diff options
Diffstat (limited to 'website/static/security')
9 files changed, 563 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc b/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc new file mode 100644 index 0000000000..e2da868709 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:15.arm64 Errata Notice + The FreeBSD Project + +Topic: arm64 syscall(2) allows unprivileged user to panic kernel + +Category: core +Module: arm64 +Announced: 2025-09-16 +Credits: Juniper Networks, Inc. +Affects: All supported versions of FreeBSD. +Corrected: 2025-08-25 15:23:01 UTC (stable/14, 14.3-STABLE) + 2025-09-16 16:31:06 UTC (releng/14.3, 14.3-RELEASE-p3) + 2025-09-16 16:31:17 UTC (releng/14.2, 14.2-RELEASE-p6) + 2025-08-25 15:23:22 UTC (stable/13, 13.5-STABLE) + 2025-09-16 16:31:26 UTC (releng/13.5, 13.5-RELEASE-p4) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The FreeBSD arm64 kernel implements a 32-bit compatibility layer, enabling +execution of unmodified 32-bit arm binaries on a 64-bit system. + +FreeBSD implements a pseudo system call, syscall(2), which lets the caller +invoke a system call selected using the first system call argument. + +II. Problem Description + +The 32-bit compatibility layer implements syscall(2). It performs some +validation of the system call parameters and explicitly calls panic() to +panic the system if an unexpected state is reached. + +It is possible to construct a program which can reach this unexpected state, +resulting in a panic. In particular, no particular privileges are required +to do so. + +III. Impact + +An unprivileged user may be able to trigger a panic. + +IV. Workaround + +No workaround is available. Non-arm64 platforms are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch +# fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch.asc +# gpg --verify arm64.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 17d87881a363 stable/14-n272249 +releng/14.3/ 99012995b4c6 releng/14.3-n271440 +releng/14.2/ 722746b39e6e releng/14.2-n269534 +stable/13/ 98ac13c4baf5 stable/13-n259404 +releng/13.5/ 751971e55454 releng/13.5-n259175 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:15.arm64.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBEACgkQbljekB8A +Gu+13w//fHfH1hAOg+FGwV3ZoMh2oEVd+VmkLg/CdghL9T+dGwqzIMOliXMKhaZq +Nzk++lmKlzdpuDEqaw1ikj+bJ+knhrZyAziTlxpB2uly6K119hchAU5TQK2M6D4W +8aQWxeJMPxobsfxi9JciVMWcQK9XsurwUzlCDuLvGgUMPPaMVdy89U86NnKo66eE +fjK2l1Mc730wtisTuTLkY1SHPBchvm20ehu8BVpx4eBEHnecqRaUxQHy2yxTi+/0 +IKrwnpvz8S7/QLcED6TSCKsuLDY/uOx8x6N9PlHHvcLay/ImyvhTPavREld/b3nM +YC8fFb7bjguPZCC222nr/J+/YkD+2+EqVHPOAq7HxVT0uqss7BL9qwIywg0CIhvT +G3fw121L7cwXI/f/Hw6coVTFHnNXUB48FyIFkEXPdMxrNBUSE/KejYjkkJ2YaRir +kXZboMMOoxIf0NPNmv78v+PBj3jpbPP2epjhIk0I5D6uNzdjXEqRlRNgBhqc01Qn +veu+1tEox5Y0Zp4Mum0EipuTaZMjeT4hwmt9zwogsYEZFnyIvilzIOc3zEFRB4Y2 +IB1EUkw49V/zzHn5KnVujaUiVOdVUxe6G8txFcPIT66mPdJZmKO1fbD3pR/0NDj6 +Smj07jNL8PskCLuoe0MmMFiNJI3CHTh+6Ly39j5UpnSsPCPRTyM= +=58zg +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc b/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc new file mode 100644 index 0000000000..648944e6a9 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:16.vfs Errata Notice + The FreeBSD Project + +Topic: copy_file_range(2) fails to set output parameters + +Category: core +Module: vfs +Announced: 2025-09-16 +Affects: FreeBSD 14.3 +Corrected: 2025-08-23 21:25:20 UTC (stable/14, 14.3-STABLE) + 2025-09-16 16:31:07 UTC (releng/14.3, 14.3-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +copy_file_range(2) is a system call which takes two file descriptors as input +and copies data from one file to the other. + +II. Problem Description + +The copy_file_range(2) system call accepts two optional pointer arguments, +inoffp and outoffp. When non-NULL, the kernel is to use their values to +determine the starting offsets for the input and output files, respectively. +In this case, the seek offset corresponding to the file descriptor is not +used or updated. + +When finishing the copy, the kernel is supposed to write updated offsets to +the pointed-to values. However, it does not do so. + +III. Impact + +Applications which rely on this behaviour may behave incorrectly. No such +applications exist in the base system. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch +# fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch.asc +# gpg --verify vfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 2fd0083fcc23 stable/14-n272229 +releng/14.3/ d1e981cbf3bd releng/14.3-n271441 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288985> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:16.vfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBMACgkQbljekB8A +Gu8ZLxAAql8vK7+rcHUDI0gKQu9TC2jlNC7EZcDwMupCnbjXFv8mSbC48XWeXUYk +j6DLDK8BWGOs4+1xftFlHCgu4yPLm7YhcgiUIhqlViAhNBfwIH9YDP/3heYEkvBn +Ns6sh/jtRkB3t+j1fbrcMFZZT2G1plCr4GTZS1fEE+YXQ6NNwo90liSi5dDh2m2Y +1OvLjdRwVj/BzVNqygiVJGXkof2SS3KsoVMv8CsoBZnSgvXyIPjgBhqJIjzh6my7 +BqRmylf+8tZXAKCR0Ylp6qFdI1gEcxWNXyadfUuigAoQFiAFSOX/T1NYYtpK7koH +IROnhKxU6TKj1EhvPrV40I+vdwBYczTZlXIFRrQw0CI7sDIus53T94rmUaqwfY+L +0yiW7gnqwujzaFkv6u9biAoVvm0FHuqq+tsOeB5k344nQ5BrbzMKVatPw2J3HG53 +alalSlMQzgKZYfCkQPemzusVJIlkazJ5r2kMeHzKukfMtjCLyOP+K/evo+Y0HCHh +eOwNoRLNdLra92GGlk643bKBx8pbC4J+FYXq7/+/MHQkAFX8GWZ5XoMjqIaq/e1r +poa72xNwSFrPLbbWkBXf/kknifVv98/VPRE4guzgwNjBo5wVUNzRhhVUsSmzEHPe +3ris0e+OD+te5gqfp5+cKaQS7RUXItXtGO/FzJHl+mmkEfrkD9I= +=q5E4 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc b/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc new file mode 100644 index 0000000000..df6b461cfc --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:17.bnxt Errata Notice + The FreeBSD Project + +Topic: bnxt(4) fails to set media type in some cases + +Category: core +Module: bnxt +Announced: 2025-09-16 +Affects: FreeBSD 14.3 +Corrected: 2025-06-22 07:18:55 UTC (stable/14, 14.3-STABLE) + 2025-09-16 16:31:08 UTC (releng/14.3, 14.3-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The bnxt(4) driver provides support for Broadcom NetXtreme-C/NetXtreme-E Family +of Ethernet controllers. A key function of the driver is to report the various +supported physical media types and operational modes (e.g., 1000base-T, +40GBASE-AOC, full-duplex, autoselect) to the operating system's ifmedia +interface. This allows network administrators to view and configure the +interface link settings. + +II. Problem Description + +A logic error was introduced into the bnxt(4) driver which prevented the proper +population of the supported media list for several physical connection types. +Inside the function responsible for building this list, a switch statement +incorrectly used return statements instead of break statements. This caused +the function to exit prematurely after identifying certain media types, +including common BASE-T (copper), 40G Active Optical Cable (AOC), and 1G-CX +connections, before the corresponding speed and duplex options could be +registered with the network subsystem. + +III. Impact + +For network controllers using the affected media types, the driver fails to +advertise any supported link modes. An administrator running ifconfig(8) on +the interface would see incorrect media (unknown). Because of this, the +network interface may be unable to establish a link, as the operating system +cannot properly configure it or initiate auto-negotiation. The network port +will be unusable. + +IV. Workaround + +No workaround is available. Only systems that uses bnxt(4) device with the +affected media types are affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch +# fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch.asc +# gpg --verify bnxt.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 33f65f12eba1 stable/14-n271757 +releng/14.3/ c07b1838f9c9 releng/14.3-n271442 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=33f65f12eba1> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287395> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:17.bnxt.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBUACgkQbljekB8A +Gu//GBAAu3k3rFlqFKbSgq38xldf8fFngj/IuLa4BjB2lcTa7Rpy+6vxlFxXyqVk +9VVXf+tkXNhQ5ngY52SqMDdlG0OQdr+rwPcB8bI2nw+1DW1FRMVvBN7PlJrGgs2N +OtE6I4Wy+IK7vyzEgs8P3Kq3U7oXQVz/jJ3n1DmmjxlKfNqlo3eOGDlNZgTdFF2h +NbZUW4CGZTQxV4Ihq7Zg99bJw38o6WkOjkBkd7/djQfLm9aufVoWPN7SDaVnDun0 +vtWTTXrxsmPfVZB0sxdhYLjKPX+4GdVype0k3A26K50dTNVh5GAhWzH1LqFS6BR4 +DveE4/02bjaTAqK1XW+08JoGqibzmOTt8mUOlKL1aomACgmFc2Lzj33Qd6z1JdJB +6XYTcAoi2Kz94VHBMYjgWOBjiw66YryEyNpHJkFCfWnA3jgZB9TKZn2FZPxGBbvM +6an5ZcjaKHv1X+en2Fh8Ri1Hq4CKN/SmI/Sp0B28hXv8MQCNOnTqxqgdKgg2xQnD +0BasLt7y8y4rAHed+znWW1gRHWLP9q4FLqdvargtdMO81N2n/fm8jKe+SD2YNfTQ +Nvs29hRzs/thxI1gJMhDmmHkprGOyy6fzdZLtUjqhPh2l/YvHq32i/iNKpVfCy5v +hHpd38wxOpTs5nk4qbVZlS2DgRuTSO/VU0IMphaIwBhwHkZaoWY= +=jvzm +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:15/arm64.patch b/website/static/security/patches/EN-25:15/arm64.patch new file mode 100644 index 0000000000..c5c5ea4b31 --- /dev/null +++ b/website/static/security/patches/EN-25:15/arm64.patch @@ -0,0 +1,11 @@ +--- sys/arm64/arm64/elf32_machdep.c.orig ++++ sys/arm64/arm64/elf32_machdep.c +@@ -195,7 +195,7 @@ + register_t *ap; + struct syscall_args *sa; + int error, i, nap, narg; +- unsigned int args[4]; ++ unsigned int args[6]; + + nap = 4; + p = td->td_proc; diff --git a/website/static/security/patches/EN-25:15/arm64.patch.asc b/website/static/security/patches/EN-25:15/arm64.patch.asc new file mode 100644 index 0000000000..5b8cae892e --- /dev/null +++ b/website/static/security/patches/EN-25:15/arm64.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBIACgkQbljekB8A +Gu/RohAA4pWcgChN+oBJGkiwMVH8mj+pdLE0aIbC3EVPEMfcF3twv2ZHrI+L38p6 +sRL1tMohZQFkA1NmTNnxf/qZmwnMei1nqeTTkfCHZPMBUeeoFh7TK9gl+qpGTcJr +WibRnC2breqD63sQXvaSihPo2ayc0AWDrDE8XRLEHgYE4EV940nFyb0elr8cV+4P +EaXOGn3vN9k7xYnPXwlX9Nt8MoYpY0LJFONCcBhpZNyun+VR3GaUBuGe9fyfMZYP +znNBdH4Kx5wwd3rEa2uo/ErLA1HU2E5BXrjE99VGHt+GNn8TgIxC4oS1+jKV56oM +/4VeeBlouIAM266opHtzk6OsQC5H9FyilM6XjSr1G80HfKYz3h1zPwIMRYKuI7sr +lQd7/XotZKkBIGy5bNeouwPhqt5iXerbDBNq+i80AoxQcLup+GEKmNRmkiahyetm +nj6dJRwtn1f8Fy8w3sMeH9UswFBi8j/oUcQ48GQ8s4BxcYKFkm4+aViYYa85AlSp +awFDp2un/oZIR8KNalAQI5cPTSyG6E/G2Ssg08ThhDrXANF9hPuzKodmc69+okVX +5EoC8wAVYG1mdR2V/7nQO478w8yRu+ne9bvQvAup7umdwGR7psNMB+Zua6zl1WsJ +8I2N8jC5w32scN7pzVNfdwYD5S8eLZB8iFQ6WlxKE/LhTJ7lXEw= +=pygX +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:16/vfs.patch b/website/static/security/patches/EN-25:16/vfs.patch new file mode 100644 index 0000000000..226ae9f81a --- /dev/null +++ b/website/static/security/patches/EN-25:16/vfs.patch @@ -0,0 +1,52 @@ +--- sys/kern/vfs_syscalls.c.orig ++++ sys/kern/vfs_syscalls.c +@@ -5050,11 +5050,12 @@ + size_t retlen; + void *rl_rcookie, *rl_wcookie; + off_t inoff, outoff, savinoff, savoutoff; +- bool foffsets_locked; ++ bool foffsets_locked, foffsets_set; + + infp = outfp = NULL; + rl_rcookie = rl_wcookie = NULL; + foffsets_locked = false; ++ foffsets_set = false; + error = 0; + retlen = 0; + +@@ -5122,6 +5123,8 @@ + } + foffset_lock_pair(infp1, &inoff, outfp1, &outoff, 0); + foffsets_locked = true; ++ } else { ++ foffsets_set = true; + } + savinoff = inoff; + savoutoff = outoff; +@@ -5180,11 +5183,12 @@ + vn_rangelock_unlock(invp, rl_rcookie); + if (rl_wcookie != NULL) + vn_rangelock_unlock(outvp, rl_wcookie); ++ if ((foffsets_locked || foffsets_set) && ++ (error == EINTR || error == ERESTART)) { ++ inoff = savinoff; ++ outoff = savoutoff; ++ } + if (foffsets_locked) { +- if (error == EINTR || error == ERESTART) { +- inoff = savinoff; +- outoff = savoutoff; +- } + if (inoffp == NULL) + foffset_unlock(infp, inoff, 0); + else +@@ -5193,6 +5197,9 @@ + foffset_unlock(outfp, outoff, 0); + else + *outoffp = outoff; ++ } else if (foffsets_set) { ++ *inoffp = inoff; ++ *outoffp = outoff; + } + if (outfp != NULL) + fdrop(outfp, td); diff --git a/website/static/security/patches/EN-25:16/vfs.patch.asc b/website/static/security/patches/EN-25:16/vfs.patch.asc new file mode 100644 index 0000000000..5d302e77f4 --- /dev/null +++ b/website/static/security/patches/EN-25:16/vfs.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBQACgkQbljekB8A +Gu9MZBAAghcIHmJAoGyWlG9gEsbEMRWmg9KDcNZuJ6oJM3EzRw/d7nzfvFHQUkk4 +5Seao9EexaN6XO/sq4v+6dVYh3c1lrlBTK7dHA0Mt9XSCip202Fh4rzZA5QhhjhD +8WwaF1J/y1FZv0ag5Z8XJxCIQCz49V/VctObzhq5PpB1XF+Axbddz2H80Jxb27Kh +GEcbKW66+CfVtL3AAhpvCUfgLyEciS1qhfC2tnNrIEl2gSlEqj7AaZ/fx4v/F1QK +ixo0nFQyox13HrlOMWgJBQJM1bCjwueERVmZSnT88SG9cro+LiEdzrbY+ITAMtqT +lA2oQ8AbOYYVPvwc0fnlDlxhwmjFzMSCm+mQQ/haYVrLrIcMeJ8SzV/gxEuamkpi +C0lgf5Y4mzv102CKUygghuOfNnOi0zFjCTqSf5q/7TwaNuelYn/kndMOj9qFFCjn +Wtvvn1BPVnnsLj2xgr1w4V6BnZDjo+xLujLQKOYt5x1RrlPQ/pEt3WNg/ekldLEy +Po4Hzmih/DLfqUo3ttKI4ZXeTisv7KmHE4woy/ok+FZ4U+SxaWKalEoNab7MgTRm +nV7jfMA4AiiK5jkK/3TCPvc82TktgufH19IVuCrMe1RocVxfjIGtXoJ0osLG1YIL +pGlJ5/MXZQLGE4oPi4wb2lErHwpogfS6Jq0prnXE6IbLAi6EHFk= +=Yxtv +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-25:17/bnxt.patch b/website/static/security/patches/EN-25:17/bnxt.patch new file mode 100644 index 0000000000..796f2332bf --- /dev/null +++ b/website/static/security/patches/EN-25:17/bnxt.patch @@ -0,0 +1,44 @@ +--- sys/dev/bnxt/bnxt_en/if_bnxt.c.orig ++++ sys/dev/bnxt/bnxt_en/if_bnxt.c +@@ -4609,34 +4609,34 @@ + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_40G_ACTIVE_CABLE: + media_type = BNXT_MEDIA_AC; +- return; ++ break; + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_1G_BASECX: + media_type = BNXT_MEDIA_BASECX; +- return; ++ break; + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_1G_BASET: + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASET: + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASETE: + media_type = BNXT_MEDIA_BASET; +- return; ++ break; + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASEKX: + media_type = BNXT_MEDIA_BASEKX; +- return; ++ break; + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_SGMIIEXTPHY: + media_type = BNXT_MEDIA_BASESGMII; +- return; ++ break; + + case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_UNKNOWN: + /* Only Autoneg is supported for TYPE_UNKNOWN */ +- return; ++ break; + + default: + /* Only Autoneg is supported for new phy type values */ + device_printf(softc->dev, "phy type %d not supported by driver\n", phy_type); +- return; ++ break; + } + + switch (link_info->sig_mode) { diff --git a/website/static/security/patches/EN-25:17/bnxt.patch.asc b/website/static/security/patches/EN-25:17/bnxt.patch.asc new file mode 100644 index 0000000000..6e25f45b25 --- /dev/null +++ b/website/static/security/patches/EN-25:17/bnxt.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBYACgkQbljekB8A +Gu/wNRAAsT7ZDT8E6cuOTcv2lZMKjYdW4gVdM8FQPbHrWm1GgURK7Gm9X6HPmSEC +kZRO4aYr3CDuPPLkUQk6PvQybIrZWq2/MkNu3OqnN4ByUCb1qzIIBMWAgzwyKZjT +rkh0VXgIHB0AMbecUsvX6y0J99eesxi0FG1zuGu9YrtKPwdM2ZejEaK+Ix5owpbP +czcvxcr6iLU7HJQgl7vWM0lnmKCUzTu/X+UH/UEyX8NRIfBdnsW39QheDR8/2ony +aL3z9V8I0rczQSxsRBFn4cDl4vYQ87zrtu8eai1hj9NQ1yCUuP5tqICBR0Ljwn+Q +oDlkZaVp/KgTVX1b5JxxU2EAHYAdVFBz9c1wJ7hz4ciuC4+luVFSZljz9tnrniuK +GmS/xPt9HirPFqH2GeYrdD8a58eKmr0ew9kL3upf49cITRvfIiwn8KSUzbakNok2 +SmKeAO7ScgCfS2I9xWj/VYiePwKsd2tPQ8/TgZfeHxKrFdwzpm1GZsacqX9kymvX +7r7Kl6VjNhuv2sLeEgd25GtG9i6G0bFXJJhC4ZUCkW5LCULIOywUdGEQ1HAvIvlb +ppHCIXZavoHYyXWRaPTAfxj6v9UdxHFzChK4AG21I4Chh28EutvDTG675HQ7FScd +ICnCu+g4bDgVJcWkwp+Ou5ViYFQM0e7WgJoBQ23krj6VFj0D0T4= +=66Ry +-----END PGP SIGNATURE----- |