Date: Wed, 3 Jul 2019 00:30:17 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53209 - in head/share: security/advisories security/patches/EN-19:12 security/patches/SA-19:09 security/patches/SA-19:10 security/patches/SA-19:11 xml Message-ID: <201907030030.x630UHEu062257@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Wed Jul 3 00:30:17 2019 New Revision: 53209 URL: https://svnweb.freebsd.org/changeset/doc/53209 Log: Add EN-19:12 and SA-19:09 to SA-19:11 Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc (contents, props changed) head/share/security/patches/EN-19:12/ head/share/security/patches/EN-19:12/tzdata-2019b.patch (contents, props changed) head/share/security/patches/EN-19:12/tzdata-2019b.patch.asc (contents, props changed) head/share/security/patches/SA-19:09/ head/share/security/patches/SA-19:09/iconv.patch (contents, props changed) head/share/security/patches/SA-19:09/iconv.patch.asc (contents, props changed) head/share/security/patches/SA-19:10/ head/share/security/patches/SA-19:10/ufs.11.patch (contents, props changed) head/share/security/patches/SA-19:10/ufs.11.patch.asc (contents, props changed) head/share/security/patches/SA-19:10/ufs.12.patch (contents, props changed) head/share/security/patches/SA-19:10/ufs.12.patch.asc (contents, props changed) head/share/security/patches/SA-19:11/ head/share/security/patches/SA-19:11/cd_ioctl.11.patch (contents, props changed) head/share/security/patches/SA-19:11/cd_ioctl.11.patch.asc (contents, props changed) head/share/security/patches/SA-19:11/cd_ioctl.12.patch (contents, props changed) head/share/security/patches/SA-19:11/cd_ioctl.12.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc Wed Jul 3 00:30:17 2019 (r53209) @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:12.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2019-07-02 +Affects: All supported versions of FreeBSD. +Corrected: 2019-07-02 12:22:27 UTC (stable/12, 12.0-STABLE) + 2019-07-02 23:59:45 UTC (releng/12.0, 12.0-RELEASE-p7) + 2019-07-02 12:22:54 UTC (stable/11, 11.3-PRERELEASE) + 2019-07-02 23:59:45 UTC (releng/11.3, 11.3-RC3-p1) + 2019-07-02 23:59:45 UTC (releng/11.2, 11.2-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The tzsetup(8) program allows the user to specify the default local timezone. +Based on the selected timezone, tzsetup(8) copies one of the files from +/usr/share/zoneinfo to /etc/localtime. This file actually controls the +conversion. + +II. Problem Description + +Several changes in Daylight Savings Time happened after previous FreeBSD +releases were released that would affect many people who live in different +countries. Because of these changes, the data in the zoneinfo files need to +be updated, and if the local timezone on the running system is affected, +tzsetup(8) needs to be run so the /etc/localtime is updated. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected timezones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated timezone database from the +misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Please note that some third party software, for instance PHP, Ruby, Java and +Perl, may be using different zoneinfo data source, in such cases this +software must be updated separately. For software packages that is installed +via binary packages, they can be upgraded by executing `pkg upgrade'. + +Following the instructions in this Errata Notice will update all of the +zoneinfo files to be the same as what was released with FreeBSD release. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Restart all the affected +applications and daemons, or reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch +# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch.asc +# gpg --verify tzdata-2019b.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r349597 +releng/12.0/ r349620 +stable/11/ r349598 +releng/11.3/ r349620 +releng/11.2/ r349620 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:12.tzdata.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9VZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKxjRAAjlhQOby/rOVo/+MPrPrdNin5t2MNBOTRawTARwkl4hE6qFirdSHY9/92 +9MI1f6YuQinF32UgEKGkXwDsCSr73NqdNCvZ3BFML8dqp9ij3xN4lQraLyFJLQJq +gR3Iy8uL0ANjMfveE0PW4bDKuqAp2SZdvl4PNio2ddWOyW5FIbXTYEkhkhIbFn9k +zjtifmr4KFL+cZ494e4GnLx0epqY7J2l9livGHmAYEPKPuaGMzJn0qA6ac6SwGba +c1VDcTa3hCICUmZtWekkGa6H2EAVDcn+I7rv+x08afMDASl7CuKGd5dvwO65HHPP +5cFUKjnB4YKadtONt73rRxSGdkb5XqeOdnhoHdDb8RQaouPJGburedlP/xbvg8b/ +/lL1c4k+Bz1WlNiNoTahPwRTelIg/wzFwdvd4pTmb6DWzmYxPh8SI5hlRJ3dznQG +h1DVXTWYtDnxIvyL3c8KZjDrsIuP7wmDnHjbB89Dw8hVf+jLVZLWm4DFoz7FfAri +qhFIAm0izmABttUpNeWmfOs3yVgtYAMCZBXLdj3JJBx/v5S1VpKnXxkcj+rsZV1A +SczZO7w6BMEMi9HN5tzZqr1OX6H2LXfi7OSYn8fzeUhtXtraP5W9Ds/dWxu1rQna +Kvv9pF4KP4dq6zo4T/V5VHCT6O9FuP/DnjaHUWLtEYR2sol1GTE= +=Dl0I +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc Wed Jul 3 00:30:17 2019 (r53209) @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:09.iconv Security Advisory + The FreeBSD Project + +Topic: iconv buffer overflow + +Category: core +Module: libc +Announced: 2019-07-02 +Credits: Andrea Venturoli <security@netfence.it>, NetFence +Affects: All supported versions of FreeBSD. +Corrected: 2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE) + 2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7) + 2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE) + 2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1) + 2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11) +CVE Name: CVE-2019-5600 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The iconv(3) API converts text data from one character encoding to another +and is available as part of the standard C library (libc). + +II. Problem Description + +With certain inputs, iconv may write beyond the end of the output buffer. + +III. Impact + +Depending on the way in which iconv is used, an attacker may be able to +create a denial of service, provoke incorrect program behavior, or induce a +remote code execution. iconv is a libc library function and the nature of +possible attacks will depend on the way in which iconv is used by +applications or daemons. + +IV. Workaround + +No workaround is available. Stack canaries (-fstack-protector), which are +enabled by default, provide a degreee of defense against code injection but +not against denial of service. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or release / +security branch (releng) dated after the correction date. Restart any +potentially affected daemons. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch +# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch.asc +# gpg --verify iconv.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r349622 +releng/12.0/ r349621 +stable/11/ r349624 +releng/11.3/ r349621 +releng/11.2/ r349621 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5600>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK8qg//bXSYMJQUBC0POTT5zGXSAmXfKjxbCi4N67cfTrQkEvW672QX4Jw9smkK +D3PwyQs8QWIwsXL69rRgKDFHhPplOmTkx1vaPrA3DckYliwNvLRV3I6G2bRnx3E3 +DoAyDmBvFK5lJWa3WxbCpeJA69yZ/JbX1Yw6HsRLk74hGkfvlkruKkfxsNjXzaq4 +0+d+ZYs/vRDmIW5/R/bYy1+iyDamyCMl2xXtlZBKrGe6lhj8Vi4/evJjipFtskc2 +RnGKolNoZQc03pgX0QS2JZDb+ay23elkOCbhYPqGr1f++M95oOktX3epsJNSH++u +pmJ72FNRsnZSVFxoX7o14eh4k6OGYIvGFSkXQ9VG1NV7PQO8VZAQk9gw264O/1Mi +2aW88e78GLallQOg32VM+Ybys9MamBHByiYRz+GXhh91gg9WPJK5Imt0ExUuukGn +SS65SW1AhO72xC2eplbM0pQY0FNn8l+QA4XjhqNfW03gPSvPwbdYhbSDXm9bgV3W ++VnW2R0tekgiD3glf9GwXMKizostS67jvpJyEDqvx3A1Dx3R2sJ27/6c5HDLpJss +hrhEbqnJhudl10gQTdK9hkFg1LeqxFCYhsw0NDb7PgRWeu3MZcLP6pO3wy/aacfd +OyGJWeqTzKZ4o596OyrTsYIa75MymN3/PkdfDYfRMU0GdAo+acQ= +=ItWl +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc Wed Jul 3 00:30:17 2019 (r53209) @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:10.ufs Security Advisory + The FreeBSD Project + +Topic: Kernel stack disclosure in UFS/FFS + +Category: core +Module: Kernel +Announced: 2019-07-02 +Credits: David G. Lawrence <dg@dglawrence.com> +Affects: All supported versions of FreeBSD. +Corrected: 2019-05-10 23:45:16 UTC (stable/12, 12.0-STABLE) + 2019-07-02 00:02:16 UTC (releng/12.0, 12.0-RELEASE-p7) + 2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE) + 2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11) +CVE Name: CVE-2019-5601 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The Berkeley Fast File System (FFS) is an implementation of the UNIX File +System (UFS) filesystem used by FreeBSD. + +II. Problem Description + +A bug causes up to three bytes of kernel stack memory to be written to disk +as uninitialized directory entry padding. This data can be viewed by any +user with read access to the directory. Additionally, a malicious user with +write access to a directory can cause up to 254 bytes of kernel stack memory +to be exposed. + +III. Impact + +Some amount of the kernel stack is disclosed and written out to the +filesystem. + +IV. Workaround + +No workaround is available but systems not using UFS/FFS are not affected. + +V. Solution + +Special note: This update also adds the -z flag to fsck_ffs to have it scrub +the leaked information in the name padding of existing directories. It only +needs to be run once on each UFS/FFS filesystem after a patched kernel is +installed and running. + +Upgrade your vulnerable system to a supported FreeBSD stable or release / +security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, reboot the system and run: + +# fsck -t ufs -f -p -T ufs:-z + +to clean up your existing filesystems. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.x] +# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch +# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch.asc +# gpg --verify ufs.12.patch.asc + +[FreeBSD 11.x] +# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch +# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch.asc +# gpg --verify ufs.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system and run: + +# fsck -t ufs -f -p -T ufs:-z + +to clean up your existing filesystems. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r347474 +releng/12.0/ r349623 +stable/11/ r347475 +releng/11.2/ r349623 +- ------------------------------------------------------------------------- + +Note: This patch was applied to the stable/11 branch before the branch point +for releng/11.3. As such, no patch is needed for any 11.3-BETA or -RC. + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5601>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJgRhAAic+yb4boY5k2TotBe9xBBO2VEGwvcolARpvUg+78ya4RGh1d3FBH5R36 +N6uEvaAclrRsPHnDSeCD3BVmQkWBzD5a7t+z+m5Siye+01mA4XjKycNDl9BXm7sT +t01GP7TPBmaJZ45RPqT4M/iB1Ulud0kdKvi/apwDLbqJrbzcuxyBNs+wiQhbG2Ip +07REBqabnsL8dV2ysPtBlHd1nxyNyyF8EzkDUKYUWDnwPxzlrfrJAt+F7sneRrPf +tL3UsN+qh3JThI39CjFWPllVRv412QCFBDmGXHdbm+mWrxIecX5pUEoLfQQLJ82x +03TOYbZpu4d4CvgeSEXl3VkbHl6F6u/ii8ls/7aUDNnZcHWamraP84aJpLBG2cUa +ExDDL6K0x1LMhlGWxjGr0qp2ObdQ0sKTgQZ/RUmJO4pc4zuPc0yY3jOv4U+kP2G/ +znHEVVRs8/X95OYA0fdvnG0rOdcKGdqKEDxeTvFhyvxM372erT/dMz9flGnptA51 +30eAwyKmzj5Mzpo5y/NARyGLRTfOB2F6++BFrlqbsKCXcyK1R5jtxu1TLaliPvA/ +Aux8D4OQHIXIGk/sVQSJKOO4oH6U7S2aNtYTxaYHAJrtbC9udnyjVau2txlObEZr +pCbd+a02Btid0bBRUSFYugl4XHtakTVvtu93Fa19wASYDnZJIUE= +=uUz9 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc Wed Jul 3 00:30:17 2019 (r53209) @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:11.cd_ioctl Security Advisory + The FreeBSD Project + +Topic: Privilege escalation in cd(4) driver + +Category: core +Module: kernel +Announced: 2019-07-02 +Credits: Alex Fortune +Affects: All supported versions of FreeBSD. +Corrected: 2019-07-03 00:11:31 UTC (stable/12, 12.0-STABLE) + 2019-07-02 00:03:55 UTC (releng/12.0, 12.0-RELEASE-p7) + 2019-07-03 00:12:50 UTC (stable/11, 11.3-PRERELEASE) + 2019-07-02 00:03:55 UTC (releng/11.3, 11.3-RC3-p1) + 2019-07-02 00:03:55 UTC (releng/11.2, 11.2-RELEASE-p11) +CVE Name: CVE-2019-5602 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The cd(4) driver implements a number of ioctls to permit low-level access to +the media in the CD-ROM device. The Linux emulation layer provides a +corresponding set of ioctls, some of which are implemented as wrappers of +native cd(4) ioctls. + +These ioctls are available to users in the operator group, which gets +read-only access to cd(4) devices by default. + +II. Problem Description + +To implement one particular ioctl, the Linux emulation code used a special +interface present in the cd(4) driver which allows it to copy subchannel +information directly to a kernel address. This interface was erroneously +made accessible to userland, allowing users with read access to a cd(4) +device to arbitrarily overwrite kernel memory when some media is present in +the device. + +III. Impact + +A user in the operator group can make use of this interface to gain root +privileges on a system with a cd(4) device when some media is present in the +device. + +IV. Workaround + +devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from +cd(4) devices. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or release / +security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterwards, reboot the system. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.x] +# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch +# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch.asc +# gpg --verify cd_ioctl.12.patch.asc + +[FreeBSD 11.x] +# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch +# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch.asc +# gpg --verify cd_ioctl.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r349628 +releng/12.0/ r349625 +stable/11/ r349629 +releng/11.3/ r349625 +releng/11.2/ r349625 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5602>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WtfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK+nBAAqVz2kEviqpD6wTqwmDexacApQ8aRrnxUDA/PSU/ZStdU3/E3OHAEwMOr +k3qNBbMYUO5alXyLfe9Gv2iP2eTD8QP6xafMiwvcMxS2aJe6ieRmRTLUbep0QBEN +weIaafjvIlLElJTWb9Rr5CTUs6sSdq7Jc84dHPHSOQehhkCFydTdHCaYtvRS2tg1 +YYyzMdTlT1VRCL3Rb6iHkqLG7JKX1fTLsPxXGqv/IjYAcDREZjVNhxjvcsQsMQxD +2tTBDVZZLJBOHshGg/kyCRB++d36JNED0kb7/lfohGBvZS6wtmbe9z3a1+S4MN9i +sxNdLc4a/Qr3iP4SzgGf6YuD/BmXg/7HWZnBj220VncVHYjQThAZih0VDUSy9zBy +EplpqcRYebzvAQkq63e2LE66rveX58L7KAzZDG2QJUrPDJAfxgdc1fslgm/+/Yck +/lHVG8gxJNr+tpC80vKxssS7WhNUnd1zThKa2D5rrFnsWUR5da66mxJelUrq+vPT +bhs/nHOzqqXpojh+j/8a6q8Wi2CDSGnJ9vtt0FZu7SG0/r7hlUAAuI0o9VJV/Uh4 +CyJeVlJ65+4bUm+k9qFBxsmd7S08f1Z6UND8/1ffFOYm4POVJcRa1wUswYjXPfjp +Sf0rZ5vCq8TG7EOcdMHqHBgAumx3gAXj+I73Lwm73vnP4jMoqmw= +=Bc/8 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:12/tzdata-2019b.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:12/tzdata-2019b.patch Wed Jul 3 00:30:17 2019 (r53209) @@ -0,0 +1,3069 @@ +--- contrib/tzdata/Makefile.orig ++++ contrib/tzdata/Makefile +@@ -35,11 +35,13 @@ + + LOCALTIME= GMT + +-# If you want something other than Eastern United States time as a template +-# for handling ruleless POSIX-style timezone environment variables, ++# The POSIXRULES macro controls interpretation of nonstandard and obsolete ++# POSIX-like TZ settings like TZ='EET-2EEST' that lack DST transition rules. ++# In the reference implementation, if you want something other than Eastern ++# United States time as a template for handling these settings, you can + # change the line below (after finding the timezone you want in the + # one of the $(TDATA) source files, or adding it to a source file). +-# A ruleless environment setting like TZ='CST6CDT' uses the rules in the ++# A setting like TZ='EET-2EEST' is supposed to use the rules in the + # template file to determine "spring forward" and "fall back" days and + # times; the environment variable itself specifies UT offsets of standard and + # daylight saving time. +@@ -49,6 +51,17 @@ + # Use the command + # make zonenames + # to get a list of the values you can use for POSIXRULES. ++# ++# If POSIXRULES is empty, no template is installed; this is the intended ++# future default for POSIXRULES. ++# ++# Nonempty POSIXRULES is obsolete and should not be relied on, because: ++# * It does not work correctly in popular implementations such as GNU/Linux. ++# * It does not work in the tzdb implementation for timestamps after 2037. ++# * It is incompatible with 'zic -b slim' if POSIXRULES specifies transitions ++# at standard time or UT rather than at local time. ++# In short, software should avoid ruleless settings like TZ='EET-2EEST' ++# and so should not depend on the value of POSIXRULES. + + POSIXRULES= America/New_York + +@@ -231,6 +244,13 @@ + # other than simply getting garbage data + # -DUSE_LTZ=0 to build zdump with the system time zone library + # Also set TZDOBJS=zdump.o and CHECK_TIME_T_ALTERNATIVES= below. ++# -DZIC_BLOAT_DEFAULT=\"slim\" to default zic's -b option to "slim", and ++# similarly for "fat". Fat TZif files work around incompatibilities ++# and bugs in some TZif readers, notably readers that mishandle 64-bit ++# data in TZif files. Slim TZif files are more efficient and do not ++# work around these incompatibilities and bugs. If not given, the ++# current default is "fat" but this is intended to change as readers ++# requiring fat files often mishandle timestamps after 2037 anyway. + # -DZIC_MAX_ABBR_LEN_WO_WARN=3 + # (or some other number) to set the maximum time zone abbreviation length + # that zic will accept without a warning (the default is 6) +@@ -364,7 +384,9 @@ + + # To shrink the size of installed TZif files, + # append "-r @N" to omit data before N-seconds-after-the-Epoch. +-# See the zic man page for more about -r. ++# You can also append "-b slim" if that is not already the default; ++# see ZIC_BLOAT_DEFAULT above. ++# See the zic man page for more about -b and -r. + ZFLAGS= + + # How to use zic to install TZif files. +@@ -388,6 +410,9 @@ + # Name of curl <https://curl.haxx.se/>, used for HTML validation. + CURL= curl + ++# Name of GNU Privacy Guard <https://gnupg.org/>, used to sign distributions. ++GPG= gpg ++ + # The path where SGML DTDs are kept and the catalog file(s) to use when + # validating HTML 4.01. The default should work on both Debian and Red Hat. + SGML_TOPDIR= /usr +@@ -562,7 +587,9 @@ + '$(DESTDIR)$(LIBDIR)' \ + '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ + '$(DESTDIR)$(MANDIR)/man8' +- $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) \ ++ $(ZIC_INSTALL) -l $(LOCALTIME) \ ++ `case '$(POSIXRULES)' in ?*) echo '-p';; esac \ ++ ` $(POSIXRULES) \ + -t '$(DESTDIR)$(TZDEFAULT)' + cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' + cp tzselect '$(DESTDIR)$(BINDIR)/.' +@@ -781,12 +808,6 @@ + check_sorted: backward backzone iso3166.tab zone.tab zone1970.tab + $(AWK) '/^Link/ {print $$3}' backward | LC_ALL=C sort -cu + $(AWK) '/^Zone/ {print $$2}' backzone | LC_ALL=C sort -cu +- $(AWK) '/^[^#]/ {print $$1}' iso3166.tab | LC_ALL=C sort -cu +- $(AWK) '/^[^#]/ {print $$1}' zone.tab | LC_ALL=C sort -c +- $(AWK) '/^[^#]/ {print substr($$0, 1, 2)}' zone1970.tab | \ +- LC_ALL=C sort -c +- $(AWK) '/^[^#]/ $(CHECK_CC_LIST)' zone1970.tab | \ +- LC_ALL=C sort -cu + touch $@ + + check_links: checklinks.awk $(TDATA_TO_CHECK) tzdata.zi +@@ -1051,7 +1072,7 @@ + tzdata$(VERSION)-rearguard.tar.gz.asc: tzdata$(VERSION)-rearguard.tar.gz + tzdb-$(VERSION).tar.lz.asc: tzdb-$(VERSION).tar.lz + $(ALL_ASC): +- gpg2 --armor --detach-sign $? ++ $(GPG) --armor --detach-sign $? + + TYPECHECK_CFLAGS = $(CFLAGS) -DTYPECHECK -D__time_t_defined -D_TIME_T + typecheck: typecheck_long_long typecheck_unsigned +--- contrib/tzdata/NEWS.orig ++++ contrib/tzdata/NEWS +@@ -1,8 +1,102 @@ + News for the tz database + +-Release 20198 - 2019-03-25 22:01:33 -0700 ++Release 2019b - 2019-07-01 00:09:53 -0700 + + Briefly: ++ Brazil no longer observes DST. ++ 'zic -b slim' outputs smaller TZif files; please try it out. ++ Palestine's 2019 spring-forward transition was on 03-29, not 03-30. ++ ++ Changes to future timestamps ++ ++ Brazil has canceled DST and will stay on standard time indefinitely. ++ (Thanks to Steffen Thorsen, Marcus Diniz, and Daniel Soares de ++ Oliveira.) ++ ++ Predictions for Morocco now go through 2087 instead of 2037, to ++ work around a problem on newlib when using TZif files output by ++ zic 2019a or earlier. (Problem reported by David Gauchard.) ++ ++ Changes to past and future timestamps ++ ++ Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30 ++ at 01:00. (Thanks to Sharef Mustafa and Even Scharning.) Guess ++ future transitions to be March's last Friday at 00:00. ++ ++ Changes to past timestamps ++ ++ Hong Kong's 1941-06-15 spring-forward transition was at 03:00, not ++ 03:30. Its 1945 transition from JST to HKT was on 11-18 at 02:00, ++ not 09-15 at 00:00. In 1946 its spring-forward transition was on ++ 04-21 at 00:00, not the previous day at 03:30. From 1946 through ++ 1952 its fall-back transitions occurred at 04:30, not at 03:30. ++ In 1947 its fall-back transition was on 11-30, not 12-30. ++ (Thanks to P Chan.) ++ ++ Changes to past time zone abbreviations ++ ++ Italy's 1866 transition to Rome Mean Time was on December 12, not ++ September 22. This affects only the time zone abbreviation for ++ Europe/Rome between those dates. (Thanks to Stephen Trainor and ++ Luigi Rosa.) ++ ++ Changes affecting metadata only ++ ++ Add info about the Crimea situation in zone1970.tab and zone.tab. ++ (Problem reported by Serhii Demediuk.) ++ ++ Changes to code ++ ++ zic's new -b option supports a way to control data bloat and to ++ test for year-2038 bugs in software that reads TZif files. ++ 'zic -b fat' and 'zic -b slim' generate larger and smaller output; ++ for example, changing from fat to slim shrinks the Europe/London ++ file from 3648 to 1599 bytes, saving about 56%. Fat and slim ++ files represent the same set of timestamps and use the same TZif ++ format as documented in tzfile(5) and in Internet RFC 8536. ++ Fat format attempts to work around bugs or incompatibilities in ++ older software, notably software that mishandles 64-bit TZif data ++ or uses obsolete TZ strings like "EET-2EEST" that lack DST rules. ++ Slim format is more efficient and does not work around 64-bit bugs ++ or obsolete TZ strings. Currently zic defaults to fat format ++ unless you compile with -DZIC_BLOAT_DEFAULT=\"slim\"; this ++ out-of-the-box default is intended to change in future releases ++ as the buggy software often mishandles timestamps anyway. ++ ++ zic no longer treats a set of rules ending in 2037 specially. ++ Previously, zic assumed that such a ruleset meant that future ++ timestamps could not be predicted, and therefore omitted a ++ POSIX-like TZ string in the TZif output. The old behavior is no ++ longer needed for current tzdata, and caused problems with newlib ++ when used with older tzdata (reported by David Gauchard). ++ ++ zic no longer generates some artifact transitions. For example, ++ Europe/London no longer has a no-op transition in January 1996. ++ ++ Changes to build procedure ++ ++ tzdata.zi now assumes zic 2017c or later. This shrinks tzdata.zi ++ by a percent or so. ++ ++ Changes to documentation and commentary ++ ++ The Makefile now documents the POSIXRULES macro as being obsolete, ++ and similarly, zic's -p POSIXRULES option is now documented as ++ being obsolete. Although the POSIXRULES feature still exists and ++ works as before, in practice it is rarely used for its intended ++ purpose, and it does not work either in the default reference ++ implementation (for timestamps after 2037) or in common ++ implementations such as GNU/Linux (for contemporary timestamps). ++ Since POSIXRULES was designed primarily as a temporary transition ++ facility for System V platforms that died off decades ago, it is ++ being decommissioned rather than institutionalized. ++ ++ New info on Bonin Islands and Marcus (thanks to Wakaba and Phake Nick). ++ ++ ++Release 2019a - 2019-03-25 22:01:33 -0700 ++ ++ Briefly: + Palestine "springs forward" on 2019-03-30 instead of 2019-03-23. + Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00. + +@@ -481,7 +575,7 @@ + The code is a bit more portable to MS-Windows. Installers can + compile with -DRESERVE_STD_EXT_IDS on MS-Windows platforms that + reserve identifiers like 'localtime'. (Thanks to Manuela +- Friedrich). ++ Friedrich.) + + Changes to documentation and commentary + +@@ -2276,7 +2370,7 @@ + warlord Jin Shuren in the data. + + Commentary about the coverage of each Russian zone has been standardized. +- (Thanks to Tim Parenti). ++ (Thanks to Tim Parenti.) + + There is new commentary about contemporary timekeeping in Ethiopia. + +@@ -2724,7 +2818,7 @@ + + Change the UT offset of Bern Mean Time from 0:29:44 to 0:29:46. + This affects Europe/Zurich timestamps from 1853 to 1894. (Thanks +- to Alois Treindl). ++ to Alois Treindl.) + + Change the date of the circa-1850 Zurich transition from 1849-09-12 + to 1853-07-16, overriding Shanks with data from Messerli about +@@ -3034,7 +3128,7 @@ + (Thanks to Arthur David Olson.) + + Improve the commentary about which districts observe what times +- in Russia. (Thanks to Oscar van Vlijmen and Arthur David Olson). ++ in Russia. (Thanks to Oscar van Vlijmen and Arthur David Olson.) + + Add web page links to tz.js. + +--- contrib/tzdata/africa.orig ++++ contrib/tzdata/africa +@@ -89,7 +89,7 @@ + Rule Algeria 1980 only - Oct 31 2:00 0 - + # Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's + # more precise 0:09:21. +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Algiers 0:12:12 - LMT 1891 Mar 15 0:01 + 0:09:21 - PMT 1911 Mar 11 # Paris Mean Time + 0:00 Algeria WE%sT 1940 Feb 25 2:00 +@@ -124,7 +124,7 @@ + # For now, ignore that and follow the 1911-05-26 Portuguese decree + # (see Europe/Lisbon). + # +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Atlantic/Cape_Verde -1:34:04 - LMT 1912 Jan 01 2:00u # Praia + -2:00 - -02 1942 Sep + -2:00 1:00 -01 1945 Oct 15 +@@ -135,7 +135,7 @@ + # See Africa/Lagos. + + # Chad +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Ndjamena 1:00:12 - LMT 1912 # N'Djamena + 1:00 - WAT 1979 Oct 14 + 1:00 1:00 WAST 1980 Mar 8 +@@ -151,7 +151,7 @@ + # See Africa/Lagos. + + # Côte d'Ivoire / Ivory Coast +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Abidjan -0:16:08 - LMT 1912 + 0:00 - GMT + Link Africa/Abidjan Africa/Bamako # Mali +@@ -356,7 +356,7 @@ + Rule Egypt 2014 only - Jul 31 24:00 1:00 S + Rule Egypt 2014 only - Sep lastThu 24:00 0 - + +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Cairo 2:05:09 - LMT 1900 Oct + 2:00 Egypt EE%sT + +@@ -414,7 +414,7 @@ + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S + Rule Ghana 1920 1942 - Sep 1 0:00 0:20 - + Rule Ghana 1920 1942 - Dec 31 0:00 0 - +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Accra -0:00:52 - LMT 1918 + 0:00 Ghana GMT/+0020 + +@@ -428,13 +428,13 @@ + # evidently confusing the date of the Portuguese decree + # (see Europe/Lisbon) with the date that it took effect. + # +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Bissau -1:02:20 - LMT 1912 Jan 1 1:00u + -1:00 - -01 1975 + 0:00 - GMT + + # Kenya +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Nairobi 2:27:16 - LMT 1928 Jul + 3:00 - EAT 1930 + 2:30 - +0230 1940 +@@ -469,7 +469,7 @@ + # Use the abbreviation "MMT" before 1972, as the more-accurate numeric + # abbreviation "-004430" would be one byte over the POSIX limit. + # +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Monrovia -0:43:08 - LMT 1882 + -0:43:08 - MMT 1919 Mar # Monrovia Mean Time + -0:44:30 - MMT 1972 Jan 7 # approximately MMT +@@ -519,7 +519,7 @@ + Rule Libya 1997 only - Oct 4 0:00 0 - + Rule Libya 2013 only - Mar lastFri 1:00 1:00 S + Rule Libya 2013 only - Oct lastFri 2:00 0 - +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Africa/Tripoli 0:52:44 - LMT 1920 + 1:00 Libya CE%sT 1959 + 2:00 - EET 1982 +@@ -629,7 +629,7 @@ + Rule Mauritius 1983 only - Mar 21 0:00 0 - + Rule Mauritius 2008 only - Oct lastSun 2:00 1:00 - + Rule Mauritius 2009 only - Mar lastSun 2:00 0 - +-# Zone NAME GMTOFF RULES FORMAT [UNTIL] ++# Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis + 4:00 Mauritius +04/+05 + # Agalega Is, Rodriguez +@@ -860,18 +860,24 @@ + # the week end after.... The government does not announce yet the decision + # about this temporary change. But it s 99% sure that it will be the case, + # as in previous years. An unofficial survey was done these days, showing +-# that 64% of asked peopke are ok for moving from +1 to +0 during Ramadan. ++# that 64% of asked people are ok for moving from +1 to +0 during Ramadan. + # https://leconomiste.com/article/1035870-enquete-l-economiste-sunergia-64-des-marocains-plebiscitent-le-gmt-pendant-ramadan ++ ++# From Naoufal Semlali (2019-04-16): ++# Morocco will be on GMT starting from Sunday, May 5th 2019 at 3am. ++# The switch to GMT+1 will occur on Sunday, June 9th 2019 at 2am.... ++# http://fr.le360.ma/societe/voici-la-date-du-retour-a-lheure-legale-au-maroc-188222 + # +-# From Paul Eggert (2018-11-01): +-# For now, guess that Morocco will fall back at 03:00 the last Sunday +-# before Ramadan, and spring forward at 02:00 the first Sunday after ++# From Paul Eggert (2019-05-20): ++# This agrees with our 2018-11-01 guess that the Moroccan government ++# would continue the practice of falling back at 03:00 the last Sunday ++# before Ramadan, and of springing forward at 02:00 the first Sunday after + # Ramadan, as this has been the practice since 2012. To implement this, +-# transition dates for 2019 through 2037 were determined by running the +-# following program under GNU Emacs 26.1. ++# transition dates for 2019 through 2087 were determined by running the ++# following program under GNU Emacs 26.2. + # (let ((islamic-year 1440)) + # (require 'cal-islam) +-# (while (< islamic-year 1460) ++# (while (< islamic-year 1511) + # (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year))) + # (b (calendar-islamic-to-absolute (list 10 1 islamic-year))) + # (sunday 0)) +@@ -970,8 +976,114 @@ + Rule Morocco 2036 only - Nov 23 2:00 0 - + Rule Morocco 2037 only - Oct 4 3:00 -1:00 - + Rule Morocco 2037 only - Nov 15 2:00 0 - ++Rule Morocco 2038 only - Sep 26 3:00 -1:00 - ++Rule Morocco 2038 only - Oct 31 2:00 0 - ++Rule Morocco 2039 only - Sep 18 3:00 -1:00 - ++Rule Morocco 2039 only - Oct 23 2:00 0 - ++Rule Morocco 2040 only - Sep 2 3:00 -1:00 - ++Rule Morocco 2040 only - Oct 14 2:00 0 - ++Rule Morocco 2041 only - Aug 25 3:00 -1:00 - ++Rule Morocco 2041 only - Sep 29 2:00 0 - ++Rule Morocco 2042 only - Aug 10 3:00 -1:00 - ++Rule Morocco 2042 only - Sep 21 2:00 0 - ++Rule Morocco 2043 only - Aug 2 3:00 -1:00 - ++Rule Morocco 2043 only - Sep 6 2:00 0 - ++Rule Morocco 2044 only - Jul 24 3:00 -1:00 - ++Rule Morocco 2044 only - Aug 28 2:00 0 - ++Rule Morocco 2045 only - Jul 9 3:00 -1:00 - ++Rule Morocco 2045 only - Aug 20 2:00 0 - ++Rule Morocco 2046 only - Jul 1 3:00 -1:00 - ++Rule Morocco 2046 only - Aug 5 2:00 0 - ++Rule Morocco 2047 only - Jun 23 3:00 -1:00 - ++Rule Morocco 2047 only - Jul 28 2:00 0 - ++Rule Morocco 2048 only - Jun 7 3:00 -1:00 - *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907030030.x630UHEu062257>