Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Jan 2019 19:17:55 +0000 (UTC)
From:      Gordon Tetlow <gordon@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r52756 - in head/share: security/advisories security/patches/EN-19:01 security/patches/EN-19:02 security/patches/EN-19:03 security/patches/EN-19:04 security/patches/EN-19:05 xml
Message-ID:  <201901091917.x09JHtSB026034@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: gordon (src,ports committer)
Date: Wed Jan  9 19:17:54 2019
New Revision: 52756
URL: https://svnweb.freebsd.org/changeset/doc/52756

Log:
  Add EN-19:01 through EN-19:05.
  
  Approved by:	so

Added:
  head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc   (contents, props changed)
  head/share/security/patches/EN-19:01/
  head/share/security/patches/EN-19:01/cc_cubic.patch   (contents, props changed)
  head/share/security/patches/EN-19:01/cc_cubic.patch.asc   (contents, props changed)
  head/share/security/patches/EN-19:02/
  head/share/security/patches/EN-19:02/tcp.patch   (contents, props changed)
  head/share/security/patches/EN-19:02/tcp.patch.asc   (contents, props changed)
  head/share/security/patches/EN-19:03/
  head/share/security/patches/EN-19:03/sqlite-11.patch   (contents, props changed)
  head/share/security/patches/EN-19:03/sqlite-11.patch.asc   (contents, props changed)
  head/share/security/patches/EN-19:03/sqlite-12.patch   (contents, props changed)
  head/share/security/patches/EN-19:03/sqlite-12.patch.asc   (contents, props changed)
  head/share/security/patches/EN-19:04/
  head/share/security/patches/EN-19:04/tzdata-2018i.patch   (contents, props changed)
  head/share/security/patches/EN-19:04/tzdata-2018i.patch.asc   (contents, props changed)
  head/share/security/patches/EN-19:05/
  head/share/security/patches/EN-19:05/kqueue.patch   (contents, props changed)
  head/share/security/patches/EN-19:05/kqueue.patch.asc   (contents, props changed)
Modified:
  head/share/xml/notices.xml

Added: head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:01.cc_cubic.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:01.cc_cubic                                       Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Connection stalls with CUBIC congestion control
+
+Category:       core
+Module:         tcp
+Announced:      2019-01-09
+Credits:        Matt Garber, Hiren Panchasara
+Affects:        FreeBSD 12.0
+Corrected:      2018-12-17 21:46:42 UTC (stable/12, 12.0-STABLE)
+                2019-01-09 18:38:35 UTC (releng/12.0, 12.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+CUBIC is a modern congestion control algorithm for the Transmission Control
+Protocol (TCP), which along with its predecessor BIC TCP is specifically
+optimized for high bandwidth, high latency networks.  It is widely
+implemented across a variety of operating systems, and is the default TCP
+implementation or enabled by default in recent versions of Linux and
+Microsoft Windows.  CUBIC is available as an alternate congestion control
+algorithm since FreeBSD 9.0 using the cc_cubic module.
+
+II.  Problem Description
+
+Changes to the cc_cubic module in FreeBSD 12.0 can cause network stuttering
+or connection stalls when loaded and enabled as default.
+
+III. Impact
+
+FreeBSD 12.0 systems loading cc_cubic and setting non-default sysctl value
+net.inet.tcp.cc.algorithm=cubic exhibit stuttering and complete stalls of
+network connections.  Under certain conditions, this may cause loss of system
+availability over the network or service unreachability.
+
+IV.  Workaround
+
+Disabling cc_cubic and selecting one of the alternate included congestion
+control algorithms (e.g., newreno, htcp) will restore normal network
+connectivity and alleviate stuttering and stalls.  Note that disabling CUBIC
+may cause a reduction in expected performance based on specific, unique
+network condition characteristics and the module used as a workaround.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for FreeBSD errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch.asc
+# gpg --verify cc_cubic.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r342181
+releng/12.0/                                                      r342893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:01.cc_cubic.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rb5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJGyRAAnpturBqU4XIZMdvInaVHOXA5P6KemeFuJkwz/aMtIbgefm49lvZVS4q6
+RO8/GytONX1OHaoJQDdincVfRbe9x+ID+ulCJfSLuZMhjLYpxDQJo9d4NWZtvpBn
+3wJNEQEXB0AjrYUOrebiT7yd3zA4f+7zSHu0Uvq4k5Tk0Xxsqxsx3/MG5ezEmdxx
+IWub1RnYvgmUVJBKn/C5A4v17dE12VnZtLrnfhZ4K3U3mVZYc3cJxF34wSscVqYd
+iAsntF786FV+hAXBX7wHa3JIqe+uXE2uemrquNmxgup+zrbVWPWPirgku2TVcvsm
+m9aQILNc9RvJ/XkViLV8+ypqCymBFsl3VhO3dzmOnsbL72G9rqjQtgdYWT2dp69p
+VyU4EWsTULXIbIBNxyrYhinT+DAqyt8bdrtyT3AhcVJaVk5B5APWnXiwjgS4mPN9
+hf2mCjZw10tJgsqYYrBlTERomgHU/pyliu0Rt2sof5+iGArbe7ZhEorHrM7YhD9n
+Hc+3oNzA0dYDStJQpEb4rJ7dEKP/mpppwIosMhPbku6u3ViafCJVq2dIGNQpDope
+Mh00Kk7cY0o3Rukw2lGNc9vDbIyUSqT/jV4lBDhp4k5ilQynvkMZETLlynI+KQUH
+J2uOOvYzkIZLzZyXtaQfkmrkV6DxzmjxDsqwiMz5DB7o70w/M54=
+=e8Wg
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:02.tcp.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:02.tcp                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          TCP connections may stall and eventually fail in case of
+                packet loss
+
+Category:       core
+Module:         kernel
+Announced:      2019-01-09
+Credits:        Michael Tuexen
+Affects:        FreeBSD 12.0
+Corrected:      2018-12-23 09:48:36 UTC (stable/12, 12.0-STABLE)
+                2019-09-09 18:42:40 UTC (releng/12.0, 12.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The TCP stack limits the resources used for TCP connections.  Once a limit
+is reached, further received TCP segments for the TCP connection are dropped.
+
+II.  Problem Description
+
+To continue delivering data to the application, accepting the TCP segment
+with the next expected sequence number is required.  If this TCP segment is
+dropped due to a resource limit, no further progress can be made. Therefore
+exceptions for this particular TCP segment have to be implemented.
+
+III. Impact
+
+In case of lost TCP segments, TCP connections may stall and then eventually
+fail.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Afterward, reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterward, reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:02/tcp.patch.asc
+# gpg --verify tcp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r342378
+releng/12.0/                                                      r342894
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:02.tcp.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rc1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJtnxAAgOIJjP9Dg76onxJUPJWiKTAR5VZeZ8od0RJREIeZMUpgFiVUVH82fr8z
+ajAzGZbVFhEgFvYwQRU4R/MokNqONoG1O3YPdjcMFyW5HPBoAG+9h67qD3CtLgTN
+xnXMR72ed83oY8ts1WSfYVAKF+9X6U5G6FtchBgAhap2k9tI22QKiEmTTmqzUnoy
+ddLZatOyKmig8MZKshMmleEpvU+BoYR66d2K9CYxcjHqgNNJOQwQK6yLR3oX41Z9
+n5Akkg/KC7wD02CPFjmO9008ZC4fFiQ8D4eGt9D/lPI4AzLcfkvRdzt5CjMlamXm
+Rjf2H5/2f4iYSXiEi2wkChFJHh+MQuYgcfTqRJdNB0qf3DbLwTL5wULfrMVNn7LU
+rLHd8CNRTN4+d+//p7nZ/atFbuLjJE08YFqE2ODcMa8eJFaY09/+X+NMIqO6AdTE
+hGzqDuiVmI/1MSFjD7dxUotw6Y2iRf+DiLx+JUmb0L+C0FXfl/u8x1ErYbzuLyyL
+vD1qb66fDuuSC8aNWO6Qv55bBWAhYhO668CQwfmvEgree72ShbzJPEn3vUN2dIX4
+zg0kTs30QOlizAT2lxQchiPBKkQ+IExPurTT7lW0cZ5PID8y/FSKl49yeQo/nhrD
+j/vnF7yMgc6roCyasNlREdi20yTYbp2PItfhaSXWVrtYAFN1jNc=
+=3a3w
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:03.sqlite.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:03.sqlite                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          sqlite update
+
+Category:       contrib
+Module:         sqlite3
+Announced:      2019-01-09
+Credits:        Cy Schubert
+Affects:        All supported versions of FreeBSD.
+Corrected:      2018-12-21 01:58:01 UTC (stable/12, 12.0-STABLE)
+                2019-01-09 18:47:10 UTC (releng/12.0, 12.0-RELEASE-p2)
+                2018-12-21 02:04:15 UTC (stable/11, 11.2-STABLE)
+                2019-01-09 18:50:27 UTC (releng/11.2, 11.2-RELEASE-p8)
+CVE Name:       CVE-2018-20346, CVE-2018-20505, CVE-2018-20506
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+SQLite is an SQL database engine in a C library.  Programs that link the
+SQLite library can have SQL database access without running a separate RDBMS
+process.  The distribution comes with a standalone command-line access
+program (sqlite3) that can be used to administer an SQLite database and which
+serves as an example of how to use the SQLite library.
+
+II.  Problem Description
+
+According to https://blade.tencent.com/magellan/index_en.html, the
+vulnerabilities known as Magellan are a group vulnerabilities that exist
+in sqlite3, documented by CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506.
+
+When the FTS3 extension is enabled an integer overflow resulting in a buffer
+overflow when allowing remote attackers to run arbitrary SQL statements which
+can be leveraged to execute arbitrary code.
+
+III. Impact
+
+The vulnerabilities were discovered by Tencent Blade Team and verified to be
+able to successfully implement remote code execution in Chromium browsers.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-11.patch.asc
+# gpg --verify sqlite-11.patch.asc
+
+[FreeBSD 12.0]
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:03/sqlite-12.patch.asc
+# gpg --verify sqlite-12.patch.asc
+
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r342291
+releng/12.0/                                                      r342895
+stable/11/                                                        r342292
+releng/11.2/                                                      r342896
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://blade.tencent.com/magellan/index_en.html>;
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234113>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:03.sqlite.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdFfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLtJg/9EM0jQbTBrSgVy5X1AyQ2rcFz9KbjtA0L48wOuOLiAh7eeYxh4Wxuz9k1
+QnEJavMbpVr71yhmt6maEAbRzyGUvemDh4vlu0wjcYSlEzcvk7xaRzfXimippxky
+GumFBCvs7UKDIiGRr62ukmxu3FgfEaTM/Cc4bNcuV5k4za+DWIGTu+97i0+B2ieX
+/IZ5hQq42w1YIUY5QOy2vj87rnQf2t+uShcBjRg8HsnPsG9BfQfI8vfuWjjtaKMI
+iva++F5UJWcsykjZo5J3aaZFxnHsW2hs3buQN+AhoEt7oKdGquOHdweSw8xtSlp9
+3Y+qj+veD7u4Mt95OtnYrJOg8Kynlrzg5uMDbNGbyqktbxfpi2gqBbPEVmx2+nGj
+Aj9PDSHMliBZsVKvr1opExfYp4HL0LB9Kqhato08lFxs05TUxiT6LRcel/iXiIfl
+vCqfWhKJYVZ+alAW+Kjic6iWw7AtmVLbV64dDu03jxS/14RtRp1Hbk1BRCrnJeLn
+sLSdFj6bi2mQx6OXAd9G9jhReoxylyZwRXyhPSsPG1E4mzX6ZRbJfnkriSazW4hq
+F+PjTyXidn3uhS6z6CZB08Ltw2NBd3baRl/TQBEiFHd6SSGByqX6gMguK/tQV92U
+uM/Q4Ak4H/Q+nEN8/LdXioW0P7ZEC6X/9GXKWv+bUs6LjcZXftA=
+=TG5W
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:04.tzdata.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:04.tzdata                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Timezone database information update
+
+Category:       contrib
+Module:         zoneinfo
+Announced:      2019-01-09
+Credits:        Philip Paeps
+Affects:        All supported versions of FreeBSD.
+Corrected:      2019-01-01 10:04:49 UTC (stable/12, 12.0-STABLE)
+                2019-01-09 18:53:35 UTC (releng/12.0, 12.0-RELEASE-p2)
+                2019-01-01 10:05:12 UTC (stable/11, 11.2-STABLE)
+                2019-01-09 18:54:42 UTC (releng/11.2, 11.2-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime.  This file actually controls the
+conversion.
+
+II.  Problem Description
+
+Several changes in Daylight Savings Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+countries.  Because of these changes, the data in the zoneinfo files need to
+be updated, and if the local timezone on the running system is affected,
+tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV.  Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V.   Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately.  For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:04/tzdata-2018i.patch.asc
+# gpg --verify tzdata-2018i.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/12/                                                        r342667
+releng/12.0/                                                      r342897
+stable/11/                                                        r342668
+releng/11.2/                                                      r342898
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:04.tzdata.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKd+Q//QYBUcMdBnW6URT8bWCrIOTPP84aGpMKmU4ZZYidUfI6CJiiWVaGQHJgD
+tmdQjaHemSRfxQ+yAZ5XR8oUIBxrzBhA51cM5QMNnJMXBkpqz9yCbHefH3Fxfr6n
+Dg+Vt2cZ745MHPK9uhjtUTmLYRF2iztUqlATr3R1NxBbJ6QQzQuVEyeAvTSY9Jdw
+/+cQM72m28iHPP+ff5v9n2MLqoTg74HbchwJthtDvgK9elfQFuC1F07i8I6F4krT
+FHnPRISpg4EEOKYG/Jjedk9FQBUpKiOhsDz+siGtjQoivz8TemaH5nTMI7P/WP/7
+jFJ6+jQirc2vCvcUzmiPGrBXRx3OptYcIiLOeKfgc+wCtgEHap4Nrl4Damt1QC13
+T4kpaOi3TcqtDtKxZyxwR8tOtJGEayqXFHA5FL1Fgr63JcvbZTXlBg0BT4oAd7mX
+DuvDkap5hXh6jlQ2BM4L9J+I+GNMfrpULsM4drsqd7GVBcLrnu06po3M8jgja44T
+rVzNB62FuOX19Q2W8kZ7LOfAwW+ho02GNzwuYWiLCpP4JSTaxtHrd1LexpCzO4Lg
+zsttA2bkNjmzHxfcbAPbS5IMX539iJdTgZiDlBNzUi+QqiCG83/fRcVvgD7qH1iM
+kF7DipZUURjlV/RbtCZFU/fsKVzR7rF5MSQl9q7llwe5uMto6lQ=
+=1NIG
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:05.kqueue.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:05.kqueue                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          kqueue race condition and kernel panic
+
+Category:       core
+Module:         kqueue
+Announced:      2019-01-09
+Credits:        Mark Johnston
+Affects:        FreeBSD 11.2
+Corrected:      2019-11-24 17:11:47 UTC (stable/11, 11.2-STABLE)
+                2019-01-09 18:57:38 UTC (releng/11.2, 11.2-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+kevent(2) is a system call which provides a generic method of notifying the
+caller when a caller-specified event happens or a condition holds.  One use
+for kevent(2) is to wait for a specified timeout to elapse.
+
+II.  Problem Description
+
+The kevent(2) implementation in the kernel contains a race condition which
+can be triggered when an event is added and fires shortly after.  Most event
+types are not affected, but timer events can trigger the race if the timeout
+duration is very short.
+
+III. Impact
+
+The race condition can cause corruption of a queue structure, leading to
+a kernel panic when it is later accessed.  Applications using kevent(2) may
+trigger the panic if their usage causes the race condition to occur.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:05/kqueue.patch.asc
+# gpg --verify kqueue.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r340904
+releng/11.2/                                                      r342899
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:05.kqueue.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RdZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK0nRAAgPsdkc/TyBTqpvJrvvNaVd0xgNC2lxnYK3HxOPbo5kqj6XHZxb3KvrrN
+He6TyGvwGCPHNzlFwHILH+FtFkgrvGVBoPu/U0e/NKRrkhyxPHJMz0bZPu7yqQoG
+GDFRIsw5D3JKZW38yMD9Menh3mag81OVZii1LfzkcDLLKfwX/zcx1vV7MSwMzoNs
+5L7Fm8lg0uIxrrlKvvmrPxfWoZENhCr9CAAdg8moL3thl64NaVVmPo7tXDXosNGo
+EQYT19SY0FBSboUcpVaChgyZaCFzOeCPuXuJPoUYppIWNiv2S8ZTjuq9d1g4R4SD
+7GBMozz8EG1rN0pzhx8mVEECZBzdt5rjggiWKjkOVxH/sy5LQjppONK3VVOygoCz
+dve2wGq6S1ke/b2NDRpAinmIr8I3x3b7JLNkE5OvNJ6bTLk3ZmpIRYQNYT+eu8Fx
+GNe/oTU9DRbB4yv0kcKsypHqQ0cKdn6+duYzKGZ4+c86B7IHJgsYoG/NTKYfFzQx
+BHWuI/P/9pakHESNiDidKRz+z5w679+jIfZDcbBIXaw+PCqzg5a1GFN8Bub2mGLw
+2wmVQJV1nbdE+6UbWvaV2seV/bo+N/L8k4QS6OPIDUefLPGgCdRFr/MlLoiTaJ43
+p+L3iVlVbiOTCfsCGI/QVQq+IOngKzqSUXN3Ys7PXvvAzSyaTFg=
+=fD2U
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/EN-19:01/cc_cubic.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-19:01/cc_cubic.patch	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,194 @@
+--- sys/netinet/cc/cc.h.orig
++++ sys/netinet/cc/cc.h
+@@ -102,8 +102,6 @@
+ #define	CCF_ACKNOW		0x0008	/* Will this ack be sent now? */
+ #define	CCF_IPHDR_CE		0x0010	/* Does this packet set CE bit? */
+ #define	CCF_TCPHDR_CWR		0x0020	/* Does this packet set CWR bit? */
+-#define	CCF_MAX_CWND		0x0040	/* Have we reached maximum cwnd? */
+-#define	CCF_CHG_MAX_CWND	0x0080	/* Cubic max_cwnd changed, for K */
+ 
+ /* ACK types passed to the ack_received() hook. */
+ #define	CC_ACK		0x0001	/* Regular in sequence ACK. */
+--- sys/netinet/cc/cc_cubic.c.orig
++++ sys/netinet/cc/cc_cubic.c
+@@ -88,8 +88,6 @@
+ 	unsigned long	max_cwnd;
+ 	/* cwnd at the previous congestion event. */
+ 	unsigned long	prev_max_cwnd;
+-	/* Cached value for t_maxseg when K was computed */
+-	uint32_t        k_maxseg;
+ 	/* Number of congestion events. */
+ 	uint32_t	num_cong_events;
+ 	/* Minimum observed rtt in ticks. */
+@@ -126,9 +124,6 @@
+ 	cubic_data = ccv->cc_data;
+ 	cubic_record_rtt(ccv);
+ 
+-	if (ccv->flags & CCF_MAX_CWND)
+-		return;
+-
+ 	/*
+ 	 * Regular ACK and we're not in cong/fast recovery and we're cwnd
+ 	 * limited and we're either not doing ABC or are slow starting or are
+@@ -156,12 +151,6 @@
+ 			    cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
+ 			    CCV(ccv, t_maxseg));
+ 
+-			if (ccv->flags & CCF_CHG_MAX_CWND || cubic_data->k_maxseg != CCV(ccv, t_maxseg)) {
+-				cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
+-				cubic_data->k_maxseg = CCV(ccv, t_maxseg);
+-				ccv->flags &= ~(CCF_MAX_CWND|CCF_CHG_MAX_CWND);
+-			}
+-
+ 			w_cubic_next = cubic_cwnd(ticks_since_cong +
+ 			    cubic_data->mean_rtt_ticks, cubic_data->max_cwnd,
+ 			    CCV(ccv, t_maxseg), cubic_data->K);
+@@ -173,18 +162,13 @@
+ 				 * TCP-friendly region, follow tf
+ 				 * cwnd growth.
+ 				 */
+-				CCV(ccv, snd_cwnd) = ulmin(w_tf, TCP_MAXWIN << CCV(ccv, snd_scale));
++				CCV(ccv, snd_cwnd) = w_tf;
+ 
+ 			else if (CCV(ccv, snd_cwnd) < w_cubic_next) {
+ 				/*
+ 				 * Concave or convex region, follow CUBIC
+ 				 * cwnd growth.
+ 				 */
+-				if (w_cubic_next >= TCP_MAXWIN << CCV(ccv, snd_scale)) {
+-					w_cubic_next = TCP_MAXWIN << CCV(ccv, snd_scale);
+-					ccv->flags |= CCF_MAX_CWND;
+-				}
+-				w_cubic_next = ulmin(w_cubic_next, TCP_MAXWIN << CCV(ccv, snd_scale));
+ 				if (V_tcp_do_rfc3465)
+ 					CCV(ccv, snd_cwnd) = w_cubic_next;
+ 				else
+@@ -202,10 +186,8 @@
+ 			 * max_cwnd.
+ 			 */
+ 			if (cubic_data->num_cong_events == 0 &&
+-			    cubic_data->max_cwnd < CCV(ccv, snd_cwnd)) {
++			    cubic_data->max_cwnd < CCV(ccv, snd_cwnd))
+ 				cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+-				ccv->flags |= CCF_CHG_MAX_CWND;
+-			}
+ 		}
+ 	}
+ }
+@@ -254,7 +236,6 @@
+ 				cubic_data->num_cong_events++;
+ 				cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
+ 				cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+-				ccv->flags |= CCF_CHG_MAX_CWND;
+ 			}
+ 			ENTER_RECOVERY(CCV(ccv, t_flags));
+ 		}
+@@ -267,8 +248,6 @@
+ 			cubic_data->prev_max_cwnd = cubic_data->max_cwnd;
+ 			cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+ 			cubic_data->t_last_cong = ticks;
+-			ccv->flags |= CCF_CHG_MAX_CWND;
+-			ccv->flags &= ~CCF_MAX_CWND;
+ 			CCV(ccv, snd_cwnd) = CCV(ccv, snd_ssthresh);
+ 			ENTER_CONGRECOVERY(CCV(ccv, t_flags));
+ 		}
+@@ -285,7 +264,6 @@
+ 		if (CCV(ccv, t_rxtshift) >= 2) {
+ 			cubic_data->num_cong_events++;
+ 			cubic_data->t_last_cong = ticks;
+-			ccv->flags &= ~CCF_MAX_CWND;
+ 		}
+ 		break;
+ 	}
+@@ -304,7 +282,6 @@
+ 	 * get used.
+ 	 */
+ 	cubic_data->max_cwnd = CCV(ccv, snd_cwnd);
+-	ccv->flags |= CCF_CHG_MAX_CWND;
+ }
+ 
+ static int
+@@ -329,11 +306,9 @@
+ 	pipe = 0;
+ 
+ 	/* Fast convergence heuristic. */
+-	if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd) {
++	if (cubic_data->max_cwnd < cubic_data->prev_max_cwnd)
+ 		cubic_data->max_cwnd = (cubic_data->max_cwnd * CUBIC_FC_FACTOR)
+ 		    >> CUBIC_SHIFT;
+-		ccv->flags |= CCF_CHG_MAX_CWND;
+-	}
+ 
+ 	if (IN_FASTRECOVERY(CCV(ccv, t_flags))) {
+ 		/*
+@@ -356,7 +331,6 @@
+ 			    cubic_data->max_cwnd) >> CUBIC_SHIFT));
+ 	}
+ 	cubic_data->t_last_cong = ticks;
+-	ccv->flags &= ~CCF_MAX_CWND;
+ 
+ 	/* Calculate the average RTT between congestion epochs. */
+ 	if (cubic_data->epoch_ack_count > 0 &&
+@@ -367,6 +341,7 @@
+ 
+ 	cubic_data->epoch_ack_count = 0;
+ 	cubic_data->sum_rtt_ticks = 0;
++	cubic_data->K = cubic_k(cubic_data->max_cwnd / CCV(ccv, t_maxseg));
+ }
+ 
+ /*
+--- sys/netinet/cc/cc_cubic.h.orig
++++ sys/netinet/cc/cc_cubic.h
+@@ -41,8 +41,6 @@
+ #ifndef _NETINET_CC_CUBIC_H_
+ #define _NETINET_CC_CUBIC_H_
+ 
+-#include <sys/limits.h>
+-
+ /* Number of bits of precision for fixed point math calcs. */
+ #define	CUBIC_SHIFT		8
+ 
+@@ -163,6 +161,8 @@
+ /*
+  * Compute the new cwnd value using an implementation of eqn 1 from the I-D.
+  * Thanks to Kip Macy for help debugging this function.
++ *
++ * XXXLAS: Characterise bounds for overflow.
+  */
+ static __inline unsigned long
+ cubic_cwnd(int ticks_since_cong, unsigned long wmax, uint32_t smss, int64_t K)
+@@ -174,15 +174,6 @@
+ 	/* t - K, with CUBIC_SHIFT worth of precision. */
+ 	cwnd = ((int64_t)(ticks_since_cong << CUBIC_SHIFT) - (K * hz)) / hz;
+ 
+-	/* moved this calculation up because it cannot overflow or underflow */
+-	cwnd *= CUBIC_C_FACTOR * smss;
+-
+-	if (cwnd > 2097151) /* 2^21 cubed is long max */
+-		return INT_MAX;
+-
+-	if (cwnd < -2097152) /* -2^21 cubed is long min */
+-		return smss;
+-
+ 	/* (t - K)^3, with CUBIC_SHIFT^3 worth of precision. */
+ 	cwnd *= (cwnd * cwnd);
+ 
+@@ -191,17 +182,8 @@
+ 	 * The down shift by CUBIC_SHIFT_4 is because cwnd has 4 lots of
+ 	 * CUBIC_SHIFT included in the value. 3 from the cubing of cwnd above,
+ 	 * and an extra from multiplying through by CUBIC_C_FACTOR.
+-	 *
+-	 * The original formula was this:
+-	 * cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
+-         *
+-         * CUBIC_C_FACTOR and smss factors were moved up to an earlier
+-	 * calculation to simplify overflow and underflow detection.
+ 	 */
+-	cwnd = (cwnd >> CUBIC_SHIFT_4) + wmax;
+-
+-	if (cwnd < 0)
+-		return 1;
++	cwnd = ((cwnd * CUBIC_C_FACTOR * smss) >> CUBIC_SHIFT_4) + wmax;
+ 
+ 	return ((unsigned long)cwnd);
+ }

Added: head/share/security/patches/EN-19:01/cc_cubic.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-19:01/cc_cubic.patch.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK6Bw/+NJXfzNxz2c9hS4RgZSeDZxtqPEC6ZG5aKN2vc7RzwYsGgv5f4VzuU40A
+MsRNRmbDjoQYj9zkBKOYUWaIX6ZffOjUwc7DZ1Us4ykXRxlB2Ys4R98z5lY6mQDA
+hcTnCPvKTMChcXO3hQ77W3bUPk+p5+XvcDhks8K8N5/Xixj1xoy5J8dmbGvQ9i/R
+JZa2loacsPab/c2Fr/6L7DyHU3bbXIh+27HknCUOyK0dekbZ8g0oP+u/qb4VX/7s
+BkSbIkLUNq3dBkb0vOAoTry/M2kKpU8Dz/SITuW4bSJqfvNWN2hiT7YTQaNg+E0J
+VaaKHhpGO5TrYDnYRfmJyrAiobROEbpoGXg9TvfZ9VLk0sGOPcBN598DNJLkiZCa
+dzMrimOOcgeeyPhvG0Mq4ZGBkYgqj88jb29bwJbkCLvjTfaL3kPeKxky1bylgEmR
+Vevzqlp9IhrnSW21u0Kd8ZWuXka8ni+uKe2B24FyOZntziODWOi/rFAE7DV21y1V
+gZsX2v9kwr/M2ApFpAhtEnF3JHX0sl5J8mF9Wnv0CdJP3fTpC9M0byZsCc2qy84g
+5f6KPu57CgvuHG/YRKLDxG7tt1jXYi/LFsR7iGbbCCbthx5pImQrYfKMOdSR81s+
+Iwa8j657nxF+YjM+aq8l7E3g1uonJ2aWT95WFssUnv2ww+O14fw=
+=4RIV
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/EN-19:02/tcp.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-19:02/tcp.patch	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,56 @@
+--- sys/netinet/tcp_reass.c.orig
++++ sys/netinet/tcp_reass.c
+@@ -579,7 +579,8 @@
+ 	 */
+ 	lenofoh = tcp_reass_overhead_of_chain(m, &mlast);
+ 	sb = &tp->t_inpcb->inp_socket->so_rcv;
+-	if ((sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
++	if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
++	    (sb->sb_mbcnt + tp->t_segqmbuflen + lenofoh) > sb->sb_mbmax) {
+ 		/* No room */
+ 		TCPSTAT_INC(tcps_rcvreassfull);
+ #ifdef TCP_REASS_COUNTERS
+@@ -588,6 +589,11 @@
+ #ifdef TCP_REASS_LOGGING
+ 		tcp_log_reassm(tp, NULL, NULL, th->th_seq, lenofoh, TCP_R_LOG_LIMIT_REACHED, 0);
+ #endif
++		if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) {
++			log(LOG_DEBUG, "%s; %s: mbuf count limit reached, "
++			    "segment dropped\n", s, __func__);
++			free(s, M_TCPLOG);
++		}
+ 		m_freem(m);
+ 		*tlenp = 0;
+ #ifdef TCP_REASS_LOGGING
+@@ -936,6 +942,20 @@
+ 	 * is understood.
+ 	 */
+ new_entry:
++	if (th->th_seq == tp->rcv_nxt && TCPS_HAVEESTABLISHED(tp->t_state)) {
++		tp->rcv_nxt += *tlenp;
++		flags = th->th_flags & TH_FIN;
++		TCPSTAT_INC(tcps_rcvoopack);
++		TCPSTAT_ADD(tcps_rcvoobyte, *tlenp);
++		SOCKBUF_LOCK(&so->so_rcv);
++		if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
++			m_freem(m);
++		} else {
++			sbappendstream_locked(&so->so_rcv, m, 0);
++		}
++		sorwakeup_locked(so);
++		return (flags);
++	}
+ 	if (tcp_new_limits) {
+ 		if ((tp->t_segqlen > tcp_reass_queue_guard) &&
+ 		    (*tlenp < MSIZE)) {
+@@ -960,9 +980,7 @@
+ 			return (0);
+ 		}
+ 	} else {
+-
+-		if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
+-		    tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
++		if (tp->t_segqlen >= min((so->so_rcv.sb_hiwat / tp->t_maxseg) + 1,
+ 					 tcp_reass_maxqueuelen)) {
+ 			TCPSTAT_INC(tcps_rcvreassfull);
+ 			*tlenp = 0;

Added: head/share/security/patches/EN-19:02/tcp.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-19:02/tcp.patch.asc	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2RhxfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIsjBAAiM9K9Y/ci+sVsH0HrunEbdJT5dI4oabI6Z7zV7X2F5OZobC0neXYCpqH
+sknU/phwdWTmSdLlqxI37At2rQPRFnnAF0sfyByJEmnrNq3CPg/cFabvuNWfetPh
+wpHQc7XUJAz58Lk5o382Dn4POZP+aBmo1e6ULHIXCcgR8xHvGAtQoCLJFh9VXKZx
+tSP+PiwCfHXjIF1J+bEPhv6IO3H59COb5daj1qhTbUnkCmacPBDCFzrSqqbUPOru
+MAvXxcUP3mhPDrIx5eDUNo5C1t54PF6fPzBj8Pq+SUKXrHI1PYHxw2yL+y0vn7vT
+TImWde+rRdDwzab2mt/IP2WaRnC5wVNS+QHZc9M+QB+ujAx8e278uK/eiJwKkm59
+MShtZ46YB96aoZuLYibk+i53jW7OOJbCH9xwFXvZb2n3ObBfJcqig4aXtvug7BOr
+v/90s6Q72jKpJUopgzFut6E2XtJ6ImAvq8qDxo0qLix5vASu57tst/5vyfj4dt79
+AJ05x20KKKKhaNzpnwyOWW4/egeElJPLHg8WsWzwtsRW1ZMWBRIqAzS+dLlDNod9
+ywSbOYb0FMmYe0rtv1gbm5wWjAQ8QYEe/8JoD7y5O04mUVmxmubeYYQ2vAxtxDPs
+ODiJtLdALWkPidb8ynn4r5LBYDjQRvni1+3j2E+nCh9Z08nHzzs=
+=KVpY
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/EN-19:03/sqlite-11.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-19:03/sqlite-11.patch	Wed Jan  9 19:17:54 2019	(r52756)
@@ -0,0 +1,76146 @@
+--- contrib/sqlite3/Makefile.am.orig
++++ contrib/sqlite3/Makefile.am
+@@ -1,6 +1,5 @@
+ 
+-AM_CFLAGS = @THREADSAFE_FLAGS@ @DYNAMIC_EXTENSION_FLAGS@ @FTS5_FLAGS@ @JSON1_FLAGS@ @SESSION_FLAGS@ -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_RTREE

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901091917.x09JHtSB026034>