git: 4c85a69d0f - main - Add EN-23:13, EN-23:14, SA-23:15, and SA-23:16.

From: Gordon Tetlow <gordon_at_FreeBSD.org>
Date: Wed, 08 Nov 2023 06:30:37 UTC
The branch main has been updated by gordon:

URL: https://cgit.FreeBSD.org/doc/commit/?id=4c85a69d0f11b191ee161ff8fdba6162d46c0ff4

commit 4c85a69d0f11b191ee161ff8fdba6162d46c0ff4
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2023-11-08 06:29:21 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-11-08 06:29:21 +0000

    Add EN-23:13, EN-23:14, SA-23:15, and SA-23:16.
    
    Approved by:    so
---
 website/data/security/advisories.toml              |   8 +
 website/data/security/errata.toml                  |   8 +
 .../advisories/FreeBSD-EN-23:13.freebsd-update.asc | 153 +++++++++++++++++++
 .../advisories/FreeBSD-EN-23:14.regcomp.asc        | 151 +++++++++++++++++++
 .../security/advisories/FreeBSD-SA-23:15.stdio.asc | 167 +++++++++++++++++++++
 .../advisories/FreeBSD-SA-23:16.cap_net.asc        | 140 +++++++++++++++++
 .../security/patches/EN-23:13/freebsd-update.patch |  11 ++
 .../patches/EN-23:13/freebsd-update.patch.asc      |  16 ++
 .../static/security/patches/EN-23:14/regcomp.patch |  33 ++++
 .../security/patches/EN-23:14/regcomp.patch.asc    |  16 ++
 .../security/patches/SA-23:15/stdio.12.patch       |  42 ++++++
 .../security/patches/SA-23:15/stdio.12.patch.asc   |  16 ++
 .../security/patches/SA-23:15/stdio.13.patch       | 125 +++++++++++++++
 .../security/patches/SA-23:15/stdio.13.patch.asc   |  16 ++
 .../security/patches/SA-23:15/stdio.14.patch       | 125 +++++++++++++++
 .../security/patches/SA-23:15/stdio.14.patch.asc   |  16 ++
 .../static/security/patches/SA-23:16/cap_net.patch |  32 ++++
 .../security/patches/SA-23:16/cap_net.patch.asc    |  16 ++
 18 files changed, 1091 insertions(+)

diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 6432cceb40..d3995fcc48 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,14 @@
 # Sort advisories by year, month and day
 # $FreeBSD$
 
+[[advisories]]
+name = "FreeBSD-SA-23:16.cap_net"
+date = "2023-11-08"
+
+[[advisories]]
+name = "FreeBSD-SA-23:15.stdio"
+date = "2023-11-08"
+
 [[advisories]]
 name = "FreeBSD-SA-23:14.smccc"
 date = "2023-10-03"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 8c61975a0c..df128aa134 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
 # Sort errata notices by year, month and day
 # $FreeBSD$
 
+[[notices]]
+name = "FreeBSD-EN-23:14.regcomp"
+date = "2023-11-08"
+
+[[notices]]
+name = "FreeBSD-EN-23:13.freebsd-update"
+date = "2023-11-08"
+
 [[notices]]
 name = "FreeBSD-EN-23:12.freebsd-update"
 date = "2023-10-03"
diff --git a/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc
new file mode 100644
index 0000000000..08dafcfa78
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:13.freebsd-update                                 Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          freebsd-update does not handle deep boot environments
+
+Category:       core
+Announced:      2023-11-08
+Affects:        All supported versions of FreeBSD.
+Corrected:      2023-10-24 00:04:14 UTC (stable/14, 14.0-STABLE)
+                2023-10-24 16:12:01 UTC (releng/14.0, 14.0-RC3)
+                2023-10-24 00:04:18 UTC (stable/13, 13.2-STABLE)
+                2023-11-08 00:59:45 UTC (releng/13.2, 13.2-RELEASE-p5)
+                2023-10-24 00:05:10 UTC (stable/12, 12.4-STABLE)
+                2023-11-08 01:10:13 UTC (releng/12.4, 12.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+freebsd-update will create a new boot environment as a backup when performing
+updates.
+
+II.  Problem Description
+
+Some systems use non-default configurations referred to as "deep" boot
+environments.  Deep boot environments place datasets belonging to the boot
+environment subordinate to the boot environment dataset itself, rather than
+elsewhere in the pool structure.
+
+This kind of boot environment requires the -r flag to bectl(8) for most
+operations in order to recurse on these subordinate datasets, but
+freebsd-update(8) was not recursing when creating a backup boot environment.
+
+III. Impact
+
+Without recursing in bectl(8), backups taken of a deep boot environment are not
+complete snapshots of the system state before the upgrade takes place.  This
+means that it's potentially painful to try and rollback to the pre-upgrade state
+after the upgrade has completed.
+
+IV.  Workaround
+
+No workaround is available, but the default configuration is not affected and
+deep boot environment users may create their own backups prior to an upgrade
+with a manual `bectl create -r ...`
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/14/                              5c2a559876d1    stable/14-n265583
+releng/14.0/                            e34fdb7c119e  releng/14.0-n265341
+stable/13/                              80f747781f12    stable/13-n256596
+releng/13.2/                            e79edfaf68c5  releng/13.2-n254641
+stable/12/                                                        r373256
+releng/12.4/                                                      r373266
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267535>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:13.freebsd-update.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKZUACgkQbljekB8A
+Gu+SVw/9FKEzcR7kUudFRwnNsY1LI7YphmuEA7xT6pdiMxizHmh/iWOF8yc5l3Ky
+lpXcIhbNXwOcI06Jv9OswIZyOXTtLZat+MVLyx4uoMgdHuM4wuPx4N9lo6FwvE1v
+Ehtf1GkEnOANcxou0PdrS+fHzUKx/hjn/WVKcdp+YmYzf19LnIqj2H58QWTP7INr
+cP/rj3EiqGi7XkBEh4te6nTyy27Wu+ihZZDdLFv43sf/cOEl2wsd8HJxVxfz9aEP
+lhJSBVMFq46YfNSLIsYLLN5v6d2C5ag4JJ2tvuX2sazLl3TXafDZ+OtAok0h8iiE
+qGrad3dt/g/5/WnSVK68GQ4MfyXJtfywxK18CX3fojeCuDJ5D9j7XUUXaqHHty9r
+CdcI4yZkswijkKIhtBRYdGh7Nvue54br6cnf7L8i/6hbPnLbdue3gs+v5OLNEttm
+LthNPViDJWid2TD+mRDS/2JubpiHspzb06Z+q2Hpt5wLRdISu1qPnjgGXgzXgPNB
+3PYbsPp2i1rHmz52K08hK+582QL5PMS5/hpB6pN2bakugvAGz5ocrBn1C5ejNIeo
+4FAFV5w4cvgaJJf7eI8Lo+IzEcg4gA6h8ibDsFXIzMf3Fnn9p7qH7cw85AoemW4a
+ZZBDYL81fEy9hJBqhQC4cmjEdzuvptPV5arFzX8J9M6Hirrnt9g=
+=l1ce
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc
new file mode 100644
index 0000000000..796c1e6368
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc
@@ -0,0 +1,151 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:14.regcomp                                        Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		Incorrect regular expression escape handling
+
+Category:       core
+Module:         libc
+Announced:      2023-11-08
+Affects:        All supported versions of FreeBSD.
+Corrected:      2023-09-30 01:40:59 UTC (stable/14, 14.0-STABLE)
+                2023-10-01 04:46:02 UTC (releng/14.0, 14.0-BETA5)
+                2023-09-30 01:41:23 UTC (stable/13, 13.2-STABLE)
+                2023-11-08 00:59:51 UTC (releng/13.2, 13.2-RELEASE-p5)
+                2023-09-30 01:41:57 UTC (stable/12, 12.4-STABLE)
+                2023-11-08 01:11:09 UTC (releng/12.4, 12.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The libc regex(3) implementation is responsible for compiling and applying
+regular expressions as used in, e.g., grep(1) and sed(1).
+
+II.  Problem Description
+
+In some instances, the regcomp() implementation would inadvertently sign-extend
+a character in the regular expression.  Additionally, alphabetic wide-characters
+were not properly being considered as such.
+
+III. Impact
+
+Regular expressions supplied to grep(1) or sed(1) that contained an alphabetic
+wide-character would incorrectly error out as if a bogus trailing backslash had
+been supplied.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Rebooting after the update is not strictly necessary, but it is recommended
+in case the error affects some daemon in use.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch.asc
+# gpg --verify regcomp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/14/                              56b09feb23d9    stable/14-n265274
+releng/14.0/                            408daf2caa92  releng/14.0-n265163
+stable/13/                              ac695744e2cf    stable/13-n256440
+releng/13.2/                            67264bfe4992  releng/13.2-n254642
+stable/12/                                                        r373222
+releng/12.4/                                                      r373267
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264275>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:14.regcomp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaAACgkQbljekB8A
+Gu+LkRAA3/sUdxhrZ2iv6JBThfYSW0d3aTNLz9z4bv41wGqXoYyXnUaQqwi0bxqN
+ckbtEB6jpoAArlZvcYnP6vmS7BdFHjaeXCI5pFsVtbhz7xlLVjlEgZwPNv69MT+2
+Uzg+cyHF0PU+7Mfh+Pxx3yURnBCXMljdMKrIkFK61nyHjHjL1HFMS07DxkZh3m24
+rG/WOJ9/fT+ICa3SAeREuydUUbXVvr1nmff8BJDV2PjQp2y8RaeYCjshfvHBA7AJ
+kC7y2TNUYtosFZkGAU33d0HZw/LNiWGQR0t4xjDBRNbQOF7vmOwmVHXqb+47bq6Z
+DajjnHTZcIs8edXpHC99EQu/1GVpc4zqPYZeO7VRZJg/EnYgXv2WYZr0zr0PsSw5
+mrnXIqt9c1YRZ6h5XEFv6G4L++8/FjbjZZUqriBurvYWwbXRr8Y6UY1r9Mbz6W+z
+h5jDwbrXB9kd+7az6m+jF5hFRe+74NQDtPFlRfP5ZpWZUb1NAmfU3x2s28m4ovWk
+Pg5kbiU4mDmml0pnLuIEOtr4ukvURY+V9NVhN7QW3WhP6TTvHwilgdfO8QNG847x
+eh2xFIF1cH/Ce1PK0PuvNwmWu8RlHaQpDIKWZ5qMzehk3Sk7da+p9cGzXGUyrWTC
+AdEAuIwPiNo0Lcj9isRaMB7TDDu4Wgv0Z9UVQtHikRrs1ul5s1c=
+=TY3O
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc
new file mode 100644
index 0000000000..0e367ac3a7
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-23:15.libc                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:		libc stdio buffer overflow
+
+Category:       core
+Module:         libc
+Announced:      2023-11-07
+Credits:	inooo
+                All supported versions of FreeBSD.
+Corrected:      2023-11-07 17:29:20 UTC (stable/14, 14.0-STABLE)
+                2023-11-08 00:45:25 UTC (releng/14.0, 14.0-RC4-p1)
+                2023-11-07 18:41:49 UTC (stable/13, 13.2-STABLE)
+                2023-11-08 00:48:03 UTC (releng/13.2, 13.2-RELEASE-p5)
+                2023-11-08 14:30:51 UTC (stable/12, 12.4-STABLE)
+                2023-11-08 01:09:31 UTC (releng/12.4, 12.4-RELEASE-p7)
+CVE Name:       CVE-2023-5941
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD C library (libc) Standard I/O (stdio) component provides
+essential functionality for input and output operations including file
+handling and buffering.  It includes functions like "fopen", "printf", and
+"fflush".  Streams may be unbuffered, line buffered, or fully buffered.
+The library writes buffered data when the buffer is full or when the
+application explicitly requests so by calling the fflush(3) function.
+
+II.  Problem Description
+
+For line-buffered streams the __sflush() function did not correctly update
+the FILE object's write space member when the write(2) system call returns
+an error.
+
+III. Impact
+
+Depending on the nature of an application that calls libc's stdio functions
+and the presence of errors returned from the write(2) system call (or an
+overridden stdio write routine) a heap buffer overfly may occur.  Such
+overflows may lead to data corruption or the execution of arbitrary code at
+the privilege level of the calling program.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.0]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch.asc
+# gpg --verify stdio.14.patch.asc
+
+[FreeBSD 13.2]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch.asc
+# gpg --verify stdio.13.patch.asc
+
+[FreeBSD 12.4]
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch.asc
+# gpg --verify stdio.12.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/14/                              abe12d2f4ce3    stable/14-n265706
+releng/14.0/                            1f9c4610dde5  releng/14.0-n265376
+stable/13/                              59ec3ffdd7ce    stable/13-n256680
+releng/13.2/                            d51a39b13ee4  releng/13.2-n254639
+stable/12/                                                        r373263
+releng/12.4/                                                      r373265
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5941>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:15.stdio.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaIACgkQbljekB8A
+Gu/MXBAA1Aayy2tPhgpV7uwRZWHKLsda8Am0/7Ok6fswejrxntVIlOwg+Vyo1pTW
+ojDTG2HS9BovXwdhWdSEObNwk+KxZlF8YIYHMOv5HyU4/iTxiBYVUjnk14J0YQAw
+mywyBjOyULXv1gOlvA8FUMk6M8I/RE9fN8dR0D6xHwdY/a/LUbpqqo3H7fftF5D7
+CVZy4Uw0rSJXvJEZIWhgbaqKRyjydXoClX4NS/aMEfLFGDcSQtblVotUVpDedsRZ
+uhVKLibhNqoaausR75oLB6izclHQXzXz3eh7UefM7Udz4R/M8IfFtxwtpsWl3KGH
+bB/2BfrWgrj6Emhmy455NShd7YDcw4VdIZZUVwofS8kmw9NMxvtU2EgdFp/TITMD
+fo/XqMtrwpNTjuyWPY9xM41QansEeidhVBeHsA6B8kmsiZ1XVo8uaAmj5aHldEZx
+TCCVWOlg8D/OnHHtOY0nBz50f57Lt8z2UcSlR3nZL/wRgxsGDdwh1doeFJupIxbE
+1ZS6x4DoQInUhVNTXmSngMCfNOywatVCaOnS2swZETEawI4xAYKUHVJswpA3E0R4
+MhUEo5gk2dEYhuvvr51eewvNSE9mIt7rPhNxhSU7hioraWkdLqE7rUkv9eeaSOOu
+BWaAaCnyS/Vft6aC5nqTg/+2EeRPNJg7JkTHl+pu00h3Y+Q2g48=
+=wgNS
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc
new file mode 100644
index 0000000000..249a838ac8
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-23:16.cap_net                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect libcap_net limitation list manipulation
+
+Category:       core
+Module:         libcap_net
+Announced:      2023-11-08
+Credits:        Shawn Webb, Mariusz Zaborski 
+Affects:        FreeBSD 13.2 and later
+Corrected:      2023-11-06 19:19:04 UTC (stable/14, 14.0-STABLE)
+                2023-11-08 00:45:34 UTC (releng/14.0, 14.0-RC4-p1)
+                2023-11-06 19:19:54 UTC (stable/13, 13.2-STABLE)
+                2023-11-08 00:49:31 UTC (releng/13.2, 13.2-RELEASE-p5)
+CVE Name:       CVE-2023-5978
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+libcasper(3) allows Capsicum-sandboxed applications to define and use system
+interfaces which would otherwise be disallowed, through implementing special
+services.  One of these services, libcap_net, enables networking capabilities
+within the restriced environment.
+
+II.  Problem Description
+
+Casper services allow limiting operations that a process can perform.  Each
+service maintains a specific list of permitted operations.  Certain operations
+can be further restricted, such as specifying which domain names can be
+resolved.  During the verification of limits, the service must ensure that the
+new set of constraints is a subset of the previous one.  In the case of the
+cap_net service, the currently limited set of domain names was fetched
+incorrectly.
+
+III. Impact
+
+In certain scenarios, if only a list of resolvable domain names was specified
+without setting any other limitations, the application could submit a new list
+of domains including include entries not previously in the list.
+
+IV.  Workaround
+
+No workaround is available.  Note that no FreeBSD base system software is
+vulnerable to this issue.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch.asc
+# gpg --verify cap_net.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/14/                              765757c6301f    stable/14-n265696
+releng/14.0/                            5f4fc91cc87c  releng/14.0-n265377
+stable/13/                              114c6d9bef76    stable/13-n256672
+releng/13.2/                            acd860c3622d  releng/13.2-n254640
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5978>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:16.cap_net.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaYACgkQbljekB8A
+Gu8Ofg/6AxzPey7hIS6rRO5Mv5ufiKEiYDwPo3t6epUiaLid21KhkLry1CofqFHd
+pC0zsYDJiWCkvieGBHhCkNYmffL9TCgLqNxSSH7plwMHwrLLQKxYRVn9V0ReGdc9
+qRY5XB1W0Ocns0CbpEXuMRNde5UNwc63xN0/xlnBESfex6+fP9kPNB7VLoYY4Foj
+jDzn6s8YNaUOVO7YtlZDjPRRazwVLriQ3Bf+lCNkJFq4VyyhRPFkeknOFHt5olA2
+dp+DIVQGUVRGjeaZDlxLZ4j0Nw39ZK8T6mSXSskjtSfQtHd6DPgDFBzZKjhtzRFd
++5lutnrXpZemQjUcOKqVG1ZmlbDQChIWVlJ1kyORRjb8ZO+vknhFo/w3a5o4sq1A
+ZtK1w2CFo0+jL+oWxJdFEiRFR0jwMtVfMCzZAoLsDXnYbmni/353BKGMlBFgdsAy
+Php3E/LsxCoFaZ+r87Z6O2UefEYMCr1FDM99SQkU1Ui3kzWEskHEvPR6JS31Htu2
+9ry3c4T08r1Qhp7J9Zdfnwvtd0fyEWn16ewzeiV4M6+gPErWZncar+86b87IRKof
+bTJ4XiK7kcORyD5ksgcBINUd5njOvXGIYTfkqSmlyikAhnoM7MN3npUGyRq6KQTE
+NPAr3gWrch7pegBVP3JuDQaYwfJarg6BmPb9sWWfkzQHRf9pfOI=
+=XNt1
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:13/freebsd-update.patch b/website/static/security/patches/EN-23:13/freebsd-update.patch
new file mode 100644
index 0000000000..76c6b9ff9a
--- /dev/null
+++ b/website/static/security/patches/EN-23:13/freebsd-update.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -916,7 +916,7 @@
+ 			echo -n "Creating snapshot of existing boot environment... "
+ 			VERSION=`freebsd-version -ku | sort -V | tail -n 1`
+ 			TIMESTAMP=`date +"%Y-%m-%d_%H%M%S"`
+-			bectl create ${VERSION}_${TIMESTAMP}
++			bectl create -r ${VERSION}_${TIMESTAMP}
+ 			if [ $? -eq 0 ]; then
+ 				echo "done.";
+ 			else
diff --git a/website/static/security/patches/EN-23:13/freebsd-update.patch.asc b/website/static/security/patches/EN-23:13/freebsd-update.patch.asc
new file mode 100644
index 0000000000..48d1aa9979
--- /dev/null
+++ b/website/static/security/patches/EN-23:13/freebsd-update.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKZ8ACgkQbljekB8A
+Gu/EDRAAzEfC1ThckV63SsbfX/0KSm2XXHIpDppl86ML8F/WpPUhLAHu7KcmSVSG
+mxqlqhB9eUa/gMLCibrjBVFOugBwWi3BAiiZIVpwdnH5ycgn0Dpu1ngCxI0PxlLC
+sRuwuXMBhDdTRhqq5A1nqMF6pCaAtrhfbThKQU9d/dQTOigHCqB9AILJcM2mf8Kd
+pbo/uTidNdFhLkCWueN9hwJOLZwrtlFoIzd3OuEtlnbq5C9OPd2IhIMBHq1EB6vV
+cenxpdwxszuuAAawCnKsDq6+8BwFhI5hsubMuWhs1XkR2JLCn8ZmifSD9cEqO4ai
+3LxmN8j3CIZiWflWbgB9Kv6dDvDkcZ4wD+pGbRwNpmpLzt2obbrJFvTbV1g8vWaG
+03Y3Kt9lsnw2GaXRNtGA5WQrdA8PRgboOvq2ZB6SOEviFQ6IDOO+PspVF48OyS2g
+khMQhvZPQxyM5vxgJR3z2q3c+GpBKq5qIzfs2YErCi6y5JSDyzlpiOX0doXNjPc7
+6czhO4bIpXG7XuAerVS1ZnO7KpwxBBO3pK9iTivsR8Yo4gP5h7o73SD8TKCQ4Oq7
+b7wVDKncExUtK/1firP90QWDLETeev+QX87Rt5b0+RnWG+lZiWlnUbMMjkLQoHMh
+JNSFsqPNkt06Oc2LgzBnoNAkTOIBqKdfpBx6HmZchn3JdbY0g9U=
+=mz0x
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:14/regcomp.patch b/website/static/security/patches/EN-23:14/regcomp.patch
new file mode 100644
index 0000000000..b3cf36ebd5
--- /dev/null
+++ b/website/static/security/patches/EN-23:14/regcomp.patch
@@ -0,0 +1,33 @@
+--- lib/libc/regex/regcomp.c.orig
++++ lib/libc/regex/regcomp.c
+@@ -828,10 +828,10 @@
+ 	handled = false;
+ 
+ 	assert(MORE());		/* caller should have ensured this */
+-	c = GETNEXT();
++	c = (uch)GETNEXT();
+ 	if (c == '\\') {
+ 		(void)REQUIRE(MORE(), REG_EESCAPE);
+-		cc = GETNEXT();
++		cc = (uch)GETNEXT();
+ 		c = BACKSL | cc;
+ #ifdef LIBREGEX
+ 		if (p->gnuext) {
+@@ -992,7 +992,7 @@
+ 	int ndigits = 0;
+ 
+ 	while (MORE() && isdigit((uch)PEEK()) && count <= DUPMAX) {
+-		count = count*10 + (GETNEXT() - '0');
++		count = count*10 + ((uch)GETNEXT() - '0');
+ 		ndigits++;
+ 	}
+ 
+@@ -1302,7 +1302,7 @@
+ 
+ 	if ((p->pflags & PFLAG_LEGACY_ESC) != 0)
+ 		return (true);
+-	if (isalpha(ch) || ch == '\'' || ch == '`')
++	if (iswalpha(ch) || ch == '\'' || ch == '`')
+ 		return (false);
+ 	return (true);
+ #ifdef NOTYET
diff --git a/website/static/security/patches/EN-23:14/regcomp.patch.asc b/website/static/security/patches/EN-23:14/regcomp.patch.asc
new file mode 100644
index 0000000000..a39e86454f
--- /dev/null
+++ b/website/static/security/patches/EN-23:14/regcomp.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaEACgkQbljekB8A
+Gu+pIA//Wifwi3NMr++co8mYoIbszyN6kkaA30d5guB8gNdqL834Ipcpai+pYj6Z
+Z9ARlVHZkawwBEfPQOXi+0Q1c1o55QsSwpunUJ2gbtcFrAnh7huXLT3gE4QSEEKu
+XvepH/mCOmBL4tPC2lGiiRXH7xZ9AGS8N0vyOfryks39DG1N0s900a56qaUs5sQx
+6/7Th2tucHM5XR7J6fp2PL2vd4U3/EbtdeYpf3uvdRF01u1qiyHL1gwANLs944wD
+u7Clh+3rgHDcuMoZuU+29DRiAAhhB53CMoK+nb981vmYEZ0BvaQ6D1RE+TrLdyaR
+YBTHcwUaY4J330hxMAeI+pHD82fZeVze1REepizIaG6zBvYJ0ZgArkJ5kF7zPicq
+8cuMx/AnFwjhNj/1HuBSbRcPNj6qjDwbrIM3bh7N0O+r28IrhJdhCkbN4N90shBn
+eBx3s2gIQHkvFwpIOzlfF6RagTWJfIoX90agFQcdhzujZaFdYj8u5xXkkGqrlBoL
+j/myQeaX34rkus72370EowT5XfmcM7du7968shIU/NvDpT4RKml4yivjFPP4mLNS
+9VCj8l9VAeFSv/hLHWkmUh/Y6VS5GCdKGm+bBwVOdHOKUInDNIS0AyPfUjmk4bWw
+hT3S0dK7jyKYVG6/TlVhrRsbJ58iOOGBF6fsCBALd9cPZHOyiTE=
+=uTh+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-23:15/stdio.12.patch b/website/static/security/patches/SA-23:15/stdio.12.patch
new file mode 100644
index 0000000000..238780a3d5
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.12.patch
@@ -0,0 +1,42 @@
+--- lib/libc/stdio/fflush.c.orig
++++ lib/libc/stdio/fflush.c
+@@ -106,10 +106,10 @@
+ __sflush(FILE *fp)
+ {
+ 	unsigned char *p;
+-	int n, t;
++	int n, f, t;
+ 
+-	t = fp->_flags;
+-	if ((t & __SWR) == 0)
++	f = fp->_flags;
++	if ((f & __SWR) == 0)
+ 		return (0);
+ 
+ 	if ((p = fp->_bf._base) == NULL)
+@@ -122,19 +122,18 @@
+ 	 * exchange buffering (via setvbuf) in user write function.
+ 	 */
+ 	fp->_p = p;
+-	fp->_w = t & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
++	fp->_w = f & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
+ 
+ 	for (; n > 0; n -= t, p += t) {
+ 		t = _swrite(fp, (char *)p, n);
+ 		if (t <= 0) {
+-			/* Reset _p and _w. */
+-			if (p > fp->_p) {
++			if (p > fp->_p)
+ 				/* Some was written. */
+ 				memmove(fp->_p, p, n);
+-				fp->_p += n;
+-				if ((fp->_flags & (__SLBF | __SNBF)) == 0)
+-					fp->_w -= n;
+-			}
++			/* Reset _p and _w. */
++			fp->_p += n;
++			if ((fp->_flags & __SNBF) == 0)
++				fp->_w -= n;
+ 			fp->_flags |= __SERR;
+ 			return (EOF);
+ 		}
diff --git a/website/static/security/patches/SA-23:15/stdio.12.patch.asc b/website/static/security/patches/SA-23:15/stdio.12.patch.asc
new file mode 100644
index 0000000000..4f33a02361
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaMACgkQbljekB8A
+Gu9duhAAnc7k//U2XNdC4H7Czu9QTZBHwJFh6kMZBN8H70iauT+jrsMfImtHq4CC
+rm1n7y0ke63LqA9OTjFzYqYxd13gWC2XxB6Ct/FGEZ+gKqYE4zdGL2qDuQEvU0+C
+Z06ZKN6HdR2fXKPxxw5O5/18YEgRg+XANw2kZ9c2+6cd6Gj4QkrCDURFhqYbwTma
+hXRK4Bk7eZc/D/rE98M1T1lUObjWiknJYsmEnYwWgVbQuldaAulxhFCKOaU7Nc/4
+czIYP6cQtCKtBq9UdW/kZfqZL1r1mnmZu0gJh4CvhcSOXuBQE5ir8ffHJ0aKSknG
+4tenkPpC6IcJ957HYSFanA5q+3lJ2jwzO9Z6lSjS05CGD0mThIwrNcEKtK2EhF9q
+4WlY8GpU3QI0gxPfZZDxF40faGc8V7Vx6UhcP/I05hDbUiB4HVtSRyJJU5yq+AXW
+TckXDME4N8ix6Ceu4b3frwBXXsAOD9lPPuQkMBjkwRbRei3hnPNaoifhzEhiGU8U
+OCDS1CueXZ7gAM62VBWHOylgIfoXdPv2QAn6+p7iFinKz0qPi4ucSxUENbkbR9/u
+oRCsmIZIiTjsQaFGgL7HppBEQzMmd5BreHatq5o7488KUxAuS9Eszorn1b8zbnTW
+UsjOLrRf5xfYWN+YOp5/gWUFNyGlY2QZHTZ5iQ2j5UoWPB1IyCc=
+=yCZH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-23:15/stdio.13.patch b/website/static/security/patches/SA-23:15/stdio.13.patch
new file mode 100644
index 0000000000..3ac8741c35
--- /dev/null
+++ b/website/static/security/patches/SA-23:15/stdio.13.patch
@@ -0,0 +1,125 @@
+--- lib/libc/stdio/fflush.c.orig
++++ lib/libc/stdio/fflush.c
+@@ -105,11 +105,11 @@
+ int
+ __sflush(FILE *fp)
+ {
+-	unsigned char *p, *old_p;
+-	int n, t, old_w;
++	unsigned char *p;
++	int n, f, t;
+ 
+-	t = fp->_flags;
+-	if ((t & __SWR) == 0)
++	f = fp->_flags;
++	if ((f & __SWR) == 0)
+ 		return (0);
+ 
+ 	if ((p = fp->_bf._base) == NULL)
+@@ -121,26 +121,19 @@
+ 	 * Set these immediately to avoid problems with longjmp and to allow
+ 	 * exchange buffering (via setvbuf) in user write function.
+ 	 */
+-	old_p = fp->_p;
+ 	fp->_p = p;
+-	old_w = fp->_w;
+-	fp->_w = t & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
++	fp->_w = f & (__SLBF|__SNBF) ? 0 : fp->_bf._size;
+ 
+ 	for (; n > 0; n -= t, p += t) {
+ 		t = _swrite(fp, (char *)p, n);
+ 		if (t <= 0) {
+-			/* Reset _p and _w. */
+-			if (p > fp->_p) {
++			if (p > fp->_p)
+ 				/* Some was written. */
+ 				memmove(fp->_p, p, n);
+-				fp->_p += n;
+-				if ((fp->_flags & (__SLBF | __SNBF)) == 0)
+-					fp->_w -= n;
+-			/* conditional to handle setvbuf */
+-			} else if (p == fp->_p && errno == EINTR) {
+-				fp->_p = old_p;
+-				fp->_w = old_w;
+-			}
++			/* Reset _p and _w. */
++			fp->_p += n;
++			if ((fp->_flags & __SNBF) == 0)
++				fp->_w -= n;
+ 			fp->_flags |= __SERR;
+ 			return (EOF);
+ 		}
+--- lib/libc/stdio/fvwrite.c.orig
++++ lib/libc/stdio/fvwrite.c
+@@ -38,7 +38,6 @@
+ #include <sys/cdefs.h>
+ __FBSDID("$FreeBSD$");
+ 
+-#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -55,7 +54,6 @@
+ __sfvwrite(FILE *fp, struct __suio *uio)
+ {
+ 	size_t len;
+-	unsigned char *old_p;
+ 	char *p;
+ 	struct __siov *iov;
+ 	int w, s;
+@@ -139,12 +137,8 @@
+ 				COPY(w);
+ 				/* fp->_w -= w; */ /* unneeded */
+ 				fp->_p += w;
+-				old_p = fp->_p;
+-				if (__fflush(fp) == EOF) {
+-					if (old_p == fp->_p && errno == EINTR)
+-						fp->_p -= w;
++				if (__fflush(fp))
+ 					goto err;
+-				}
+ 			} else if (len >= (w = fp->_bf._size)) {
+ 				/* write directly */
+ 				w = _swrite(fp, p, w);
+@@ -183,12 +177,8 @@
+ 				COPY(w);
+ 				/* fp->_w -= w; */
+ 				fp->_p += w;
+-				old_p = fp->_p;
+-				if (__fflush(fp) == EOF) {
+-					if (old_p == fp->_p && errno == EINTR)
+-						fp->_p -= w;
++				if (__fflush(fp))
+ 					goto err;
+-				}
+ 			} else if (s >= (w = fp->_bf._size)) {
+ 				w = _swrite(fp, p, w);
+ 				if (w <= 0)
+--- lib/libc/stdio/wbuf.c.orig
++++ lib/libc/stdio/wbuf.c
+@@ -52,7 +52,6 @@
+ int
+ __swbuf(int c, FILE *fp)
+ {
*** 257 LINES SKIPPED ***