From owner-svn-src-releng@freebsd.org  Sun Mar  6 18:22:25 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1C1DAB6B93;
 Sun,  6 Mar 2016 18:22:25 +0000 (UTC)
 (envelope-from dwmalone@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9D02BDCE;
 Sun,  6 Mar 2016 18:22:25 +0000 (UTC)
 (envelope-from dwmalone@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u26IMO6E079879;
 Sun, 6 Mar 2016 18:22:24 GMT (envelope-from dwmalone@FreeBSD.org)
Received: (from dwmalone@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u26IMO9p079875;
 Sun, 6 Mar 2016 18:22:24 GMT (envelope-from dwmalone@FreeBSD.org)
Message-Id: <201603061822.u26IMO9p079875@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: dwmalone set sender to
 dwmalone@FreeBSD.org using -f
From: David Malone <dwmalone@FreeBSD.org>
Date: Sun, 6 Mar 2016 18:22:24 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296431 - in releng/10.3: lib/libc/db/hash
 usr.bin/cap_mkdb usr.sbin/pwd_mkdb usr.sbin/services_mkdb
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2016 18:22:25 -0000

Author: dwmalone
Date: Sun Mar  6 18:22:24 2016
New Revision: 296431
URL: https://svnweb.freebsd.org/changeset/base/296431

Log:
  Merge 296424 from stable/10 - contains the following changes to -current:
  
  r295924: Make sure that hash-based db files fsync befor closing/syncing.
  r295925: We no longer need O_SYNC pwd_mkd
  r295465: We no longer need O_SYNC on services_mkdb
  r295800: We no longer need O_SYNC on cap_mkdb
  
  Approved by:	re (marius)

Modified:
  releng/10.3/lib/libc/db/hash/hash.c
  releng/10.3/usr.bin/cap_mkdb/cap_mkdb.c
  releng/10.3/usr.sbin/pwd_mkdb/pwd_mkdb.c
  releng/10.3/usr.sbin/services_mkdb/services_mkdb.c
Directory Properties:
  releng/10.3/   (props changed)

Modified: releng/10.3/lib/libc/db/hash/hash.c
==============================================================================
--- releng/10.3/lib/libc/db/hash/hash.c	Sun Mar  6 17:34:21 2016	(r296430)
+++ releng/10.3/lib/libc/db/hash/hash.c	Sun Mar  6 18:22:24 2016	(r296431)
@@ -422,8 +422,10 @@ hdestroy(HTAB *hashp)
 	if (hashp->tmp_buf)
 		free(hashp->tmp_buf);
 
-	if (hashp->fp != -1)
+	if (hashp->fp != -1) {
+		(void)_fsync(hashp->fp);
 		(void)_close(hashp->fp);
+	}
 
 	free(hashp);
 
@@ -458,6 +460,8 @@ hash_sync(const DB *dbp, u_int32_t flags
 		return (0);
 	if (__buf_free(hashp, 0, 1) || flush_meta(hashp))
 		return (ERROR);
+	if (hashp->fp != -1 && _fsync(hashp->fp) != 0)
+		return (ERROR);
 	hashp->new_file = 0;
 	return (0);
 }

Modified: releng/10.3/usr.bin/cap_mkdb/cap_mkdb.c
==============================================================================
--- releng/10.3/usr.bin/cap_mkdb/cap_mkdb.c	Sun Mar  6 17:34:21 2016	(r296430)
+++ releng/10.3/usr.bin/cap_mkdb/cap_mkdb.c	Sun Mar  6 18:22:24 2016	(r296431)
@@ -119,7 +119,7 @@ main(int argc, char *argv[])
 	(void)snprintf(buf, sizeof(buf), "%s.db", capname ? capname : *argv);
 	if ((capname = strdup(buf)) == NULL)
 		errx(1, "strdup failed");
-	if ((capdbp = dbopen(capname, O_CREAT | O_TRUNC | O_RDWR | O_SYNC,
+	if ((capdbp = dbopen(capname, O_CREAT | O_TRUNC | O_RDWR,
 	    DEFFILEMODE, DB_HASH, &openinfo)) == NULL)
 		err(1, "%s", buf);
 

Modified: releng/10.3/usr.sbin/pwd_mkdb/pwd_mkdb.c
==============================================================================
--- releng/10.3/usr.sbin/pwd_mkdb/pwd_mkdb.c	Sun Mar  6 17:34:21 2016	(r296430)
+++ releng/10.3/usr.sbin/pwd_mkdb/pwd_mkdb.c	Sun Mar  6 18:22:24 2016	(r296431)
@@ -225,14 +225,14 @@ main(int argc, char *argv[])
 		clean = FILE_INSECURE;
 		cp(buf2, buf, PERM_INSECURE);
 		dp = dbopen(buf,
-		    O_RDWR|O_EXCL|O_SYNC, PERM_INSECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
 		if (dp == NULL)
 			error(buf);
 
 		clean = FILE_SECURE;
 		cp(sbuf2, sbuf, PERM_SECURE);
 		sdp = dbopen(sbuf,
-		    O_RDWR|O_EXCL|O_SYNC, PERM_SECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
 		if (sdp == NULL)
 			error(sbuf);
 
@@ -289,13 +289,13 @@ main(int argc, char *argv[])
 		method = 0;
 	} else {
 		dp = dbopen(buf,
-		    O_RDWR|O_CREAT|O_EXCL|O_SYNC, PERM_INSECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, DB_HASH, &openinfo);
 		if (dp == NULL)
 			error(buf);
 		clean = FILE_INSECURE;
 
 		sdp = dbopen(sbuf,
-		    O_RDWR|O_CREAT|O_EXCL|O_SYNC, PERM_SECURE, DB_HASH, &openinfo);
+		    O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
 		if (sdp == NULL)
 			error(sbuf);
 		clean = FILE_SECURE;

Modified: releng/10.3/usr.sbin/services_mkdb/services_mkdb.c
==============================================================================
--- releng/10.3/usr.sbin/services_mkdb/services_mkdb.c	Sun Mar  6 17:34:21 2016	(r296430)
+++ releng/10.3/usr.sbin/services_mkdb/services_mkdb.c	Sun Mar  6 18:22:24 2016	(r296431)
@@ -141,7 +141,7 @@ main(int argc, char *argv[])
 		err(1, "Cannot install exit handler");
 
 	(void)snprintf(tname, sizeof(tname), "%s.tmp", dbname);
-	db = dbopen(tname, O_RDWR | O_CREAT | O_EXCL | O_SYNC,
+	db = dbopen(tname, O_RDWR | O_CREAT | O_EXCL,
 	    (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH), DB_HASH, &hinfo);
 	if (!db)
 		err(1, "Error opening temporary database `%s'", tname);

From owner-svn-src-releng@freebsd.org  Mon Mar  7 16:22:13 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8C9DAC3FB3;
 Mon,  7 Mar 2016 16:22:13 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 21B54FA3;
 Mon,  7 Mar 2016 16:22:13 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u27GMCSV082796;
 Mon, 7 Mar 2016 16:22:12 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u27GMC4a082792;
 Mon, 7 Mar 2016 16:22:12 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201603071622.u27GMC4a082792@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Mon, 7 Mar 2016 16:22:12 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 16:22:14 -0000

Author: delphij
Date: Mon Mar  7 16:22:11 2016
New Revision: 296465
URL: https://svnweb.freebsd.org/changeset/base/296465

Log:
  Fix multiple OpenSSL vulnerabilities.
  
  Security:	FreeBSD-SA-16:12.openssl
  Approved by:	so

Added:
  releng/9.3/crypto/openssl/doc/dir-locals.example.el
  releng/9.3/crypto/openssl/doc/openssl-c-indent.el
  releng/9.3/crypto/openssl/util/indent.pro
  releng/9.3/crypto/openssl/util/openssl-format-source
  releng/9.3/crypto/openssl/util/su-filter.pl
Deleted:
  releng/9.3/crypto/openssl/crypto/des/t/
  releng/9.3/crypto/openssl/test/bctest
  releng/9.3/crypto/openssl/util/pod2mantest
Modified:
  releng/9.3/UPDATING
  releng/9.3/crypto/openssl/CHANGES
  releng/9.3/crypto/openssl/FAQ
  releng/9.3/crypto/openssl/Makefile
  releng/9.3/crypto/openssl/Makefile.org
  releng/9.3/crypto/openssl/NEWS
  releng/9.3/crypto/openssl/README
  releng/9.3/crypto/openssl/apps/app_rand.c
  releng/9.3/crypto/openssl/apps/apps.c
  releng/9.3/crypto/openssl/apps/apps.h
  releng/9.3/crypto/openssl/apps/asn1pars.c
  releng/9.3/crypto/openssl/apps/ca.c
  releng/9.3/crypto/openssl/apps/ciphers.c
  releng/9.3/crypto/openssl/apps/cms.c
  releng/9.3/crypto/openssl/apps/crl.c
  releng/9.3/crypto/openssl/apps/crl2p7.c
  releng/9.3/crypto/openssl/apps/dgst.c
  releng/9.3/crypto/openssl/apps/dh.c
  releng/9.3/crypto/openssl/apps/dhparam.c
  releng/9.3/crypto/openssl/apps/dsa.c
  releng/9.3/crypto/openssl/apps/dsaparam.c
  releng/9.3/crypto/openssl/apps/ec.c
  releng/9.3/crypto/openssl/apps/ecparam.c
  releng/9.3/crypto/openssl/apps/enc.c
  releng/9.3/crypto/openssl/apps/engine.c
  releng/9.3/crypto/openssl/apps/errstr.c
  releng/9.3/crypto/openssl/apps/gendh.c
  releng/9.3/crypto/openssl/apps/gendsa.c
  releng/9.3/crypto/openssl/apps/genrsa.c
  releng/9.3/crypto/openssl/apps/nseq.c
  releng/9.3/crypto/openssl/apps/ocsp.c
  releng/9.3/crypto/openssl/apps/openssl.c
  releng/9.3/crypto/openssl/apps/passwd.c
  releng/9.3/crypto/openssl/apps/pkcs12.c
  releng/9.3/crypto/openssl/apps/pkcs7.c
  releng/9.3/crypto/openssl/apps/pkcs8.c
  releng/9.3/crypto/openssl/apps/prime.c
  releng/9.3/crypto/openssl/apps/progs.h
  releng/9.3/crypto/openssl/apps/rand.c
  releng/9.3/crypto/openssl/apps/req.c
  releng/9.3/crypto/openssl/apps/rsa.c
  releng/9.3/crypto/openssl/apps/rsautl.c
  releng/9.3/crypto/openssl/apps/s_apps.h
  releng/9.3/crypto/openssl/apps/s_cb.c
  releng/9.3/crypto/openssl/apps/s_client.c
  releng/9.3/crypto/openssl/apps/s_server.c
  releng/9.3/crypto/openssl/apps/s_socket.c
  releng/9.3/crypto/openssl/apps/s_time.c
  releng/9.3/crypto/openssl/apps/sess_id.c
  releng/9.3/crypto/openssl/apps/smime.c
  releng/9.3/crypto/openssl/apps/speed.c
  releng/9.3/crypto/openssl/apps/spkac.c
  releng/9.3/crypto/openssl/apps/testdsa.h
  releng/9.3/crypto/openssl/apps/testrsa.h
  releng/9.3/crypto/openssl/apps/timeouts.h
  releng/9.3/crypto/openssl/apps/verify.c
  releng/9.3/crypto/openssl/apps/version.c
  releng/9.3/crypto/openssl/apps/winrand.c
  releng/9.3/crypto/openssl/apps/x509.c
  releng/9.3/crypto/openssl/bugs/alpha.c
  releng/9.3/crypto/openssl/bugs/dggccbug.c
  releng/9.3/crypto/openssl/bugs/sgiccbug.c
  releng/9.3/crypto/openssl/bugs/stream.c
  releng/9.3/crypto/openssl/bugs/ultrixcc.c
  releng/9.3/crypto/openssl/crypto/LPdir_nyi.c
  releng/9.3/crypto/openssl/crypto/LPdir_unix.c
  releng/9.3/crypto/openssl/crypto/LPdir_vms.c
  releng/9.3/crypto/openssl/crypto/LPdir_win.c
  releng/9.3/crypto/openssl/crypto/LPdir_win32.c
  releng/9.3/crypto/openssl/crypto/LPdir_wince.c
  releng/9.3/crypto/openssl/crypto/aes/aes.h
  releng/9.3/crypto/openssl/crypto/aes/aes_cbc.c
  releng/9.3/crypto/openssl/crypto/aes/aes_cfb.c
  releng/9.3/crypto/openssl/crypto/aes/aes_core.c
  releng/9.3/crypto/openssl/crypto/aes/aes_ctr.c
  releng/9.3/crypto/openssl/crypto/aes/aes_ecb.c
  releng/9.3/crypto/openssl/crypto/aes/aes_ige.c
  releng/9.3/crypto/openssl/crypto/aes/aes_locl.h
  releng/9.3/crypto/openssl/crypto/aes/aes_misc.c
  releng/9.3/crypto/openssl/crypto/aes/aes_ofb.c
  releng/9.3/crypto/openssl/crypto/aes/aes_wrap.c
  releng/9.3/crypto/openssl/crypto/asn1/a_bitstr.c
  releng/9.3/crypto/openssl/crypto/asn1/a_bool.c
  releng/9.3/crypto/openssl/crypto/asn1/a_bytes.c
  releng/9.3/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/9.3/crypto/openssl/crypto/asn1/a_digest.c
  releng/9.3/crypto/openssl/crypto/asn1/a_dup.c
  releng/9.3/crypto/openssl/crypto/asn1/a_enum.c
  releng/9.3/crypto/openssl/crypto/asn1/a_gentm.c
  releng/9.3/crypto/openssl/crypto/asn1/a_hdr.c
  releng/9.3/crypto/openssl/crypto/asn1/a_i2d_fp.c
  releng/9.3/crypto/openssl/crypto/asn1/a_int.c
  releng/9.3/crypto/openssl/crypto/asn1/a_mbstr.c
  releng/9.3/crypto/openssl/crypto/asn1/a_meth.c
  releng/9.3/crypto/openssl/crypto/asn1/a_object.c
  releng/9.3/crypto/openssl/crypto/asn1/a_octet.c
  releng/9.3/crypto/openssl/crypto/asn1/a_print.c
  releng/9.3/crypto/openssl/crypto/asn1/a_set.c
  releng/9.3/crypto/openssl/crypto/asn1/a_sign.c
  releng/9.3/crypto/openssl/crypto/asn1/a_strex.c
  releng/9.3/crypto/openssl/crypto/asn1/a_strnid.c
  releng/9.3/crypto/openssl/crypto/asn1/a_time.c
  releng/9.3/crypto/openssl/crypto/asn1/a_type.c
  releng/9.3/crypto/openssl/crypto/asn1/a_utctm.c
  releng/9.3/crypto/openssl/crypto/asn1/a_utf8.c
  releng/9.3/crypto/openssl/crypto/asn1/a_verify.c
  releng/9.3/crypto/openssl/crypto/asn1/asn1.h
  releng/9.3/crypto/openssl/crypto/asn1/asn1_err.c
  releng/9.3/crypto/openssl/crypto/asn1/asn1_gen.c
  releng/9.3/crypto/openssl/crypto/asn1/asn1_lib.c
  releng/9.3/crypto/openssl/crypto/asn1/asn1_mac.h
  releng/9.3/crypto/openssl/crypto/asn1/asn1_par.c
  releng/9.3/crypto/openssl/crypto/asn1/asn1t.h
  releng/9.3/crypto/openssl/crypto/asn1/asn_mime.c
  releng/9.3/crypto/openssl/crypto/asn1/asn_moid.c
  releng/9.3/crypto/openssl/crypto/asn1/asn_pack.c
  releng/9.3/crypto/openssl/crypto/asn1/charmap.h
  releng/9.3/crypto/openssl/crypto/asn1/d2i_pr.c
  releng/9.3/crypto/openssl/crypto/asn1/d2i_pu.c
  releng/9.3/crypto/openssl/crypto/asn1/evp_asn1.c
  releng/9.3/crypto/openssl/crypto/asn1/f_enum.c
  releng/9.3/crypto/openssl/crypto/asn1/f_int.c
  releng/9.3/crypto/openssl/crypto/asn1/f_string.c
  releng/9.3/crypto/openssl/crypto/asn1/i2d_pr.c
  releng/9.3/crypto/openssl/crypto/asn1/i2d_pu.c
  releng/9.3/crypto/openssl/crypto/asn1/n_pkey.c
  releng/9.3/crypto/openssl/crypto/asn1/nsseq.c
  releng/9.3/crypto/openssl/crypto/asn1/p5_pbe.c
  releng/9.3/crypto/openssl/crypto/asn1/p5_pbev2.c
  releng/9.3/crypto/openssl/crypto/asn1/p8_key.c
  releng/9.3/crypto/openssl/crypto/asn1/p8_pkey.c
  releng/9.3/crypto/openssl/crypto/asn1/t_bitst.c
  releng/9.3/crypto/openssl/crypto/asn1/t_crl.c
  releng/9.3/crypto/openssl/crypto/asn1/t_pkey.c
  releng/9.3/crypto/openssl/crypto/asn1/t_req.c
  releng/9.3/crypto/openssl/crypto/asn1/t_spki.c
  releng/9.3/crypto/openssl/crypto/asn1/t_x509.c
  releng/9.3/crypto/openssl/crypto/asn1/t_x509a.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_enc.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_fre.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_new.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_prn.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_typ.c
  releng/9.3/crypto/openssl/crypto/asn1/tasn_utl.c
  releng/9.3/crypto/openssl/crypto/asn1/x_algor.c
  releng/9.3/crypto/openssl/crypto/asn1/x_attrib.c
  releng/9.3/crypto/openssl/crypto/asn1/x_bignum.c
  releng/9.3/crypto/openssl/crypto/asn1/x_crl.c
  releng/9.3/crypto/openssl/crypto/asn1/x_exten.c
  releng/9.3/crypto/openssl/crypto/asn1/x_info.c
  releng/9.3/crypto/openssl/crypto/asn1/x_long.c
  releng/9.3/crypto/openssl/crypto/asn1/x_name.c
  releng/9.3/crypto/openssl/crypto/asn1/x_pkey.c
  releng/9.3/crypto/openssl/crypto/asn1/x_pubkey.c
  releng/9.3/crypto/openssl/crypto/asn1/x_req.c
  releng/9.3/crypto/openssl/crypto/asn1/x_sig.c
  releng/9.3/crypto/openssl/crypto/asn1/x_spki.c
  releng/9.3/crypto/openssl/crypto/asn1/x_val.c
  releng/9.3/crypto/openssl/crypto/asn1/x_x509.c
  releng/9.3/crypto/openssl/crypto/asn1/x_x509a.c
  releng/9.3/crypto/openssl/crypto/bf/bf_cbc.c
  releng/9.3/crypto/openssl/crypto/bf/bf_cfb64.c
  releng/9.3/crypto/openssl/crypto/bf/bf_ecb.c
  releng/9.3/crypto/openssl/crypto/bf/bf_enc.c
  releng/9.3/crypto/openssl/crypto/bf/bf_locl.h
  releng/9.3/crypto/openssl/crypto/bf/bf_ofb64.c
  releng/9.3/crypto/openssl/crypto/bf/bf_opts.c
  releng/9.3/crypto/openssl/crypto/bf/bf_pi.h
  releng/9.3/crypto/openssl/crypto/bf/bf_skey.c
  releng/9.3/crypto/openssl/crypto/bf/bfspeed.c
  releng/9.3/crypto/openssl/crypto/bf/bftest.c
  releng/9.3/crypto/openssl/crypto/bf/blowfish.h
  releng/9.3/crypto/openssl/crypto/bio/b_dump.c
  releng/9.3/crypto/openssl/crypto/bio/b_print.c
  releng/9.3/crypto/openssl/crypto/bio/b_sock.c
  releng/9.3/crypto/openssl/crypto/bio/bf_buff.c
  releng/9.3/crypto/openssl/crypto/bio/bf_lbuf.c
  releng/9.3/crypto/openssl/crypto/bio/bf_nbio.c
  releng/9.3/crypto/openssl/crypto/bio/bf_null.c
  releng/9.3/crypto/openssl/crypto/bio/bio.h
  releng/9.3/crypto/openssl/crypto/bio/bio_cb.c
  releng/9.3/crypto/openssl/crypto/bio/bio_err.c
  releng/9.3/crypto/openssl/crypto/bio/bio_lcl.h
  releng/9.3/crypto/openssl/crypto/bio/bio_lib.c
  releng/9.3/crypto/openssl/crypto/bio/bss_acpt.c
  releng/9.3/crypto/openssl/crypto/bio/bss_bio.c
  releng/9.3/crypto/openssl/crypto/bio/bss_conn.c
  releng/9.3/crypto/openssl/crypto/bio/bss_dgram.c
  releng/9.3/crypto/openssl/crypto/bio/bss_fd.c
  releng/9.3/crypto/openssl/crypto/bio/bss_file.c
  releng/9.3/crypto/openssl/crypto/bio/bss_log.c
  releng/9.3/crypto/openssl/crypto/bio/bss_mem.c
  releng/9.3/crypto/openssl/crypto/bio/bss_null.c
  releng/9.3/crypto/openssl/crypto/bio/bss_rtcp.c
  releng/9.3/crypto/openssl/crypto/bio/bss_sock.c
  releng/9.3/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
  releng/9.3/crypto/openssl/crypto/bn/bn.h
  releng/9.3/crypto/openssl/crypto/bn/bn_add.c
  releng/9.3/crypto/openssl/crypto/bn/bn_asm.c
  releng/9.3/crypto/openssl/crypto/bn/bn_blind.c
  releng/9.3/crypto/openssl/crypto/bn/bn_const.c
  releng/9.3/crypto/openssl/crypto/bn/bn_ctx.c
  releng/9.3/crypto/openssl/crypto/bn/bn_depr.c
  releng/9.3/crypto/openssl/crypto/bn/bn_div.c
  releng/9.3/crypto/openssl/crypto/bn/bn_err.c
  releng/9.3/crypto/openssl/crypto/bn/bn_exp.c
  releng/9.3/crypto/openssl/crypto/bn/bn_exp2.c
  releng/9.3/crypto/openssl/crypto/bn/bn_gcd.c
  releng/9.3/crypto/openssl/crypto/bn/bn_gf2m.c
  releng/9.3/crypto/openssl/crypto/bn/bn_kron.c
  releng/9.3/crypto/openssl/crypto/bn/bn_lcl.h
  releng/9.3/crypto/openssl/crypto/bn/bn_lib.c
  releng/9.3/crypto/openssl/crypto/bn/bn_mod.c
  releng/9.3/crypto/openssl/crypto/bn/bn_mont.c
  releng/9.3/crypto/openssl/crypto/bn/bn_mpi.c
  releng/9.3/crypto/openssl/crypto/bn/bn_mul.c
  releng/9.3/crypto/openssl/crypto/bn/bn_nist.c
  releng/9.3/crypto/openssl/crypto/bn/bn_opt.c
  releng/9.3/crypto/openssl/crypto/bn/bn_prime.c
  releng/9.3/crypto/openssl/crypto/bn/bn_prime.h
  releng/9.3/crypto/openssl/crypto/bn/bn_print.c
  releng/9.3/crypto/openssl/crypto/bn/bn_rand.c
  releng/9.3/crypto/openssl/crypto/bn/bn_recp.c
  releng/9.3/crypto/openssl/crypto/bn/bn_shift.c
  releng/9.3/crypto/openssl/crypto/bn/bn_sqr.c
  releng/9.3/crypto/openssl/crypto/bn/bn_sqrt.c
  releng/9.3/crypto/openssl/crypto/bn/bn_word.c
  releng/9.3/crypto/openssl/crypto/bn/bn_x931p.c
  releng/9.3/crypto/openssl/crypto/bn/bnspeed.c
  releng/9.3/crypto/openssl/crypto/bn/bntest.c
  releng/9.3/crypto/openssl/crypto/bn/divtest.c
  releng/9.3/crypto/openssl/crypto/bn/exp.c
  releng/9.3/crypto/openssl/crypto/bn/expspeed.c
  releng/9.3/crypto/openssl/crypto/bn/exptest.c
  releng/9.3/crypto/openssl/crypto/buffer/buf_err.c
  releng/9.3/crypto/openssl/crypto/buffer/buf_str.c
  releng/9.3/crypto/openssl/crypto/buffer/buffer.c
  releng/9.3/crypto/openssl/crypto/buffer/buffer.h
  releng/9.3/crypto/openssl/crypto/camellia/camellia.c
  releng/9.3/crypto/openssl/crypto/camellia/camellia.h
  releng/9.3/crypto/openssl/crypto/camellia/cmll_cbc.c
  releng/9.3/crypto/openssl/crypto/camellia/cmll_cfb.c
  releng/9.3/crypto/openssl/crypto/camellia/cmll_ctr.c
  releng/9.3/crypto/openssl/crypto/camellia/cmll_ecb.c
  releng/9.3/crypto/openssl/crypto/camellia/cmll_locl.h
  releng/9.3/crypto/openssl/crypto/camellia/cmll_misc.c
  releng/9.3/crypto/openssl/crypto/camellia/cmll_ofb.c
  releng/9.3/crypto/openssl/crypto/cast/c_cfb64.c
  releng/9.3/crypto/openssl/crypto/cast/c_ecb.c
  releng/9.3/crypto/openssl/crypto/cast/c_enc.c
  releng/9.3/crypto/openssl/crypto/cast/c_ofb64.c
  releng/9.3/crypto/openssl/crypto/cast/c_skey.c
  releng/9.3/crypto/openssl/crypto/cast/cast.h
  releng/9.3/crypto/openssl/crypto/cast/cast_lcl.h
  releng/9.3/crypto/openssl/crypto/cast/cast_s.h
  releng/9.3/crypto/openssl/crypto/cast/cast_spd.c
  releng/9.3/crypto/openssl/crypto/cast/castopts.c
  releng/9.3/crypto/openssl/crypto/cast/casttest.c
  releng/9.3/crypto/openssl/crypto/cms/cms.h
  releng/9.3/crypto/openssl/crypto/cms/cms_asn1.c
  releng/9.3/crypto/openssl/crypto/cms/cms_att.c
  releng/9.3/crypto/openssl/crypto/cms/cms_cd.c
  releng/9.3/crypto/openssl/crypto/cms/cms_dd.c
  releng/9.3/crypto/openssl/crypto/cms/cms_enc.c
  releng/9.3/crypto/openssl/crypto/cms/cms_env.c
  releng/9.3/crypto/openssl/crypto/cms/cms_err.c
  releng/9.3/crypto/openssl/crypto/cms/cms_ess.c
  releng/9.3/crypto/openssl/crypto/cms/cms_io.c
  releng/9.3/crypto/openssl/crypto/cms/cms_lcl.h
  releng/9.3/crypto/openssl/crypto/cms/cms_lib.c
  releng/9.3/crypto/openssl/crypto/cms/cms_sd.c
  releng/9.3/crypto/openssl/crypto/cms/cms_smime.c
  releng/9.3/crypto/openssl/crypto/comp/c_rle.c
  releng/9.3/crypto/openssl/crypto/comp/c_zlib.c
  releng/9.3/crypto/openssl/crypto/comp/comp.h
  releng/9.3/crypto/openssl/crypto/comp/comp_err.c
  releng/9.3/crypto/openssl/crypto/comp/comp_lib.c
  releng/9.3/crypto/openssl/crypto/conf/cnf_save.c
  releng/9.3/crypto/openssl/crypto/conf/conf.h
  releng/9.3/crypto/openssl/crypto/conf/conf_api.c
  releng/9.3/crypto/openssl/crypto/conf/conf_api.h
  releng/9.3/crypto/openssl/crypto/conf/conf_def.c
  releng/9.3/crypto/openssl/crypto/conf/conf_def.h
  releng/9.3/crypto/openssl/crypto/conf/conf_err.c
  releng/9.3/crypto/openssl/crypto/conf/conf_lib.c
  releng/9.3/crypto/openssl/crypto/conf/conf_mall.c
  releng/9.3/crypto/openssl/crypto/conf/conf_mod.c
  releng/9.3/crypto/openssl/crypto/conf/conf_sap.c
  releng/9.3/crypto/openssl/crypto/conf/test.c
  releng/9.3/crypto/openssl/crypto/constant_time_locl.h
  releng/9.3/crypto/openssl/crypto/constant_time_test.c
  releng/9.3/crypto/openssl/crypto/cpt_err.c
  releng/9.3/crypto/openssl/crypto/cryptlib.c
  releng/9.3/crypto/openssl/crypto/cryptlib.h
  releng/9.3/crypto/openssl/crypto/crypto.h
  releng/9.3/crypto/openssl/crypto/cversion.c
  releng/9.3/crypto/openssl/crypto/des/cbc3_enc.c
  releng/9.3/crypto/openssl/crypto/des/cbc_cksm.c
  releng/9.3/crypto/openssl/crypto/des/cbc_enc.c
  releng/9.3/crypto/openssl/crypto/des/cfb64ede.c
  releng/9.3/crypto/openssl/crypto/des/cfb64enc.c
  releng/9.3/crypto/openssl/crypto/des/cfb_enc.c
  releng/9.3/crypto/openssl/crypto/des/des.c
  releng/9.3/crypto/openssl/crypto/des/des.h
  releng/9.3/crypto/openssl/crypto/des/des_enc.c
  releng/9.3/crypto/openssl/crypto/des/des_lib.c
  releng/9.3/crypto/openssl/crypto/des/des_locl.h
  releng/9.3/crypto/openssl/crypto/des/des_old.c
  releng/9.3/crypto/openssl/crypto/des/des_old.h
  releng/9.3/crypto/openssl/crypto/des/des_old2.c
  releng/9.3/crypto/openssl/crypto/des/des_opts.c
  releng/9.3/crypto/openssl/crypto/des/des_ver.h
  releng/9.3/crypto/openssl/crypto/des/destest.c
  releng/9.3/crypto/openssl/crypto/des/ecb3_enc.c
  releng/9.3/crypto/openssl/crypto/des/ecb_enc.c
  releng/9.3/crypto/openssl/crypto/des/ede_cbcm_enc.c
  releng/9.3/crypto/openssl/crypto/des/enc_read.c
  releng/9.3/crypto/openssl/crypto/des/enc_writ.c
  releng/9.3/crypto/openssl/crypto/des/fcrypt.c
  releng/9.3/crypto/openssl/crypto/des/fcrypt_b.c
  releng/9.3/crypto/openssl/crypto/des/ncbc_enc.c
  releng/9.3/crypto/openssl/crypto/des/ofb64ede.c
  releng/9.3/crypto/openssl/crypto/des/ofb64enc.c
  releng/9.3/crypto/openssl/crypto/des/ofb_enc.c
  releng/9.3/crypto/openssl/crypto/des/pcbc_enc.c
  releng/9.3/crypto/openssl/crypto/des/qud_cksm.c
  releng/9.3/crypto/openssl/crypto/des/rand_key.c
  releng/9.3/crypto/openssl/crypto/des/read2pwd.c
  releng/9.3/crypto/openssl/crypto/des/read_pwd.c
  releng/9.3/crypto/openssl/crypto/des/rpc_des.h
  releng/9.3/crypto/openssl/crypto/des/rpc_enc.c
  releng/9.3/crypto/openssl/crypto/des/rpw.c
  releng/9.3/crypto/openssl/crypto/des/set_key.c
  releng/9.3/crypto/openssl/crypto/des/speed.c
  releng/9.3/crypto/openssl/crypto/des/spr.h
  releng/9.3/crypto/openssl/crypto/des/str2key.c
  releng/9.3/crypto/openssl/crypto/des/xcbc_enc.c
  releng/9.3/crypto/openssl/crypto/dh/dh.h
  releng/9.3/crypto/openssl/crypto/dh/dh_asn1.c
  releng/9.3/crypto/openssl/crypto/dh/dh_check.c
  releng/9.3/crypto/openssl/crypto/dh/dh_depr.c
  releng/9.3/crypto/openssl/crypto/dh/dh_err.c
  releng/9.3/crypto/openssl/crypto/dh/dh_gen.c
  releng/9.3/crypto/openssl/crypto/dh/dh_key.c
  releng/9.3/crypto/openssl/crypto/dh/dh_lib.c
  releng/9.3/crypto/openssl/crypto/dh/dhtest.c
  releng/9.3/crypto/openssl/crypto/dh/p1024.c
  releng/9.3/crypto/openssl/crypto/dh/p192.c
  releng/9.3/crypto/openssl/crypto/dh/p512.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa.h
  releng/9.3/crypto/openssl/crypto/dsa/dsa_asn1.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_depr.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_err.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_gen.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_key.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_lib.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_ossl.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_sign.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_utl.c
  releng/9.3/crypto/openssl/crypto/dsa/dsa_vrf.c
  releng/9.3/crypto/openssl/crypto/dsa/dsagen.c
  releng/9.3/crypto/openssl/crypto/dsa/dsatest.c
  releng/9.3/crypto/openssl/crypto/dso/dso.h
  releng/9.3/crypto/openssl/crypto/dso/dso_dl.c
  releng/9.3/crypto/openssl/crypto/dso/dso_dlfcn.c
  releng/9.3/crypto/openssl/crypto/dso/dso_err.c
  releng/9.3/crypto/openssl/crypto/dso/dso_lib.c
  releng/9.3/crypto/openssl/crypto/dso/dso_null.c
  releng/9.3/crypto/openssl/crypto/dso/dso_openssl.c
  releng/9.3/crypto/openssl/crypto/dyn_lck.c
  releng/9.3/crypto/openssl/crypto/ebcdic.c
  releng/9.3/crypto/openssl/crypto/ebcdic.h
  releng/9.3/crypto/openssl/crypto/ec/ec.h
  releng/9.3/crypto/openssl/crypto/ec/ec2_mult.c
  releng/9.3/crypto/openssl/crypto/ec/ec2_smpl.c
  releng/9.3/crypto/openssl/crypto/ec/ec2_smpt.c
  releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c
  releng/9.3/crypto/openssl/crypto/ec/ec_check.c
  releng/9.3/crypto/openssl/crypto/ec/ec_curve.c
  releng/9.3/crypto/openssl/crypto/ec/ec_cvt.c
  releng/9.3/crypto/openssl/crypto/ec/ec_err.c
  releng/9.3/crypto/openssl/crypto/ec/ec_key.c
  releng/9.3/crypto/openssl/crypto/ec/ec_lcl.h
  releng/9.3/crypto/openssl/crypto/ec/ec_lib.c
  releng/9.3/crypto/openssl/crypto/ec/ec_mult.c
  releng/9.3/crypto/openssl/crypto/ec/ec_print.c
  releng/9.3/crypto/openssl/crypto/ec/ecp_mont.c
  releng/9.3/crypto/openssl/crypto/ec/ecp_nist.c
  releng/9.3/crypto/openssl/crypto/ec/ecp_smpl.c
  releng/9.3/crypto/openssl/crypto/ec/ectest.c
  releng/9.3/crypto/openssl/crypto/ecdh/ecdh.h
  releng/9.3/crypto/openssl/crypto/ecdh/ecdhtest.c
  releng/9.3/crypto/openssl/crypto/ecdh/ech_err.c
  releng/9.3/crypto/openssl/crypto/ecdh/ech_key.c
  releng/9.3/crypto/openssl/crypto/ecdh/ech_lib.c
  releng/9.3/crypto/openssl/crypto/ecdh/ech_locl.h
  releng/9.3/crypto/openssl/crypto/ecdh/ech_ossl.c
  releng/9.3/crypto/openssl/crypto/ecdsa/Makefile
  releng/9.3/crypto/openssl/crypto/ecdsa/ecdsa.h
  releng/9.3/crypto/openssl/crypto/ecdsa/ecdsatest.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_asn1.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_err.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_lib.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_locl.h
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_ossl.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_sign.c
  releng/9.3/crypto/openssl/crypto/ecdsa/ecs_vrf.c
  releng/9.3/crypto/openssl/crypto/engine/eng_all.c
  releng/9.3/crypto/openssl/crypto/engine/eng_cnf.c
  releng/9.3/crypto/openssl/crypto/engine/eng_cryptodev.c
  releng/9.3/crypto/openssl/crypto/engine/eng_ctrl.c
  releng/9.3/crypto/openssl/crypto/engine/eng_dyn.c
  releng/9.3/crypto/openssl/crypto/engine/eng_err.c
  releng/9.3/crypto/openssl/crypto/engine/eng_fat.c
  releng/9.3/crypto/openssl/crypto/engine/eng_init.c
  releng/9.3/crypto/openssl/crypto/engine/eng_int.h
  releng/9.3/crypto/openssl/crypto/engine/eng_lib.c
  releng/9.3/crypto/openssl/crypto/engine/eng_list.c
  releng/9.3/crypto/openssl/crypto/engine/eng_openssl.c
  releng/9.3/crypto/openssl/crypto/engine/eng_padlock.c
  releng/9.3/crypto/openssl/crypto/engine/eng_pkey.c
  releng/9.3/crypto/openssl/crypto/engine/eng_table.c
  releng/9.3/crypto/openssl/crypto/engine/engine.h
  releng/9.3/crypto/openssl/crypto/engine/enginetest.c
  releng/9.3/crypto/openssl/crypto/engine/tb_cipher.c
  releng/9.3/crypto/openssl/crypto/engine/tb_dh.c
  releng/9.3/crypto/openssl/crypto/engine/tb_digest.c
  releng/9.3/crypto/openssl/crypto/engine/tb_dsa.c
  releng/9.3/crypto/openssl/crypto/engine/tb_ecdh.c
  releng/9.3/crypto/openssl/crypto/engine/tb_ecdsa.c
  releng/9.3/crypto/openssl/crypto/engine/tb_rand.c
  releng/9.3/crypto/openssl/crypto/engine/tb_rsa.c
  releng/9.3/crypto/openssl/crypto/engine/tb_store.c
  releng/9.3/crypto/openssl/crypto/err/err.c
  releng/9.3/crypto/openssl/crypto/err/err.h
  releng/9.3/crypto/openssl/crypto/err/err_all.c
  releng/9.3/crypto/openssl/crypto/err/err_bio.c
  releng/9.3/crypto/openssl/crypto/err/err_def.c
  releng/9.3/crypto/openssl/crypto/err/err_prn.c
  releng/9.3/crypto/openssl/crypto/err/err_str.c
  releng/9.3/crypto/openssl/crypto/evp/bio_b64.c
  releng/9.3/crypto/openssl/crypto/evp/bio_enc.c
  releng/9.3/crypto/openssl/crypto/evp/bio_md.c
  releng/9.3/crypto/openssl/crypto/evp/bio_ok.c
  releng/9.3/crypto/openssl/crypto/evp/c_all.c
  releng/9.3/crypto/openssl/crypto/evp/c_allc.c
  releng/9.3/crypto/openssl/crypto/evp/c_alld.c
  releng/9.3/crypto/openssl/crypto/evp/dig_eng.c
  releng/9.3/crypto/openssl/crypto/evp/digest.c
  releng/9.3/crypto/openssl/crypto/evp/e_aes.c
  releng/9.3/crypto/openssl/crypto/evp/e_bf.c
  releng/9.3/crypto/openssl/crypto/evp/e_camellia.c
  releng/9.3/crypto/openssl/crypto/evp/e_cast.c
  releng/9.3/crypto/openssl/crypto/evp/e_des.c
  releng/9.3/crypto/openssl/crypto/evp/e_des3.c
  releng/9.3/crypto/openssl/crypto/evp/e_dsa.c
  releng/9.3/crypto/openssl/crypto/evp/e_idea.c
  releng/9.3/crypto/openssl/crypto/evp/e_null.c
  releng/9.3/crypto/openssl/crypto/evp/e_old.c
  releng/9.3/crypto/openssl/crypto/evp/e_rc2.c
  releng/9.3/crypto/openssl/crypto/evp/e_rc4.c
  releng/9.3/crypto/openssl/crypto/evp/e_rc5.c
  releng/9.3/crypto/openssl/crypto/evp/e_seed.c
  releng/9.3/crypto/openssl/crypto/evp/e_xcbc_d.c
  releng/9.3/crypto/openssl/crypto/evp/enc_min.c
  releng/9.3/crypto/openssl/crypto/evp/encode.c
  releng/9.3/crypto/openssl/crypto/evp/evp.h
  releng/9.3/crypto/openssl/crypto/evp/evp_acnf.c
  releng/9.3/crypto/openssl/crypto/evp/evp_cnf.c
  releng/9.3/crypto/openssl/crypto/evp/evp_enc.c
  releng/9.3/crypto/openssl/crypto/evp/evp_err.c
  releng/9.3/crypto/openssl/crypto/evp/evp_key.c
  releng/9.3/crypto/openssl/crypto/evp/evp_lib.c
  releng/9.3/crypto/openssl/crypto/evp/evp_locl.h
  releng/9.3/crypto/openssl/crypto/evp/evp_pbe.c
  releng/9.3/crypto/openssl/crypto/evp/evp_pkey.c
  releng/9.3/crypto/openssl/crypto/evp/evp_test.c
  releng/9.3/crypto/openssl/crypto/evp/m_dss.c
  releng/9.3/crypto/openssl/crypto/evp/m_dss1.c
  releng/9.3/crypto/openssl/crypto/evp/m_ecdsa.c
  releng/9.3/crypto/openssl/crypto/evp/m_md2.c
  releng/9.3/crypto/openssl/crypto/evp/m_md4.c
  releng/9.3/crypto/openssl/crypto/evp/m_md5.c
  releng/9.3/crypto/openssl/crypto/evp/m_mdc2.c
  releng/9.3/crypto/openssl/crypto/evp/m_null.c
  releng/9.3/crypto/openssl/crypto/evp/m_ripemd.c
  releng/9.3/crypto/openssl/crypto/evp/m_sha.c
  releng/9.3/crypto/openssl/crypto/evp/m_sha1.c
  releng/9.3/crypto/openssl/crypto/evp/names.c
  releng/9.3/crypto/openssl/crypto/evp/openbsd_hw.c
  releng/9.3/crypto/openssl/crypto/evp/p5_crpt.c
  releng/9.3/crypto/openssl/crypto/evp/p5_crpt2.c
  releng/9.3/crypto/openssl/crypto/evp/p_dec.c
  releng/9.3/crypto/openssl/crypto/evp/p_enc.c
  releng/9.3/crypto/openssl/crypto/evp/p_lib.c
  releng/9.3/crypto/openssl/crypto/evp/p_open.c
  releng/9.3/crypto/openssl/crypto/evp/p_seal.c
  releng/9.3/crypto/openssl/crypto/evp/p_sign.c
  releng/9.3/crypto/openssl/crypto/evp/p_verify.c
  releng/9.3/crypto/openssl/crypto/ex_data.c
  releng/9.3/crypto/openssl/crypto/fips_err.c
  releng/9.3/crypto/openssl/crypto/fips_err.h
  releng/9.3/crypto/openssl/crypto/hmac/hmac.c
  releng/9.3/crypto/openssl/crypto/hmac/hmac.h
  releng/9.3/crypto/openssl/crypto/hmac/hmactest.c
  releng/9.3/crypto/openssl/crypto/idea/i_cbc.c
  releng/9.3/crypto/openssl/crypto/idea/i_cfb64.c
  releng/9.3/crypto/openssl/crypto/idea/i_ecb.c
  releng/9.3/crypto/openssl/crypto/idea/i_ofb64.c
  releng/9.3/crypto/openssl/crypto/idea/i_skey.c
  releng/9.3/crypto/openssl/crypto/idea/idea.h
  releng/9.3/crypto/openssl/crypto/idea/idea_lcl.h
  releng/9.3/crypto/openssl/crypto/idea/idea_spd.c
  releng/9.3/crypto/openssl/crypto/idea/ideatest.c
  releng/9.3/crypto/openssl/crypto/jpake/jpake.c
  releng/9.3/crypto/openssl/crypto/jpake/jpake.h
  releng/9.3/crypto/openssl/crypto/jpake/jpake_err.c
  releng/9.3/crypto/openssl/crypto/jpake/jpaketest.c
  releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.c
  releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.h
  releng/9.3/crypto/openssl/crypto/lhash/lh_stats.c
  releng/9.3/crypto/openssl/crypto/lhash/lh_test.c
  releng/9.3/crypto/openssl/crypto/lhash/lhash.c
  releng/9.3/crypto/openssl/crypto/lhash/lhash.h
  releng/9.3/crypto/openssl/crypto/md2/md2.c
  releng/9.3/crypto/openssl/crypto/md2/md2.h
  releng/9.3/crypto/openssl/crypto/md2/md2_dgst.c
  releng/9.3/crypto/openssl/crypto/md2/md2_one.c
  releng/9.3/crypto/openssl/crypto/md2/md2test.c
  releng/9.3/crypto/openssl/crypto/md32_common.h
  releng/9.3/crypto/openssl/crypto/md4/md4.c
  releng/9.3/crypto/openssl/crypto/md4/md4.h
  releng/9.3/crypto/openssl/crypto/md4/md4_dgst.c
  releng/9.3/crypto/openssl/crypto/md4/md4_locl.h
  releng/9.3/crypto/openssl/crypto/md4/md4_one.c
  releng/9.3/crypto/openssl/crypto/md4/md4test.c
  releng/9.3/crypto/openssl/crypto/md5/md5.c
  releng/9.3/crypto/openssl/crypto/md5/md5.h
  releng/9.3/crypto/openssl/crypto/md5/md5_dgst.c
  releng/9.3/crypto/openssl/crypto/md5/md5_locl.h
  releng/9.3/crypto/openssl/crypto/md5/md5_one.c
  releng/9.3/crypto/openssl/crypto/md5/md5test.c
  releng/9.3/crypto/openssl/crypto/mdc2/mdc2.h
  releng/9.3/crypto/openssl/crypto/mdc2/mdc2_one.c
  releng/9.3/crypto/openssl/crypto/mdc2/mdc2dgst.c
  releng/9.3/crypto/openssl/crypto/mdc2/mdc2test.c
  releng/9.3/crypto/openssl/crypto/mem.c
  releng/9.3/crypto/openssl/crypto/mem_clr.c
  releng/9.3/crypto/openssl/crypto/mem_dbg.c
  releng/9.3/crypto/openssl/crypto/o_dir.c
  releng/9.3/crypto/openssl/crypto/o_dir.h
  releng/9.3/crypto/openssl/crypto/o_dir_test.c
  releng/9.3/crypto/openssl/crypto/o_init.c
  releng/9.3/crypto/openssl/crypto/o_str.c
  releng/9.3/crypto/openssl/crypto/o_str.h
  releng/9.3/crypto/openssl/crypto/o_time.c
  releng/9.3/crypto/openssl/crypto/o_time.h
  releng/9.3/crypto/openssl/crypto/objects/o_names.c
  releng/9.3/crypto/openssl/crypto/objects/obj_dat.c
  releng/9.3/crypto/openssl/crypto/objects/obj_err.c
  releng/9.3/crypto/openssl/crypto/objects/obj_lib.c
  releng/9.3/crypto/openssl/crypto/objects/obj_mac.h
  releng/9.3/crypto/openssl/crypto/objects/objects.h
  releng/9.3/crypto/openssl/crypto/objects/objects.pl
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp.h
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_asn.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_cl.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_err.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ext.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ht.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_lib.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_prn.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_srv.c
  releng/9.3/crypto/openssl/crypto/ocsp/ocsp_vfy.c
  releng/9.3/crypto/openssl/crypto/opensslv.h
  releng/9.3/crypto/openssl/crypto/ossl_typ.h
  releng/9.3/crypto/openssl/crypto/pem/pem.h
  releng/9.3/crypto/openssl/crypto/pem/pem2.h
  releng/9.3/crypto/openssl/crypto/pem/pem_all.c
  releng/9.3/crypto/openssl/crypto/pem/pem_err.c
  releng/9.3/crypto/openssl/crypto/pem/pem_info.c
  releng/9.3/crypto/openssl/crypto/pem/pem_lib.c
  releng/9.3/crypto/openssl/crypto/pem/pem_oth.c
  releng/9.3/crypto/openssl/crypto/pem/pem_pk8.c
  releng/9.3/crypto/openssl/crypto/pem/pem_pkey.c
  releng/9.3/crypto/openssl/crypto/pem/pem_seal.c
  releng/9.3/crypto/openssl/crypto/pem/pem_sign.c
  releng/9.3/crypto/openssl/crypto/pem/pem_x509.c
  releng/9.3/crypto/openssl/crypto/pem/pem_xaux.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_add.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_asn.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_attr.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_crpt.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_crt.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_decr.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_init.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_key.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_kiss.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_mutl.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_npas.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8d.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8e.c
  releng/9.3/crypto/openssl/crypto/pkcs12/p12_utl.c
  releng/9.3/crypto/openssl/crypto/pkcs12/pk12err.c
  releng/9.3/crypto/openssl/crypto/pkcs12/pkcs12.h
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_asn1.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_attr.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_dgst.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_enc.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_mime.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_smime.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7.h
  releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7err.c
  releng/9.3/crypto/openssl/crypto/pqueue/pq_compat.h
  releng/9.3/crypto/openssl/crypto/pqueue/pq_test.c
  releng/9.3/crypto/openssl/crypto/pqueue/pqueue.c
  releng/9.3/crypto/openssl/crypto/pqueue/pqueue.h
  releng/9.3/crypto/openssl/crypto/rand/md_rand.c
  releng/9.3/crypto/openssl/crypto/rand/rand.h
  releng/9.3/crypto/openssl/crypto/rand/rand_egd.c
  releng/9.3/crypto/openssl/crypto/rand/rand_eng.c
  releng/9.3/crypto/openssl/crypto/rand/rand_err.c
  releng/9.3/crypto/openssl/crypto/rand/rand_lcl.h
  releng/9.3/crypto/openssl/crypto/rand/rand_lib.c
  releng/9.3/crypto/openssl/crypto/rand/rand_nw.c
  releng/9.3/crypto/openssl/crypto/rand/rand_os2.c
  releng/9.3/crypto/openssl/crypto/rand/rand_unix.c
  releng/9.3/crypto/openssl/crypto/rand/rand_vms.c
  releng/9.3/crypto/openssl/crypto/rand/rand_win.c
  releng/9.3/crypto/openssl/crypto/rand/randfile.c
  releng/9.3/crypto/openssl/crypto/rand/randtest.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2.h
  releng/9.3/crypto/openssl/crypto/rc2/rc2_cbc.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2_ecb.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2_locl.h
  releng/9.3/crypto/openssl/crypto/rc2/rc2_skey.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2cfb64.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2ofb64.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2speed.c
  releng/9.3/crypto/openssl/crypto/rc2/rc2test.c
  releng/9.3/crypto/openssl/crypto/rc2/tab.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4.h
  releng/9.3/crypto/openssl/crypto/rc4/rc4_enc.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4_fblk.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4_locl.h
  releng/9.3/crypto/openssl/crypto/rc4/rc4_skey.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4speed.c
  releng/9.3/crypto/openssl/crypto/rc4/rc4test.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5.h
  releng/9.3/crypto/openssl/crypto/rc5/rc5_ecb.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5_enc.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5_locl.h
  releng/9.3/crypto/openssl/crypto/rc5/rc5_skey.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5cfb64.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5ofb64.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5speed.c
  releng/9.3/crypto/openssl/crypto/rc5/rc5test.c
  releng/9.3/crypto/openssl/crypto/ripemd/ripemd.h
  releng/9.3/crypto/openssl/crypto/ripemd/rmd160.c
  releng/9.3/crypto/openssl/crypto/ripemd/rmd_dgst.c
  releng/9.3/crypto/openssl/crypto/ripemd/rmd_locl.h
  releng/9.3/crypto/openssl/crypto/ripemd/rmd_one.c
  releng/9.3/crypto/openssl/crypto/ripemd/rmdconst.h
  releng/9.3/crypto/openssl/crypto/ripemd/rmdtest.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa.h
  releng/9.3/crypto/openssl/crypto/rsa/rsa_asn1.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_chk.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_depr.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_eay.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_eng.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_err.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_gen.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_lib.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_none.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_null.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_oaep.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_pk1.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_pss.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_saos.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_sign.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_ssl.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_test.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_x931.c
  releng/9.3/crypto/openssl/crypto/rsa/rsa_x931g.c
  releng/9.3/crypto/openssl/crypto/seed/seed.c
  releng/9.3/crypto/openssl/crypto/seed/seed.h
  releng/9.3/crypto/openssl/crypto/seed/seed_cbc.c
  releng/9.3/crypto/openssl/crypto/seed/seed_cfb.c
  releng/9.3/crypto/openssl/crypto/seed/seed_ecb.c
  releng/9.3/crypto/openssl/crypto/seed/seed_locl.h
  releng/9.3/crypto/openssl/crypto/seed/seed_ofb.c
  releng/9.3/crypto/openssl/crypto/sha/sha.c
  releng/9.3/crypto/openssl/crypto/sha/sha.h
  releng/9.3/crypto/openssl/crypto/sha/sha1.c
  releng/9.3/crypto/openssl/crypto/sha/sha1_one.c
  releng/9.3/crypto/openssl/crypto/sha/sha1dgst.c
  releng/9.3/crypto/openssl/crypto/sha/sha1test.c
  releng/9.3/crypto/openssl/crypto/sha/sha256.c
  releng/9.3/crypto/openssl/crypto/sha/sha256t.c
  releng/9.3/crypto/openssl/crypto/sha/sha512.c
  releng/9.3/crypto/openssl/crypto/sha/sha512t.c
  releng/9.3/crypto/openssl/crypto/sha/sha_dgst.c
  releng/9.3/crypto/openssl/crypto/sha/sha_locl.h
  releng/9.3/crypto/openssl/crypto/sha/sha_one.c
  releng/9.3/crypto/openssl/crypto/sha/shatest.c
  releng/9.3/crypto/openssl/crypto/stack/safestack.h
  releng/9.3/crypto/openssl/crypto/stack/stack.c
  releng/9.3/crypto/openssl/crypto/stack/stack.h
  releng/9.3/crypto/openssl/crypto/store/store.h
  releng/9.3/crypto/openssl/crypto/store/str_err.c
  releng/9.3/crypto/openssl/crypto/store/str_lib.c
  releng/9.3/crypto/openssl/crypto/store/str_locl.h
  releng/9.3/crypto/openssl/crypto/store/str_mem.c
  releng/9.3/crypto/openssl/crypto/store/str_meth.c
  releng/9.3/crypto/openssl/crypto/symhacks.h
  releng/9.3/crypto/openssl/crypto/threads/mttest.c
  releng/9.3/crypto/openssl/crypto/threads/th-lock.c
  releng/9.3/crypto/openssl/crypto/tmdiff.c
  releng/9.3/crypto/openssl/crypto/tmdiff.h
  releng/9.3/crypto/openssl/crypto/txt_db/txt_db.c
  releng/9.3/crypto/openssl/crypto/txt_db/txt_db.h
  releng/9.3/crypto/openssl/crypto/ui/ui.h
  releng/9.3/crypto/openssl/crypto/ui/ui_compat.c
  releng/9.3/crypto/openssl/crypto/ui/ui_compat.h
  releng/9.3/crypto/openssl/crypto/ui/ui_err.c
  releng/9.3/crypto/openssl/crypto/ui/ui_lib.c
  releng/9.3/crypto/openssl/crypto/ui/ui_locl.h
  releng/9.3/crypto/openssl/crypto/ui/ui_openssl.c
  releng/9.3/crypto/openssl/crypto/ui/ui_util.c
  releng/9.3/crypto/openssl/crypto/uid.c
  releng/9.3/crypto/openssl/crypto/x509/by_dir.c
  releng/9.3/crypto/openssl/crypto/x509/by_file.c
  releng/9.3/crypto/openssl/crypto/x509/x509.h
  releng/9.3/crypto/openssl/crypto/x509/x509_att.c
  releng/9.3/crypto/openssl/crypto/x509/x509_cmp.c
  releng/9.3/crypto/openssl/crypto/x509/x509_d2.c
  releng/9.3/crypto/openssl/crypto/x509/x509_def.c
  releng/9.3/crypto/openssl/crypto/x509/x509_err.c
  releng/9.3/crypto/openssl/crypto/x509/x509_ext.c
  releng/9.3/crypto/openssl/crypto/x509/x509_lu.c
  releng/9.3/crypto/openssl/crypto/x509/x509_obj.c
  releng/9.3/crypto/openssl/crypto/x509/x509_r2x.c
  releng/9.3/crypto/openssl/crypto/x509/x509_req.c
  releng/9.3/crypto/openssl/crypto/x509/x509_set.c
  releng/9.3/crypto/openssl/crypto/x509/x509_trs.c
  releng/9.3/crypto/openssl/crypto/x509/x509_txt.c
  releng/9.3/crypto/openssl/crypto/x509/x509_v3.c
  releng/9.3/crypto/openssl/crypto/x509/x509_vfy.c
  releng/9.3/crypto/openssl/crypto/x509/x509_vfy.h
  releng/9.3/crypto/openssl/crypto/x509/x509_vpm.c
  releng/9.3/crypto/openssl/crypto/x509/x509cset.c
  releng/9.3/crypto/openssl/crypto/x509/x509name.c
  releng/9.3/crypto/openssl/crypto/x509/x509rset.c
  releng/9.3/crypto/openssl/crypto/x509/x509spki.c
  releng/9.3/crypto/openssl/crypto/x509/x509type.c
  releng/9.3/crypto/openssl/crypto/x509/x_all.c
  releng/9.3/crypto/openssl/crypto/x509v3/ext_dat.h
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_cache.c
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_data.c
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_int.h
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_lib.c
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_node.c
  releng/9.3/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/9.3/crypto/openssl/crypto/x509v3/tabtest.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_addr.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_akey.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_akeya.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_alt.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_asid.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_bcons.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_bitst.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_conf.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_cpols.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_crld.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_enum.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_extku.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_genn.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_ia5.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_info.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_int.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_lib.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_ncons.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_ocsp.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_pci.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_pcia.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_pcons.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_pku.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_pmaps.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_prn.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_purp.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_skey.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_sxnet.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3_utl.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3conf.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3err.c
  releng/9.3/crypto/openssl/crypto/x509v3/v3prin.c
  releng/9.3/crypto/openssl/crypto/x509v3/x509v3.h
  releng/9.3/crypto/openssl/demos/asn1/ocsp.c
  releng/9.3/crypto/openssl/demos/b64.c
  releng/9.3/crypto/openssl/demos/bio/saccept.c
  releng/9.3/crypto/openssl/demos/bio/sconnect.c
  releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.c
  releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.h
  releng/9.3/crypto/openssl/demos/easy_tls/test.c
  releng/9.3/crypto/openssl/demos/easy_tls/test.h
  releng/9.3/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
  releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
  releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
  releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
  releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
  releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
  releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
  releng/9.3/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
  releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.c
  releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.h
  releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
  releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
  releng/9.3/crypto/openssl/demos/jpake/jpakedemo.c
  releng/9.3/crypto/openssl/demos/pkcs12/pkread.c
  releng/9.3/crypto/openssl/demos/pkcs12/pkwrite.c
  releng/9.3/crypto/openssl/demos/prime/prime.c
  releng/9.3/crypto/openssl/demos/selfsign.c
  releng/9.3/crypto/openssl/demos/sign/sign.c
  releng/9.3/crypto/openssl/demos/spkigen.c
  releng/9.3/crypto/openssl/demos/state_machine/state_machine.c
  releng/9.3/crypto/openssl/demos/tunala/breakage.c
  releng/9.3/crypto/openssl/demos/tunala/buffer.c
  releng/9.3/crypto/openssl/demos/tunala/cb.c
  releng/9.3/crypto/openssl/demos/tunala/ip.c
  releng/9.3/crypto/openssl/demos/tunala/sm.c
  releng/9.3/crypto/openssl/demos/tunala/tunala.c
  releng/9.3/crypto/openssl/demos/tunala/tunala.h
  releng/9.3/crypto/openssl/demos/x509/mkcert.c
  releng/9.3/crypto/openssl/demos/x509/mkreq.c
  releng/9.3/crypto/openssl/doc/apps/ciphers.pod
  releng/9.3/crypto/openssl/doc/crypto/BN_rand.pod
  releng/9.3/crypto/openssl/doc/crypto/BN_set_bit.pod
  releng/9.3/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
  releng/9.3/crypto/openssl/doc/crypto/d2i_X509.pod
  releng/9.3/crypto/openssl/doc/crypto/pem.pod
  releng/9.3/crypto/openssl/e_os.h
  releng/9.3/crypto/openssl/e_os2.h
  releng/9.3/crypto/openssl/engines/e_4758cca.c
  releng/9.3/crypto/openssl/engines/e_4758cca_err.c
  releng/9.3/crypto/openssl/engines/e_4758cca_err.h
  releng/9.3/crypto/openssl/engines/e_aep.c
  releng/9.3/crypto/openssl/engines/e_aep_err.c
  releng/9.3/crypto/openssl/engines/e_aep_err.h
  releng/9.3/crypto/openssl/engines/e_atalla.c
  releng/9.3/crypto/openssl/engines/e_atalla_err.c
  releng/9.3/crypto/openssl/engines/e_atalla_err.h
  releng/9.3/crypto/openssl/engines/e_capi.c
  releng/9.3/crypto/openssl/engines/e_capi_err.c
  releng/9.3/crypto/openssl/engines/e_capi_err.h
  releng/9.3/crypto/openssl/engines/e_chil.c
  releng/9.3/crypto/openssl/engines/e_chil_err.c
  releng/9.3/crypto/openssl/engines/e_chil_err.h
  releng/9.3/crypto/openssl/engines/e_cswift.c
  releng/9.3/crypto/openssl/engines/e_cswift_err.c
  releng/9.3/crypto/openssl/engines/e_cswift_err.h
  releng/9.3/crypto/openssl/engines/e_gmp.c
  releng/9.3/crypto/openssl/engines/e_gmp_err.c
  releng/9.3/crypto/openssl/engines/e_gmp_err.h
  releng/9.3/crypto/openssl/engines/e_nuron.c
  releng/9.3/crypto/openssl/engines/e_nuron_err.c
  releng/9.3/crypto/openssl/engines/e_nuron_err.h
  releng/9.3/crypto/openssl/engines/e_sureware.c
  releng/9.3/crypto/openssl/engines/e_sureware_err.c
  releng/9.3/crypto/openssl/engines/e_sureware_err.h
  releng/9.3/crypto/openssl/engines/e_ubsec.c
  releng/9.3/crypto/openssl/engines/e_ubsec_err.c
  releng/9.3/crypto/openssl/engines/e_ubsec_err.h
  releng/9.3/crypto/openssl/engines/vendor_defns/aep.h
  releng/9.3/crypto/openssl/engines/vendor_defns/atalla.h
  releng/9.3/crypto/openssl/engines/vendor_defns/cswift.h
  releng/9.3/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
  releng/9.3/crypto/openssl/engines/vendor_defns/hw_ubsec.h
  releng/9.3/crypto/openssl/engines/vendor_defns/hwcryptohook.h
  releng/9.3/crypto/openssl/engines/vendor_defns/sureware.h
  releng/9.3/crypto/openssl/fips/aes/fips_aes_selftest.c
  releng/9.3/crypto/openssl/fips/aes/fips_aesavs.c
  releng/9.3/crypto/openssl/fips/des/fips_des_selftest.c
  releng/9.3/crypto/openssl/fips/des/fips_desmovs.c
  releng/9.3/crypto/openssl/fips/dh/dh_gen.c
  releng/9.3/crypto/openssl/fips/dh/fips_dh_check.c
  releng/9.3/crypto/openssl/fips/dh/fips_dh_gen.c
  releng/9.3/crypto/openssl/fips/dh/fips_dh_key.c
  releng/9.3/crypto/openssl/fips/dh/fips_dh_lib.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_gen.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_key.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_lib.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_ossl.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_selftest.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsa_sign.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dsatest.c
  releng/9.3/crypto/openssl/fips/dsa/fips_dssvs.c
  releng/9.3/crypto/openssl/fips/fips.c
  releng/9.3/crypto/openssl/fips/fips.h
  releng/9.3/crypto/openssl/fips/fips_canister.c
  releng/9.3/crypto/openssl/fips/fips_locl.h
  releng/9.3/crypto/openssl/fips/fips_premain.c
  releng/9.3/crypto/openssl/fips/fips_test_suite.c
  releng/9.3/crypto/openssl/fips/fips_utl.h
  releng/9.3/crypto/openssl/fips/hmac/fips_hmac.c
  releng/9.3/crypto/openssl/fips/hmac/fips_hmac_selftest.c
  releng/9.3/crypto/openssl/fips/hmac/fips_hmactest.c
  releng/9.3/crypto/openssl/fips/rand/fips_rand.c
  releng/9.3/crypto/openssl/fips/rand/fips_rand.h
  releng/9.3/crypto/openssl/fips/rand/fips_rand_selftest.c
  releng/9.3/crypto/openssl/fips/rand/fips_randtest.c
  releng/9.3/crypto/openssl/fips/rand/fips_rngvs.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_eay.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_gen.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_lib.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_selftest.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_sign.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsa_x931g.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsagtest.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsastest.c
  releng/9.3/crypto/openssl/fips/rsa/fips_rsavtest.c
  releng/9.3/crypto/openssl/fips/sha/fips_sha1_selftest.c
  releng/9.3/crypto/openssl/fips/sha/fips_shatest.c
  releng/9.3/crypto/openssl/fips/sha/fips_standalone_sha1.c
  releng/9.3/crypto/openssl/openssl.spec
  releng/9.3/crypto/openssl/ssl/bio_ssl.c
  releng/9.3/crypto/openssl/ssl/d1_both.c
  releng/9.3/crypto/openssl/ssl/d1_clnt.c
  releng/9.3/crypto/openssl/ssl/d1_enc.c
  releng/9.3/crypto/openssl/ssl/d1_lib.c
  releng/9.3/crypto/openssl/ssl/d1_meth.c
  releng/9.3/crypto/openssl/ssl/d1_pkt.c
  releng/9.3/crypto/openssl/ssl/d1_srvr.c
  releng/9.3/crypto/openssl/ssl/dtls1.h
  releng/9.3/crypto/openssl/ssl/kssl.c
  releng/9.3/crypto/openssl/ssl/kssl.h
  releng/9.3/crypto/openssl/ssl/kssl_lcl.h
  releng/9.3/crypto/openssl/ssl/s23_clnt.c
  releng/9.3/crypto/openssl/ssl/s23_lib.c
  releng/9.3/crypto/openssl/ssl/s23_meth.c
  releng/9.3/crypto/openssl/ssl/s23_pkt.c
  releng/9.3/crypto/openssl/ssl/s23_srvr.c
  releng/9.3/crypto/openssl/ssl/s2_clnt.c
  releng/9.3/crypto/openssl/ssl/s2_enc.c
  releng/9.3/crypto/openssl/ssl/s2_lib.c
  releng/9.3/crypto/openssl/ssl/s2_meth.c
  releng/9.3/crypto/openssl/ssl/s2_pkt.c
  releng/9.3/crypto/openssl/ssl/s2_srvr.c
  releng/9.3/crypto/openssl/ssl/s3_both.c
  releng/9.3/crypto/openssl/ssl/s3_cbc.c
  releng/9.3/crypto/openssl/ssl/s3_clnt.c
  releng/9.3/crypto/openssl/ssl/s3_enc.c
  releng/9.3/crypto/openssl/ssl/s3_lib.c
  releng/9.3/crypto/openssl/ssl/s3_meth.c
  releng/9.3/crypto/openssl/ssl/s3_pkt.c
  releng/9.3/crypto/openssl/ssl/s3_srvr.c
  releng/9.3/crypto/openssl/ssl/ssl.h
  releng/9.3/crypto/openssl/ssl/ssl2.h
  releng/9.3/crypto/openssl/ssl/ssl23.h
  releng/9.3/crypto/openssl/ssl/ssl3.h
  releng/9.3/crypto/openssl/ssl/ssl_algs.c
  releng/9.3/crypto/openssl/ssl/ssl_asn1.c
  releng/9.3/crypto/openssl/ssl/ssl_cert.c
  releng/9.3/crypto/openssl/ssl/ssl_ciph.c
  releng/9.3/crypto/openssl/ssl/ssl_err.c
  releng/9.3/crypto/openssl/ssl/ssl_err2.c
  releng/9.3/crypto/openssl/ssl/ssl_lib.c
  releng/9.3/crypto/openssl/ssl/ssl_locl.h
  releng/9.3/crypto/openssl/ssl/ssl_rsa.c
  releng/9.3/crypto/openssl/ssl/ssl_sess.c
  releng/9.3/crypto/openssl/ssl/ssl_stat.c
  releng/9.3/crypto/openssl/ssl/ssl_task.c
  releng/9.3/crypto/openssl/ssl/ssl_txt.c
  releng/9.3/crypto/openssl/ssl/ssltest.c
  releng/9.3/crypto/openssl/ssl/t1_clnt.c
  releng/9.3/crypto/openssl/ssl/t1_enc.c
  releng/9.3/crypto/openssl/ssl/t1_lib.c
  releng/9.3/crypto/openssl/ssl/t1_meth.c
  releng/9.3/crypto/openssl/ssl/t1_reneg.c
  releng/9.3/crypto/openssl/ssl/t1_srvr.c
  releng/9.3/crypto/openssl/ssl/tls1.h
  releng/9.3/crypto/openssl/test/dummytest.c
  releng/9.3/crypto/openssl/test/igetest.c
  releng/9.3/crypto/openssl/test/methtest.c
  releng/9.3/crypto/openssl/test/r160test.c
  releng/9.3/crypto/openssl/util/ck_errf.pl
  releng/9.3/crypto/openssl/util/mkerr.pl
  releng/9.3/secure/lib/libcrypto/Makefile
  releng/9.3/secure/lib/libcrypto/Makefile.inc
  releng/9.3/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_length.3
  releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_new.3
  releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  releng/9.3/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  releng/9.3/secure/lib/libcrypto/man/BIO_ctrl.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_base64.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_buffer.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_cipher.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_md.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_null.3
  releng/9.3/secure/lib/libcrypto/man/BIO_f_ssl.3
  releng/9.3/secure/lib/libcrypto/man/BIO_find_type.3
  releng/9.3/secure/lib/libcrypto/man/BIO_new.3
  releng/9.3/secure/lib/libcrypto/man/BIO_push.3
  releng/9.3/secure/lib/libcrypto/man/BIO_read.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_accept.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_bio.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_connect.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_fd.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_file.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_mem.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_null.3
  releng/9.3/secure/lib/libcrypto/man/BIO_s_socket.3
  releng/9.3/secure/lib/libcrypto/man/BIO_set_callback.3
  releng/9.3/secure/lib/libcrypto/man/BIO_should_retry.3
  releng/9.3/secure/lib/libcrypto/man/BN_BLINDING_new.3
  releng/9.3/secure/lib/libcrypto/man/BN_CTX_new.3
  releng/9.3/secure/lib/libcrypto/man/BN_CTX_start.3
  releng/9.3/secure/lib/libcrypto/man/BN_add.3
  releng/9.3/secure/lib/libcrypto/man/BN_add_word.3
  releng/9.3/secure/lib/libcrypto/man/BN_bn2bin.3
  releng/9.3/secure/lib/libcrypto/man/BN_cmp.3
  releng/9.3/secure/lib/libcrypto/man/BN_copy.3
  releng/9.3/secure/lib/libcrypto/man/BN_generate_prime.3
  releng/9.3/secure/lib/libcrypto/man/BN_mod_inverse.3
  releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  releng/9.3/secure/lib/libcrypto/man/BN_new.3
  releng/9.3/secure/lib/libcrypto/man/BN_num_bytes.3
  releng/9.3/secure/lib/libcrypto/man/BN_rand.3
  releng/9.3/secure/lib/libcrypto/man/BN_set_bit.3
  releng/9.3/secure/lib/libcrypto/man/BN_swap.3
  releng/9.3/secure/lib/libcrypto/man/BN_zero.3
  releng/9.3/secure/lib/libcrypto/man/CONF_modules_free.3
  releng/9.3/secure/lib/libcrypto/man/CONF_modules_load_file.3
  releng/9.3/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  releng/9.3/secure/lib/libcrypto/man/DH_generate_key.3
  releng/9.3/secure/lib/libcrypto/man/DH_generate_parameters.3
  releng/9.3/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  releng/9.3/secure/lib/libcrypto/man/DH_new.3
  releng/9.3/secure/lib/libcrypto/man/DH_set_method.3
  releng/9.3/secure/lib/libcrypto/man/DH_size.3
  releng/9.3/secure/lib/libcrypto/man/DSA_SIG_new.3
  releng/9.3/secure/lib/libcrypto/man/DSA_do_sign.3
  releng/9.3/secure/lib/libcrypto/man/DSA_dup_DH.3
  releng/9.3/secure/lib/libcrypto/man/DSA_generate_key.3
  releng/9.3/secure/lib/libcrypto/man/DSA_generate_parameters.3
  releng/9.3/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  releng/9.3/secure/lib/libcrypto/man/DSA_new.3
  releng/9.3/secure/lib/libcrypto/man/DSA_set_method.3
  releng/9.3/secure/lib/libcrypto/man/DSA_sign.3
  releng/9.3/secure/lib/libcrypto/man/DSA_size.3
  releng/9.3/secure/lib/libcrypto/man/ERR_GET_LIB.3
  releng/9.3/secure/lib/libcrypto/man/ERR_clear_error.3
  releng/9.3/secure/lib/libcrypto/man/ERR_error_string.3
  releng/9.3/secure/lib/libcrypto/man/ERR_get_error.3
  releng/9.3/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  releng/9.3/secure/lib/libcrypto/man/ERR_load_strings.3
  releng/9.3/secure/lib/libcrypto/man/ERR_print_errors.3
  releng/9.3/secure/lib/libcrypto/man/ERR_put_error.3
  releng/9.3/secure/lib/libcrypto/man/ERR_remove_state.3
  releng/9.3/secure/lib/libcrypto/man/ERR_set_mark.3
  releng/9.3/secure/lib/libcrypto/man/EVP_BytesToKey.3
  releng/9.3/secure/lib/libcrypto/man/EVP_DigestInit.3
  releng/9.3/secure/lib/libcrypto/man/EVP_EncryptInit.3
  releng/9.3/secure/lib/libcrypto/man/EVP_OpenInit.3
  releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_new.3
  releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  releng/9.3/secure/lib/libcrypto/man/EVP_SealInit.3
  releng/9.3/secure/lib/libcrypto/man/EVP_SignInit.3
  releng/9.3/secure/lib/libcrypto/man/EVP_VerifyInit.3
  releng/9.3/secure/lib/libcrypto/man/OBJ_nid2obj.3
  releng/9.3/secure/lib/libcrypto/man/OPENSSL_Applink.3
  releng/9.3/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  releng/9.3/secure/lib/libcrypto/man/OPENSSL_config.3
  releng/9.3/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  releng/9.3/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  releng/9.3/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  releng/9.3/secure/lib/libcrypto/man/PKCS12_create.3
  releng/9.3/secure/lib/libcrypto/man/PKCS12_parse.3
  releng/9.3/secure/lib/libcrypto/man/PKCS7_decrypt.3
  releng/9.3/secure/lib/libcrypto/man/PKCS7_encrypt.3
  releng/9.3/secure/lib/libcrypto/man/PKCS7_sign.3
  releng/9.3/secure/lib/libcrypto/man/PKCS7_verify.3
  releng/9.3/secure/lib/libcrypto/man/RAND_add.3
  releng/9.3/secure/lib/libcrypto/man/RAND_bytes.3
  releng/9.3/secure/lib/libcrypto/man/RAND_cleanup.3
  releng/9.3/secure/lib/libcrypto/man/RAND_egd.3
  releng/9.3/secure/lib/libcrypto/man/RAND_load_file.3
  releng/9.3/secure/lib/libcrypto/man/RAND_set_rand_method.3
  releng/9.3/secure/lib/libcrypto/man/RSA_blinding_on.3
  releng/9.3/secure/lib/libcrypto/man/RSA_check_key.3
  releng/9.3/secure/lib/libcrypto/man/RSA_generate_key.3
  releng/9.3/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  releng/9.3/secure/lib/libcrypto/man/RSA_new.3
  releng/9.3/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  releng/9.3/secure/lib/libcrypto/man/RSA_print.3
  releng/9.3/secure/lib/libcrypto/man/RSA_private_encrypt.3
  releng/9.3/secure/lib/libcrypto/man/RSA_public_encrypt.3
  releng/9.3/secure/lib/libcrypto/man/RSA_set_method.3
  releng/9.3/secure/lib/libcrypto/man/RSA_sign.3
  releng/9.3/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  releng/9.3/secure/lib/libcrypto/man/RSA_size.3
  releng/9.3/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  releng/9.3/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  releng/9.3/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  releng/9.3/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  releng/9.3/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  releng/9.3/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  releng/9.3/secure/lib/libcrypto/man/X509_new.3
  releng/9.3/secure/lib/libcrypto/man/bio.3
  releng/9.3/secure/lib/libcrypto/man/blowfish.3
  releng/9.3/secure/lib/libcrypto/man/bn.3
  releng/9.3/secure/lib/libcrypto/man/bn_internal.3
  releng/9.3/secure/lib/libcrypto/man/buffer.3
  releng/9.3/secure/lib/libcrypto/man/crypto.3
  releng/9.3/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  releng/9.3/secure/lib/libcrypto/man/d2i_DHparams.3
  releng/9.3/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  releng/9.3/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  releng/9.3/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509_CRL.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509_NAME.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509_REQ.3
  releng/9.3/secure/lib/libcrypto/man/d2i_X509_SIG.3
  releng/9.3/secure/lib/libcrypto/man/des.3
  releng/9.3/secure/lib/libcrypto/man/dh.3
  releng/9.3/secure/lib/libcrypto/man/dsa.3
  releng/9.3/secure/lib/libcrypto/man/ecdsa.3
  releng/9.3/secure/lib/libcrypto/man/engine.3
  releng/9.3/secure/lib/libcrypto/man/err.3
  releng/9.3/secure/lib/libcrypto/man/evp.3
  releng/9.3/secure/lib/libcrypto/man/hmac.3
  releng/9.3/secure/lib/libcrypto/man/lh_stats.3
  releng/9.3/secure/lib/libcrypto/man/lhash.3
  releng/9.3/secure/lib/libcrypto/man/md5.3
  releng/9.3/secure/lib/libcrypto/man/mdc2.3
  releng/9.3/secure/lib/libcrypto/man/pem.3
  releng/9.3/secure/lib/libcrypto/man/rand.3
  releng/9.3/secure/lib/libcrypto/man/rc4.3
  releng/9.3/secure/lib/libcrypto/man/ripemd.3
  releng/9.3/secure/lib/libcrypto/man/rsa.3
  releng/9.3/secure/lib/libcrypto/man/sha.3
  releng/9.3/secure/lib/libcrypto/man/threads.3
  releng/9.3/secure/lib/libcrypto/man/ui.3
  releng/9.3/secure/lib/libcrypto/man/ui_compat.3
  releng/9.3/secure/lib/libcrypto/man/x509.3
  releng/9.3/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  releng/9.3/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_add_session.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_ctrl.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_free.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_new.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_number.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_sessions.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_mode.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_options.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_set_verify.3
  releng/9.3/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  releng/9.3/secure/lib/libssl/man/SSL_SESSION_free.3
  releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_time.3
  releng/9.3/secure/lib/libssl/man/SSL_accept.3
  releng/9.3/secure/lib/libssl/man/SSL_alert_type_string.3
  releng/9.3/secure/lib/libssl/man/SSL_clear.3
  releng/9.3/secure/lib/libssl/man/SSL_connect.3
  releng/9.3/secure/lib/libssl/man/SSL_do_handshake.3
  releng/9.3/secure/lib/libssl/man/SSL_free.3
  releng/9.3/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  releng/9.3/secure/lib/libssl/man/SSL_get_ciphers.3
  releng/9.3/secure/lib/libssl/man/SSL_get_client_CA_list.3
  releng/9.3/secure/lib/libssl/man/SSL_get_current_cipher.3
  releng/9.3/secure/lib/libssl/man/SSL_get_default_timeout.3
  releng/9.3/secure/lib/libssl/man/SSL_get_error.3
  releng/9.3/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  releng/9.3/secure/lib/libssl/man/SSL_get_ex_new_index.3
  releng/9.3/secure/lib/libssl/man/SSL_get_fd.3
  releng/9.3/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  releng/9.3/secure/lib/libssl/man/SSL_get_peer_certificate.3
  releng/9.3/secure/lib/libssl/man/SSL_get_rbio.3
  releng/9.3/secure/lib/libssl/man/SSL_get_session.3
  releng/9.3/secure/lib/libssl/man/SSL_get_verify_result.3
  releng/9.3/secure/lib/libssl/man/SSL_get_version.3
  releng/9.3/secure/lib/libssl/man/SSL_library_init.3
  releng/9.3/secure/lib/libssl/man/SSL_load_client_CA_file.3
  releng/9.3/secure/lib/libssl/man/SSL_new.3
  releng/9.3/secure/lib/libssl/man/SSL_pending.3
  releng/9.3/secure/lib/libssl/man/SSL_read.3
  releng/9.3/secure/lib/libssl/man/SSL_rstate_string.3
  releng/9.3/secure/lib/libssl/man/SSL_session_reused.3
  releng/9.3/secure/lib/libssl/man/SSL_set_bio.3
  releng/9.3/secure/lib/libssl/man/SSL_set_connect_state.3
  releng/9.3/secure/lib/libssl/man/SSL_set_fd.3
  releng/9.3/secure/lib/libssl/man/SSL_set_session.3
  releng/9.3/secure/lib/libssl/man/SSL_set_shutdown.3
  releng/9.3/secure/lib/libssl/man/SSL_set_verify_result.3
  releng/9.3/secure/lib/libssl/man/SSL_shutdown.3
  releng/9.3/secure/lib/libssl/man/SSL_state_string.3
  releng/9.3/secure/lib/libssl/man/SSL_want.3
  releng/9.3/secure/lib/libssl/man/SSL_write.3
  releng/9.3/secure/lib/libssl/man/d2i_SSL_SESSION.3
  releng/9.3/secure/lib/libssl/man/ssl.3
  releng/9.3/secure/usr.bin/openssl/man/CA.pl.1
  releng/9.3/secure/usr.bin/openssl/man/asn1parse.1
  releng/9.3/secure/usr.bin/openssl/man/ca.1
  releng/9.3/secure/usr.bin/openssl/man/ciphers.1
  releng/9.3/secure/usr.bin/openssl/man/crl.1
  releng/9.3/secure/usr.bin/openssl/man/crl2pkcs7.1
  releng/9.3/secure/usr.bin/openssl/man/dgst.1
  releng/9.3/secure/usr.bin/openssl/man/dhparam.1
  releng/9.3/secure/usr.bin/openssl/man/dsa.1
  releng/9.3/secure/usr.bin/openssl/man/dsaparam.1
  releng/9.3/secure/usr.bin/openssl/man/ec.1
  releng/9.3/secure/usr.bin/openssl/man/ecparam.1
  releng/9.3/secure/usr.bin/openssl/man/enc.1
  releng/9.3/secure/usr.bin/openssl/man/errstr.1
  releng/9.3/secure/usr.bin/openssl/man/gendsa.1
  releng/9.3/secure/usr.bin/openssl/man/genrsa.1
  releng/9.3/secure/usr.bin/openssl/man/nseq.1
  releng/9.3/secure/usr.bin/openssl/man/ocsp.1
  releng/9.3/secure/usr.bin/openssl/man/openssl.1
  releng/9.3/secure/usr.bin/openssl/man/passwd.1
  releng/9.3/secure/usr.bin/openssl/man/pkcs12.1
  releng/9.3/secure/usr.bin/openssl/man/pkcs7.1
  releng/9.3/secure/usr.bin/openssl/man/pkcs8.1
  releng/9.3/secure/usr.bin/openssl/man/rand.1
  releng/9.3/secure/usr.bin/openssl/man/req.1
  releng/9.3/secure/usr.bin/openssl/man/rsa.1
  releng/9.3/secure/usr.bin/openssl/man/rsautl.1
  releng/9.3/secure/usr.bin/openssl/man/s_client.1
  releng/9.3/secure/usr.bin/openssl/man/s_server.1
  releng/9.3/secure/usr.bin/openssl/man/s_time.1
  releng/9.3/secure/usr.bin/openssl/man/sess_id.1
  releng/9.3/secure/usr.bin/openssl/man/smime.1
  releng/9.3/secure/usr.bin/openssl/man/speed.1
  releng/9.3/secure/usr.bin/openssl/man/spkac.1
  releng/9.3/secure/usr.bin/openssl/man/verify.1
  releng/9.3/secure/usr.bin/openssl/man/version.1
  releng/9.3/secure/usr.bin/openssl/man/x509.1
  releng/9.3/secure/usr.bin/openssl/man/x509v3_config.1
  releng/9.3/sys/conf/newvers.sh

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING	Mon Mar  7 16:20:01 2016	(r296464)
+++ releng/9.3/UPDATING	Mon Mar  7 16:22:11 2016	(r296465)
@@ -11,6 +11,10 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20160303	p37	FreeBSD-SA-16:12.openssl
+
+	Fix multiple vulnerabilities of OpenSSL.
+
 20160130	p36	FreeBSD-SA-16:11.openssl
 
 	Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability. [SA-16:11]

Modified: releng/9.3/crypto/openssl/CHANGES
==============================================================================
--- releng/9.3/crypto/openssl/CHANGES	Mon Mar  7 16:20:01 2016	(r296464)
+++ releng/9.3/crypto/openssl/CHANGES	Mon Mar  7 16:22:11 2016	(r296465)
@@ -2,6 +2,170 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015]
+
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+
+ Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
+ Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
+
+  *) Segmentation fault in ASN1_TYPE_cmp fix
+
+     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+     certificate signature algorithm consistency this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+     (CVE-2015-0286)
+     [Stephen Henson]
+
+  *) ASN.1 structure reuse memory corruption fix
+
+     Reusing a structure in ASN.1 parsing may allow an attacker to cause
+     memory corruption via an invalid write. Such reuse is and has been
+     strongly discouraged and is believed to be rare.
+
+     Applications that parse structures containing CHOICE or ANY DEFINED BY
+     components may be affected. Certificate parsing (d2i_X509 and related
+     functions) are however not affected. OpenSSL clients and servers are
+     not affected.
+     (CVE-2015-0287)
+     [Stephen Henson]
+
+  *) PKCS7 NULL pointer dereferences fix
+
+     The PKCS#7 parsing code does not handle missing outer ContentInfo
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+     missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+     otherwise parse PKCS#7 structures from untrusted sources are
+     affected. OpenSSL clients and servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-0289)
+     [Emilia Käsper]
+
+  *) DoS via reachable assert in SSLv2 servers fix
+
+     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+     servers that both support SSLv2 and enable export cipher suites by sending
+     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+     This issue was discovered by Sean Burford (Google) and Emilia Käsper
+     (OpenSSL development team).
+     (CVE-2015-0293)
+     [Emilia Käsper]
+
+  *) Use After Free following d2i_ECPrivatekey error fix
+
+     A malformed EC private key file consumed via the d2i_ECPrivateKey function
+     could cause a use after free condition. This, in turn, could cause a double
+     free in several private key parsing functions (such as d2i_PrivateKey
+     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+     for applications that receive EC private keys from untrusted
+     sources. This scenario is considered rare.
+
+     This issue was discovered by the BoringSSL project and fixed in their
+     commit 517073cd4b.
+     (CVE-2015-0209)
+     [Matt Caswell]
+
+  *) X509_to_X509_REQ NULL pointer deref fix
+
+     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+     the certificate key is invalid. This function is rarely used in practice.
+
+     This issue was discovered by Brian Carpenter.
+     (CVE-2015-0288)
+     [Stephen Henson]
+
+  *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
+
+ Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
  Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015]
 
   *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS

Modified: releng/9.3/crypto/openssl/FAQ
==============================================================================
--- releng/9.3/crypto/openssl/FAQ	Mon Mar  7 16:20:01 2016	(r296464)
+++ releng/9.3/crypto/openssl/FAQ	Mon Mar  7 16:22:11 2016	(r296465)
@@ -1,1039 +1,2 @@
-OpenSSL  -  Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software? 
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1d was released on Feb 5th, 2013.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers.  Be sure to read the
-documentation of the application you want to use.  The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions.  It is described in the openssl(1)
-manpage.  Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt.  It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL.  Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/related/binaries.html> .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
-   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
-   pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter 
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and 
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL.  For information on intellectual
-property rights, please consult a lawyer.  The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed."  If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly.  Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.)  Some broken applications do
-not do this.  As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness.  If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly.  OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details.  Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file.  The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file.  Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all.  OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'".  This message refers to the
-default seeding file (see previous answer).  A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
-	unable to find 'distinguished_name' in config
-	problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
-  <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing.  Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target.  File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator.  If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test").  The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it.  This gets triggered when you run the
-test suite (using "make test").  The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
-memory to continue compilation.'  As far as the tests have shown, this may be
-a compiler bug.  What happens is that it eats up a lot of resident memory
-to build something, probably a table.  The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher.  Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level.  This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL.  A bit more complicated solution is the
-following:
-
------ snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
-       sed -e 's/ -O[0-9] / -O0 /'`"
-  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
-  make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process.  When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It 
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
-  PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation.  What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files').  For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA:  5,214,703 25/05/2010
-RC5:   5,724,428 03/03/2015
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer.  The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d.  The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<openssl-dev@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <rt@openssl.org> (or its
-alias <openssl-bugs@openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.
-
-See also <URL: http://www.openssl.org/support/rt.html>
-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-security@openssl.org if you don't get a prompt reply at least 
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues. 
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads).  On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries.  If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
-and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
-and friends. This is described in the threads(3) manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked.  The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link  against the same by which OpenSSL was
-built.  If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
-    run-time library" drop down list box.  Perform this step for both
-    your debug and release versions of your application (look at the
-    top left of the settings panel to change between the two)
-

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-releng@freebsd.org  Mon Mar  7 19:59:09 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A103AC3507;
 Mon,  7 Mar 2016 19:59:09 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 556D0D36;
 Mon,  7 Mar 2016 19:59:09 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u27Jx8Vp049244;
 Mon, 7 Mar 2016 19:59:08 GMT (envelope-from dim@FreeBSD.org)
Received: (from dim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u27Jx8WY049242;
 Mon, 7 Mar 2016 19:59:08 GMT (envelope-from dim@FreeBSD.org)
Message-Id: <201603071959.u27Jx8WY049242@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org
 using -f
From: Dimitry Andric <dim@FreeBSD.org>
Date: Mon, 7 Mar 2016 19:59:08 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296469 - in releng/10.3/sys: boot/common kern
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 19:59:09 -0000

Author: dim
Date: Mon Mar  7 19:59:08 2016
New Revision: 296469
URL: https://svnweb.freebsd.org/changeset/base/296469

Log:
  MFC r296419 (by kib):
  
  In the link_elf_obj.c, handle sections of type SHT_AMD64_UNWIND same
  as SHT_PROGBITS.  This is needed after the clang 3.8 import, which
  generates that type for .eh_frame section, which had SHT_PROGBITS type
  before.
  
  Reported by:	Nikolai Lifanov <lifanov@mail.lifanov.com>
  PR:		207729
  Tested by:	dim (previous version)
  Sponsored by:	The FreeBSD Foundation
  
  MFC r296428:
  
  Since kernel modules can now contain sections of type SHT_AMD64_UNWIND,
  the boot loader should not skip over these anymore while loading images.
  Otherwise the kernel can still panic when it doesn't find the .eh_frame
  section belonging to the .rela.eh_frame section.
  
  Unfortunately this will require installing boot loaders from sys/boot
  before attempting to boot with a new kernel.
  
  Reviewed by:	kib
  
  Approved by:	re (marius)

Modified:
  releng/10.3/sys/boot/common/load_elf_obj.c
  releng/10.3/sys/kern/link_elf_obj.c
Directory Properties:
  releng/10.3/   (props changed)

Modified: releng/10.3/sys/boot/common/load_elf_obj.c
==============================================================================
--- releng/10.3/sys/boot/common/load_elf_obj.c	Mon Mar  7 19:14:26 2016	(r296468)
+++ releng/10.3/sys/boot/common/load_elf_obj.c	Mon Mar  7 19:59:08 2016	(r296469)
@@ -221,6 +221,9 @@ __elfN(obj_loadimage)(struct preloaded_f
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#if defined(__i386__) || defined(__amd64__)
+		case SHT_AMD64_UNWIND:
+#endif
 			lastaddr = roundup(lastaddr, shdr[i].sh_addralign);
 			shdr[i].sh_addr = (Elf_Addr)lastaddr;
 			lastaddr += shdr[i].sh_size;

Modified: releng/10.3/sys/kern/link_elf_obj.c
==============================================================================
--- releng/10.3/sys/kern/link_elf_obj.c	Mon Mar  7 19:14:26 2016	(r296468)
+++ releng/10.3/sys/kern/link_elf_obj.c	Mon Mar  7 19:59:08 2016	(r296469)
@@ -257,6 +257,9 @@ link_elf_link_preload(linker_class_t cls
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#ifdef __amd64__
+		case SHT_AMD64_UNWIND:
+#endif
 			ef->nprogtab++;
 			break;
 		case SHT_SYMTAB:
@@ -327,9 +330,16 @@ link_elf_link_preload(linker_class_t cls
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#ifdef __amd64__
+		case SHT_AMD64_UNWIND:
+#endif
 			ef->progtab[pb].addr = (void *)shdr[i].sh_addr;
 			if (shdr[i].sh_type == SHT_PROGBITS)
 				ef->progtab[pb].name = "<<PROGBITS>>";
+#ifdef __amd64__
+			else if (shdr[i].sh_type == SHT_AMD64_UNWIND)
+				ef->progtab[pb].name = "<<UNWIND>>";
+#endif
 			else
 				ef->progtab[pb].name = "<<NOBITS>>";
 			ef->progtab[pb].size = shdr[i].sh_size;
@@ -553,6 +563,9 @@ link_elf_load_file(linker_class_t cls, c
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#ifdef __amd64__
+		case SHT_AMD64_UNWIND:
+#endif
 			ef->nprogtab++;
 			break;
 		case SHT_SYMTAB:
@@ -659,6 +672,9 @@ link_elf_load_file(linker_class_t cls, c
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#ifdef __amd64__
+		case SHT_AMD64_UNWIND:
+#endif
 			alignmask = shdr[i].sh_addralign - 1;
 			mapsize += alignmask;
 			mapsize &= ~alignmask;
@@ -726,6 +742,9 @@ link_elf_load_file(linker_class_t cls, c
 		switch (shdr[i].sh_type) {
 		case SHT_PROGBITS:
 		case SHT_NOBITS:
+#ifdef __amd64__
+		case SHT_AMD64_UNWIND:
+#endif
 			alignmask = shdr[i].sh_addralign - 1;
 			mapbase += alignmask;
 			mapbase &= ~alignmask;
@@ -734,6 +753,10 @@ link_elf_load_file(linker_class_t cls, c
 				    ef->shstrtab + shdr[i].sh_name;
 			else if (shdr[i].sh_type == SHT_PROGBITS)
 				ef->progtab[pb].name = "<<PROGBITS>>";
+#ifdef __amd64__
+			else if (shdr[i].sh_type == SHT_AMD64_UNWIND)
+				ef->progtab[pb].name = "<<UNWIND>>";
+#endif
 			else
 				ef->progtab[pb].name = "<<NOBITS>>";
 			if (ef->progtab[pb].name != NULL && 
@@ -755,7 +778,11 @@ link_elf_load_file(linker_class_t cls, c
 			}
 			ef->progtab[pb].size = shdr[i].sh_size;
 			ef->progtab[pb].sec = i;
-			if (shdr[i].sh_type == SHT_PROGBITS) {
+			if (shdr[i].sh_type == SHT_PROGBITS
+#ifdef __amd64__
+			    || shdr[i].sh_type == SHT_AMD64_UNWIND
+#endif
+			    ) {
 				error = vn_rdwr(UIO_READ, nd.ni_vp,
 				    ef->progtab[pb].addr,
 				    shdr[i].sh_size, shdr[i].sh_offset,

From owner-svn-src-releng@freebsd.org  Mon Mar  7 20:35:04 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44A9AAC3C45
 for <svn-src-releng@mailman.ysv.freebsd.org>;
 Mon,  7 Mar 2016 20:35:04 +0000 (UTC)
 (envelope-from sobomax@sippysoft.com)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com
 [IPv6:2a00:1450:400c:c09::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DBD14F7A
 for <svn-src-releng@freebsd.org>; Mon,  7 Mar 2016 20:35:03 +0000 (UTC)
 (envelope-from sobomax@sippysoft.com)
Received: by mail-wm0-x236.google.com with SMTP id l68so124138726wml.0
 for <svn-src-releng@freebsd.org>; Mon, 07 Mar 2016 12:35:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sippysoft-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:cc; bh=vY1BCbosJE0+7gNiERBbwxR73XDyyhmNjM2/Ro32xls=;
 b=YFPWlHnzX6a+ADY5sQqfnmTHS6NGinmlvvnLNDHsjDlFavuksO9/X0cHFVVtPE1FFR
 Oc+loIbwcMDm/KffHSQ6QYFCSw+s4L/YGMQnTSEVcQyHQIXgSX0+WOfGuCd7qKN6Z82h
 1CtnyOqTrSYaBf40uPoACrih8FolVowjMgopogMADDFRO1i8sQb3xAb/gNA+u01YLvMC
 CV2PqI37Pe7SJ8mrj4c/QBREYN9NBYhHYSMUaXJz5Ne1EuS2XsyBR/h41KaHnCUmT1AX
 pzyyQb8Xidfj4jWA6LT/9nThRmi0uVtA8zwqPOkSwO2utCB+bGbtGOj/dJ63udkZB9QN
 pvAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:date
 :message-id:subject:from:to:cc;
 bh=vY1BCbosJE0+7gNiERBbwxR73XDyyhmNjM2/Ro32xls=;
 b=etyqL/7ncUUvS//MZXNydzmf8SSTY0z2uD3phplWlT53+3Yoce8UiH7K6L3Q3FzjjN
 iPhrZ+h8a1TmMbw+ukWGzWtgNeMMHRIuaDDV8BJasztNMAqI35fxauFsOhRaNV0a81SL
 JG+kpV2BWazqTOjAtoYjACPRXAkrsSsT3fVeW/ZOevf66C24lAvajVM33VId90Kqi2hr
 eW09gKc2bO9GxXm/J0pWy3rI7oTcFuKVKh3kW4dYGYO8keGu5+34QaGNKVtigYt2lufd
 mo9p03dvmpUZ3yDOaM6Url65Iy2pGqr9SWQ3WbHpXiijqlPY9ZcWCap11/YSpYDtV8/p
 SzUw==
X-Gm-Message-State: AD7BkJLACxSCawuW5fxXvTsFu6XNRIfCp2HkE3P48FaohQ3N/fTwjOy+sGr7VhjgZlCj1nfd/PlO03qG6utGm49K
MIME-Version: 1.0
X-Received: by 10.194.227.1 with SMTP id rw1mr24126175wjc.62.1457382901994;
 Mon, 07 Mar 2016 12:35:01 -0800 (PST)
Sender: sobomax@sippysoft.com
Received: by 10.28.63.213 with HTTP; Mon, 7 Mar 2016 12:35:01 -0800 (PST)
In-Reply-To: <201603071959.u27Jx8WY049242@repo.freebsd.org>
References: <201603071959.u27Jx8WY049242@repo.freebsd.org>
Date: Mon, 7 Mar 2016 12:35:01 -0800
X-Google-Sender-Auth: usMgkKRl_eQaqTaPPXSMkIeG5aE
Message-ID: <CAH7qZfsUYrU=vRe1N-MWnKAt5Fr1QPA5qo6b8Nw9E2j23JZQRA@mail.gmail.com>
Subject: Re: svn: releng/10.3/sys: boot/common kern
From: Maxim Sobolev <sobomax@FreeBSD.org>
To: Dimitry Andric <dim@freebsd.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, 
 svn-src-releng@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 20:35:04 -0000

Is it possible perhaps for the installkernel target to extract the version
number from the /boot/loader and warn user or abort operation if that
version is known not to support this feature? This would be ultimate
anti-foot-shooting safeguard for people who are used to the normal
installkernel->reboot->installworld FreeBSD upgrade sequence.

-Max

On Mon, Mar 7, 2016 at 11:59 AM, Dimitry Andric <dim@freebsd.org> wrote:

>   Unfortunately this will require installing boot loaders from sys/boot
>   before attempting to boot with a new kernel.
>

From owner-svn-src-releng@freebsd.org  Tue Mar  8 01:03:58 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5F98AC756A;
 Tue,  8 Mar 2016 01:03:58 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48804EB;
 Tue,  8 Mar 2016 01:03:58 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id A79B7BDC86;
 Tue,  8 Mar 2016 02:03:56 +0100 (CET)
Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205])
 by prod2.absolight.net (Postfix) with ESMTPA id 88F0ABDC5C;
 Tue,  8 Mar 2016 02:03:56 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by atuin.in.mat.cc (Postfix) with ESMTP id D530E556ED40;
 Tue,  8 Mar 2016 02:03:55 +0100 (CET)
Date: Tue, 08 Mar 2016 01:29:08 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Xin LI <delphij@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Message-ID: <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
In-Reply-To: <201603071622.u27GMC4a082792@repo.freebsd.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
Resent-Date: Tue, 08 Mar 2016 02:03:55 +0100
Resent-From: Mathieu Arnold <mat@FreeBSD.org>
Resent-To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Resent-Message-ID: <3E8D6BE289BB1473CB05C5AC@atuin.in.mat.cc>
X-Resent-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========F3F259B14CEEF0504AFA=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 01:03:58 -0000

--==========F3F259B14CEEF0504AFA==========
Content-Type: multipart/signed; MICALG=pgp-sha1;
 PROTOCOL="application/pgp-signature";
 boundary="==========F945FF3FFE45EA9C5335=========="

--==========F945FF3FFE45EA9C5335==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

+--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
| Author: delphij
| Date: Mon Mar  7 16:22:11 2016
| New Revision: 296465
| URL: https://svnweb.freebsd.org/changeset/base/296465
| 
| Log:
|   Fix multiple OpenSSL vulnerabilities.
|   
|   Security:	FreeBSD-SA-16:12.openssl
|   Approved by:	so

After that, poudriere bulk fails with:

[00:00:07] ====>> Creating pkgng repository
Creating repository in /tmp/packages: 100%
Packing files for repository:   0%Child process pid=50970 terminated
abnormally: Segmentation fault: 11
[00:00:08] ====>> Cleaning up
9amd64-pkgng-default: removed
9amd64-pkgng-default-n: removed

pkg-static is the one doing the segfault...

-- 
Mathieu Arnold
--==========F945FF3FFE45EA9C5335==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3hzUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IVyoP/2FtzDH0dvaCgODLq8ZXPSDk
iv9qK4VL85w5w/oiTa89rXOm+bmidUfJwLMVLKPDr4OLsm3Wp6YoT63z16do/Bh5
eiSYxLMLV9MKsAEI+Nbw20IFvWNsqmQMp0THIsMrN0l4Wo4hLwGOriQsIxLMInSx
gilSke7yGrKE08LbTcSCy3gb5rIsKjX3yyy+g5wZ+Yww7OPMY62huwVjppT7+/Xg
fPJhzzoZsvzYw0fBoze59AyWnRlU9vypXlnDA3wOyYgRks6gI/xjeEwsYcli7524
Kg2QFmSHQgPBaQ+MoLH0Ur0GbJRga/yCIvq9FscXPF39JgkyuPjbW5UamzhRhZtx
IXqu5yzLQWe8P+hRcKcnmo/ZEyaqOdFTSsbnh7fOYVcMis4l9uR+36A6UP8bSTWD
X4eU3Z2ERekBXYzg5ap77UmJtQXKAXw10lLa/OA/hovrbS7Z5uD1z9oyTH/QCXH+
Ghw0LZm9qgIeV4OUAZ7AiMli3SSo3qloTOe0W17/M0LZJeNvTbxn7RRpdF0vDN6S
uQpzqrB8R1LZF5fNGtYBIE1qDIrIKyZNhcaGyqlUT2CzNi3jfCzLYmys5YckXCUK
a/2T4SaHPmvC0A98DNZOwvhKMbrcGs6kMsErwcHGmDcCbtZYEiSdiPGfWc1MszcM
WpyzW+oI7LwhrNvB2y8m
=HBlK
-----END PGP SIGNATURE-----

--==========F945FF3FFE45EA9C5335==========--

--==========F3F259B14CEEF0504AFA==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3iT7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IJDwP+waA/6MXJ9Rwlbz+emIKB4vT
bmmGV9vO/PdEsqeG2JNO5SJnT7cOm/s1rGxidQemdQbw8cXrfvlisC4Cb3dJUCsc
PTxwU9fJCF4P6OU5XyWHT638CtqGIqRO4NlXScPnM5dVIytGYQflybr/YW0Nt2fQ
g+nEmeBptuIDQFucT607B2X4YpiCIp2STJjfs55F2uJ/pVC/VLH1sb3kbyLYdmxg
J+93IBdW9WY/k4S5a+jpQrMCGvSFxhdwS4Rp3pMgYYlWjSK0qCFGrDc6LGJBjcA1
qYOVdylesPTvB2AIvfzY/llTV2gMhzOJFT3U5K2wmwN7XA7eVMy/9Ydl6CersRQ8
ul3bLhqo9JpjvA42BHf9cZRCXpICU6gDqG/FS0Db20ZZ4Q9jXiGAQPCUgJT2xvOz
NzYKlaOA4nCUj5NjMmp/Qd/b7FUjt0+pvGsDBRzGajORdsXKgxHELUPh/tjH+sV2
C3gWw1xpROvP5F6WCnRWsKKGF/loVpb1rA8w9lE4luwBrkmQLG4rNk8R8fx610g7
tKvpcYXrhWdR81VM09ty9tci3uJ7h10P6syjSKA4fS7m6vY5ZCZPsgQ531whKBz+
XSw9eER6sBV3628h4KmXv9vW0pRuuOKNjhpSfm+3C9B4gNHai4Mjaet6wzI9kJ+Q
XnGGk0G4i4yH3vSXNehi
=vfXJ
-----END PGP SIGNATURE-----

--==========F3F259B14CEEF0504AFA==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 06:15:33 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA598AC313E;
 Tue,  8 Mar 2016 06:15:32 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net
 [IPv6:2001:470:1:117::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anubis.delphij.net",
 Issuer "StartCom Class 1 DV Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C9BAABA7;
 Tue,  8 Mar 2016 06:15:32 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from Xins-MBP.home.us.delphij.net (unknown
 [IPv6:2601:646:8f00:8a91:942e:de68:b2b8:eee5])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by anubis.delphij.net (Postfix) with ESMTPSA id 4D89FB6FA;
 Mon,  7 Mar 2016 22:15:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net;
 s=anubis; t=1457417732; x=1457432132;
 bh=xEr8GK9mCgrj38LYG5lsqF0KXe1rosUTIam0dEUQspw=;
 h=Subject:To:References:From:Date:In-Reply-To;
 b=rfoSkFa3NVcl0PzdTaj1wE7MBjOk3eeuCisujoAWmfZSpImJzos5kaRoMlFk88uid
 +UEABxigDzLzaaJ0SztHvbXmnLKAtGtJMgKDFCJVpKZjsK1Vb2PPvauwoCgMgmU/K+
 2EcG/wZ89G413uQ6VTVICo+sFx2osDTyc08qUleU=
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
From: Xin Li <delphij@delphij.net>
Message-ID: <56DE6DFD.4020300@delphij.net>
Date: Mon, 7 Mar 2016 22:15:25 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="UQnql2exfmWJPJB2qKsmCqsrrLP3R2bIn"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 06:15:33 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--UQnql2exfmWJPJB2qKsmCqsrrLP3R2bIn
Content-Type: multipart/mixed; boundary="BPMUvGiHw06MSR6aTaC07PSHeE0N1t5wq"
From: Xin Li <delphij@delphij.net>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DE6DFD.4020300@delphij.net>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
In-Reply-To: <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>

--BPMUvGiHw06MSR6aTaC07PSHeE0N1t5wq
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable



On 3/7/16 16:29, Mathieu Arnold wrote:
> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
> | Author: delphij
> | Date: Mon Mar  7 16:22:11 2016
> | New Revision: 296465
> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |=20
> | Log:
> |   Fix multiple OpenSSL vulnerabilities.
> |  =20
> |   Security:	FreeBSD-SA-16:12.openssl
> |   Approved by:	so
>=20
> After that, poudriere bulk fails with:
>=20
> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> Creating repository in /tmp/packages: 100%
> Packing files for repository:   0%Child process pid=3D50970 terminated
> abnormally: Segmentation fault: 11
> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> 9amd64-pkgng-default: removed
> 9amd64-pkgng-default-n: removed
>=20
> pkg-static is the one doing the segfault...

I can't seem to be able to reproduce this, what ports are you trying to
bulk?  (Also note that after doing poudriere jail -u, the bulk seems to
have rebuilt pkg, I'm not sure if that matters, but it's possible, do I
need to explicitly specify something to avoid this?).

Cheers,


--BPMUvGiHw06MSR6aTaC07PSHeE0N1t5wq--

--UQnql2exfmWJPJB2qKsmCqsrrLP3R2bIn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW3m4DAAoJEJW2GBstM+nstxMQAKd6ppHUvoEIEV92BnvrIBMv
DnZJJ5CqUTondssMgQ9d1NT7244eiJMzDM3oCi46l8SEwthRnQxVDySKtzq+t1Pl
P4Bq4HQa5EJcS9qeO/KyoUIYD1HN3fkPiXyMd2ie0vFOKPomR+0rMvSCnTKB9RI7
1s67b7f3R39Qju30rQ9mi8Q7sy6rIBZD7fpBAz5AOG+PzVxCTLHt76RjYlG5xVmc
K90byfIHsoZsgw0FeXLBO0GGKNAUljo7GWVL0d9b32kEZiwtXN8VsKw6MGvsAA3c
qhoZdXWiIqPAnfSbwjVvSt4ghCWlH12wYI/6jL6rNA3yipGL6BRDSA18gpI817iF
3Qv65uI73gWZ8Pp94WmOFa5lEKlUAbbB9lzALWkcL4ONvSVIhO5H00J+UutRyATy
nF1nZeH9re6nuULJToCUnd76MmaVAm920pO105K6jMXUPXxI5QetXvViFFgaEnvG
pSf3kY3l+i9uI7l+YO/NJNQBa52I4vC4o0DDmoIhRSsaK24RLQQg6CCFEH/TIwjb
ryTPdL+hK/ORCSNUqNDWNqLQpVSnEvnU4PKt7ODoJ0kxc3vSUkQRjzXQ8pj9Mtc/
WqQLxD2sZlY8HeghmxsYsvrhaxHeKcBY1uoYmNxkK7BI80TnIWBB8esXcZ8xmlKK
8tpvvLS3mt+5kPNTJmlm
=vzZ5
-----END PGP SIGNATURE-----

--UQnql2exfmWJPJB2qKsmCqsrrLP3R2bIn--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 09:14:45 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1C62AC2CF1;
 Tue,  8 Mar 2016 09:14:45 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6131BC7A;
 Tue,  8 Mar 2016 09:14:45 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 19644BDCF8;
 Tue,  8 Mar 2016 10:14:43 +0100 (CET)
Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205])
 by prod2.absolight.net (Postfix) with ESMTPA id 0F04CBDCC5;
 Tue,  8 Mar 2016 10:14:43 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by atuin.in.mat.cc (Postfix) with ESMTP id D8AF05575564;
 Tue,  8 Mar 2016 10:14:42 +0100 (CET)
Date: Tue, 08 Mar 2016 10:14:42 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Xin Li <delphij@delphij.net>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <DDC001BBFBA81B7020E7AC07@atuin.in.mat.cc>
In-Reply-To: <56DE6DFD.4020300@delphij.net>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DE6DFD.4020300@delphij.net>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========BF5E6054615BDE6251FB=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 09:14:45 -0000

--==========BF5E6054615BDE6251FB==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



+--On 7 mars 2016 22:15:25 -0800 Xin Li <delphij@delphij.net> wrote:
| 
| 
| On 3/7/16 16:29, Mathieu Arnold wrote:
|> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
|> | Author: delphij
|> | Date: Mon Mar  7 16:22:11 2016
|> | New Revision: 296465
|> | URL: https://svnweb.freebsd.org/changeset/base/296465
|> | 
|> | Log:
|> |   Fix multiple OpenSSL vulnerabilities.
|> |   
|> |   Security:	FreeBSD-SA-16:12.openssl
|> |   Approved by:	so
|> 
|> After that, poudriere bulk fails with:
|> 
|> [00:00:07] ====>> Creating pkgng repository
|> Creating repository in /tmp/packages: 100%
|> Packing files for repository:   0%Child process pid=50970 terminated
|> abnormally: Segmentation fault: 11
|> [00:00:08] ====>> Cleaning up
|> 9amd64-pkgng-default: removed
|> 9amd64-pkgng-default-n: removed
|> 
|> pkg-static is the one doing the segfault...
| 
| I can't seem to be able to reproduce this, what ports are you trying to
| bulk?  (Also note that after doing poudriere jail -u, the bulk seems to
| have rebuilt pkg, I'm not sure if that matters, but it's possible, do I
| need to explicitly specify something to avoid this?).

Well, I was doing a bulk with dns/bind99 dns/bind910, it did rebuild
everything needed by them because of the SA, and then pkg crashed while
building the repository.

-- 
Mathieu Arnold
--==========BF5E6054615BDE6251FB==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3pgCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IX+YP/3xsZlGuQiLxEtaoyzTYlcz+
dQ+n9Xlq7oN7GqNgJvvunf93bgyxzOqikOriaYlEvJK7ahZ9zrsQ5w5AAvT2gHwy
poJHYUPf0GFpNJ5y/885buCNUgxL2OxqiHKCcf6vLz8Z+YEKc6zHvHTT/i74qBvR
EPI4fjZnL+IBJdi+YKQHgKAHtjSQmKdomEMX6+OiKMfFKIrS4mAfqySGbfNX0TA3
G6R8ubzTOgkpn5bzh1Kl+vygI4PtOsvrpmdd0mQSqCbuDifYsWeM6v7c7sYwb1tv
801t8Ud5UZChivG76KTFTXwJ4BosYJe++X91NTIi5IGhsTLgFt8fqbDgWvcxARsY
2dguO1cwxpBotYtVTSkwgQHZSxdXwZrvV0g02mjC7VG68iZK0hK3fepBG6QhAupi
xW4tO7L9T1di2fxgkYDqLWFE6cUX2xSwOl86C+ADuhD3mqpoUR+puiqtAJR0s28y
L+1xINm3Odcdpz2QEOOZX1Ftikm2K7p1FtamT3qCk4wmBc1+w1+7zYiX+7KdfNc1
Uu0ADXs90HBn1oBd2Tu43mYsRQDdZzMnpdGfwVrev9mAu9mWZ1DBlMT7C9aMGxxY
BD2jYwO3Sz6jEgkNHMHHAbH2CyZd3uBdS+hYcK+isDOY/qobfc1XHrkzyLfTkb4j
/2yii3gtotX0yFjOcL7D
=1aif
-----END PGP SIGNATURE-----

--==========BF5E6054615BDE6251FB==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:03:17 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1FCFAC7476;
 Tue,  8 Mar 2016 16:03:17 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com
 [IPv6:2607:f8b0:400e:c03::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6FFC16A5;
 Tue,  8 Mar 2016 16:03:17 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: by mail-pa0-x22a.google.com with SMTP id fl4so15399673pad.0;
 Tue, 08 Mar 2016 08:03:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=lCsWx7vPbS8Fp5a7OMoMDrFVOGfB1YNrv7XpKIM8zW4=;
 b=mV+1KlAxa+UqqmYy4AvMJUzN7D/Ey7gWGqvLDcduoFjJ6FGc2X9cCTrLFgQnfjfWb2
 sV2o7KeGYxvwRaI3JG9mzLbZgqgFSFbvMSGfyhQnSvkFT67dIU3lCBt22V3vr4iIhjhV
 htf/nY8YivN7KQXHf85UShNrLeLjKBIWb6wE6GZNhDlCljaaKY2WSY4agCuwsuOMzZFd
 khHH0JgcyqjuYU7lc3Sn2V888LkTmXYKkisGdVKBuTUQrOku81OJd+ywFELuCNZK308C
 uJLwisXKkD+a8/fDgs6hQ2lK2Au5xHJAazp7Gnl1rvkS8vYhYph6mp6jtolKeeTQ1f6W
 Cnjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=lCsWx7vPbS8Fp5a7OMoMDrFVOGfB1YNrv7XpKIM8zW4=;
 b=O1tOE9PR8wifFwwFMh4oQ3W1//SVjDwSIpiZvb7sVK+VfaJTi2MNCfoG9qJiz2v2Lu
 4wIAqThbX5ywDegqKhHZNHZy1z7IzjctvVGTJ8r0TDwJum037afdow7DDmhoPXAnnyYv
 H/u4yjPcDN7JWoQrIL7wiYtUcK4IZmx5QTF4Iky/I0gyAemB8iQsZYfY617p20ZPB/6s
 OfYIvYDnNashiw1E5G3IftpgdWBPX9YrDM32e2D+rRg9WZNkHnIA3SZ8eoDQ9toHVK2v
 QFkzBrET3C3+9gr5jFVRUnE6Z3DJ/jqWHBNa4GGFhKMRLQih5stdQPsUQGwn0v5wLxYI
 Bx4Q==
X-Gm-Message-State: AD7BkJJChQivjJSzkFKfGW3mj0aWU4j9iCRQUEKGPbkHdWOm+pP9fXE8XKubF9dUCvzF+w==
X-Received: by 10.66.193.131 with SMTP id ho3mr42471595pac.154.1457452997063; 
 Tue, 08 Mar 2016 08:03:17 -0800 (PST)
Received: from [192.168.0.18] (c-73-193-95-57.hsd1.wa.comcast.net.
 [73.193.95.57])
 by smtp.gmail.com with ESMTPSA id z5sm6019305par.21.2016.03.08.08.03.15
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 08 Mar 2016 08:03:15 -0800 (PST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
From: NGie Cooper <yaneurabeya@gmail.com>
X-Mailer: iPhone Mail (13D15)
In-Reply-To: <DDC001BBFBA81B7020E7AC07@atuin.in.mat.cc>
Date: Tue, 8 Mar 2016 08:03:14 -0800
Cc: Xin Li <delphij@delphij.net>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org, mike@sentex.net
Content-Transfer-Encoding: quoted-printable
Message-Id: <A814589E-5099-41D0-9596-19047E48D621@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DE6DFD.4020300@delphij.net>
 <DDC001BBFBA81B7020E7AC07@atuin.in.mat.cc>
To: Mathieu Arnold <mat@FreeBSD.org>
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:03:17 -0000


> On Mar 8, 2016, at 01:14, Mathieu Arnold <mat@FreeBSD.org> wrote:
>=20
>=20
>=20
> +--On 7 mars 2016 22:15:25 -0800 Xin Li <delphij@delphij.net> wrote:
> |=20
> |=20
> | On 3/7/16 16:29, Mathieu Arnold wrote:
> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
> |> | Author: delphij
> |> | Date: Mon Mar  7 16:22:11 2016
> |> | New Revision: 296465
> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |> |=20
> |> | Log:
> |> |   Fix multiple OpenSSL vulnerabilities.
> |> |  =20
> |> |   Security:    FreeBSD-SA-16:12.openssl
> |> |   Approved by:    so
> |>=20
> |> After that, poudriere bulk fails with:
> |>=20
> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> |> Creating repository in /tmp/packages: 100%
> |> Packing files for repository:   0%Child process pid=3D50970 terminated
> |> abnormally: Segmentation fault: 11
> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> |> 9amd64-pkgng-default: removed
> |> 9amd64-pkgng-default-n: removed
> |>=20
> |> pkg-static is the one doing the segfault...
> |=20
> | I can't seem to be able to reproduce this, what ports are you trying to
> | bulk?  (Also note that after doing poudriere jail -u, the bulk seems to
> | have rebuilt pkg, I'm not sure if that matters, but it's possible, do I
> | need to explicitly specify something to avoid this?).
>=20
> Well, I was doing a bulk with dns/bind99 dns/bind910, it did rebuild
> everything needed by them because of the SA, and then pkg crashed while
> building the repository.

Mike said similar on the stable/9 commit thread. I think the commit(s) shoul=
d be backed out, fixed, and recommitted once the issue has been fixed.

Thanks!
-Ngie=

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:19:14 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA67AAC7DFB;
 Tue,  8 Mar 2016 16:19:14 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 92C50D77;
 Tue,  8 Mar 2016 16:19:14 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 0AEA8BDC73;
 Tue,  8 Mar 2016 17:19:13 +0100 (CET)
Received: from gw.in.absolight.net (gw-ecl.in.absolight.net [79.143.241.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.in.absolight.net",
 Issuer "CA Cert Signing Authority" (not verified))
 by prod2.absolight.net (Postfix) with ESMTPSA id DD3EBBDC71;
 Tue,  8 Mar 2016 17:19:12 +0100 (CET)
Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239])
 by gw.in.absolight.net (Postfix) with ESMTP id CF4926127;
 Tue,  8 Mar 2016 17:19:11 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by ogg.in.absolight.net (Postfix) with ESMTP id 6E792202E581;
 Tue,  8 Mar 2016 17:19:10 +0100 (CET)
Date: Tue, 08 Mar 2016 17:19:10 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: NGie Cooper <yaneurabeya@gmail.com>
cc: svn-src-releng@freebsd.org, mike@sentex.net, svn-src-all@freebsd.org,
 src-committers@freebsd.org, Xin LI <delphij@FreeBSD.org>,
 Xin Li <delphij@delphij.net>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <BD123A36A18549D5855ECBE5@ogg.in.absolight.net>
In-Reply-To: <A814589E-5099-41D0-9596-19047E48D621@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DE6DFD.4020300@delphij.net>
 <DDC001BBFBA81B7020E7AC07@atuin.in.mat.cc>
 <A814589E-5099-41D0-9596-19047E48D621@gmail.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========C3EBA1C903969083FDE7=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:19:15 -0000

--==========C3EBA1C903969083FDE7==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

+--On 8 mars 2016 08:03:14 -0800 NGie Cooper <yaneurabeya@gmail.com> wrote:
|> Well, I was doing a bulk with dns/bind99 dns/bind910, it did rebuild
|> everything needed by them because of the SA, and then pkg crashed while
|> building the repository.
| 
| Mike said similar on the stable/9 commit thread. I think the commit(s)
| should be backed out, fixed, and recommitted once the issue has been
| fixed.

Well, It's not really the commit, it's the SA that seems to have broken
pkg.  So something should be done, yes, sure.  My poudriere follows
9.3-RELEASE, and is updated with freebsd-update :-)

-- 
Mathieu Arnold
--==========C3EBA1C903969083FDE7==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3vt+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IUPgP/RGBK511Lx3PEPMpFrkutU2E
Gu/n0LScNmcGhrL40S/eU3BMgxLasXGqlbJ+2uY7WNi06rSThNYUX/WFz1YS/wxL
UDeCMQsTg0/RlQyW8URK3gZrMYCkYyc6cPdkIGBJe3vVW4WXdBrlekanAetWBqQV
AfcGNbZSsv44SmytLFlUQj+yL1CeHyn4yPKIIZWZq1qIxJDHi41nuz2DD+Kc2qBt
IxjidB9v5E0pSJAmH+Ryf6vHDAt0jVwI67NirwVtwbXKSj0no3WDZUronS5wIxJ9
HcbP0T3eH2ux6mqDmsTR+dgToo6KUKMAzY8aa/WiIeERUTlfQ/NHXypfNul1EYbu
0UaKGz7CSpuE6rkFEd8/RPZgv1CNFT6jwAOLfHykLVXbhumyck7fKiQ4f2iPdd5y
/jq5bixOJlY3qRglZrGh6EaW5u1f3/F3jqxwTH1+79HTnOLToQsC5yQE/+ADYJbf
uJm4icgR+4KGHI3JnW+8t+O6DgtHCiee3UxMnubXkKMsjoT5CFbsIq2yd8agWlCq
NppLR/Z6Ft87x0s2ZS7Y8NsBRcsOeKHuhEifxvv7G1WR4lKoCmvQjfdKLeiplWHf
GGgo3pm67Jutt23ZZFmwFkvq9XtnE6PW6R/ss+22ajjEda2kfX/7eUEOuaXovXV2
XKcTM13iZwa7AscxoCsb
=7phs
-----END PGP SIGNATURE-----

--==========C3EBA1C903969083FDE7==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:26:03 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 087DEAC817A;
 Tue,  8 Mar 2016 16:26:03 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id E015937D;
 Tue,  8 Mar 2016 16:26:02 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id D6A2610C2;
 Tue,  8 Mar 2016 16:26:02 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 22511D81E;
 Tue,  8 Mar 2016 16:25:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id 2IzfNofy18Xr; Tue,  8 Mar 2016 16:25:51 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 74144D818
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DEFD08.6050100@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:25:44 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="iiuxG6El4phTtEXJXdUPBSmMFjtOWD9b6"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:26:03 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--iiuxG6El4phTtEXJXdUPBSmMFjtOWD9b6
Content-Type: multipart/mixed; boundary="BMhaDdWdmhST1GSALroJQoFFp1E52S2Tm"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DEFD08.6050100@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
In-Reply-To: <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>

--BMhaDdWdmhST1GSALroJQoFFp1E52S2Tm
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
> | Author: delphij
> | Date: Mon Mar  7 16:22:11 2016
> | New Revision: 296465
> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |=20
> | Log:
> |   Fix multiple OpenSSL vulnerabilities.
> |  =20
> |   Security:	FreeBSD-SA-16:12.openssl
> |   Approved by:	so
>=20
> After that, poudriere bulk fails with:
>=20
> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> Creating repository in /tmp/packages: 100%
> Packing files for repository:   0%Child process pid=3D50970 terminated
> abnormally: Segmentation fault: 11
> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> 9amd64-pkgng-default: removed
> 9amd64-pkgng-default-n: removed
>=20
> pkg-static is the one doing the segfault...
>=20

Is QEMU involved here?

Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not saying
you should)

--=20
Regards,
Bryan Drewery


--BMhaDdWdmhST1GSALroJQoFFp1E52S2Tm--

--iiuxG6El4phTtEXJXdUPBSmMFjtOWD9b6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3v0MAAoJEDXXcbtuRpfP+RYH/2CdnDHnWnGpvwVcXoHZlhkv
LK1bDYkLDlVFarZKDCETAAygfHR6YIrm2T9T6Glj2FVvoK0jllh6NKf6XnQ3O7NU
BdIqlTEDtHVqngnjldADsEHaEApC2uO+ZWQ0bpkm3UcNgqikAXJ2CpVUu+RktcJX
Ry4OsxlUHhOL5RZNaln9xsLVK8xe1sD36N9F9K7Rz2Yp24riVaYDXOKxSH6qXcaQ
chYiRNUN6hRMhW/U2XxfYkK7Br30irvZaC2sjRdGJ+fdPi731J8P6L4TTpsQwl3V
h79OHP9yUeNWqEl6uRXfRtEuI3iHa/Yiiop3H2h1X/r9pVakvMWr/s0zQ4eM8fU=
=aTZJ
-----END PGP SIGNATURE-----

--iiuxG6El4phTtEXJXdUPBSmMFjtOWD9b6--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:28:18 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16845AC82E7;
 Tue,  8 Mar 2016 16:28:18 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id AE9C78A8;
 Tue,  8 Mar 2016 16:28:17 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 078BDBDC86;
 Tue,  8 Mar 2016 17:28:16 +0100 (CET)
Received: from gw.in.absolight.net (gw-ecl.in.absolight.net [79.143.241.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.in.absolight.net",
 Issuer "CA Cert Signing Authority" (not verified))
 by prod2.absolight.net (Postfix) with ESMTPSA id F2AD6BDC81;
 Tue,  8 Mar 2016 17:28:15 +0100 (CET)
Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239])
 by gw.in.absolight.net (Postfix) with ESMTP id 2E2C46127;
 Tue,  8 Mar 2016 17:28:15 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by ogg.in.absolight.net (Postfix) with ESMTP id D549A202E7EC;
 Tue,  8 Mar 2016 17:28:14 +0100 (CET)
Date: Tue, 08 Mar 2016 17:28:14 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
In-Reply-To: <56DEFD08.6050100@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========4EAC2A076917EF1A36C2=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:28:18 -0000

--==========4EAC2A076917EF1A36C2==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

+--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org> wrote:
| On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
|> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
|> | Author: delphij
|> | Date: Mon Mar  7 16:22:11 2016
|> | New Revision: 296465
|> | URL: https://svnweb.freebsd.org/changeset/base/296465
|> | 
|> | Log:
|> |   Fix multiple OpenSSL vulnerabilities.
|> |   
|> |   Security:	FreeBSD-SA-16:12.openssl
|> |   Approved by:	so
|> 
|> After that, poudriere bulk fails with:
|> 
|> [00:00:07] ====>> Creating pkgng repository
|> Creating repository in /tmp/packages: 100%
|> Packing files for repository:   0%Child process pid=50970 terminated
|> abnormally: Segmentation fault: 11
|> [00:00:08] ====>> Cleaning up
|> 9amd64-pkgng-default: removed
|> 9amd64-pkgng-default-n: removed
|> 
|> pkg-static is the one doing the segfault...
|> 
| 
| Is QEMU involved here?
| 
| Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not saying
| you should)

No, it's a regular 9amd64 build on a 10.2 amd64 host.

-- 
Mathieu Arnold
--==========4EAC2A076917EF1A36C2==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3v2eXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IQ0gP/2vJMPlBs8zXWSol1dwKqtXh
BFRzDDK9KZ7JcKefW5ghrfa30PZeE6oes5r9pL/voz9acTo1DkLOTHegV++zAjSm
BMR1FXiC3lBQid6a0TnvJ9aeYaR8H7x4aERKwUy7eKJnnaVDB2t6JazW9nthCGCK
E/2A/UoJi8k8PbA7BAXeCKR4ltpAzb5zFzWpdOwjnPF8Hclnext18HcNMOrFHsBu
UfPb55InD9MDTwrgukupa5NIC48SevJZqKlZYv3/gkb/+FJdcjgHjtII4HIEAwBK
Yu+OXEtctw5O59VCM9/jVnpnbyFuKIhfYEEKCpz3SPrWPsg1NZiIsWDmnsCUsRQ4
1UizX+T0opo0eSbxgN5PULSktE/u7kt1FXLrOZvwnDD0NRJDWuugJocnTw+ef3la
7W0E3hjvjKe5uji7RM2dv2ZhUnCZ3TjE7miZaHCxqCYwVU563nQz07a5enzhXduw
fduAeHjxJJ0YxNYwFyztqOclQTOIMKUiMto43iLi2YbPcyy5UD/94rDurN9lu1Q8
aSpCe+Hcls6nGLsXlCaBz7Tofgf0hwOj4enbSA81ykMmtgiGD4D7ZdIKOC5ZzWxO
wLsY5riwhLhbWIILzrFPXxIYtCKVDo4WbHqJDmAiyYvuH/+XS2MvmnrqfTmdicMe
sqjiLLNCfh5TDBgr5bwW
=dKSa
-----END PGP SIGNATURE-----

--==========4EAC2A076917EF1A36C2==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:29:43 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 63AD5AC8395;
 Tue,  8 Mar 2016 16:29:43 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 47011AE2;
 Tue,  8 Mar 2016 16:29:43 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id 3D92614B8;
 Tue,  8 Mar 2016 16:29:43 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 03B38D845;
 Tue,  8 Mar 2016 16:29:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id a2_M25xDXQC7; Tue,  8 Mar 2016 16:29:40 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 0D57ED83F
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DEFDF5.2040500@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:29:41 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="6abUFnGRJ6CSmkqVw2vh10jsoqknlOUMH"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:29:43 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--6abUFnGRJ6CSmkqVw2vh10jsoqknlOUMH
Content-Type: multipart/mixed; boundary="F39vlclQvqJUuKPkeREJMRdl75ffnpvfe"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DEFDF5.2040500@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
In-Reply-To: <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>

--F39vlclQvqJUuKPkeREJMRdl75ffnpvfe
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org> w=
rote:
> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:=

> |> | Author: delphij
> |> | Date: Mon Mar  7 16:22:11 2016
> |> | New Revision: 296465
> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |> |=20
> |> | Log:
> |> |   Fix multiple OpenSSL vulnerabilities.
> |> |  =20
> |> |   Security:	FreeBSD-SA-16:12.openssl
> |> |   Approved by:	so
> |>=20
> |> After that, poudriere bulk fails with:
> |>=20
> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> |> Creating repository in /tmp/packages: 100%
> |> Packing files for repository:   0%Child process pid=3D50970 terminat=
ed
> |> abnormally: Segmentation fault: 11
> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> |> 9amd64-pkgng-default: removed
> |> 9amd64-pkgng-default-n: removed
> |>=20
> |> pkg-static is the one doing the segfault...
> |>=20
> |=20
> | Is QEMU involved here?
> |=20
> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not sayi=
ng
> | you should)
>=20
> No, it's a regular 9amd64 build on a 10.2 amd64 host.
>=20

Can you please rebuild pkg with debug symbols and then run your 9.3
version against the repo in gdb?

--=20
Regards,
Bryan Drewery


--F39vlclQvqJUuKPkeREJMRdl75ffnpvfe--

--6abUFnGRJ6CSmkqVw2vh10jsoqknlOUMH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3v31AAoJEDXXcbtuRpfPW54H+wXLW6jWlfopNntw31fGVQp2
kRnoTEZi7EmK942SQR7LjX0q9k58L4ujIZFpQrYZrk2O7ZKTo8cCVi9Gh9Q9/PJ4
q4dNIetPDYmt5FxmREGAAPGMGyTkMFHhmnDUAUTv33QbeGVnXvQZt8ETAawlV+st
lyNKXo052HuyzC/pKe4+2/axaeYLw7D2MI82YDOqYO1vACZ4t19ye8Xo8FQSJMq5
uKHuaTPi4fddERIDEY8eC/pHlokdAOmCABhl7IdbY4T8xBViRHjdSxtAakDFP9r9
V4mQXL/dRidr8hzByyIhIwrfJ/Kiv+te1dxG1h+Qw8wh16HTyvnqUyPDWmE0E08=
=1wo5
-----END PGP SIGNATURE-----

--6abUFnGRJ6CSmkqVw2vh10jsoqknlOUMH--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:31:51 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5138AC8464;
 Tue,  8 Mar 2016 16:31:51 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com
 [IPv6:2607:f8b0:400e:c03::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 95553E0E;
 Tue,  8 Mar 2016 16:31:51 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: by mail-pa0-x234.google.com with SMTP id tt10so15885211pab.3;
 Tue, 08 Mar 2016 08:31:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=DWMNYhSCQE6L37IuD3oABapYPRNro57oDNTlvHi9PsY=;
 b=fH7qeH/m+BGv6GTcu8oheZ19OhJaFOIajsEa454NNtxL160pV629CQPVkESS6gNotW
 UeCngGvC0VohwQ6u4FNkus/qOOF02zNvGGY4v2I/Nh2UhVjz8ZZ2u2sb/WZwrYjRJBab
 5pmlviIVwwrtw8mXa/w2LQRpGh/cM/d6b09gyYm2M5Je8JuW4gl4mZ259ZIP5J9yXtA7
 j6tiLhUOYu1VP9ytF09y9bfbxORLkUd6Krfnrc32mkg47+ru/BFUsCSZWJ4rF/SKcNqU
 x06MuW53vGRdEvVuCbbkht3zHucET/BEMZPQ/mraDk3teYn91I/sCqt+MsWiJQEgXwwb
 BsJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=DWMNYhSCQE6L37IuD3oABapYPRNro57oDNTlvHi9PsY=;
 b=NsffkDhAab1sCX/jENWnbBbEgkQs7+tR4g+vRDExMhNHvx6XARzZWG28ufmv90NN92
 e45n0tNCX7IHzTLPWrWitKQ+amHEKUrHcmG9fVmLP2LQvG2O/PdJgwEFeIiqR0wdHAAp
 aygbm9g90eNextWUyNboCf5U+hH0wuG/OR9OOAQKnkQXhHdkP2vXTUScg+rWp0fAbOr7
 KMWqGmj007G9IbD8K+TfXds40j8qsidhBSwtR2qc8Sj+emskzcwXexhYG/WbGDNU8jSh
 g2Dk/0GAVz2XhaTish9R2X02V1cLAmyoUkem9rKaP8t8hDNMEWyD8qIYl4LGTucS/fLR
 VF1g==
X-Gm-Message-State: AD7BkJLk8RTdlhJbefhK7oNWLK0Z8MawqAdtvzEPGLQFd9ktV1IR0LrCY0YiS1Gti7LKhA==
X-Received: by 10.66.55.6 with SMTP id n6mr43593200pap.35.1457454711166;
 Tue, 08 Mar 2016 08:31:51 -0800 (PST)
Received: from ?IPv6:2601:601:801:23c0:6cec:df4e:b674:be72?
 ([2601:601:801:23c0:6cec:df4e:b674:be72])
 by smtp.gmail.com with ESMTPSA id dy6sm6118444pab.48.2016.03.08.08.31.49
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 08 Mar 2016 08:31:49 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
From: NGie Cooper <yaneurabeya@gmail.com>
In-Reply-To: <56DEFDF5.2040500@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:31:48 -0800
Cc: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>
X-Mailer: Apple Mail (2.2104)
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:31:52 -0000


> On Mar 8, 2016, at 08:29, Bryan Drewery <bdrewery@FreeBSD.org> wrote:
>=20
> On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
>> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org> =
wrote:
>> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
>> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> =
wrote:
>> |> | Author: delphij
>> |> | Date: Mon Mar  7 16:22:11 2016
>> |> | New Revision: 296465
>> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
>> |> |=20
>> |> | Log:
>> |> |   Fix multiple OpenSSL vulnerabilities.
>> |> |  =20
>> |> |   Security:	FreeBSD-SA-16:12.openssl
>> |> |   Approved by:	so
>> |>=20
>> |> After that, poudriere bulk fails with:
>> |>=20
>> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
>> |> Creating repository in /tmp/packages: 100%
>> |> Packing files for repository:   0%Child process pid=3D50970 =
terminated
>> |> abnormally: Segmentation fault: 11
>> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
>> |> 9amd64-pkgng-default: removed
>> |> 9amd64-pkgng-default-n: removed
>> |>=20
>> |> pkg-static is the one doing the segfault...
>> |>=20
>> |=20
>> | Is QEMU involved here?
>> |=20
>> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not =
saying
>> | you should)
>>=20
>> No, it's a regular 9amd64 build on a 10.2 amd64 host.
>>=20
>=20
> Can you please rebuild pkg with debug symbols and then run your 9.3
> version against the repo in gdb?

Someone else filed a bug already too: =
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207783 .
Thanks,
-Ngie=

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:33:04 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CDF6AC85B1;
 Tue,  8 Mar 2016 16:33:04 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 302B5FF0;
 Tue,  8 Mar 2016 16:33:04 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id 2439F1782;
 Tue,  8 Mar 2016 16:33:04 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id D443BD86A;
 Tue,  8 Mar 2016 16:33:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id mv6UUaIb002H; Tue,  8 Mar 2016 16:33:01 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com B809BD861
To: NGie Cooper <yaneurabeya@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>
Cc: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DEFEBE.3060202@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:33:02 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="55w7mQoGfIbb8XEtFIGeLubKi2uGGAb2L"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:33:04 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--55w7mQoGfIbb8XEtFIGeLubKi2uGGAb2L
Content-Type: multipart/mixed; boundary="LLgpsinCFBSPM0A7rPjPIUWlOB45jv5IP"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: NGie Cooper <yaneurabeya@gmail.com>
Cc: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DEFEBE.3060202@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>
In-Reply-To: <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>

--LLgpsinCFBSPM0A7rPjPIUWlOB45jv5IP
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/8/2016 8:31 AM, NGie Cooper wrote:
>=20
>> On Mar 8, 2016, at 08:29, Bryan Drewery <bdrewery@FreeBSD.org> wrote:
>>
>> On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
>>> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org>=
 wrote:
>>> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
>>> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrot=
e:
>>> |> | Author: delphij
>>> |> | Date: Mon Mar  7 16:22:11 2016
>>> |> | New Revision: 296465
>>> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
>>> |> |=20
>>> |> | Log:
>>> |> |   Fix multiple OpenSSL vulnerabilities.
>>> |> |  =20
>>> |> |   Security:	FreeBSD-SA-16:12.openssl
>>> |> |   Approved by:	so
>>> |>=20
>>> |> After that, poudriere bulk fails with:
>>> |>=20
>>> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
>>> |> Creating repository in /tmp/packages: 100%
>>> |> Packing files for repository:   0%Child process pid=3D50970 termin=
ated
>>> |> abnormally: Segmentation fault: 11
>>> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
>>> |> 9amd64-pkgng-default: removed
>>> |> 9amd64-pkgng-default-n: removed
>>> |>=20
>>> |> pkg-static is the one doing the segfault...
>>> |>=20
>>> |=20
>>> | Is QEMU involved here?
>>> |=20
>>> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not sa=
ying
>>> | you should)
>>>
>>> No, it's a regular 9amd64 build on a 10.2 amd64 host.
>>>
>>
>> Can you please rebuild pkg with debug symbols and then run your 9.3
>> version against the repo in gdb?
>=20
> Someone else filed a bug already too: https://bugs.freebsd.org/bugzilla=
/show_bug.cgi?id=3D207783 .

For SSH!


--=20
Regards,
Bryan Drewery


--LLgpsinCFBSPM0A7rPjPIUWlOB45jv5IP--

--55w7mQoGfIbb8XEtFIGeLubKi2uGGAb2L
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3v6+AAoJEDXXcbtuRpfP5ioH/3YM2T4IcgEsMiHqxLtQdglA
FPJyXYPyB2WV5t8Ru2l9ptIFw8A62tUF6kLfcLUIdp8aGkonR+y7e+B2zwvRp7kU
5x5ps0bR0nOgvRP//t9TfhG4FSssTqU9pjruqiBLIKPwxacGv4epdMzGqe//IZ+v
Q4SQrNVqbUPHD2nCDjip4r/7E3niZ/j5QxTBvPQ+Kt3TO/BYDP0oPHl4yPatAb6c
1TOjhZOd9WjCavTPlPUU1vtiou9OPgqHd2v3p2mptqa93StXrP0XU/DXI2aJt3/R
CmrnYcqXGX3KGK1NvHkP7Y1eEcstjr89098+XyklU354UhD9sw6IQ87sBTIVfDQ=
=OgWs
-----END PGP SIGNATURE-----

--55w7mQoGfIbb8XEtFIGeLubKi2uGGAb2L--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:35:49 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6133AC86BF;
 Tue,  8 Mar 2016 16:35:49 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4934D24D;
 Tue,  8 Mar 2016 16:35:49 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id A2B8BBDCAB;
 Tue,  8 Mar 2016 17:35:47 +0100 (CET)
Received: from gw.in.absolight.net (gw-ecl.in.absolight.net [79.143.241.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.in.absolight.net",
 Issuer "CA Cert Signing Authority" (not verified))
 by prod2.absolight.net (Postfix) with ESMTPSA id 68B31BDCA3;
 Tue,  8 Mar 2016 17:35:47 +0100 (CET)
Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239])
 by gw.in.absolight.net (Postfix) with ESMTP id DBA1A6127;
 Tue,  8 Mar 2016 17:35:46 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by ogg.in.absolight.net (Postfix) with ESMTP id 809B9202EA01;
 Tue,  8 Mar 2016 17:35:46 +0100 (CET)
Date: Tue, 08 Mar 2016 17:35:45 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
In-Reply-To: <56DEFDF5.2040500@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========2E5540D27C48691974A0=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:35:49 -0000

--==========2E5540D27C48691974A0==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

+--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.org> wrote:
| On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
|> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
|> wrote:
|> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
|> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
|> |> | Author: delphij
|> |> | Date: Mon Mar  7 16:22:11 2016
|> |> | New Revision: 296465
|> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
|> |> | 
|> |> | Log:
|> |> |   Fix multiple OpenSSL vulnerabilities.
|> |> |   
|> |> |   Security:	FreeBSD-SA-16:12.openssl
|> |> |   Approved by:	so
|> |> 
|> |> After that, poudriere bulk fails with:
|> |> 
|> |> [00:00:07] ====>> Creating pkgng repository
|> |> Creating repository in /tmp/packages: 100%
|> |> Packing files for repository:   0%Child process pid=50970 terminated
|> |> abnormally: Segmentation fault: 11
|> |> [00:00:08] ====>> Cleaning up
|> |> 9amd64-pkgng-default: removed
|> |> 9amd64-pkgng-default-n: removed
|> |> 
|> |> pkg-static is the one doing the segfault...
|> |> 
|> | 
|> | Is QEMU involved here?
|> | 
|> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not saying
|> | you should)
|> 
|> No, it's a regular 9amd64 build on a 10.2 amd64 host.
|> 
| 
| Can you please rebuild pkg with debug symbols and then run your 9.3
| version against the repo in gdb?

I could yes, but not today, tomorrow at the earliest.  How do I build the
port with debug symbols ?

-- 
Mathieu Arnold
--==========2E5540D27C48691974A0==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3v9iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IVzkQAI8vpiouLh6xN0KUxf/SjIll
QtzX3+b+zukbFLiLYZYPwnwEbqXyN1q4wAlnR0dKe8s7DXRFcu7qSgDLYLlJ0joQ
+x4gd6Ah4unSjsQB9wDgJSnZEw+FDOUpsfUmejKUC7SDzeKD7DowG9/q9zrNXGtq
JVa3+YMSyW0Zdqv4qRz3gNPGVYnf6/rRmfYAj9WH6nk+3ulee6GWUcDZ4YQOb2/k
UzmIbBvI9F4nKiFgO29cDMzsG2V6EvKBiVcGBCeTOGzXGxog5WDjBCwbEkxirBZg
K0IWFrCgIg+R2N4D1UcGiPKGmzSq4bX1w93Ukx2msZCnx7m/LPzXNejF2/mNwQy3
mSgw6rmPH+I1sRdhwtKeUXWekwrKrWbPa8GGdAz+tQIX4RkgOQGi1ojqneeDl911
EANfNVjUQGaSBRwA5OMEqUf+yGg4aXieFlTEcTz9jHooFZhefvevnikxg35kAa3M
tFIfPJkfyAMeOYtbJ2BuFbPaE2NyCMtTh87BgPL9BHKAQ2oobwdr6MIs4KSpQEx8
f55zfzFel3EosOJiCizanjU56UY3qycO5zi6WCCPCocwhbSE3AQksxikKq9U/ZAD
KYqOMAyPIqlnAT3ZAI2w7M1Tc9xptxDvtU/mLutC0uf54nYOXAT9N8VgkuT4da/g
veMvMvkCEN6EDG22LwPd
=I/GI
-----END PGP SIGNATURE-----

--==========2E5540D27C48691974A0==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:37:06 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A24F3AC8726;
 Tue,  8 Mar 2016 16:37:06 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com
 [IPv6:2607:f8b0:400e:c03::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 724DE3E0;
 Tue,  8 Mar 2016 16:37:06 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: by mail-pa0-x231.google.com with SMTP id tt10so15978347pab.3;
 Tue, 08 Mar 2016 08:37:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=9M0l9v2vO+Y9NsAMB2xE2ERKY4JT42GrIeQqRb+Inu4=;
 b=D91ma382bU2FcWzLezXhYlasXH5lgxoJXNFmG9+eX192bkmdAcGRKN1SJY4L+BpBmY
 Ughkp203w3bnbLOeQhUWzQAP2pyJO/H+YxmcxlMrIElMIS/FYkKM+SR4PuusrP0E1Cxb
 Z6/xgZfhN6svqSdXre8u8CkRbtZGhmmviOLNgaWHPGko2nejshDNXX8O8KfbQaGWxcGT
 5PL3ZNZdqcdM+nzyUg6l+5jKfoWV7QoVbWMMoB0r2nGPH6AD6wxMCC8PQcTBddzx76uQ
 y2EormW3ZIL3rLsFwLoCLOJ0OKOJ4ji3qruuaASstYblWb43EfY7+KhLPpaWy3JOWZr0
 cYXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=9M0l9v2vO+Y9NsAMB2xE2ERKY4JT42GrIeQqRb+Inu4=;
 b=Oc8w3CwfFdPk8KlWIOwDHPdkJNCH+8qlPQrqXVoqS0V2I01hlYuIFneiPCBhlYIdd7
 A5uju9U/3v5BI409cAnc9mforDGwsQlNjz5xqU9ChwuSc2yOki8nM47HU1y1Y3dqAEC9
 EAmZjYiK01rJxP0S54iO1CMw2pCc8nGPW8fGFfvKaddul5M71LkUhTbzSz2+r88F+R87
 +QobGm2nm36qKcKP/OptPUcKRF6zOxWi5PR51wyYd3Q5VciJom89mtMcrtKFJb9WjvcG
 zTLuWm7ylKsGCCaZZ84lgMIRaELd1OlzxxBL+59E7mKco4dqbibFrLHO1sqRReamGhaZ
 XZUA==
X-Gm-Message-State: AD7BkJLMCq7c9l/PGRsMWNg5g5gs36W9CoCrGDUB8oc7D3hcI5yF3pY9tWNFQetJPziwbA==
X-Received: by 10.66.145.194 with SMTP id sw2mr42538041pab.69.1457455025998;
 Tue, 08 Mar 2016 08:37:05 -0800 (PST)
Received: from ?IPv6:2601:601:801:23c0:6cec:df4e:b674:be72?
 ([2601:601:801:23c0:6cec:df4e:b674:be72])
 by smtp.gmail.com with ESMTPSA id c18sm6131119pfj.41.2016.03.08.08.37.04
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 08 Mar 2016 08:37:04 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
From: NGie Cooper <yaneurabeya@gmail.com>
In-Reply-To: <56DEFEBE.3060202@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:37:03 -0800
Cc: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <10F930F1-09DD-4763-AFC0-006FD5572A47@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <30DF4918-10F4-4BF2-BBB7-0209FB631774@gmail.com>
 <56DEFEBE.3060202@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>
X-Mailer: Apple Mail (2.2104)
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:37:06 -0000


> On Mar 8, 2016, at 08:33, Bryan Drewery <bdrewery@FreeBSD.org> wrote:

...

> For SSH!

	The issue has been root-caused [so far] down to libcrypto in =
this bug, which would also impact pkgng (see =
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207783#c6 ). Not =
saying that this information shouldn=92t be gathered, but the root cause =
might potentially be the same issue.
Thanks!
-Ngie=

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:47:51 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D5A9AC8B61;
 Tue,  8 Mar 2016 16:47:51 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id E561826C;
 Tue,  8 Mar 2016 16:47:50 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id D8BB0129F;
 Tue,  8 Mar 2016 16:47:50 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 6FE3CD927;
 Tue,  8 Mar 2016 16:47:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id Q18_ZFgt0Fs8; Tue,  8 Mar 2016 16:47:47 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 17153D920
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DF0234.2090307@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:47:48 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="WUipqwUKFunOrqJEmaw6R2EbaI8AgfsAC"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:47:51 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--WUipqwUKFunOrqJEmaw6R2EbaI8AgfsAC
Content-Type: multipart/mixed; boundary="nVLI7uhD09UdnshXv7jCBtgnFmunALJS0"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DF0234.2090307@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
In-Reply-To: <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>

--nVLI7uhD09UdnshXv7jCBtgnFmunALJS0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.org> w=
rote:
> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org=
>
> |> wrote:
> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wro=
te:
> |> |> | Author: delphij
> |> |> | Date: Mon Mar  7 16:22:11 2016
> |> |> | New Revision: 296465
> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |> |> |=20
> |> |> | Log:
> |> |> |   Fix multiple OpenSSL vulnerabilities.
> |> |> |  =20
> |> |> |   Security:	FreeBSD-SA-16:12.openssl
> |> |> |   Approved by:	so
> |> |>=20
> |> |> After that, poudriere bulk fails with:
> |> |>=20
> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> |> |> Creating repository in /tmp/packages: 100%
> |> |> Packing files for repository:   0%Child process pid=3D50970 termi=
nated
> |> |> abnormally: Segmentation fault: 11
> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> |> |> 9amd64-pkgng-default: removed
> |> |> 9amd64-pkgng-default-n: removed
> |> |>=20
> |> |> pkg-static is the one doing the segfault...
> |> |>=20
> |> |=20
> |> | Is QEMU involved here?
> |> |=20
> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not s=
aying
> |> | you should)
> |>=20
> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
> |>=20
> |=20
> | Can you please rebuild pkg with debug symbols and then run your 9.3
> | version against the repo in gdb?
>=20
> I could yes, but not today, tomorrow at the earliest.  How do I build t=
he
> port with debug symbols ?
>=20

WITH_DEBUG=3Dyes make

--=20
Regards,
Bryan Drewery


--nVLI7uhD09UdnshXv7jCBtgnFmunALJS0--

--WUipqwUKFunOrqJEmaw6R2EbaI8AgfsAC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3wI0AAoJEDXXcbtuRpfPIlYIAIgU0r8FqbBTCAxKL4moORNk
NYBTzDJaTx/yXNjhiDU0OuI7SnfcK6iZguWeLxcJhHEw+/aDg44gfrVWLQZkJ6fk
ADUOtbs1dipo+dYySEIJRkLOxxfOAgtk4OkqP9TUpt5GjtGQfgy09DPBytsrUwx6
E5xdgfuirpo72JPiA5Dum6ktvSRaL0f++Hh/IYGz7T4WbUJu3vBLf4UooedxX2LG
2GCOAPcxlnWOdRNEkKA4InIqv9s4NvEqfXQzUA5iJrpNhpLuVNGIax6m4udmAXrA
hgjvkJCxQBK+4+umPNIcwEfWVFj96OvjCGaW5haCfGBpVDZBcyN66fBQ5OlU6AA=
=IZlo
-----END PGP SIGNATURE-----

--WUipqwUKFunOrqJEmaw6R2EbaI8AgfsAC--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:48:32 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB8E2AC8BBF;
 Tue,  8 Mar 2016 16:48:32 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id AF5395FA;
 Tue,  8 Mar 2016 16:48:32 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id 9B2CF13DA;
 Tue,  8 Mar 2016 16:48:32 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 6BB15D936;
 Tue,  8 Mar 2016 16:48:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id 1NP1pgxbCwar; Tue,  8 Mar 2016 16:48:26 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com DBE0ED92F
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DF025B.1090706@FreeBSD.org>
Date: Tue, 8 Mar 2016 08:48:27 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56DF0234.2090307@FreeBSD.org>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="bIc6LgXd1MJqDTGCrUW85QoPOIPkfaPUK"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:48:32 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--bIc6LgXd1MJqDTGCrUW85QoPOIPkfaPUK
Content-Type: multipart/mixed; boundary="g8SXmgFwl62s0m40m7gHu0KA3gDnsHCjn"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DF025B.1090706@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org>
In-Reply-To: <56DF0234.2090307@FreeBSD.org>

--g8SXmgFwl62s0m40m7gHu0KA3gDnsHCjn
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/8/2016 8:47 AM, Bryan Drewery wrote:
> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.org> =
wrote:
>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.or=
g>
>> |> wrote:
>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wr=
ote:
>> |> |> | Author: delphij
>> |> |> | Date: Mon Mar  7 16:22:11 2016
>> |> |> | New Revision: 296465
>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
>> |> |> |=20
>> |> |> | Log:
>> |> |> |   Fix multiple OpenSSL vulnerabilities.
>> |> |> |  =20
>> |> |> |   Security:	FreeBSD-SA-16:12.openssl
>> |> |> |   Approved by:	so
>> |> |>=20
>> |> |> After that, poudriere bulk fails with:
>> |> |>=20
>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
>> |> |> Creating repository in /tmp/packages: 100%
>> |> |> Packing files for repository:   0%Child process pid=3D50970 term=
inated
>> |> |> abnormally: Segmentation fault: 11
>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
>> |> |> 9amd64-pkgng-default: removed
>> |> |> 9amd64-pkgng-default-n: removed
>> |> |>=20
>> |> |> pkg-static is the one doing the segfault...
>> |> |>=20
>> |> |=20
>> |> | Is QEMU involved here?
>> |> |=20
>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not =
saying
>> |> | you should)
>> |>=20
>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
>> |>=20
>> |=20
>> | Can you please rebuild pkg with debug symbols and then run your 9.3
>> | version against the repo in gdb?
>>
>> I could yes, but not today, tomorrow at the earliest.  How do I build =
the
>> port with debug symbols ?
>>
>=20
> WITH_DEBUG=3Dyes make
>=20

You might need this too: DEBUG_FLAGS=3D"-g -O0"

--=20
Regards,
Bryan Drewery


--g8SXmgFwl62s0m40m7gHu0KA3gDnsHCjn--

--bIc6LgXd1MJqDTGCrUW85QoPOIPkfaPUK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3wJbAAoJEDXXcbtuRpfPYxgIAKVVpcha/9bP11QLDMcq5agv
U42dbzn7lMExwiKCuDjh8vaWggPNUyLwtZahBs/BEL3FIh6uEpP45qciS4dKKeO6
rSkdZMO+lKIjU7s8gmMXFfDlYtmKBhFtupNfP76tnk8BIMYIlsRS9L4LcZjv5ou3
U4YElgkqqUcMo2iTZmSxktAf8OqM9wQpoPJHsBH87P/yOzqG39LkdgmPumjk27wy
pW2Ha8JqZEINcOPvvjmxM55r+hf2hxxw1JSGO1bLhDniB7+2kW3Xs2eEOITAqyLI
3Cf4ODL8JXSRhRNFcKc3DrTvBZwBu5bHu9b9LLukY4wcoE44OdLHf110zKMdl3Q=
=Be7g
-----END PGP SIGNATURE-----

--bIc6LgXd1MJqDTGCrUW85QoPOIPkfaPUK--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 16:52:36 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EC7DAC8E04;
 Tue,  8 Mar 2016 16:52:36 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E439FB65;
 Tue,  8 Mar 2016 16:52:35 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 61A01BDCC7;
 Tue,  8 Mar 2016 17:52:34 +0100 (CET)
Received: from gw.in.absolight.net (gw-ecl.in.absolight.net [79.143.241.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.in.absolight.net",
 Issuer "CA Cert Signing Authority" (not verified))
 by prod2.absolight.net (Postfix) with ESMTPSA id 26E36BDCC4;
 Tue,  8 Mar 2016 17:52:34 +0100 (CET)
Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239])
 by gw.in.absolight.net (Postfix) with ESMTP id 52A306124;
 Tue,  8 Mar 2016 17:52:33 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by ogg.in.absolight.net (Postfix) with ESMTP id 01C60202EEAF;
 Tue,  8 Mar 2016 17:52:32 +0100 (CET)
Date: Tue, 08 Mar 2016 17:52:32 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
In-Reply-To: <56DF025B.1090706@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========2E37BBC52CC8560C3E1F=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:52:36 -0000

--==========2E37BBC52CC8560C3E1F==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

+--On 8 mars 2016 08:48:27 -0800 Bryan Drewery <bdrewery@FreeBSD.org> wrote:
| On 3/8/2016 8:47 AM, Bryan Drewery wrote:
|> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
|>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
|>> wrote:
|>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
|>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
|>> |> wrote:
|>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
|>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org>
|>> |> |> wrote:
|>> |> |> | Author: delphij
|>> |> |> | Date: Mon Mar  7 16:22:11 2016
|>> |> |> | New Revision: 296465
|>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
|>> |> |> | 
|>> |> |> | Log:
|>> |> |> |   Fix multiple OpenSSL vulnerabilities.
|>> |> |> |   
|>> |> |> |   Security:	FreeBSD-SA-16:12.openssl
|>> |> |> |   Approved by:	so
|>> |> |> 
|>> |> |> After that, poudriere bulk fails with:
|>> |> |> 
|>> |> |> [00:00:07] ====>> Creating pkgng repository
|>> |> |> Creating repository in /tmp/packages: 100%
|>> |> |> Packing files for repository:   0%Child process pid=50970
|>> |> |> terminated abnormally: Segmentation fault: 11
|>> |> |> [00:00:08] ====>> Cleaning up
|>> |> |> 9amd64-pkgng-default: removed
|>> |> |> 9amd64-pkgng-default-n: removed
|>> |> |> 
|>> |> |> pkg-static is the one doing the segfault...
|>> |> |> 
|>> |> | 
|>> |> | Is QEMU involved here?
|>> |> | 
|>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (Not
|>> |> | saying you should)
|>> |> 
|>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
|>> |> 
|>> | 
|>> | Can you please rebuild pkg with debug symbols and then run your 9.3
|>> | version against the repo in gdb?
|>> 
|>> I could yes, but not today, tomorrow at the earliest.  How do I build
|>> the port with debug symbols ?
|>> 
|> 
|> WITH_DEBUG=yes make
|> 
| 
| You might need this too: DEBUG_FLAGS="-g -O0"

Mmmm, ok, what commands do I need to run ?

-- 
Mathieu Arnold
--==========2E37BBC52CC8560C3E1F==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW3wNQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85I0yMP/RWvU3GKZkZszEs5aox+2HY/
OjNuSxWA/GxT5evSC7xrRz72UOO5H9wKB4Gcp77QpAiENKSt7+69RgGwz0iSkUve
+VjwQwOOdYPcpU8MmgpcuCjDKxLOEFaHDO5gAN3KSLjLb0rE/dqyvtdcbmak1IWM
y/8BCnQzw4tNb5lzOOv4Vogp/8ZVIzJ5XxG9+R6AZGbyARWziYM3tPZeALgSfJBG
t9fQIbLFb2x+nSKRwqwzMX4dpG5KEVOSLxahszsKFTawRdyCjBzhQpVGI+WMxP3E
zNR7bcealsFa1XfDJ4EqWchiX8VYcI2uFmNvQcOSQ546quMOgNah4YttuxwKuALg
DjZqBRsd511mBkjt5ppQaIs1F4MFFeO9FEkE+Ne08X7c+RaYbeh8IppzPpCqt9NO
CO7TtaL2Cmx/YIzKjzwSWZ895rlP3jKEzUmcS6Ls//ZjmkTWklZy7qLUlMifyO1d
TGU+2w9uBafq3OXo+boMTcvJjsLjhcekJR14q7aBuHhrN38eEgVmfZu5z/1T3lv7
Vj+lwQewECyri5u0Y9Dxl4ClvxxfQOT/3ZdcKQgq5Al1e6XhLA6MEwS6TnK9QKqk
rFXubqtVe/RWhZ5xDDA+b9esMdjs1yTx/uDKpoU2z3yabmjlu7QSediyVtSyDcwh
6qzXx+bFa8iKao2tPXjo
=s8iN
-----END PGP SIGNATURE-----

--==========2E37BBC52CC8560C3E1F==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 17:01:07 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A7F9AC711A;
 Tue,  8 Mar 2016 17:01:07 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 2CDF5F6B;
 Tue,  8 Mar 2016 17:01:07 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id 203C019C9;
 Tue,  8 Mar 2016 17:01:07 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id C2090D98C;
 Tue,  8 Mar 2016 17:01:06 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id ttuwEwiRd0n5; Tue,  8 Mar 2016 17:01:03 +0000 (UTC)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 42C22D984
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56DF0550.6000604@FreeBSD.org>
Date: Tue, 8 Mar 2016 09:01:04 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="wF6cMO9KA2gGg1RISeTE76daTm4Km6js6"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 17:01:07 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--wF6cMO9KA2gGg1RISeTE76daTm4Km6js6
Content-Type: multipart/mixed; boundary="PnILOghhedvtPSgpDwCU1Qpf8HDM23Woh"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mathieu Arnold <mat@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Message-ID: <56DF0550.6000604@FreeBSD.org>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
In-Reply-To: <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>

--PnILOghhedvtPSgpDwCU1Qpf8HDM23Woh
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 3/8/2016 8:52 AM, Mathieu Arnold wrote:
> +--On 8 mars 2016 08:48:27 -0800 Bryan Drewery <bdrewery@FreeBSD.org> w=
rote:
> | On 3/8/2016 8:47 AM, Bryan Drewery wrote:
> |> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
> |>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.or=
g>
> |>> wrote:
> |>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
> |>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery <bdrewery@FreeBSD=
=2Eorg>
> |>> |> wrote:
> |>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
> |>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org>=

> |>> |> |> wrote:
> |>> |> |> | Author: delphij
> |>> |> |> | Date: Mon Mar  7 16:22:11 2016
> |>> |> |> | New Revision: 296465
> |>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |>> |> |> |=20
> |>> |> |> | Log:
> |>> |> |> |   Fix multiple OpenSSL vulnerabilities.
> |>> |> |> |  =20
> |>> |> |> |   Security:	FreeBSD-SA-16:12.openssl
> |>> |> |> |   Approved by:	so
> |>> |> |>=20
> |>> |> |> After that, poudriere bulk fails with:
> |>> |> |>=20
> |>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> |>> |> |> Creating repository in /tmp/packages: 100%
> |>> |> |> Packing files for repository:   0%Child process pid=3D50970
> |>> |> |> terminated abnormally: Segmentation fault: 11
> |>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> |>> |> |> 9amd64-pkgng-default: removed
> |>> |> |> 9amd64-pkgng-default-n: removed
> |>> |> |>=20
> |>> |> |> pkg-static is the one doing the segfault...
> |>> |> |>=20
> |>> |> |=20
> |>> |> | Is QEMU involved here?
> |>> |> |=20
> |>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (N=
ot
> |>> |> | saying you should)
> |>> |>=20
> |>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
> |>> |>=20
> |>> |=20
> |>> | Can you please rebuild pkg with debug symbols and then run your 9=
=2E3
> |>> | version against the repo in gdb?
> |>>=20
> |>> I could yes, but not today, tomorrow at the earliest.  How do I bui=
ld
> |>> the port with debug symbols ?
> |>>=20
> |>=20
> |> WITH_DEBUG=3Dyes make
> |>=20
> |=20
> | You might need this too: DEBUG_FLAGS=3D"-g -O0"
>=20
> Mmmm, ok, what commands do I need to run ?
>=20

(assuming devel/gdb installed)
gdb710 --args /usr/local/sbin/pkg-static repo <path to repo>
# run
<crash>
# bt full

--=20
Regards,
Bryan Drewery


--PnILOghhedvtPSgpDwCU1Qpf8HDM23Woh--

--wF6cMO9KA2gGg1RISeTE76daTm4Km6js6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJW3wVQAAoJEDXXcbtuRpfPdkQIAMChshdXDVZ4IkELouhxvqlx
NcAtAYTorGnJkqDiwcZziZ66l8d/IKo6NyOEsJWXqigqzOnaZQ+TbBNlte6YPn5a
K34bDRgNGTuMqn1a8nPq+NA7KG1xLwXVR2lxflC+chIkKlCSvHZRFyDDHjwmcvEf
fxw8NPv7veRjiH798LqI3tkaIcvYt9WfSXGk+51yNUkszg7zDIGcXpFO6KP7MLR9
EkQcML5Ky9cpcgOT+j+q2oMhtOLo3Qdl6N9zvUhMh1cVaJRZp45Ovy0lUTv0JZKT
x60toatjlDRqxHcY6QvdLQvMTBp1VdL30D8hIf4VaiummDD258Lmd2jH+S87Mbk=
=C0G+
-----END PGP SIGNATURE-----

--wF6cMO9KA2gGg1RISeTE76daTm4Km6js6--

From owner-svn-src-releng@freebsd.org  Tue Mar  8 22:43:45 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27BBDAC8831;
 Tue,  8 Mar 2016 22:43:45 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (mx3.absolight.net
 [IPv6:2a01:678:2:100::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E53F231B;
 Tue,  8 Mar 2016 22:43:44 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id 80E05BDC73;
 Tue,  8 Mar 2016 23:43:42 +0100 (CET)
Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205])
 by prod2.absolight.net (Postfix) with ESMTPA id 5E4FDBDC66;
 Tue,  8 Mar 2016 23:43:42 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by atuin.in.mat.cc (Postfix) with ESMTP id 411615584160;
 Tue,  8 Mar 2016 23:43:42 +0100 (CET)
Date: Tue, 08 Mar 2016 23:43:42 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Xin Li <delphij@delphij.net>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <2EE0BF0314149E051E25918E@atuin.in.mat.cc>
In-Reply-To: <56DE6DFD.4020300@delphij.net>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DE6DFD.4020300@delphij.net>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========60CD76B6E1AB6AC3A50F=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 22:43:45 -0000

--==========60CD76B6E1AB6AC3A50F==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



+--On 7 mars 2016 22:15:25 -0800 Xin Li <delphij@delphij.net> wrote:
| 
| 
| On 3/7/16 16:29, Mathieu Arnold wrote:
|> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org> wrote:
|> | Author: delphij
|> | Date: Mon Mar  7 16:22:11 2016
|> | New Revision: 296465
|> | URL: https://svnweb.freebsd.org/changeset/base/296465
|> | 
|> | Log:
|> |   Fix multiple OpenSSL vulnerabilities.
|> |   
|> |   Security:	FreeBSD-SA-16:12.openssl
|> |   Approved by:	so
|> 
|> After that, poudriere bulk fails with:
|> 
|> [00:00:07] ====>> Creating pkgng repository
|> Creating repository in /tmp/packages: 100%
|> Packing files for repository:   0%Child process pid=50970 terminated
|> abnormally: Segmentation fault: 11
|> [00:00:08] ====>> Cleaning up
|> 9amd64-pkgng-default: removed
|> 9amd64-pkgng-default-n: removed
|> 
|> pkg-static is the one doing the segfault...
| 
| I can't seem to be able to reproduce this, what ports are you trying to
| bulk?  (Also note that after doing poudriere jail -u, the bulk seems to
| have rebuilt pkg, I'm not sure if that matters, but it's possible, do I
| need to explicitly specify something to avoid this?).

Ok, I use a signed repo, which is why it fails.  When I run pkg repo . it
works, with pkg repo . ../repo.key it cores dump.

-- 
Mathieu Arnold
--==========60CD76B6E1AB6AC3A50F==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW31WeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85Igg8QAI9SPZs5VBO1GZJcut6a+3o8
YH27orB93GSgDS9LUfIKgVcB+Ta1t2IwXa7bud7IxW/azi3alij6TmVY+NmbXEJn
pUO8p9uKP0HFzP7EoyLXfibEbDaTI3SMnX5omVdozIEoiiwN/pMPoIUw/SczSld0
ziIYvPuZFZiFf7FsnF8TYtw7SRZGmpYnt7DIlXaf5f1eYQ+6nefza/0zgLhDOthR
64MueRBIZQPRmRhBjX1QapQwHOJ0M0QvLa4E7rjwsCz2G4DlVq+PY7FmGL5ZsNsE
k/j3nY6enhLsYZeb8GV2jEx7AdAUjz1gnFf76u32jrV7ghxHKKdLsU9lNh4jLGQS
YwkWjvLcZnVP3MZQWAmiSjDQXvYdUudqG481xmLvZV5ztra/2GHY+bpvJSmW8vFV
Ve9MO2lBMRskkjev2JYVXYnKRYjGOTXzymhHlRiSF/ooVxCEsrqceO3kOp1b4eJt
IIxXeJ1jjFkYkqFz1XzGgQnEoNHPFzzSyRJquHYWY8dF8V87X26pFPGzrGTIv2DC
AIwrrLLxN5xM54uhHAKnUrup7IyFtTge3HpRJuvPy+bD4dg+U5iouJnABrnjlAxv
7kifTu7V1nCMWazaX3WMHpo1LmDYlGq68WNBPCYpT4fXlT0bhozAWXGqIZDSR2CL
gliddqQuUPLWVVnGWTkw
=ZnW7
-----END PGP SIGNATURE-----

--==========60CD76B6E1AB6AC3A50F==========--


From owner-svn-src-releng@freebsd.org  Tue Mar  8 22:45:07 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CEDC1AC88C8;
 Tue,  8 Mar 2016 22:45:07 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (prod2.absolight.net [79.143.243.136])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 82AF06C0;
 Tue,  8 Mar 2016 22:45:07 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from prod2.absolight.net (localhost [127.0.0.1])
 by prod2.absolight.net (Postfix) with ESMTP id A2865BDC7F;
 Tue,  8 Mar 2016 23:45:05 +0100 (CET)
Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205])
 by prod2.absolight.net (Postfix) with ESMTPA id 9BA16BDC73;
 Tue,  8 Mar 2016 23:45:05 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by atuin.in.mat.cc (Postfix) with ESMTP id 7C14B55841D8;
 Tue,  8 Mar 2016 23:45:05 +0100 (CET)
Date: Tue, 08 Mar 2016 23:45:05 +0100
From: Mathieu Arnold <mat@FreeBSD.org>
To: Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1
 crypto/openssl/crypto/bf cry...
Message-ID: <E24637388915226D9A922B8B@atuin.in.mat.cc>
In-Reply-To: <56DF0550.6000604@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="==========82237419477444479CEF=========="
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 22:45:07 -0000

--==========82237419477444479CEF==========
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



+--On 8 mars 2016 09:01:04 -0800 Bryan Drewery <bdrewery@FreeBSD.org> =
wrote:
| On 3/8/2016 8:52 AM, Mathieu Arnold wrote:
|> +--On 8 mars 2016 08:48:27 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
|> wrote:
|> | On 3/8/2016 8:47 AM, Bryan Drewery wrote:
|> |> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
|> |>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery =
<bdrewery@FreeBSD.org>
|> |>> wrote:
|> |>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
|> |>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery
|> |>> |> <bdrewery@FreeBSD.org> wrote:
|> |>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
|> |>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org>
|> |>> |> |> wrote:
|> |>> |> |> | Author: delphij
|> |>> |> |> | Date: Mon Mar  7 16:22:11 2016
|> |>> |> |> | New Revision: 296465
|> |>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
|> |>> |> |> |=20
|> |>> |> |> | Log:
|> |>> |> |> |   Fix multiple OpenSSL vulnerabilities.
|> |>> |> |> |  =20
|> |>> |> |> |   Security:	FreeBSD-SA-16:12.openssl
|> |>> |> |> |   Approved by:	so
|> |>> |> |>=20
|> |>> |> |> After that, poudriere bulk fails with:
|> |>> |> |>=20
|> |>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
|> |>> |> |> Creating repository in /tmp/packages: 100%
|> |>> |> |> Packing files for repository:   0%Child process pid=3D50970
|> |>> |> |> terminated abnormally: Segmentation fault: 11
|> |>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
|> |>> |> |> 9amd64-pkgng-default: removed
|> |>> |> |> 9amd64-pkgng-default-n: removed
|> |>> |> |>=20
|> |>> |> |> pkg-static is the one doing the segfault...
|> |>> |> |>=20
|> |>> |> |=20
|> |>> |> | Is QEMU involved here?
|> |>> |> |=20
|> |>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? =
(Not
|> |>> |> | saying you should)
|> |>> |>=20
|> |>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
|> |>> |>=20
|> |>> |=20
|> |>> | Can you please rebuild pkg with debug symbols and then run your =
9.3
|> |>> | version against the repo in gdb?
|> |>>=20
|> |>> I could yes, but not today, tomorrow at the earliest.  How do I =
build
|> |>> the port with debug symbols ?
|> |>>=20
|> |>=20
|> |> WITH_DEBUG=3Dyes make
|> |>=20
|> |=20
|> | You might need this too: DEBUG_FLAGS=3D"-g -O0"
|>=20
|> Mmmm, ok, what commands do I need to run ?
|>=20
|=20
| (assuming devel/gdb installed)
| gdb710 --args /usr/local/sbin/pkg-static repo <path to repo>
|# run
| <crash>
|# bt full

Ok, so, it's 9.3, so there's no gdb710, but:


the command ran is:

root@pkg:/tmp/foo # pkg repo . ../repo.key
Creating repository in .: 100%
Packing files for repository:   0%Child process pid=3D16312 terminated
abnormally: Segmentation fault: 11
root@pkg:/tmp/foo # gdb /usr/local/sbin/pkg pkg.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `pkg'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libpkg.so.3...done.
Loaded symbols for /usr/local/lib/libpkg.so.3
Reading symbols from /lib/libutil.so.9...done.
Loaded symbols for /lib/libutil.so.9
Reading symbols from /usr/lib/libssl.so.6...done.
Loaded symbols for /usr/lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/lib/libelf.so.1...done.
Loaded symbols for /usr/lib/libelf.so.1
Reading symbols from /lib/libjail.so.1...done.
Loaded symbols for /lib/libjail.so.1
Reading symbols from /usr/lib/libarchive.so.5...done.
Loaded symbols for /usr/lib/libarchive.so.5
Reading symbols from /lib/libz.so.6...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /usr/lib/libbz2.so.4...done.
Loaded symbols for /usr/lib/libbz2.so.4
Reading symbols from /usr/lib/liblzma.so.5...done.
Loaded symbols for /usr/lib/liblzma.so.5
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libbsdxml.so.4...done.
Loaded symbols for /lib/libbsdxml.so.4
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
/lib/libcrypto.so.6
(gdb) bt full
#0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
/lib/libcrypto.so.6
No symbol table info available.
#1  0x00000008011f735f in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
No symbol table info available.
#2  0x00000008011f82fd in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
No symbol table info available.
#3  0x00000008011d28d9 in RSA_sign () from /lib/libcrypto.so.6
No symbol table info available.
#4  0x00000008008dc73b in rsa_sign (path=3D0x7fffffffe3c0 "./meta",
rsa=3D0x802c19260, sigret=3D0x7fffffffda78, siglen=3D0x7fffffffda8c) at =
rsa.c:287
        errbuf =3D
"./meta.txz\000\000\b\000\000\000\001\000\000\000\001\000\000\000\004\000\00=
0\000\000\000\000\000
=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD=
=EF=BF=BD=EF=BF=BD\177\000\000T\203\220\000\b\000\000\000\020\000\000\000\00=
0\000\000\000WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=3D=EF=BF=
=BD=EF=BF=BDU\000\000\000\000212\000\00
0\000\000filesite_archiveeo002\b\000\000\000\200o002\b\000\000\000\020\000\0=
00\000\b\000\000\000=EF=BF=BDG\220\000\b\000\000\000\000\000\000\000\b\000\0=
00\000\003\000\000\000\000\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\00=
0\204=EF=BF=BD=EF=BF=BD\177\000\0000=EF=BF=BD=EF=BF=BD\177\000\000"...
        max_len =3D 512
        ret =3D 10591143
        sha256 =3D 0x802c2d1f0
"fd24852c468ef31bd675129fd02b676ce7cffae895089292fa513784873689a6"
#5  0x00000008008c2295 in pkg_repo_pack_db (name=3D0x800a20ec8 "meta",
archive=3D0x7fffffffe3c0 "./meta", path=3D0x7fffffffe3c0 "./meta",
rsa=3D0x802c19260, meta=3D0x802c68600, argv=3D0x7fffffffeb88, argc=3D1) at
pkg_repo_create.c:939
        pack =3D (struct packing *) 0x802c79be0
        sigret =3D (unsigned char *) 0x802ca4900 ""
        siglen =3D 0
        fname =3D
"\001\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000@=EF=BF=BD=EF=
=BF=BD\177\000\000\216\000\b\000\000\000=EF=BF=BD=EF=BF=BD\000\000\000\000=EF=
=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\004\000\000\000\000\000\000\000WU\000\0=
00\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=3D=EF=BF=BD=EF=BF=BDU\000\000=
\000\000212N\206cert=EF=BF=BD\177\000\000\230=EF=BF=BD=EF=BF=BD\177\000\000p=
=EF=BF=BD
=EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000\004\000\000\000\000\00=
0\000\000E\030=EF=BF=BD\000\b\000\000\000\000\000\000\000=EF=BF=BD\177\000\0=
00\020=EF=BF=BD\001\000\000\000\004\000\000\000\004\000\000\000\000\000\000\=
000\004\000\000\000\220=EF=BF=BD=EF=BF=BD\177\000\000:\006\217\000\b\000\000=
\000=EF=BF=BD5002\b\000\000\00
0"...
        sig =3D (struct sbuf *) 0x0
        pub =3D (struct sbuf *) 0x0
#6  0x00000008008c2797 in pkg_finish_repo (output_dir=3D0x7fffffffedd1 ".",
password_cb=3D0x415ba0 <password_cb>, argv=3D0x7fffffffeb88, argc=3D1,
filelist=3Dfalse) at pkg_repo_create.c:1038
        repo_path =3D
"./meta\000gesite.yaml\000\002\b\000\000\000\213Yc\000\b\000\000\0008204\000=
\b",
'\0' <repeats 15 times>,
"=EF=BF=BD\177\000\000\000\000\b\000\000\000`=EF=BF=BD=EF=BF=BD\177\000\000=EF=
=BF=BD=EF=BF=BDd\000\b\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=
=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000=EF=BF=BD=
=EF=BF=BD=EF=BF=BD\177\000\000g{c
\000\b\000\000\000=EF=BF=BD&@\000\000\000\000\000\177\030\232\004\000\000\00=
0\000207\2013\000\000\000\0000=EF=BF=BDd\000\b\000\000\000\001\000\000\000\b=
\000\000\000\000\000\b\000\000\0008204\000\b\000\000\000=EF=BF=BD=EF=BF=BD=EF=
=BF=BD\177\000\000@=EF=BF=BD=EF=BF=BD\177\000\000\000=EF=BF=BDd\000\b"...
        repo_archive =3D
"\225\003\000\000\000\000\000\000\230\003\000\000\000\000\000\000\225\003\00=
0\000\001\000\000\000=EF=BF=BD\000\217\000\b\000\000\000\000=EF=BF=BD=EF=BF=BD=
\177\000\000Z\000\217\000\001\000\000\000\200=EF=BF=BD=EF=BF=BD\177\000\000@=
,002\b\000\000\000PKG_PLUGPKG_PLUGc\000\000\000\000\000PLUGPLUG\2
00=EF=BF=BD=EF=BF=BD\177\000\000p0002\b", '\0' <repeats 11 times>,
"\234}>\002\000\000\000\000\177\000\000\000:\000\000\000:\000\000\000:\237=EF=
=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD\005\217\000\b\000\000=
\000@,002\b\000\000\000\t\000\000\000\n\000\000\000=DC=B1=EF=BF=BD\000\b\000=
\000\000@0002\b\000\000\000p=EF=BF=BD=EF=BF=BD\177\000\000...
        rsa =3D (struct rsa_key *) 0x802c19260
        meta =3D (struct pkg_repo_meta *) 0x802c68600
        st =3D {st_dev =3D 4294959664, st_ino =3D 32767, st_mode =3D 25938,
st_nlink =3D 14234, st_uid =3D 2842729777, st_gid =3D 274432, st_rdev =3D =
0,
st_atim =3D {tv_sec =3D 1457476951, tv_nsec =3D 6}, st_mtim =3D {tv_sec =3D
34370333240, tv_nsec =3D 0}, st_ctim =3D {tv_sec =3D -7355152794736877766,
    tv_nsec =3D 34370335206}, st_size =3D 34370335206, st_blocks =3D =
1457476951,
st_blksize =3D 10, st_flags =3D 0, st_gen =3D 10596828, st_lspare =3D 8,
st_birthtim =3D {tv_sec =3D 34370335951, tv_nsec =3D 1457476951}}
        ret =3D 0
        nfile =3D 1
        files_to_pack =3D 4
        legacy =3D false
#7  0x0000000000415eea in exec_repo (argc=3D2, argv=3D0x7fffffffeb80) at
repo.c:155
        ret =3D 0
        ch =3D -1
        filelist =3D false
        output_dir =3D 0x7fffffffedd1 "."
        meta_file =3D 0x0
        legacy =3D false
        longopts =3D {{name =3D 0x429c1f "list-files", has_arg =3D 0, flag =
=3D 0x0,
val =3D 108}, {name =3D 0x429c2a "output-dir", has_arg =3D 1, flag =3D 0x0, =
val =3D
111}, {name =3D 0x429c35 "quiet", has_arg =3D 0, flag =3D 0x0, val =3D =
113}, {name
=3D 0x429c3b "meta-file", has_arg =3D 1, flag =3D 0x0,
    val =3D 109}, {name =3D 0x429c45 "legacy", has_arg =3D 0, flag =3D 0x0, =
val =3D
76}, {name =3D 0x0, has_arg =3D 0, flag =3D 0x0, val =3D 0}}
#8  0x0000000000412b9e in main (argc=3D3, argv=3D0x7fffffffeb78) at =
main.c:852
        i =3D 21
        command =3D (struct commands *) 0x630f40
        ambiguous =3D 0
        chroot_path =3D 0x0
        rootdir =3D 0x0
        jid =3D 0
        jail_str =3D 0x0
        len =3D 4
        ch =3D -1 '=EF=BF=BD'
        debug =3D 0
        version =3D 0
        ret =3D 0
        plugins_enabled =3D true
        plugin_found =3D false
        show_commands =3D false
        activation_test =3D false
        init_flags =3D 0
        c =3D (struct plugcmd *) 0x246
        conffile =3D 0x0
        reposdir =3D 0x0
        save_argv =3D (char **) 0x7fffffffeb78
        j =3D 8
        longopts =3D {{name =3D 0x4276f7 "debug", has_arg =3D 0, flag =3D =
0x0, val
=3D 100}, {name =3D 0x4276fd "jail", has_arg =3D 1, flag =3D 0x0, val =3D =
106}, {name
=3D 0x427702 "chroot", has_arg =3D 1, flag =3D 0x0, val =3D 99}, {name =3D =
0x426a33
"config", has_arg =3D 1, flag =3D 0x0, val =3D 67}, {
    name =3D 0x427709 "repo-conf-dir", has_arg =3D 1, flag =3D 0x0, val =3D =
82},
{name =3D 0x427717 "rootdir", has_arg =3D 1, flag =3D 0x0, val =3D 114}, =
{name =3D
0x42771f "list", has_arg =3D 0, flag =3D 0x0, val =3D 108}, {name =3D =
0x426f45
"version", has_arg =3D 0, flag =3D 0x0, val =3D 118}, {
    name =3D 0x427724 "option", has_arg =3D 1, flag =3D 0x0, val =3D 111}, =
{name =3D
0x42772b "only-ipv4", has_arg =3D 0, flag =3D 0x0, val =3D 52}, {name =3D =
0x427735
"only-ipv6", has_arg =3D 0, flag =3D 0x0, val =3D 54}, {name =3D 0x0, =
has_arg =3D 0,
flag =3D 0x0, val =3D 0}}
        __func__ =3D "main"




--=20
Mathieu Arnold
--==========82237419477444479CEF==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW31XxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85ILZMP+gPmoW5ekC15dSlHd+Agl7Fz
WRghF3h0HTK5yx5vsK30obBCliglTZZOc6QEb/yLJDbekkplZVz51wTQamSxv6Xf
6hnPOY125RdSZ/pA74GSZgQgnzgkB0JMIa3PZs6tYxHigoOB1Yl7WbbmgYBRPe78
+yIShiNFq/dnU3uciOOWtRigpdWTE/ER9GC5s46tlLixp8C4cCRWZQeq8af6oXBb
IZDLO7v235e/qaZLqPtPXF2Eaj8L0XMEIjI6DV8JfKVr4ZjUz3TD+3DUb/hOM5En
9DUyKlzr4qBPNuzejA1VwwdbIFRqPntSgpNQBJ9CaMQnjDYxay1YCy8LGNKeucVc
cFUrXQmAOC132jeUN9CLI3SCiAGTfOovoA0RuVwUr0AWIYBaV3MxKVOgzzy/qElG
vrHOwjOCTDZcfORZ+htbq0CiS3aLmw5zHUWAlwpKCMQ0ahlul8+v32+cvOkap4Ya
ZD6I8GeeUK1kOcrBTXYJYK3Csz/NVjba7u+sFuuj7NDU1EXAl2EDqWpBWHUnhcri
M+rj78uCWwoflUvBRr7rVE8DcIPmjo9VNm47R5vhnlL9Ni8Hve7QsOS8Z3VowSL+
r4Ef0oIdaIxWbab2kTagkL4JhhR5wx0L1vsSz8Ug6mVCb5w2JqrApeBqlOo+8VTG
hkpKsJixTPGcuVPo8agc
=zf3b
-----END PGP SIGNATURE-----

--==========82237419477444479CEF==========--


From owner-svn-src-releng@freebsd.org  Wed Mar  9 00:47:36 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32E46AC7745;
 Wed,  9 Mar 2016 00:47:36 +0000 (UTC)
 (envelope-from delphij@gmail.com)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com
 [IPv6:2607:f8b0:4001:c05::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F1480315;
 Wed,  9 Mar 2016 00:47:35 +0000 (UTC)
 (envelope-from delphij@gmail.com)
Received: by mail-ig0-x22f.google.com with SMTP id ig19so66441668igb.0;
 Tue, 08 Mar 2016 16:47:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-transfer-encoding;
 bh=/ypJEfbmtxrmFnme1HJgtYyjpFMiT3k48jqR3+HTB1g=;
 b=O7zd6QHWaIWZ6bdSZFImsEU2PoXSJQkIiGUiXJUtxwPgUvpaAWtVCRD2PEifUF+2TG
 PnhniQpmczpEyg/948/svCUa+EAswP+qEX3QRTL9YGwe5dWPz4Gn3M50NIi65jYbisrG
 DP2w0xWiA+mDZ/R+gROL6mJB+g+HzgRW7IUFWuABQgOL/65+qT2ly4PmtIh0b3B4kpPQ
 ZhV+h/5kDkwDH2ebw6mooY7GXCpCr/ueEi3Lhgtm8wbkIJ0B10mfrpCLOdc6MrhG9dQf
 2KDZzWDtHSji1zBTLIx6mVUGw+hobnpXBIOdSqczg1PgtpUpJHXNwoXzW04ZXPiggmJ9
 rPRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-transfer-encoding;
 bh=/ypJEfbmtxrmFnme1HJgtYyjpFMiT3k48jqR3+HTB1g=;
 b=kivW03QOF43AfTLsYS5XuRSIbEnU2i+jI1W8sVH3K3oyoUI1UgP5t3cA6htrEWL9iL
 EGfPpoomw2Xymj9Vaj6fkJSNgbJPcWOqAPzOZHVJqENMyybXM9TIobtmr60Pk4VJbFwj
 lf3yncryq7APNi+7DaXuiKhOY9DQPN8F7blXl4bVSVnt1TBkmge1TsGJYV3Yw19Chsfk
 Z2WtEZyBZrdy63XoTWWsTWCMmXeso3j+JJjGvKqyNnh770Xrub/Qslw6ebyUWZawaxb8
 0Yj7mv6rprBoZRqguhPRbi7+DejR+NT8e3msRRVvwxzhpFj0Tp7CWVLgr76eLk96D9ai
 pfDg==
X-Gm-Message-State: AD7BkJLYUimrjJREz8GnCo5r0WSAIGaZxIiedXRKuj/Bwhv3T6rLNjNJBXc1Yg3s9sL695z8uy82ablT4Z4PVA==
MIME-Version: 1.0
X-Received: by 10.50.61.209 with SMTP id s17mr20666290igr.7.1457484455135;
 Tue, 08 Mar 2016 16:47:35 -0800 (PST)
Received: by 10.36.54.207 with HTTP; Tue, 8 Mar 2016 16:47:35 -0800 (PST)
In-Reply-To: <E24637388915226D9A922B8B@atuin.in.mat.cc>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
 <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org>
 <E24637388915226D9A922B8B@atuin.in.mat.cc>
Date: Tue, 8 Mar 2016 16:47:35 -0800
Message-ID: <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
From: Xin LI <delphij@gmail.com>
To: Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@FreeBSD.org>
Cc: Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>, 
 "src-committers@freebsd.org" <src-committers@freebsd.org>, 
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, svn-src-releng@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 00:47:36 -0000

This may be related to the BN changes (CVE-2016-0797 and/or
CVE-2016-0702).  Will reverting just that portion of r296462 (stable/9
patch would apply on 9.3 as well) help?  This would help to narrow
down the root cause.

I can't really do any debugging right now but will take a look as soon as I=
 can.

On Tue, Mar 8, 2016 at 2:45 PM, Mathieu Arnold <mat@freebsd.org> wrote:
>
>
> +--On 8 mars 2016 09:01:04 -0800 Bryan Drewery <bdrewery@FreeBSD.org> wro=
te:
> | On 3/8/2016 8:52 AM, Mathieu Arnold wrote:
> |> +--On 8 mars 2016 08:48:27 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
> |> wrote:
> |> | On 3/8/2016 8:47 AM, Bryan Drewery wrote:
> |> |> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
> |> |>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.o=
rg>
> |> |>> wrote:
> |> |>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
> |> |>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery
> |> |>> |> <bdrewery@FreeBSD.org> wrote:
> |> |>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
> |> |>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.org=
>
> |> |>> |> |> wrote:
> |> |>> |> |> | Author: delphij
> |> |>> |> |> | Date: Mon Mar  7 16:22:11 2016
> |> |>> |> |> | New Revision: 296465
> |> |>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
> |> |>> |> |> |
> |> |>> |> |> | Log:
> |> |>> |> |> |   Fix multiple OpenSSL vulnerabilities.
> |> |>> |> |> |
> |> |>> |> |> |   Security:      FreeBSD-SA-16:12.openssl
> |> |>> |> |> |   Approved by:   so
> |> |>> |> |>
> |> |>> |> |> After that, poudriere bulk fails with:
> |> |>> |> |>
> |> |>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
> |> |>> |> |> Creating repository in /tmp/packages: 100%
> |> |>> |> |> Packing files for repository:   0%Child process pid=3D50970
> |> |>> |> |> terminated abnormally: Segmentation fault: 11
> |> |>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
> |> |>> |> |> 9amd64-pkgng-default: removed
> |> |>> |> |> 9amd64-pkgng-default-n: removed
> |> |>> |> |>
> |> |>> |> |> pkg-static is the one doing the segfault...
> |> |>> |> |>
> |> |>> |> |
> |> |>> |> | Is QEMU involved here?
> |> |>> |> |
> |> |>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? (=
Not
> |> |>> |> | saying you should)
> |> |>> |>
> |> |>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
> |> |>> |>
> |> |>> |
> |> |>> | Can you please rebuild pkg with debug symbols and then run your =
9.3
> |> |>> | version against the repo in gdb?
> |> |>>
> |> |>> I could yes, but not today, tomorrow at the earliest.  How do I bu=
ild
> |> |>> the port with debug symbols ?
> |> |>>
> |> |>
> |> |> WITH_DEBUG=3Dyes make
> |> |>
> |> |
> |> | You might need this too: DEBUG_FLAGS=3D"-g -O0"
> |>
> |> Mmmm, ok, what commands do I need to run ?
> |>
> |
> | (assuming devel/gdb installed)
> | gdb710 --args /usr/local/sbin/pkg-static repo <path to repo>
> |# run
> | <crash>
> |# bt full
>
> Ok, so, it's 9.3, so there's no gdb710, but:
>
>
> the command ran is:
>
> root@pkg:/tmp/foo # pkg repo . ../repo.key
> Creating repository in .: 100%
> Packing files for repository:   0%Child process pid=3D16312 terminated
> abnormally: Segmentation fault: 11
> root@pkg:/tmp/foo # gdb /usr/local/sbin/pkg pkg.core
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
s.
> This GDB was configured as "amd64-marcel-freebsd"...
> Core was generated by `pkg'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/local/lib/libpkg.so.3...done.
> Loaded symbols for /usr/local/lib/libpkg.so.3
> Reading symbols from /lib/libutil.so.9...done.
> Loaded symbols for /lib/libutil.so.9
> Reading symbols from /usr/lib/libssl.so.6...done.
> Loaded symbols for /usr/lib/libssl.so.6
> Reading symbols from /lib/libcrypto.so.6...done.
> Loaded symbols for /lib/libcrypto.so.6
> Reading symbols from /lib/libm.so.5...done.
> Loaded symbols for /lib/libm.so.5
> Reading symbols from /usr/lib/libelf.so.1...done.
> Loaded symbols for /usr/lib/libelf.so.1
> Reading symbols from /lib/libjail.so.1...done.
> Loaded symbols for /lib/libjail.so.1
> Reading symbols from /usr/lib/libarchive.so.5...done.
> Loaded symbols for /usr/lib/libarchive.so.5
> Reading symbols from /lib/libz.so.6...done.
> Loaded symbols for /lib/libz.so.6
> Reading symbols from /usr/lib/libbz2.so.4...done.
> Loaded symbols for /usr/lib/libbz2.so.4
> Reading symbols from /usr/lib/liblzma.so.5...done.
> Loaded symbols for /usr/lib/liblzma.so.5
> Reading symbols from /lib/libc.so.7...done.
> Loaded symbols for /lib/libc.so.7
> Reading symbols from /lib/libbsdxml.so.4...done.
> Loaded symbols for /lib/libbsdxml.so.4
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
> /lib/libcrypto.so.6
> (gdb) bt full
> #0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
> /lib/libcrypto.so.6
> No symbol table info available.
> #1  0x00000008011f735f in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
> No symbol table info available.
> #2  0x00000008011f82fd in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
> No symbol table info available.
> #3  0x00000008011d28d9 in RSA_sign () from /lib/libcrypto.so.6
> No symbol table info available.
> #4  0x00000008008dc73b in rsa_sign (path=3D0x7fffffffe3c0 "./meta",
> rsa=3D0x802c19260, sigret=3D0x7fffffffda78, siglen=3D0x7fffffffda8c) at r=
sa.c:287
>         errbuf =3D
> "./meta.txz\000\000\b\000\000\000\001\000\000\000\001\000\000\000\004\000=
\000\000\000\000\000\000
> =EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=
=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000T\203\220\000\b\000\000\000\020\000\000=
\000\000\000\000\000WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=
=3D=EF=BF=BD=EF=BF=BDU\000\000\000\000212\000\00
> 0\000\000filesite_archiveeo002\b\000\000\000\200o002\b\000\000\000\020\00=
0\000\000\b\000\000\000=EF=BF=BDG\220\000\b\000\000\000\000\000\000\000\b\0=
00\000\000\003\000\000\000\000\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\0=
00\000\204=EF=BF=BD=EF=BF=BD\177\000\0000=EF=BF=BD=EF=BF=BD\177\000\000"...
>         max_len =3D 512
>         ret =3D 10591143
>         sha256 =3D 0x802c2d1f0
> "fd24852c468ef31bd675129fd02b676ce7cffae895089292fa513784873689a6"
> #5  0x00000008008c2295 in pkg_repo_pack_db (name=3D0x800a20ec8 "meta",
> archive=3D0x7fffffffe3c0 "./meta", path=3D0x7fffffffe3c0 "./meta",
> rsa=3D0x802c19260, meta=3D0x802c68600, argv=3D0x7fffffffeb88, argc=3D1) a=
t
> pkg_repo_create.c:939
>         pack =3D (struct packing *) 0x802c79be0
>         sigret =3D (unsigned char *) 0x802ca4900 ""
>         siglen =3D 0
>         fname =3D
> "\001\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000@=EF=BF=
=BD=EF=BF=BD\177\000\000\216\000\b\000\000\000=EF=BF=BD=EF=BF=BD\000\000\00=
0\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\004\000\000\000\000\000\000\00=
0WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=3D=EF=BF=BD=EF=BF=
=BDU\000\000\000\000212N\206cert=EF=BF=BD\177\000\000\230=EF=BF=BD=EF=BF=BD=
\177\000\000p=EF=BF=BD
> =EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000\004\000\000\000\000=
\000\000\000E\030=EF=BF=BD\000\b\000\000\000\000\000\000\000=EF=BF=BD\177\0=
00\000\020=EF=BF=BD\001\000\000\000\004\000\000\000\004\000\000\000\000\000=
\000\000\004\000\000\000\220=EF=BF=BD=EF=BF=BD\177\000\000:\006\217\000\b\0=
00\000\000=EF=BF=BD5002\b\000\000\00
> 0"...
>         sig =3D (struct sbuf *) 0x0
>         pub =3D (struct sbuf *) 0x0
> #6  0x00000008008c2797 in pkg_finish_repo (output_dir=3D0x7fffffffedd1 ".=
",
> password_cb=3D0x415ba0 <password_cb>, argv=3D0x7fffffffeb88, argc=3D1,
> filelist=3Dfalse) at pkg_repo_create.c:1038
>         repo_path =3D
> "./meta\000gesite.yaml\000\002\b\000\000\000\213Yc\000\b\000\000\0008204\=
000\b",
> '\0' <repeats 15 times>,
> "=EF=BF=BD\177\000\000\000\000\b\000\000\000`=EF=BF=BD=EF=BF=BD\177\000\0=
00=EF=BF=BD=EF=BF=BDd\000\b\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\=
000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000=
=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000g{c
> \000\b\000\000\000=EF=BF=BD&@\000\000\000\000\000\177\030\232\004\000\000=
\000\000207\2013\000\000\000\0000=EF=BF=BDd\000\b\000\000\000\001\000\000\0=
00\b\000\000\000\000\000\b\000\000\0008204\000\b\000\000\000=EF=BF=BD=EF=BF=
=BD=EF=BF=BD\177\000\000@=EF=BF=BD=EF=BF=BD\177\000\000\000=EF=BF=BDd\000\b=
"...
>         repo_archive =3D
> "\225\003\000\000\000\000\000\000\230\003\000\000\000\000\000\000\225\003=
\000\000\001\000\000\000=EF=BF=BD\000\217\000\b\000\000\000\000=EF=BF=BD=EF=
=BF=BD\177\000\000Z\000\217\000\001\000\000\000\200=EF=BF=BD=EF=BF=BD\177\0=
00\000@,002\b\000\000\000PKG_PLUGPKG_PLUGc\000\000\000\000\000PLUGPLUG\2
> 00=EF=BF=BD=EF=BF=BD\177\000\000p0002\b", '\0' <repeats 11 times>,
> "\234}>\002\000\000\000\000\177\000\000\000:\000\000\000:\000\000\000:\23=
7=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD\005\217\000\b\00=
0\000\000@,002\b\000\000\000\t\000\000\000\n\000\000\000=DC=B1=EF=BF=BD\000=
\b\000\000\000@0002\b\000\000\000p=EF=BF=BD=EF=BF=BD\177\000\000...
>         rsa =3D (struct rsa_key *) 0x802c19260
>         meta =3D (struct pkg_repo_meta *) 0x802c68600
>         st =3D {st_dev =3D 4294959664, st_ino =3D 32767, st_mode =3D 2593=
8,
> st_nlink =3D 14234, st_uid =3D 2842729777, st_gid =3D 274432, st_rdev =3D=
 0,
> st_atim =3D {tv_sec =3D 1457476951, tv_nsec =3D 6}, st_mtim =3D {tv_sec =
=3D
> 34370333240, tv_nsec =3D 0}, st_ctim =3D {tv_sec =3D -7355152794736877766=
,
>     tv_nsec =3D 34370335206}, st_size =3D 34370335206, st_blocks =3D 1457=
476951,
> st_blksize =3D 10, st_flags =3D 0, st_gen =3D 10596828, st_lspare =3D 8,
> st_birthtim =3D {tv_sec =3D 34370335951, tv_nsec =3D 1457476951}}
>         ret =3D 0
>         nfile =3D 1
>         files_to_pack =3D 4
>         legacy =3D false
> #7  0x0000000000415eea in exec_repo (argc=3D2, argv=3D0x7fffffffeb80) at
> repo.c:155
>         ret =3D 0
>         ch =3D -1
>         filelist =3D false
>         output_dir =3D 0x7fffffffedd1 "."
>         meta_file =3D 0x0
>         legacy =3D false
>         longopts =3D {{name =3D 0x429c1f "list-files", has_arg =3D 0, fla=
g =3D 0x0,
> val =3D 108}, {name =3D 0x429c2a "output-dir", has_arg =3D 1, flag =3D 0x=
0, val =3D
> 111}, {name =3D 0x429c35 "quiet", has_arg =3D 0, flag =3D 0x0, val =3D 11=
3}, {name
> =3D 0x429c3b "meta-file", has_arg =3D 1, flag =3D 0x0,
>     val =3D 109}, {name =3D 0x429c45 "legacy", has_arg =3D 0, flag =3D 0x=
0, val =3D
> 76}, {name =3D 0x0, has_arg =3D 0, flag =3D 0x0, val =3D 0}}
> #8  0x0000000000412b9e in main (argc=3D3, argv=3D0x7fffffffeb78) at main.=
c:852
>         i =3D 21
>         command =3D (struct commands *) 0x630f40
>         ambiguous =3D 0
>         chroot_path =3D 0x0
>         rootdir =3D 0x0
>         jid =3D 0
>         jail_str =3D 0x0
>         len =3D 4
>         ch =3D -1 '=EF=BF=BD'
>         debug =3D 0
>         version =3D 0
>         ret =3D 0
>         plugins_enabled =3D true
>         plugin_found =3D false
>         show_commands =3D false
>         activation_test =3D false
>         init_flags =3D 0
>         c =3D (struct plugcmd *) 0x246
>         conffile =3D 0x0
>         reposdir =3D 0x0
>         save_argv =3D (char **) 0x7fffffffeb78
>         j =3D 8
>         longopts =3D {{name =3D 0x4276f7 "debug", has_arg =3D 0, flag =3D=
 0x0, val
> =3D 100}, {name =3D 0x4276fd "jail", has_arg =3D 1, flag =3D 0x0, val =3D=
 106}, {name
> =3D 0x427702 "chroot", has_arg =3D 1, flag =3D 0x0, val =3D 99}, {name =
=3D 0x426a33
> "config", has_arg =3D 1, flag =3D 0x0, val =3D 67}, {
>     name =3D 0x427709 "repo-conf-dir", has_arg =3D 1, flag =3D 0x0, val =
=3D 82},
> {name =3D 0x427717 "rootdir", has_arg =3D 1, flag =3D 0x0, val =3D 114}, =
{name =3D
> 0x42771f "list", has_arg =3D 0, flag =3D 0x0, val =3D 108}, {name =3D 0x4=
26f45
> "version", has_arg =3D 0, flag =3D 0x0, val =3D 118}, {
>     name =3D 0x427724 "option", has_arg =3D 1, flag =3D 0x0, val =3D 111}=
, {name =3D
> 0x42772b "only-ipv4", has_arg =3D 0, flag =3D 0x0, val =3D 52}, {name =3D=
 0x427735
> "only-ipv6", has_arg =3D 0, flag =3D 0x0, val =3D 54}, {name =3D 0x0, has=
_arg =3D 0,
> flag =3D 0x0, val =3D 0}}
>         __func__ =3D "main"
>
>
>
>
> --
> Mathieu Arnold



--=20
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die

From owner-svn-src-releng@freebsd.org  Wed Mar  9 09:12:56 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 37655AC96B8;
 Wed,  9 Mar 2016 09:12:56 +0000 (UTC)
 (envelope-from antoine.brodin.freebsd@gmail.com)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com
 [IPv6:2607:f8b0:4001:c05::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id EF9849F5;
 Wed,  9 Mar 2016 09:12:55 +0000 (UTC)
 (envelope-from antoine.brodin.freebsd@gmail.com)
Received: by mail-ig0-x233.google.com with SMTP id vf5so6884001igb.0;
 Wed, 09 Mar 2016 01:12:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:cc:content-transfer-encoding;
 bh=C+E1J/LuhKTXYJSArMgrZs/QyIMqDOOvGRQr6lEy8kk=;
 b=Hxk95889VKlMD3Kgbdrt4oXHDOMMy/7JLngP4O+Cz24VFwAvbhuMPuCh5BqalIGYsq
 LgyGO07MBk88E0J2foiLpwjcBhvp+gjvwb3P38zM9Cp+ijzTLmkRIXULLaYlnZhQ7vij
 GJWYYQWhOMwjkbblp3ggGIBbcLHHQIgPlrkQlI30Dzg2HQNsck7GskkevFECjJ+7+4AC
 GdteU3CfSW7ByEsEW9XDpagoqShW5D4l7NBES/OpeCF73olH0B+Zg+AQovb7LfdZkV7c
 f6pILZ8yvUhrhGxsX1Hj1+B8dWQD0G6noTHdIm5d/o6mnP0NkQ9+ATByYzVbWVnfCHTq
 SZ/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-transfer-encoding;
 bh=C+E1J/LuhKTXYJSArMgrZs/QyIMqDOOvGRQr6lEy8kk=;
 b=Hx6rSTkdnrUPVCaZ4ot0kNNkzf0dmuV5OXE4/52uLN4GnA43KA/rnzB///GkGr8Kwr
 DsnRgw5jMpHHC9XL2UlpwVKOJ6iI5FAzAX7xUrcHjAIsoiuEbXIES/2Rozq8VaFWm+xy
 uoOoyodLvDQ7OV+ETmuFIjz1tsYr1Kh76iJ+67oCCJM9GfxUD+DcvFShySYEFq2JL9iR
 BAl5gmITKzmjCtL3e6+jGsl1+nkgiuwPTmxVwrXkfB50Jrw/wTFl1Qj0wKhOK2khtozf
 B75zgGHDolZ6F5rwyHeaRWmLQVMv/eqtcLVxvdXNj9rrAM0Nd7fOgdQHcw9qKkNigLKJ
 0+kQ==
X-Gm-Message-State: AD7BkJI52VwiZBJGua7c8gYvg9V7nDDeE+R+kiphXpMUA3dhk1o2oVat4+pgVCaK1o3/RGny0NNlbZQDTpErAw==
MIME-Version: 1.0
X-Received: by 10.50.111.230 with SMTP id il6mr23199009igb.66.1457514775145;
 Wed, 09 Mar 2016 01:12:55 -0800 (PST)
Sender: antoine.brodin.freebsd@gmail.com
Received: by 10.107.159.135 with HTTP; Wed, 9 Mar 2016 01:12:55 -0800 (PST)
In-Reply-To: <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc>
 <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org>
 <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
Date: Wed, 9 Mar 2016 09:12:55 +0000
X-Google-Sender-Auth: ADisL0jqWWG5oPAoSCX5l6tc9ac
Message-ID: <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
From: Antoine Brodin <antoine@FreeBSD.org>
To: Xin LI <delphij@gmail.com>
Cc: Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@freebsd.org>, 
 Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>, 
 "src-committers@freebsd.org" <src-committers@freebsd.org>, 
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, svn-src-releng@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 09:12:56 -0000

On Wed, Mar 9, 2016 at 12:47 AM, Xin LI <delphij@gmail.com> wrote:
> This may be related to the BN changes (CVE-2016-0797 and/or
> CVE-2016-0702).  Will reverting just that portion of r296462 (stable/9
> patch would apply on 9.3 as well) help?  This would help to narrow
> down the root cause.
>
> I can't really do any debugging right now but will take a look as soon as=
 I can.

fetch is also having Segmentation faults on some https sites after the
9.3-RELEASE-p37 update,  see for instance:
http://beefy2.nyi.freebsd.org/data/93amd64-default/410591/logs/errors/waifu=
2x-converter-cpp-1.0.0.410.log
http://beefy2.nyi.freebsd.org/data/93amd64-default/410591/logs/errors/narci=
ssu2-1.1.log

Antoine

> On Tue, Mar 8, 2016 at 2:45 PM, Mathieu Arnold <mat@freebsd.org> wrote:
>>
>>
>> +--On 8 mars 2016 09:01:04 -0800 Bryan Drewery <bdrewery@FreeBSD.org> wr=
ote:
>> | On 3/8/2016 8:52 AM, Mathieu Arnold wrote:
>> |> +--On 8 mars 2016 08:48:27 -0800 Bryan Drewery <bdrewery@FreeBSD.org>
>> |> wrote:
>> |> | On 3/8/2016 8:47 AM, Bryan Drewery wrote:
>> |> |> On 3/8/2016 8:35 AM, Mathieu Arnold wrote:
>> |> |>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery <bdrewery@FreeBSD.=
org>
>> |> |>> wrote:
>> |> |>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote:
>> |> |>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery
>> |> |>> |> <bdrewery@FreeBSD.org> wrote:
>> |> |>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote:
>> |> |>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI <delphij@FreeBSD.or=
g>
>> |> |>> |> |> wrote:
>> |> |>> |> |> | Author: delphij
>> |> |>> |> |> | Date: Mon Mar  7 16:22:11 2016
>> |> |>> |> |> | New Revision: 296465
>> |> |>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465
>> |> |>> |> |> |
>> |> |>> |> |> | Log:
>> |> |>> |> |> |   Fix multiple OpenSSL vulnerabilities.
>> |> |>> |> |> |
>> |> |>> |> |> |   Security:      FreeBSD-SA-16:12.openssl
>> |> |>> |> |> |   Approved by:   so
>> |> |>> |> |>
>> |> |>> |> |> After that, poudriere bulk fails with:
>> |> |>> |> |>
>> |> |>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository
>> |> |>> |> |> Creating repository in /tmp/packages: 100%
>> |> |>> |> |> Packing files for repository:   0%Child process pid=3D50970
>> |> |>> |> |> terminated abnormally: Segmentation fault: 11
>> |> |>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up
>> |> |>> |> |> 9amd64-pkgng-default: removed
>> |> |>> |> |> 9amd64-pkgng-default-n: removed
>> |> |>> |> |>
>> |> |>> |> |> pkg-static is the one doing the segfault...
>> |> |>> |> |>
>> |> |>> |> |
>> |> |>> |> | Is QEMU involved here?
>> |> |>> |> |
>> |> |>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? =
(Not
>> |> |>> |> | saying you should)
>> |> |>> |>
>> |> |>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host.
>> |> |>> |>
>> |> |>> |
>> |> |>> | Can you please rebuild pkg with debug symbols and then run your=
 9.3
>> |> |>> | version against the repo in gdb?
>> |> |>>
>> |> |>> I could yes, but not today, tomorrow at the earliest.  How do I b=
uild
>> |> |>> the port with debug symbols ?
>> |> |>>
>> |> |>
>> |> |> WITH_DEBUG=3Dyes make
>> |> |>
>> |> |
>> |> | You might need this too: DEBUG_FLAGS=3D"-g -O0"
>> |>
>> |> Mmmm, ok, what commands do I need to run ?
>> |>
>> |
>> | (assuming devel/gdb installed)
>> | gdb710 --args /usr/local/sbin/pkg-static repo <path to repo>
>> |# run
>> | <crash>
>> |# bt full
>>
>> Ok, so, it's 9.3, so there's no gdb710, but:
>>
>>
>> the command ran is:
>>
>> root@pkg:/tmp/foo # pkg repo . ../repo.key
>> Creating repository in .: 100%
>> Packing files for repository:   0%Child process pid=3D16312 terminated
>> abnormally: Segmentation fault: 11
>> root@pkg:/tmp/foo # gdb /usr/local/sbin/pkg pkg.core
>> GNU gdb 6.1.1 [FreeBSD]
>> Copyright 2004 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you=
 are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for detai=
ls.
>> This GDB was configured as "amd64-marcel-freebsd"...
>> Core was generated by `pkg'.
>> Program terminated with signal 11, Segmentation fault.
>> Reading symbols from /usr/local/lib/libpkg.so.3...done.
>> Loaded symbols for /usr/local/lib/libpkg.so.3
>> Reading symbols from /lib/libutil.so.9...done.
>> Loaded symbols for /lib/libutil.so.9
>> Reading symbols from /usr/lib/libssl.so.6...done.
>> Loaded symbols for /usr/lib/libssl.so.6
>> Reading symbols from /lib/libcrypto.so.6...done.
>> Loaded symbols for /lib/libcrypto.so.6
>> Reading symbols from /lib/libm.so.5...done.
>> Loaded symbols for /lib/libm.so.5
>> Reading symbols from /usr/lib/libelf.so.1...done.
>> Loaded symbols for /usr/lib/libelf.so.1
>> Reading symbols from /lib/libjail.so.1...done.
>> Loaded symbols for /lib/libjail.so.1
>> Reading symbols from /usr/lib/libarchive.so.5...done.
>> Loaded symbols for /usr/lib/libarchive.so.5
>> Reading symbols from /lib/libz.so.6...done.
>> Loaded symbols for /lib/libz.so.6
>> Reading symbols from /usr/lib/libbz2.so.4...done.
>> Loaded symbols for /usr/lib/libbz2.so.4
>> Reading symbols from /usr/lib/liblzma.so.5...done.
>> Loaded symbols for /usr/lib/liblzma.so.5
>> Reading symbols from /lib/libc.so.7...done.
>> Loaded symbols for /lib/libc.so.7
>> Reading symbols from /lib/libbsdxml.so.4...done.
>> Loaded symbols for /lib/libbsdxml.so.4
>> Reading symbols from /libexec/ld-elf.so.1...done.
>> Loaded symbols for /libexec/ld-elf.so.1
>> #0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
>> /lib/libcrypto.so.6
>> (gdb) bt full
>> #0  0x0000000801219438 in BN_mod_exp_mont_consttime () from
>> /lib/libcrypto.so.6
>> No symbol table info available.
>> #1  0x00000008011f735f in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
>> No symbol table info available.
>> #2  0x00000008011f82fd in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6
>> No symbol table info available.
>> #3  0x00000008011d28d9 in RSA_sign () from /lib/libcrypto.so.6
>> No symbol table info available.
>> #4  0x00000008008dc73b in rsa_sign (path=3D0x7fffffffe3c0 "./meta",
>> rsa=3D0x802c19260, sigret=3D0x7fffffffda78, siglen=3D0x7fffffffda8c) at =
rsa.c:287
>>         errbuf =3D
>> "./meta.txz\000\000\b\000\000\000\001\000\000\000\001\000\000\000\004\00=
0\000\000\000\000\000\000
>> =EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=
=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000T\203\220\000\b\000\000\000\020\000\000=
\000\000\000\000\000WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=
=3D=EF=BF=BD=EF=BF=BDU\000\000\000\000212\000\00
>> 0\000\000filesite_archiveeo002\b\000\000\000\200o002\b\000\000\000\020\0=
00\000\000\b\000\000\000=EF=BF=BDG\220\000\b\000\000\000\000\000\000\000\b\=
000\000\000\003\000\000\000\000\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\=
000\000\204=EF=BF=BD=EF=BF=BD\177\000\0000=EF=BF=BD=EF=BF=BD\177\000\000"..=
.
>>         max_len =3D 512
>>         ret =3D 10591143
>>         sha256 =3D 0x802c2d1f0
>> "fd24852c468ef31bd675129fd02b676ce7cffae895089292fa513784873689a6"
>> #5  0x00000008008c2295 in pkg_repo_pack_db (name=3D0x800a20ec8 "meta",
>> archive=3D0x7fffffffe3c0 "./meta", path=3D0x7fffffffe3c0 "./meta",
>> rsa=3D0x802c19260, meta=3D0x802c68600, argv=3D0x7fffffffeb88, argc=3D1) =
at
>> pkg_repo_create.c:939
>>         pack =3D (struct packing *) 0x802c79be0
>>         sigret =3D (unsigned char *) 0x802ca4900 ""
>>         siglen =3D 0
>>         fname =3D
>> "\001\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000@=EF=BF=
=BD=EF=BF=BD\177\000\000\216\000\b\000\000\000=EF=BF=BD=EF=BF=BD\000\000\00=
0\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\004\000\000\000\000\000\000\00=
0WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=3D=EF=BF=BD=EF=BF=
=BDU\000\000\000\000212N\206cert=EF=BF=BD\177\000\000\230=EF=BF=BD=EF=BF=BD=
\177\000\000p=EF=BF=BD
>> =EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000\004\000\000\000\00=
0\000\000\000E\030=EF=BF=BD\000\b\000\000\000\000\000\000\000=EF=BF=BD\177\=
000\000\020=EF=BF=BD\001\000\000\000\004\000\000\000\004\000\000\000\000\00=
0\000\000\004\000\000\000\220=EF=BF=BD=EF=BF=BD\177\000\000:\006\217\000\b\=
000\000\000=EF=BF=BD5002\b\000\000\00
>> 0"...
>>         sig =3D (struct sbuf *) 0x0
>>         pub =3D (struct sbuf *) 0x0
>> #6  0x00000008008c2797 in pkg_finish_repo (output_dir=3D0x7fffffffedd1 "=
.",
>> password_cb=3D0x415ba0 <password_cb>, argv=3D0x7fffffffeb88, argc=3D1,
>> filelist=3Dfalse) at pkg_repo_create.c:1038
>>         repo_path =3D
>> "./meta\000gesite.yaml\000\002\b\000\000\000\213Yc\000\b\000\000\0008204=
\000\b",
>> '\0' <repeats 15 times>,
>> "=EF=BF=BD\177\000\000\000\000\b\000\000\000`=EF=BF=BD=EF=BF=BD\177\000\=
000=EF=BF=BD=EF=BF=BDd\000\b\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000=
\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000=
=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000g{c
>> \000\b\000\000\000=EF=BF=BD&@\000\000\000\000\000\177\030\232\004\000\00=
0\000\000207\2013\000\000\000\0000=EF=BF=BDd\000\b\000\000\000\001\000\000\=
000\b\000\000\000\000\000\b\000\000\0008204\000\b\000\000\000=EF=BF=BD=EF=
=BF=BD=EF=BF=BD\177\000\000@=EF=BF=BD=EF=BF=BD\177\000\000\000=EF=BF=BDd\00=
0\b"...
>>         repo_archive =3D
>> "\225\003\000\000\000\000\000\000\230\003\000\000\000\000\000\000\225\00=
3\000\000\001\000\000\000=EF=BF=BD\000\217\000\b\000\000\000\000=EF=BF=BD=
=EF=BF=BD\177\000\000Z\000\217\000\001\000\000\000\200=EF=BF=BD=EF=BF=BD\17=
7\000\000@,002\b\000\000\000PKG_PLUGPKG_PLUGc\000\000\000\000\000PLUGPLUG\2
>> 00=EF=BF=BD=EF=BF=BD\177\000\000p0002\b", '\0' <repeats 11 times>,
>> "\234}>\002\000\000\000\000\177\000\000\000:\000\000\000:\000\000\000:\2=
37=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD\005\217\000\b\0=
00\000\000@,002\b\000\000\000\t\000\000\000\n\000\000\000=DC=B1=EF=BF=BD\00=
0\b\000\000\000@0002\b\000\000\000p=EF=BF=BD=EF=BF=BD\177\000\000...
>>         rsa =3D (struct rsa_key *) 0x802c19260
>>         meta =3D (struct pkg_repo_meta *) 0x802c68600
>>         st =3D {st_dev =3D 4294959664, st_ino =3D 32767, st_mode =3D 259=
38,
>> st_nlink =3D 14234, st_uid =3D 2842729777, st_gid =3D 274432, st_rdev =
=3D 0,
>> st_atim =3D {tv_sec =3D 1457476951, tv_nsec =3D 6}, st_mtim =3D {tv_sec =
=3D
>> 34370333240, tv_nsec =3D 0}, st_ctim =3D {tv_sec =3D -735515279473687776=
6,
>>     tv_nsec =3D 34370335206}, st_size =3D 34370335206, st_blocks =3D 145=
7476951,
>> st_blksize =3D 10, st_flags =3D 0, st_gen =3D 10596828, st_lspare =3D 8,
>> st_birthtim =3D {tv_sec =3D 34370335951, tv_nsec =3D 1457476951}}
>>         ret =3D 0
>>         nfile =3D 1
>>         files_to_pack =3D 4
>>         legacy =3D false
>> #7  0x0000000000415eea in exec_repo (argc=3D2, argv=3D0x7fffffffeb80) at
>> repo.c:155
>>         ret =3D 0
>>         ch =3D -1
>>         filelist =3D false
>>         output_dir =3D 0x7fffffffedd1 "."
>>         meta_file =3D 0x0
>>         legacy =3D false
>>         longopts =3D {{name =3D 0x429c1f "list-files", has_arg =3D 0, fl=
ag =3D 0x0,
>> val =3D 108}, {name =3D 0x429c2a "output-dir", has_arg =3D 1, flag =3D 0=
x0, val =3D
>> 111}, {name =3D 0x429c35 "quiet", has_arg =3D 0, flag =3D 0x0, val =3D 1=
13}, {name
>> =3D 0x429c3b "meta-file", has_arg =3D 1, flag =3D 0x0,
>>     val =3D 109}, {name =3D 0x429c45 "legacy", has_arg =3D 0, flag =3D 0=
x0, val =3D
>> 76}, {name =3D 0x0, has_arg =3D 0, flag =3D 0x0, val =3D 0}}
>> #8  0x0000000000412b9e in main (argc=3D3, argv=3D0x7fffffffeb78) at main=
.c:852
>>         i =3D 21
>>         command =3D (struct commands *) 0x630f40
>>         ambiguous =3D 0
>>         chroot_path =3D 0x0
>>         rootdir =3D 0x0
>>         jid =3D 0
>>         jail_str =3D 0x0
>>         len =3D 4
>>         ch =3D -1 '=EF=BF=BD'
>>         debug =3D 0
>>         version =3D 0
>>         ret =3D 0
>>         plugins_enabled =3D true
>>         plugin_found =3D false
>>         show_commands =3D false
>>         activation_test =3D false
>>         init_flags =3D 0
>>         c =3D (struct plugcmd *) 0x246
>>         conffile =3D 0x0
>>         reposdir =3D 0x0
>>         save_argv =3D (char **) 0x7fffffffeb78
>>         j =3D 8
>>         longopts =3D {{name =3D 0x4276f7 "debug", has_arg =3D 0, flag =
=3D 0x0, val
>> =3D 100}, {name =3D 0x4276fd "jail", has_arg =3D 1, flag =3D 0x0, val =
=3D 106}, {name
>> =3D 0x427702 "chroot", has_arg =3D 1, flag =3D 0x0, val =3D 99}, {name =
=3D 0x426a33
>> "config", has_arg =3D 1, flag =3D 0x0, val =3D 67}, {
>>     name =3D 0x427709 "repo-conf-dir", has_arg =3D 1, flag =3D 0x0, val =
=3D 82},
>> {name =3D 0x427717 "rootdir", has_arg =3D 1, flag =3D 0x0, val =3D 114},=
 {name =3D
>> 0x42771f "list", has_arg =3D 0, flag =3D 0x0, val =3D 108}, {name =3D 0x=
426f45
>> "version", has_arg =3D 0, flag =3D 0x0, val =3D 118}, {
>>     name =3D 0x427724 "option", has_arg =3D 1, flag =3D 0x0, val =3D 111=
}, {name =3D
>> 0x42772b "only-ipv4", has_arg =3D 0, flag =3D 0x0, val =3D 52}, {name =
=3D 0x427735
>> "only-ipv6", has_arg =3D 0, flag =3D 0x0, val =3D 54}, {name =3D 0x0, ha=
s_arg =3D 0,
>> flag =3D 0x0, val =3D 0}}
>>         __func__ =3D "main"
>>
>>
>>
>>
>> --
>> Mathieu Arnold
>
>
>
> --
> Xin LI <delphij@delphij.net> https://www.delphij.net/
> FreeBSD - The Power to Serve! Live free or die
>

From owner-svn-src-releng@freebsd.org  Wed Mar  9 09:16:54 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E450AC98EA;
 Wed,  9 Mar 2016 09:16:54 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net
 [IPv6:2001:470:1:117::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anubis.delphij.net",
 Issuer "StartCom Class 1 DV Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 731E4C81;
 Wed,  9 Mar 2016 09:16:54 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from Xins-MBP.home.us.delphij.net (unknown
 [IPv6:2601:646:8f00:8a91:f04c:6de3:ff1:793])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by anubis.delphij.net (Postfix) with ESMTPSA id 92DE9B9E2;
 Wed,  9 Mar 2016 01:16:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net;
 s=anubis; t=1457515014; x=1457529414;
 bh=0WasP9OBxJCh2oMHMygZEwywA6HphPIeay2A7UgZq1U=;
 h=Subject:To:References:Cc:From:Date:In-Reply-To;
 b=TMl1eL+gHIiB2+xC74qoCIT4U8wFVtbtJtro/Vp7BwORXMiYDYg/RM4EE4nlxpTZ6
 LBDUAhoMUzxJJJy2gkYpfWLSM9RQoFO5PZiQZtMBcZDa/6o33JHAVRNyL3HH7/YdK/
 vn4pjLpYrx0FplpKVquxN0MH+sFeQsGysfYPY11A=
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
To: Antoine Brodin <antoine@FreeBSD.org>, Xin LI <delphij@gmail.com>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org> <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
 <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
Cc: Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@freebsd.org>,
 Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 svn-src-releng@freebsd.org
From: Xin Li <delphij@delphij.net>
Message-ID: <56DFEA05.6060501@delphij.net>
Date: Wed, 9 Mar 2016 01:16:53 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="774Dh2Jq2oobcRMhc89n9LSoJJVmQ5OiC"
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 09:16:54 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--774Dh2Jq2oobcRMhc89n9LSoJJVmQ5OiC
Content-Type: multipart/mixed; boundary="SeCef0iwHIoNH1LukmLLTks6deFApNAGo"
From: Xin Li <delphij@delphij.net>
To: Antoine Brodin <antoine@FreeBSD.org>, Xin LI <delphij@gmail.com>
Cc: Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@freebsd.org>,
 Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 svn-src-releng@freebsd.org
Message-ID: <56DFEA05.6060501@delphij.net>
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org> <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
 <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
In-Reply-To: <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>

--SeCef0iwHIoNH1LukmLLTks6deFApNAGo
Content-Type: multipart/mixed;
 boundary="------------050501080008040300060008"

This is a multi-part message in MIME format.
--------------050501080008040300060008
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

FYI -- I can confirm that libcrypto is broken and have a reliable way to
trigger it.

So far I was able to narrow down this to this change and here is a
temporary workaround (which will reintroduce CVE-2016-0702).

Cheers,

--------------050501080008040300060008
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
 name="bn-revert.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="bn-revert.diff"

SW5kZXg6IGNyeXB0by9vcGVuc3NsL2NyeXB0by9ibi9ibi5oCj09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t
IGNyeXB0by9vcGVuc3NsL2NyeXB0by9ibi9ibi5oCShyZXZpc2lvbiAyOTY1NTYpCisrKyBj
cnlwdG8vb3BlbnNzbC9jcnlwdG8vYm4vYm4uaAkod29ya2luZyBjb3B5KQpAQCAtNjksMTMg
KzY5LDEzIEBACiAgKgogICovCiAKLSNpZm5kZWYgSEVBREVSX0JOX0gNCi0jIGRlZmluZSBI
RUFERVJfQk5fSA0KLQ0KLSMgaW5jbHVkZSA8bGltaXRzLmg+DQotIyBpbmNsdWRlIDxvcGVu
c3NsL2Vfb3MyLmg+DQotIyBpZm5kZWYgT1BFTlNTTF9OT19GUF9BUEkNCi0jICBpbmNsdWRl
IDxzdGRpby5oPiAgICAgICAgICAgIC8qIEZJTEUgKi8NCisjaWZuZGVmIEhFQURFUl9CTl9I
CisjIGRlZmluZSBIRUFERVJfQk5fSAorCisjIGluY2x1ZGUgPGxpbWl0cy5oPgorIyBpbmNs
dWRlIDxvcGVuc3NsL2Vfb3MyLmg+CisjIGlmbmRlZiBPUEVOU1NMX05PX0ZQX0FQSQorIyAg
aW5jbHVkZSA8c3RkaW8uaD4gICAgICAgICAgICAvKiBGSUxFICovCiAjIGVuZGlmCiAjIGlu
Y2x1ZGUgPG9wZW5zc2wvb3NzbF90eXAuaD4KIApAQCAtNzAyLDIzICs3MDIsMjMgQEAgY29u
c3QgQklHTlVNICpCTl9nZXQwX25pc3RfcHJpbWVfMjI0KHZvaWQpOwogY29uc3QgQklHTlVN
ICpCTl9nZXQwX25pc3RfcHJpbWVfMjU2KHZvaWQpOwogY29uc3QgQklHTlVNICpCTl9nZXQw
X25pc3RfcHJpbWVfMzg0KHZvaWQpOwogY29uc3QgQklHTlVNICpCTl9nZXQwX25pc3RfcHJp
bWVfNTIxKHZvaWQpOwotDQotLyogbGlicmFyeSBpbnRlcm5hbCBmdW5jdGlvbnMgKi8NCi0N
Ci0jIGRlZmluZSBibl9leHBhbmQoYSxiaXRzKSBcDQotICAgICggXA0KLSAgICAgICAgYml0
cyA+IChJTlRfTUFYIC0gQk5fQklUUzIgKyAxKSA/IFwNCi0gICAgICAgICAgICBOVUxMIFwN
Ci0gICAgICAgIDogXA0KLSAgICAgICAgICAgICgoKGJpdHMrQk5fQklUUzItMSkvQk5fQklU
UzIpIDw9IChhKS0+ZG1heCkgPyBcDQotICAgICAgICAgICAgICAgIChhKSBcDQotICAgICAg
ICAgICAgOiBcDQotICAgICAgICAgICAgICAgIGJuX2V4cGFuZDIoKGEpLChiaXRzK0JOX0JJ
VFMyLTEpL0JOX0JJVFMyKSBcDQotICAgICkNCi0NCi0jIGRlZmluZSBibl93ZXhwYW5kKGEs
d29yZHMpICgoKHdvcmRzKSA8PSAoYSktPmRtYXgpPyhhKTpibl9leHBhbmQyKChhKSwod29y
ZHMpKSkNCi1CSUdOVU0gKmJuX2V4cGFuZDIoQklHTlVNICphLCBpbnQgd29yZHMpOw0KLSMg
aWZuZGVmIE9QRU5TU0xfTk9fREVQUkVDQVRFRA0KKworLyogbGlicmFyeSBpbnRlcm5hbCBm
dW5jdGlvbnMgKi8KKworIyBkZWZpbmUgYm5fZXhwYW5kKGEsYml0cykgXAorICAgICggXAor
ICAgICAgICBiaXRzID4gKElOVF9NQVggLSBCTl9CSVRTMiArIDEpID8gXAorICAgICAgICAg
ICAgTlVMTCBcCisgICAgICAgIDogXAorICAgICAgICAgICAgKCgoYml0cytCTl9CSVRTMi0x
KS9CTl9CSVRTMikgPD0gKGEpLT5kbWF4KSA/IFwKKyAgICAgICAgICAgICAgICAoYSkgXAor
ICAgICAgICAgICAgOiBcCisgICAgICAgICAgICAgICAgYm5fZXhwYW5kMigoYSksKGJpdHMr
Qk5fQklUUzItMSkvQk5fQklUUzIpIFwKKyAgICApCisKKyMgZGVmaW5lIGJuX3dleHBhbmQo
YSx3b3JkcykgKCgod29yZHMpIDw9IChhKS0+ZG1heCk/KGEpOmJuX2V4cGFuZDIoKGEpLCh3
b3JkcykpKQorQklHTlVNICpibl9leHBhbmQyKEJJR05VTSAqYSwgaW50IHdvcmRzKTsKKyMg
aWZuZGVmIE9QRU5TU0xfTk9fREVQUkVDQVRFRAogQklHTlVNICpibl9kdXBfZXhwYW5kKGNv
bnN0IEJJR05VTSAqYSwgaW50IHdvcmRzKTsgLyogdW51c2VkICovCiAjIGVuZGlmCiAKSW5k
ZXg6IGNyeXB0by9vcGVuc3NsL2NyeXB0by9ibi9ibl9leHAuYwo9PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t
LSBjcnlwdG8vb3BlbnNzbC9jcnlwdG8vYm4vYm5fZXhwLmMJKHJldmlzaW9uIDI5NjU1NikK
KysrIGNyeXB0by9vcGVuc3NsL2NyeXB0by9ibi9ibl9leHAuYwkod29ya2luZyBjb3B5KQpA
QCAtMTA3LDEzICsxMDcsMTIgQEAKICAqIChlYXlAY3J5cHRzb2Z0LmNvbSkuICBUaGlzIHBy
b2R1Y3QgaW5jbHVkZXMgc29mdHdhcmUgd3JpdHRlbiBieSBUaW0KICAqIEh1ZHNvbiAodGpo
QGNyeXB0c29mdC5jb20pLgogICoKLSAqLw0KLQ0KLSNpbmNsdWRlICJjcnlwdGxpYi5oIg0K
LSNpbmNsdWRlICJjb25zdGFudF90aW1lX2xvY2wuaCINCi0jaW5jbHVkZSAiYm5fbGNsLmgi
DQotDQotLyogbWF4aW11bSBwcmVjb21wdXRhdGlvbiB0YWJsZSBzaXplIGZvciAqdmFyaWFi
bGUqIHNsaWRpbmcgd2luZG93cyAqLw0KKyAqLworCisjaW5jbHVkZSAiY3J5cHRsaWIuaCIK
KyNpbmNsdWRlICJibl9sY2wuaCIKKworLyogbWF4aW11bSBwcmVjb21wdXRhdGlvbiB0YWJs
ZSBzaXplIGZvciAqdmFyaWFibGUqIHNsaWRpbmcgd2luZG93cyAqLwogI2RlZmluZSBUQUJM
RV9TSVpFICAgICAgMzIKIAogLyogdGhpcyBvbmUgd29ya3MgLSBzaW1wbGUgYnV0IHdvcmtz
ICovCkBAIC01MjEsNzkgKzUyMCw0MSBAQCBpbnQgQk5fbW9kX2V4cF9tb250KEJJR05VTSAq
cnIsIGNvbnN0IEJJR05VTSAqYSwgYwogICogcGF0dGVybiBhcyBmYXIgYXMgY2FjaGUgbGlu
ZXMgYXJlIGNvbmNlcm5lZC4gIFRoZSBmb2xsb3dpbmcgZnVuY3Rpb25zIGFyZQogICogdXNl
ZCB0byB0cmFuc2ZlciBhIEJJR05VTSBmcm9tL3RvIHRoYXQgdGFibGUuCiAgKi8KLQ0KLXN0
YXRpYyBpbnQgTU9EX0VYUF9DVElNRV9DT1BZX1RPX1BSRUJVRihCSUdOVU0gKmIsIGludCB0
b3AsDQotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVuc2lnbmVk
IGNoYXIgKmJ1ZiwgaW50IGlkeCwNCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgaW50IHdpbmRvdykNCi17DQotICAgIGludCBpLCBqOw0KLSAgICBpbnQgd2lk
dGggPSAxIDw8IHdpbmRvdzsNCi0gICAgQk5fVUxPTkcgKnRhYmxlID0gKEJOX1VMT05HICop
YnVmOw0KLQ0KLSAgICBpZiAoYm5fd2V4cGFuZChiLCB0b3ApID09IE5VTEwpDQotICAgICAg
ICByZXR1cm4gMDsNCisKK3N0YXRpYyBpbnQgTU9EX0VYUF9DVElNRV9DT1BZX1RPX1BSRUJV
RihCSUdOVU0gKmIsIGludCB0b3AsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgdW5zaWduZWQgY2hhciAqYnVmLCBpbnQgaWR4LAorICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIGludCB3aWR0aCkKK3sKKyAgICBzaXplX3QgaSwg
ajsKKworICAgIGlmIChibl93ZXhwYW5kKGIsIHRvcCkgPT0gTlVMTCkKKyAgICAgICAgcmV0
dXJuIDA7CiAgICAgd2hpbGUgKGItPnRvcCA8IHRvcCkgewotICAgICAgICBiLT5kW2ItPnRv
cCsrXSA9IDA7DQotICAgIH0NCi0NCi0gICAgZm9yIChpID0gMCwgaiA9IGlkeDsgaSA8IHRv
cDsgaSsrLCBqICs9IHdpZHRoKSB7DQotICAgICAgICB0YWJsZVtqXSA9IGItPmRbaV07DQot
ICAgIH0NCi0NCi0gICAgYm5fY29ycmVjdF90b3AoYik7DQorICAgICAgICBiLT5kW2ItPnRv
cCsrXSA9IDA7CisgICAgfQorCisgICAgZm9yIChpID0gMCwgaiA9IGlkeDsgaSA8IHRvcCAq
IHNpemVvZiBiLT5kWzBdOyBpKyssIGogKz0gd2lkdGgpIHsKKyAgICAgICAgYnVmW2pdID0g
KCh1bnNpZ25lZCBjaGFyICopYi0+ZClbaV07CisgICAgfQorCisgICAgYm5fY29ycmVjdF90
b3AoYik7CiAgICAgcmV0dXJuIDE7CiB9Ci0NCi1zdGF0aWMgaW50IE1PRF9FWFBfQ1RJTUVf
Q09QWV9GUk9NX1BSRUJVRihCSUdOVU0gKmIsIGludCB0b3AsDQotICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQgY2hhciAqYnVmLCBpbnQgaWR4
LA0KLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGludCB3aW5k
b3cpDQotew0KLSAgICBpbnQgaSwgajsNCi0gICAgaW50IHdpZHRoID0gMSA8PCB3aW5kb3c7
DQotICAgIHZvbGF0aWxlIEJOX1VMT05HICp0YWJsZSA9ICh2b2xhdGlsZSBCTl9VTE9ORyAq
KWJ1ZjsNCi0NCi0gICAgaWYgKGJuX3dleHBhbmQoYiwgdG9wKSA9PSBOVUxMKQ0KLSAgICAg
ICAgcmV0dXJuIDA7DQotDQotICAgIGlmICh3aW5kb3cgPD0gMykgew0KLSAgICAgICAgZm9y
IChpID0gMDsgaSA8IHRvcDsgaSsrLCB0YWJsZSArPSB3aWR0aCkgew0KLSAgICAgICAgICAg
IEJOX1VMT05HIGFjYyA9IDA7DQotDQotICAgICAgICAgICAgZm9yIChqID0gMDsgaiA8IHdp
ZHRoOyBqKyspIHsNCi0gICAgICAgICAgICAgICAgYWNjIHw9IHRhYmxlW2pdICYNCi0gICAg
ICAgICAgICAgICAgICAgICAgICgoQk5fVUxPTkcpMCAtIChjb25zdGFudF90aW1lX2VxX2lu
dChqLGlkeCkmMSkpOw0KLSAgICAgICAgICAgIH0NCi0NCi0gICAgICAgICAgICBiLT5kW2ld
ID0gYWNjOw0KLSAgICAgICAgfQ0KLSAgICB9IGVsc2Ugew0KLSAgICAgICAgaW50IHhzdHJp
ZGUgPSAxIDw8ICh3aW5kb3cgLSAyKTsNCi0gICAgICAgIEJOX1VMT05HIHkwLCB5MSwgeTIs
IHkzOw0KLQ0KLSAgICAgICAgaSA9IGlkeCA+PiAod2luZG93IC0gMik7ICAgICAgICAvKiBl
cXVpdmFsZW50IG9mIGlkeCAvIHhzdHJpZGUgKi8NCi0gICAgICAgIGlkeCAmPSB4c3RyaWRl
IC0gMTsgICAgICAgICAgICAgLyogZXF1aXZhbGVudCBvZiBpZHggJSB4c3RyaWRlICovDQot
DQotICAgICAgICB5MCA9IChCTl9VTE9ORykwIC0gKGNvbnN0YW50X3RpbWVfZXFfaW50KGks
MCkmMSk7DQotICAgICAgICB5MSA9IChCTl9VTE9ORykwIC0gKGNvbnN0YW50X3RpbWVfZXFf
aW50KGksMSkmMSk7DQotICAgICAgICB5MiA9IChCTl9VTE9ORykwIC0gKGNvbnN0YW50X3Rp
bWVfZXFfaW50KGksMikmMSk7DQotICAgICAgICB5MyA9IChCTl9VTE9ORykwIC0gKGNvbnN0
YW50X3RpbWVfZXFfaW50KGksMykmMSk7DQotDQotICAgICAgICBmb3IgKGkgPSAwOyBpIDwg
dG9wOyBpKyssIHRhYmxlICs9IHdpZHRoKSB7DQotICAgICAgICAgICAgQk5fVUxPTkcgYWNj
ID0gMDsNCi0NCi0gICAgICAgICAgICBmb3IgKGogPSAwOyBqIDwgeHN0cmlkZTsgaisrKSB7
DQotICAgICAgICAgICAgICAgIGFjYyB8PSAoICh0YWJsZVtqICsgMCAqIHhzdHJpZGVdICYg
eTApIHwNCi0gICAgICAgICAgICAgICAgICAgICAgICAgKHRhYmxlW2ogKyAxICogeHN0cmlk
ZV0gJiB5MSkgfA0KLSAgICAgICAgICAgICAgICAgICAgICAgICAodGFibGVbaiArIDIgKiB4
c3RyaWRlXSAmIHkyKSB8DQotICAgICAgICAgICAgICAgICAgICAgICAgICh0YWJsZVtqICsg
MyAqIHhzdHJpZGVdICYgeTMpICkNCi0gICAgICAgICAgICAgICAgICAgICAgICYgKChCTl9V
TE9ORykwIC0gKGNvbnN0YW50X3RpbWVfZXFfaW50KGosaWR4KSYxKSk7DQotICAgICAgICAg
ICAgfQ0KLQ0KLSAgICAgICAgICAgIGItPmRbaV0gPSBhY2M7DQotICAgICAgICB9DQotICAg
IH0NCi0NCi0gICAgYi0+dG9wID0gdG9wOw0KKworc3RhdGljIGludCBNT0RfRVhQX0NUSU1F
X0NPUFlfRlJPTV9QUkVCVUYoQklHTlVNICpiLCBpbnQgdG9wLAorICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQgY2hhciAqYnVmLCBpbnQgaWR4
LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW50IHdpZHRo
KQoreworICAgIHNpemVfdCBpLCBqOworCisgICAgaWYgKGJuX3dleHBhbmQoYiwgdG9wKSA9
PSBOVUxMKQorICAgICAgICByZXR1cm4gMDsKKworICAgIGZvciAoaSA9IDAsIGogPSBpZHg7
IGkgPCB0b3AgKiBzaXplb2YgYi0+ZFswXTsgaSsrLCBqICs9IHdpZHRoKSB7CisgICAgICAg
ICgodW5zaWduZWQgY2hhciAqKWItPmQpW2ldID0gYnVmW2pdOworICAgIH0KKworICAgIGIt
PnRvcCA9IHRvcDsKICAgICBibl9jb3JyZWN0X3RvcChiKTsKICAgICByZXR1cm4gMTsKIH0K
QEAgLTY4NCwxMyArNjQ1LDEzIEBAIGludCBCTl9tb2RfZXhwX21vbnRfY29uc3R0aW1lKEJJ
R05VTSAqcnIsIGNvbnN0IEJJCiAgICAgLyoKICAgICAgKiBJbml0aWFsaXplIHRoZSBpbnRl
cm1lZGlhdGUgcmVzdWx0LiBEbyB0aGlzIGVhcmx5IHRvIHNhdmUgZG91YmxlCiAgICAgICog
Y29udmVyc2lvbiwgb25jZSBlYWNoIGZvciBhXjAgYW5kIGludGVybWVkaWF0ZSByZXN1bHQu
Ci0gICAgICovDQotICAgIGlmICghQk5fdG9fbW9udGdvbWVyeShyLCBCTl92YWx1ZV9vbmUo
KSwgbW9udCwgY3R4KSkNCi0gICAgICAgIGdvdG8gZXJyOw0KLSAgICBpZiAoIU1PRF9FWFBf
Q1RJTUVfQ09QWV9UT19QUkVCVUYociwgdG9wLCBwb3dlcmJ1ZiwgMCwgd2luZG93KSkNCi0g
ICAgICAgIGdvdG8gZXJyOw0KLQ0KLSAgICAvKiBJbml0aWFsaXplIGNvbXB1dGVUZW1wIGFz
IGFeMSB3aXRoIG1vbnRnb21lcnkgcHJlY2FsY3MgKi8NCisgICAgICovCisgICAgaWYgKCFC
Tl90b19tb250Z29tZXJ5KHIsIEJOX3ZhbHVlX29uZSgpLCBtb250LCBjdHgpKQorICAgICAg
ICBnb3RvIGVycjsKKyAgICBpZiAoIU1PRF9FWFBfQ1RJTUVfQ09QWV9UT19QUkVCVUYociwg
dG9wLCBwb3dlcmJ1ZiwgMCwgbnVtUG93ZXJzKSkKKyAgICAgICAgZ290byBlcnI7CisKKyAg
ICAvKiBJbml0aWFsaXplIGNvbXB1dGVUZW1wIGFzIGFeMSB3aXRoIG1vbnRnb21lcnkgcHJl
Y2FsY3MgKi8KICAgICBjb21wdXRlVGVtcCA9IEJOX0NUWF9nZXQoY3R4KTsKICAgICBhbSA9
IEJOX0NUWF9nZXQoY3R4KTsKICAgICBpZiAoY29tcHV0ZVRlbXAgPT0gTlVMTCB8fCBhbSA9
PSBOVUxMKQpAQCAtNzAzLDEzICs2NjQsMTMgQEAgaW50IEJOX21vZF9leHBfbW9udF9jb25z
dHRpbWUoQklHTlVNICpyciwgY29uc3QgQkkKICAgICB9IGVsc2UKICAgICAgICAgYWEgPSBh
OwogICAgIGlmICghQk5fdG9fbW9udGdvbWVyeShhbSwgYWEsIG1vbnQsIGN0eCkpCi0gICAg
ICAgIGdvdG8gZXJyOw0KLSAgICBpZiAoIUJOX2NvcHkoY29tcHV0ZVRlbXAsIGFtKSkNCi0g
ICAgICAgIGdvdG8gZXJyOw0KLSAgICBpZiAoIU1PRF9FWFBfQ1RJTUVfQ09QWV9UT19QUkVC
VUYoYW0sIHRvcCwgcG93ZXJidWYsIDEsIHdpbmRvdykpDQotICAgICAgICBnb3RvIGVycjsN
Ci0NCi0gICAgLyoNCisgICAgICAgIGdvdG8gZXJyOworICAgIGlmICghQk5fY29weShjb21w
dXRlVGVtcCwgYW0pKQorICAgICAgICBnb3RvIGVycjsKKyAgICBpZiAoIU1PRF9FWFBfQ1RJ
TUVfQ09QWV9UT19QUkVCVUYoYW0sIHRvcCwgcG93ZXJidWYsIDEsIG51bVBvd2VycykpCisg
ICAgICAgIGdvdG8gZXJyOworCisgICAgLyoKICAgICAgKiBJZiB0aGUgd2luZG93IHNpemUg
aXMgZ3JlYXRlciB0aGFuIDEsIHRoZW4gY2FsY3VsYXRlCiAgICAgICogdmFsW2k9Mi4uMl53
aW5zaXplLTFdLiBQb3dlcnMgYXJlIGNvbXB1dGVkIGFzIGEqYV4oaS0xKSAoZXZlbiBwb3dl
cnMKICAgICAgKiBjb3VsZCBpbnN0ZWFkIGJlIGNvbXB1dGVkIGFzIChhXihpLzIpKV4yIHRv
IHVzZSB0aGUgc2xpZ2h0IHBlcmZvcm1hbmNlCkBAIC03MTgsMTQgKzY3OSwxNCBAQCBpbnQg
Qk5fbW9kX2V4cF9tb250X2NvbnN0dGltZShCSUdOVU0gKnJyLCBjb25zdCBCSQogICAgIGlm
ICh3aW5kb3cgPiAxKSB7CiAgICAgICAgIGZvciAoaSA9IDI7IGkgPCBudW1Qb3dlcnM7IGkr
KykgewogICAgICAgICAgICAgLyogQ2FsY3VsYXRlIGFeaSA9IGFeKGktMSkgKiBhICovCi0g
ICAgICAgICAgICBpZiAoIUJOX21vZF9tdWxfbW9udGdvbWVyeQ0KLSAgICAgICAgICAgICAg
ICAoY29tcHV0ZVRlbXAsIGFtLCBjb21wdXRlVGVtcCwgbW9udCwgY3R4KSkNCi0gICAgICAg
ICAgICAgICAgZ290byBlcnI7DQotICAgICAgICAgICAgaWYgKCFNT0RfRVhQX0NUSU1FX0NP
UFlfVE9fUFJFQlVGKGNvbXB1dGVUZW1wLCB0b3AsIHBvd2VyYnVmLCBpLA0KLSAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cpKQ0KLSAgICAg
ICAgICAgICAgICBnb3RvIGVycjsNCi0gICAgICAgIH0NCi0gICAgfQ0KKyAgICAgICAgICAg
IGlmICghQk5fbW9kX211bF9tb250Z29tZXJ5CisgICAgICAgICAgICAgICAgKGNvbXB1dGVU
ZW1wLCBhbSwgY29tcHV0ZVRlbXAsIG1vbnQsIGN0eCkpCisgICAgICAgICAgICAgICAgZ290
byBlcnI7CisgICAgICAgICAgICBpZiAoIU1PRF9FWFBfQ1RJTUVfQ09QWV9UT19QUkVCVUYK
KyAgICAgICAgICAgICAgICAoY29tcHV0ZVRlbXAsIHRvcCwgcG93ZXJidWYsIGksIG51bVBv
d2VycykpCisgICAgICAgICAgICAgICAgZ290byBlcnI7CisgICAgICAgIH0KKyAgICB9CiAK
ICAgICAvKgogICAgICAqIEFkanVzdCB0aGUgbnVtYmVyIG9mIGJpdHMgdXAgdG8gYSBtdWx0
aXBsZSBvZiB0aGUgd2luZG93IHNpemUuIElmIHRoZQpJbmRleDogY3J5cHRvL29wZW5zc2wv
Y3J5cHRvL2JuL2JuX3ByaW50LmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY3J5cHRvL29wZW5zc2wv
Y3J5cHRvL2JuL2JuX3ByaW50LmMJKHJldmlzaW9uIDI5NjU1NikKKysrIGNyeXB0by9vcGVu
c3NsL2NyeXB0by9ibi9ibl9wcmludC5jCSh3b3JraW5nIGNvcHkpCkBAIC01NSwxNCArNTUs
MTQgQEAKICAqIGNvcGllZCBhbmQgcHV0IHVuZGVyIGFub3RoZXIgZGlzdHJpYnV0aW9uIGxp
Y2VuY2UKICAqIFtpbmNsdWRpbmcgdGhlIEdOVSBQdWJsaWMgTGljZW5jZS5dCiAgKi8KLQ0K
LSNpbmNsdWRlIDxzdGRpby5oPg0KLSNpbmNsdWRlIDxjdHlwZS5oPg0KLSNpbmNsdWRlIDxs
aW1pdHMuaD4NCi0jaW5jbHVkZSAiY3J5cHRsaWIuaCINCi0jaW5jbHVkZSA8b3BlbnNzbC9i
dWZmZXIuaD4NCi0jaW5jbHVkZSAiYm5fbGNsLmgiDQogCisjaW5jbHVkZSA8c3RkaW8uaD4K
KyNpbmNsdWRlIDxjdHlwZS5oPgorI2luY2x1ZGUgPGxpbWl0cy5oPgorI2luY2x1ZGUgImNy
eXB0bGliLmgiCisjaW5jbHVkZSA8b3BlbnNzbC9idWZmZXIuaD4KKyNpbmNsdWRlICJibl9s
Y2wuaCIKKwogc3RhdGljIGNvbnN0IGNoYXIgSGV4W10gPSAiMDEyMzQ1Njc4OUFCQ0RFRiI7
CiAKIC8qIE11c3QgJ09QRU5TU0xfZnJlZScgdGhlIHJldHVybmVkIGRhdGEgKi8KQEAgLTE4
NywxOSArMTg3LDE5IEBAIGludCBCTl9oZXgyYm4oQklHTlVNICoqYm4sIGNvbnN0IGNoYXIg
KmEpCiAKICAgICBpZiAoKmEgPT0gJy0nKSB7CiAgICAgICAgIG5lZyA9IDE7Ci0gICAgICAg
IGErKzsNCi0gICAgfQ0KLQ0KLSAgICBmb3IgKGkgPSAwOyBpIDw9IChJTlRfTUFYLzQpICYm
IGlzeGRpZ2l0KCh1bnNpZ25lZCBjaGFyKWFbaV0pOyBpKyspDQotICAgICAgICBjb250aW51
ZTsNCi0NCi0gICAgaWYgKGkgPiBJTlRfTUFYLzQpDQotICAgICAgICBnb3RvIGVycjsNCi0N
Ci0gICAgbnVtID0gaSArIG5lZzsNCi0gICAgaWYgKGJuID09IE5VTEwpDQotICAgICAgICBy
ZXR1cm4gKG51bSk7DQorICAgICAgICBhKys7CisgICAgfQogCisgICAgZm9yIChpID0gMDsg
aSA8PSAoSU5UX01BWC80KSAmJiBpc3hkaWdpdCgodW5zaWduZWQgY2hhcilhW2ldKTsgaSsr
KQorICAgICAgICBjb250aW51ZTsKKworICAgIGlmIChpID4gSU5UX01BWC80KQorICAgICAg
ICBnb3RvIGVycjsKKworICAgIG51bSA9IGkgKyBuZWc7CisgICAgaWYgKGJuID09IE5VTEwp
CisgICAgICAgIHJldHVybiAobnVtKTsKKwogICAgIC8qIGEgaXMgdGhlIHN0YXJ0IG9mIHRo
ZSBoZXggZGlnaXRzLCBhbmQgaXQgaXMgJ2knIGxvbmcgKi8KICAgICBpZiAoKmJuID09IE5V
TEwpIHsKICAgICAgICAgaWYgKChyZXQgPSBCTl9uZXcoKSkgPT0gTlVMTCkKQEAgLTIwNiwx
MyArMjA2LDEzIEBAIGludCBCTl9oZXgyYm4oQklHTlVNICoqYm4sIGNvbnN0IGNoYXIgKmEp
CiAgICAgICAgICAgICByZXR1cm4gKDApOwogICAgIH0gZWxzZSB7CiAgICAgICAgIHJldCA9
ICpibjsKLSAgICAgICAgQk5femVybyhyZXQpOw0KLSAgICB9DQotDQotICAgIC8qIGkgaXMg
dGhlIG51bWJlciBvZiBoZXggZGlnaXRzICovDQotICAgIGlmIChibl9leHBhbmQocmV0LCBp
ICogNCkgPT0gTlVMTCkNCi0gICAgICAgIGdvdG8gZXJyOw0KLQ0KKyAgICAgICAgQk5femVy
byhyZXQpOworICAgIH0KKworICAgIC8qIGkgaXMgdGhlIG51bWJlciBvZiBoZXggZGlnaXRz
ICovCisgICAgaWYgKGJuX2V4cGFuZChyZXQsIGkgKiA0KSA9PSBOVUxMKQorICAgICAgICBn
b3RvIGVycjsKKwogICAgIGogPSBpOyAgICAgICAgICAgICAgICAgICAgICAvKiBsZWFzdCBz
aWduaWZpY2FudCAnaGV4JyAqLwogICAgIG0gPSAwOwogICAgIGggPSAwOwpAQCAtMjYyLDE5
ICsyNjIsMTkgQEAgaW50IEJOX2RlYzJibihCSUdOVU0gKipibiwgY29uc3QgY2hhciAqYSkK
ICAgICAgICAgcmV0dXJuICgwKTsKICAgICBpZiAoKmEgPT0gJy0nKSB7CiAgICAgICAgIG5l
ZyA9IDE7Ci0gICAgICAgIGErKzsNCi0gICAgfQ0KLQ0KLSAgICBmb3IgKGkgPSAwOyBpIDw9
IChJTlRfTUFYLzQpICYmIGlzZGlnaXQoKHVuc2lnbmVkIGNoYXIpYVtpXSk7IGkrKykNCi0g
ICAgICAgIGNvbnRpbnVlOw0KLQ0KLSAgICBpZiAoaSA+IElOVF9NQVgvNCkNCi0gICAgICAg
IGdvdG8gZXJyOw0KLQ0KLSAgICBudW0gPSBpICsgbmVnOw0KLSAgICBpZiAoYm4gPT0gTlVM
TCkNCi0gICAgICAgIHJldHVybiAobnVtKTsNCisgICAgICAgIGErKzsKKyAgICB9CiAKKyAg
ICBmb3IgKGkgPSAwOyBpIDw9IChJTlRfTUFYLzQpICYmIGlzZGlnaXQoKHVuc2lnbmVkIGNo
YXIpYVtpXSk7IGkrKykKKyAgICAgICAgY29udGludWU7CisKKyAgICBpZiAoaSA+IElOVF9N
QVgvNCkKKyAgICAgICAgZ290byBlcnI7CisKKyAgICBudW0gPSBpICsgbmVnOworICAgIGlm
IChibiA9PSBOVUxMKQorICAgICAgICByZXR1cm4gKG51bSk7CisKICAgICAvKgogICAgICAq
IGEgaXMgdGhlIHN0YXJ0IG9mIHRoZSBkaWdpdHMsIGFuZCBpdCBpcyAnaScgbG9uZy4gV2Ug
Y2hvcCBpdCBpbnRvCiAgICAgICogQk5fREVDX05VTSBkaWdpdHMgYXQgYSB0aW1lCkBAIC0y
ODQsMTMgKzI4NCwxMyBAQCBpbnQgQk5fZGVjMmJuKEJJR05VTSAqKmJuLCBjb25zdCBjaGFy
ICphKQogICAgICAgICAgICAgcmV0dXJuICgwKTsKICAgICB9IGVsc2UgewogICAgICAgICBy
ZXQgPSAqYm47Ci0gICAgICAgIEJOX3plcm8ocmV0KTsNCi0gICAgfQ0KLQ0KLSAgICAvKiBp
IGlzIHRoZSBudW1iZXIgb2YgZGlnaXRzLCBhIGJpdCBvZiBhbiBvdmVyIGV4cGFuZCAqLw0K
LSAgICBpZiAoYm5fZXhwYW5kKHJldCwgaSAqIDQpID09IE5VTEwpDQotICAgICAgICBnb3Rv
IGVycjsNCi0NCisgICAgICAgIEJOX3plcm8ocmV0KTsKKyAgICB9CisKKyAgICAvKiBpIGlz
IHRoZSBudW1iZXIgb2YgZGlnaXRzLCBhIGJpdCBvZiBhbiBvdmVyIGV4cGFuZCAqLworICAg
IGlmIChibl9leHBhbmQocmV0LCBpICogNCkgPT0gTlVMTCkKKyAgICAgICAgZ290byBlcnI7
CisKICAgICBqID0gQk5fREVDX05VTSAtIChpICUgQk5fREVDX05VTSk7CiAgICAgaWYgKGog
PT0gQk5fREVDX05VTSkKICAgICAgICAgaiA9IDA7Cg==
--------------050501080008040300060008--

--SeCef0iwHIoNH1LukmLLTks6deFApNAGo--

--774Dh2Jq2oobcRMhc89n9LSoJJVmQ5OiC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW3+oFAAoJEJW2GBstM+nsXqcP/0dxSTMAkTAP1ZqnUc0HFKBV
DebJ0/7ZVQ7+TV1PzmZ/zheW9Yhf1Cq2rTwn42zUkswM7KJU6WQIYQ0b5v+ZTOvT
kezZIbK1VGu2iuU6x5Gm+2wh51lzGF+XKyzOWW+o/PGzp+/YFLrB5NOIGI7srK4l
RckUHEHgSMsQxPLHPUi+r2SuPz0U5p6T0xxa0H6jI+pM4ZjsxX7BtdIpI1hSPlEY
Nl035OcnOmMBHwQOQXuZ8yu0Rh1eFBr7LKPU5GgAoGxUzjZZn4yNctSihspMagux
Iy3LbglS1jH8tYC0tnthA45OnxNp2EIiOmYetwgLhE1GRMaecHMwwLq+pKTQdlpN
FA+rWJ/LX1u6+X6ioMbfJzWfDBhRY+oN3vJwOm01tzyf+596iZG7hfmXVsfeKWx6
mqMmpLZJi3Gfd/SblqVt/IpmkNhLTOkkKvhY3GOtJkDYaDoTXaX7kMkf3OJdKuF1
D5xPX5dEMe5/kkvLb1T34bj1V1wROg4+hlAjfHknW58u9JY80SD6cTGtGpRRQjEa
6uzz2XS4/xyTDuKhKLL5pkR8t7QiGhVYM6LjsRZu7zzFdYnJ90bO4nHZnHmnR/1u
UwQh9+Qah1S1X0CngLy5zdpTsU/JZLoiRD56J+iKLun1BSpkVirJmoRC4RgVdH6v
uxzwh7zeZ1D25ZLW3jKu
=Is7P
-----END PGP SIGNATURE-----

--774Dh2Jq2oobcRMhc89n9LSoJJVmQ5OiC--

From owner-svn-src-releng@freebsd.org  Wed Mar  9 20:40:08 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CEA6AC9815;
 Wed,  9 Mar 2016 20:40:08 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from tensor.andric.com (tensor.andric.com
 [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "tensor.andric.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E5E7868A;
 Wed,  9 Mar 2016 20:40:07 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from [IPv6:2001:7b8:3a7::dd44:f53f:bd83:81a6] (unknown
 [IPv6:2001:7b8:3a7:0:dd44:f53f:bd83:81a6])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by tensor.andric.com (Postfix) with ESMTPSA id 5DD993E88D;
 Wed,  9 Mar 2016 21:40:03 +0100 (CET)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed;
 boundary="Apple-Mail=_AA17955F-1DCE-4BA2-B503-80692C2DCCA2";
 protocol="application/pgp-signature"; micalg=pgp-sha1
X-Pgp-Agent: GPGMail 2.6b2 (ebbf3ef)
From: Dimitry Andric <dim@FreeBSD.org>
In-Reply-To: <56DFEA05.6060501@delphij.net>
Date: Wed, 9 Mar 2016 21:39:58 +0100
Cc: Antoine Brodin <antoine@FreeBSD.org>, Xin LI <delphij@gmail.com>,
 Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@freebsd.org>,
 Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 svn-src-releng@freebsd.org
Message-Id: <2E9527A1-C869-48DA-9554-2A96F1735F8C@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org> <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
 <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
 <56DFEA05.6060501@delphij.net>
To: Xin Li <delphij@delphij.net>
X-Mailer: Apple Mail (2.3112)
X-Mailman-Approved-At: Wed, 09 Mar 2016 22:36:15 +0000
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 20:40:08 -0000


--Apple-Mail=_AA17955F-1DCE-4BA2-B503-80692C2DCCA2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On 09 Mar 2016, at 10:16, Xin Li <delphij@delphij.net> wrote:
>=20
> FYI -- I can confirm that libcrypto is broken and have a reliable way =
to
> trigger it.
>=20
> So far I was able to narrow down this to this change and here is a
> temporary workaround (which will reintroduce CVE-2016-0702).
>=20
> Cheers,
> <bn-revert.diff>

FWIW, before the workaround I get this from valgrind:

=3D=3D10050=3D=3D Invalid read of size 8
=3D=3D10050=3D=3D    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF =
(bn_exp.c:585)
=3D=3D10050=3D=3D    by 0x6BA3438: BN_mod_exp_mont_consttime =
(bn_exp.c:760)
=3D=3D10050=3D=3D    by 0x6B84AB7: ??? (dh_key.c:156)
=3D=3D10050=3D=3D    by 0x4E4550B: ssh_dh_gen_key (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x42AEBF: kexgex_server (kexgexs.c:115)
=3D=3D10050=3D=3D    by 0x4E545FE: ssh_kex_input_kexinit (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x4E54BBE: ssh_dispatch_run (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x41085C: do_ssh2_kex (sshd.c:2559)
=3D=3D10050=3D=3D    by 0x41085C: main (sshd.c:2162)
=3D=3D10050=3D=3D  Address 0x2078f3580 is not stack'd, malloc'd or =
(recently) free'd
=3D=3D10050=3D=3D
=3D=3D10050=3D=3D
=3D=3D10050=3D=3D Process terminating with default action of signal 11 =
(SIGSEGV): dumping core
=3D=3D10050=3D=3D  Access not within mapped region at address =
0x2078F3580
=3D=3D10050=3D=3D    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF =
(bn_exp.c:585)
=3D=3D10050=3D=3D    by 0x6BA3438: BN_mod_exp_mont_consttime =
(bn_exp.c:760)
=3D=3D10050=3D=3D    by 0x6B84AB7: ??? (dh_key.c:156)
=3D=3D10050=3D=3D    by 0x4E4550B: ssh_dh_gen_key (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x42AEBF: kexgex_server (kexgexs.c:115)
=3D=3D10050=3D=3D    by 0x4E545FE: ssh_kex_input_kexinit (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x4E54BBE: ssh_dispatch_run (in =
/usr/lib/private/libssh.so.5)
=3D=3D10050=3D=3D    by 0x41085C: do_ssh2_kex (sshd.c:2559)
=3D=3D10050=3D=3D    by 0x41085C: main (sshd.c:2162)
=3D=3D10050=3D=3D  If you believe this happened as a result of a stack
=3D=3D10050=3D=3D  overflow in your program's main thread (unlikely but
=3D=3D10050=3D=3D  possible), you can try to increase the size of the
=3D=3D10050=3D=3D  main thread stack using the --main-stacksize=3D flag.
=3D=3D10050=3D=3D  The main thread stack size used in this run was =
16777216.

-Dimitry


--Apple-Mail=_AA17955F-1DCE-4BA2-B503-80692C2DCCA2
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.29

iEYEARECAAYFAlbgiiIACgkQsF6jCi4glqO/TACg8wnXNM/4bSChip4c1XG9wN23
3z8AoM2kOpFsIa2xWLAACSnL39ad1plF
=BCdJ
-----END PGP SIGNATURE-----

--Apple-Mail=_AA17955F-1DCE-4BA2-B503-80692C2DCCA2--

From owner-svn-src-releng@freebsd.org  Wed Mar  9 22:19:04 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C6B0ACA668;
 Wed,  9 Mar 2016 22:19:04 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 547EF109D;
 Wed,  9 Mar 2016 22:19:03 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
To: Dimitry Andric <dim@FreeBSD.org>, Xin Li <delphij@delphij.net>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org> <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
 <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
 <56DFEA05.6060501@delphij.net>
 <2E9527A1-C869-48DA-9554-2A96F1735F8C@FreeBSD.org>
 <F14D28E4-4458-4208-8215-DB8998D62E2E@FreeBSD.org>
Cc: Antoine Brodin <antoine@FreeBSD.org>, Xin LI <delphij@gmail.com>,
 Mathieu Arnold <mat@freebsd.org>, Bryan Drewery <bdrewery@freebsd.org>,
 Xin LI <delphij@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 svn-src-releng@freebsd.org
From: Jung-uk Kim <jkim@FreeBSD.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <56E0A156.4040303@FreeBSD.org>
Date: Wed, 9 Mar 2016 17:19:02 -0500
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <F14D28E4-4458-4208-8215-DB8998D62E2E@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Wed, 09 Mar 2016 22:36:16 +0000
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 22:19:04 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/ 9/16 04:31 PM, Dimitry Andric wrote:
> On 09 Mar 2016, at 21:39, Dimitry Andric <dim@FreeBSD.org> wrote:
>> 
>> On 09 Mar 2016, at 10:16, Xin Li <delphij@delphij.net> wrote:
>>> 
>>> FYI -- I can confirm that libcrypto is broken and have a 
>>> reliable way to trigger it.
>>> 
>>> So far I was able to narrow down this to this change and here 
>>> is a temporary workaround (which will reintroduce 
>>> CVE-2016-0702).
>>> 
>>> Cheers, <bn-revert.diff>
>> 
>> FWIW, before the workaround I get this from valgrind:
>> 
>> ==10050== Invalid read of size 8 ==10050==    at 0x6BA3438: 
>> MOD_EXP_CTIME_COPY_FROM_PREBUF (bn_exp.c:585) ==10050==    by 
>> 0x6BA3438: BN_mod_exp_mont_consttime (bn_exp.c:760) ==10050== by
>>  0x6B84AB7: ??? (dh_key.c:156) ==10050==    by 0x4E4550B: 
>> ssh_dh_gen_key (in /usr/lib/private/libssh.so.5) ==10050==    by 
>> 0x42AEBF: kexgex_server (kexgexs.c:115) ==10050==    by 
>> 0x4E545FE: ssh_kex_input_kexinit (in 
>> /usr/lib/private/libssh.so.5) ==10050==    by 0x4E54BBE: 
>> ssh_dispatch_run (in /usr/lib/private/libssh.so.5) ==10050== by 
>> 0x41085C: do_ssh2_kex (sshd.c:2559) ==10050==    by 0x41085C: 
>> main (sshd.c:2162) ==10050==  Address 0x2078f3580 is not
>> stack'd, malloc'd or (recently) free'd ==10050== ==10050==
>> ==10050== Process terminating with default action of signal 11
>> (SIGSEGV): dumping core ==10050==  Access not within mapped
>> region at address 0x2078F3580 ==10050==    at 0x6BA3438: 
>> MOD_EXP_CTIME_COPY_FROM_PREBUF (bn_exp.c:585) ==10050==    by 
>> 0x6BA3438: BN_mod_exp_mont_consttime (bn_exp.c:760) ==10050== by
>>  0x6B84AB7: ??? (dh_key.c:156) ==10050==    by 0x4E4550B: 
>> ssh_dh_gen_key (in /usr/lib/private/libssh.so.5) ==10050==    by 
>> 0x42AEBF: kexgex_server (kexgexs.c:115) ==10050==    by 
>> 0x4E545FE: ssh_kex_input_kexinit (in 
>> /usr/lib/private/libssh.so.5) ==10050==    by 0x4E54BBE: 
>> ssh_dispatch_run (in /usr/lib/private/libssh.so.5) ==10050== by 
>> 0x41085C: do_ssh2_kex (sshd.c:2559) ==10050==    by 0x41085C: 
>> main (sshd.c:2162) ==10050==  If you believe this happened as a 
>> result of a stack ==10050==  overflow in your program's main 
>> thread (unlikely but ==10050==  possible), you can try to 
>> increase the size of the ==10050==  main thread stack using the 
>> --main-stacksize= flag. ==10050==  The main thread stack size 
>> used in this run was 16777216.
> 
> I think this is a possible fix (it works for me, at least):
> 
> Index: crypto/openssl/crypto/bn/bn_exp.c 
> ===================================================================
>
>
>
>
> 
- --- crypto/openssl/crypto/bn/bn_exp.c   (revision 296469)
> +++ crypto/openssl/crypto/bn/bn_exp.c   (working copy) @@ -758,7 
> +758,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BI * 
> Fetch the appropriate pre-computed value from the pre-buf */ if 
> (!MOD_EXP_CTIME_COPY_FROM_PREBUF -            (computeTemp, top, 
> powerbuf, wvalue, numPowers)) +            (computeTemp, top, 
> powerbuf, wvalue, window)) goto err;
> 
> /* Multiply the result into the intermediate result */
> 
> Can people experiencing this problem please apply the above diff to
> their openssl, rebuild secure/lib/libcrypto, install it, then 
> restart sshd and/or whatever daemon you have seen the crashes 
> with?

[My PC had multiple PSU failures and I just recovered from the
disaster.  I am very sorry for the late response.]

I haven't tested it but it looks correct.  I don't know how I missed
it in the first place. :-(

JK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJW4KFSAAoJEHyflib82/FGGt8H/iaaxbks7copI9O4oCs229RG
UlLxx1XsrYkdStEqJHg4OXgXr6kIdkSpBBJjYs3DlOFKL5Vin0PTenfDV0i0a0/l
MbawMhWX6xhNaUKSHVguXJeGZUGT4pYQe6pZoZYT2ZrAq5eEavk/y0qlwPK4xV50
A/xXsfgLGwruMZjJ4JJ7N4CZMByyKu7jAhnveDFS3A87HOve48HEGpHY/UDmWvZ1
t1JX0e7ZCO+frHAwYdBkMG9w4ozQ26PjGTyJuL/852GORaxt+5kZ4Uj2/jLjxIIj
pnFJ1CrzjFKqX3+03QaOi+hFlBPyQ/CMyMg03fO5MQqTys3ehObujRmfE1mhCZs=
=KShP
-----END PGP SIGNATURE-----

From owner-svn-src-releng@freebsd.org  Wed Mar  9 21:31:31 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E50BEAC90BA;
 Wed,  9 Mar 2016 21:31:31 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from tensor.andric.com (tensor.andric.com
 [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "tensor.andric.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 728E61E2C;
 Wed,  9 Mar 2016 21:31:31 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from [IPv6:2001:7b8:3a7::dd44:f53f:bd83:81a6] (unknown
 [IPv6:2001:7b8:3a7:0:dd44:f53f:bd83:81a6])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by tensor.andric.com (Postfix) with ESMTPSA id 74B5A3E933;
 Wed,  9 Mar 2016 22:31:28 +0100 (CET)
Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl
 crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto
 crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf
 cry...
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed;
 boundary="Apple-Mail=_72D411A8-F978-43D7-9D8A-0850E89E6F98";
 protocol="application/pgp-signature"; micalg=pgp-sha1
X-Pgp-Agent: GPGMail 2.6b2 (ebbf3ef)
From: Dimitry Andric <dim@FreeBSD.org>
In-Reply-To: <2E9527A1-C869-48DA-9554-2A96F1735F8C@FreeBSD.org>
Date: Wed, 9 Mar 2016 22:31:21 +0100
Cc: Antoine Brodin <antoine@FreeBSD.org>, Xin LI <delphij@gmail.com>,
 Mathieu Arnold <mat@freebsd.org>, Jung-Uk Kim <jkim@freebsd.org>,
 Bryan Drewery <bdrewery@freebsd.org>, Xin LI <delphij@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 svn-src-releng@freebsd.org
Message-Id: <F14D28E4-4458-4208-8215-DB8998D62E2E@FreeBSD.org>
References: <201603071622.u27GMC4a082792@repo.freebsd.org>
 <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org>
 <63FB9E5BBBF224CA12839457@ogg.in.absolight.net>
 <56DEFDF5.2040500@FreeBSD.org>
 <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net>
 <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org>
 <DC10EFD5F03DA877503B6C3E@ogg.in.absolight.net>
 <56DF0550.6000604@FreeBSD.org> <E24637388915226D9A922B8B@atuin.in.mat.cc>
 <CAGMYy3tfrty-8r-Efzzd56d4AOdV0H+ParrkUtBWR4f+0ZtxWw@mail.gmail.com>
 <CAALwa8mXg-eE3tZ1R=LAd9nWNAmTkqPmrSaZAmtrQ=u4-=wEeg@mail.gmail.com>
 <56DFEA05.6060501@delphij.net>
 <2E9527A1-C869-48DA-9554-2A96F1735F8C@FreeBSD.org>
To: Xin Li <delphij@delphij.net>
X-Mailer: Apple Mail (2.3112)
X-Mailman-Approved-At: Wed, 09 Mar 2016 22:36:15 +0000
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 21:31:32 -0000


--Apple-Mail=_72D411A8-F978-43D7-9D8A-0850E89E6F98
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On 09 Mar 2016, at 21:39, Dimitry Andric <dim@FreeBSD.org> wrote:
>=20
> On 09 Mar 2016, at 10:16, Xin Li <delphij@delphij.net> wrote:
>>=20
>> FYI -- I can confirm that libcrypto is broken and have a reliable way =
to
>> trigger it.
>>=20
>> So far I was able to narrow down this to this change and here is a
>> temporary workaround (which will reintroduce CVE-2016-0702).
>>=20
>> Cheers,
>> <bn-revert.diff>
>=20
> FWIW, before the workaround I get this from valgrind:
>=20
> =3D=3D10050=3D=3D Invalid read of size 8
> =3D=3D10050=3D=3D    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF =
(bn_exp.c:585)
> =3D=3D10050=3D=3D    by 0x6BA3438: BN_mod_exp_mont_consttime =
(bn_exp.c:760)
> =3D=3D10050=3D=3D    by 0x6B84AB7: ??? (dh_key.c:156)
> =3D=3D10050=3D=3D    by 0x4E4550B: ssh_dh_gen_key (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x42AEBF: kexgex_server (kexgexs.c:115)
> =3D=3D10050=3D=3D    by 0x4E545FE: ssh_kex_input_kexinit (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x4E54BBE: ssh_dispatch_run (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x41085C: do_ssh2_kex (sshd.c:2559)
> =3D=3D10050=3D=3D    by 0x41085C: main (sshd.c:2162)
> =3D=3D10050=3D=3D  Address 0x2078f3580 is not stack'd, malloc'd or =
(recently) free'd
> =3D=3D10050=3D=3D
> =3D=3D10050=3D=3D
> =3D=3D10050=3D=3D Process terminating with default action of signal 11 =
(SIGSEGV): dumping core
> =3D=3D10050=3D=3D  Access not within mapped region at address =
0x2078F3580
> =3D=3D10050=3D=3D    at 0x6BA3438: MOD_EXP_CTIME_COPY_FROM_PREBUF =
(bn_exp.c:585)
> =3D=3D10050=3D=3D    by 0x6BA3438: BN_mod_exp_mont_consttime =
(bn_exp.c:760)
> =3D=3D10050=3D=3D    by 0x6B84AB7: ??? (dh_key.c:156)
> =3D=3D10050=3D=3D    by 0x4E4550B: ssh_dh_gen_key (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x42AEBF: kexgex_server (kexgexs.c:115)
> =3D=3D10050=3D=3D    by 0x4E545FE: ssh_kex_input_kexinit (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x4E54BBE: ssh_dispatch_run (in =
/usr/lib/private/libssh.so.5)
> =3D=3D10050=3D=3D    by 0x41085C: do_ssh2_kex (sshd.c:2559)
> =3D=3D10050=3D=3D    by 0x41085C: main (sshd.c:2162)
> =3D=3D10050=3D=3D  If you believe this happened as a result of a stack
> =3D=3D10050=3D=3D  overflow in your program's main thread (unlikely =
but
> =3D=3D10050=3D=3D  possible), you can try to increase the size of the
> =3D=3D10050=3D=3D  main thread stack using the --main-stacksize=3D =
flag.
> =3D=3D10050=3D=3D  The main thread stack size used in this run was =
16777216.

I think this is a possible fix (it works for me, at least):

Index: crypto/openssl/crypto/bn/bn_exp.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- crypto/openssl/crypto/bn/bn_exp.c   (revision 296469)
+++ crypto/openssl/crypto/bn/bn_exp.c   (working copy)
@@ -758,7 +758,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BI
          * Fetch the appropriate pre-computed value from the pre-buf
          */
         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-            (computeTemp, top, powerbuf, wvalue, numPowers))
+            (computeTemp, top, powerbuf, wvalue, window))
             goto err;

         /* Multiply the result into the intermediate result */

Can people experiencing this problem please apply the above diff to
their openssl, rebuild secure/lib/libcrypto, install it, then restart
sshd and/or whatever daemon you have seen the crashes with?

-Dimitry


--Apple-Mail=_72D411A8-F978-43D7-9D8A-0850E89E6F98
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.29

iEYEARECAAYFAlbgljAACgkQsF6jCi4glqOaJACg1b5D1MkecdIt+NKWk+5tAasm
B8IAoPxqgIr50nIyy5nqMV+sRi3UPopY
=YSAI
-----END PGP SIGNATURE-----

--Apple-Mail=_72D411A8-F978-43D7-9D8A-0850E89E6F98--

From owner-svn-src-releng@freebsd.org  Thu Mar 10 10:03:30 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3445EACA755;
 Thu, 10 Mar 2016 10:03:30 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F212A11B;
 Thu, 10 Mar 2016 10:03:29 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2AA3TjN000916;
 Thu, 10 Mar 2016 10:03:29 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2AA3SRf000908;
 Thu, 10 Mar 2016 10:03:28 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201603101003.u2AA3SRf000908@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Thu, 10 Mar 2016 10:03:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296611 - in releng/9.3: . contrib/bind9/bin/named
 contrib/bind9/bin/rndc contrib/bind9/lib/dns contrib/bind9/lib/isccc
 crypto/openssl/crypto/bn sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 10:03:30 -0000

Author: delphij
Date: Thu Mar 10 10:03:28 2016
New Revision: 296611
URL: https://svnweb.freebsd.org/changeset/base/296611

Log:
  Fix multiple vulnerabilities of BIND. [SA-16:13]
  
  Fix a regression with OpenSSL patch. [SA-16:12]
  
  Approved by:	so

Modified:
  releng/9.3/UPDATING
  releng/9.3/contrib/bind9/bin/named/control.c
  releng/9.3/contrib/bind9/bin/named/controlconf.c
  releng/9.3/contrib/bind9/bin/rndc/rndc.c
  releng/9.3/contrib/bind9/lib/dns/resolver.c
  releng/9.3/contrib/bind9/lib/isccc/cc.c
  releng/9.3/crypto/openssl/crypto/bn/bn_exp.c
  releng/9.3/sys/conf/newvers.sh

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/UPDATING	Thu Mar 10 10:03:28 2016	(r296611)
@@ -11,6 +11,13 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20160310	p38	FreeBSD-SA-16:13.bind
+			FreeBSD-SA-16:12.openssl [revised]
+
+	Fix multiple vulnerabilities of BIND. [SA-16:13]
+
+	Fix a regression with OpenSSL patch. [SA-16:12]
+
 20160303	p37	FreeBSD-SA-16:12.openssl
 
 	Fix multiple vulnerabilities of OpenSSL.

Modified: releng/9.3/contrib/bind9/bin/named/control.c
==============================================================================
--- releng/9.3/contrib/bind9/bin/named/control.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/contrib/bind9/bin/named/control.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *mess
 #endif
 
 	data = isccc_alist_lookup(message, "_data");
-	if (data == NULL) {
+	if (!isccc_alist_alistp(data)) {
 		/*
 		 * No data section.
 		 */

Modified: releng/9.3/contrib/bind9/bin/named/controlconf.c
==============================================================================
--- releng/9.3/contrib/bind9/bin/named/controlconf.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/contrib/bind9/bin/named/controlconf.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2008, 2011-2014  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2014, 2016  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -396,7 +396,7 @@ control_recvmessage(isc_task_t *task, is
 	 * Limit exposure to replay attacks.
 	 */
 	_ctrl = isccc_alist_lookup(request, "_ctrl");
-	if (_ctrl == NULL) {
+	if (!isccc_alist_alistp(_ctrl)) {
 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
 		goto cleanup_request;
 	}

Modified: releng/9.3/contrib/bind9/bin/rndc/rndc.c
==============================================================================
--- releng/9.3/contrib/bind9/bin/rndc/rndc.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/contrib/bind9/bin/rndc/rndc.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -252,8 +252,8 @@ rndc_recvdone(isc_task_t *task, isc_even
 	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
 
 	data = isccc_alist_lookup(response, "_data");
-	if (data == NULL)
-		fatal("no data section in response");
+	if (!isccc_alist_alistp(data))
+		fatal("bad or missing data section in response");
 	result = isccc_cc_lookupstring(data, "err", &errormsg);
 	if (result == ISC_R_SUCCESS) {
 		failed = ISC_TRUE;
@@ -316,8 +316,8 @@ rndc_recvnonce(isc_task_t *task, isc_eve
 	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
 
 	_ctrl = isccc_alist_lookup(response, "_ctrl");
-	if (_ctrl == NULL)
-		fatal("_ctrl section missing");
+	if (!isccc_alist_alistp(_ctrl))
+		fatal("bad or missing ctrl section in response");
 	nonce = 0;
 	if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
 		nonce = 0;

Modified: releng/9.3/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/9.3/contrib/bind9/lib/dns/resolver.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/contrib/bind9/lib/dns/resolver.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -5385,14 +5385,11 @@ cname_target(dns_rdataset_t *rdataset, d
 }
 
 static inline isc_result_t
-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
-	     dns_name_t *oname, dns_fixedname_t *fixeddname)
+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
+	     unsigned int nlabels, dns_fixedname_t *fixeddname)
 {
 	isc_result_t result;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
-	unsigned int nlabels;
-	int order;
-	dns_namereln_t namereln;
 	dns_rdata_dname_t dname;
 	dns_fixedname_t prefix;
 
@@ -5407,21 +5404,6 @@ dname_target(fetchctx_t *fctx, dns_rdata
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	/*
-	 * Get the prefix of qname.
-	 */
-	namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
-	if (namereln != dns_namereln_subdomain) {
-		char qbuf[DNS_NAME_FORMATSIZE];
-		char obuf[DNS_NAME_FORMATSIZE];
-
-		dns_rdata_freestruct(&dname);
-		dns_name_format(qname, qbuf, sizeof(qbuf));
-		dns_name_format(oname, obuf, sizeof(obuf));
-		log_formerr(fctx, "unrelated DNAME in answer: "
-				   "%s is not in %s", qbuf, obuf);
-		return (DNS_R_FORMERR);
-	}
 	dns_fixedname_init(&prefix);
 	dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
 	dns_fixedname_init(fixeddname);
@@ -6034,13 +6016,13 @@ static isc_result_t
 answer_response(fetchctx_t *fctx) {
 	isc_result_t result;
 	dns_message_t *message;
-	dns_name_t *name, *qname, tname, *ns_name;
+	dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
 	dns_rdataset_t *rdataset, *ns_rdataset;
 	isc_boolean_t done, external, chaining, aa, found, want_chaining;
 	isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
 	unsigned int aflag;
 	dns_rdatatype_t type;
-	dns_fixedname_t dname, fqname;
+	dns_fixedname_t fdname, fqname;
 	dns_view_t *view;
 
 	FCTXTRACE("answer_response");
@@ -6068,10 +6050,15 @@ answer_response(fetchctx_t *fctx) {
 	view = fctx->res->view;
 	result = dns_message_firstname(message, DNS_SECTION_ANSWER);
 	while (!done && result == ISC_R_SUCCESS) {
+		dns_namereln_t namereln;
+		int order;
+		unsigned int nlabels;
+
 		name = NULL;
 		dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
 		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
-		if (dns_name_equal(name, qname)) {
+		namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+		if (namereln == dns_namereln_equal) {
 			wanted_chaining = ISC_FALSE;
 			for (rdataset = ISC_LIST_HEAD(name->list);
 			     rdataset != NULL;
@@ -6196,10 +6183,11 @@ answer_response(fetchctx_t *fctx) {
 						 */
 						INSIST(!external);
 						if (aflag ==
-						    DNS_RDATASETATTR_ANSWER)
+						    DNS_RDATASETATTR_ANSWER) {
 							have_answer = ISC_TRUE;
-						name->attributes |=
-							DNS_NAMEATTR_ANSWER;
+							name->attributes |=
+								DNS_NAMEATTR_ANSWER;
+						}
 						rdataset->attributes |= aflag;
 						if (aa)
 							rdataset->trust =
@@ -6254,6 +6242,8 @@ answer_response(fetchctx_t *fctx) {
 			if (wanted_chaining)
 				chaining = ISC_TRUE;
 		} else {
+			dns_rdataset_t *dnameset = NULL;
+
 			/*
 			 * Look for a DNAME (or its SIG).  Anything else is
 			 * ignored.
@@ -6261,32 +6251,56 @@ answer_response(fetchctx_t *fctx) {
 			wanted_chaining = ISC_FALSE;
 			for (rdataset = ISC_LIST_HEAD(name->list);
 			     rdataset != NULL;
-			     rdataset = ISC_LIST_NEXT(rdataset, link)) {
-				isc_boolean_t found_dname = ISC_FALSE;
-				dns_name_t *dname_name;
+			     rdataset = ISC_LIST_NEXT(rdataset, link))
+			{
+				/*
+				 * Only pass DNAME or RRSIG(DNAME).
+				 */
+				if (rdataset->type != dns_rdatatype_dname &&
+				    (rdataset->type != dns_rdatatype_rrsig ||
+				     rdataset->covers != dns_rdatatype_dname))
+					continue;
+
+				/*
+				 * If we're not chaining, then the DNAME and
+				 * its signature should not be external.
+				 */
+				if (!chaining && external) {
+					char qbuf[DNS_NAME_FORMATSIZE];
+					char obuf[DNS_NAME_FORMATSIZE];
+
+					dns_name_format(name, qbuf,
+							sizeof(qbuf));
+					dns_name_format(&fctx->domain, obuf,
+							sizeof(obuf));
+					log_formerr(fctx, "external DNAME or "
+						    "RRSIG covering DNAME "
+						    "in answer: %s is "
+						    "not in %s", qbuf, obuf);
+					return (DNS_R_FORMERR);
+				}
+
+				if (namereln != dns_namereln_subdomain) {
+					char qbuf[DNS_NAME_FORMATSIZE];
+					char obuf[DNS_NAME_FORMATSIZE];
+
+					dns_name_format(qname, qbuf,
+							sizeof(qbuf));
+					dns_name_format(name, obuf,
+							sizeof(obuf));
+					log_formerr(fctx, "unrelated DNAME "
+						    "in answer: %s is "
+						    "not in %s", qbuf, obuf);
+					return (DNS_R_FORMERR);
+				}
 
-				found = ISC_FALSE;
 				aflag = 0;
 				if (rdataset->type == dns_rdatatype_dname) {
-					/*
-					 * We're looking for something else,
-					 * but we found a DNAME.
-					 *
-					 * If we're not chaining, then the
-					 * DNAME should not be external.
-					 */
-					if (!chaining && external) {
-						log_formerr(fctx,
-							    "external DNAME");
-						return (DNS_R_FORMERR);
-					}
-					found = ISC_TRUE;
 					want_chaining = ISC_TRUE;
 					POST(want_chaining);
 					aflag = DNS_RDATASETATTR_ANSWER;
-					result = dname_target(fctx, rdataset,
-							      qname, name,
-							      &dname);
+					result = dname_target(rdataset, qname,
+							      nlabels, &fdname);
 					if (result == ISC_R_NOSPACE) {
 						/*
 						 * We can't construct the
@@ -6298,90 +6312,73 @@ answer_response(fetchctx_t *fctx) {
 					} else if (result != ISC_R_SUCCESS)
 						return (result);
 					else
-						found_dname = ISC_TRUE;
+						dnameset = rdataset;
 
-					dname_name = dns_fixedname_name(&dname);
+					dname = dns_fixedname_name(&fdname);
 					if (!is_answertarget_allowed(view,
-							qname,
-							rdataset->type,
-							dname_name,
-							&fctx->domain)) {
+							qname, rdataset->type,
+							dname, &fctx->domain)) {
 						return (DNS_R_SERVFAIL);
 					}
-				} else if (rdataset->type == dns_rdatatype_rrsig
-					   && rdataset->covers ==
-					   dns_rdatatype_dname) {
+				} else {
 					/*
 					 * We've found a signature that
 					 * covers the DNAME.
 					 */
-					found = ISC_TRUE;
 					aflag = DNS_RDATASETATTR_ANSWERSIG;
 				}
 
-				if (found) {
+				/*
+				 * We've found an answer to our
+				 * question.
+				 */
+				name->attributes |= DNS_NAMEATTR_CACHE;
+				rdataset->attributes |= DNS_RDATASETATTR_CACHE;
+				rdataset->trust = dns_trust_answer;
+				if (!chaining) {
 					/*
-					 * We've found an answer to our
-					 * question.
+					 * This data is "the" answer to
+					 * our question only if we're
+					 * not chaining.
 					 */
-					name->attributes |=
-						DNS_NAMEATTR_CACHE;
-					rdataset->attributes |=
-						DNS_RDATASETATTR_CACHE;
-					rdataset->trust = dns_trust_answer;
-					if (!chaining) {
-						/*
-						 * This data is "the" answer
-						 * to our question only if
-						 * we're not chaining.
-						 */
-						INSIST(!external);
-						if (aflag ==
-						    DNS_RDATASETATTR_ANSWER)
-							have_answer = ISC_TRUE;
+					INSIST(!external);
+					if (aflag == DNS_RDATASETATTR_ANSWER) {
+						have_answer = ISC_TRUE;
 						name->attributes |=
 							DNS_NAMEATTR_ANSWER;
-						rdataset->attributes |= aflag;
-						if (aa)
-							rdataset->trust =
-							  dns_trust_authanswer;
-					} else if (external) {
-						rdataset->attributes |=
-						    DNS_RDATASETATTR_EXTERNAL;
-					}
-
-					/*
-					 * DNAME chaining.
-					 */
-					if (found_dname) {
-						/*
-						 * Copy the dname into the
-						 * qname fixed name.
-						 *
-						 * Although we check for
-						 * failure of the copy
-						 * operation, in practice it
-						 * should never fail since
-						 * we already know that the
-						 * result fits in a fixedname.
-						 */
-						dns_fixedname_init(&fqname);
-						result = dns_name_copy(
-						  dns_fixedname_name(&dname),
-						  dns_fixedname_name(&fqname),
-						  NULL);
-						if (result != ISC_R_SUCCESS)
-							return (result);
-						wanted_chaining = ISC_TRUE;
-						name->attributes |=
-							DNS_NAMEATTR_CHAINING;
-						rdataset->attributes |=
-						    DNS_RDATASETATTR_CHAINING;
-						qname = dns_fixedname_name(
-								   &fqname);
 					}
+					rdataset->attributes |= aflag;
+					if (aa)
+						rdataset->trust =
+						  dns_trust_authanswer;
+				} else if (external) {
+					rdataset->attributes |=
+					    DNS_RDATASETATTR_EXTERNAL;
 				}
 			}
+
+			/*
+			 * DNAME chaining.
+			 */
+			if (dnameset != NULL) {
+				/*
+				 * Copy the dname into the qname fixed name.
+				 *
+				 * Although we check for failure of the copy
+				 * operation, in practice it should never fail
+				 * since we already know that the  result fits
+				 * in a fixedname.
+				 */
+				dns_fixedname_init(&fqname);
+				qname = dns_fixedname_name(&fqname);
+				result = dns_name_copy(dname, qname, NULL);
+				if (result != ISC_R_SUCCESS)
+					return (result);
+				wanted_chaining = ISC_TRUE;
+				name->attributes |= DNS_NAMEATTR_CHAINING;
+				dnameset->attributes |=
+					    DNS_RDATASETATTR_CHAINING;
+			}
 			if (wanted_chaining)
 				chaining = ISC_TRUE;
 		}

Modified: releng/9.3/contrib/bind9/lib/isccc/cc.c
==============================================================================
--- releng/9.3/contrib/bind9/lib/isccc/cc.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/contrib/bind9/lib/isccc/cc.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -287,10 +287,10 @@ verify(isccc_sexpr_t *alist, unsigned ch
 	 * Extract digest.
 	 */
 	_auth = isccc_alist_lookup(alist, "_auth");
-	if (_auth == NULL)
+	if (!isccc_alist_alistp(_auth))
 		return (ISC_R_FAILURE);
 	hmd5 = isccc_alist_lookup(_auth, "hmd5");
-	if (hmd5 == NULL)
+	if (!isccc_sexpr_binaryp(hmd5))
 		return (ISC_R_FAILURE);
 	/*
 	 * Compute digest.
@@ -545,7 +545,7 @@ isccc_cc_createack(isccc_sexpr_t *messag
 	REQUIRE(ackp != NULL && *ackp == NULL);
 
 	_ctrl = isccc_alist_lookup(message, "_ctrl");
-	if (_ctrl == NULL ||
+	if (!isccc_alist_alistp(_ctrl) ||
 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
 	    isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
 		return (ISC_R_FAILURE);
@@ -590,7 +590,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
 	isccc_sexpr_t *_ctrl;
 
 	_ctrl = isccc_alist_lookup(message, "_ctrl");
-	if (_ctrl == NULL)
+	if (!isccc_alist_alistp(_ctrl))
 		return (ISC_FALSE);
 	if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
 		return (ISC_TRUE);
@@ -603,7 +603,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
 	isccc_sexpr_t *_ctrl;
 
 	_ctrl = isccc_alist_lookup(message, "_ctrl");
-	if (_ctrl == NULL)
+	if (!isccc_alist_alistp(_ctrl))
 		return (ISC_FALSE);
 	if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
 		return (ISC_TRUE);
@@ -623,7 +623,7 @@ isccc_cc_createresponse(isccc_sexpr_t *m
 
 	_ctrl = isccc_alist_lookup(message, "_ctrl");
 	_data = isccc_alist_lookup(message, "_data");
-	if (_ctrl == NULL || _data == NULL ||
+	if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
 	    isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
 		return (ISC_R_FAILURE);
@@ -812,7 +812,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab
 	isccc_sexpr_t *_ctrl;
 
 	_ctrl = isccc_alist_lookup(message, "_ctrl");
-	if (_ctrl == NULL ||
+	if (!isccc_alist_alistp(_ctrl) ||
 	    isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
 	    isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
 		return (ISC_R_FAILURE);

Modified: releng/9.3/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- releng/9.3/crypto/openssl/crypto/bn/bn_exp.c	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/crypto/openssl/crypto/bn/bn_exp.c	Thu Mar 10 10:03:28 2016	(r296611)
@@ -107,13 +107,13 @@
  * (eay@cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh@cryptsoft.com).
  *
- */
-
-#include "cryptlib.h"
-#include "constant_time_locl.h"
-#include "bn_lcl.h"
-
-/* maximum precomputation table size for *variable* sliding windows */
+ */
+
+#include "cryptlib.h"
+#include "constant_time_locl.h"
+#include "bn_lcl.h"
+
+/* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE      32
 
 /* this one works - simple but works */
@@ -521,79 +521,79 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
  * pattern as far as cache lines are concerned.  The following functions are
  * used to transfer a BIGNUM from/to that table.
  */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
-                                        unsigned char *buf, int idx,
-                                        int window)
-{
-    int i, j;
-    int width = 1 << window;
-    BN_ULONG *table = (BN_ULONG *)buf;
-
-    if (bn_wexpand(b, top) == NULL)
-        return 0;
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int window)
+{
+    int i, j;
+    int width = 1 << window;
+    BN_ULONG *table = (BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
     while (b->top < top) {
-        b->d[b->top++] = 0;
-    }
-
-    for (i = 0, j = idx; i < top; i++, j += width) {
-        table[j] = b->d[i];
-    }
-
-    bn_correct_top(b);
+        b->d[b->top++] = 0;
+    }
+
+    for (i = 0, j = idx; i < top; i++, j += width) {
+        table[j] = b->d[i];
+    }
+
+    bn_correct_top(b);
     return 1;
 }
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
-                                          unsigned char *buf, int idx,
-                                          int window)
-{
-    int i, j;
-    int width = 1 << window;
-    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
-    if (bn_wexpand(b, top) == NULL)
-        return 0;
-
-    if (window <= 3) {
-        for (i = 0; i < top; i++, table += width) {
-            BN_ULONG acc = 0;
-
-            for (j = 0; j < width; j++) {
-                acc |= table[j] &
-                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
-            }
-
-            b->d[i] = acc;
-        }
-    } else {
-        int xstride = 1 << (window - 2);
-        BN_ULONG y0, y1, y2, y3;
-
-        i = idx >> (window - 2);        /* equivalent of idx / xstride */
-        idx &= xstride - 1;             /* equivalent of idx % xstride */
-
-        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
-        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
-        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
-        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
-
-        for (i = 0; i < top; i++, table += width) {
-            BN_ULONG acc = 0;
-
-            for (j = 0; j < xstride; j++) {
-                acc |= ( (table[j + 0 * xstride] & y0) |
-                         (table[j + 1 * xstride] & y1) |
-                         (table[j + 2 * xstride] & y2) |
-                         (table[j + 3 * xstride] & y3) )
-                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
-            }
-
-            b->d[i] = acc;
-        }
-    }
-
-    b->top = top;
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int window)
+{
+    int i, j;
+    int width = 1 << window;
+    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    if (window <= 3) {
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < width; j++) {
+                acc |= table[j] &
+                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    } else {
+        int xstride = 1 << (window - 2);
+        BN_ULONG y0, y1, y2, y3;
+
+        i = idx >> (window - 2);        /* equivalent of idx / xstride */
+        idx &= xstride - 1;             /* equivalent of idx % xstride */
+
+        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < xstride; j++) {
+                acc |= ( (table[j + 0 * xstride] & y0) |
+                         (table[j + 1 * xstride] & y1) |
+                         (table[j + 2 * xstride] & y2) |
+                         (table[j + 3 * xstride] & y3) )
+                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    }
+
+    b->top = top;
     bn_correct_top(b);
     return 1;
 }
@@ -684,13 +684,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
     /*
      * Initialize the intermediate result. Do this early to save double
      * conversion, once each for a^0 and intermediate result.
-     */
-    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
-        goto err;
-    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, window))
-        goto err;
-
-    /* Initialize computeTemp as a^1 with montgomery precalcs */
+     */
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, window))
+        goto err;
+
+    /* Initialize computeTemp as a^1 with montgomery precalcs */
     computeTemp = BN_CTX_get(ctx);
     am = BN_CTX_get(ctx);
     if (computeTemp == NULL || am == NULL)
@@ -703,13 +703,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
     } else
         aa = a;
     if (!BN_to_montgomery(am, aa, mont, ctx))
-        goto err;
-    if (!BN_copy(computeTemp, am))
-        goto err;
-    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, window))
-        goto err;
-
-    /*
+        goto err;
+    if (!BN_copy(computeTemp, am))
+        goto err;
+    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, window))
+        goto err;
+
+    /*
      * If the window size is greater than 1, then calculate
      * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers
      * could instead be computed as (a^(i/2))^2 to use the slight performance
@@ -718,14 +718,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
     if (window > 1) {
         for (i = 2; i < numPowers; i++) {
             /* Calculate a^i = a^(i-1) * a */
-            if (!BN_mod_mul_montgomery
-                (computeTemp, am, computeTemp, mont, ctx))
-                goto err;
-            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i,
-                                              window))
-                goto err;
-        }
-    }
+            if (!BN_mod_mul_montgomery
+                (computeTemp, am, computeTemp, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i,
+                                              window))
+                goto err;
+        }
+    }
 
     /*
      * Adjust the number of bits up to a multiple of the window size. If the
@@ -758,7 +758,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
          * Fetch the appropriate pre-computed value from the pre-buf
          */
         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-            (computeTemp, top, powerbuf, wvalue, numPowers))
+            (computeTemp, top, powerbuf, wvalue, window))
             goto err;
 
         /* Multiply the result into the intermediate result */

Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh	Thu Mar 10 09:01:19 2016	(r296610)
+++ releng/9.3/sys/conf/newvers.sh	Thu Mar 10 10:03:28 2016	(r296611)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p37"
+BRANCH="RELEASE-p38"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

From owner-svn-src-releng@freebsd.org  Thu Mar 10 23:37:36 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C61EBACB6D0;
 Thu, 10 Mar 2016 23:37:36 +0000 (UTC)
 (envelope-from marius@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 986C86DD;
 Thu, 10 Mar 2016 23:37:36 +0000 (UTC)
 (envelope-from marius@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2ANbZeH052877;
 Thu, 10 Mar 2016 23:37:35 GMT (envelope-from marius@FreeBSD.org)
Received: (from marius@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2ANbZJG052876;
 Thu, 10 Mar 2016 23:37:35 GMT (envelope-from marius@FreeBSD.org)
Message-Id: <201603102337.u2ANbZJG052876@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: marius set sender to
 marius@FreeBSD.org using -f
From: Marius Strobl <marius@FreeBSD.org>
Date: Thu, 10 Mar 2016 23:37:35 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296630 - releng/10.3/release/pkg_repos
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 23:37:36 -0000

Author: marius
Date: Thu Mar 10 23:37:35 2016
New Revision: 296630
URL: https://svnweb.freebsd.org/changeset/base/296630

Log:
  Switch the pkg(8) repository to use the 10.3 release package set for
  consistent DVD image creation.
  
  This is a direct commit to releng/10.3.
  
  Submitted by:	gjb
  Approved by:	re (implicit)

Modified:
  releng/10.3/release/pkg_repos/release-dvd.conf

Modified: releng/10.3/release/pkg_repos/release-dvd.conf
==============================================================================
--- releng/10.3/release/pkg_repos/release-dvd.conf	Thu Mar 10 23:37:16 2016	(r296629)
+++ releng/10.3/release/pkg_repos/release-dvd.conf	Thu Mar 10 23:37:35 2016	(r296630)
@@ -1,6 +1,6 @@
 # $FreeBSD$
 release: {
-  url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly",
+  url: "pkg+http://pkg.FreeBSD.org/${ABI}/release_3",
   mirror_type: "srv",
   signature_type: "fingerprints",
   fingerprints: "/usr/share/keys/pkg",

From owner-svn-src-releng@freebsd.org  Thu Mar 10 23:45:24 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD8ABACBA41;
 Thu, 10 Mar 2016 23:45:24 +0000 (UTC) (envelope-from smh@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8FC58C7B;
 Thu, 10 Mar 2016 23:45:24 +0000 (UTC) (envelope-from smh@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2ANjNIa055980;
 Thu, 10 Mar 2016 23:45:23 GMT (envelope-from smh@FreeBSD.org)
Received: (from smh@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2ANjNxX055978;
 Thu, 10 Mar 2016 23:45:23 GMT (envelope-from smh@FreeBSD.org)
Message-Id: <201603102345.u2ANjNxX055978@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: smh set sender to smh@FreeBSD.org
 using -f
From: Steven Hartland <smh@FreeBSD.org>
Date: Thu, 10 Mar 2016 23:45:23 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296631 -
 releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 23:45:25 -0000

Author: smh
Date: Thu Mar 10 23:45:23 2016
New Revision: 296631
URL: https://svnweb.freebsd.org/changeset/base/296631

Log:
  MFS r296629:
  
  ZFS send fails to transmit some holes
  
  PR:		207714
  Approved by:	re (gjb)
  Sponsored by:	Multiplay

Modified:
  releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_object.c
  releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_traverse.c
Directory Properties:
  releng/10.3/   (props changed)

Modified: releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_object.c
==============================================================================
--- releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_object.c	Thu Mar 10 23:37:35 2016	(r296630)
+++ releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_object.c	Thu Mar 10 23:45:23 2016	(r296631)
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2013, 2014 by Delphix. All rights reserved.
+ * Copyright (c) 2013, 2015 by Delphix. All rights reserved.
  * Copyright 2014 HybridCluster. All rights reserved.
  */
 
@@ -50,6 +50,12 @@ dmu_object_alloc(objset_t *os, dmu_objec
 		 * reasonably sparse (at most 1/4 full).  Look from the
 		 * beginning once, but after that keep looking from here.
 		 * If we can't find one, just keep going from here.
+		 *
+		 * Note that dmu_traverse depends on the behavior that we use
+		 * multiple blocks of the dnode object before going back to
+		 * reuse objects.  Any change to this algorithm should preserve
+		 * that property or find another solution to the issues
+		 * described in traverse_visitbp.
 		 */
 		if (P2PHASE(object, L2_dnode_count) == 0) {
 			uint64_t offset = restarted ? object << DNODE_SHIFT : 0;

Modified: releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_traverse.c
==============================================================================
--- releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_traverse.c	Thu Mar 10 23:37:35 2016	(r296630)
+++ releng/10.3/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_traverse.c	Thu Mar 10 23:45:23 2016	(r296631)
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2012, 2014 by Delphix. All rights reserved.
+ * Copyright (c) 2012, 2016 by Delphix. All rights reserved.
  * Copyright (c) 2015 Chunwei Chen. All rights reserved.
  */
 
@@ -63,6 +63,7 @@ typedef struct traverse_data {
 	uint64_t td_hole_birth_enabled_txg;
 	blkptr_cb_t *td_func;
 	void *td_arg;
+	boolean_t td_realloc_possible;
 } traverse_data_t;
 
 static int traverse_dnode(traverse_data_t *td, const dnode_phys_t *dnp,
@@ -232,18 +233,30 @@ traverse_visitbp(traverse_data_t *td, co
 
 	if (bp->blk_birth == 0) {
 		/*
-		 * Since this block has a birth time of 0 it must be a
-		 * hole created before the SPA_FEATURE_HOLE_BIRTH
-		 * feature was enabled.  If SPA_FEATURE_HOLE_BIRTH
-		 * was enabled before the min_txg for this traveral we
-		 * know the hole must have been created before the
-		 * min_txg for this traveral, so we can skip it. If
-		 * SPA_FEATURE_HOLE_BIRTH was enabled after the min_txg
-		 * for this traveral we cannot tell if the hole was
-		 * created before or after the min_txg for this
-		 * traversal, so we cannot skip it.
+		 * Since this block has a birth time of 0 it must be one of
+		 * two things: a hole created before the
+		 * SPA_FEATURE_HOLE_BIRTH feature was enabled, or a hole
+		 * which has always been a hole in an object.
+		 *
+		 * If a file is written sparsely, then the unwritten parts of
+		 * the file were "always holes" -- that is, they have been
+		 * holes since this object was allocated.  However, we (and
+		 * our callers) can not necessarily tell when an object was
+		 * allocated.  Therefore, if it's possible that this object
+		 * was freed and then its object number reused, we need to
+		 * visit all the holes with birth==0.
+		 *
+		 * If it isn't possible that the object number was reused,
+		 * then if SPA_FEATURE_HOLE_BIRTH was enabled before we wrote
+		 * all the blocks we will visit as part of this traversal,
+		 * then this hole must have always existed, so we can skip
+		 * it.  We visit blocks born after (exclusive) td_min_txg.
+		 *
+		 * Note that the meta-dnode cannot be reallocated.
 		 */
-		if (td->td_hole_birth_enabled_txg < td->td_min_txg)
+		if ((!td->td_realloc_possible ||
+		    zb->zb_object == DMU_META_DNODE_OBJECT) &&
+		    td->td_hole_birth_enabled_txg <= td->td_min_txg)
 			return (0);
 	} else if (bp->blk_birth <= td->td_min_txg) {
 		return (0);
@@ -338,6 +351,15 @@ traverse_visitbp(traverse_data_t *td, co
 		objset_phys_t *osp = buf->b_data;
 		prefetch_dnode_metadata(td, &osp->os_meta_dnode, zb->zb_objset,
 		    DMU_META_DNODE_OBJECT);
+		/*
+		 * See the block comment above for the goal of this variable.
+		 * If the maxblkid of the meta-dnode is 0, then we know that
+		 * we've never had more than DNODES_PER_BLOCK objects in the
+		 * dataset, which means we can't have reused any object ids.
+		 */
+		if (osp->os_meta_dnode.dn_maxblkid == 0)
+			td->td_realloc_possible = B_FALSE;
+
 		if (arc_buf_size(buf) >= sizeof (objset_phys_t)) {
 			prefetch_dnode_metadata(td, &osp->os_groupused_dnode,
 			    zb->zb_objset, DMU_GROUPUSED_OBJECT);
@@ -544,12 +566,13 @@ traverse_impl(spa_t *spa, dsl_dataset_t 
 	td.td_pfd = &pd;
 	td.td_flags = flags;
 	td.td_paused = B_FALSE;
+	td.td_realloc_possible = (txg_start == 0 ? B_FALSE : B_TRUE);
 
 	if (spa_feature_is_active(spa, SPA_FEATURE_HOLE_BIRTH)) {
 		VERIFY(spa_feature_enabled_txg(spa,
 		    SPA_FEATURE_HOLE_BIRTH, &td.td_hole_birth_enabled_txg));
 	} else {
-		td.td_hole_birth_enabled_txg = 0;
+		td.td_hole_birth_enabled_txg = UINT64_MAX;
 	}
 
 	pd.pd_flags = flags;

From owner-svn-src-releng@freebsd.org  Fri Mar 11 00:06:19 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF182ACC408;
 Fri, 11 Mar 2016 00:06:19 +0000 (UTC)
 (envelope-from marius@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 822D39D8;
 Fri, 11 Mar 2016 00:06:19 +0000 (UTC)
 (envelope-from marius@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2B06ItV062183;
 Fri, 11 Mar 2016 00:06:18 GMT (envelope-from marius@FreeBSD.org)
Received: (from marius@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2B06IMF062182;
 Fri, 11 Mar 2016 00:06:18 GMT (envelope-from marius@FreeBSD.org)
Message-Id: <201603110006.u2B06IMF062182@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: marius set sender to
 marius@FreeBSD.org using -f
From: Marius Strobl <marius@FreeBSD.org>
Date: Fri, 11 Mar 2016 00:06:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r296632 - releng/10.3/sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 00:06:19 -0000

Author: marius
Date: Fri Mar 11 00:06:18 2016
New Revision: 296632
URL: https://svnweb.freebsd.org/changeset/base/296632

Log:
  Update releng/10.3 to RC2 in preparation for 10.3-RC2 builds.
  
  Approved by:	re (implicit)

Modified:
  releng/10.3/sys/conf/newvers.sh

Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh	Thu Mar 10 23:45:23 2016	(r296631)
+++ releng/10.3/sys/conf/newvers.sh	Fri Mar 11 00:06:18 2016	(r296632)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.3"
-BRANCH="RC1"
+BRANCH="RC2"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi