git: 9030a72250 - main - Add EN-21:01 to EN-21:05, SA-21:01, and SA-21:02.
Gordon Tetlow
gordon at FreeBSD.org
Fri Jan 29 02:18:33 UTC 2021
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=9030a72250f232686e22d8e36a51cf196221c361
commit 9030a72250f232686e22d8e36a51cf196221c361
Author: Gordon Tetlow <gordon at FreeBSD.org>
AuthorDate: 2021-01-29 02:17:45 +0000
Commit: Gordon Tetlow <gordon at FreeBSD.org>
CommitDate: 2021-01-29 02:17:45 +0000
Add EN-21:01 to EN-21:05, SA-21:01, and SA-21:02.
Approved by: so
---
website/data/security/advisories.toml | 8 +
website/data/security/errata.toml | 20 +
.../advisories/FreeBSD-EN-21:01.tzdata.asc | 148 ++
.../advisories/FreeBSD-EN-21:02.extattr.asc | 129 ++
.../security/advisories/FreeBSD-EN-21:03.vnet.asc | 130 ++
.../security/advisories/FreeBSD-EN-21:04.zfs.asc | 130 ++
.../advisories/FreeBSD-EN-21:05.libatomic.asc | 125 ++
.../advisories/FreeBSD-SA-21:01.fsdisclosure.asc | 150 ++
.../advisories/FreeBSD-SA-21:02.xenoom.asc | 142 ++
.../security/patches/EN-21:01/tzdata-2021a.patch | 1498 ++++++++++++++++++++
.../patches/EN-21:01/tzdata-2021a.patch.asc | 18 +
.../static/security/patches/EN-21:02/extattr.patch | 11 +
.../security/patches/EN-21:02/extattr.patch.asc | 18 +
.../static/security/patches/EN-21:03/vnet.patch | 291 ++++
.../security/patches/EN-21:03/vnet.patch.asc | 18 +
website/static/security/patches/EN-21:04/zfs.patch | 150 ++
.../static/security/patches/EN-21:04/zfs.patch.asc | 18 +
.../security/patches/EN-21:05/libatomic.patch | 71 +
.../security/patches/EN-21:05/libatomic.patch.asc | 18 +
.../patches/SA-21:01/fsdisclosure.11.patch | 10 +
.../patches/SA-21:01/fsdisclosure.11.patch.asc | 18 +
.../patches/SA-21:01/fsdisclosure.12.patch | 166 +++
.../patches/SA-21:01/fsdisclosure.12.patch.asc | 18 +
.../security/patches/SA-21:02/xenoom.11.patch | 255 ++++
.../security/patches/SA-21:02/xenoom.11.patch.asc | 18 +
.../security/patches/SA-21:02/xenoom.12.patch | 300 ++++
.../security/patches/SA-21:02/xenoom.12.patch.asc | 18 +
27 files changed, 3896 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index db5d4bcb24..95683bed85 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,14 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-21:02.xenoom"
+date = "2021-01-29"
+
+[[advisories]]
+name = "FreeBSD-SA-21:01.fsdisclosure"
+date = "2021-01-29"
+
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 6dc8406ef5..eb4071d077 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,26 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-21:05.libatomic"
+date = "2021-01-29"
+
+[[notices]]
+name = "FreeBSD-EN-21:04.zfs"
+date = "2021-01-29"
+
+[[notices]]
+name = "FreeBSD-EN-21:03.vnet"
+date = "2021-01-29"
+
+[[notices]]
+name = "FreeBSD-EN-21:02.extattr"
+date = "2021-01-29"
+
+[[notices]]
+name = "FreeBSD-EN-21:01.tzdata"
+date = "2021-01-29"
+
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
diff --git a/website/static/security/advisories/FreeBSD-EN-21:01.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-21:01.tzdata.asc
new file mode 100644
index 0000000000..dc16699e8e
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:01.tzdata.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:01.tzdata Errata Notice
+ The FreeBSD Project
+
+Topic: Timezone database information update
+
+Category: contrib
+Module: zoneinfo
+Announced: 2021-01-29
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-01-25 21:56:55 UTC (stable/12, 12.2-STABLE)
+ 2021-01-29 01:20:49 UTC (releng/12.2, 12.2-RELEASE-p3)
+ 2021-01-29 01:05:59 UTC (releng/12.1, 12.1-RELEASE-p13)
+ 2021-01-25 21:57:06 UTC (stable/11, 11.4-STABLE)
+ 2021-01-29 00:19:59 UTC (releng/11.4, 11.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime. This file actually controls the
+conversion.
+
+II. Problem Description
+
+Several changes in Daylight Savings Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+countries. Because of these changes, the data in the zoneinfo files need to
+be updated, and if the local timezone on the running system is affected,
+tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV. Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V. Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately. For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:01/tzdata-2021a.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:01/tzdata-2021a.patch.asc
+# gpg --verify tzdata-2021a.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12 r369143
+releng/12.2 r369171
+releng/12.1 r369162
+stable/11/ r369144
+releng/11.4/ r369153
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:01.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbfZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKOpA//Urdpqngx7TTrUYuIFijatPi+MWNWEgW04TPXfa7Vmp5bPFC/fJGJ0o2u
+lMUVwodrlfX5GUvPENwC/xVVxlzGCX4ljpFbocJIBWczA6LQ+P0u4ibdgSWuh9IS
+4Aj/MFrd6b+Ui7JY6LF+g0n9M6Tcprui9ZVef7AmcEAOcKQEdIA/kNEfOSnlBy8t
+HgSVQOmVRbsWYN9B7ZfrsztaiPzFwLfm4Wu62CyrN7H1uSGve9JLrz56W1t3t7u+
+pKaemOZM6g1efHWVYHUIJh7A7KPSNaLHY3tuQ5Sw6KetST9PCrGwwWVyn+0Cirwp
+kL/1tjBAB31hsBNJxpvw6NSAazsUfMmKwmtaO9+Gy11ay5neCD2CPUNLCIa7KbjC
+XT1PcrNnkodID0xdnNGy77toZwbjN81ADurLc+O63FycVugENB81ZtSJWTW7teIL
+sIfh4A6yf+0szPU9/TIOZx9Qhnp2+Az2C39bgqmeWiv4SwTJnxvYZ6gqGaimdHtX
+kIozG96X7qyBD4y1Zm45QRrABmb+3AbF1PyCj3pq1re/GpqFlm8ADog3VWE6FaWn
+f/TlgtQtbknMcnWtpqXlvajWFa6vvq/2o7M7TRGPInQr0SA4gk5K6U9OQtrdKRGe
+QugdkOMBRuJt1+RO/XAgtcTDpV7CI8QncCONWOItPq4+n5J7PyU=
+=irIL
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:02.extattr.asc b/website/static/security/advisories/FreeBSD-EN-21:02.extattr.asc
new file mode 100644
index 0000000000..d30949a2ad
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:02.extattr.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:02.extattr Errata Notice
+ The FreeBSD Project
+
+Topic: UFS extattr corruption
+
+Category: core
+Module: UFS
+Announced: 2021-01-29
+Affects: FreeBSD 11.4
+Corrected: 2021-01-18 18:54:32 UTC (stable/11, 11.4-STABLE)
+ 2021-01-29 19:20:02 UTC (releng/11.4, 11.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Named extended attributes are meta-data associated with vnodes representing
+files and directories. They exist as "name=value" pairs within a set of
+namespaces. The UFS filesystem supports extended attributes.
+
+II. Problem Description
+
+Under certain conditions FreeBSD 11.x releases may produce a corrupt extattr
+file, and later attempts to access these extended attributes may result in
+system misbehavior. For example, lsextattr may spin at 100% CPU until the
+system is shut down.
+
+The issue that results in corrupt extattr data is not present in supported
+FreeBSD 12.x versions.
+
+III. Impact
+
+The system may not function as required with extended attributes in use.
+
+IV. Workaround
+
+No workaround is available. Systems not using extended attributes are not
+vulnerable.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch
+# fetch https://security.FreeBSD.org/patches/EN-12:02/extattr.patch.asc
+# gpg --verify extattr.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r369045
+releng/11.4/ r369154
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244089>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:02.extattr.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbiRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKxMBAAjpesCOTrkqvjjKZmez8ACSUdaa7IYMLbJpeXW+0IbFVU/IQdK5/aq6r1
+j/LytAbQ0yDlzfEggCeIWKGkbvaNs0eUVCx/1AOjWdxWePvrlpJ2GQNsHGZeWzBc
+QUv9LEao0MQF9UGjd0JV81nTE2DT4a2F3WVdfuX2QfkWntfWwpXf3Uf3Cvi6Cpfy
+rbZTkFeBmFvfgJu13co4re1gur8eYvMyNqcp+FO9OttEr/Fg5D/okQfp+0uZ1uIl
+80WNZLwgnJG07FBVgcjbbVr/JJJqzVQh3opUa4+6UZaaHoRszs4jE4Mc22C0G4Ma
+8vtBp4Z/Ndznv04TvTNiAyS3aAe0ums4yotZJBJEuVr1rA1lC6YgRVT9+qfsPcWT
+SuVM16NS4VGVpN5SruptLbrbTHQARDAAWDbtP1fB8ccvBIonf0hh5AOcKFBxHHY3
+NoKHLV373zTauvxqy7RKRAtnB2oB0uMT4j0lwJmn7CM1h+lL1GcVy1PTDVQ4mk+N
+2/I51AcbURjmWqxTTORI6p8CgLsiwPfdsup5T2g/JPu2nc9COWL/WKCytP2pXji3
++Lu+SJldxUCx8JiiCSFma7ZG/sjB+B1vOajzULqBWUgTH6YpX8gV78amDHmzRq20
+2is7fa+63ImVHtCZAIeSs/PGU2v+MDQ6eBNqFTccbgVvINEmMNE=
+=XIov
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:03.vnet.asc b/website/static/security/advisories/FreeBSD-EN-21:03.vnet.asc
new file mode 100644
index 0000000000..c9832e1268
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:03.vnet.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:03.vnet Errata Notice
+ The FreeBSD Project
+
+Topic: Panic when destroying VNET and epair simultaneously
+
+Category: core
+Module: kernel
+Announced: 2021-01-29
+Affects: FreeBSD 12.1 and later.
+Corrected: 2020-12-15 15:33:28 UTC (stable/12, 12.2-STABLE)
+ 2021-01-29 01:20:52 UTC (releng/12.2, 12.2-RELEASE-p3)
+ 2021-01-29 01:06:03 UTC (releng/12.1, 12.1-RELEASE-p13)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+VNET permits systems to be configured with multiple instances of the in-kernel
+network stack.
+
+The epair(4) interface provides a pair of virtual back-to-back connected
+Ethernet interfaces.
+
+II. Problem Description
+
+Insufficient locking in the kernel meant that destroying an epair and a vnet
+jail at the same time often resulted in panics.
+
+III. Impact
+
+Users with root level access (or the PRIV_NET_IFCREATE privilege) can panic
+the system.
+
+IV. Workaround
+
+The panic can be avoided by ensuring that epair interfaces are fully destroyed
+before the vnet jails containing them are destroyed.
+
+Systems not using vnet jails are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:03/vnet.patch.asc
+# gpg --verify vnet.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r368663
+releng/12.2/ r369172
+releng/12.1/ r369163
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238870>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:03.vnet.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKE3Q/+KQ96Grm2zOsWHVAl5Oz2TBdc7nGkIYSk59zFcmVMqduvKSjiJ3S1yLdX
+NsPm3KyFYeU7L/QM9Owsk1DTSnRrlwhbcM3/x+662bcgP1RWe3XL6n9fQ2V5eESO
+9wAKtwrkE5btGxp6WLNAZ1Ximb1rKtOi4hqLK1Rhqhl93ecw7gyp+Qs6ukj41cnT
+8+9AwHjvzYokrUDP7lIsKMQ4C29Fw4o2/0RwCCEmLlGRWLOWGM910RjgaFat02Gi
+nOLXXlI9mSApthMnlTun4cSn+rbzawyTXD8AIa/kwEd00yDej4IceBlqWXot8Sjw
+aXqJuix5qs0aVJcrQ2g9bkytnSMeO79EpCLyy/PDMJ1NUcQG8oaN/EcxNjb/U9p2
+sbjWSf4t1leTl76TWsGsNAWHkjUwMPYHDstG4jsRv+Y+m4sSWa6gYYitaOtK4paO
+wDDqpWHFJXOCEIrL3+HJcwOWr4hxhmZFgKNXeZN6l5WCKY/Xqjxqt7zBSpixiz01
+VEn3uNs1ePuEA80Ae+D8v4yzjjfuE5/MDfEsoaxtP6dalNtJlIaFhVgZYcsxpOfK
+xKC8dzdnEyq970+ZW/2ESYBxGTcnVQMxASI73QYuaKbRkcVqgW6XjHJHh+0tNLkV
+sPhgxy/eOkbsu9qcIOn+tTbNTo3CjW0/ZmdE0YX9XItgbGHFQvg=
+=1ekp
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:04.zfs.asc b/website/static/security/advisories/FreeBSD-EN-21:04.zfs.asc
new file mode 100644
index 0000000000..2e090bc9ee
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:04.zfs.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:04.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: zfs recv fails to propagate snapshot deletion
+
+Category: core
+Module: zfs
+Announced: 2021-01-29
+Affects: FreeBSD 12.2
+Corrected: 2020-12-01 08:15:18 UTC (stable/12, 12.2-STABLE)
+ 2021-01-29 01:20:55 UTC (releng/12.2, 12.2-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The zfs send/receive commands are used to efficiently copy datasets from one
+location to another. With the -i or -I flags, zfs send can incrementally
+update an already-copied dataset. When using the -R flag with zfs send and the
+- -F flag with zfs receive, zfs receive will delete any snapshots on the
+destination that have already been deleted on the source.
+
+II. Problem Description
+
+A regression in FreeBSD 12.2 causes zfs receive to fail to delete snapshots
+that have been deleted on the source side.
+
+III. Impact
+
+Backup and replication systems based on ZFS send/receive that manage snapshots
+solely on the source side will fail to delete snapshots on the destination
+side. This may lead to out-of-space conditions on the destination.
+
+IV. Workaround
+
+Errant snapshots can be manually removed from the destination with "zfs destroy".
+
+Backup and replication systems that don't use the -R flag with zfs send will be
+unaffected. For example, sysutils/zrepl is unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:04/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that link directly to libzfs.so. A restart is not required
+for daemons that invoke the zfs executable.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r368233
+releng/12.2/ r369173
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249438>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:04.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJhhw//ajaGQV4/Ln4SmgsyYS01De9bXSI26dBcZlfGDUDL4l/W4qF1KnsTuPXx
+ubGoFDjAArT+AzAoTddQeKuty8VPR8UUCQfONgdWUvjlSZ3k1iLa6pTR/BHxSyZ3
+rh7olc8wSt13JBOoafCjGkuzRNLtz7oqP0qrGB/aKSbU3IzCW8fHSFnIFVaRK/Nh
+Zr9Lisp4mIBgBmAY3Oof50ONPrjoDEYff+G+52LSUSMIwGPVmEqFz1qrSzQ+SFO0
+kylegth1sBeEgPQZAuyXX6liJpsL/AEdYQvosykmBw3DGQqt9glo+hl6CU7/g2dn
+iA8O7tO0zgaHtWbAUQYdtHJKeqa5UbaDRKeDw3aXm6TwHmZN7BfQz6SWRK2QOhcc
+btn5yP6QhbpTFmWRkWtSehn+eISolDF4iCG9St664xpNV7l0AzSXm8saVrR2/Eix
+IPCK2nyhddyDyVCkkSaZw8rris5De8gAGsv0K+nvJqYhVMdbIyTnU62UzHrgPPXS
+kAe0Z/FnPmcQ7GXN/dSIzd17WMqKwGgsHMbLFw/BMP+kaM++mMY7ZdyPyx1gapB+
+qzvRhFoNKpNVGMaMK/y+BPB2Ak3OHj6lqPFptjd9HNlszVYuZ3Od25oQBO0dupQf
+jsTSler1ShPYyOwG8QE0sXjpMYVZhFgsZXiZVUrACkfunuDnXtI=
+=fhrM
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:05.libatomic.asc b/website/static/security/advisories/FreeBSD-EN-21:05.libatomic.asc
new file mode 100644
index 0000000000..5a88888bf5
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:05.libatomic.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:05.libatomic Errata Notice
+ The FreeBSD Project
+
+Topic: Addition of atomic and bswap functions to libcompiler_rt
+
+Category: core
+Module: libcompiler_rt
+Announced: 2021-01-29
+Affects: FreeBSD 11.4
+Corrected: 2020-09-12 16:33:05 UTC (stable/11, 11.4-STABLE)
+ 2021-01-29 00:20:06 UTC (releng/11.4, 11.4-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+libcompiler_rt is a simple library that provides an implementation of low-level
+target-specific functionality required by the Clang compiler.
+
+II. Problem Description
+
+The FreeBSD build system does not include all source files of libcompiler_rt.
+In particular, it misses the atomic.c file, which implements atomic memory
+routines for the i386 architecture.
+
+III. Impact
+
+When compiling software that makes use of atomic functions, as well as __bswap*
+functions, the compiler emits calls to them expecting that these will be
+available from libcompiler_rt. Due to this, the linker fails to resolve
+mentioned functions and the build fails.
+
+The problem occurs only when targeting the i386 platform.
+
+IV. Workaround
+
+The problem can be worked around by using GCC compiler to build the software.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:05/libatomic.patch.asc
+# gpg --verify libatomic.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r365661
+releng/11.4/ r369155
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:05.libatomic.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbipfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKteBAAicm8nXlOWYeIu2qcgqKVEhWNwleLdfnAGPcs0ALuUEnSGZ2DIfsdl4J0
+eTOeIJC9ELpHrSoaAtlrM7huEkdtMDRHrLWfSlW7Zev3B7ZQ+v+GsdYAw1h86Erf
+uNt3iCvfhltDGVHVb0bGHQw2biIn9UD36CVOC9WqMhubLU/sjEy4FbjwRvVWUyRc
+UtR+WUf6W8IZnd3iJOlF/YnxDcEWclMPFnEdKMgBByl0dSoVuwIQfwuWm6Wl4WjA
+p1KUs+l/AUn5IJB7U7dLmB5tIGgvElzONwPb9S3M1BQaLDjS2+PLrE6/pxSpDNHS
+y/Oo2652ZaGG1OWAGzemKinpllLelkywPjbQwEEkjelqPnPoVMWzjM4UwmF0S5gj
+hnlB17BvH5qomMFnAiyVQO9cH85G4sKcKgVQSMU/gRzlrSMyqZ5ImLfltMOJi27H
+U3SQ36LljP6cu55bDlswBmAe6Ria748d5z4efSs/DGfgeFSYlSYF7zTLZtbw8wcP
+bXjeDVTMcAEGGjDFWjy2hU2zUhgQVBOSb1+IB3ziOHizUdOe9U5NaEZSoTA/S4rp
+Hrf8P8LKN5BgWh6j+jXI18RpwGtRNbL4Ev0wP0iG7SXth8cRkjymzq4qcGsIBMh/
+GjyNqC1CzzvQz4YDf6GqkOZWE3kAzUM+iyGyYpZIDdCx32Ir/e4=
+=RTBx
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:01.fsdisclosure.asc b/website/static/security/advisories/FreeBSD-SA-21:01.fsdisclosure.asc
new file mode 100644
index 0000000000..c6bab78916
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:01.fsdisclosure.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:01.fsdisclosure Security Advisory
+ The FreeBSD Project
+
+Topic: Uninitialized kernel stack leaks in several file systems
+
+Category: core
+Module: fs
+Announced: 2021-01-29
+Credits: Syed Faraz Abrar
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-01-06 14:58:41 UTC (stable/12, 12.2-STABLE)
+ 2021-01-29 01:20:59 UTC (releng/12.2, 12.2-RELEASE-p3)
+ 2021-01-29 01:06:09 UTC (releng/12.1, 12.1-RELEASE-p13)
+ 2021-01-18 19:16:24 UTC (stable/11, 11.4-STABLE)
+ 2021-01-29 00:20:09 UTC (releng/11.4, 11.4-RELEASE-p7)
+CVE Name: CVE-2020-25578, CVE-2020-25579
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD kernel exports file system directory entries to userspace
+using the generic "dirent" structure. Individual file systems implement
+VOP_READDIR to convert from the file system's internal directory entry
+layout to the generic form. dirent structures can be fetched from
+userspace using the getdirentries(2) system call.
+
+II. Problem Description
+
+Several file systems were not properly initializing the d_off field of
+the dirent structures returned by VOP_READDIR. In particular, tmpfs(5),
+smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result,
+eight uninitialized kernel stack bytes may be leaked to userspace by
+these file systems. This problem is not present in FreeBSD 11.
+
+Additionally, msdosfs(5) was failing to zero-fill a pair of padding
+fields in the dirent structure, resulting in a leak of three
+uninitialized bytes.
+
+III. Impact
+
+Kernel stack disclosures may leak sensitive information which could be
+used to compromise the security of the system.
+
+IV. Workaround
+
+Systems that do not have any of the affected file systems mounted are
+not affected. To trigger the leaks, an unprivileged user must have read
+access to a directory belonging to one of the mounted file systems.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.x]
+# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.12.patch.asc
+# gpg --verify fsdisclosure.12.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:01/fsdisclosure.11.patch.asc
+# gpg --verify fsdisclosure.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r368969
+releng/12.2/ r369175
+releng/12.1/ r369165
+stable/11/ r369047
+releng/11.4/ r369156
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25578>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25579>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmATbjNfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJr9xAAkZz7B1xlb66yVYXmyIo8eFf2ZyYPXxoH9hIxx1N7PxY6l9MeU9xzcYrf
+tOYtsWyPxx+M+g0KZc2Q846zu3JySSBkGKT1Kx3aqMmfEqWMa6b2u/wM+rG/8NjR
+qzsU9SfnzgcBg0tu4m55en+7muuiO3JopCbQDdTSl0EgOFkMI6cuMXc2lm9BAEKj
+zpmKFbelSCIUjISpLASJzNKRfQV1UajpgyM/tWYSrlQwaejNkFOmBO1ylLBbigBo
+bqH5xCsttGGUC91QmsEdcrF3pSNuHEtW5nT8sbAlm6ue8bjY9AGhEB1fkV877KDG
+otN3sPe367uQA1AHWCq3qPseTgAV9pDW4Mctxi5VSz0P3tUzG+hqojtn+mDAvFob
+DnFWFJnMZC6mueunp555LXlgFzA79Vberjo15240kEvaf4B+PiCqVLr9baK/2KyW
+EEj3pn/ciGq/wBn5ZPoCDVk0hbcfVNxaXytHLDBZ7l/ti7ZC08SRyaPdhG8Tblbx
+ha/6+/viGbBHktuTU5Vz48cHja9RnDq0EUiTmplinUDhyouVyG4i2Yrn3anMnhd5
+atULlylJlEPGq1WNH0A7yiKqQa6Bu4OFMdJ69YIYskcn3FC2vjz0LpRb+soFOIAH
+2/o0UAMup9buG8CbPVLoCRPyPrEw0liaUJEUlxTVPDc3AJGM0xM=
+=gD1K
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:02.xenoom.asc b/website/static/security/advisories/FreeBSD-SA-21:02.xenoom.asc
new file mode 100644
index 0000000000..4d8560498a
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:02.xenoom.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:02.xenoom Security Advisory
+ The FreeBSD Project
+
+Topic: Xen guests can triger backend Out Of Memory
+
+Category: contrib
+Module: Xen
+Announced: 2021-01-29
+Credits: See Xen XSA-349 for details
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-01-18 16:26:36 UTC (stable/12, 12.2-STABLE)
+ 2021-01-29 01:21:04 UTC (releng/12.2, 12.2-RELEASE-p3)
+ 2021-01-29 01:06:16 UTC (releng/12.1, 12.1-RELEASE-p13)
+ 2021-01-21 09:14:50 UTC (stable/11, 11.4-STABLE)
+ 2021-01-29 00:20:16 UTC (releng/11.4, 11.4-RELEASE-p7)
+CVE Name: CVE-2020-29568
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+Xen is a type-1 hypervisor which supports FreeBSD as a Dom0 (or host
+domain).
+
+II. Problem Description
+
+Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch
+events using a single thread. If the events are received faster than
+the thread is able to handle, they will get queued.
+
+As the queue is unbound, a guest may be able to trigger a OOM in
+the backend.
+
+III. Impact
*** 3124 LINES SKIPPED ***
More information about the dev-commits-doc-all
mailing list