svn commit: r53209 - in head/share: security/advisories security/patches/EN-19:12 security/patches/SA-19:09 security/patches/SA-19:10 security/patches/SA-19:11 xml
Gordon Tetlow
gordon at FreeBSD.org
Wed Jul 3 00:30:19 UTC 2019
Author: gordon (src committer)
Date: Wed Jul 3 00:30:17 2019
New Revision: 53209
URL: https://svnweb.freebsd.org/changeset/doc/53209
Log:
Add EN-19:12 and SA-19:09 to SA-19:11
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc (contents, props changed)
head/share/security/patches/EN-19:12/
head/share/security/patches/EN-19:12/tzdata-2019b.patch (contents, props changed)
head/share/security/patches/EN-19:12/tzdata-2019b.patch.asc (contents, props changed)
head/share/security/patches/SA-19:09/
head/share/security/patches/SA-19:09/iconv.patch (contents, props changed)
head/share/security/patches/SA-19:09/iconv.patch.asc (contents, props changed)
head/share/security/patches/SA-19:10/
head/share/security/patches/SA-19:10/ufs.11.patch (contents, props changed)
head/share/security/patches/SA-19:10/ufs.11.patch.asc (contents, props changed)
head/share/security/patches/SA-19:10/ufs.12.patch (contents, props changed)
head/share/security/patches/SA-19:10/ufs.12.patch.asc (contents, props changed)
head/share/security/patches/SA-19:11/
head/share/security/patches/SA-19:11/cd_ioctl.11.patch (contents, props changed)
head/share/security/patches/SA-19:11/cd_ioctl.11.patch.asc (contents, props changed)
head/share/security/patches/SA-19:11/cd_ioctl.12.patch (contents, props changed)
head/share/security/patches/SA-19:11/cd_ioctl.12.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-19:12.tzdata.asc Wed Jul 3 00:30:17 2019 (r53209)
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-19:12.tzdata Errata Notice
+ The FreeBSD Project
+
+Topic: Timezone database information update
+
+Category: contrib
+Module: zoneinfo
+Announced: 2019-07-02
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-02 12:22:27 UTC (stable/12, 12.0-STABLE)
+ 2019-07-02 23:59:45 UTC (releng/12.0, 12.0-RELEASE-p7)
+ 2019-07-02 12:22:54 UTC (stable/11, 11.3-PRERELEASE)
+ 2019-07-02 23:59:45 UTC (releng/11.3, 11.3-RC3-p1)
+ 2019-07-02 23:59:45 UTC (releng/11.2, 11.2-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The tzsetup(8) program allows the user to specify the default local timezone.
+Based on the selected timezone, tzsetup(8) copies one of the files from
+/usr/share/zoneinfo to /etc/localtime. This file actually controls the
+conversion.
+
+II. Problem Description
+
+Several changes in Daylight Savings Time happened after previous FreeBSD
+releases were released that would affect many people who live in different
+countries. Because of these changes, the data in the zoneinfo files need to
+be updated, and if the local timezone on the running system is affected,
+tzsetup(8) needs to be run so the /etc/localtime is updated.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected timezones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV. Workaround
+
+The system administrator can install an updated timezone database from the
+misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected.
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V. Solution
+
+Please note that some third party software, for instance PHP, Ruby, Java and
+Perl, may be using different zoneinfo data source, in such cases this
+software must be updated separately. For software packages that is installed
+via binary packages, they can be upgraded by executing `pkg upgrade'.
+
+Following the instructions in this Errata Notice will update all of the
+zoneinfo files to be the same as what was released with FreeBSD release.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. Restart all the affected
+applications and daemons, or reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch
+# fetch https://security.FreeBSD.org/patches/EN-19:12/tzdata-2019b.patch.asc
+# gpg --verify tzdata-2019b.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349597
+releng/12.0/ r349620
+stable/11/ r349598
+releng/11.3/ r349620
+releng/11.2/ r349620
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:12.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9VZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKxjRAAjlhQOby/rOVo/+MPrPrdNin5t2MNBOTRawTARwkl4hE6qFirdSHY9/92
+9MI1f6YuQinF32UgEKGkXwDsCSr73NqdNCvZ3BFML8dqp9ij3xN4lQraLyFJLQJq
+gR3Iy8uL0ANjMfveE0PW4bDKuqAp2SZdvl4PNio2ddWOyW5FIbXTYEkhkhIbFn9k
+zjtifmr4KFL+cZ494e4GnLx0epqY7J2l9livGHmAYEPKPuaGMzJn0qA6ac6SwGba
+c1VDcTa3hCICUmZtWekkGa6H2EAVDcn+I7rv+x08afMDASl7CuKGd5dvwO65HHPP
+5cFUKjnB4YKadtONt73rRxSGdkb5XqeOdnhoHdDb8RQaouPJGburedlP/xbvg8b/
+/lL1c4k+Bz1WlNiNoTahPwRTelIg/wzFwdvd4pTmb6DWzmYxPh8SI5hlRJ3dznQG
+h1DVXTWYtDnxIvyL3c8KZjDrsIuP7wmDnHjbB89Dw8hVf+jLVZLWm4DFoz7FfAri
+qhFIAm0izmABttUpNeWmfOs3yVgtYAMCZBXLdj3JJBx/v5S1VpKnXxkcj+rsZV1A
+SczZO7w6BMEMi9HN5tzZqr1OX6H2LXfi7OSYn8fzeUhtXtraP5W9Ds/dWxu1rQna
+Kvv9pF4KP4dq6zo4T/V5VHCT6O9FuP/DnjaHUWLtEYR2sol1GTE=
+=Dl0I
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:09.iconv.asc Wed Jul 3 00:30:17 2019 (r53209)
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:09.iconv Security Advisory
+ The FreeBSD Project
+
+Topic: iconv buffer overflow
+
+Category: core
+Module: libc
+Announced: 2019-07-02
+Credits: Andrea Venturoli <security at netfence.it>, NetFence
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE)
+ 2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7)
+ 2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE)
+ 2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1)
+ 2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11)
+CVE Name: CVE-2019-5600
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The iconv(3) API converts text data from one character encoding to another
+and is available as part of the standard C library (libc).
+
+II. Problem Description
+
+With certain inputs, iconv may write beyond the end of the output buffer.
+
+III. Impact
+
+Depending on the way in which iconv is used, an attacker may be able to
+create a denial of service, provoke incorrect program behavior, or induce a
+remote code execution. iconv is a libc library function and the nature of
+possible attacks will depend on the way in which iconv is used by
+applications or daemons.
+
+IV. Workaround
+
+No workaround is available. Stack canaries (-fstack-protector), which are
+enabled by default, provide a degreee of defense against code injection but
+not against denial of service.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date. Restart any
+potentially affected daemons.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch.asc
+# gpg --verify iconv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349622
+releng/12.0/ r349621
+stable/11/ r349624
+releng/11.3/ r349621
+releng/11.2/ r349621
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5600>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK8qg//bXSYMJQUBC0POTT5zGXSAmXfKjxbCi4N67cfTrQkEvW672QX4Jw9smkK
+D3PwyQs8QWIwsXL69rRgKDFHhPplOmTkx1vaPrA3DckYliwNvLRV3I6G2bRnx3E3
+DoAyDmBvFK5lJWa3WxbCpeJA69yZ/JbX1Yw6HsRLk74hGkfvlkruKkfxsNjXzaq4
+0+d+ZYs/vRDmIW5/R/bYy1+iyDamyCMl2xXtlZBKrGe6lhj8Vi4/evJjipFtskc2
+RnGKolNoZQc03pgX0QS2JZDb+ay23elkOCbhYPqGr1f++M95oOktX3epsJNSH++u
+pmJ72FNRsnZSVFxoX7o14eh4k6OGYIvGFSkXQ9VG1NV7PQO8VZAQk9gw264O/1Mi
+2aW88e78GLallQOg32VM+Ybys9MamBHByiYRz+GXhh91gg9WPJK5Imt0ExUuukGn
+SS65SW1AhO72xC2eplbM0pQY0FNn8l+QA4XjhqNfW03gPSvPwbdYhbSDXm9bgV3W
++VnW2R0tekgiD3glf9GwXMKizostS67jvpJyEDqvx3A1Dx3R2sJ27/6c5HDLpJss
+hrhEbqnJhudl10gQTdK9hkFg1LeqxFCYhsw0NDb7PgRWeu3MZcLP6pO3wy/aacfd
+OyGJWeqTzKZ4o596OyrTsYIa75MymN3/PkdfDYfRMU0GdAo+acQ=
+=ItWl
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:10.ufs.asc Wed Jul 3 00:30:17 2019 (r53209)
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:10.ufs Security Advisory
+ The FreeBSD Project
+
+Topic: Kernel stack disclosure in UFS/FFS
+
+Category: core
+Module: Kernel
+Announced: 2019-07-02
+Credits: David G. Lawrence <dg at dglawrence.com>
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-05-10 23:45:16 UTC (stable/12, 12.0-STABLE)
+ 2019-07-02 00:02:16 UTC (releng/12.0, 12.0-RELEASE-p7)
+ 2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE)
+ 2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11)
+CVE Name: CVE-2019-5601
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The Berkeley Fast File System (FFS) is an implementation of the UNIX File
+System (UFS) filesystem used by FreeBSD.
+
+II. Problem Description
+
+A bug causes up to three bytes of kernel stack memory to be written to disk
+as uninitialized directory entry padding. This data can be viewed by any
+user with read access to the directory. Additionally, a malicious user with
+write access to a directory can cause up to 254 bytes of kernel stack memory
+to be exposed.
+
+III. Impact
+
+Some amount of the kernel stack is disclosed and written out to the
+filesystem.
+
+IV. Workaround
+
+No workaround is available but systems not using UFS/FFS are not affected.
+
+V. Solution
+
+Special note: This update also adds the -z flag to fsck_ffs to have it scrub
+the leaked information in the name padding of existing directories. It only
+needs to be run once on each UFS/FFS filesystem after a patched kernel is
+installed and running.
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterwards, reboot the system and run:
+
+# fsck -t ufs -f -p -T ufs:-z
+
+to clean up your existing filesystems.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.x]
+# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch.asc
+# gpg --verify ufs.12.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch.asc
+# gpg --verify ufs.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system and run:
+
+# fsck -t ufs -f -p -T ufs:-z
+
+to clean up your existing filesystems.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r347474
+releng/12.0/ r349623
+stable/11/ r347475
+releng/11.2/ r349623
+- -------------------------------------------------------------------------
+
+Note: This patch was applied to the stable/11 branch before the branch point
+for releng/11.3. As such, no patch is needed for any 11.3-BETA or -RC.
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5601>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WVfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJgRhAAic+yb4boY5k2TotBe9xBBO2VEGwvcolARpvUg+78ya4RGh1d3FBH5R36
+N6uEvaAclrRsPHnDSeCD3BVmQkWBzD5a7t+z+m5Siye+01mA4XjKycNDl9BXm7sT
+t01GP7TPBmaJZ45RPqT4M/iB1Ulud0kdKvi/apwDLbqJrbzcuxyBNs+wiQhbG2Ip
+07REBqabnsL8dV2ysPtBlHd1nxyNyyF8EzkDUKYUWDnwPxzlrfrJAt+F7sneRrPf
+tL3UsN+qh3JThI39CjFWPllVRv412QCFBDmGXHdbm+mWrxIecX5pUEoLfQQLJ82x
+03TOYbZpu4d4CvgeSEXl3VkbHl6F6u/ii8ls/7aUDNnZcHWamraP84aJpLBG2cUa
+ExDDL6K0x1LMhlGWxjGr0qp2ObdQ0sKTgQZ/RUmJO4pc4zuPc0yY3jOv4U+kP2G/
+znHEVVRs8/X95OYA0fdvnG0rOdcKGdqKEDxeTvFhyvxM372erT/dMz9flGnptA51
+30eAwyKmzj5Mzpo5y/NARyGLRTfOB2F6++BFrlqbsKCXcyK1R5jtxu1TLaliPvA/
+Aux8D4OQHIXIGk/sVQSJKOO4oH6U7S2aNtYTxaYHAJrtbC9udnyjVau2txlObEZr
+pCbd+a02Btid0bBRUSFYugl4XHtakTVvtu93Fa19wASYDnZJIUE=
+=uUz9
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc Wed Jul 3 00:30:17 2019 (r53209)
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-19:11.cd_ioctl Security Advisory
+ The FreeBSD Project
+
+Topic: Privilege escalation in cd(4) driver
+
+Category: core
+Module: kernel
+Announced: 2019-07-02
+Credits: Alex Fortune
+Affects: All supported versions of FreeBSD.
+Corrected: 2019-07-03 00:11:31 UTC (stable/12, 12.0-STABLE)
+ 2019-07-02 00:03:55 UTC (releng/12.0, 12.0-RELEASE-p7)
+ 2019-07-03 00:12:50 UTC (stable/11, 11.3-PRERELEASE)
+ 2019-07-02 00:03:55 UTC (releng/11.3, 11.3-RC3-p1)
+ 2019-07-02 00:03:55 UTC (releng/11.2, 11.2-RELEASE-p11)
+CVE Name: CVE-2019-5602
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The cd(4) driver implements a number of ioctls to permit low-level access to
+the media in the CD-ROM device. The Linux emulation layer provides a
+corresponding set of ioctls, some of which are implemented as wrappers of
+native cd(4) ioctls.
+
+These ioctls are available to users in the operator group, which gets
+read-only access to cd(4) devices by default.
+
+II. Problem Description
+
+To implement one particular ioctl, the Linux emulation code used a special
+interface present in the cd(4) driver which allows it to copy subchannel
+information directly to a kernel address. This interface was erroneously
+made accessible to userland, allowing users with read access to a cd(4)
+device to arbitrarily overwrite kernel memory when some media is present in
+the device.
+
+III. Impact
+
+A user in the operator group can make use of this interface to gain root
+privileges on a system with a cd(4) device when some media is present in the
+device.
+
+IV. Workaround
+
+devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from
+cd(4) devices.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Afterwards, reboot the system.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.x]
+# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch.asc
+# gpg --verify cd_ioctl.12.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch.asc
+# gpg --verify cd_ioctl.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r349628
+releng/12.0/ r349625
+stable/11/ r349629
+releng/11.3/ r349625
+releng/11.2/ r349625
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5602>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK+nBAAqVz2kEviqpD6wTqwmDexacApQ8aRrnxUDA/PSU/ZStdU3/E3OHAEwMOr
+k3qNBbMYUO5alXyLfe9Gv2iP2eTD8QP6xafMiwvcMxS2aJe6ieRmRTLUbep0QBEN
+weIaafjvIlLElJTWb9Rr5CTUs6sSdq7Jc84dHPHSOQehhkCFydTdHCaYtvRS2tg1
+YYyzMdTlT1VRCL3Rb6iHkqLG7JKX1fTLsPxXGqv/IjYAcDREZjVNhxjvcsQsMQxD
+2tTBDVZZLJBOHshGg/kyCRB++d36JNED0kb7/lfohGBvZS6wtmbe9z3a1+S4MN9i
+sxNdLc4a/Qr3iP4SzgGf6YuD/BmXg/7HWZnBj220VncVHYjQThAZih0VDUSy9zBy
+EplpqcRYebzvAQkq63e2LE66rveX58L7KAzZDG2QJUrPDJAfxgdc1fslgm/+/Yck
+/lHVG8gxJNr+tpC80vKxssS7WhNUnd1zThKa2D5rrFnsWUR5da66mxJelUrq+vPT
+bhs/nHOzqqXpojh+j/8a6q8Wi2CDSGnJ9vtt0FZu7SG0/r7hlUAAuI0o9VJV/Uh4
+CyJeVlJ65+4bUm+k9qFBxsmd7S08f1Z6UND8/1ffFOYm4POVJcRa1wUswYjXPfjp
+Sf0rZ5vCq8TG7EOcdMHqHBgAumx3gAXj+I73Lwm73vnP4jMoqmw=
+=Bc/8
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-19:12/tzdata-2019b.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-19:12/tzdata-2019b.patch Wed Jul 3 00:30:17 2019 (r53209)
@@ -0,0 +1,3069 @@
+--- contrib/tzdata/Makefile.orig
++++ contrib/tzdata/Makefile
+@@ -35,11 +35,13 @@
+
+ LOCALTIME= GMT
+
+-# If you want something other than Eastern United States time as a template
+-# for handling ruleless POSIX-style timezone environment variables,
++# The POSIXRULES macro controls interpretation of nonstandard and obsolete
++# POSIX-like TZ settings like TZ='EET-2EEST' that lack DST transition rules.
++# In the reference implementation, if you want something other than Eastern
++# United States time as a template for handling these settings, you can
+ # change the line below (after finding the timezone you want in the
+ # one of the $(TDATA) source files, or adding it to a source file).
+-# A ruleless environment setting like TZ='CST6CDT' uses the rules in the
++# A setting like TZ='EET-2EEST' is supposed to use the rules in the
+ # template file to determine "spring forward" and "fall back" days and
+ # times; the environment variable itself specifies UT offsets of standard and
+ # daylight saving time.
+@@ -49,6 +51,17 @@
+ # Use the command
+ # make zonenames
+ # to get a list of the values you can use for POSIXRULES.
++#
++# If POSIXRULES is empty, no template is installed; this is the intended
++# future default for POSIXRULES.
++#
++# Nonempty POSIXRULES is obsolete and should not be relied on, because:
++# * It does not work correctly in popular implementations such as GNU/Linux.
++# * It does not work in the tzdb implementation for timestamps after 2037.
++# * It is incompatible with 'zic -b slim' if POSIXRULES specifies transitions
++# at standard time or UT rather than at local time.
++# In short, software should avoid ruleless settings like TZ='EET-2EEST'
++# and so should not depend on the value of POSIXRULES.
+
+ POSIXRULES= America/New_York
+
+@@ -231,6 +244,13 @@
+ # other than simply getting garbage data
+ # -DUSE_LTZ=0 to build zdump with the system time zone library
+ # Also set TZDOBJS=zdump.o and CHECK_TIME_T_ALTERNATIVES= below.
++# -DZIC_BLOAT_DEFAULT=\"slim\" to default zic's -b option to "slim", and
++# similarly for "fat". Fat TZif files work around incompatibilities
++# and bugs in some TZif readers, notably readers that mishandle 64-bit
++# data in TZif files. Slim TZif files are more efficient and do not
++# work around these incompatibilities and bugs. If not given, the
++# current default is "fat" but this is intended to change as readers
++# requiring fat files often mishandle timestamps after 2037 anyway.
+ # -DZIC_MAX_ABBR_LEN_WO_WARN=3
+ # (or some other number) to set the maximum time zone abbreviation length
+ # that zic will accept without a warning (the default is 6)
+@@ -364,7 +384,9 @@
+
+ # To shrink the size of installed TZif files,
+ # append "-r @N" to omit data before N-seconds-after-the-Epoch.
+-# See the zic man page for more about -r.
++# You can also append "-b slim" if that is not already the default;
++# see ZIC_BLOAT_DEFAULT above.
++# See the zic man page for more about -b and -r.
+ ZFLAGS=
+
+ # How to use zic to install TZif files.
+@@ -388,6 +410,9 @@
+ # Name of curl <https://curl.haxx.se/>, used for HTML validation.
+ CURL= curl
+
++# Name of GNU Privacy Guard <https://gnupg.org/>, used to sign distributions.
++GPG= gpg
++
+ # The path where SGML DTDs are kept and the catalog file(s) to use when
+ # validating HTML 4.01. The default should work on both Debian and Red Hat.
+ SGML_TOPDIR= /usr
+@@ -562,7 +587,9 @@
+ '$(DESTDIR)$(LIBDIR)' \
+ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \
+ '$(DESTDIR)$(MANDIR)/man8'
+- $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) \
++ $(ZIC_INSTALL) -l $(LOCALTIME) \
++ `case '$(POSIXRULES)' in ?*) echo '-p';; esac \
++ ` $(POSIXRULES) \
+ -t '$(DESTDIR)$(TZDEFAULT)'
+ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.'
+ cp tzselect '$(DESTDIR)$(BINDIR)/.'
+@@ -781,12 +808,6 @@
+ check_sorted: backward backzone iso3166.tab zone.tab zone1970.tab
+ $(AWK) '/^Link/ {print $$3}' backward | LC_ALL=C sort -cu
+ $(AWK) '/^Zone/ {print $$2}' backzone | LC_ALL=C sort -cu
+- $(AWK) '/^[^#]/ {print $$1}' iso3166.tab | LC_ALL=C sort -cu
+- $(AWK) '/^[^#]/ {print $$1}' zone.tab | LC_ALL=C sort -c
+- $(AWK) '/^[^#]/ {print substr($$0, 1, 2)}' zone1970.tab | \
+- LC_ALL=C sort -c
+- $(AWK) '/^[^#]/ $(CHECK_CC_LIST)' zone1970.tab | \
+- LC_ALL=C sort -cu
+ touch $@
+
+ check_links: checklinks.awk $(TDATA_TO_CHECK) tzdata.zi
+@@ -1051,7 +1072,7 @@
+ tzdata$(VERSION)-rearguard.tar.gz.asc: tzdata$(VERSION)-rearguard.tar.gz
+ tzdb-$(VERSION).tar.lz.asc: tzdb-$(VERSION).tar.lz
+ $(ALL_ASC):
+- gpg2 --armor --detach-sign $?
++ $(GPG) --armor --detach-sign $?
+
+ TYPECHECK_CFLAGS = $(CFLAGS) -DTYPECHECK -D__time_t_defined -D_TIME_T
+ typecheck: typecheck_long_long typecheck_unsigned
+--- contrib/tzdata/NEWS.orig
++++ contrib/tzdata/NEWS
+@@ -1,8 +1,102 @@
+ News for the tz database
+
+-Release 20198 - 2019-03-25 22:01:33 -0700
++Release 2019b - 2019-07-01 00:09:53 -0700
+
+ Briefly:
++ Brazil no longer observes DST.
++ 'zic -b slim' outputs smaller TZif files; please try it out.
++ Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
++
++ Changes to future timestamps
++
++ Brazil has canceled DST and will stay on standard time indefinitely.
++ (Thanks to Steffen Thorsen, Marcus Diniz, and Daniel Soares de
++ Oliveira.)
++
++ Predictions for Morocco now go through 2087 instead of 2037, to
++ work around a problem on newlib when using TZif files output by
++ zic 2019a or earlier. (Problem reported by David Gauchard.)
++
++ Changes to past and future timestamps
++
++ Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
++ at 01:00. (Thanks to Sharef Mustafa and Even Scharning.) Guess
++ future transitions to be March's last Friday at 00:00.
++
++ Changes to past timestamps
++
++ Hong Kong's 1941-06-15 spring-forward transition was at 03:00, not
++ 03:30. Its 1945 transition from JST to HKT was on 11-18 at 02:00,
++ not 09-15 at 00:00. In 1946 its spring-forward transition was on
++ 04-21 at 00:00, not the previous day at 03:30. From 1946 through
++ 1952 its fall-back transitions occurred at 04:30, not at 03:30.
++ In 1947 its fall-back transition was on 11-30, not 12-30.
++ (Thanks to P Chan.)
++
++ Changes to past time zone abbreviations
++
++ Italy's 1866 transition to Rome Mean Time was on December 12, not
++ September 22. This affects only the time zone abbreviation for
++ Europe/Rome between those dates. (Thanks to Stephen Trainor and
++ Luigi Rosa.)
++
++ Changes affecting metadata only
++
++ Add info about the Crimea situation in zone1970.tab and zone.tab.
++ (Problem reported by Serhii Demediuk.)
++
++ Changes to code
++
++ zic's new -b option supports a way to control data bloat and to
++ test for year-2038 bugs in software that reads TZif files.
++ 'zic -b fat' and 'zic -b slim' generate larger and smaller output;
++ for example, changing from fat to slim shrinks the Europe/London
++ file from 3648 to 1599 bytes, saving about 56%. Fat and slim
++ files represent the same set of timestamps and use the same TZif
++ format as documented in tzfile(5) and in Internet RFC 8536.
++ Fat format attempts to work around bugs or incompatibilities in
++ older software, notably software that mishandles 64-bit TZif data
++ or uses obsolete TZ strings like "EET-2EEST" that lack DST rules.
++ Slim format is more efficient and does not work around 64-bit bugs
++ or obsolete TZ strings. Currently zic defaults to fat format
++ unless you compile with -DZIC_BLOAT_DEFAULT=\"slim\"; this
++ out-of-the-box default is intended to change in future releases
++ as the buggy software often mishandles timestamps anyway.
++
++ zic no longer treats a set of rules ending in 2037 specially.
++ Previously, zic assumed that such a ruleset meant that future
++ timestamps could not be predicted, and therefore omitted a
++ POSIX-like TZ string in the TZif output. The old behavior is no
++ longer needed for current tzdata, and caused problems with newlib
++ when used with older tzdata (reported by David Gauchard).
++
++ zic no longer generates some artifact transitions. For example,
++ Europe/London no longer has a no-op transition in January 1996.
++
++ Changes to build procedure
++
++ tzdata.zi now assumes zic 2017c or later. This shrinks tzdata.zi
++ by a percent or so.
++
++ Changes to documentation and commentary
++
++ The Makefile now documents the POSIXRULES macro as being obsolete,
++ and similarly, zic's -p POSIXRULES option is now documented as
++ being obsolete. Although the POSIXRULES feature still exists and
++ works as before, in practice it is rarely used for its intended
++ purpose, and it does not work either in the default reference
++ implementation (for timestamps after 2037) or in common
++ implementations such as GNU/Linux (for contemporary timestamps).
++ Since POSIXRULES was designed primarily as a temporary transition
++ facility for System V platforms that died off decades ago, it is
++ being decommissioned rather than institutionalized.
++
++ New info on Bonin Islands and Marcus (thanks to Wakaba and Phake Nick).
++
++
++Release 2019a - 2019-03-25 22:01:33 -0700
++
++ Briefly:
+ Palestine "springs forward" on 2019-03-30 instead of 2019-03-23.
+ Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00.
+
+@@ -481,7 +575,7 @@
+ The code is a bit more portable to MS-Windows. Installers can
+ compile with -DRESERVE_STD_EXT_IDS on MS-Windows platforms that
+ reserve identifiers like 'localtime'. (Thanks to Manuela
+- Friedrich).
++ Friedrich.)
+
+ Changes to documentation and commentary
+
+@@ -2276,7 +2370,7 @@
+ warlord Jin Shuren in the data.
+
+ Commentary about the coverage of each Russian zone has been standardized.
+- (Thanks to Tim Parenti).
++ (Thanks to Tim Parenti.)
+
+ There is new commentary about contemporary timekeeping in Ethiopia.
+
+@@ -2724,7 +2818,7 @@
+
+ Change the UT offset of Bern Mean Time from 0:29:44 to 0:29:46.
+ This affects Europe/Zurich timestamps from 1853 to 1894. (Thanks
+- to Alois Treindl).
++ to Alois Treindl.)
+
+ Change the date of the circa-1850 Zurich transition from 1849-09-12
+ to 1853-07-16, overriding Shanks with data from Messerli about
+@@ -3034,7 +3128,7 @@
+ (Thanks to Arthur David Olson.)
+
+ Improve the commentary about which districts observe what times
+- in Russia. (Thanks to Oscar van Vlijmen and Arthur David Olson).
++ in Russia. (Thanks to Oscar van Vlijmen and Arthur David Olson.)
+
+ Add web page links to tz.js.
+
+--- contrib/tzdata/africa.orig
++++ contrib/tzdata/africa
+@@ -89,7 +89,7 @@
+ Rule Algeria 1980 only - Oct 31 2:00 0 -
+ # Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
+ # more precise 0:09:21.
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Algiers 0:12:12 - LMT 1891 Mar 15 0:01
+ 0:09:21 - PMT 1911 Mar 11 # Paris Mean Time
+ 0:00 Algeria WE%sT 1940 Feb 25 2:00
+@@ -124,7 +124,7 @@
+ # For now, ignore that and follow the 1911-05-26 Portuguese decree
+ # (see Europe/Lisbon).
+ #
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Atlantic/Cape_Verde -1:34:04 - LMT 1912 Jan 01 2:00u # Praia
+ -2:00 - -02 1942 Sep
+ -2:00 1:00 -01 1945 Oct 15
+@@ -135,7 +135,7 @@
+ # See Africa/Lagos.
+
+ # Chad
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Ndjamena 1:00:12 - LMT 1912 # N'Djamena
+ 1:00 - WAT 1979 Oct 14
+ 1:00 1:00 WAST 1980 Mar 8
+@@ -151,7 +151,7 @@
+ # See Africa/Lagos.
+
+ # Côte d'Ivoire / Ivory Coast
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Abidjan -0:16:08 - LMT 1912
+ 0:00 - GMT
+ Link Africa/Abidjan Africa/Bamako # Mali
+@@ -356,7 +356,7 @@
+ Rule Egypt 2014 only - Jul 31 24:00 1:00 S
+ Rule Egypt 2014 only - Sep lastThu 24:00 0 -
+
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Cairo 2:05:09 - LMT 1900 Oct
+ 2:00 Egypt EE%sT
+
+@@ -414,7 +414,7 @@
+ # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+ Rule Ghana 1920 1942 - Sep 1 0:00 0:20 -
+ Rule Ghana 1920 1942 - Dec 31 0:00 0 -
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Accra -0:00:52 - LMT 1918
+ 0:00 Ghana GMT/+0020
+
+@@ -428,13 +428,13 @@
+ # evidently confusing the date of the Portuguese decree
+ # (see Europe/Lisbon) with the date that it took effect.
+ #
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Bissau -1:02:20 - LMT 1912 Jan 1 1:00u
+ -1:00 - -01 1975
+ 0:00 - GMT
+
+ # Kenya
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Nairobi 2:27:16 - LMT 1928 Jul
+ 3:00 - EAT 1930
+ 2:30 - +0230 1940
+@@ -469,7 +469,7 @@
+ # Use the abbreviation "MMT" before 1972, as the more-accurate numeric
+ # abbreviation "-004430" would be one byte over the POSIX limit.
+ #
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Monrovia -0:43:08 - LMT 1882
+ -0:43:08 - MMT 1919 Mar # Monrovia Mean Time
+ -0:44:30 - MMT 1972 Jan 7 # approximately MMT
+@@ -519,7 +519,7 @@
+ Rule Libya 1997 only - Oct 4 0:00 0 -
+ Rule Libya 2013 only - Mar lastFri 1:00 1:00 S
+ Rule Libya 2013 only - Oct lastFri 2:00 0 -
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Africa/Tripoli 0:52:44 - LMT 1920
+ 1:00 Libya CE%sT 1959
+ 2:00 - EET 1982
+@@ -629,7 +629,7 @@
+ Rule Mauritius 1983 only - Mar 21 0:00 0 -
+ Rule Mauritius 2008 only - Oct lastSun 2:00 1:00 -
+ Rule Mauritius 2009 only - Mar lastSun 2:00 0 -
+-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
++# Zone NAME STDOFF RULES FORMAT [UNTIL]
+ Zone Indian/Mauritius 3:50:00 - LMT 1907 # Port Louis
+ 4:00 Mauritius +04/+05
+ # Agalega Is, Rodriguez
+@@ -860,18 +860,24 @@
+ # the week end after.... The government does not announce yet the decision
+ # about this temporary change. But it s 99% sure that it will be the case,
+ # as in previous years. An unofficial survey was done these days, showing
+-# that 64% of asked peopke are ok for moving from +1 to +0 during Ramadan.
++# that 64% of asked people are ok for moving from +1 to +0 during Ramadan.
+ # https://leconomiste.com/article/1035870-enquete-l-economiste-sunergia-64-des-marocains-plebiscitent-le-gmt-pendant-ramadan
++
++# From Naoufal Semlali (2019-04-16):
++# Morocco will be on GMT starting from Sunday, May 5th 2019 at 3am.
++# The switch to GMT+1 will occur on Sunday, June 9th 2019 at 2am....
++# http://fr.le360.ma/societe/voici-la-date-du-retour-a-lheure-legale-au-maroc-188222
+ #
+-# From Paul Eggert (2018-11-01):
+-# For now, guess that Morocco will fall back at 03:00 the last Sunday
+-# before Ramadan, and spring forward at 02:00 the first Sunday after
++# From Paul Eggert (2019-05-20):
++# This agrees with our 2018-11-01 guess that the Moroccan government
++# would continue the practice of falling back at 03:00 the last Sunday
++# before Ramadan, and of springing forward at 02:00 the first Sunday after
+ # Ramadan, as this has been the practice since 2012. To implement this,
+-# transition dates for 2019 through 2037 were determined by running the
+-# following program under GNU Emacs 26.1.
++# transition dates for 2019 through 2087 were determined by running the
++# following program under GNU Emacs 26.2.
+ # (let ((islamic-year 1440))
+ # (require 'cal-islam)
+-# (while (< islamic-year 1460)
++# (while (< islamic-year 1511)
+ # (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
+ # (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
+ # (sunday 0))
+@@ -970,8 +976,114 @@
+ Rule Morocco 2036 only - Nov 23 2:00 0 -
+ Rule Morocco 2037 only - Oct 4 3:00 -1:00 -
+ Rule Morocco 2037 only - Nov 15 2:00 0 -
++Rule Morocco 2038 only - Sep 26 3:00 -1:00 -
++Rule Morocco 2038 only - Oct 31 2:00 0 -
++Rule Morocco 2039 only - Sep 18 3:00 -1:00 -
++Rule Morocco 2039 only - Oct 23 2:00 0 -
++Rule Morocco 2040 only - Sep 2 3:00 -1:00 -
++Rule Morocco 2040 only - Oct 14 2:00 0 -
++Rule Morocco 2041 only - Aug 25 3:00 -1:00 -
++Rule Morocco 2041 only - Sep 29 2:00 0 -
++Rule Morocco 2042 only - Aug 10 3:00 -1:00 -
++Rule Morocco 2042 only - Sep 21 2:00 0 -
++Rule Morocco 2043 only - Aug 2 3:00 -1:00 -
++Rule Morocco 2043 only - Sep 6 2:00 0 -
++Rule Morocco 2044 only - Jul 24 3:00 -1:00 -
++Rule Morocco 2044 only - Aug 28 2:00 0 -
++Rule Morocco 2045 only - Jul 9 3:00 -1:00 -
++Rule Morocco 2045 only - Aug 20 2:00 0 -
++Rule Morocco 2046 only - Jul 1 3:00 -1:00 -
++Rule Morocco 2046 only - Aug 5 2:00 0 -
++Rule Morocco 2047 only - Jun 23 3:00 -1:00 -
++Rule Morocco 2047 only - Jul 28 2:00 0 -
++Rule Morocco 2048 only - Jun 7 3:00 -1:00 -
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list