Date: Tue, 5 Feb 2019 18:38:28 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52797 - in head/share: security/advisories security/patches/EN-19:06 security/patches/EN-19:07 security/patches/SA-19:01 security/patches/SA-19:02 xml Message-ID: <201902051838.x15IcSka063131@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src,ports committer) Date: Tue Feb 5 18:38:28 2019 New Revision: 52797 URL: https://svnweb.freebsd.org/changeset/doc/52797 Log: Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-19:07.lle.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-19:02.fd.asc (contents, props changed) head/share/security/patches/EN-19:06/ head/share/security/patches/EN-19:06/dtrace.patch (contents, props changed) head/share/security/patches/EN-19:06/dtrace.patch.asc (contents, props changed) head/share/security/patches/EN-19:07/ head/share/security/patches/EN-19:07/lle.patch (contents, props changed) head/share/security/patches/EN-19:07/lle.patch.asc (contents, props changed) head/share/security/patches/SA-19:01/ head/share/security/patches/SA-19:01/syscall.11.2.patch (contents, props changed) head/share/security/patches/SA-19:01/syscall.11.2.patch.asc (contents, props changed) head/share/security/patches/SA-19:01/syscall.patch (contents, props changed) head/share/security/patches/SA-19:01/syscall.patch.asc (contents, props changed) head/share/security/patches/SA-19:02/ head/share/security/patches/SA-19:02/fd.patch (contents, props changed) head/share/security/patches/SA-19:02/fd.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:06.dtrace.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:06.dtrace Errata Notice + The FreeBSD Project + +Topic: DTrace incompatibility with SMAP-enabled systems + +Category: core +Module: dtrace +Announced: 2019-02-05 +Credits: Mateusz Guzik +Affects: FreeBSD 12.0 +Corrected: 2018-12-19 23:29:44 UTC (stable/12, 12.0-STABLE) + 2019-02-05 17:54:09 UTC (releng/12.0, 12.0-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +DTrace is a dynamic tracing framework that can be used to analyze the kernel +and userspace applications in various ways. + +II. Problem Description + +When tracing userspace applications, the kernel component of DTrace may need +to access userspace memory. With the addition of SMAP support to the amd64 +kernel, the kernel is not able to arbitrarily access userspace memory: it +must set a CPU flag to enable access. The code used by DTrace to perform +such accesses was not updated accordingly. + +III. Impact + +The problem means that certain DTrace actions do not work on SMAP-enabled +systems. This does not affect the application being traced. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for errata update" + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch +# fetch https://security.FreeBSD.org/patches/EN-19:06/dtrace.patch.asc +# gpg --verify dtrace.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r342267 +releng/12.0/ r343783 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:06.dtrace.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1WhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLzHA/+MVR5AHgEorzgRkpiqRzSlmbE6VyhF07lgY5CvRLFGp4mUbspZICcwtk5 +ZOeA8MuDFiLo1p6Fo2JykJ25ipxM+cCbMlx4jO5lILwq40bYfejHiYrmC/gdfR7/ +YcuNR3DpCw4llYIXFAcyw7SXG92jYNi9kKOSol7Fji8Zq2qDTSWTFqKsoJ2Pk3rJ +LfiQaekux00JlY3TOyt6QtPWSdlkhM4WAITWp4pUkGuNT/nIA2iED5N2ohgSraxa +dtBp/r8BHHbwog9wOQEHPIRN/Di7Kv02CZk13zJySmV+yZiPlR0YWZ4gI6i69cyD +rqTfO9kU2yjaqSBIFKMuGGysswZq7ii/+cULHuHVdJLuHDdh/9jZuI9O8VujGqVh +rU8THFHOtli/nGXNdPQP3jn84SDH7jPr1SgcFv1s3/FPHXVfZW9Uq558G9ZDujgg +pAtwMYiixMHpNr+j7qJr6DCTh22BR7FjYQg1iPVzIzgTYJ+I6ZH/cexVxXOS2S4T +O793AjmvOVaXsWB7tzhewTKVBam3upbRH7WmTMdD9z6dIlWtl6xKSgHvyarHVHpA +/y5H3VcK4suh/NIHlD+ln/hooFtmPIxsJnmInaXKq7Eg/C9mQx3x7h7qQFvWffD8 +cHOVGf3LCrH76unfc7AI7YafnD67Tgm09/sbgjVnScEpVW4E6Pc= +=3+kY +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-19:07.lle.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-19:07.lle.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-19:07.lle Errata Notice + The FreeBSD Project + +Topic: LLE table lookup code race condition + +Category: core +Module: net +Announced: 2019-02-05 +Credits: Mark Johnston +Affects: FreeBSD 12.0 +Corrected: 2019-01-25 20:24:53 UTC (stable/12, 12.0-STABLE) + 2019-02-05 17:59:50 UTC (releng/12.0, 12.0-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +A LLE (link layer entry) table stores information about hosts on a network +and is used to translate between network layer addresses and data link layer +addresses. The ARP cache, for example, is implemented using an LLE table. +LLEs typically expire after some period, so there exist mechanisms to +automatically remove them from their tables upon expiration. + +II. Problem Description + +The LLE table lookup code for IPv4 and IPv6 contains a race which results in +a condition where the expiry period of an LLE is extended after it has been +removed from the table and freed. By the time that the updated timer fires, +the LLE structure has been freed, and so the timer code is operating on freed +memory. + +III. Impact + +When the race is triggered, the result is typically a kernel panic. It may +otherwise cause undefined system behavior. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for errata update" + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch +# fetch https://security.FreeBSD.org/patches/EN-19:07/lle.patch.asc +# gpg --verify lle.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343454 +releng/12.0/ r343787 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234296>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:07.lle.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1XtfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIYyA/8Da9XcP30o/+jISmHXjSx+livOJKyPu5UTAm7Xw4Pg8j3GR2xblzAsWie +YAT56/V88yzeY+u/3UOWG2XNAViWlzBAsfrqphJEcMuGdTwslgVlVRpzLyQeh4hY +whDkvYzPmjcxuX8+Agj/Ytwo+Q35bSfGNhls2OBSHnkqNL7HNhFePUWm5oVnlczL +APHsknLRAAhZF8UYR+PdAT5x/9exLJStmGXdAeVT4HCfx8b/AvZ/lr3b4Jwa+8fq +tCAsISOTOftGsTTpwgtWDebJ4jJB2l71EBBlWuj76yColhK9k1zhacauK3lOxoEw +cpUHgLcY+ochSijBOZIw7IScVHvR05jry7VzL7oxe1oDn3HNkbTt6pwdNgL5ftzQ +Cv7vjMGLdSfr7QyAVc/nZhg1x0mBKu+Dj0leQ9ZcjedrB0CIwslhmMYdlTCYWksA +x06NwrPRzDohtnYM4n2KZBfPQw40vxsJLP8e+hnRpyliXWtOaYdw5GZoUcwublMZ +TU7Y1n8s1C5L5KuJoYgs9jLS48nXgcSZc9pxjyGRcFQTsk/A5y4sckWImFurU9AT +cYR3nHlaGJR/TZVNtR6sU1VhzunHg8ARlvoZivsFyVS7bUC+EIUzfQvZqHEUPycR +RwX+/exDyXQSvhQVfqT1ngLwQ8e/GutI8WZ1ZFy+T6Mh6jeacPQ= +=zCSg +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:01.syscall.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:01.syscall Security Advisory + The FreeBSD Project + +Topic: System call kernel data register leak + +Category: core +Module: kernel +Announced: 2019-02-05 +Credits: Konstantin Belousov +Affects: All supported versions of FreeBSD. +Corrected: 2019-02-05 17:52:06 UTC (stable/12, 12.0-STABLE) + 2019-02-05 18:05:05 UTC (releng/12.0, 12.0-RELEASE-p3) + 2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE) + 2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9) +CVE Name: CVE-2019-5595 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The FreeBSD/amd64 architecture defines the SYSCALL instruction for syscalls, +and uses registers calling conventions for passing syscalls arguments and +return values in addition to the registers usage imposed by the SYSCALL and +SYSRET instructions in long mode. In particular, the arguments are passed in +registers specified by the C ABI, and the content of the registers specified +as caller-save, is undefined after the return from syscall. + +II. Problem Description + +The callee-save registers are used by kernel and for some of them (%r8, %r10, +and for non-PTI configurations, %r9) the content is not sanitized before +return from syscalls, potentially leaking sensitive information. + +III. Impact + +Typically an address of some kernel data structure used in the syscall +implementation, is exposed. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10m "Rebooting for security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.patch.asc +# gpg --verify syscall.patch.asc + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch +# fetch https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch.asc +# gpg --verify syscall.patch.11.2.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343781 +releng/12.0/ r343788 +stable/11/ r343782 +releng/11.2/ r343789 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5595>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1X9fFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKPZBAAlwCVtNNIuq0s8FB9LjLaVJww1WWmbVJbhw1TJyBV2yRCkWwGDLag3dJ0 +EH8HwpWeL41lppjFeL6OMDZ2+wUnuShv3pAUGwodSRXsKWsp+aWqMPcNJifkVPxs +DENrziUHnXkbOnbnP25eA12j0ztCz8FjKoDh+wrjuY4BL8jzBK4ZJtmYaubrFEcD +GDStnEcvCNYDK8tf0rUW2lpv4oStTex5gFpZALPjq0g28kHPuctYzoOXOf9/So1i +0kwdstsIdgydsDCHv5nXij7IDohNo+5KEJuee1cIptKftmxPLuonXyP0PiO3WA0h +XQck1BbM5ENNm/0SOExctcqS+APXLf/VPhd2JwUPszRcYBV40pdqchkihoRXAKHs +Dthv+9k9KrgwUO0wsrOvIzK8vjnVC2unUCXnFNX3OD2pfxCjKvl1grKQ2lAsP4Pu +aP2VgPZyHbFKWQdOGaqOtM94CzXseXyYN3hgkNq+gPgDjkd7Xw8q5vu8d2QY/aYj +Re4aEfUOzf9S22SQT9g4kx2QfEnUuJnnae3BMeBqWGngtQ7TnTHWrw3wGhxxC2S8 +iou+BzeCv9MRn74Fpzr/xnGRUwT+0wFJVd9N9QdpErRA59oo6X4TXNl6AvKHvxY7 +1UurBJ5MqUGUUIeJg8Qv5HpgJML3BiotDbk+LwmMx7T2IL1dJdk= +=Aktj +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-19:02.fd.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-19:02.fd.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-19:02.fd Security Advisory + The FreeBSD Project + +Topic: File description reference count leak + +Category: core +Module: unix +Announced: 2019-02-05 +Credits: Peter Holm +Affects: FreeBSD 12.0 +Corrected: 2019-02-05 17:56:22 UTC (stable/12, 12.0-STABLE) + 2019-02-05 18:11:15 UTC (releng/12.0, 12.0-RELEASE-p3) + 2019-02-05 17:57:30 UTC (stable/11, 11.2-STABLE) +CVE Name: CVE-2019-5596 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +UNIX-domain sockets are used for inter-process communication. It is +possible to use UNIX-domain sockets to transfer rights, encoded as file +descriptors, to another process. + +II. Problem Description + +FreeBSD 12.0 attempts to handle the case where the receiving process does +not provide a sufficiently large buffer for an incoming control message +containing rights. In particular, to avoid leaking the corresponding +descriptors into the receiving process' descriptor table, the kernel handles +the truncation case by closing descriptors referenced by the discarded +message. + +The code which performs this operation failed to release a reference obtained +on the file corresponding to a received right. This bug can be used to cause +the reference counter to wrap around and free the file structure. + +III. Impact + +A local user can exploit the bug to gain root privileges or escape from +a jail. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +30 "Rebooting for security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.0] +# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch +# fetch https://security.FreeBSD.org/patches/SA-19:02/fd.patch.asc +# gpg --verify fd.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r343785 +releng/12.0/ r343790 +stable/11/ r343786 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5596>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1YFfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK7+w/+JeFIVM0QQC1R4wJFmT3bBaRumxGCx5PN5Ufe7ub/ztwsKQKJeps1aiS3 +fzw3Ck1K7+joeG+cNwZNihmAyEa2Hgk+FDhQBX531yrwF1jQ2A2oKGfkhs5e02Ng +k16MV9pVlNP1zQ3wFVBjFCCvBuVJ0A8XTxALY7ivZlj2edgSH1eL4SaP1mrSD2Xu +pR2amN7WkAaIqvATK0VkWjYp6kUXtI8CBtdP3hpKz88rpYoZfWxupqtghnxgjIqt +iuTOhbemvYuBvB+ErbtU/6Z4ffoHt9Csrk2MM56/RZRwyHmtC4CFqtxClrUpOoa2 +2OcEbR8cZyEardSES78UBjbTwlOTVd5F4o86Q1bKytHjI72ycB5yKZkyiHmdJCjs +EhlaDC/rnHxdYGvBuiLqFcNU5tJiGawZZwyozCQz67dGD89QzKQurKEWQ1YJvMsW +ZwwJRSHrllUyJQBdqV/R3Qoaz2koeE9633jtqHDdUYKCZAgeFdic/6u9r4Rx2Nj5 +JpTZU01bwvxNZPf35WbI2L+JbygR40b3FYbZ3skBqZylp+EkPGPxGpHGAxdKWeOy +rzGBukIuWnLy9pmJ574oTZymw8Psvu2DJL3Csngak1HkcA9mA5vjnDBvk9mvqTgo +YCfCewlfFwVa/exSK3q5oI9hxse0KvQI4cH2+c2b7NDMS9+DpTY= +=pr7t +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:06/dtrace.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:06/dtrace.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,256 @@ +--- sys/cddl/dev/dtrace/amd64/dtrace_asm.S.orig ++++ sys/cddl/dev/dtrace/amd64/dtrace_asm.S +@@ -208,7 +208,7 @@ + void + dtrace_copy(uintptr_t src, uintptr_t dest, size_t size) + */ +- ENTRY(dtrace_copy) ++ ENTRY(dtrace_copy_nosmap) + pushq %rbp + movq %rsp, %rbp + +@@ -218,14 +218,28 @@ + smovb /* move from %ds:rsi to %ed:rdi */ + leave + ret +- END(dtrace_copy) ++ END(dtrace_copy_nosmap) + ++ ENTRY(dtrace_copy_smap) ++ pushq %rbp ++ movq %rsp, %rbp ++ ++ xchgq %rdi, %rsi /* make %rsi source, %rdi dest */ ++ movq %rdx, %rcx /* load count */ ++ stac ++ repz /* repeat for count ... */ ++ smovb /* move from %ds:rsi to %ed:rdi */ ++ clac ++ leave ++ ret ++ END(dtrace_copy_smap) ++ + /* + void + dtrace_copystr(uintptr_t uaddr, uintptr_t kaddr, size_t size, + volatile uint16_t *flags) + */ +- ENTRY(dtrace_copystr) ++ ENTRY(dtrace_copystr_nosmap) + pushq %rbp + movq %rsp, %rbp + +@@ -248,56 +262,121 @@ + leave + ret + +- END(dtrace_copystr) ++ END(dtrace_copystr_nosmap) + ++ ENTRY(dtrace_copystr_smap) ++ pushq %rbp ++ movq %rsp, %rbp ++ ++ stac ++0: ++ movb (%rdi), %al /* load from source */ ++ movb %al, (%rsi) /* store to destination */ ++ addq $1, %rdi /* increment source pointer */ ++ addq $1, %rsi /* increment destination pointer */ ++ subq $1, %rdx /* decrement remaining count */ ++ cmpb $0, %al ++ je 2f ++ testq $0xfff, %rdx /* test if count is 4k-aligned */ ++ jnz 1f /* if not, continue with copying */ ++ testq $CPU_DTRACE_BADADDR, (%rcx) /* load and test dtrace flags */ ++ jnz 2f ++1: ++ cmpq $0, %rdx ++ jne 0b ++2: ++ clac ++ leave ++ ret ++ ++ END(dtrace_copystr_smap) ++ + /* + uintptr_t + dtrace_fulword(void *addr) + */ +- ENTRY(dtrace_fulword) ++ ENTRY(dtrace_fulword_nosmap) + movq (%rdi), %rax + ret +- END(dtrace_fulword) ++ END(dtrace_fulword_nosmap) + ++ ENTRY(dtrace_fulword_smap) ++ stac ++ movq (%rdi), %rax ++ clac ++ ret ++ END(dtrace_fulword_smap) ++ + /* + uint8_t + dtrace_fuword8_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword8_nocheck) ++ ENTRY(dtrace_fuword8_nocheck_nosmap) + xorq %rax, %rax + movb (%rdi), %al + ret +- END(dtrace_fuword8_nocheck) ++ END(dtrace_fuword8_nocheck_nosmap) + ++ ENTRY(dtrace_fuword8_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movb (%rdi), %al ++ clac ++ ret ++ END(dtrace_fuword8_nocheck_smap) ++ + /* + uint16_t + dtrace_fuword16_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword16_nocheck) ++ ENTRY(dtrace_fuword16_nocheck_nosmap) + xorq %rax, %rax + movw (%rdi), %ax + ret +- END(dtrace_fuword16_nocheck) ++ END(dtrace_fuword16_nocheck_nosmap) + ++ ENTRY(dtrace_fuword16_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movw (%rdi), %ax ++ clac ++ ret ++ END(dtrace_fuword16_nocheck_smap) ++ + /* + uint32_t + dtrace_fuword32_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword32_nocheck) ++ ENTRY(dtrace_fuword32_nocheck_nosmap) + xorq %rax, %rax + movl (%rdi), %eax + ret +- END(dtrace_fuword32_nocheck) ++ END(dtrace_fuword32_nocheck_nosmap) + ++ ENTRY(dtrace_fuword32_nocheck_smap) ++ stac ++ xorq %rax, %rax ++ movl (%rdi), %eax ++ clac ++ ret ++ END(dtrace_fuword32_nocheck_smap) ++ + /* + uint64_t + dtrace_fuword64_nocheck(void *addr) + */ +- ENTRY(dtrace_fuword64_nocheck) ++ ENTRY(dtrace_fuword64_nocheck_nosmap) + movq (%rdi), %rax + ret +- END(dtrace_fuword64_nocheck) ++ END(dtrace_fuword64_nocheck_nosmap) + ++ ENTRY(dtrace_fuword64_nocheck_smap) ++ stac ++ movq (%rdi), %rax ++ clac ++ ret ++ END(dtrace_fuword64_nocheck_smap) ++ + /* + void + dtrace_probe_error(dtrace_state_t *state, dtrace_epid_t epid, int which, +--- sys/cddl/dev/dtrace/amd64/dtrace_isa.c.orig ++++ sys/cddl/dev/dtrace/amd64/dtrace_isa.c +@@ -37,6 +37,7 @@ + #include <machine/md_var.h> + #include <machine/reg.h> + #include <machine/stack.h> ++#include <x86/ifunc.h> + + #include <vm/vm.h> + #include <vm/vm_param.h> +@@ -664,3 +665,70 @@ + } + return (dtrace_fuword64_nocheck(uaddr)); + } ++ ++/* ++ * ifunc resolvers for SMAP support ++ */ ++void dtrace_copy_nosmap(uintptr_t, uintptr_t, size_t); ++void dtrace_copy_smap(uintptr_t, uintptr_t, size_t); ++DEFINE_IFUNC(, void, dtrace_copy, (uintptr_t, uintptr_t, size_t), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_copy_smap : dtrace_copy_nosmap); ++} ++ ++void dtrace_copystr_nosmap(uintptr_t, uintptr_t, size_t, volatile uint16_t *); ++void dtrace_copystr_smap(uintptr_t, uintptr_t, size_t, volatile uint16_t *); ++DEFINE_IFUNC(, void, dtrace_copystr, (uintptr_t, uintptr_t, size_t, ++ volatile uint16_t *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_copystr_smap : dtrace_copystr_nosmap); ++} ++ ++uintptr_t dtrace_fulword_nosmap(void *); ++uintptr_t dtrace_fulword_smap(void *); ++DEFINE_IFUNC(, uintptr_t, dtrace_fulword, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fulword_smap : dtrace_fulword_nosmap); ++} ++ ++uint8_t dtrace_fuword8_nocheck_nosmap(void *); ++uint8_t dtrace_fuword8_nocheck_smap(void *); ++DEFINE_IFUNC(, uint8_t, dtrace_fuword8_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword8_nocheck_smap : dtrace_fuword8_nocheck_nosmap); ++} ++ ++uint16_t dtrace_fuword16_nocheck_nosmap(void *); ++uint16_t dtrace_fuword16_nocheck_smap(void *); ++DEFINE_IFUNC(, uint16_t, dtrace_fuword16_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword16_nocheck_smap : dtrace_fuword16_nocheck_nosmap); ++} ++ ++uint32_t dtrace_fuword32_nocheck_nosmap(void *); ++uint32_t dtrace_fuword32_nocheck_smap(void *); ++DEFINE_IFUNC(, uint32_t, dtrace_fuword32_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword32_nocheck_smap : dtrace_fuword32_nocheck_nosmap); ++} ++ ++uint64_t dtrace_fuword64_nocheck_nosmap(void *); ++uint64_t dtrace_fuword64_nocheck_smap(void *); ++DEFINE_IFUNC(, uint64_t, dtrace_fuword64_nocheck, (void *), static) ++{ ++ ++ return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? ++ dtrace_fuword64_nocheck_smap : dtrace_fuword64_nocheck_nosmap); ++} Added: head/share/security/patches/EN-19:06/dtrace.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:06/dtrace.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI/AQ//b3+UzDH6VXWyY0YODzxG/WxNZ97OvT3uVxWBXRU8KGpmXGnzqzAzxNtZ +c1JHpZi2pxfxzFxnA0eLYDK/D6pcjvxTB7CPQVJqCXXibEVQepBSnuTEWCBD8EkR +vDVVKid1aoMVofvtjQ+OGcYkOMgrrlN6eeL3voM8rrrIahupLyeSjfHdXItpI8Qx +XXNwUvMNaVNlLhymas0Gpcy/iPcXbU5dQnZbzAg9U+nTGhKIuLqkouvswTzeist8 +B6i8YHM+phiCxKMJ7f4pDLD29Eb+sDPqVUt6DL8Av10jVGw2NphXIrZplodzJYft +MZIdSDbxu9Q745EK8W60aeiIVEJxA1mIKjYhcJyCmELK29HthsuL0gUnSzruKhkD +ZawH/sC7jI+QTXTT3cHXZleVYSd6FS+1S12EGskoWfrqi94ymyA4FBP135OfPMSq +NOy+aKLNssGFlw5qyzvJirbt6Au6qI1mxVh0z6ljxskZU9DX6hoeboLZrDrTHco9 +3DHAOaSmajolFAeuMEDAuh+n4EpslzCfmies/ra/pHRR1rAcisNzgdzoBe4IMdGq +qWEiiWnd7NNUkG4FFnD8ChiCm4cEoB7oG0vXk8iaCqT4R0O/dqqvQAKZLb4pU8Vq +siAQutL5TgXvVg0faGsfekecZAa+F816zBgt0V5flmAdYlNeZyY= +=e48g +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-19:07/lle.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:07/lle.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,81 @@ +--- sys/netinet/in.c.orig ++++ sys/netinet/in.c +@@ -1372,15 +1372,13 @@ + IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); + KASSERT(l3addr->sa_family == AF_INET, + ("sin_family %d", l3addr->sa_family)); ++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) != ++ (LLE_UNLOCKED | LLE_EXCLUSIVE), ++ ("wrong lle request flags: %#x", flags)); ++ + lle = in_lltable_find_dst(llt, sin->sin_addr); +- + if (lle == NULL) + return (NULL); +- +- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) != +- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X", +- flags)); +- + if (flags & LLE_UNLOCKED) + return (lle); + +@@ -1389,6 +1387,17 @@ + else + LLE_RLOCK(lle); + ++ /* ++ * If the afdata lock is not held, the LLE may have been unlinked while ++ * we were blocked on the LLE lock. Check for this case. ++ */ ++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) { ++ if (flags & LLE_EXCLUSIVE) ++ LLE_WUNLOCK(lle); ++ else ++ LLE_RUNLOCK(lle); ++ return (NULL); ++ } + return (lle); + } + +--- sys/netinet6/in6.c.orig ++++ sys/netinet6/in6.c +@@ -2311,16 +2311,13 @@ + IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); + KASSERT(l3addr->sa_family == AF_INET6, + ("sin_family %d", l3addr->sa_family)); ++ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) != ++ (LLE_UNLOCKED | LLE_EXCLUSIVE), ++ ("wrong lle request flags: %#x", flags)); + + lle = in6_lltable_find_dst(llt, &sin6->sin6_addr); +- + if (lle == NULL) + return (NULL); +- +- KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) != +- (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X", +- flags)); +- + if (flags & LLE_UNLOCKED) + return (lle); + +@@ -2328,6 +2325,18 @@ + LLE_WLOCK(lle); + else + LLE_RLOCK(lle); ++ ++ /* ++ * If the afdata lock is not held, the LLE may have been unlinked while ++ * we were blocked on the LLE lock. Check for this case. ++ */ ++ if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) { ++ if (flags & LLE_EXCLUSIVE) ++ LLE_WUNLOCK(lle); ++ else ++ LLE_RUNLOCK(lle); ++ return (NULL); ++ } + return (lle); + } + Added: head/share/security/patches/EN-19:07/lle.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-19:07/lle.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1ZxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIIIhAAiMgGjXcETkoTyrua/GEu5jy1Kf0NAPnNdGDPk1bqtpMTzBIAxC6VXPkM +03bMsAaVNQLYtLPevB/uVnc2Qkr/uZNFv0L4XaGNqvL2FYqq7Fy8g9lkxXSphZ78 +gf1PVDVsHQ4Vwou9mYeGMetVwdil27p1OorT3f1y9nk8VM6m0HQgPGl5bYJjG8Se +IfiT7j0RwHkXkt9ODJL17Cs0+VjCoKZ9fTN4hWy22sLHT2ZJYLIt6zdvTK1qp6gT +IYifpEmckCiDNoL/AOrbGknG3FkbaEbwb5TV7BOjt9UiKRfKGoxxyxe6RusTwhUy +ZScuAqVtY1zRR2k6RqA0RVxGsqkbqdmxz+NUUtMn/8jzvOxPXyWPrD63Xex6rOqC +B47tpsQzozC6Xuk64EtZuEe5TOVCzQul3CRFpnbJttc/NSfSGc9sLyz/3fA8xI2e +WXBQhXI4z1zwpUQRedFU5FMKI272I3H0DtjYx/MyxUP5BTyycPbj4n7+X2pTdwi5 +/HSRBprO6dnKi4MZAzIJDRTbTJzu8DaNCfJQKt95wGBwZWPPX3lCl5n/iqkyXDra +0FDrB3N0YFKmtwCAktZazotAIejANmcdqrNaR72s2KxzzLdEzLJGLLy6giOJQvqd +aYmmGORxypiE0Y4KcuNWDpFqYYOwyLMydZro5QSygz0nVAgsPhU= +=PZ6a +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:01/syscall.11.2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.11.2.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,19 @@ +--- sys/amd64/amd64/exception.S.orig ++++ sys/amd64/amd64/exception.S +@@ -496,12 +496,14 @@ + movq TF_RFLAGS(%rsp),%r11 /* original %rflags */ + movq TF_RIP(%rsp),%rcx /* original %rip */ + movq TF_RSP(%rsp),%rsp /* user stack pointer */ ++ xorl %r8d,%r8d /* zero the rest of GPRs */ ++ xorl %r10d,%r10d + cmpb $0,pti + je 2f + movq PCPU(UCR3),%r9 + movq %r9,%cr3 +- xorl %r9d,%r9d +-2: swapgs ++2: xorl %r9d,%r9d ++ swapgs + sysretq + + 3: /* AST scheduled. */ Added: head/share/security/patches/SA-19:01/syscall.11.2.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.11.2.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1eBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKpCBAAgWL2O3tUpnwwvUIpEAKhIwNaWMqhTH8OyIF5dM8YrZlAYCc7twoPr6Y3 +2ojEMEihgC3B3+5flWZyp6Xxdni65Dpy6NcbgqiXJhbI30htC6TzETm2vhtderam +wnz7B3dmpYtdNBJpRow3kGiLKv6zZ7gG720EuhVKgPjHx+5U4FXzpBazz8cEfz4U +8F9amyqqe/7hf7kTbjBF7TZ90FpN/Uoe7FCF58L6UB8c3TYvpdfRSQMNg8ODuDIP +kLV04/QVgoZKtT3MoRhmVgkpSCYYy1/j7KfZqmx08teW+6OjISbCTotS3DgHQD0Y +sBB+GtvWxzuZjThWyIGQiDUztdyHrqYZbG5q7XFQMRpPjD7WC6MWRxeIgcLn5gjW +RVVO6WhBEeFi+uTeSnpQUhMERkwJEBg3VzqeXQ5j6eR1xB3hZynJTl9uqMac4GK3 +K8xSoi4pS0VwOJnmu1iXqkUIrS9xSuSak1x/9dk5K6j+bbMXa1kGAJ808c8PQZ0g +joqgdJjPeekK0e5U88QQ1aT4lwxBGGxdJVCPFYO55r3AzuDLT1Yo74ksn3mS4v1J +vWE23qQo4v4iIpp0IESHL0TyFffD3vy1FRmmYwS+hZCiOOQBxgx8d0Cl0wMZn3KF +Cae6mlauAgltuj2cNCjVTZ0mb+D3YU74mwUhLU4Tc8XVYrgh8Sw= +=VDU6 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-19:01/syscall.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.patch Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,19 @@ +--- sys/amd64/amd64/exception.S.orig ++++ sys/amd64/amd64/exception.S +@@ -521,12 +521,14 @@ + movq TF_RFLAGS(%rsp),%r11 /* original %rflags */ + movq TF_RIP(%rsp),%rcx /* original %rip */ + movq TF_RSP(%rsp),%rsp /* user stack pointer */ ++ xorl %r8d,%r8d /* zero the rest of GPRs */ ++ xorl %r10d,%r10d + cmpq $~0,PCPU(UCR3) + je 2f + movq PCPU(UCR3),%r9 + movq %r9,%cr3 +- xorl %r9d,%r9d +-2: swapgs ++2: xorl %r9d,%r9d ++ swapgs + sysretq + + 3: /* AST scheduled. */ Added: head/share/security/patches/SA-19:01/syscall.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-19:01/syscall.patch.asc Tue Feb 5 18:38:28 2019 (r52797) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlxZ1hJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJbrA//fheN3NfAhxlgRjYwFa6WvhJgHFqoNnwWZLKwUmGdlJCIpdb6o/0FiWVw +dfH5hSUibY7+vVGYyjcMNnU2BwDFcrQJbzFK7qz8zkDX4sH5RujkGcuacIe71Ny0 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902051838.x15IcSka063131>