From owner-svn-doc-all@freebsd.org Sun Feb 3 12:41:06 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40A2414C8477;
Sun, 3 Feb 2019 12:41:06 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id D90606C780;
Sun, 3 Feb 2019 12:41:05 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CEB9C1EB06;
Sun, 3 Feb 2019 12:41:05 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x13Cf5fS046609;
Sun, 3 Feb 2019 12:41:05 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x13Cf5Gt046608;
Sun, 3 Feb 2019 12:41:05 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201902031241.x13Cf5Gt046608@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Sun, 3 Feb 2019 12:41:05 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52794 - head/de_DE.ISO8859-1/books/handbook/disks
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/disks
X-SVN-Commit-Revision: 52794
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: D90606C780
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.98 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.98)[-0.977,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-0.999,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Sun, 03 Feb 2019 12:41:06 -0000
Author: bhd
Date: Sun Feb 3 12:41:05 2019
New Revision: 52794
URL: https://svnweb.freebsd.org/changeset/doc/52794
Log:
Update to r52711:
- Make the format of memory-backed disks consistent (soft-updates)
- Correct size of file-backed disk
Modified:
head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml
Modified: head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml Fri Feb 1 18:32:17 2019 (r52793)
+++ head/de_DE.ISO8859-1/books/handbook/disks/chapter.xml Sun Feb 3 12:41:05 2019 (r52794)
@@ -5,7 +5,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/handbook/disks/chapter.xml,v 1.187 2012/04/26 19:32:48 bcr Exp $
- basiert auf: r52077
+ basiert auf: r52711
-->
Um ein dateibasiertes Dateisystem zu erstellen,
muss zunächst ein Stück Speicher auf der Festplatte reserviert
- werden. Dieses Beispiel erzeugt eine 5 KB große Datei
+ werden. Dieses Beispiel erzeugt eine 5 MB große Datei
namens newimage:
&prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k
@@ -2239,7 +2239,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
&prompt.root; mdconfig -f newimage -u 0
&prompt.root; bsdlabel -w md0 auto
-&prompt.root; newfs md0a
+&prompt.root; newfs -U md0a
/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
super-block backups (for fsck -b #) at:
From owner-svn-doc-all@freebsd.org Sun Feb 3 17:54:36 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3352D14AD019;
Sun, 3 Feb 2019 17:54:36 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id BE79380146;
Sun, 3 Feb 2019 17:54:35 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AA70022103;
Sun, 3 Feb 2019 17:54:35 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x13HsZgB015056;
Sun, 3 Feb 2019 17:54:35 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x13HsZUQ015055;
Sun, 3 Feb 2019 17:54:35 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201902031754.x13HsZUQ015055@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Sun, 3 Feb 2019 17:54:35 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52795 -
head/de_DE.ISO8859-1/books/handbook/network-servers
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook/network-servers
X-SVN-Commit-Revision: 52795
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: BE79380146
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.96)[-0.963,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Sun, 03 Feb 2019 17:54:36 -0000
Author: bhd
Date: Sun Feb 3 17:54:35 2019
New Revision: 52795
URL: https://svnweb.freebsd.org/changeset/doc/52795
Log:
Update to r52704:
Rewrite the LDAP server section of the handbook.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D19062
Modified:
head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Sun Feb 3 12:41:05 2019 (r52794)
+++ head/de_DE.ISO8859-1/books/handbook/network-servers/chapter.xml Sun Feb 3 17:54:35 2019 (r52795)
@@ -5,7 +5,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/handbook/network-servers/chapter.xml,v 1.103 2011/12/24 15:51:18 bcr Exp $
- basiert auf: r52450
+ basiert auf: r52704
-->
Tom
Rhodes
- Geschrieben von
+ Ursprünglich beigetragen von
+ Rocky
+ Hotas
+
+ Aktualisiert von
+
+
+
+
+ BjörnHeidotting
@@ -2487,35 +2496,38 @@ result: 0 Success
LDAP Server&os; integriert keinen LDAP-Server.
- Beginnen Sie die Konfiguration durch die Installation des
- Ports oder Pakets net/openldap24-server.
- Da der Port viele konfigurierbare Optionen hat, ist es
- empfehlenswert zu prüfen, ob die Installation des Pakets
- ausreichend ist. Wenn Sie irgendwelche Optionen ändern
- möchten, ist es besser den Port zu übersetzen. In den meisten
- Fällen sollten die Standardwerte ausreichend sein. Wenn
- Sie jedoch SQL-Unterstützung benötigen, muss diese Option
- aktiviert und der Port nach den Anweisungen in übersetzt werden.
+ Beginnen Sie die Konfiguration mit der Installation des
+ Ports oder Pakets
+ net/openldap-server:
- Als nächstes muss ein Verzeichnis für Daten sowie ein
- Verzeichnis für die Zertifikate erstellt werden:
+ &prompt.root; pkg install openldap-server
- &prompt.root; mkdir /var/db/openldap-data
-&prompt.root; mkdir /usr/local/etc/openldap/private
+ Im
+ Paket sind eine große Anzahl an Optionen aktiviert.
+ Mit dem Befehl pkg info openldap-server
+ können diese überprüft werden. Falls die Optionen nicht
+ ausreichend sind (weil bspw. SQL-Unterstützung benötigt wird),
+ sollten Sie in Betracht ziehen, den Port mit dem
+ entsprechenden Framework neu zu übersetzen.
- Kopieren Sie die Konfigurationsdatei der Datenbank:
+ Während der Installation wird für die Daten das
+ Verzeichnis /var/db/openldap-data
+ erstellt. Das Verzeichnis für die Ablage der Zertifikate
+ muss manuell angelegt werden:
- &prompt.root; cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/DB_CONFIG
+ &prompt.root; mkdir /usr/local/etc/openldap/privateIm nächsten Schritt wird die Zertifizierungsstelle
konfiguriert. Die folgenden Befehle müssen in
/usr/local/etc/openldap/private
ausgeführt werden. Dies ist wichtig, da die
Dateiberechtigungen restriktiv gesetzt werden und Benutzer
- keinen direkten Zugriff auf diese Daten haben sollten. Geben
- Sie folgenden Befehl ein, um die Zertifizierungsstelle zu
- erstellen und folgen Sie den Anweisungen:
+ keinen direkten Zugriff auf diese Daten haben sollten.
+ Weitere Informationen über Zertifikate und deren Parameter
+ finden Sie im . Geben Sie folgenden
+ Befehl ein, um die Zertifizierungsstelle zu erstellen und
+ folgen Sie den Anweisungen:
&prompt.root; openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt
@@ -2536,7 +2548,9 @@ result: 0 Success
Stellen Sie hierbei sicher, dass
Common Name richtig eingetragen wird.
- Anschließend muss der Schlüssel signiert werden:
+ Die Zertifikatsregistrierungsanforderung muss mit dem
+ Schlüssel der Zertifizierungsstelle unterschrieben werden, um
+ als gültiges Zertifikat verwendet zu werden:
&prompt.root; openssl x509 -req -days 365 -in server.csr -out ../server.crt -CA ../ca.crt -CAkey ca.key -CAcreateserial
@@ -2550,179 +2564,367 @@ result: 0 Success
Achten Sie wieder auf das Attribut
Common name. Stellen Sie außerdem sicher,
dass bei diesem Verfahren acht (8) neue Dateien erzeugt worden
- sind. Der nächste Schritt besteht darin,
- /usr/local/etc/openldap/slapd.conf zu
- editieren und folgende Optionen hinzuzufügen:
+ sind.
- TLSCipherSuite HIGH:MEDIUM:+SSLv3
-TLSCertificateFile /usr/local/etc/openldap/server.crt
-TLSCertificateKeyFile /usr/local/etc/openldap/private/server.key
-TLSCACertificateFile /usr/local/etc/openldap/ca.crt
+ Der Daemon, auf dem der OpenLDAP-Server läuft, heißt
+ slapd. Die Konfiguration erfolgt über
+ slapd.ldif. Die alte
+ slapd.conf wird von OpenLDAP nicht mehr
+ verwendet.
- Danach bearbeiten Sie
- /usr/local/etc/openldap/ldap.conf und
- fügen folgende Zeilen hinzu:
+ Konfigurationsbeispiele
+ für slapd.ldif finden sich auch in
+ /usr/local/etc/openldap/slapd.ldif.sample.
+ Optionen sind in slapd-config(5) dokumentiert. Jeder
+ Abschnitt in slapd.ldif wird, wie alle
+ anderen LDAP-Attributgruppen, durch einen DN eindeutig
+ identifiziert. Achten Sie darauf, dass keine Leerzeilen
+ zwischen der Anweisung dn: und dem
+ gewünschten Ende des Abschnitts verbleiben. Im folgenden
+ Beispiel wird TLS verwendet, um einen sicheren Kanal zu
+ implementieren. Der erste Abschnitt stellt die globale
+ Konfiguration dar:
- TLS_CACERT /usr/local/etc/openldap/ca.crt
-TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3
+ #
+# See slapd-config(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+#
+#
+# Define global ACLs to disable default read access.
+#
+olcArgsFile: /var/run/openldap/slapd.args
+olcPidFile: /var/run/openldap/slapd.pid
+olcTLSCertificateFile: /usr/local/etc/openldap/server.crt
+olcTLSCertificateKeyFile: /usr/local/etc/openldap/private/server.key
+olcTLSCACertificateFile: /usr/local/etc/openldap/ca.crt
+#olcTLSCipherSuite: HIGH
+olcTLSProtocolMin: 3.1
+olcTLSVerifyClient: never
- Kommentieren Sie die folgenden Einträge aus und setzen Sie
- sie auf die gewünschten Werte: ,
- , und
- . Setzen Sie bei
- und
- ein. Fügen Sie danach zwei Einträge
- ein, die auf die Zertifizierungsstelle verweisen. Wenn Sie
- fertig sind, sollten die Einträge wie folgt aussehen:
+ Hier müssen die Zertifizierungsstelle, das
+ Serverzertifikat und die privaten Schlüssel des Servers
+ angegeben werden. Es wird empfohlen, den Clients die Wahl der
+ Sicherheits-Chiffre zu überlassen und die Option
+ olcTLSCipherSuite wegzulassen (inkompatibel
+ mit anderen TLS-Clients als openssl).
+ Mit der Option olcTLSProtocolMin benötigt
+ der Server nur eine minimale Sicherheitsstufe.
+ Diese Option wird empfohlen. Während die Verfizierung für den
+ Server verpflichtend ist, ist sie es nicht für den Client:
+ olcTLSVerifyClient: never.
- BASE dc=example,dc=com
-URI ldap:// ldaps://
+ Der zweite Abschnitt behandelt die Backend-Module und
+ kann wie folgt konfiguriert werden:
-SIZELIMIT 12
-TIMELIMIT 15
+ #
+# Load dynamic backend modules:
+#
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulepath: /usr/local/libexec/openldap
+olcModuleload: back_mdb.la
+#olcModuleload: back_bdb.la
+#olcModuleload: back_hdb.la
+#olcModuleload: back_ldap.la
+#olcModuleload: back_passwd.la
+#olcModuleload: back_shell.la
-TLS_CACERT /usr/local/etc/openldap/ca.crt
-TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3
+ Der dritte Abschnitt widmet sich dem Laden der benötigten
+ ldif-Schemata, die von den Datenbanken verwendet werden
+ sollen. Diese Dateien sind essentiell.
- Anschließend sollte das Standardpasswort für den Server
- geändert werden:
+ dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
- &prompt.root; slappasswd -h "{SHA}" >> /usr/local/etc/openldap/slapd.conf
+include: file:///usr/local/etc/openldap/schema/core.ldif
+include: file:///usr/local/etc/openldap/schema/cosine.ldif
+include: file:///usr/local/etc/openldap/schema/inetorgperson.ldif
+include: file:///usr/local/etc/openldap/schema/nis.ldif
- Dieser Befehl wird nach einem Passwort fragen und, wenn
- der Prozess nicht fehlschlägt, ein Passwort-Hash an das
- Ende von slapd.conf hinzufügen. Es
- werden verschiedene Hash-Formate unterstützt. Weitere
- Informationen hierzu finden Sie in der Manualpage von
- slappasswd.
+ Als nächstes folgt der Abschnitt zur
+ Frontend-Konfiguration:
- Als nächstes bearbeiten Sie
- /usr/local/etc/openldap/slapd.conf und
- fügen folgende Zeilen hinzu:
+ # Frontend settings
+#
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: to * by * read
+#
+# Sample global access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+#
+#olcAccess: to dn.base="" by * read
+#olcAccess: to dn.base="cn=Subschema" by * read
+#olcAccess: to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+#
+olcPasswordHash: {SSHA}
+# {SSHA} is already the default for olcPasswordHash
- password-hash {sha}
-allow bind_v2
+ Ein weiterer Abschnitt ist dem Konfigurations-Backend
+ gewidmet, der einzige Weg, später auf die
+ OpenLDAP-Serverkonfiguration zuzugreifen, ist als globaler
+ Superuser.
- Das Suffix in dieser Datei muss aus
- /usr/local/etc/openldap/ldap.conf
- entsprechen. Zudem sollte die Option
- ebenfalls gesetzt werden. Ein guter Wert ist beispielsweise
- . Bevor die Datei gespeichert
- wird, setzen Sie die Passwortausgabe von
- slappasswd hinter die Option
- . Das Endergebnis sollte in etwa wie
- folgt aussehen:
+ dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: to * by * none
+olcRootPW: {SSHA}iae+lrQZILpiUdf16Z9KmDmSwT77Dj4U
- TLSCipherSuite HIGH:MEDIUM:+SSLv3
-TLSCertificateFile /usr/local/etc/openldap/server.crt
-TLSCertificateKeyFile /usr/local/etc/openldap/private/server.key
-TLSCACertificateFile /usr/local/etc/openldap/ca.crt
-rootpw {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
+ Der voreingestellte Benutzername für den Administrator
+ lautet cn=config. Geben Sie
+ slappasswd in eine Shell ein, wählen Sie
+ ein Passwort und verwenden Sie seinen Hash in
+ olcRootPW. Wenn diese Option jetzt nicht
+ angegeben ist, kann vor dem Import der
+ slapd.ldif niemand später den Abschnitt
+ global configuration ändern.
- Aktivieren Sie abschließend
- OpenLDAP in
- /etc/rc.conf und setzen Sie die
- URI:
+ Der letzte Abschnitt befasst sich mit dem
+ Datenbank-Backend:
- slapd_enable="YES"
-slapd_flags="-4 -h ldaps:///"
+ #######################################################################
+# LMDB database definitions
+#######################################################################
+#
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: mdb
+olcDbMaxSize: 1073741824
+olcSuffix: dc=domain,dc=example
+olcRootDN: cn=mdbadmin,dc=domain,dc=example
+# Cleartext passwords, especially for the rootdn, should
+# be avoided. See slappasswd(8) and slapd-config(5) for details.
+# Use of strong authentication encouraged.
+olcRootPW: {SSHA}X2wHvIWDk6G76CQyCMS1vDCvtICWgn0+
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+olcDbDirectory: /var/db/openldap-data
+# Indices to maintain
+olcDbIndex: objectClass eq
- An dieser Stelle kann der Server gestartet und getestet
- werden:
+ Diese Datenbank enthält den
+ eigentlichen Inhalt des
+ LDAP-Verzeichnisses. Neben
+ mdb sind weitere Versionen
+ verfügbar. Dessen Superuser, nicht zu verwechseln mit dem
+ globalen, wird hier konfiguriert: ein Benutzername in
+ olcRootDN und der Passworthash in
+ olcRootPW; slappasswd
+ kann wie zuvor benutzt werden.
- &prompt.root; service slapd start
+ Dieses Repository
+ enthält vier Beispiele für slapd.ldif.
+ Lesen Sie diese Seite, um eine bestehende
+ slapd.conf in
+ slapd.ldif zu konvertieren. Beachten
+ Sie, dass dies einige unbrauchbare Optionen
+ einführen kann.
- Wenn alles richtig konfiguriert ist, sollte eine Suche im
- Verzeichnis, wie in diesem Beispiel, eine erfolgreiche
- Verbindung mit einer Antwort liefern:
+ Wenn die Konfiguration abgeschlossen ist, muss
+ slapd.ldif in ein leeres Verzeichnis
+ verschoben werden. Folgendes ist die empfohlene
+ Vorgehensweise:
- &prompt.root; ldapsearch -Z
-# extended LDIF
+ &prompt.root; mkdir /usr/local/etc/openldap/slapd.d/
+ Importieren Sie die Konfigurationsdatenbank:
+
+ &prompt.root; /usr/local/sbin/slapadd -n0 -F /usr/local/etc/openldap/slapd.d/ -l /usr/local/etc/openldap/slapd.ldif
+
+ Starten Sie den slapd-Daemon:
+
+ &prompt.root; /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/
+
+ Die Option -d kann, wie in slapd(8)
+ beschrieben, zur Fehlersuche benutzt werden. Stellen Sie
+ sicher, dass der Server läuft und korrekt arbeitet:
+
+ &prompt.root; ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
+# extended LDIF
#
# LDAPv3
-# base <dc=example,dc=com> (default) with scope subtree
+# base <> with scope baseObject
# filter: (objectclass=*)
-# requesting: ALL
+# requesting: namingContexts
+#
+#
+dn:
+namingContexts: dc=domain,dc=example
+
# search result
-search: 3
-result: 32 No such object
+search: 2
+result: 0 Success
-# numResponses: 1
+# numResponses: 2
+# numEntries: 1
-
- Wenn der Befehl fehlschlägt, aber die Konfiguration
- richtig aussieht, stoppen Sie den
- slapd-Dienst. Starten Sie anschließend
- den Dienst mit
- Debugging-Optionen:
+ Dem Server muss noch vertraut werden. Wenn dies noch nie
+ zuvor geschehen ist, befolgen Sie diese Anweisungen.
+ Installieren Sie das Paket oder den Port OpenSSL:
- &prompt.root; service slapd stop
-&prompt.root; /usr/local/libexec/slapd -d -1
-
+ &prompt.root; pkg install openssl
- Sobald der Dienst antwortet, kann das Verzeichnis mit dem
- Befehl ldapadd bestückt werden. In diesem
- Beispiel gibt es eine Datei mit einer Liste von Benutzern, die
- diesem Verzeichnis hinzugefügt werden. Die Einträge sollten
- das folgende Format haben:
+ Aus dem Verzeichnis, in dem ca.crt
+ gespeichert ist (in diesem Beispiel
+ /usr/local/etc/openldap), starten
+ Sie:
- dn: dc=example,dc=com
-objectclass: dcObject
-objectclass: organization
-o: Example
-dc: Example
+ &prompt.root; c_rehash .
-dn: cn=Manager,dc=example,dc=com
-objectclass: organizationalRole
-cn: Manager
+ Sowohl die CA als auch das Serverzertifikat werden nun in
+ ihren jeweiligen Rollen korrekt erkannt. Um dies zu
+ überprüfen, führen die folgenden Befehl aus dem Verzeichnis
+ der server.crt aus:
- Um diese Datei zu importieren, geben Sie den Dateinamen
- an. Bei dem folgenden Befehl werden Sie wieder zur Eingabe
- des Passworts aufgefordert, das Sie zuvor eingegeben haben.
- Die Ausgabe sollte wie folgt aussehen:
+ &prompt.root; openssl verify -verbose -CApath . server.crt
- &prompt.root; ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f import.ldif
-Enter LDAP Password:
-adding new entry "dc=example,dc=com"
+ Falls slapd ausgeführt wurde, muss
+ der Daemon neu gestartet werden. Wie in
+ /usr/local/etc/rc.d/slapd angegeben,
+ müssen die folgenden Zeilen in
+ /etc/rc.conf eingefügt werden, um
+ slapd beim Booten ordnungsgemäß
+ auszuführen:
-adding new entry "cn=Manager,dc=example,dc=com"
+ lapd_enable="YES"
+slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/
+ldap://0.0.0.0/"'
+slapd_sockets="/var/run/openldap/ldapi"
+slapd_cn_config="YES"
- Stellen Sie mit einer Suche auf dem Server sicher, dass
- die Daten importiert wurden. Nutzen Sie dazu
- ldapsearch:
+ slapd bietet beim Booten keine
+ Möglichkeit zur Fehlersuche. Überprüfen Sie dazu
+ /var/log/debug.log,
+ dmesg -a und
+ /var/log/messages.
- &prompt.user; ldapsearch -Z
-# extended LDIF
-#
-# LDAPv3
-# base <dc=example,dc=com> (default) with scope subtree
-# filter: (objectclass=*)
-# requesting: ALL
-#
+ Das folgende Beispiel fügt die Gruppe
+ team und den Benutzer
+ john zur
+ LDAP-Datenbank domain.example
+ hinzu, die bislang leer ist. Erstellen Sie
+ zunächst die Datei
+ domain.ldif:
-# example.com
-dn: dc=example,dc=com
+ &prompt.root; cat domain.ldif
+dn: dc=domain,dc=example
objectClass: dcObject
objectClass: organization
-o: Example
-dc: Example
+o: domain.example
+dc: domain
-# Manager, example.com
-dn: cn=Manager,dc=example,dc=com
-objectClass: organizationalRole
-cn: Manager
+dn: ou=groups,dc=domain,dc=example
+objectClass: top
+objectClass: organizationalunit
+ou: groups
-# search result
-search: 3
-result: 0 Success
+dn: ou=users,dc=domain,dc=example
+objectClass: top
+objectClass: organizationalunit
+ou: users
-# numResponses: 3
-# numEntries: 2
+dn: cn=team,ou=groups,dc=domain,dc=example
+objectClass: top
+objectClass: posixGroup
+cn: team
+gidNumber: 10001
- An dieser Stelle sollte der Server konfiguriert sein und
- ordnungsgemäß funktionieren.
+dn: uid=john,ou=users,dc=domain,dc=example
+objectClass: top
+objectClass: account
+objectClass: posixAccount
+objectClass: shadowAccount
+cn: John McUser
+uid: john
+uidNumber: 10001
+gidNumber: 10001
+homeDirectory: /home/john/
+loginShell: /usr/bin/bash
+userPassword: secret
+
+ Weitere Informationen finden Sie in der
+ OpenLDAP-Dokumentation. Benutzen Sie
+ slappasswd, um das Passwort
+ durch einen Hash in
+ userPassword zu ersetzen. Der in
+ loginShell angegebene Pfad muss in
+ allen Systemen existieren, in denen
+ john sich anmelden darf. Benutzen
+ Sie schließlich den mdb-Administrator,
+ um die Datenbank zu ändern:
+
+ &prompt.root; ldapadd -W -D "cn=mdbadmin,dc=domain,dc=example" -f domain.ldif
+
+ Änderungen im Bereich
+ global configuration können nur vom
+ globalen Superuser vorgenommen werden. Angenommen die Option
+ olcTLSCipherSuite: HIGH:MEDIUM:SSLv3 wurde
+ ursprünglich definiert und soll nun gelöscht werden.
+ Dazu erstellen Sie zunächst eine Datei mit folgendem
+ Inhalt:
+
+ &prompt.root; cat global_mod
+dn: cn=config
+changetype: modify
+delete: olcTLSCipherSuite
+
+ Übernehmen Sie dann die Änderungen:
+
+ &prompt.root; ldapmodify -f global_mod -x -D "cn=config" -W
+
+ Geben Sie bei Aufforderung das im Abschnitt
+ configuration backend gewählte
+ Passwort ein. Der Benutzername ist nicht erforderlich:
+ Hier repräsentiert cn=config den DN des zu
+ ändernden Datenbankabschnitts. Alternativ können Sie mit
+ ldapmodify eine einzelne Zeile der
+ Datenbank löschen, mit ldapdelete einen
+ ganzen Eintrag.
+
+ Wenn etwas schief geht oder der globale Superuser nicht
+ auf das Konfigurations-Backend zugreifen kann, ist es
+ möglich, die gesamte Konfiguration zu löschen und neu zu
+ schreiben:
+
+ &prompt.root; rm -rf /usr/local/etc/openldap/slapd.d/
+
+ slapd.ldif kann dann bearbeitet und
+ erneut importiert werden. Bitte folgenden Sie dieser
+ Vorgehensweise nur, wenn keine andere Lösung verfügbar
+ ist.
+
+ Dies ist nur die Konfiguration des Servers. Auf demselben
+ Rechner kann auch ein LDAP-Client mit eigener, separater
+ Konfiguration betrieben werden.
From owner-svn-doc-all@freebsd.org Mon Feb 4 21:37:02 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07FE814B3DCC;
Mon, 4 Feb 2019 21:37:02 +0000 (UTC)
(envelope-from rene@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id A2C35738CD;
Mon, 4 Feb 2019 21:37:01 +0000 (UTC)
(envelope-from rene@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9623DBE68;
Mon, 4 Feb 2019 21:37:01 +0000 (UTC)
(envelope-from rene@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x14Lb1f4095141;
Mon, 4 Feb 2019 21:37:01 GMT (envelope-from rene@FreeBSD.org)
Received: (from rene@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x14Lb1ji095139;
Mon, 4 Feb 2019 21:37:01 GMT (envelope-from rene@FreeBSD.org)
Message-Id: <201902042137.x14Lb1ji095139@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rene set sender to
rene@FreeBSD.org using -f
From: Rene Ladan
Date: Mon, 4 Feb 2019 21:37:01 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52796 - head/en_US.ISO8859-1/articles/contributors
X-SVN-Group: doc-head
X-SVN-Commit-Author: rene
X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/contributors
X-SVN-Commit-Revision: 52796
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: A2C35738CD
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.94 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.998,0];
NEURAL_HAM_SHORT(-0.94)[-0.938,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-0.999,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Mon, 04 Feb 2019 21:37:02 -0000
Author: rene
Date: Mon Feb 4 21:37:00 2019
New Revision: 52796
URL: https://svnweb.freebsd.org/changeset/doc/52796
Log:
Move rezny@ to the developer alumni.
Modified:
head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml
Modified: head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Sun Feb 3 17:54:35 2019 (r52795)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Mon Feb 4 21:37:00 2019 (r52796)
@@ -1134,10 +1134,6 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.
- &a.rezny.email;
-
-
- &a.trhodes.email;
Modified: head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml Sun Feb 3 17:54:35 2019 (r52795)
+++ head/en_US.ISO8859-1/articles/contributors/contrib.develalumni.xml Mon Feb 4 21:37:00 2019 (r52796)
@@ -4,6 +4,10 @@
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
+ &a.rezny.email; (2017 - 2019)
+
+
+ &a.jimharris.email; (2011 - 2018)
From owner-svn-doc-all@freebsd.org Tue Feb 5 18:38:31 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BD4814C4BB3;
Tue, 5 Feb 2019 18:38:31 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id D868D8922E;
Tue, 5 Feb 2019 18:38:30 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CC57921D11;
Tue, 5 Feb 2019 18:38:30 +0000 (UTC)
(envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15IcUno063144;
Tue, 5 Feb 2019 18:38:30 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15IcSka063131;
Tue, 5 Feb 2019 18:38:28 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201902051838.x15IcSka063131@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
gordon@FreeBSD.org using -f
From: Gordon Tetlow
Date: Tue, 5 Feb 2019 18:38:28 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52797 - in head/share: security/advisories
security/patches/EN-19:06 security/patches/EN-19:07 security/patches/SA-19:01
security/patches/SA-19:02 xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share: security/advisories
security/patches/EN-19:06 security/patches/EN-19:07 security/patches/SA-19:01
security/patches/SA-19:02 xml
X-SVN-Commit-Revision: 52797
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: D868D8922E
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.98 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.98)[-0.978,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 05 Feb 2019 18:38:31 -0000
Author: gordon (src,ports committer)
Date: Tue Feb 5 18:38:28 2019
New Revision: 52797
URL: https://svnweb.freebsd.org/changeset/doc/52797
Log:
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-19:07.lle.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:02.fd.asc (contents, props changed)
head/share/security/patches/EN-19:06/
head/share/security/patches/EN-19:06/dtrace.patch (contents, props changed)
head/share/security/patches/EN-19:06/dtrace.patch.asc (contents, props changed)
head/share/security/patches/EN-19:07/
head/share/security/patches/EN-19:07/lle.patch (contents, props changed)
head/share/security/patches/EN-19:07/lle.patch.asc (contents, props changed)
head/share/security/patches/SA-19:01/
head/share/security/patches/SA-19:01/syscall.11.2.patch (contents, props changed)
head/share/security/patches/SA-19:01/syscall.11.2.patch.asc (contents, props changed)
head/share/security/patches/SA-19:01/syscall.patch (contents, props changed)
head/share/security/patches/SA-19:01/syscall.patch.asc (contents, props changed)
head/share/security/patches/SA-19:02/
head/share/security/patches/SA-19:02/fd.patch (contents, props changed)
head/share/security/patches/SA-19:02/fd.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:06.dtrace Errata Notice
+ The FreeBSD Project
+
+Topic: DTrace incompatibility with SMAP-enabled systems
+
+Category: core
+Module: dtrace
+Announced: 2019-02-05
+Credits: Mateusz Guzik
+Affects: FreeBSD 12.0
+Corrected: 2018-12-19 23:29:44 UTC (stable/12, 12.0-STABLE)
+ 2019-02-05 17:54:09 UTC (releng/12.0, 12.0-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+DTrace is a dynamic tracing framework that can be used to analyze the kernel
+and userspace applications in various ways.
+
+II. Problem Description
+
+When tracing userspace applications, the kernel component of DTrace may need
+to access userspace memory. With the addition of SMAP support to the amd64
+kernel, the kernel is not able to arbitrarily access userspace memory: it
+must set a CPU flag to enable access. The code used by DTrace to perform
+such accesses was not updated accordingly.
+
+III. Impact
+
+The problem means that certain DTrace actions do not work on SMAP-enabled
+systems. This does not affect the application being traced.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch.asc
+# gpg --verify dtrace.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342267
+releng/12.0/ r343783
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1WhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLzHA/+MVR5AHgEorzgRkpiqRzSlmbE6VyhF07lgY5CvRLFGp4mUbspZICcwtk5
+ZOeA8MuDFiLo1p6Fo2JykJ25ipxM+cCbMlx4jO5lILwq40bYfejHiYrmC/gdfR7/
+YcuNR3DpCw4llYIXFAcyw7SXG92jYNi9kKOSol7Fji8Zq2qDTSWTFqKsoJ2Pk3rJ
+LfiQaekux00JlY3TOyt6QtPWSdlkhM4WAITWp4pUkGuNT/nIA2iED5N2ohgSraxa
+dtBp/r8BHHbwog9wOQEHPIRN/Di7Kv02CZk13zJySmV+yZiPlR0YWZ4gI6i69cyD
+rqTfO9kU2yjaqSBIFKMuGGysswZq7ii/+cULHuHVdJLuHDdh/9jZuI9O8VujGqVh
+rU8THFHOtli/nGXNdPQP3jn84SDH7jPr1SgcFv1s3/FPHXVfZW9Uq558G9ZDujgg
+pAtwMYiixMHpNr+j7qJr6DCTh22BR7FjYQg1iPVzIzgTYJ+I6ZH/cexVxXOS2S4T
+O793AjmvOVaXsWB7tzhewTKVBam3upbRH7WmTMdD9z6dIlWtl6xKSgHvyarHVHpA
+/y5H3VcK4suh/NIHlD+ln/hooFtmPIxsJnmInaXKq7Eg/C9mQx3x7h7qQFvWffD8
+cHOVGf3LCrH76unfc7AI7YafnD67Tgm09/sbgjVnScEpVW4E6Pc=
+=3+kY
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-19:07.lle.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:07.lle.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:07.lle Errata Notice
+ The FreeBSD Project
+
+Topic: LLE table lookup code race condition
+
+Category: core
+Module: net
+Announced: 2019-02-05
+Credits: Mark Johnston
+Affects: FreeBSD 12.0
+Corrected: 2019-01-25 20:24:53 UTC (stable/12, 12.0-STABLE)
+ 2019-02-05 17:59:50 UTC (releng/12.0, 12.0-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+A LLE (link layer entry) table stores information about hosts on a network
+and is used to translate between network layer addresses and data link layer
+addresses. The ARP cache, for example, is implemented using an LLE table.
+LLEs typically expire after some period, so there exist mechanisms to
+automatically remove them from their tables upon expiration.
+
+II. Problem Description
+
+The LLE table lookup code for IPv4 and IPv6 contains a race which results in
+a condition where the expiry period of an LLE is extended after it has been
+removed from the table and freed. By the time that the updated timer fires,
+the LLE structure has been freed, and so the timer code is operating on freed
+memory.
+
+III. Impact
+
+When the race is triggered, the result is typically a kernel panic. It may
+otherwise cause undefined system behavior.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch.asc
+# gpg --verify lle.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r343454
+releng/12.0/ r343787
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1XtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIYyA/8Da9XcP30o/+jISmHXjSx+livOJKyPu5UTAm7Xw4Pg8j3GR2xblzAsWie
+YAT56/V88yzeY+u/3UOWG2XNAViWlzBAsfrqphJEcMuGdTwslgVlVRpzLyQeh4hY
+whDkvYzPmjcxuX8+Agj/Ytwo+Q35bSfGNhls2OBSHnkqNL7HNhFePUWm5oVnlczL
+APHsknLRAAhZF8UYR+PdAT5x/9exLJStmGXdAeVT4HCfx8b/AvZ/lr3b4Jwa+8fq
+tCAsISOTOftGsTTpwgtWDebJ4jJB2l71EBBlWuj76yColhK9k1zhacauK3lOxoEw
+cpUHgLcY+ochSijBOZIw7IScVHvR05jry7VzL7oxe1oDn3HNkbTt6pwdNgL5ftzQ
+Cv7vjMGLdSfr7QyAVc/nZhg1x0mBKu+Dj0leQ9ZcjedrB0CIwslhmMYdlTCYWksA
+x06NwrPRzDohtnYM4n2KZBfPQw40vxsJLP8e+hnRpyliXWtOaYdw5GZoUcwublMZ
+TU7Y1n8s1C5L5KuJoYgs9jLS48nXgcSZc9pxjyGRcFQTsk/A5y4sckWImFurU9AT
+cYR3nHlaGJR/TZVNtR6sU1VhzunHg8ARlvoZivsFyVS7bUC+EIUzfQvZqHEUPycR
+RwX+/exDyXQSvhQVfqT1ngLwQ8e/GutI8WZ1ZFy+T6Mh6jeacPQ=
+=zCSg
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:01.syscall Security Advisory
+ The FreeBSD Project
+
+Topic: System call kernel data register leak
+
+Category: core
+Module: kernel
+Announced: 2019-02-05
+Credits: Konstantin Belousov
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-02-05 17:52:06 UTC (stable/12, 12.0-STABLE)
+ 2019-02-05 18:05:05 UTC (releng/12.0, 12.0-RELEASE-p3)
+ 2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE)
+ 2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9)
+CVE Name: CVE-2019-5595
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The FreeBSD/amd64 architecture defines the SYSCALL instruction for syscalls,
+and uses registers calling conventions for passing syscalls arguments and
+return values in addition to the registers usage imposed by the SYSCALL and
+SYSRET instructions in long mode. In particular, the arguments are passed in
+registers specified by the C ABI, and the content of the registers specified
+as caller-save, is undefined after the return from syscall.
+
+II. Problem Description
+
+The callee-save registers are used by kernel and for some of them (%r8, %r10,
+and for non-PTI configurations, %r9) the content is not sanitized before
+return from syscalls, potentially leaking sensitive information.
+
+III. Impact
+
+Typically an address of some kernel data structure used in the syscall
+implementation, is exposed.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10m "Rebooting for security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch.asc
+# gpg --verify syscall.patch.asc
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch.asc
+# gpg --verify syscall.patch.11.2.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r343781
+releng/12.0/ r343788
+stable/11/ r343782
+releng/11.2/ r343789
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1X9fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKPZBAAlwCVtNNIuq0s8FB9LjLaVJww1WWmbVJbhw1TJyBV2yRCkWwGDLag3dJ0
+EH8HwpWeL41lppjFeL6OMDZ2+wUnuShv3pAUGwodSRXsKWsp+aWqMPcNJifkVPxs
+DENrziUHnXkbOnbnP25eA12j0ztCz8FjKoDh+wrjuY4BL8jzBK4ZJtmYaubrFEcD
+GDStnEcvCNYDK8tf0rUW2lpv4oStTex5gFpZALPjq0g28kHPuctYzoOXOf9/So1i
+0kwdstsIdgydsDCHv5nXij7IDohNo+5KEJuee1cIptKftmxPLuonXyP0PiO3WA0h
+XQck1BbM5ENNm/0SOExctcqS+APXLf/VPhd2JwUPszRcYBV40pdqchkihoRXAKHs
+Dthv+9k9KrgwUO0wsrOvIzK8vjnVC2unUCXnFNX3OD2pfxCjKvl1grKQ2lAsP4Pu
+aP2VgPZyHbFKWQdOGaqOtM94CzXseXyYN3hgkNq+gPgDjkd7Xw8q5vu8d2QY/aYj
+Re4aEfUOzf9S22SQT9g4kx2QfEnUuJnnae3BMeBqWGngtQ7TnTHWrw3wGhxxC2S8
+iou+BzeCv9MRn74Fpzr/xnGRUwT+0wFJVd9N9QdpErRA59oo6X4TXNl6AvKHvxY7
+1UurBJ5MqUGUUIeJg8Qv5HpgJML3BiotDbk+LwmMx7T2IL1dJdk=
+=Aktj
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:02.fd.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:02.fd.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:02.fd Security Advisory
+ The FreeBSD Project
+
+Topic: File description reference count leak
+
+Category: core
+Module: unix
+Announced: 2019-02-05
+Credits: Peter Holm
+Affects: FreeBSD 12.0
+Corrected: 2019-02-05 17:56:22 UTC (stable/12, 12.0-STABLE)
+ 2019-02-05 18:11:15 UTC (releng/12.0, 12.0-RELEASE-p3)
+ 2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE)
+CVE Name: CVE-2019-5596
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+UNIX-domain sockets are used for inter-process communication. It is
+possible to use UNIX-domain sockets to transfer rights, encoded as file
+descriptors, to another process.
+
+II. Problem Description
+
+FreeBSD 12.0 attempts to handle the case where the receiving process does
+not provide a sufficiently large buffer for an incoming control message
+containing rights. In particular, to avoid leaking the corresponding
+descriptors into the receiving process' descriptor table, the kernel handles
+the truncation case by closing descriptors referenced by the discarded
+message.
+
+The code which performs this operation failed to release a reference obtained
+on the file corresponding to a received right. This bug can be used to cause
+the reference counter to wrap around and free the file structure.
+
+III. Impact
+
+A local user can exploit the bug to gain root privileges or escape from
+a jail.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch.asc
+# gpg --verify fd.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r343785
+releng/12.0/ r343790
+stable/11/ r343786
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1YFfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK7+w/+JeFIVM0QQC1R4wJFmT3bBaRumxGCx5PN5Ufe7ub/ztwsKQKJeps1aiS3
+fzw3Ck1K7+joeG+cNwZNihmAyEa2Hgk+FDhQBX531yrwF1jQ2A2oKGfkhs5e02Ng
+k16MV9pVlNP1zQ3wFVBjFCCvBuVJ0A8XTxALY7ivZlj2edgSH1eL4SaP1mrSD2Xu
+pR2amN7WkAaIqvATK0VkWjYp6kUXtI8CBtdP3hpKz88rpYoZfWxupqtghnxgjIqt
+iuTOhbemvYuBvB+ErbtU/6Z4ffoHt9Csrk2MM56/RZRwyHmtC4CFqtxClrUpOoa2
+2OcEbR8cZyEardSES78UBjbTwlOTVd5F4o86Q1bKytHjI72ycB5yKZkyiHmdJCjs
+EhlaDC/rnHxdYGvBuiLqFcNU5tJiGawZZwyozCQz67dGD89QzKQurKEWQ1YJvMsW
+ZwwJRSHrllUyJQBdqV/R3Qoaz2koeE9633jtqHDdUYKCZAgeFdic/6u9r4Rx2Nj5
+JpTZU01bwvxNZPf35WbI2L+JbygR40b3FYbZ3skBqZylp+EkPGPxGpHGAxdKWeOy
+rzGBukIuWnLy9pmJ574oTZymw8Psvu2DJL3Csngak1HkcA9mA5vjnDBvk9mvqTgo
+YCfCewlfFwVa/exSK3q5oI9hxse0KvQI4cH2+c2b7NDMS9+DpTY=
+=pr7t
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:06/dtrace.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:06/dtrace.patch Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,256 @@
+--- sys/cddl/dev/dtrace/amd64/dtrace_asm.S.orig
++++ sys/cddl/dev/dtrace/amd64/dtrace_asm.S
+@@ -208,7 +208,7 @@
+ void
+ dtrace_copy(uintptr_t src, uintptr_t dest, size_t size)
+ */
+- ENTRY(dtrace_copy)
++ ENTRY(dtrace_copy_nosmap)
+ pushq %rbp
+ movq %rsp, %rbp
+
+@@ -218,14 +218,28 @@
+ smovb /* move from %ds:rsi to %ed:rdi */
+ leave
+ ret
+- END(dtrace_copy)
++ END(dtrace_copy_nosmap)
+
++ ENTRY(dtrace_copy_smap)
++ pushq %rbp
++ movq %rsp, %rbp
++
++ xchgq %rdi, %rsi /* make %rsi source, %rdi dest */
++ movq %rdx, %rcx /* load count */
++ stac
++ repz /* repeat for count ... */
++ smovb /* move from %ds:rsi to %ed:rdi */
++ clac
++ leave
++ ret
++ END(dtrace_copy_smap)
++
+ /*
+ void
+ dtrace_copystr(uintptr_t uaddr, uintptr_t kaddr, size_t size,
+ volatile uint16_t *flags)
+ */
+- ENTRY(dtrace_copystr)
++ ENTRY(dtrace_copystr_nosmap)
+ pushq %rbp
+ movq %rsp, %rbp
+
+@@ -248,56 +262,121 @@
+ leave
+ ret
+
+- END(dtrace_copystr)
++ END(dtrace_copystr_nosmap)
+
++ ENTRY(dtrace_copystr_smap)
++ pushq %rbp
++ movq %rsp, %rbp
++
++ stac
++0:
++ movb (%rdi), %al /* load from source */
++ movb %al, (%rsi) /* store to destination */
++ addq $1, %rdi /* increment source pointer */
++ addq $1, %rsi /* increment destination pointer */
++ subq $1, %rdx /* decrement remaining count */
++ cmpb $0, %al
++ je 2f
++ testq $0xfff, %rdx /* test if count is 4k-aligned */
++ jnz 1f /* if not, continue with copying */
++ testq $CPU_DTRACE_BADADDR, (%rcx) /* load and test dtrace flags */
++ jnz 2f
++1:
++ cmpq $0, %rdx
++ jne 0b
++2:
++ clac
++ leave
++ ret
++
++ END(dtrace_copystr_smap)
++
+ /*
+ uintptr_t
+ dtrace_fulword(void *addr)
+ */
+- ENTRY(dtrace_fulword)
++ ENTRY(dtrace_fulword_nosmap)
+ movq (%rdi), %rax
+ ret
+- END(dtrace_fulword)
++ END(dtrace_fulword_nosmap)
+
++ ENTRY(dtrace_fulword_smap)
++ stac
++ movq (%rdi), %rax
++ clac
++ ret
++ END(dtrace_fulword_smap)
++
+ /*
+ uint8_t
+ dtrace_fuword8_nocheck(void *addr)
+ */
+- ENTRY(dtrace_fuword8_nocheck)
++ ENTRY(dtrace_fuword8_nocheck_nosmap)
+ xorq %rax, %rax
+ movb (%rdi), %al
+ ret
+- END(dtrace_fuword8_nocheck)
++ END(dtrace_fuword8_nocheck_nosmap)
+
++ ENTRY(dtrace_fuword8_nocheck_smap)
++ stac
++ xorq %rax, %rax
++ movb (%rdi), %al
++ clac
++ ret
++ END(dtrace_fuword8_nocheck_smap)
++
+ /*
+ uint16_t
+ dtrace_fuword16_nocheck(void *addr)
+ */
+- ENTRY(dtrace_fuword16_nocheck)
++ ENTRY(dtrace_fuword16_nocheck_nosmap)
+ xorq %rax, %rax
+ movw (%rdi), %ax
+ ret
+- END(dtrace_fuword16_nocheck)
++ END(dtrace_fuword16_nocheck_nosmap)
+
++ ENTRY(dtrace_fuword16_nocheck_smap)
++ stac
++ xorq %rax, %rax
++ movw (%rdi), %ax
++ clac
++ ret
++ END(dtrace_fuword16_nocheck_smap)
++
+ /*
+ uint32_t
+ dtrace_fuword32_nocheck(void *addr)
+ */
+- ENTRY(dtrace_fuword32_nocheck)
++ ENTRY(dtrace_fuword32_nocheck_nosmap)
+ xorq %rax, %rax
+ movl (%rdi), %eax
+ ret
+- END(dtrace_fuword32_nocheck)
++ END(dtrace_fuword32_nocheck_nosmap)
+
++ ENTRY(dtrace_fuword32_nocheck_smap)
++ stac
++ xorq %rax, %rax
++ movl (%rdi), %eax
++ clac
++ ret
++ END(dtrace_fuword32_nocheck_smap)
++
+ /*
+ uint64_t
+ dtrace_fuword64_nocheck(void *addr)
+ */
+- ENTRY(dtrace_fuword64_nocheck)
++ ENTRY(dtrace_fuword64_nocheck_nosmap)
+ movq (%rdi), %rax
+ ret
+- END(dtrace_fuword64_nocheck)
++ END(dtrace_fuword64_nocheck_nosmap)
+
++ ENTRY(dtrace_fuword64_nocheck_smap)
++ stac
++ movq (%rdi), %rax
++ clac
++ ret
++ END(dtrace_fuword64_nocheck_smap)
++
+ /*
+ void
+ dtrace_probe_error(dtrace_state_t *state, dtrace_epid_t epid, int which,
+--- sys/cddl/dev/dtrace/amd64/dtrace_isa.c.orig
++++ sys/cddl/dev/dtrace/amd64/dtrace_isa.c
+@@ -37,6 +37,7 @@
+ #include
+ #include
+ #include
++#include
+
+ #include
+ #include
+@@ -664,3 +665,70 @@
+ }
+ return (dtrace_fuword64_nocheck(uaddr));
+ }
++
++/*
++ * ifunc resolvers for SMAP support
++ */
++void dtrace_copy_nosmap(uintptr_t, uintptr_t, size_t);
++void dtrace_copy_smap(uintptr_t, uintptr_t, size_t);
++DEFINE_IFUNC(, void, dtrace_copy, (uintptr_t, uintptr_t, size_t), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_copy_smap : dtrace_copy_nosmap);
++}
++
++void dtrace_copystr_nosmap(uintptr_t, uintptr_t, size_t, volatile uint16_t *);
++void dtrace_copystr_smap(uintptr_t, uintptr_t, size_t, volatile uint16_t *);
++DEFINE_IFUNC(, void, dtrace_copystr, (uintptr_t, uintptr_t, size_t,
++ volatile uint16_t *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_copystr_smap : dtrace_copystr_nosmap);
++}
++
++uintptr_t dtrace_fulword_nosmap(void *);
++uintptr_t dtrace_fulword_smap(void *);
++DEFINE_IFUNC(, uintptr_t, dtrace_fulword, (void *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_fulword_smap : dtrace_fulword_nosmap);
++}
++
++uint8_t dtrace_fuword8_nocheck_nosmap(void *);
++uint8_t dtrace_fuword8_nocheck_smap(void *);
++DEFINE_IFUNC(, uint8_t, dtrace_fuword8_nocheck, (void *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_fuword8_nocheck_smap : dtrace_fuword8_nocheck_nosmap);
++}
++
++uint16_t dtrace_fuword16_nocheck_nosmap(void *);
++uint16_t dtrace_fuword16_nocheck_smap(void *);
++DEFINE_IFUNC(, uint16_t, dtrace_fuword16_nocheck, (void *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_fuword16_nocheck_smap : dtrace_fuword16_nocheck_nosmap);
++}
++
++uint32_t dtrace_fuword32_nocheck_nosmap(void *);
++uint32_t dtrace_fuword32_nocheck_smap(void *);
++DEFINE_IFUNC(, uint32_t, dtrace_fuword32_nocheck, (void *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_fuword32_nocheck_smap : dtrace_fuword32_nocheck_nosmap);
++}
++
++uint64_t dtrace_fuword64_nocheck_nosmap(void *);
++uint64_t dtrace_fuword64_nocheck_smap(void *);
++DEFINE_IFUNC(, uint64_t, dtrace_fuword64_nocheck, (void *), static)
++{
++
++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
++ dtrace_fuword64_nocheck_smap : dtrace_fuword64_nocheck_nosmap);
++}
Added: head/share/security/patches/EN-19:06/dtrace.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:06/dtrace.patch.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI/AQ//b3+UzDH6VXWyY0YODzxG/WxNZ97OvT3uVxWBXRU8KGpmXGnzqzAzxNtZ
+c1JHpZi2pxfxzFxnA0eLYDK/D6pcjvxTB7CPQVJqCXXibEVQepBSnuTEWCBD8EkR
+vDVVKid1aoMVofvtjQ+OGcYkOMgrrlN6eeL3voM8rrrIahupLyeSjfHdXItpI8Qx
+XXNwUvMNaVNlLhymas0Gpcy/iPcXbU5dQnZbzAg9U+nTGhKIuLqkouvswTzeist8
+B6i8YHM+phiCxKMJ7f4pDLD29Eb+sDPqVUt6DL8Av10jVGw2NphXIrZplodzJYft
+MZIdSDbxu9Q745EK8W60aeiIVEJxA1mIKjYhcJyCmELK29HthsuL0gUnSzruKhkD
+ZawH/sC7jI+QTXTT3cHXZleVYSd6FS+1S12EGskoWfrqi94ymyA4FBP135OfPMSq
+NOy+aKLNssGFlw5qyzvJirbt6Au6qI1mxVh0z6ljxskZU9DX6hoeboLZrDrTHco9
+3DHAOaSmajolFAeuMEDAuh+n4EpslzCfmies/ra/pHRR1rAcisNzgdzoBe4IMdGq
+qWEiiWnd7NNUkG4FFnD8ChiCm4cEoB7oG0vXk8iaCqT4R0O/dqqvQAKZLb4pU8Vq
+siAQutL5TgXvVg0faGsfekecZAa+F816zBgt0V5flmAdYlNeZyY=
+=e48g
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:07/lle.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:07/lle.patch Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,81 @@
+--- sys/netinet/in.c.orig
++++ sys/netinet/in.c
+@@ -1372,15 +1372,13 @@
+ IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
+ KASSERT(l3addr->sa_family == AF_INET,
+ ("sin_family %d", l3addr->sa_family));
++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
++ (LLE_UNLOCKED | LLE_EXCLUSIVE),
++ ("wrong lle request flags: %#x", flags));
++
+ lle = in_lltable_find_dst(llt, sin->sin_addr);
+-
+ if (lle == NULL)
+ return (NULL);
+-
+- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) !=
+- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
+- flags));
+-
+ if (flags & LLE_UNLOCKED)
+ return (lle);
+
+@@ -1389,6 +1387,17 @@
+ else
+ LLE_RLOCK(lle);
+
++ /*
++ * If the afdata lock is not held, the LLE may have been unlinked while
++ * we were blocked on the LLE lock. Check for this case.
++ */
++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) {
++ if (flags & LLE_EXCLUSIVE)
++ LLE_WUNLOCK(lle);
++ else
++ LLE_RUNLOCK(lle);
++ return (NULL);
++ }
+ return (lle);
+ }
+
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -2311,16 +2311,13 @@
+ IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
+ KASSERT(l3addr->sa_family == AF_INET6,
+ ("sin_family %d", l3addr->sa_family));
++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
++ (LLE_UNLOCKED | LLE_EXCLUSIVE),
++ ("wrong lle request flags: %#x", flags));
+
+ lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
+-
+ if (lle == NULL)
+ return (NULL);
+-
+- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) !=
+- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
+- flags));
+-
+ if (flags & LLE_UNLOCKED)
+ return (lle);
+
+@@ -2328,6 +2325,18 @@
+ LLE_WLOCK(lle);
+ else
+ LLE_RLOCK(lle);
++
++ /*
++ * If the afdata lock is not held, the LLE may have been unlinked while
++ * we were blocked on the LLE lock. Check for this case.
++ */
++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) {
++ if (flags & LLE_EXCLUSIVE)
++ LLE_WUNLOCK(lle);
++ else
++ LLE_RUNLOCK(lle);
++ return (NULL);
++ }
+ return (lle);
+ }
+
Added: head/share/security/patches/EN-19:07/lle.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:07/lle.patch.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZxfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIIIhAAiMgGjXcETkoTyrua/GEu5jy1Kf0NAPnNdGDPk1bqtpMTzBIAxC6VXPkM
+03bMsAaVNQLYtLPevB/uVnc2Qkr/uZNFv0L4XaGNqvL2FYqq7Fy8g9lkxXSphZ78
+gf1PVDVsHQ4Vwou9mYeGMetVwdil27p1OorT3f1y9nk8VM6m0HQgPGl5bYJjG8Se
+IfiT7j0RwHkXkt9ODJL17Cs0+VjCoKZ9fTN4hWy22sLHT2ZJYLIt6zdvTK1qp6gT
+IYifpEmckCiDNoL/AOrbGknG3FkbaEbwb5TV7BOjt9UiKRfKGoxxyxe6RusTwhUy
+ZScuAqVtY1zRR2k6RqA0RVxGsqkbqdmxz+NUUtMn/8jzvOxPXyWPrD63Xex6rOqC
+B47tpsQzozC6Xuk64EtZuEe5TOVCzQul3CRFpnbJttc/NSfSGc9sLyz/3fA8xI2e
+WXBQhXI4z1zwpUQRedFU5FMKI272I3H0DtjYx/MyxUP5BTyycPbj4n7+X2pTdwi5
+/HSRBprO6dnKi4MZAzIJDRTbTJzu8DaNCfJQKt95wGBwZWPPX3lCl5n/iqkyXDra
+0FDrB3N0YFKmtwCAktZazotAIejANmcdqrNaR72s2KxzzLdEzLJGLLy6giOJQvqd
+aYmmGORxypiE0Y4KcuNWDpFqYYOwyLMydZro5QSygz0nVAgsPhU=
+=PZ6a
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-19:01/syscall.11.2.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:01/syscall.11.2.patch Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,19 @@
+--- sys/amd64/amd64/exception.S.orig
++++ sys/amd64/amd64/exception.S
+@@ -496,12 +496,14 @@
+ movq TF_RFLAGS(%rsp),%r11 /* original %rflags */
+ movq TF_RIP(%rsp),%rcx /* original %rip */
+ movq TF_RSP(%rsp),%rsp /* user stack pointer */
++ xorl %r8d,%r8d /* zero the rest of GPRs */
++ xorl %r10d,%r10d
+ cmpb $0,pti
+ je 2f
+ movq PCPU(UCR3),%r9
+ movq %r9,%cr3
+- xorl %r9d,%r9d
+-2: swapgs
++2: xorl %r9d,%r9d
++ swapgs
+ sysretq
+
+ 3: /* AST scheduled. */
Added: head/share/security/patches/SA-19:01/syscall.11.2.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:01/syscall.11.2.patch.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1eBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKpCBAAgWL2O3tUpnwwvUIpEAKhIwNaWMqhTH8OyIF5dM8YrZlAYCc7twoPr6Y3
+2ojEMEihgC3B3+5flWZyp6Xxdni65Dpy6NcbgqiXJhbI30htC6TzETm2vhtderam
+wnz7B3dmpYtdNBJpRow3kGiLKv6zZ7gG720EuhVKgPjHx+5U4FXzpBazz8cEfz4U
+8F9amyqqe/7hf7kTbjBF7TZ90FpN/Uoe7FCF58L6UB8c3TYvpdfRSQMNg8ODuDIP
+kLV04/QVgoZKtT3MoRhmVgkpSCYYy1/j7KfZqmx08teW+6OjISbCTotS3DgHQD0Y
+sBB+GtvWxzuZjThWyIGQiDUztdyHrqYZbG5q7XFQMRpPjD7WC6MWRxeIgcLn5gjW
+RVVO6WhBEeFi+uTeSnpQUhMERkwJEBg3VzqeXQ5j6eR1xB3hZynJTl9uqMac4GK3
+K8xSoi4pS0VwOJnmu1iXqkUIrS9xSuSak1x/9dk5K6j+bbMXa1kGAJ808c8PQZ0g
+joqgdJjPeekK0e5U88QQ1aT4lwxBGGxdJVCPFYO55r3AzuDLT1Yo74ksn3mS4v1J
+vWE23qQo4v4iIpp0IESHL0TyFffD3vy1FRmmYwS+hZCiOOQBxgx8d0Cl0wMZn3KF
+Cae6mlauAgltuj2cNCjVTZ0mb+D3YU74mwUhLU4Tc8XVYrgh8Sw=
+=VDU6
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-19:01/syscall.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:01/syscall.patch Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,19 @@
+--- sys/amd64/amd64/exception.S.orig
++++ sys/amd64/amd64/exception.S
+@@ -521,12 +521,14 @@
+ movq TF_RFLAGS(%rsp),%r11 /* original %rflags */
+ movq TF_RIP(%rsp),%rcx /* original %rip */
+ movq TF_RSP(%rsp),%rsp /* user stack pointer */
++ xorl %r8d,%r8d /* zero the rest of GPRs */
++ xorl %r10d,%r10d
+ cmpq $~0,PCPU(UCR3)
+ je 2f
+ movq PCPU(UCR3),%r9
+ movq %r9,%cr3
+- xorl %r9d,%r9d
+-2: swapgs
++2: xorl %r9d,%r9d
++ swapgs
+ sysretq
+
+ 3: /* AST scheduled. */
Added: head/share/security/patches/SA-19:01/syscall.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-19:01/syscall.patch.asc Tue Feb 5 18:38:28 2019 (r52797)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1hJfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJbrA//fheN3NfAhxlgRjYwFa6WvhJgHFqoNnwWZLKwUmGdlJCIpdb6o/0FiWVw
+dfH5hSUibY7+vVGYyjcMNnU2BwDFcrQJbzFK7qz8zkDX4sH5RujkGcuacIe71Ny0
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
From owner-svn-doc-all@freebsd.org Tue Feb 5 21:24:58 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF2D414D10C7;
Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 924116B3E3;
Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7F0ED239D6;
Tue, 5 Feb 2019 21:24:57 +0000 (UTC) (envelope-from bhd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15LOvVN052430;
Tue, 5 Feb 2019 21:24:57 GMT (envelope-from bhd@FreeBSD.org)
Received: (from bhd@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15LOvj5052429;
Tue, 5 Feb 2019 21:24:57 GMT (envelope-from bhd@FreeBSD.org)
Message-Id: <201902052124.x15LOvj5052429@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bhd set sender to bhd@FreeBSD.org
using -f
From: Bjoern Heidotting
Date: Tue, 5 Feb 2019 21:24:57 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52798 - head/de_DE.ISO8859-1/books/handbook
X-SVN-Group: doc-head
X-SVN-Commit-Author: bhd
X-SVN-Commit-Paths: head/de_DE.ISO8859-1/books/handbook
X-SVN-Commit-Revision: 52798
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 924116B3E3
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.97 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.98)[-0.976,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-0.999,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 05 Feb 2019 21:24:58 -0000
Author: bhd
Date: Tue Feb 5 21:24:57 2019
New Revision: 52798
URL: https://svnweb.freebsd.org/changeset/doc/52798
Log:
Update to r51914:
Update version entities
Modified:
head/de_DE.ISO8859-1/books/handbook/book.xml
Modified: head/de_DE.ISO8859-1/books/handbook/book.xml
==============================================================================
--- head/de_DE.ISO8859-1/books/handbook/book.xml Tue Feb 5 18:38:28 2019 (r52797)
+++ head/de_DE.ISO8859-1/books/handbook/book.xml Tue Feb 5 21:24:57 2019 (r52798)
@@ -7,7 +7,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/handbook/book.xml,v 1.91 2012/03/27 19:32:11 bcr Exp $
- basiert auf: r51744
+ basiert auf: r51914
-->
%chapters;
%txtfiles;
@@ -109,7 +109,7 @@
Willkommen bei &os;! Dieses Handbuch beschreibt die
Installation und den täglichen Umgang mit
&os; &rel.current;-RELEASE und
- &os; &rel2.current;-RELEASE. Das
+ &os; &rel1.current;-RELEASE. Das
Handbuch ist das Ergebnis einer fortlaufenden Arbeit vieler
Einzelpersonen. Dies kann dazu führen, dass einige Abschnitte
nicht aktuell sind. Bei Unklarheiten empfiehlt es sich daher
From owner-svn-doc-all@freebsd.org Tue Feb 5 22:08:31 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A8BA14D2077;
Tue, 5 Feb 2019 22:08:31 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id A8A9A6CB4F;
Tue, 5 Feb 2019 22:08:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 977882408D;
Tue, 5 Feb 2019 22:08:30 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15M8Ump074577;
Tue, 5 Feb 2019 22:08:30 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15M8UXH074575;
Tue, 5 Feb 2019 22:08:30 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201902052208.x15M8UXH074575@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Tue, 5 Feb 2019 22:08:30 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52799 -
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml
X-SVN-Commit-Revision: 52799
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: A8A9A6CB4F
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.96)[-0.961,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 05 Feb 2019 22:08:31 -0000
Author: gjb
Date: Tue Feb 5 22:08:29 2019
New Revision: 52799
URL: https://svnweb.freebsd.org/changeset/doc/52799
Log:
Document SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Sponsored by: The FreeBSD Foundation
Modified:
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml
head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml
Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Feb 5 21:24:57 2019 (r52798)
+++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/errata.xml Tue Feb 5 22:08:29 2019 (r52799)
@@ -48,6 +48,22 @@
Timezone database information
update
+
+
+ FreeBSD-EN-19:06.dtrace
+ 5 February 2019
+ DTrace incompatibility with SMAP-enabled
+ systems
+
+
+
+ FreeBSD-EN-19:07.lle
+ 5 February 2019
+ LLE table lookup code race
+ condition
+
Modified: head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Feb 5 21:24:57 2019 (r52798)
+++ head/en_US.ISO8859-1/htdocs/releases/12.0R/share/xml/security.xml Tue Feb 5 22:08:29 2019 (r52799)
@@ -24,6 +24,21 @@
19 December 2018Buffer overflow
+
+
+ FreeBSD-SA-19:01.syscall
+ 5 February 2019
+ Kernel data register leak
+
+
+
+ FreeBSD-SA-19:02.fd
+ 5 February 2019
+ File description reference count
+ leak
+
From owner-svn-doc-all@freebsd.org Tue Feb 5 22:09:39 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id E760414D2120;
Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 82D0A6CD01;
Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 75A5824090;
Tue, 5 Feb 2019 22:09:38 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x15M9c8r074713;
Tue, 5 Feb 2019 22:09:38 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x15M9csA074712;
Tue, 5 Feb 2019 22:09:38 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201902052209.x15M9csA074712@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
using -f
From: Glen Barber
Date: Tue, 5 Feb 2019 22:09:38 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52800 - head/en_US.ISO8859-1/htdocs/releases/11.2R
X-SVN-Group: doc-head
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/releases/11.2R
X-SVN-Commit-Revision: 52800
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 82D0A6CD01
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.96)[-0.963,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Tue, 05 Feb 2019 22:09:39 -0000
Author: gjb
Date: Tue Feb 5 22:09:38 2019
New Revision: 52800
URL: https://svnweb.freebsd.org/changeset/doc/52800
Log:
Regen after r343813.
Sponsored by: The FreeBSD Foundation
Modified:
head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html
Modified: head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html
==============================================================================
--- head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html Tue Feb 5 22:08:29 2019 (r52799)
+++ head/en_US.ISO8859-1/htdocs/releases/11.2R/errata.html Tue Feb 5 22:09:38 2019 (r52800)
@@ -13,7 +13,7 @@
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the “™” or the
- “®” symbol.
Last modified on 2018-10-18 13:33:31 EDT by gjb.
Abstract
This document lists errata items for FreeBSD 11.2-RELEASE,
+ “®” symbol.
Last modified on 2018-10-18 17:33:31 UTC by gjb.
Abstract
This document lists errata items for FreeBSD 11.2-RELEASE,
containing significant information discovered after the
release or too late in the release cycle to be otherwise
included in the release documentation. This information
@@ -38,7 +38,8 @@
reassembly
+
+
+
+
+
From owner-svn-doc-all@freebsd.org Fri Feb 8 20:13:30 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07CF114C3008;
Fri, 8 Feb 2019 20:13:30 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 9E1BD6A103;
Fri, 8 Feb 2019 20:13:29 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8DAE11E22F;
Fri, 8 Feb 2019 20:13:29 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18KDTAI002161;
Fri, 8 Feb 2019 20:13:29 GMT (envelope-from pluknet@FreeBSD.org)
Received: (from pluknet@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18KDT4N002160;
Fri, 8 Feb 2019 20:13:29 GMT (envelope-from pluknet@FreeBSD.org)
Message-Id: <201902082013.x18KDT4N002160@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pluknet set sender to
pluknet@FreeBSD.org using -f
From: Sergey Kandaurov
Date: Fri, 8 Feb 2019 20:13:29 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52802 - head/en_US.ISO8859-1/articles/committers-guide
X-SVN-Group: doc-head
X-SVN-Commit-Author: pluknet
X-SVN-Commit-Paths: head/en_US.ISO8859-1/articles/committers-guide
X-SVN-Commit-Revision: 52802
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 9E1BD6A103
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0];
NEURAL_HAM_SHORT(-0.96)[-0.958,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Fri, 08 Feb 2019 20:13:30 -0000
Author: pluknet
Date: Fri Feb 8 20:13:29 2019
New Revision: 52802
URL: https://svnweb.freebsd.org/changeset/doc/52802
Log:
Fix typo.
Modified:
head/en_US.ISO8859-1/articles/committers-guide/article.xml
Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/committers-guide/article.xml Thu Feb 7 09:14:21 2019 (r52801)
+++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Fri Feb 8 20:13:29 2019 (r52802)
@@ -5286,7 +5286,7 @@ Do you want to commit? (no = start a shell) [y/n]
- Benefits and Perks for &os; Comitters
+ Benefits and Perks for &os; CommittersRecognition
From owner-svn-doc-all@freebsd.org Fri Feb 8 20:30:53 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F9614C35E7;
Fri, 8 Feb 2019 20:30:53 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 0C8D86A95B;
Fri, 8 Feb 2019 20:30:53 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 005961E424;
Fri, 8 Feb 2019 20:30:53 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18KUqmX008469;
Fri, 8 Feb 2019 20:30:52 GMT (envelope-from pluknet@FreeBSD.org)
Received: (from pluknet@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18KUqIb008468;
Fri, 8 Feb 2019 20:30:52 GMT (envelope-from pluknet@FreeBSD.org)
Message-Id: <201902082030.x18KUqIb008468@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pluknet set sender to
pluknet@FreeBSD.org using -f
From: Sergey Kandaurov
Date: Fri, 8 Feb 2019 20:30:52 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52803 - head/ru_RU.KOI8-R/books/handbook/x11
X-SVN-Group: doc-head
X-SVN-Commit-Author: pluknet
X-SVN-Commit-Paths: head/ru_RU.KOI8-R/books/handbook/x11
X-SVN-Commit-Revision: 52803
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 0C8D86A95B
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_SHORT(-0.96)[-0.958,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-0.999,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Fri, 08 Feb 2019 20:30:53 -0000
Author: pluknet
Date: Fri Feb 8 20:30:52 2019
New Revision: 52803
URL: https://svnweb.freebsd.org/changeset/doc/52803
Log:
Fix typo.
PR: 192504
Modified:
head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml
Modified: head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml
==============================================================================
--- head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml Fri Feb 8 20:13:29 2019 (r52802)
+++ head/ru_RU.KOI8-R/books/handbook/x11/chapter.xml Fri Feb 8 20:30:52 2019 (r52803)
@@ -1213,7 +1213,7 @@ EndSection
ëÏÎÆÉÇÕÒÁÃÉÏÎÎÙÅ ÆÁÊÌÙ XDM ÎÁÈÏÄÑÔÓÑ ×
ËÁÔÁÌÏÇÅ
/usr/local/lib/X11/xdm. ÷ Î£Í ÒÁÚÍÅÝÁÀÔÓÑ
- ÎÁÓËÏÌØËÏ ÆÁÊÌÏ×, ËÏÔÏÒÙÅ ÉÓÐÏÌØÚÕÀÔÓÑ ÄÌÑ ÉÚÍÅÎÅÎÉÑ
+ ÎÅÓËÏÌØËÏ ÆÁÊÌÏ×, ËÏÔÏÒÙÅ ÉÓÐÏÌØÚÕÀÔÓÑ ÄÌÑ ÉÚÍÅÎÅÎÉÑ
ÐÏ×ÅÄÅÎÉÑ É ×ÎÅÛÎÅÇÏ ×ÉÄÁ XDM.
ïÂÙÞÎÏ ÜÔÏ ÓÌÅÄÕÀÝÉÅ ÆÁÊÌÙ:
From owner-svn-doc-all@freebsd.org Fri Feb 8 21:34:45 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 923E514C6F77;
Fri, 8 Feb 2019 21:34:45 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 340B16DE50;
Fri, 8 Feb 2019 21:34:45 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 270561F012;
Fri, 8 Feb 2019 21:34:45 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18LYjWf045502;
Fri, 8 Feb 2019 21:34:45 GMT (envelope-from pluknet@FreeBSD.org)
Received: (from pluknet@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18LYjiw045501;
Fri, 8 Feb 2019 21:34:45 GMT (envelope-from pluknet@FreeBSD.org)
Message-Id: <201902082134.x18LYjiw045501@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pluknet set sender to
pluknet@FreeBSD.org using -f
From: Sergey Kandaurov
Date: Fri, 8 Feb 2019 21:34:45 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52804 - head/en_US.ISO8859-1/books/handbook/security
X-SVN-Group: doc-head
X-SVN-Commit-Author: pluknet
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security
X-SVN-Commit-Revision: 52804
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 340B16DE50
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_SHORT(-0.95)[-0.950,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Fri, 08 Feb 2019 21:34:45 -0000
Author: pluknet
Date: Fri Feb 8 21:34:44 2019
New Revision: 52804
URL: https://svnweb.freebsd.org/changeset/doc/52804
Log:
Update supported SSL/TLS versions in the base system.
Modified:
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 20:30:52 2019 (r52803)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:34:44 2019 (r52804)
@@ -1787,10 +1787,12 @@ kadmind5_server_enable="YES"
services.
The version of OpenSSL included
- in &os; supports the Secure Sockets Layer v2/v3 (SSLv2/SSLv3)
- and Transport Layer Security v1 (TLSv1) network security
+ in &os; supports the Secure Sockets Layer 3.0 (SSLv3)
+ and Transport Layer Security 1.0/1.1/1.2 (TLSv1/TLSv1.1/TLSv1.2)
+ network security
protocols and can be used as a general cryptographic
- library.
+ library. In &os; 12.0-RELEASE and above, OpenSSL also supports
+ Transport Layer Security 1.3 (TLSv1.3).
OpenSSL is often used to encrypt
authentication of mail clients and to secure web based
From owner-svn-doc-all@freebsd.org Fri Feb 8 21:57:31 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8715D14C794E;
Fri, 8 Feb 2019 21:57:31 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 2A6EB6E99D;
Fri, 8 Feb 2019 21:57:31 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1BAD71F37D;
Fri, 8 Feb 2019 21:57:31 +0000 (UTC)
(envelope-from pluknet@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x18LvU8I056261;
Fri, 8 Feb 2019 21:57:30 GMT (envelope-from pluknet@FreeBSD.org)
Received: (from pluknet@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x18LvUD1056260;
Fri, 8 Feb 2019 21:57:30 GMT (envelope-from pluknet@FreeBSD.org)
Message-Id: <201902082157.x18LvUD1056260@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pluknet set sender to
pluknet@FreeBSD.org using -f
From: Sergey Kandaurov
Date: Fri, 8 Feb 2019 21:57:30 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52805 - head/en_US.ISO8859-1/books/handbook/security
X-SVN-Group: doc-head
X-SVN-Commit-Author: pluknet
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/security
X-SVN-Commit-Revision: 52805
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 2A6EB6E99D
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_SHORT(-0.95)[-0.950,0];
NEURAL_HAM_LONG(-1.00)[-0.999,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Fri, 08 Feb 2019 21:57:31 -0000
Author: pluknet
Date: Fri Feb 8 21:57:30 2019
New Revision: 52805
URL: https://svnweb.freebsd.org/changeset/doc/52805
Log:
Update OpenSSL chapter after WITH_OPENSSL_PORT has gone.
PR: 233315
Modified:
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:34:44 2019 (r52804)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Feb 8 21:57:30 2019 (r52805)
@@ -1800,27 +1800,14 @@ kadmind5_server_enable="YES"
www/apache24 and
databases/postgresql91-server, include a
compile option for building with
- OpenSSL.
+ OpenSSL. If selected, the port will
+ add support using OpenSSL from the
+ base system. To instead have the port compile against
+ OpenSSL from the
+ security/openssl port, add the following to
+ /etc/make.conf:
- &os; provides two versions of
- OpenSSL: one in the base system and
- one in the Ports Collection. Users can choose which version to
- use by default for other ports using the following knobs:
-
-
-
- WITH_OPENSSL_PORT: when set, the port will use
- OpenSSL from the
- security/openssl port, even if the
- version in the base system is up to date or newer.
-
-
-
- WITH_OPENSSL_BASE: when set, the port will compile
- against OpenSSL provided by the
- base system.
-
-
+ DEFAULT_VERSIONS+= ssl=opensslAnother common use of OpenSSL is
to provide certificates for use with software applications.
From owner-svn-doc-all@freebsd.org Sat Feb 9 09:02:08 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3431614DBDAE;
Sat, 9 Feb 2019 09:02:08 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id C71DD8B059;
Sat, 9 Feb 2019 09:02:07 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A6E5026689;
Sat, 9 Feb 2019 09:02:07 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19927po008177;
Sat, 9 Feb 2019 09:02:07 GMT (envelope-from mat@FreeBSD.org)
Received: (from mat@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19927ea008176;
Sat, 9 Feb 2019 09:02:07 GMT (envelope-from mat@FreeBSD.org)
Message-Id: <201902090902.x19927ea008176@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org
using -f
From: Mathieu Arnold
Date: Sat, 9 Feb 2019 09:02:07 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52806 -
head/en_US.ISO8859-1/books/porters-handbook/makefiles
X-SVN-Group: doc-head
X-SVN-Commit-Author: mat
X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/porters-handbook/makefiles
X-SVN-Commit-Revision: 52806
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: C71DD8B059
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.94 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_SHORT(-0.95)[-0.948,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Sat, 09 Feb 2019 09:02:08 -0000
Author: mat
Date: Sat Feb 9 09:02:07 2019
New Revision: 52806
URL: https://svnweb.freebsd.org/changeset/doc/52806
Log:
Fix ordering of a couple examples.
Reported by: kbowling
Modified:
head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml
Modified: head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml Fri Feb 8 21:57:30 2019 (r52805)
+++ head/en_US.ISO8859-1/books/porters-handbook/makefiles/chapter.xml Sat Feb 9 09:02:07 2019 (r52806)
@@ -6166,11 +6166,11 @@ OPTIONS_GROUP_GG1= OPT9 OPT10
Simple Use of OPTIONSOPTIONS_DEFINE= FOO BAR
+OPTIONS_DEFAULT=FOO
+
FOO_DESC= Option foo support
BAR_DESC= Feature bar support
-OPTIONS_DEFAULT=FOO
-
# Will add --with-foo / --without-foo
FOO_CONFIGURE_WITH= foo
BAR_RUN_DEPENDS= bar:bar/bar
@@ -6198,6 +6198,7 @@ EXAMPLES_CONFIGURE_WITH= examplesPractical Use of OPTIONSOPTIONS_DEFINE= EXAMPLES
+OPTIONS_DEFAULT= PGSQL LDAP SSL
OPTIONS_SINGLE= BACKEND
OPTIONS_SINGLE_BACKEND= MYSQL PGSQL BDB
@@ -6212,8 +6213,6 @@ BDB_DESC= Use Berkeley DB as backend
LDAP_DESC= Build with LDAP authentication support
PAM_DESC= Build with PAM support
SSL_DESC= Build with OpenSSL support
-
-OPTIONS_DEFAULT= PGSQL LDAP SSL
# Will add USE_PGSQL=yes
PGSQL_USE= pgsql=yes
From owner-svn-doc-all@freebsd.org Sat Feb 9 15:03:42 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49D0A14E3E26;
Sat, 9 Feb 2019 15:03:42 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id DFD746F28C;
Sat, 9 Feb 2019 15:03:41 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D1348250F;
Sat, 9 Feb 2019 15:03:41 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19F3fkn095597;
Sat, 9 Feb 2019 15:03:41 GMT (envelope-from ryusuke@FreeBSD.org)
Received: (from ryusuke@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19F3fm6095596;
Sat, 9 Feb 2019 15:03:41 GMT (envelope-from ryusuke@FreeBSD.org)
Message-Id: <201902091503.x19F3fm6095596@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to
ryusuke@FreeBSD.org using -f
From: Ryusuke SUZUKI
Date: Sat, 9 Feb 2019 15:03:41 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52807 - head/ja_JP.eucJP/share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: ryusuke
X-SVN-Commit-Paths: head/ja_JP.eucJP/share/xml
X-SVN-Commit-Revision: 52807
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: DFD746F28C
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_LONG(-1.00)[-1.000,0];
NEURAL_HAM_SHORT(-0.96)[-0.959,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Sat, 09 Feb 2019 15:03:42 -0000
Author: ryusuke
Date: Sat Feb 9 15:03:41 2019
New Revision: 52807
URL: https://svnweb.freebsd.org/changeset/doc/52807
Log:
- Merge the following from the English version:
r52537 -> r52660 head/ja_JP.eucJP/share/xml/news.xml
Modified:
head/ja_JP.eucJP/share/xml/news.xml
Modified: head/ja_JP.eucJP/share/xml/news.xml
==============================================================================
--- head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 09:02:07 2019 (r52806)
+++ head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:03:41 2019 (r52807)
@@ -23,7 +23,7 @@
would like to work on. ***
$FreeBSD$
- Original revision: r52537
+ Original revision: r52720
-->
@@ -65,6 +65,20 @@
FreeBSD ¤Î¥ê¥ê¡¼¥¹¤Ë´Ø¤¹¤ë¤è¤ê¾Ü¤·¤¤¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï ¥ê¥ê¡¼¥¹¾ðÊó
¤ò¤´Í÷¤¯¤À¤µ¤¤¡£
+
+
+
+ Cirrus CI ¤Î &os; ¤Ø¤ÎÂбþ
+
+
Cirrus CI ¥·¥¹¥Æ¥à¤¬
+ &os; ¤ËÂбþ¤·¤Þ¤·¤¿¡£
+ Cirrus CI ¤Ï¡¢ºÇ¿·¤Î¥¯¥é¥¦¥Éµ»½Ñ¤òÍѤ¤¤ë¤³¤È¤Ç¡¢
+ ³«È¯¥µ¥¤¥¯¥ë¤ò¿×®¤Ë¡¢¸úΨŪ¤½¤·¤Æ°ÂÁ´¤Ë¹Ô¤¨¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£
+ Cirrus CI ¤Ï¡¢¤¢¤Ê¤¿¤Î¥Á¡¼¥à¤ÈÏ¢·È¤·¡¢
+ ¥½¥Õ¥È¥¦¥§¥¢¤Î¥ê¥ê¡¼¥¹¤ò¿×®¤«¤Ä°Â²Á¤Ë¤·¤Þ¤¹¡£
+ ¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢&os; Virtual
+ Machines ¥¬¥¤¥É¤ò¤´Í÷¤¯¤À¤µ¤¤¡£
From owner-svn-doc-all@freebsd.org Sat Feb 9 15:09:58 2019
Return-Path:
Delivered-To: svn-doc-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id D64CD14E3F30;
Sat, 9 Feb 2019 15:09:58 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
server-signature RSA-PSS (4096 bits)
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 744996F396;
Sat, 9 Feb 2019 15:09:58 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6349E2513;
Sat, 9 Feb 2019 15:09:58 +0000 (UTC)
(envelope-from ryusuke@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x19F9w6s095938;
Sat, 9 Feb 2019 15:09:58 GMT (envelope-from ryusuke@FreeBSD.org)
Received: (from ryusuke@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id x19F9wZO095937;
Sat, 9 Feb 2019 15:09:58 GMT (envelope-from ryusuke@FreeBSD.org)
Message-Id: <201902091509.x19F9wZO095937@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ryusuke set sender to
ryusuke@FreeBSD.org using -f
From: Ryusuke SUZUKI
Date: Sat, 9 Feb 2019 15:09:58 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r52808 - head/ja_JP.eucJP/share/xml
X-SVN-Group: doc-head
X-SVN-Commit-Author: ryusuke
X-SVN-Commit-Paths: head/ja_JP.eucJP/share/xml
X-SVN-Commit-Revision: 52808
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 744996F396
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
local_wl_from(0.00)[FreeBSD.org];
NEURAL_HAM_MEDIUM(-1.00)[-0.996,0];
NEURAL_HAM_SHORT(-0.96)[-0.959,0];
ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for "
user" , " projects" , and " translations"
\)"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
X-List-Received-Date: Sat, 09 Feb 2019 15:09:59 -0000
Author: ryusuke
Date: Sat Feb 9 15:09:57 2019
New Revision: 52808
URL: https://svnweb.freebsd.org/changeset/doc/52808
Log:
- Merge the following from the English version:
r52720 -> r52801 head/ja_JP.eucJP/share/xml/news.xml
Modified:
head/ja_JP.eucJP/share/xml/news.xml
Modified: head/ja_JP.eucJP/share/xml/news.xml
==============================================================================
--- head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:03:41 2019 (r52807)
+++ head/ja_JP.eucJP/share/xml/news.xml Sat Feb 9 15:09:57 2019 (r52808)
@@ -23,12 +23,48 @@
would like to work on. ***
$FreeBSD$
- Original revision: r52720
+ Original revision: r52801
-->
$FreeBSD$
+
+
+ 2019
+
+
+ 2
+
+
+ 1
+
+
+