rD0CE2QeWIvwk0dbtAhti1TM0gJque8D50IZB8VlNNtOa4V+fyQ6 +puH+5+haHzwfUXwSrLcYK+v0xMdQ71oYqC5G5tV/eYXJCbzIu1Y3hbgmbLzAx+xf +LwW3uCcm1cDQpzs2WxirHE+jS4DbYIMqS/K2c5+tj9kAEtXX1b0= +=mFhE +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:10.ipfw.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:10.ipfw.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:10.ipfw Security Advisory + The FreeBSD Project + +Topic: ipfw invalid mbuf handling + +Category: core +Module: kernel +Announced: 2020-04-21 +Credits: Maxime Villard + All supported versions of FreeBSD. +Corrected: 2019-12-23 10:02:55 UTC (stable/12, 12.1-STABLE) + 2020-04-21 15:52:22 UTC (releng/12.1, 12.1-RELEASE-p4) + 2019-12-23 10:06:32 UTC (stable/11, 11.3-STABLE) + 2020-04-21 15:52:22 UTC (releng/11.3, 11.3-RELEASE-p8) +CVE Name: CVE-2019-5614, CVE-2019-15874 + + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ipfw system facility allows filtering, redirecting, and other operations +on IP packets travelling through network interfaces. + +II. Problem Description + +Incomplete packet data validation may result in accessing out-of-bounds +memory (CVE-2019-5614) or may access memory after it has been freed +(CVE-2019-15874). + +III. Impact + +Access to out of bounds or freed mbuf data can lead to a kernel panic or +other unpredictable results. + +IV. Workaround + +No workaround is available. Systems not using the ipfw firewall are +not vulnerable. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-20:10/ipfw.11.patch +# fetch https://security.FreeBSD.org/patches/SA-20:10/ipfw.11.patch.asc +# gpg --verify ipfw.11.patch.asc + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/SA-20:10/ipfw.12.patch +# fetch https://security.FreeBSD.org/patches/SA-20:10/ipfw.12.patch.asc +# gpg --verify ipfw.12.patch.asc + + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356035 +releng/12.1/ r360149 +stable/11/ r356036 +releng/11.3/ r360149 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHK1fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJnFA//Zqygqhfo2vs/FBe67+/MILbAn5KeZoha6jbhr7YGD//Yzdy0+LtiaMpL +DskM6z2bF6VKMuB5XQufUcAPTqzf8m3pgdFoPBT2P47ndkqDsF7/EDe5IaYCQZq+ +CB0tTuD6m3/8qYXvKyD+c6WV92Tn75GOpguKEYWnoBlOe8YVoVWxIknl+wuG+w4h +D6hGGntvvs7RyXVITo9wzW70W8b57fIszVHTvH0YoFwBLGeie/uNomkcawti6jcp +h703a4VsGeM1FFqb8hrNgKdDMC8Xmddjd78PMxl4wjC4WrrziQ1M8RxEoLHCSrH0 +4hLSjQOIVuI+OoEArn533QyHWQa1KbeECc2GgSlUrq6rlNk3SELWl72tugETT0JJ +EYWFaLUGLUV5PMeuv7c6HfuXXtaVOEP/Gyvf9Rduesohdzw+DYrzXSyVv9wsRbfx +34H9Xcjlu+BzYrHyKJkgdILwEFpEHCZmxRLxeJLGBjPAsudhN2XzGfKEQNd8olTr +pe0Cw+C/sBhe0jh42REDRXW/Vr0YF4ivZf6L8d1zdG462GMn9aZteCjRmfMOWN1D +BjU0+qY6mkWU0bVep0sjPU9ON8T9vnEinjhfqIb/A9XOvKag7cehpxWC+PJyf3I4 +eAjdzQeq0FH08XMWFfFWDqa7VmGYhmp/e53HNbHb90NtW07GtHE= +=p+5n +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:11.openssl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:11.openssl.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:11.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL remote denial of service vulnerability + +Category: contrib +Module: openssl +Announced: 2020-04-21 +Credits: Bernd Edlinger +Affects: FreeBSD 12.1 +Corrected: 2020-04-21 15:47:58 UTC (stable/12, 12.1-STABLE) + 2020-04-21 15:53:08 UTC (releng/12.1, 12.1-RELEASE-p4) +CVE Name: CVE-2020-1967 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a +collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets +Layer (SSL) protocols. It is also a full-strength general purpose +cryptography library. + +II. Problem Description + +Server or client applications that call the SSL_check_chain() function during +or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a +result of incorrect handling of the "signature_algorithms_cert" TLS +extension. The crash occurs if an invalid or unrecognized signature +algorithm is received from the peer. + +III. Impact + +A malicious peer could exploit the NULL pointer dereference crash, causing a +denial of service attack. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:11/openssl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:11/openssl.patch.asc +# gpg --verify openssl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r360147 +releng/12.1/ r360150 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHLBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJEGw/7BWgBW3Vi98Sj0OFQnKUyckFaKxOY5WNl+N2k1MC5QIwtFRknS/i4xiBe +wfpudj8PRiYe5sXC7C0vpHBB6LAq9RCflZAu3auRD/r/wShAq1wVY6nC7zJ+nXKX +r7OuUj0NBQK7Gc5k89LEeRI8qjcJv7XwUY63msVvDUzqWwZeVDufrRnSwoUi0LR/ +qbya9ICb9qt7o52QNpECccEUVB4Qc1mfdESpDi/7h/JYXvLptsa/W6DtTZRlJ2n/ +f/hi2ja7xUD78NlQ6Sbc17+QUFWWIvyljl255Nhi3YhjWpFSWewmJg3aLqQ3O4uB +g632jncGVFtRiDWHvUPqIx0Ephs3Ubd0llBsWXJ4uEQzeqVVVk05oomWDBjUoxW/ +Iw7kfVJDBNrrIuNikhOaf3lmUEJ8iXUhg8NxLwoyq6v2SM2eFLqYxx9MLwH5RQkV +nAuWszYSnxkReUE4oGrm7Vn3Mq7yhiM8KpNS08BSADeWRWEJSsdeA5BC2bLIUgE+ +UKRDYaTyLSl9knHNmCd9W/8b3w03k2E4lrosc+hiaYoVB9l83e5elQm/tgdBynmL +w653iJIoATgApXXresLW3x/by9+BhCq1fLkipDoaRZTrsg7zaYCyseDmfvmaV6Pn +x8nm+i+VHeB8hp+vurijO9wuaisPs4LNv7pPcler2LmtAGYV3Lg= +=231J +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-20:07/quotad.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-20:07/quotad.patch Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,11 @@ +--- usr.bin/quota/quota.c.orig ++++ usr.bin/quota/quota.c +@@ -606,7 +606,7 @@ + call_stat = callaurpc(host, RQUOTAPROG, EXT_RQUOTAVERS, + RQUOTAPROC_GETQUOTA, (xdrproc_t)xdr_ext_getquota_args, (char *)&gq_args, + (xdrproc_t)xdr_getquota_rslt, (char *)&gq_rslt); +- if (call_stat == RPC_PROGVERSMISMATCH) { ++ if (call_stat == RPC_PROGVERSMISMATCH || call_stat == RPC_PROGNOTREGISTERED) { + if (quotatype == USRQUOTA) { + old_gq_args.gqa_pathp = cp + 1; + old_gq_args.gqa_uid = id; Added: head/share/security/patches/EN-20:07/quotad.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-20:07/quotad.patch.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHMNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI6Hg/+IjHObivifL7eLY2O8ydr8fj8q735PmFvWCzWdUl2vhNC64Rb3jcELcCo +L+8CkBtWNklTZo4HWB5R+6oQSfDwLnW9tHQ/aVg308IZOZ8b680RT0SI83mwfmG9 +SwzPj8SqINTRUO0pWaKtS3sP4tXytCVBu70uet3L57cozP9ylVmC4z+ecwkXosq+ +bnIe1gJMs5xTTkX1JierutJ/cMlma/nJ0aenW2um85CSuTsQBTsEPxug7NCm8UeG +1ABpzQ3TdkSciRQNoPjM5VrUkm05PA+zHrHE0tTyN3wwef4Pcyte2dnfJ8gBjUzI +PveME1u1DSxSRwaBSNdUVJtXgLDTdeeN/OjTQFRSxT5BJi7a5ux4CI8OIbXkS4gE +nRTcl0VKbDnQ2R16OPzEIzHvItXomHTnRvcuzT8oLZj/9pRdr6kWuAYsAx4jU1wn +/QE7LtqNS89X9+tGjfbqO1kgnMb6SfNJ0me2U+L7Syw+SRWa9lVxdGUe0Oantexu +Xe0hZ+DOMDH+ntcAEenmZ2lsMCGH1triQINW/laA9gz1Ad045yleC33V/RSYwGiU +cw4+0M9kxMTB7vMCMP0+788VE382aTzi5t8tZNM98iGsA4UrlUg4K/XX9KI0PI/0 +qrNyUNGTpDqey7mbSE1sYiih1Etx8UO4k+ryvabNydhC4sJICzQ= +=9zFb +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:10/ipfw.11.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:10/ipfw.11.patch Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,136 @@ +--- sys/netpfil/ipfw/ip_fw2.c.orig ++++ sys/netpfil/ipfw/ip_fw2.c +@@ -328,50 +328,71 @@ + return (flags_match(cmd, bits)); + } + ++/* ++ * Parse TCP options. The logic copied from tcp_dooptions(). ++ */ + static int +-tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) ++tcpopts_parse(const struct tcphdr *tcp, uint16_t *mss) + { ++ const u_char *cp = (const u_char *)(tcp + 1); + int optlen, bits = 0; +- u_char *cp = (u_char *)(tcp + 1); +- int x = (tcp->th_off << 2) - sizeof(struct tcphdr); ++ int cnt = (tcp->th_off << 2) - sizeof(struct tcphdr); + +- for (; x > 0; x -= optlen, cp += optlen) { ++ for (; cnt > 0; cnt -= optlen, cp += optlen) { + int opt = cp[0]; + if (opt == TCPOPT_EOL) + break; + if (opt == TCPOPT_NOP) + optlen = 1; + else { ++ if (cnt < 2) ++ break; + optlen = cp[1]; +- if (optlen <= 0) ++ if (optlen < 2 || optlen > cnt) + break; + } + + switch (opt) { +- + default: + break; + + case TCPOPT_MAXSEG: ++ if (optlen != TCPOLEN_MAXSEG) ++ break; + bits |= IP_FW_TCPOPT_MSS; ++ if (mss != NULL) ++ *mss = be16dec(cp + 2); + break; + + case TCPOPT_WINDOW: +- bits |= IP_FW_TCPOPT_WINDOW; ++ if (optlen == TCPOLEN_WINDOW) ++ bits |= IP_FW_TCPOPT_WINDOW; + break; + + case TCPOPT_SACK_PERMITTED: ++ if (optlen == TCPOLEN_SACK_PERMITTED) ++ bits |= IP_FW_TCPOPT_SACK; ++ break; ++ + case TCPOPT_SACK: +- bits |= IP_FW_TCPOPT_SACK; ++ if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) ++ bits |= IP_FW_TCPOPT_SACK; + break; + + case TCPOPT_TIMESTAMP: +- bits |= IP_FW_TCPOPT_TS; ++ if (optlen == TCPOLEN_TIMESTAMP) ++ bits |= IP_FW_TCPOPT_TS; + break; +- + } + } +- return (flags_match(cmd, bits)); ++ return (bits); ++} ++ ++static int ++tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) ++{ ++ ++ return (flags_match(cmd, tcpopts_parse(tcp, NULL))); + } + + static int +@@ -1419,17 +1440,31 @@ + * this way). + */ + #define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) +-#define PULLUP_LEN(_len, p, T) \ ++#define _PULLUP_LOCKED(_len, p, T, unlock) \ + do { \ + int x = (_len) + T; \ + if ((m)->m_len < x) { \ + args->m = m = m_pullup(m, x); \ +- if (m == NULL) \ ++ if (m == NULL) { \ ++ unlock; \ + goto pullup_failed; \ ++ } \ + } \ + p = (mtod(m, char *) + (_len)); \ + } while (0) + ++#define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) ++#define PULLUP_LEN_LOCKED(_len, p, T) \ ++ _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ ++ UPDATE_POINTERS() ++/* ++ * In case pointers got stale after pullups, update them. ++ */ ++#define UPDATE_POINTERS() \ ++do { \ ++ ip = mtod(m, struct ip *); \ ++} while (0) ++ + /* + * if we have an ether header, + */ +@@ -2255,7 +2290,7 @@ + + case O_TCPOPTS: + if (proto == IPPROTO_TCP && offset == 0 && ulp){ +- PULLUP_LEN(hlen, ulp, ++ PULLUP_LEN_LOCKED(hlen, ulp, + (TCP(ulp)->th_off << 2)); + match = tcpopts_match(TCP(ulp), cmd); + } +@@ -3106,6 +3141,7 @@ + + } /* end of inner loop, scan opcodes */ + #undef PULLUP_LEN ++#undef PULLUP_LEN_LOCKED + + if (done) + break; Added: head/share/security/patches/SA-20:10/ipfw.11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:10/ipfw.11.patch.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHNNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKVEhAApEcxwYJh0IP2/JPsfaNkAKLflaiaTY1MHd0SK4icoGYgbUFXGfYFFx5y +V+xYyzJ6hqufaLgRDlOUWy7QLqkSD5iuNas7ZC9Sorge24uVYS9QKoQETAUc4EsA +puyWWfFA8jD/cUIzmLpuTlz8qUFT2n4j28djmbYvH46jgoOyMGrUzoTKfeyPSvMR +LCkzyzsnkfauwl8lpAkyWqhi3VPmCLtzd4boVmG2UnpaKKny0l3M2/CRHJhCute4 +3+15ilzONzcr0J38hd6sM11HZIVEUK3DywefMhiMx9sQQD71sqisvADCxZ8cdML/ +he+mBB38YzGyy/qezb/ZC1oXfPHmNKlJjxHzCyZkgkLd03GSrviykj4o8I9HOgty +X2NmrUoi22j3nezE4lEqh+6f6yXRVsBmJjzFGUXTSgjP6vGIewZiwmQReadGzcZk +nwCdtZSMbPAFLt6EBXMfU/pvLAokYk87XCyivAPkrbojrbDKg0ucUfttgPjwuAkN +G3s4xsmC+XuAbGrzCJwDr1o8zPcDLJlfPijJAmzWlQReHHAaVSgVt0jRoFvznZjh +QCI3b9aRPHayGBoJxFNripYdggF9jcaUA7OGrLjw86VHBFvAl2fKZxZexUbKVFqX +c8wvkiWbAvknV18pbVlifSdjKgylY8vwi39dj8zDxpWULRXFLYg= +=aOrU +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:10/ipfw.12.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:10/ipfw.12.patch Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,132 @@ +--- sys/netpfil/ipfw/ip_fw2.c.orig ++++ sys/netpfil/ipfw/ip_fw2.c +@@ -330,22 +330,27 @@ + return (flags_match(cmd, bits)); + } + ++/* ++ * Parse TCP options. The logic copied from tcp_dooptions(). ++ */ + static int +-tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) ++tcpopts_parse(const struct tcphdr *tcp, uint16_t *mss) + { +- u_char *cp = (u_char *)(tcp + 1); ++ const u_char *cp = (const u_char *)(tcp + 1); + int optlen, bits = 0; +- int x = (tcp->th_off << 2) - sizeof(struct tcphdr); ++ int cnt = (tcp->th_off << 2) - sizeof(struct tcphdr); + +- for (; x > 0; x -= optlen, cp += optlen) { ++ for (; cnt > 0; cnt -= optlen, cp += optlen) { + int opt = cp[0]; + if (opt == TCPOPT_EOL) + break; + if (opt == TCPOPT_NOP) + optlen = 1; + else { ++ if (cnt < 2) ++ break; + optlen = cp[1]; +- if (optlen <= 0) ++ if (optlen < 2 || optlen > cnt) + break; + } + +@@ -354,22 +359,31 @@ + break; + + case TCPOPT_MAXSEG: ++ if (optlen != TCPOLEN_MAXSEG) ++ break; + bits |= IP_FW_TCPOPT_MSS; + if (mss != NULL) + *mss = be16dec(cp + 2); + break; + + case TCPOPT_WINDOW: +- bits |= IP_FW_TCPOPT_WINDOW; ++ if (optlen == TCPOLEN_WINDOW) ++ bits |= IP_FW_TCPOPT_WINDOW; + break; + + case TCPOPT_SACK_PERMITTED: ++ if (optlen == TCPOLEN_SACK_PERMITTED) ++ bits |= IP_FW_TCPOPT_SACK; ++ break; ++ + case TCPOPT_SACK: +- bits |= IP_FW_TCPOPT_SACK; ++ if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) ++ bits |= IP_FW_TCPOPT_SACK; + break; + + case TCPOPT_TIMESTAMP: +- bits |= IP_FW_TCPOPT_TS; ++ if (optlen == TCPOLEN_TIMESTAMP) ++ bits |= IP_FW_TCPOPT_TS; + break; + } + } +@@ -1427,18 +1441,32 @@ + * pointer might become stale after other pullups (but we never use it + * this way). + */ +-#define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) +-#define PULLUP_LEN(_len, p, T) \ ++#define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T)) ++#define _PULLUP_LOCKED(_len, p, T, unlock) \ + do { \ + int x = (_len) + T; \ + if ((m)->m_len < x) { \ + args->m = m = m_pullup(m, x); \ +- if (m == NULL) \ ++ if (m == NULL) { \ ++ unlock; \ + goto pullup_failed; \ ++ } \ + } \ + p = (mtod(m, char *) + (_len)); \ + } while (0) + ++#define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) ++#define PULLUP_LEN_LOCKED(_len, p, T) \ ++ _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ ++ UPDATE_POINTERS() ++/* ++ * In case pointers got stale after pullups, update them. ++ */ ++#define UPDATE_POINTERS() \ ++do { \ ++ ip = mtod(m, struct ip *); \ ++} while (0) ++ + /* + * if we have an ether header, + */ +@@ -2269,7 +2297,7 @@ + + case O_TCPOPTS: + if (proto == IPPROTO_TCP && offset == 0 && ulp){ +- PULLUP_LEN(hlen, ulp, ++ PULLUP_LEN_LOCKED(hlen, ulp, + (TCP(ulp)->th_off << 2)); + match = tcpopts_match(TCP(ulp), cmd); + } +@@ -2294,7 +2322,7 @@ + uint16_t mss, *p; + int i; + +- PULLUP_LEN(hlen, ulp, ++ PULLUP_LEN_LOCKED(hlen, ulp, + (TCP(ulp)->th_off << 2)); + if ((tcpopts_parse(TCP(ulp), &mss) & + IP_FW_TCPOPT_MSS) == 0) +@@ -3145,6 +3173,7 @@ + + } /* end of inner loop, scan opcodes */ + #undef PULLUP_LEN ++#undef PULLUP_LEN_LOCKED + + if (done) + break; Added: head/share/security/patches/SA-20:10/ipfw.12.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:10/ipfw.12.patch.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHNVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJiwQ/+Lpt5TbpgVsZBpwt/LlMngD3jQzuP4NR41LSpynro/diN4ZKyUIDZ2y1r +RMOy2kVVEQfaO3TdzQzA290ZIZevoZeMWzchG3N23Ya9Ddyz4ChLNWdhdqJwX0Lf +tIgYuOh3Nd90FP+BSx5KbKC4P9Y2DiXOX6FmzKbCBvNH+etAs8hshbqty1Fcahtv +aBOjYGvB1tBAl29brsxpSROd0aMVayxbk+2zs4nfrU7RuIHcjjNT0tWlDYrrFZ4a +qBUucxtv/+UgTDiXIOao55tx2cw4st9Kj6mUp5h3RMNTkB2piztFpH8XLOYq6PLK +7HzJFbji9sFHQyEjtoa/OoM+o52yfDqEU4YXfKtjvA21xjzfi00shnPY9Cp96CY5 +Q7zjXJsV2J6rvMXm9DY3Dis2cbkgt8nBU2B3ftSFWrCkblmeS49dCUzv+YtJ/J22 +eU7Tkc/bw8dqcZZgiJhEiOTRjSDZzNM9UJBeHpQBcppIltG3TdzDD3YY6KFIBjae +FwijjljfyA0wAEJREO+km2KpQca1wYyQKFNOVOimenazI+qsSvZg+xotyaGjYKWf +sDxnieRHzkqrp+6z3fMbo+n7Xz+KLQAxTBAN4YOAv04cePVOVx0/YeiWqWiy7LEk +Ponji3sfgPmuze/T785zIumLbo7HmoJQJg5o34wRtuF/1ANx0Bg= +=e2S6 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-20:11/openssl.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:11/openssl.patch Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,11 @@ +--- crypto/openssl/ssl/t1_lib.c.orig ++++ crypto/openssl/ssl/t1_lib.c +@@ -2099,7 +2099,7 @@ + sigalg = use_pc_sigalgs + ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; +- if (sig_nid == sigalg->sigandhash) ++ if (sigalg != NULL && sig_nid == sigalg->sigandhash) + return 1; + } + return 0; Added: head/share/security/patches/SA-20:11/openssl.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-20:11/openssl.patch.asc Tue Apr 21 16:29:32 2020 (r54065) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl6fHMlfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL1OxAAgpwan3XY96qOUx5NVpagPkYkqtGrJsXS4PFwYl3UbWFx6iLXIQCFZxVV +N5aODi0ixr0oMSlzM8hUhn590LG8UnU2UbUK2WwyhlzDMQaB04kT1xK1V0fqU0vy +BdRx0sIOGDz38qHLkGKEjJI7M41k5f/2wj65I16YCD3LDaUNzYQvHHRA4nMWa/iG +g/arSEBSXWEOmAdtazTGzb4x7umLfTzR7fkVBKW5RsaQrPNDaKsGvfkvgi9ZCpc0 +nqcDV07ivPMoM/DkYMO1RYrqHuGch8hejaDrJrf9hu5oYeUFRsl+XqUjVi1H33T6 +Wov9/FzzMEUxwkBm9wzH1vn2rGFncDa6/WR00iHMEKOcGM6B9lCqBNNnpNVC7vEC +/KVZasjRRwcRGpHMYte0R6rqoxJ4Pas6iaUUJwmv10S1mBaIPLV0k30o5J9G4euf +r2tsRBQCcY0dyyqO89k1krdFSQw36PDCe/vGoGoIUHsvIWcn894EBW6BdKeky6ns +PyON5G0/oM+oeyzL+bmocqj479S1poyRY++gGRpkgtVWoOV1+GaiyEhqfJK0srGZ +vbln/FMvL1mHstM6pyGwYFcd8aYZM+tkp9+hv4T2JCZ0Wj/zEEbGg72vClU+Fuji +XJsBJu435h0Kl/SZTUYcudwjLai9oHfxAOopyffsfV6NrZU53iE= +=1JP9 +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Mon Apr 20 14:14:06 2020 (r54064) +++ head/share/xml/advisories.xml Tue Apr 21 16:29:32 2020 (r54065) @@ -8,6 +8,23 @@ 2020 + 4 + + + 21 + + + FreeBSD-SA-20:11.openssl + + + + FreeBSD-SA-20:10.ipfw + + + + + + 3 Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Mon Apr 20 14:14:06 2020 (r54064) +++ head/share/xml/notices.xml Tue Apr 21 16:29:32 2020 (r54065) @@ -8,6 +8,19 @@ 2020 + 4 + + + 21 + + + FreeBSD-EN-20:07.quotad + + + + + + 3 From owner-svn-doc-head@freebsd.org Tue Apr 21 17:04:53 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3D6A2B0179; Tue, 21 Apr 2020 17:04:53 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49690j58xBz4fbL; Tue, 21 Apr 2020 17:04:53 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AC22F475D; Tue, 21 Apr 2020 17:04:53 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LH4rDj093490; Tue, 21 Apr 2020 17:04:53 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LH4rQG093489; Tue, 21 Apr 2020 17:04:53 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202004211704.03LH4rQG093489@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 21 Apr 2020 17:04:53 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54066 - head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml X-SVN-Commit-Revision: 54066 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 17:04:54 -0000 Author: gjb Date: Tue Apr 21 17:04:53 2020 New Revision: 54066 URL: https://svnweb.freebsd.org/changeset/doc/54066 Log: Document EN-20:07, SA-20:10, SA-20:11. Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/errata.xml head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/security.xml Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/errata.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/errata.xml Tue Apr 21 16:29:32 2020 (r54065) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/errata.xml Tue Apr 21 17:04:53 2020 (r54066) @@ -54,6 +54,14 @@ 18 March 2020 Incorrect checksum calculations + + + FreeBSD-EN-20:07.quotad + 21 April 2020 + Regression with certain NFS + servers + Modified: head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/security.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/security.xml Tue Apr 21 16:29:32 2020 (r54065) +++ head/en_US.ISO8859-1/htdocs/releases/12.1R/share/xml/security.xml Tue Apr 21 17:04:53 2020 (r54066) @@ -93,6 +93,20 @@ 18 March 2020 Multiple denial of service + + + FreeBSD-SA-20:10.ipfw + 21 April 2020 + Invalid &man.mbuf.9; handling + + + + FreeBSD-SA-20:11.openssl + 21 April 2020 + Remote denial of service + From owner-svn-doc-head@freebsd.org Tue Apr 21 17:06:31 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 635842B032F; Tue, 21 Apr 2020 17:06:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49692b1hQrz4fsC; Tue, 21 Apr 2020 17:06:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 351174763; Tue, 21 Apr 2020 17:06:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LH6U1W093820; Tue, 21 Apr 2020 17:06:30 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LH6U1c093819; Tue, 21 Apr 2020 17:06:30 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202004211706.03LH6U1c093819@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 21 Apr 2020 17:06:30 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54067 - head/en_US.ISO8859-1/htdocs/releases/11.3R X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.3R X-SVN-Commit-Revision: 54067 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 17:06:31 -0000 Author: gjb Date: Tue Apr 21 17:06:30 2020 New Revision: 54067 URL: https://svnweb.freebsd.org/changeset/doc/54067 Log: Regen after r360161. Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Modified: head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Apr 21 17:04:53 2020 (r54066) +++ head/en_US.ISO8859-1/htdocs/releases/11.3R/errata.html Tue Apr 21 17:06:30 2020 (r54067) @@ -42,10 +42,11 @@ disclosure

FreeBSD-SA-20:05.if_oce_ioctl18 March 2020

Insufficient ioctl(2) privilege checking

FreeBSD-SA-20:07.epair18 March 2020

Incorrect user-controlled pointer use

FreeBSD-SA-20:08.jail18 March 2020

Kernel memory disclosure with nested - jails

FreeBSD-SA-20:09.ntp18 March 2020

Multiple denial of service

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-19:13.mds24 July 2019

System crash from Intel CPU vulnerability + jails

FreeBSD-SA-20:09.ntp18 March 2020

Multiple denial of service

FreeBSD-SA-20:10.ipfw21 April 2020

Invalid mbuf(9) handling

3. Errata Notices

ErrataDateTopic
FreeBSD-EN-19:13.mds24 July 2019

System crash from Intel CPU vulnerability mitigation

FreeBSD-EN-19:15.libunwind6 August 2019

Incorrect exception handling

FreeBSD-EN-19:16.bhyve20 August 2019

Instruction emulation improvements

FreeBSD-EN-19:17.ipfw20 August 2019

"jail" keyword fix

FreeBSD-EN-19:18.tzdata23 Oct ober 2019

Timezone database information update

FreeBSD-EN-20:01.ssp28 January 2020

Imprecise orderring of canary - initialization

FreeBSD-EN-20:02.nmount28 January 2020

Invalid pointer dereference

FreeBSD-EN-20:04.pfctl18 March 2020

Missing pfctl(8) tunable

FreeBSD-EN-20:06.ipv618 March 2020

Incorrect checksum calculations

4. Open Issues

4. Open Issues

  • [2019-07-04] An issue which can cause a crash when connecting to a bhyve(4) instance with a VNC client under certain circumstances had been reported. An errata notice is planned From owner-svn-doc-head@freebsd.org Wed Apr 22 06:39:40 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 452422C7FB3; Wed, 22 Apr 2020 06:39:40 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 496W4r1MFNz3HxG; Wed, 22 Apr 2020 06:39:40 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 24CDEE83C; Wed, 22 Apr 2020 06:39:40 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03M6dera012639; Wed, 22 Apr 2020 06:39:40 GMT (envelope-from matthew@FreeBSD.org) Received: (from matthew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03M6defw012638; Wed, 22 Apr 2020 06:39:40 GMT (envelope-from matthew@FreeBSD.org) Message-Id: <202004220639.03M6defw012638@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: matthew set sender to matthew@FreeBSD.org using -f From: Matthew Seaman Date: Wed, 22 Apr 2020 06:39:40 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54068 - head/share/pgpkeys X-SVN-Group: doc-head X-SVN-Commit-Author: matthew X-SVN-Commit-Paths: head/share/pgpkeys X-SVN-Commit-Revision: 54068 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2020 06:39:40 -0000 Author: matthew (ports committer) Date: Wed Apr 22 06:39:39 2020 New Revision: 54068 URL: https://svnweb.freebsd.org/changeset/doc/54068 Log: Extend the expiry date on my PGP key Modified: head/share/pgpkeys/matthew.key Modified: head/share/pgpkeys/matthew.key ============================================================================== --- head/share/pgpkeys/matthew.key Tue Apr 21 17:06:30 2020 (r54067) +++ head/share/pgpkeys/matthew.key Wed Apr 22 06:39:39 2020 (r54068) @@ -3,15 +3,16 @@ sh addkey.sh matthew 036F6C9EE7F39EBF ; --> uid Matthew Seaman -sub rsa4096/5D0DFEAF7BFB01B4 2013-09-29 [E] [expires: 2020-04-23] -sub rsa4096/BB23AF518E1A4013 2013-10-06 [S] [expires: 2020-04-23] -sub rsa4096/E527EC985DBEA0A8 2013-10-06 [E] [expires: 2020-04-23] -sub rsa4096/00513F10E0A9E4E7 2013-10-06 [S] [expires: 2020-04-23] -sub rsa4096/0AC81803C8520138 2013-10-06 [E] [expires: 2020-04-23] +uid Matthew Seaman +sub rsa4096/5D0DFEAF7BFB01B4 2013-09-29 [E] [expires: 2021-04-23] +sub rsa4096/BB23AF518E1A4013 2013-10-06 [S] [expires: 2021-04-23] +sub rsa4096/E527EC985DBEA0A8 2013-10-06 [E] [expires: 2021-04-23] +sub rsa4096/00513F10E0A9E4E7 2013-10-06 [S] [expires: 2021-04-23] +sub rsa4096/0AC81803C8520138 2013-10-06 [E] [expires: 2021-04-23] ]]> Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 810422B8329; Thu, 23 Apr 2020 14:25:43 +0000 (UTC) (envelope-from salvadore@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497KN72pq4z3LH7; Thu, 23 Apr 2020 14:25:43 +0000 (UTC) (envelope-from salvadore@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 50EBA5D1F; Thu, 23 Apr 2020 14:25:43 +0000 (UTC) (envelope-from salvadore@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03NEPh5Y011953; Thu, 23 Apr 2020 14:25:43 GMT (envelope-from salvadore@FreeBSD.org) Received: (from salvadore@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03NEPhtx011952; Thu, 23 Apr 2020 14:25:43 GMT (envelope-from salvadore@FreeBSD.org) Message-Id: <202004231425.03NEPhtx011952@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: salvadore set sender to salvadore@FreeBSD.org using -f From: Lorenzo Salvadore Date: Thu, 23 Apr 2020 14:25:43 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54069 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head X-SVN-Commit-Author: salvadore X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/news/status X-SVN-Commit-Revision: 54069 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 14:25:43 -0000 Author: salvadore (ports committer) Date: Thu Apr 23 14:25:42 2020 New Revision: 54069 URL: https://svnweb.freebsd.org/changeset/doc/54069 Log: 2020q1 status report: Fix line breaks Fix a few lines in 2020q1 status report that were not broken properly. Reported by: debdrup Approved by: bcr (docs), gerald (mentor) Differential Revision: https://reviews.freebsd.org/D24443 Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml Wed Apr 22 06:39:39 2020 (r54068) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2020-01-2020-03.xml Thu Apr 23 14:25:42 2020 (r54069) @@ -73,11 +73,11 @@ legal entity.

    General

    -

    We moved! Our new address is: -The FreeBSD Foundation -3980 Broadway St. STE #103-107 -Boulder, CO 80304 -USA +

    We moved! Our new address is:
    +The FreeBSD Foundation
    +3980 Broadway St. STE #103-107
    +Boulder, CO 80304
    +USA

    In February, the board of directors had an all-day board meeting in Berkely, CA, where FreeBSD began! We put together our strategic plans for the next 2 years, @@ -472,8 +472,8 @@ Work in progress: lwhsu@FreeBSD.org -

    Contact: freebsd-testing Mailing List -Contact: IRC #freebsd-ci channel on EFNet +

    Contact: freebsd-testing Mailing List
    +Contact: IRC #freebsd-ci channel on EFNet

    The FreeBSD CI team maintains the continuous integration system and related tasks for the FreeBSD project. The CI system regularly checks the committed changes @@ -1300,8 +1300,8 @@ subsidiary) for loaning a server on which talos.anongo philip@FreeBSD.org -

    Contact: freebsd-riscv Mailing List -Contact: IRC #freebsd-riscv channel on freenode +

    Contact: freebsd-riscv Mailing List
    +Contact: IRC #freebsd-riscv channel on freenode

    It has been a year since the RISC-V project's last status report. In that time, the RISC-V port has benefited from increased attention, and received @@ -1394,7 +1394,7 @@ or had been deprecated. r358454 on February 29, 2020.

    -

    Sponsor: The FreeBSD Foundation +

    Sponsor: The FreeBSD Foundation

    elfctl utility @@ -1441,7 +1441,7 @@ wxneeded 'Requires W+X mappings' is unset. $ elfctl -e +aslr binary

    -

    Sponsor: The FreeBSD Foundation +

    Sponsor: The FreeBSD Foundation

    ELF Tool Chain @@ -1473,7 +1473,7 @@ validation.

    Mark Johnston addressed many memory and file descriptor leaks and similar issues reported by Coverity Scan.

    -

    Sponsor: The FreeBSD Foundation +

    Sponsor: The FreeBSD Foundation

    FreeBSD Translations on Weblate @@ -1647,7 +1647,7 @@ qurterly branch. represents over 7,400 individual changes including built-in modules in PE format, multi-monitor support, Vulkan 1.1 support, and an XAudio2 re-implementation. -

    +

    After our request for help in the last quarterly report the i386 wine ports have been adopted by salvadore who immediately started resolving existing bugs and improving the ports. Most of this work is ready and we @@ -1762,7 +1762,7 @@ projects.

    An initial effort to write proper documentation and guides for the pot project has started. The documentation, even if incomplete, is available at here. A F.A.Q. page is available and waiting for users to submit their questions.

    During the last quarter, some bugs were reported on pot and on the nomad-pot-driver. Both projects released a new bug fix version. -Many thanks to 'grembo' and 'Crest' that reported issues, tested and tried our solutions. +Many thanks to 'grembo' and 'Crest' that reported issues, tested and tried our solutions.
    Thanks also to Mateusz (0mp) for his Pull Requests!

    pot will have a new release soon (0.11.0), focused on network: From owner-svn-doc-head@freebsd.org Thu Apr 23 17:24:47 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 56D222BDD6A; Thu, 23 Apr 2020 17:24:47 +0000 (UTC) (envelope-from carlavilla@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497PLl1dzrz458n; Thu, 23 Apr 2020 17:24:47 +0000 (UTC) (envelope-from carlavilla@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 149D8811F; Thu, 23 Apr 2020 17:24:47 +0000 (UTC) (envelope-from carlavilla@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03NHOkdB031372; Thu, 23 Apr 2020 17:24:46 GMT (envelope-from carlavilla@FreeBSD.org) Received: (from carlavilla@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03NHOksP031371; Thu, 23 Apr 2020 17:24:46 GMT (envelope-from carlavilla@FreeBSD.org) Message-Id: <202004231724.03NHOksP031371@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: carlavilla set sender to carlavilla@FreeBSD.org using -f From: Sergio Carlavilla Delgado Date: Thu, 23 Apr 2020 17:24:46 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54070 - head/share/xml X-SVN-Group: doc-head X-SVN-Commit-Author: carlavilla X-SVN-Commit-Paths: head/share/xml X-SVN-Commit-Revision: 54070 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 17:24:47 -0000 Author: carlavilla Date: Thu Apr 23 17:24:46 2020 New Revision: 54070 URL: https://svnweb.freebsd.org/changeset/doc/54070 Log: Remove stale usergroups * Grazer BSD Stammtisch and Wiener BSD Stammtisch points to the same url * The Swedish FreeBSD Community -> website down * Ukrainian FreeBSD User Group (UAFUG) -> website down * The Connecticut Free Unix Users Group (CFUG) -> Right now it's a personal blog * Kansas Unix & Linux Users Association (KULUA) -> website down * Phoenix BSD Users Group -> website down * Greater Lansing Linux User Group -> website down * Western Connecticut's Open Source User Group (WCOSUG) -> Commercial use * The FreeBSD Mexican Community -> website down * bug.dc.uba.ar -> website with another use * The Daibou East *BSD Users Group (DEBUG) -> website down * BSD Pakistan -> website down * Mongolian Unix User Group (MUUG) -> website down * Bangladeshi FreeBSD User Group -> website down Approved by: bcr Differential Revision: https://reviews.freebsd.org/D24533 Modified: head/share/xml/usergroups.xml Modified: head/share/xml/usergroups.xml ============================================================================== --- head/share/xml/usergroups.xml Thu Apr 23 14:25:42 2020 (r54069) +++ head/share/xml/usergroups.xml Thu Apr 23 17:24:46 2020 (r54070) @@ -100,23 +100,10 @@ The country codes are precise ISO3166 codes from, e.g. - - Grazer BSD Stammtisch - http://graz.bsdstammtisch.at - The "Grazer BSD Stammtisch" is a - german-language oriented user group with members living in - or near Graz/Austria. We usually meet once per month to - discuss BSD related topics. For more information please - visit our website - or our - Facebook page. - - Wiener BSD Stammtisch - http://wien.bsdstammtisch.at/ + https://bsdstammtisch.at/ The Vienna BSD-Stammtisch is an English and German speaking BSD user group located in Austria's capital. We meet once a month to have a show and tell session, discuss @@ -129,7 +116,7 @@ The country codes are precise ISO3166 codes from, e.g. Prague BSD Group - https://brmlab.cz/groups/praguebsdgroup + https://brmlab.cz/groups/start#prague_bsd_group A small BSD user group from Brmlab Prague/Czech Republic Hackerspace. We are a group of hobbyists, professionals, and enthusiasts. @@ -404,7 +391,7 @@ The country codes are precise ISO3166 codes from, e.g. Polish BSD User Group - https://bsd-pl.pl/ + https://bsd-pl.org/ Our group was created to promote systems from the BSD family in Poland. We organize meetings that bring together lovers of Unix systems. Located in Warsaw. @@ -475,41 +462,8 @@ The country codes are precise ISO3166 codes from, e.g. in the body. Located in Sweden. - - - The Swedish FreeBSD Community - http://www.FreeBSD.se/ - - FreeBSD.se is a Swedish FreeBSD community in which - one can read and post articles and how-to:s in Swedish. There - is also an active forum for asking questions and helping - others with problems related to FreeBSD. - - - - - Ukrainian FreeBSD User Group (UAFUG) - http://www.uafug.org.ua/ - - The Ukrainian FreeBSD User Group (UAFUG) is a - Russian/Ukrainian languages oriented user group for the - Ukrainian users of BSD-derivatives, promoting and supporting - BSD flavours and Open Source usage. The UAFUG has had its - first meeting on 2 June 2002 and meets every 2-3 weeks. We - also provide an open forum for all BSD-related things in the - Russian and Ukrainian languages (though we can read/write in - english as well). To join the mailing list send a message to - - majordomo@FreeBSDDiary.org.ua with subscribe - freebsd in the body of the message. Check the link above for more - information. Located in the Ukraine. - - - - Manchester BSD Users Group @@ -611,7 +565,7 @@ The country codes are precise ISO3166 codes from, e.g. The Users of Free Operating Systems (UFO Chicago) - http://www.chifug.org + http://ufo.chicago.il.us The Users of Free Operating Systems (UFO Chicago) is an open-source Unix User Group that meets twice a month in Chicago. For directions and mailing list information, please @@ -620,17 +574,6 @@ The country codes are precise ISO3166 codes from, e.g. - - The Connecticut Free Unix Users Group (CFUG) - http://www.cfug.org - The Connecticut Free Unix Users Group (CFUG) is - devoted to free Unix, but has resources for almost all Unixen. - Their area of operation is Connecticut and Western Massachusetts. - More information can be found at - http://www.cfug.org. Located in Connecticut. - - - The Colorado BSD Users Group (CoBUG) http://cobug.org @@ -640,18 +583,6 @@ The country codes are precise ISO3166 codes from, e.g. - - Kansas Unix & Linux Users Association (KULUA) - http://kulua.org - The Kansas Unix & Linux Users Association (KULUA) - is a Free Unix User Group based in Lawrence, Kansas, but with - users throughout eastern Kansas and western Missouri. We have - about 120 members and meet biweekly. Visit the web site or email - kulua@kulua.org for more - information. Located in Lawrence, Kansas. - - - KnoxBUG http://knoxbug.org @@ -744,16 +675,6 @@ The country codes are precise ISO3166 codes from, e.g. - - Phoenix BSD Users Group - http://bsd.phoenix.az.us - The Phoenix BSD Users Group is fully open for business. - Anyone from the Phoenix area please feel free to join in http://bsd.phoenix.az.us. - Located in Phoenix, AZ. - - - Portland (Oregon) FreeBSD Users Group mailto:pdx-freebsd@toybox.placo.com @@ -820,20 +741,6 @@ The country codes are precise ISO3166 codes from, e.g. - - Greater Lansing Linux User Group - http://gllug.org - GLLUG is an organization for users of Linux, FreeBSD, - and associated free software in Lansing, Michigan (USA) and the - surrounding area. As with the organization at large, the weekly - meetings are very informal. We talk about what we've been working - on for the last few weeks and catch each other up with what is - going on. Often there is an official topic proposed ahead of time - on the mailing list, but sometimes we just discuss what is on our - minds. - - - Capital Area BSD Users Group http://capbug.org @@ -854,19 +761,6 @@ The country codes are precise ISO3166 codes from, e.g. BSD operating systems. - - - Western Connecticut's Open Source User Group (WCOSUG) - http://wcosug.org - WCOSUG is The Western Connecticut Open Source User - Group. Unlike Linux User Groups we also recognize the BSD's and - other operating systems. We are based in Fairfield County, CT, - we have several users based on the CT, NY border and due to lack - of an Eastern NY User Group we feel that it is our job to pull up - the slack and help these users out. - - - @@ -893,49 +787,9 @@ The country codes are precise ISO3166 codes from, e.g. - - - - The FreeBSD Mexican Community - http://www.freebsd.mx - The FreeBSD Mexican Community is a spanish language - orientated user group which wants to promote and educate people about - BSD operating systems by making tutorials and organizing events and - conferences. We are also working with other Open Source Unix - derivates like NetBSD, OpenBSD and Linux. For more - information please visit our website - or send us an email. - - - - - - bug.dc.uba.ar - http://bug.dc.uba.ar - - Buenos Aires based group with monthly meetings. - Comprised of many students at the University of Buenos Aires - Computer Science department. - - - - - - The BSD Users Group Peru - http://www.bsd-peru.org - The BSD Users Group Peru is a group of people with the - objective to promote the use of the different *BSD systems in Peru. - They provide information, documentation and forums for discussion. - For more information you can use their web site http://www.bsd-peru.org or write to - contacto@bsd-peru.org - - - - Grupo de Usuarios BSD de Venezuela @@ -998,14 +852,6 @@ The country codes are precise ISO3166 codes from, e.g. - - The Daibou East *BSD Users Group (DEBUG) - http://www.debug.gr.jp - The Daibou East *BSD Users Group (DEBUG) is now - forming for *BSD users in Tsukuba area. Located in Ibaraki, - Japan. - - The Kansai *BSD Users Group (K*BUG) http://www.kbug.gr.jp @@ -1108,18 +954,6 @@ The country codes are precise ISO3166 codes from, e.g. - - - BSD Pakistan - http://bsdpakistan.org/ - BSD Pakistan is a user community who aims to promote - and educate people about BSD Operating Systems; including FreeBSD, - NetBSD, OpenBSD, DragonFly BSD and Mac OS X. For more information - please visit our web site. - - - - New Delhi BSD User Group @@ -1130,32 +964,6 @@ The country codes are precise ISO3166 codes from, e.g. as other open source software. NDBUG was founded to disseminate knowledge of BSD Unix, open source software, and related technologies and interests in India and New Delhi specifically. - - - - - - - Mongolian Unix User Group (MUUG) - http://www.unix.org.mn/ - MUUG - (Mongolian Unix User Group) was formed in 2004 - and it is based in Ulaanbaatar, Mongolia. It was established to - share the knowledge, promote and educate people about - Unix, Linux, and BSD operating systems and open source software. - For more information please visit the web site at - http://www.unix.org.mn/. - The web site is in Mongolian only. - - - - - - Bangladeshi FreeBSD User Group - http://www.freebsdmovement.org/ - The Bangladeshi FreeBSD User Group is a group of the FreeBSD - users in Bangladesh. This group aims to build the scope of sharing - knowledge and experiences on FreeBSD. - From owner-svn-doc-head@freebsd.org Thu Apr 23 22:27:58 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 80DAA2C5493; Thu, 23 Apr 2020 22:27:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497X4Z1TBPz4Pts; Thu, 23 Apr 2020 22:27:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2DDBDBC9B; Thu, 23 Apr 2020 22:27:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03NMRwwp019835; Thu, 23 Apr 2020 22:27:58 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03NMRwuX019834; Thu, 23 Apr 2020 22:27:58 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202004232227.03NMRwuX019834@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Thu, 23 Apr 2020 22:27:58 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54071 - head/en_US.ISO8859-1/articles/freebsd-releng X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/freebsd-releng X-SVN-Commit-Revision: 54071 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 22:27:58 -0000 Author: gjb Date: Thu Apr 23 22:27:57 2020 New Revision: 54071 URL: https://svnweb.freebsd.org/changeset/doc/54071 Log: Fix a typo. Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: head/en_US.ISO8859-1/articles/freebsd-releng/releng-minor-version.xml Modified: head/en_US.ISO8859-1/articles/freebsd-releng/releng-minor-version.xml ============================================================================== --- head/en_US.ISO8859-1/articles/freebsd-releng/releng-minor-version.xml Thu Apr 23 17:24:46 2020 (r54070) +++ head/en_US.ISO8859-1/articles/freebsd-releng/releng-minor-version.xml Thu Apr 23 22:27:57 2020 (r54071) @@ -47,7 +47,7 @@ Makefile.libcompat - Update LILB32CPUFLAGS + Update LIB32CPUFLAGS From owner-svn-doc-head@freebsd.org Fri Apr 24 00:20:44 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 079D82C85B9; Fri, 24 Apr 2020 00:20:44 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497ZZg6TQdz4XH9; Fri, 24 Apr 2020 00:20:43 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D9C32D316; Fri, 24 Apr 2020 00:20:43 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03O0KhnO089597; Fri, 24 Apr 2020 00:20:43 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03O0KhaV089596; Fri, 24 Apr 2020 00:20:43 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <202004240020.03O0KhaV089596@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 24 Apr 2020 00:20:43 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54072 - head/en_US.ISO8859-1/htdocs/releases/11.4R X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.4R X-SVN-Commit-Revision: 54072 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 00:20:44 -0000 Author: gjb Date: Fri Apr 24 00:20:43 2020 New Revision: 54072 URL: https://svnweb.freebsd.org/changeset/doc/54072 Log: Update the 11.4-RELEASE schedule to reflect the code slush is now in effect. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Modified: head/en_US.ISO8859-1/htdocs/releases/11.4R/schedule.xml Modified: head/en_US.ISO8859-1/htdocs/releases/11.4R/schedule.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/11.4R/schedule.xml Thu Apr 23 22:27:57 2020 (r54071) +++ head/en_US.ISO8859-1/htdocs/releases/11.4R/schedule.xml Fri Apr 24 00:20:43 2020 (r54072) @@ -73,7 +73,7 @@ Code slush begins 24 April 2020 - - + 24 April 2020 Release Engineers announce that all further commits to the &local.branch.stable; branch will not require explicit approval, however new features should be avoided. From owner-svn-doc-head@freebsd.org Fri Apr 24 08:57:33 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B11D2ACB15; Fri, 24 Apr 2020 08:57:33 +0000 (UTC) (envelope-from blackend@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497p310vl2z43R2; Fri, 24 Apr 2020 08:57:33 +0000 (UTC) (envelope-from blackend@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1A07B1B5B9; Fri, 24 Apr 2020 08:57:33 +0000 (UTC) (envelope-from blackend@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03O8vW62010046; Fri, 24 Apr 2020 08:57:32 GMT (envelope-from blackend@FreeBSD.org) Received: (from blackend@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03O8vWCr010045; Fri, 24 Apr 2020 08:57:32 GMT (envelope-from blackend@FreeBSD.org) Message-Id: <202004240857.03O8vWCr010045@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: blackend set sender to blackend@FreeBSD.org using -f From: Marc Fonvieille Date: Fri, 24 Apr 2020 08:57:32 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54073 - head/share/mk X-SVN-Group: doc-head X-SVN-Commit-Author: blackend X-SVN-Commit-Paths: head/share/mk X-SVN-Commit-Revision: 54073 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 08:57:33 -0000 Author: blackend Date: Fri Apr 24 08:57:32 2020 New Revision: 54073 URL: https://svnweb.freebsd.org/changeset/doc/54073 Log: Set papersize to A4 as a workaround to the generation of empty .eps files that may occur under certain circumstances. This is only used to generate images with boundingboxes. Related to ports Bug 234126. Obtained from: Dima Panov Modified: head/share/mk/doc.commands.mk Modified: head/share/mk/doc.commands.mk ============================================================================== --- head/share/mk/doc.commands.mk Fri Apr 24 00:20:43 2020 (r54072) +++ head/share/mk/doc.commands.mk Fri Apr 24 08:57:32 2020 (r54073) @@ -139,15 +139,15 @@ PNMTOPSOPTS?= -noturn ${PNMTOPSFLAGS} EPSTOPDF?= ${PREFIX}/bin/epstopdf EPSTOPDFOPTS?= ${EPSTOPDFFLAGS} # -PIC2PS?= ${GROFF} -p -S -Wall -mtty-char -man +PIC2PS?= ${GROFF} -p -P-pa4 -S -Wall -mtty-char -man # PS2EPS?= ${PREFIX}/bin/gs PS2EPSOPTS?= -q -dNOPAUSE -dSAFER -dDELAYSAFER \ - -sPAPERSIZE=letter -r72 -sDEVICE=bit \ + -sPAPERSIZE=a4 -r72 -sDEVICE=bit \ -sOutputFile=/dev/null ${PS2EPSFLAGS} ps2epsi.ps PS2BBOX?= ${PREFIX}/bin/gs PS2BBOXOPTS?= -q -dNOPAUSE -dBATCH -dSAFER -dDELAYSAFER \ - -sPAPERSIZE=letter -r72 -sDEVICE=bbox \ + -sPAPERSIZE=a4 -r72 -sDEVICE=bbox \ -sOutputFile=/dev/null ${PS2BBOXFLAGS} #