From owner-svn-doc-all@freebsd.org Fri Aug 12 04:07:53 2016 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7AF34BB7158; Fri, 12 Aug 2016 04:07:53 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 441441EA6; Fri, 12 Aug 2016 04:07:53 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7C47qJt040789; Fri, 12 Aug 2016 04:07:52 GMT (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7C47p60040778; Fri, 12 Aug 2016 04:07:51 GMT (envelope-from glebius@FreeBSD.org) Message-Id: <201608120407.u7C47p60040778@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: glebius set sender to glebius@FreeBSD.org using -f From: Gleb Smirnoff Date: Fri, 12 Aug 2016 04:07:51 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49252 - in head/share: security/advisories security/patches/EN-16:10 security/patches/EN-16:11 security/patches/EN-16:12 security/patches/EN-16:13 security/patches/EN-16:14 security/pa... X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:07:53 -0000 Author: glebius (src committer) Date: Fri Aug 12 04:07:51 2016 New Revision: 49252 URL: https://svnweb.freebsd.org/changeset/doc/49252 Log: Release 6 errata notices for 10.3-RELEASE, all related to Microsoft Hyper-V. Submitted by: Dexuan Cui , gjb Added: head/share/security/advisories/FreeBSD-EN-16:10.dhclient.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:11.vmbus.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:12.hv_storvsc.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:13.vmbus.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:14.hv_storvsc.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:15.vmbus.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:16.hv_storvsc.asc (contents, props changed) head/share/security/patches/EN-16:10/ head/share/security/patches/EN-16:10/dhclient.patch (contents, props changed) head/share/security/patches/EN-16:10/dhclient.patch.asc (contents, props changed) head/share/security/patches/EN-16:11/ head/share/security/patches/EN-16:11/vmbus.patch (contents, props changed) head/share/security/patches/EN-16:11/vmbus.patch.asc (contents, props changed) head/share/security/patches/EN-16:12/ head/share/security/patches/EN-16:12/hv_storvsc.patch (contents, props changed) head/share/security/patches/EN-16:12/hv_storvsc.patch.asc (contents, props changed) head/share/security/patches/EN-16:13/ head/share/security/patches/EN-16:13/vmbus.patch (contents, props changed) head/share/security/patches/EN-16:13/vmbus.patch.asc (contents, props changed) head/share/security/patches/EN-16:14/ head/share/security/patches/EN-16:14/hv_storvsc.patch (contents, props changed) head/share/security/patches/EN-16:14/hv_storvsc.patch.asc (contents, props changed) head/share/security/patches/EN-16:15/ head/share/security/patches/EN-16:15/vmbus.patch (contents, props changed) head/share/security/patches/EN-16:15/vmbus.patch.asc (contents, props changed) head/share/security/patches/EN-16:16/ head/share/security/patches/EN-16:16/hv_storvsc.patch (contents, props changed) head/share/security/patches/EN-16:16/hv_storvsc.patch.asc (contents, props changed) Modified: head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-16:10.dhclient.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:10.dhclient.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:10.dhclient Errata Notice + The FreeBSD Project + +Topic: Better handle unknown options received from a DHCP server + +Category: core +Module: dhclient +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-05-06 05:44:12 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The dhclient(8) utility is used to request an IP address from a DHCP server. +Some implemenations of DHCP servers can use "options" to pass extra +information to dhclient. + +II. Problem Description + +In Azure, the DHCP server adds a private option (id 0xf5), which contains +binary form of an IPv4 address. Once this option is converted to string +form, it could contain '$', for example: + +IPv4 address: 100.72.36.54 +binary form: 0x64 0x48 0x24 0x36 +string form: "dH$6" + +In this case, dhclient(8) exits upon "illegal" options as shown above, thus +the an Azure virtual machine will fail to obtain an IP address, and fail to +start. + +III. Impact + +The virtual machine in Azure may not set IP address properly and becomes +inaccessible. + +IV. Workaround + +No workaround is available, however it is presumed this issue only affects +FreeBSD running in Azure. + +V. Solution + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. +Afterward, reboot the system or restart dhclient(8). + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterward, reboot the system or restart dhclient(8). + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:10/dhclient.patch +# fetch https://security.FreeBSD.org/patches/EN-16:10/dhclient.patch.asc +# gpg --verify dhclient.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r299156 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUsbAAoJEO1n7NZdz2rnXk4P/jrIiXpu7f2ueB9qZNGE8I31 +OYFLJcv7xnSy9FRm1t7FxJJ+rJLG8dSCVtvMuyOExgQ+ZuWKg8kgumRG5/MW081O +r0IXmvyFZgYnmRu34m13ZcH7b0qE+i8HhYqd22yoSnceOEodRMJG1X1urbcFRywO +UfJz64pqndFYGT0I7lG0Bvt5FwAN3oo8WefaD+eq7kIwnZGLujJHx5cIaG91xLBo +chfjPkjVgbF2/IC+rcJd2asKsXRxsBLloTh4NvTMLPSvmgItsUImU5H3YWlL5yDm +GbCA2GLY0C50OEMDnMS2GjKUVzMK76TWgtN3fWBAGRRQYyiZh2be9BOR9ypbG6W3 +dHGSCiVILKgIoFRUMqT3KkR4oE7cxcSj6yD8xo8Nws4cV3nuC4ityBm6Gn5awzkG +PriRg7SYF3mr7cSGa+L7LG7bvL34E/cKL8gkY/LbTa4ZKLFuprMyx3cOs+8Q6ezp +u3d51NNPmmprxsFFWKqVIw0yNA6PN6c07v9pFGjUpsPk91+CD6Pgc+UumKI/tsIu +BxEhEw3Iucf8YB/qfEJReDdDM7NgjXXeYASq6PI7Ag4uBx+6lNqYomZsmwcGO+6w +JtQAxid2fg3srMjA2ZdryJ0DskQn2B+ff1Z7Zf4h58zGmL16CUfA7qhLweAy//GV +GBduTyY36OwgkBs5i7wh +=y0LS +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:11.vmbus.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:11.vmbus.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,120 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:11.vmbus Errata Notice + The FreeBSD Project + +Topic: Avoid using spin locks for channel message locks + +Category: core +Module: vmbus +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-06-15 09:52:01 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The vmbus driver has a global lock hv_vmbus_g_connection.channel_msg_lock, +whose type is MTX_SPIN. The lock is used to protect concurrent access to the +global pending message list hv_vmbus_g_connection.channel_msg_anchor. + +II. Problem Description + +In some cases, sema_post() is invoked when the spin mutex is held. + +III. Impact + +Using sema_post() with a held spin mutex may trigger a system panic. + +IV. Workaround + +No workaround is available, however FreeBSD virtual machines not running in +Hyper-V or Azure are unaffected. + +V. Solution + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. After which, reboot the +system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +After which, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch +# fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch.asc +# gpg --verify vmbus.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + + + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r301925 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUsfAAoJEO1n7NZdz2rnyAgP/3ZQ6JLhVWjdHHQz13XyT32r +NjhZ5VWdL8ZOd4psbLTmqMh79KT4u/bMZ4RackAcpX2agnpPx8sDQL5kaRNypQuj +OC+rTyRy4J/TZTeX6OPA+TSwOS/yczdGFhgexk0AuxoqWN3j8yZ/P+DyTC7y5CmD +8Fc9lcTAyFP/OEwybprWesRsC6wS1hKKhzz32e+i2EONzU5Xk8V3rondLZ2cSC9h +UaeUqJHCbdIogWt7h0zD3WKbcYEwdTmE6MNFJenjWLaIJQkFxqYUfncK9nePm+v7 +W/QfVhEMuClKJRQRI6hHC+XJU2BxoXVB7uuJxk4rfLYO+TynvJ8w2iAMpf6liQLM +ChvBsczIDHtha7z1uqMRHouywHgSc/YWXodMrRRbOjDfFFHzsTIE/ZVdAncGqxwQ +/b7VmBS4kZRG5KP0ip/SHRUR+Ououp79gOkIphsT8ikpQKyHQVfG9FL8desSpE8f +nTyAWwlbBuIid7PqLcFwlIZuqbx52eMWG3//bZNKnxrx2b9RILNRDbOOrwbD2VHq +n9mO2EKdEPQg+Fz4omwCcmK2kMhknvotQ9oWUOGFK6i/BqZ6q5PffH4lxTyTS+Jr +oDxHZ3jmSVFb7bcjCqYwqpvxloOXY3ChgfYvnq3OI8Ry5Y7rnI8sGmKFwgqWcSqE +KS1LNBSGT1A7/mpgzld7 +=GPUS +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:12.hv_storvsc.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:12.hv_storvsc.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:12.hv_storvsc Errata Notice + The FreeBSD Project + +Topic: Enable INQUIRY result check only on Windows 10 host systems + +Category: core +Module: hv_storvsc +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-05-25 06:15:26 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +A FreeBSD virtual machine running on Hyper-V uses hv_storvsc(4) to discover, +access, and control block devices. The SCSI INQUIRY command is used to scan +the disks attached to the virtual machine, and hv_storvsc(4) checks if the +response from the host is valid. + +II. Problem Description + +On Windows 8 and earlier systems, the response to the INQUIRY command may +return invalid results. + +III. Impact + +When a SCSI disk hotplug occurs, some disks may not be visible to the guest +virtual machine despite being present. + +IV. Workaround + +No workaround is available however guest machines not running on Hyper-V on +Windows 8 and earlier are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. After which, reboot the +system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +After which, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:12/hv_storvsc.patch +# fetch https://security.FreeBSD.org/patches/EN-16:12/hv_storvsc.patch.asc +# gpg --verify hv_storvsc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r300656 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUsgAAoJEO1n7NZdz2rns+wP/icFVWd1JaWRxcyRsv/fXIKM ++W2juTwxptg7HaXCUf885pe4ku7KHaAHViaE/Ma7QBK3DYbYMFhFRB+Vz3n45DWg +Cc9lQfLm1sGOHA1YZml4O9dOnjxkybPhUShiBq06rREOTawdEIb1F5+xUkMo8fx4 +L3pwFBwSgBTJogcld4Ukj8w6iFLoN5SAPaGpOwmXguheja8OhP/K0UHk7SkTWaxj +AXKyVD9z8GusqST33JOhY+PQEQU4LKZue5Xrxlrblb0eFZn6LiykYAQX0zrufFPi +W4sg2rCogo2RIUZxmZAX0V1zcVoClKfFu1/o4dPLY4mWSIGvMde2SXanS3E6T1Mz +PBa3+ugTgwE9+kGuY5T5jeslHcac9i6kOKU8UDMlAYxzdd2r7h9UVznms6laCIx2 +o4Z1morcFhzInuXepGl7ZeV5KEDzlgmtdLzzgZ+sc4D9IYDwig4tjw8O9uRFBDeG +wU1pInC4M2cfs2h322IyYIg5wo9thoMrRitidLACZfB/xo6x3dEaCtj8NtxQXoYK +/TwVdT8ltL1RlZun8I/8sdijGG5+eJAU31JOlortHnEDMzyWuSbQcaDqo8dK9fGb +WmV0Qk+ATMA1NdxKTMHfxQUfZ6EvplTRHBNdghYWJWTvLXDyb6sKjHzo/Eexn0SD +nh2mSHOlq8xjlCyop+I1 +=FUf1 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:13.vmbus.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:13.vmbus.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:13.vmbus Errata Notice + The FreeBSD Project + +Topic: Register time counter early enough for TSC freq calibration + +Category: core +Module: vmbus +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-06-16 01:57:16 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +FreeBSD uses i8254 PIT (Programmable Interval Timer) to calibrate the +frequency of the CPU TSC (Time Stamp Counter). + +II. Problem Description + +The Hyper-V i8254 emulation does not correctly calibrate the TSC frequency, +and is not available for Generation 2 Hyper-V virtual machines. + +III. Impact + +FreeBSD virtual machines running on Hyper-V will see warnings logged to +syslog(8) and the system console resembling: +calcru: runtime went backwards from 18 usec to 9 usec for pid 0 (kernel) + +IV. Workaround + +No workaround is available, however FreeBSD virtual machines not running in +Hyper-V or Azure are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. After which, reboot the +system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +After which, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:13/vmbus.patch +# fetch https://security.FreeBSD.org/patches/EN-16:13/vmbus.patch.asc +# gpg --verify vmbus.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r301942 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUshAAoJEO1n7NZdz2rnZncQALG1iAvkhT+SZZ+MP7bEqlJP +HP2NsmalVF35PnoGRj+MwG61rbrtZzAB/OHXVx4iotzAW6NCOACJuCnuJqgqFK6N +pggtIzgE6xXsHlKIL7V9ucIURIUbdAcDoaTnJ4aE373DwmtPn/hKVaWtbspcpZ3F +QxiFIhbR4kqDjk1fVmM4xAn8E4Q6+eUFb88LUnWh/Cd86uCSQ5cKY8qFQyhoEyeI +L6iChVTdE7zn3bjavzlJdQn2Rh6N7lmnhBcpm+e1eyDdxDYUPCXAeGqmNrQBShq9 +SwIJKOs6ll0tzDGTI0tmKV5OoEw6InyZ6xRDR7k6j7yOo/IHVNrFAYQ+CRI+IDCv +q+MXYOUDTIo1KxjYHzRan+f3m7DXUuSXUDye+0sAglK37FJGvUZ206dkNZVFzp2F +wKpvzT2Pbfzl5AMGJav04YpC7MiXCxD/wsUs+jz9P+9G5UuMcjwYhuLXFecrX7BP +zhqEtRTShuFviNIsCJxG+pmF/srESTADMckYWLez7Y2qHbO2ZxMRpKOB9XPNQEoK +PQIWdsmdiUKCjCgKp7Siy/bb42zUVcCXjSFXGP7Eb0+i49SAFZWAO53jbe3qvtQT +NGf47PReOLpxmLVi84lemS5jl+/GhREWZNQ+b3jdHs8ghKjfkvDPWzihVAMzcfQN +LNnMDZJlpCUhiGp6yoHG +=s9XX +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:14.hv_storvsc.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:14.hv_storvsc.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:14.hv_storvsc Errata Notice + The FreeBSD Project + +Topic: Disable incorrect callout in hv_storvsc(4) + +Category: core +Module: hv_storvsc +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-05-06 05:16:42 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The Hyper-V storage driver, hv_storvsc(4), always sets up a timeout(9) timer +when sending an I/O request to the host. When the I/O is completed by the +host and the host notifies the virtual machine, callout_drain() is used in +another thread. + +II. Problem Description + +The hv_storvsc(4) driver does not correctly set up the timer, and +callout_drain() does not remove the callout as expected. When the callout is +later used again, it is unexpectedly reinitialized, which can cause +undetermined behavior in the kernel callout(9) system. + +III. Impact + +Unexpected behavior in the kernel callout(9) system can occur, such as +inability to halt the system with 'shutdown -h now'. + +IV. Workaround + +No workaround is available, however FreeBSD virtual machines not running in +Hyper-V or Azure are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. After which, reboot the +system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +After which, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch +# fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch.asc +# gpg --verify hv_storvsc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r299153 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUsiAAoJEO1n7NZdz2rn5qAP/0OmatunIP/2a1U7SPNav55G +wa0/q9MOYb/+vRfGGynlGLt79E6gxYopwMXnVtm/Z1Hhqt7NEfT6h4Fjb6rjdIiz +Anwm6kNuesDjZGBSJ1POMP8DCXm16uqxZXQvGvzaVrdj/30gyFFrmUGPetJWnjZk +CawfOfDS+EynvXoXDuBUu9EeisUGFbcnb3zRTqXYq3adsxW9AwlstvCPnzKzvwom +KZKQz7AVB4XgD3B65UMpGrK7vi8u8PwXfn5sffhnt3KMchbpMA4HJXubrm9QmxxJ +KFQm4VOMxiqjSYMtTSW6q8uIArPG2y/Cs4agHUiSehRksMSUs6TCGdmSKN/OMn0D +Sby2MlcZCBuQDVmRdrotuTGkFvLAs/JagOojIAaz0wNcSWQv3F7DxuKx76C6jjlO +7mgEPrctDmQJMLIIAIqvzvG94DeleMEwLIV+5omr5hhy0FANfUksgUqPH5z2n6wZ +c4VJf8d1Jv6kpp8/uq1tcMrhmTtRwP1v7LYUBaHgy++C8azbrrS7BEMyqIB8Upal +CWlI9ZHZYoMWkpqATtlBs3rFmWNLxtCmf8a7Xa+Ox/hep6wrFD+TFmq2wzukTypq +BNGPIeHTxe7KdVcMbI87//SGWNEx/+W9iEcF4eGhE8JgGz+E0TvMR/JlK2479KXG +hsjMFVQWevI7sgvSKkBS +=XI3q +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:15.vmbus.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:15.vmbus.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:15.vmbus Errata Notice + The FreeBSD Project + +Topic: Better handle the GPADL setup failure in Hyper-V + +Category: core +Module: vmbus +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-06-15 09:39:41 UTC (stable/10, 10.3-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +FreeBSD guests on Hyper-V call hv_vmbus_post_message(), which uses hypercalls +to post various types of VMBus messages to the Hyper-V host. One kind of the +messages is to setup GPADL (Guest Physical Addrss Description List), which +describes shared memory buffers between the host and the guest. + +II. Problem Description + +Most often, hv_vmbus_post_message() does not fail. However, it could fail +intermittently when GPADLs of large shared memory is to be established with +the host, such as on the hn(4) attach path, a GPADL of 15MB sendbuf is +created, for which lots of messages will be flooded to the host. + +The host side tries to throttle the message rate by returning +HV_STATUS_INSUFFICIENT_BUFFERS. + +Before this errata notice, several retries for failed messages would be +attempted, but the delay between each retry is too low, causing sporadic +message posting failure. A larger delay (>=1ms) is now used between each +retry to fix the message posting failure. + +III. Impact + +Failures when Hyper-V network device driver are loaded and the device cannot +work would occur. + +IV. Workaround + +No workaround is available, however FreeBSD virtual machines not running in +Hyper-V or Azure are unaffected. + +V. Solution + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Afterward, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:15/vmbus.patch +# fetch https://security.FreeBSD.org/patches/EN-16:15/vmbus.patch.asc +# gpg --verify vmbus.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r301924 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUskAAoJEO1n7NZdz2rnpSYQAOcdxWeTfHk3Pksvy8tZl1sE +1HzD7d4LUEd8TJZq6JA8JEmAA3MN6p0FoGDj0NlMviiy1slCo4BuEyriixhkKUqh +be1+2pVY3d6gMixHFNPVKA0JB5amDvfxF8jY/lMZ1CsfD1tE0bTSRwPYhFFxJI8g +QK2dbjbGPQF32fAh4953wLV/HO1n6JiQS8dtyJBc4BdGRNCcuZpl69lDeJJWH5Li +IYtbQQlMIQZA5le7CjGXP+6eFus+U7CoqxuCq50CJwsgt0Rw+klApX85dodImlCR +qn6FCB0OdM2W3KgrnOLEXjvmajUO1fWAkiwlS6ZlkqST5KSRUHC3pzzZcYrvLBtA +qOslsoOp7v7uOvjKIt6As8KmX7OjFgNsiH4oxCL8H8HXNlN3uQRayMG8kglWqKWo +QFjF5cPL1YnDn5cBSThGQY0QBnDFEPiyviJZZ8XInKAESNysOW5rpx4bLKRqz33L +tZ0ebi+3PpA3M6wK9ag3zARJvqfTgHZ6KoVBF3HKmIB+LnyFQybHBaG5eG1sveWC +11KobiLoA1Te9v9KunJRBvmPMsV2zjrGJ5MYFw7UH/gYhjO2CGnRlJUCAHDFr7u+ +f/AJYb9qSS6exSFGhl7tBAxEAQAizy2eCSde/rXqbNH8QPz4SM/J436GPdxcaTRD +Lj+bkbcEPY6QqPPodDHn +=JVB9 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:16.hv_storvsc.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:16.hv_storvsc.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:16.hv_storvsc Errata Notice + The FreeBSD Project + +Topic: Fix SCSI INQUIRY checks and error handling + +Category: core +Module: hv_storvsc +Announced: 2016-08-12 +Credits: Microsoft OSTC +Affects: FreeBSD 10.3 +Corrected: 2016-07-15 02:29:10 UTC (stable/10, 10.2-STABLE) + 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The Hyper-V storage driver, hv_storsvc(4), uses the SCSI INQUIRY command to +detect the presence of SCSI LUNs. + +II. Problem Description + +The hv_storsvc(4) driver assumes 36-byte responses to the INQUIRY command, +which is not always the case. When a shorter response is received, it can +lead to unexpected behavior. + +If the host changes the virtual disk capacity, responses from the host to the +virtual machine guest next command (such as READ CAPACITY or INQUIRY) return +an error with sense data supplied. The hv_storsvc(4) driver does not check +the error status properly, so the upper SCSI layer treats the command as being +successfully executed, resulting in unexpected behavior. + +III. Impact + +There are several manifestations of the impact, such as disk hotplug not +working reliably, SMART checks on the disk with 'smartctl -i /dev/da0' can +cause the disk to detach and crash the machine, and online resizing not +working reliably. + +IV. Workaround + +No workaround is available, however FreeBSD virtual machines not running in +Hyper-V or Azure are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. After which, reboot the +system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +After which, reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:16/hv_storvsc.patch +# fetch https://security.FreeBSD.org/patches/EN-16:16/hv_storvsc.patch.asc +# gpg --verify hv_storvsc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r302863 +releng/10.3/ r303984 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJXrUslAAoJEO1n7NZdz2rnoeUP/0dlvrBv/wocTjPu+6K5OjIA ++GAvrrI+pESdnBQwYcIBfxq/YJIsgzVBAlqnrR1/s2fVOtkvhdcvzJAQSEVlvaYa +sJI2wn3lcT8KcH/JfNTxm/TgdDS25kPFl9SG1EdxE6ZSQHC4A0mjoEO9z4S7cq9i +FYS3VjY7AqZDJx6lCvQjW0Th4S/tvW1YZ62Tlnq3IT0JVpvVlxxPP9Qau7Z4DX8I +Pr+EqmBGdKINfzDXlrJ3TtLJ094mZw2CrhF1exmpdPAiuCUcKlt7xa6jGtm939iX +Pur9bIxl8pB/+uPB+vRq5wjzmg7s3ld8BWBV/NJjeLXSFb0hRxWcdbuvqcpiolQu +nIFsyaZ5h3QSxZG4NydB2Cr/A5lPG0aVGs76V9OnRbMy53NUrkyWZtGq0Qoyu9Zj +XaMDGeiFZcuR7VynrClGtJ9L+oeewQvScPsB5D2cwS+xsey7bTlOrpfT55Zouew2 +4gsuW8kmoxq8zE3pqLn41td+ERrH0mFp1/0Zk4NdB5ylJA/o2DFeMIiJpHZ0OtWE +T0KJ05Hz2UkjaPx1UUUC1D3GTunETXMHu62XhgsJi9tJltKiHZskWZYS9u2zDP57 +67nDjaORLbPIXUvMcQoOw/o7wFB4JWcnu/NUJdCHHHcSlec49fT+tfDzZvcfycrk +lTEHTA0GabtHC2G7vc+v +=3gBz +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-16:10/dhclient.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-16:10/dhclient.patch Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,39 @@ +Index: sbin/dhclient/dhclient.c +=================================================================== +--- sbin/dhclient/dhclient.c (revision 302284) ++++ sbin/dhclient/dhclient.c (working copy) +@@ -2277,6 +2277,17 @@ script_set_env(struct client_state *clie + { + int i, j, namelen; + ++ /* No `` or $() command substitution allowed in environment values! */ ++ for (j=0; j < strlen(value); j++) ++ switch (value[j]) { ++ case '`': ++ case '$': ++ warning("illegal character (%c) in value '%s'", ++ value[j], value); ++ /* Ignore this option */ ++ return; ++ } ++ + namelen = strlen(name); + + for (i = 0; client->scriptEnv[i]; i++) +@@ -2313,16 +2324,6 @@ script_set_env(struct client_state *clie + strlen(value) + 1); + if (client->scriptEnv[i] == NULL) + error("script_set_env: no memory for variable assignment"); +- +- /* No `` or $() command substitution allowed in environment values! */ +- for (j=0; j < strlen(value); j++) +- switch (value[j]) { +- case '`': +- case '$': +- error("illegal character (%c) in value '%s'", value[j], +- value); +- /* not reached */ +- } + snprintf(client->scriptEnv[i], strlen(prefix) + strlen(name) + + 1 + strlen(value) + 1, "%s%s=%s", prefix, name, value); + } Added: head/share/security/patches/EN-16:10/dhclient.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-16:10/dhclient.patch.asc Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJXrUseAAoJEO1n7NZdz2rnwP0QAI7YUXZJx2RdqNjDyTems1IR +/tR3utSSm6MUqIA5JkSKXBj6g8o04S9VA+HRBW6TlN/KhKHYhLaCW5O4etMlp7xu +5OYahVFAj5uMteBpvr0H0WK5NInt5Pw6YAlv7E9G7qjgKWSSsDV5h5C4xUHSSDhP +PDn3/GXCInEY2bLIhdPcGJelPEzdCKREQWEwz1A2IjOM5rGTMAiCMvW5jW0sZd0K ++b65Dd25X1h37bFbexZy8hNIR0HyROAzsHSOV8yjf0625sib7dippVxv6ARjBX3p +Lm88B7SI4MwW31CtsOAzjRw0Ibu+ASAx/5jRU8NppS3HZSICAk0Xjqq50m/vtCcs +ognAqhwKHHtxfrs+UePwA9Xi6hsNcwC66HIeX1MZw7hs7FSTfheo4iy2PohbeCoW +46RUc66RKehanG67CLe5GtYX5OzlQbzM0/KlqXZ11FvT3yXeTbCqx55ViDMOj31B +P/Gf43Ct59DB5dIcmjqNCIIIvvAYnlqWuSDZWMj+SmYlrTbPFbKFXZaqGleXIi2j +VVS7waoD9Bxuz+Qfaw97khFsS+QvpQWQnwGQARrb+74YeK9MbQFQ9jT2CCuWWcjF +JXwfl8Z1wiMgQxWu7AxzAGGmdlSe9w5xuaPz0ep84t1fXgBvzkG/7W56XJWIXgfZ +RLkTFs/7ZFPzR2ej1aXw +=z8D3 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-16:11/vmbus.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-16:11/vmbus.patch Fri Aug 12 04:07:51 2016 (r49252) @@ -0,0 +1,218 @@ +--- sys/dev/hyperv/vmbus/hv_channel.c.orig ++++ sys/dev/hyperv/vmbus/hv_channel.c +@@ -180,12 +180,12 @@ + if (user_data_len) + memcpy(open_msg->user_data, user_data, user_data_len); + +- mtx_lock_spin(&hv_vmbus_g_connection.channel_msg_lock); ++ mtx_lock(&hv_vmbus_g_connection.channel_msg_lock); + TAILQ_INSERT_TAIL( + &hv_vmbus_g_connection.channel_msg_anchor, + open_info, + msg_list_entry); +- mtx_unlock_spin(&hv_vmbus_g_connection.channel_msg_lock); ++ mtx_unlock(&hv_vmbus_g_connection.channel_msg_lock); + + ret = hv_vmbus_post_message( + open_msg, sizeof(hv_vmbus_channel_open_channel)); +@@ -212,12 +212,12 @@ + } + + cleanup: +- mtx_lock_spin(&hv_vmbus_g_connection.channel_msg_lock); ++ mtx_lock(&hv_vmbus_g_connection.channel_msg_lock); + TAILQ_REMOVE( + &hv_vmbus_g_connection.channel_msg_anchor, + open_info, + msg_list_entry); +- mtx_unlock_spin(&hv_vmbus_g_connection.channel_msg_lock); ++ mtx_unlock(&hv_vmbus_g_connection.channel_msg_lock); + sema_destroy(&open_info->wait_sema); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***