From owner-svn-src-releng@FreeBSD.ORG  Tue Jun  9 22:13:30 2015
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E111553D;
 Tue,  9 Jun 2015 22:13:30 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CADB011C6;
 Tue,  9 Jun 2015 22:13:30 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t59MDU2p055284;
 Tue, 9 Jun 2015 22:13:30 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t59MDQ26055261;
 Tue, 9 Jun 2015 22:13:26 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201506092213.t59MDQ26055261@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 9 Jun 2015 22:13:25 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r284193 - in releng/10.1: . contrib/file contrib/file/doc
 contrib/file/magic contrib/file/magic/Magdir contrib/file/src lib/libmagic
 sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2015 22:13:31 -0000

Author: delphij
Date: Tue Jun  9 22:13:25 2015
New Revision: 284193
URL: https://svnweb.freebsd.org/changeset/base/284193

Log:
  Update base system file(1) to 5.22 to address multiple denial of
  service issues. [EN-15:06]
  
  Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
  [EN-15:07]
  
  Approved by:	so

Added:
  releng/10.1/contrib/file/magic/Magdir/kerberos
  releng/10.1/contrib/file/magic/Magdir/meteorological
  releng/10.1/contrib/file/magic/Magdir/qt
Deleted:
  releng/10.1/contrib/file/magic/Magdir/rinex
Modified:
  releng/10.1/UPDATING
  releng/10.1/contrib/file/ChangeLog
  releng/10.1/contrib/file/README
  releng/10.1/contrib/file/TODO
  releng/10.1/contrib/file/config.h.in
  releng/10.1/contrib/file/configure
  releng/10.1/contrib/file/configure.ac
  releng/10.1/contrib/file/doc/file.man
  releng/10.1/contrib/file/doc/libmagic.man
  releng/10.1/contrib/file/doc/magic.man
  releng/10.1/contrib/file/magic/Magdir/android
  releng/10.1/contrib/file/magic/Magdir/animation
  releng/10.1/contrib/file/magic/Magdir/archive
  releng/10.1/contrib/file/magic/Magdir/blender
  releng/10.1/contrib/file/magic/Magdir/cafebabe
  releng/10.1/contrib/file/magic/Magdir/commands
  releng/10.1/contrib/file/magic/Magdir/compress
  releng/10.1/contrib/file/magic/Magdir/database
  releng/10.1/contrib/file/magic/Magdir/elf
  releng/10.1/contrib/file/magic/Magdir/filesystems
  releng/10.1/contrib/file/magic/Magdir/images
  releng/10.1/contrib/file/magic/Magdir/jpeg
  releng/10.1/contrib/file/magic/Magdir/linux
  releng/10.1/contrib/file/magic/Magdir/macintosh
  releng/10.1/contrib/file/magic/Magdir/msooxml
  releng/10.1/contrib/file/magic/Magdir/netbsd
  releng/10.1/contrib/file/magic/Magdir/pascal
  releng/10.1/contrib/file/magic/Magdir/pgp
  releng/10.1/contrib/file/magic/Magdir/python
  releng/10.1/contrib/file/magic/Magdir/riff
  releng/10.1/contrib/file/magic/Magdir/sequent
  releng/10.1/contrib/file/magic/Magdir/sereal
  releng/10.1/contrib/file/magic/Magdir/ssh
  releng/10.1/contrib/file/magic/Magdir/vms
  releng/10.1/contrib/file/magic/Magdir/vorbis
  releng/10.1/contrib/file/magic/Magdir/windows
  releng/10.1/contrib/file/magic/Makefile.am
  releng/10.1/contrib/file/magic/Makefile.in
  releng/10.1/contrib/file/src/Makefile.in
  releng/10.1/contrib/file/src/apprentice.c
  releng/10.1/contrib/file/src/ascmagic.c
  releng/10.1/contrib/file/src/cdf.c
  releng/10.1/contrib/file/src/cdf.h
  releng/10.1/contrib/file/src/compress.c
  releng/10.1/contrib/file/src/elfclass.h
  releng/10.1/contrib/file/src/encoding.c
  releng/10.1/contrib/file/src/file.c
  releng/10.1/contrib/file/src/file.h
  releng/10.1/contrib/file/src/file_opts.h
  releng/10.1/contrib/file/src/fsmagic.c
  releng/10.1/contrib/file/src/funcs.c
  releng/10.1/contrib/file/src/getline.c
  releng/10.1/contrib/file/src/magic.c
  releng/10.1/contrib/file/src/magic.h
  releng/10.1/contrib/file/src/magic.h.in
  releng/10.1/contrib/file/src/pread.c
  releng/10.1/contrib/file/src/readcdf.c
  releng/10.1/contrib/file/src/readelf.c
  releng/10.1/contrib/file/src/softmagic.c
  releng/10.1/contrib/file/src/vasprintf.c
  releng/10.1/lib/libmagic/config.h
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_disk.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_file.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
  releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_label.c
  releng/10.1/sys/conf/newvers.sh

Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/UPDATING	Tue Jun  9 22:13:25 2015	(r284193)
@@ -16,6 +16,15 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20150609:	p29	FreeBSD-EN-15:06.file
+			FreeBSD-EN-15:07.zfs
+
+	Updated base system file(1) to 5.22 to address multiple denial
+	of service issues. [EN-15:06]
+
+	Improved reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
+	[EN-15:07]
+
 20150513:	p10	FreeBSD-EN-15:04.freebsd-update
 			FreeBSD-EN-15:05.ufs
 

Modified: releng/10.1/contrib/file/ChangeLog
==============================================================================
--- releng/10.1/contrib/file/ChangeLog	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/ChangeLog	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,3 +1,97 @@
+2015-01-02  15:15  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.22
+
+2015-01-01  12:01  Christos Zoulas <christos@zoulas.com>
+
+	* add indirect relative for TIFF/Exif
+
+2014-12-16  18:10  Christos Zoulas <christos@zoulas.com>
+	
+	* restructure elf note printing to avoid repeated messages
+	* add note limit, suggested by Alexander Cherepanov
+
+2014-12-16  16:53  Christos Zoulas <christos@zoulas.com>
+	
+	* Bail out on partial pread()'s (Alexander Cherepanov)
+	* Fix incorrect bounds check in file_printable (Alexander Cherepanov)
+
+2014-12-11  20:01  Christos Zoulas <christos@zoulas.com>
+
+	* PR/405: ignore SIGPIPE from uncompress programs
+	* change printable -> file_printable and use it in
+	  more places for safety
+	* in ELF, instead of "(uses dynamic libraries)" when PT_INTERP
+	  is present print the interpreter name.
+	
+2014-12-10  20:01  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.21
+
+2014-11-27  18:40  Christos Zoulas <christos@zoulas.com>
+
+	* Allow setting more parameters from the command line.
+	* Split name/use and indirect magic recursion limits.
+
+2014-11-27  11:12  Christos Zoulas <christos@zoulas.com>
+
+	* Adjust ELF parameters and the default recursion
+	  level.
+	* Allow setting the recursion level dynamically.
+
+2014-11-24   8:55  Christos Zoulas <christos@zoulas.com>
+
+	* The following fixes resulted from Thomas Jarosch's fuzzing
+	  tests that revealed severe performance issues on pathological
+	  input:
+	    - limit number of elf program and sections processing
+	    - abort elf note processing quickly
+	    - reduce the number of recursion levels from 20 to 10
+	    - preserve error messages in indirect magic handling
+
+	This is tracked as CVE-2014-8116 and CVE-2014-8117
+
+2014-11-12  10:30  Christos Zoulas <christos@zoulas.com>
+
+	* fix bogus free in the user buffer case.
+
+2014-11-11  12:35  Christos Zoulas <christos@zoulas.com>
+
+	* fix out of bounds read for pascal strings
+	* fix memory leak (not freeing the head of each mlist)
+
+2014-11-07  10:25  Christos Zoulas <christos@zoulas.com>
+
+	* When printing strings from a file, convert them to printable
+	  on a byte by byte basis, so that we don't get issues with
+	  locale's trying to interpret random byte streams as UTF-8 and
+	  having printf error out with EILSEQ.
+	  
+2014-10-17  11:48  Christos Zoulas <christos@zoulas.com>
+
+	* fix bounds in note reading (Francisco Alonso / Red Hat)
+
+2014-10-11  15:02  Christos Zoulas <christos@zoulas.com>
+
+	* fix autoconf glue for setlocale and locale_t; some OS's
+	  have locale_t in xlocale.h
+
+2014-10-10  15:01  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.20
+
+2014-08-17  10:01  Christos Zoulas <christos@zoulas.com>
+
+	* recognize encrypted CDF documents
+
+2014-08-04   9:18  Christos Zoulas <christos@zoulas.com>
+
+	* add magic_load_buffers from Brooks Davis
+
+2014-07-24  16:40  Christos Zoulas <christos@zoulas.com>
+
+	* add thumbs.db support
+
 2014-06-12  12:28  Christos Zoulas <christos@zoulas.com>
 
 	* release 5.19

Modified: releng/10.1/contrib/file/README
==============================================================================
--- releng/10.1/contrib/file/README	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/README	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 ## README for file(1) Command ##
 
-    @(#) $File: README,v 1.48 2014/03/07 13:55:30 christos Exp $
+    @(#) $File: README,v 1.49 2015/01/02 20:23:04 christos Exp $
 
 Mailing List: file@mx.gw.com  
 Mailing List archives: http://mx.gw.com/pipermail/file/  
@@ -25,8 +25,8 @@ A public read-only git repository of the
 
 	https://github.com/file/file
 
-The major changes for 5.x are CDF file parsing, indirect magic, and
-overhaul in mime and ascii encoding handling.
+The major changes for 5.x are CDF file parsing, indirect magic, name/use
+(recursion) and overhaul in mime and ascii encoding handling.
 
 The major feature of 4.x is the refactoring of the code into a library,
 and the re-write of the file command in terms of that library. The library
@@ -67,33 +67,41 @@ in magic(5) format please, to the mainta
 COPYING - read this first.  
 README - read this second (you are currently reading this file).  
 INSTALL - read on how to install
-
 src/apprentice.c - parses /etc/magic to learn magic  
+src/asctime_r.c - replacement for OS's that don't have it.  
 src/apptype.c - used for OS/2 specific application type magic  
 src/asprintf.c - replacement for OS's that don't have it.  
 src/ascmagic.c - third & last set of tests, based on hardwired assumptions.  
-src/asctime_r.c - for systems that don't have it.  
-src/asprintf.c - for systems that don't have it.  
-src/cdf.c - parser for Microsoft Compound Document Files  
+src/asctime_r.c - replacement for OS's that don't have it.  
+src/asprintf.c - replacement for OS's that don't have it.  
+src/cdf.[ch] - parser for Microsoft Compound Document Files  
 src/cdf_time.c - time converter for CDF.  
 src/compress.c - handles decompressing files to look inside.  
-src/ctime_r.c - for systems that don't have it.  
+src/ctime_r.c - replacement for OS's that don't have it.  
+src/elfclass.h - common code for elf 32/64.
 src/encoding.c - handles unicode encodings  
 src/file.c - the main program  
 src/file.h - header file  
+src/file_opts.h - list of options
+src/fmtcheck.c - replacement for OS's that don't have it.  
 src/fsmagic.c - first set of tests the program runs, based on filesystem info  
 src/funcs.c - utilility functions  
-src/getopt_long.c - for systems that don't have it.  
-src/getline.c - for systems that don't have it.  
+src/getline.c - replacement for OS's that don't have it.  
+src/getopt_long.c - replacement for OS's that don't have it.  
 src/is_tar.c, tar.h - knows about tarchives (courtesy John Gilmore).  
 src/names.h - header file for ascmagic.c  
+src/magic.h.in - source file for magic.h
 src/magic.c - the libmagic api  
+src/pread.c - replacement for OS's that don't have it.  
 src/print.c - print results, errors, warnings.  
 src/readcdf.c - CDF wrapper.  
 src/readelf.[ch] - Stand-alone elf parsing code.  
 src/softmagic.c - 2nd set of tests, based on /etc/magic  
-src/strlcat.c - for systems that don't have it.  
-src/strlcpy.c - for systems that don't have it.  
+src/mygetopt.h - replacement for OS's that don't have it.  
+src/strcasestr.c - replacement for OS's that don't have it.  
+src/strlcat.c - replacement for OS's that don't have it.  
+src/strlcpy.c - replacement for OS's that don't have it.  
+src/tar.h - tar file definitions
 src/vasprintf.c - for systems that don't have it.  
 doc/file.man - man page for the command  
 doc/magic.man - man page for the magic file, courtesy Guy Harris.

Modified: releng/10.1/contrib/file/TODO
==============================================================================
--- releng/10.1/contrib/file/TODO	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/TODO	Tue Jun  9 22:13:25 2015	(r284193)
@@ -15,3 +15,5 @@ small amount of C is needed (because fas
 required for soft magic, not the more detailed information given by
 hard-wired routines). In this regard, note that hplip, which is
 BSD-licensed, has a magic reimplementation in Python.
+
+Read the kerberos magic entry for more ideas.

Modified: releng/10.1/contrib/file/config.h.in
==============================================================================
--- releng/10.1/contrib/file/config.h.in	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/config.h.in	Tue Jun  9 22:13:25 2015	(r284193)
@@ -44,6 +44,9 @@
 /* Define to 1 if you have the `fork' function. */
 #undef HAVE_FORK
 
+/* Define to 1 if you have the `freelocale' function. */
+#undef HAVE_FREELOCALE
+
 /* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
 #undef HAVE_FSEEKO
 
@@ -95,9 +98,15 @@
 /* Define to 1 if you have a working `mmap' system call. */
 #undef HAVE_MMAP
 
+/* Define to 1 if you have the `newlocale' function. */
+#undef HAVE_NEWLOCALE
+
 /* Define to 1 if you have the `pread' function. */
 #undef HAVE_PREAD
 
+/* Define to 1 if you have the `setlocale' function. */
+#undef HAVE_SETLOCALE
+
 /* Define to 1 if you have the <stddef.h> header file. */
 #undef HAVE_STDDEF_H
 
@@ -182,6 +191,9 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
+/* Define to 1 if you have the `uselocale' function. */
+#undef HAVE_USELOCALE
+
 /* Define to 1 if you have the `utime' function. */
 #undef HAVE_UTIME
 
@@ -219,6 +231,9 @@
 /* Define to 1 if `vfork' works. */
 #undef HAVE_WORKING_VFORK
 
+/* Define to 1 if you have the <xlocale.h> header file. */
+#undef HAVE_XLOCALE_H
+
 /* Define to 1 if you have the <zlib.h> header file. */
 #undef HAVE_ZLIB_H
 

Modified: releng/10.1/contrib/file/configure
==============================================================================
--- releng/10.1/contrib/file/configure	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/configure	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for file 5.19.
+# Generated by GNU Autoconf 2.69 for file 5.22.
 #
 # Report bugs to <christos@astron.com>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='file'
 PACKAGE_TARNAME='file'
-PACKAGE_VERSION='5.19'
-PACKAGE_STRING='file 5.19'
+PACKAGE_VERSION='5.22'
+PACKAGE_STRING='file 5.22'
 PACKAGE_BUGREPORT='christos@astron.com'
 PACKAGE_URL=''
 
@@ -1327,7 +1327,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures file 5.19 to adapt to many kinds of systems.
+\`configure' configures file 5.22 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1397,7 +1397,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of file 5.19:";;
+     short | recursive ) echo "Configuration of file 5.22:";;
    esac
   cat <<\_ACEOF
 
@@ -1507,7 +1507,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-file configure 5.19
+file configure 5.22
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2163,7 +2163,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by file $as_me 5.19, which was
+It was created by file $as_me 5.22, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3029,7 +3029,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='file'
- VERSION='5.19'
+ VERSION='5.22'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -12785,7 +12785,7 @@ fi
 
 done
 
-for ac_header in getopt.h err.h
+for ac_header in getopt.h err.h xlocale.h
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@@ -14191,7 +14191,7 @@ fi
 fi
 
 
-for ac_func in strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof
+for ac_func in strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -14998,7 +14998,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by file $as_me 5.19, which was
+This file was extended by file $as_me 5.22, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -15064,7 +15064,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-file config.status 5.19
+file config.status 5.22
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

Modified: releng/10.1/contrib/file/configure.ac
==============================================================================
--- releng/10.1/contrib/file/configure.ac	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/configure.ac	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT([file],[5.19],[christos@astron.com])
+AC_INIT([file],[5.22],[christos@astron.com])
 AM_INIT_AUTOMAKE([subdir-objects foreign])
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
@@ -82,7 +82,7 @@ AC_HEADER_MAJOR
 AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(stdint.h fcntl.h locale.h stdint.h inttypes.h unistd.h)
 AC_CHECK_HEADERS(stddef.h utime.h wchar.h wctype.h limits.h)
-AC_CHECK_HEADERS(getopt.h err.h)
+AC_CHECK_HEADERS(getopt.h err.h xlocale.h)
 AC_CHECK_HEADERS(sys/mman.h sys/stat.h sys/types.h sys/utime.h sys/time.h)
 AC_CHECK_HEADERS(zlib.h)
 
@@ -138,7 +138,7 @@ else
 fi])
 
 dnl Checks for functions
-AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof)
+AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale)
 
 dnl Provide implementation of some required functions if necessary
 AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r pread strcasestr fmtcheck)

Modified: releng/10.1/contrib/file/doc/file.man
==============================================================================
--- releng/10.1/contrib/file/doc/file.man	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/doc/file.man	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,5 +1,5 @@
-.\" $File: file.man,v 1.106 2014/03/07 23:11:51 christos Exp $
-.Dd January 30, 2014
+.\" $File: file.man,v 1.111 2014/12/16 23:18:40 christos Exp $
+.Dd December 16, 2014
 .Dt FILE __CSECTION__
 .Os
 .Sh NAME
@@ -16,6 +16,7 @@
 .Op Fl F Ar separator
 .Op Fl f Ar namefile
 .Op Fl m Ar magicfiles
+.Op Fl P Ar name=value
 .Ar
 .Ek
 .Nm
@@ -303,6 +304,16 @@ or
 attempt to preserve the access time of files analyzed, to pretend that
 .Nm
 never read them.
+.It Fl P , Fl Fl parameter Ar name=value
+Set various parameter limits.
+.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent
+.It Sy "Name" Ta Sy "Default" Ta Sy "Explanation"
+.It Li indir Ta 15 Ta recursion limit for indirect magic
+.It Li name Ta 30 Ta use count limit for name/use magic
+.It Li elf_notes Ta 256 Ta max ELF notes processed
+.It Li elf_phnum Ta 128 Ta max ELF program sections processed
+.It Li elf_shnum Ta 32768 Ta max ELF sections processed
+.El
 .It Fl r , Fl Fl raw
 Don't translate unprintable characters to \eooo.
 Normally
@@ -385,6 +396,7 @@ options.
 .Xr hexdump 1 ,
 .Xr od 1 ,
 .Xr strings 1 ,
+.Xr fstyp 8
 .Sh STANDARDS CONFORMANCE
 This program is believed to exceed the System V Interface Definition
 of FILE(CMD), as near as one can determine from the vague language

Modified: releng/10.1/contrib/file/doc/libmagic.man
==============================================================================
--- releng/10.1/contrib/file/doc/libmagic.man	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/doc/libmagic.man	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,4 +1,4 @@
-.\" $File: libmagic.man,v 1.28 2014/03/02 14:47:16 christos Exp $
+.\" $File: libmagic.man,v 1.34 2014/12/16 23:18:40 christos Exp $
 .\"
 .\" Copyright (c) Christos Zoulas 2003.
 .\" All Rights Reserved.
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 6, 2012
+.Dd December 16, 2014
 .Dt LIBMAGIC 3
 .Os
 .Sh NAME
@@ -40,6 +40,9 @@
 .Nm magic_compile ,
 .Nm magic_list ,
 .Nm magic_load ,
+.Nm magic_load_buffers ,
+.Nm magic_setparam ,
+.Nm magic_getparam ,
 .Nm magic_version
 .Nd Magic number recognition library
 .Sh LIBRARY
@@ -71,6 +74,12 @@
 .Ft int
 .Fn magic_load "magic_t cookie" "const char *filename"
 .Ft int
+.Fn magic_load_buffers "magic_t cookie" "void **buffers" "size_t *sizes" "size_t nbuffers"
+.Ft int
+.Fn magic_getparam "magic_t cookie" "int param" "void *value"
+.Ft int
+.Fn magic_setparam "magic_t cookie" "int param" "const void *value"
+.Ft int
 .Fn magic_version "void"
 .Sh DESCRIPTION
 These functions
@@ -253,6 +262,60 @@ adds
 to the database filename as appropriate.
 .Pp
 The
+.Fn magic_load_buffers
+function takes an array of size
+.Fa nbuffers
+of
+.Fa buffers
+with a respective size for each in the array of
+.Fa sizes
+loaded with the contents of the magic databases from the filesystem.
+This function can be used in environment where the magic library does
+not have direct access to the filesystem, but can access the magic
+database via shared memory or other IPC means.
+.Pp
+The
+.Fn magic_getparam
+and
+.Fn magic_setparam
+allow getting and setting various limits related to the the magic
+library.
+.Bl -column "MAGIC_PARAM_ELF_PHNUM_MAX" "size_t" "Default" -offset indent
+.It Sy "Parameter" Ta Sy "Type" Ta Sy "Default"
+.It Li MAGIC_PARAM_INDIR_MAX Ta size_t Ta 15
+.It Li MAGIC_PARAM_NAME_MAX Ta size_t Ta 30
+.It Li MAGIC_PARAM_ELF_NOTES_MAX Ta size_t Ta 256
+.It Li MAGIC_PARAM_ELF_PHNUM_MAX Ta size_t Ta 128
+.It Li MAGIC_PARAM_ELF_SHNUM_MAX Ta size_t Ta 32768
+.El
+.Pp
+The
+.Dv MAGIC_PARAM_INDIR_RECURSION
+parameter controls how many levels of recursion will be followed for
+indirect magic entries.
+.Pp
+The
+.Dv MAGIC_PARAM_NAME_RECURSION
+parameter controls how many levels of recursion will be followed for
+for name/use calls.
+.Pp
+The
+.Dv MAGIC_PARAM_NAME_MAX
+parameter controls the maximum number of calls for name/use.
+.Pp
+The
+.Dv MAGIC_PARAM_NOTES_MAX
+parameter controls how many ELF notes will be processed.
+.Pp
+The
+.Dv MAGIC_PARAM_PHNUM_MAX
+parameter controls how many ELF program sections will be processed.
+.Pp
+The
+.Dv MAGIC_PARAM_SHNUM_MAX
+parameter controls how many ELF sections will be processed.
+.Pp
+The
 .Fn magic_version
 command returns the version number of this library which is compiled into
 the shared library using the constant

Modified: releng/10.1/contrib/file/doc/magic.man
==============================================================================
--- releng/10.1/contrib/file/doc/magic.man	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/doc/magic.man	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,5 +1,5 @@
-.\" $File: magic.man,v 1.84 2014/06/03 19:01:34 christos Exp $
-.Dd June 3, 2014
+.\" $File: magic.man,v 1.85 2015/01/01 17:07:34 christos Exp $
+.Dd January 1, 2015
 .Dt MAGIC __FSECTION__
 .Os
 .\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems.
@@ -200,6 +200,11 @@ interpreted as a UNIX-style date, but in
 than UTC.
 .It Dv indirect
 Starting at the given offset, consult the magic database again.
+The offset of th
+.Dv indirect
+magic is by default absolute in the file, but one can specify
+.Dv /r
+to indicate that the offset is relative from the beginning of the entry.
 .It Dv name
 Define a
 .Dq named

Modified: releng/10.1/contrib/file/magic/Magdir/android
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/android	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/android	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------
-# $File: android,v 1.4 2014/06/03 19:01:34 christos Exp $
+# $File: android,v 1.7 2014/11/10 05:08:23 christos Exp $
 # Various android related magic entries
 #------------------------------------------------------------
 
@@ -15,54 +15,11 @@
 >0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
 >4	string	>000			version %s
 
-# http://android.stackexchange.com/questions/23357/\
-# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
-# 23608#23608
-0	string	ANDROID\040BACKUP\n	Android Backup
->15	string	1\n			\b, version 1
->17	string	0\n			\b, uncompressed
->17	string	1\n			\b, compressed
->19	string	none\n			\b, unencrypted
->19	string	AES-256\n		\b, encrypted AES-256
-
-# Android bootimg format
-# From https://android.googlesource.com/\
-# platform/system/core/+/master/mkbootimg/bootimg.h
-0		string	ANDROID!	Android bootimg
->8		lelong	>0			\b, kernel
->>12	lelong	>0			\b (0x%x)
->16		lelong	>0			\b, ramdisk
->>20	lelong	>0			\b (0x%x)
->24		lelong	>0			\b, second stage
->>28	lelong	>0			\b (0x%x)
->36		lelong	>0			\b, page size: %d
->38		string	>0			\b, name: %s
->64		string	>0		 	\b, cmdline (%s)
-# Dalvik .dex format. http://retrodev.com/android/dexformat.html
-# From <mkf@google.com> "Mike Fleming"
-# Fixed to avoid regexec 17 errors on some dex files
-# From <diff@lookout.com> "Tim Strazzere"
-0	string	dex\n
->0	regex	dex\n[0-9]{2}\0	Dalvik dex file
->4	string	>000			version %s
-0	string	dey\n
->0	regex	dey\n[0-9]{2}\0	Dalvik dex file (optimized for host)
->4	string	>000			version %s
-
-# http://android.stackexchange.com/questions/23357/\
-# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
-# 23608#23608
-0	string	ANDROID\040BACKUP\n	Android Backup
->15	string	1\n			\b, version 1
->17	string	0\n			\b, uncompressed
->17	string	1\n			\b, compressed
->19	string	none\n			\b, unencrypted
->19	string	AES-256\n		\b, encrypted AES-256
-
 # Android bootimg format
 # From https://android.googlesource.com/\
 # platform/system/core/+/master/mkbootimg/bootimg.h
 0		string	ANDROID!	Android bootimg
+>1024	string	LOKI\01		\b, LOKI'd
 >8		lelong	>0			\b, kernel
 >>12	lelong	>0			\b (0x%x)
 >16		lelong	>0			\b, ramdisk
@@ -98,3 +55,85 @@
 #>>>>>&1	regex/1l .*	\b, PBKDF2 rounds: %s
 #>>>>>>&1	regex/1l .*	\b, IV: %s
 #>>>>>>>&1	regex/1l .*	\b, Key: %s
+
+# *.pit files by Joerg Jenderek
+# http://forum.xda-developers.com/showthread.php?p=9122369
+# http://forum.xda-developers.com/showthread.php?t=816449
+# Partition Information Table for Samsung's smartphone with Android
+# used by flash software Odin
+0		ulelong			0x12349876	
+# 1st pit entry marker
+>0x01C	ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
+# minimal 13 and maximal 18 PIT entries found
+>>4		ulelong			<128	Partition Information Table for Samsung smartphone
+>>>4		ulelong			x	\b, %d entries
+# 1. pit entry
+>>>4		ulelong			>0	\b; #1
+>>>0x01C	use				PIT-entry
+>>>4		ulelong			>1	\b; #2
+>>>0x0A0	use				PIT-entry
+>>>4		ulelong			>2	\b; #3
+>>>0x124	use				PIT-entry
+>>>4		ulelong			>3	\b; #4
+>>>0x1A8	use				PIT-entry
+>>>4		ulelong			>4	\b; #5
+>>>0x22C	use				PIT-entry
+>>>4		ulelong			>5	\b; #6
+>>>0x2B0	use				PIT-entry
+>>>4		ulelong			>6	\b; #7
+>>>0x334	use				PIT-entry
+>>>4		ulelong			>7 	\b; #8
+>>>0x3B8	use				PIT-entry
+>>>4		ulelong			>8 	\b; #9
+>>>0x43C	use				PIT-entry
+>>>4		ulelong			>9	\b; #10
+>>>0x4C0	use				PIT-entry
+>>>4		ulelong			>10	\b; #11
+>>>0x544	use				PIT-entry
+>>>4		ulelong			>11	\b; #12
+>>>0x5C8	use				PIT-entry
+>>>4		ulelong			>12	\b; #13
+>>>>0x64C	use				PIT-entry
+# 14. pit entry
+>>>4		ulelong			>13	\b; #14
+>>>>0x6D0	use				PIT-entry
+>>>4		ulelong			>14	\b; #15
+>>>0x754	use				PIT-entry
+>>>4		ulelong			>15	\b; #16
+>>>0x7D8	use				PIT-entry
+>>>4		ulelong			>16	\b; #17
+>>>0x85C	use				PIT-entry
+# 18. pit entry
+>>>4		ulelong			>17	\b; #18
+>>>0x8E0	use				PIT-entry
+
+0	name			PIT-entry
+# garbage value implies end of pit entries
+>0x00		ulequad&0xFFFFFFFCFFFFFFFC	=0x0000000000000000	
+# skip empty partition name
+>>0x24		ubyte				!0			
+# partition name
+>>>0x24		string				>\0			%-.32s
+# flags
+>>>0x0C		ulelong&0x00000002		2			\b+RW
+# partition ID:
+# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER
+# ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW
+>>>0x08	ulelong		x			(0x%x)
+# filename
+>>>0x44		string				>\0			"%-.64s"
+#>>>0x18	ulelong				>0			
+# blocksize in 512 byte units ?
+#>>>>0x18	ulelong				x			\b, %db
+# partition size in blocks ?
+#>>>>0x22	ulelong				x			\b*%d
+
+# Android bootimg format
+# From https://android.googlesource.com/\
+# platform/system/core/+/master/libsparse/sparse_format.h
+0		lelong	0xed26ff3a		Android sparse image
+>4		leshort	x			\b, version: %d
+>6		leshort	x			\b.%d
+>16		lelong	x			\b, Total of %d
+>12		lelong	x			\b %d-byte output blocks in
+>20		lelong	x			\b %d input chunks.

Modified: releng/10.1/contrib/file/magic/Magdir/animation
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/animation	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/animation	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: animation,v 1.53 2014/04/30 21:41:02 christos Exp $
+# $File: animation,v 1.56 2014/10/23 23:12:51 christos Exp $
 # animation:  file(1) magic for animation/movie formats
 #
 # animation formats
@@ -32,43 +32,155 @@
 !:mime	application/x-quicktime-player
 4	string/W	jP		JPEG 2000 image
 !:mime	image/jp2
+# http://www.ftyps.com/ with local additions
 4	string		ftyp		ISO Media
->8	string		isom		\b, MPEG v4 system, version 1
-!:mime	video/mp4
->8	string		iso2		\b, MPEG v4 system, part 12 revision
->8	string		mp41		\b, MPEG v4 system, version 1
-!:mime	video/mp4
->8	string		mp42		\b, MPEG v4 system, version 2
-!:mime	video/mp4
->8	string		mp7t		\b, MPEG v4 system, MPEG v7 XML
->8	string		mp7b		\b, MPEG v4 system, MPEG v7 binary XML
->8	string/W	jp2		\b, JPEG 2000
-!:mime	image/jp2
+>8	string		3g2		\b, MPEG v4 system, 3GPP2
+!:mime	video/3gpp2
+>>11	byte		4		\b v4 (H.263/AMR GSM 6.10)
+>>11	byte		5		\b v5 (H.263/AMR GSM 6.10)
+>>11	byte		6		\b v6 (ITU H.264/AMR GSM 6.10)
+>>11	byte		a		\b C.S0050-0 V1.0
+>>11	byte		b		\b C.S0050-0-A V1.0.0
+>>11	byte		c		\b C.S0050-0-B V1.0
 >8	string		3ge		\b, MPEG v4 system, 3GPP
 !:mime	video/3gpp
+>>11	byte		6		\b, Release 6 MBMS Extended Presentations
+>>11	byte		7		\b, Release 7 MBMS Extended Presentations
 >8	string		3gg		\b, MPEG v4 system, 3GPP
+>11	byte		6		\b, Release 6 General Profile
 !:mime	video/3gpp
 >8	string		3gp		\b, MPEG v4 system, 3GPP
+>11	byte		1		\b, Release %d (non existent)
+>11	byte		2		\b, Release %d (non existent)
+>11	byte		3		\b, Release %d (non existent)
+>11	byte		4		\b, Release %d
+>11	byte		5		\b, Release %d
+>11	byte		6		\b, Release %d
+>11	byte		7		\b, Release %d Streaming Servers
 !:mime	video/3gpp
 >8	string		3gs		\b, MPEG v4 system, 3GPP
+>11	byte		7		\b, Release %d Streaming Servers
 !:mime	video/3gpp
->8	string		3g2		\b, MPEG v4 system, 3GPP2
+>8	string		avc1		\b, MPEG v4 system, 3GPP JVT AVC [ISO 14496-12:2005]
+!:mime	video/mp4
+>8	string/W	qt		\b, Apple QuickTime movie
+!:mime	video/quicktime
+>8	string		CAEP		\b, Canon Digital Camera
+>8	string		caqv		\b, Casio Digital Camera
+>8	string		CDes		\b, Convergent Design
+>8	string		da0a		\b, DMB MAF w/ MPEG Layer II aud, MOT slides, DLS, JPG/PNG/MNG
+>8	string		da0b		\b, DMB MAF, ext DA0A, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		da1a		\b, DMB MAF audio with ER-BSAC audio, JPG/PNG/MNG images
+>8	string		da1b		\b, DMB MAF, ext da1a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		da2a		\b, DMB MAF aud w/ HE-AAC v2 aud, MOT slides, DLS, JPG/PNG/MNG
+>8	string		da2b		\b, DMB MAF, ext da2a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		da3a		\b, DMB MAF aud with HE-AAC aud, JPG/PNG/MNG images
+>8	string		da3b		\b, DMB MAF, ext da3a w/ BIFS, 3GPP, DID, TVA, REL, IPMP
+>8	string		dmb1		\b, DMB MAF supporting all the components defined in the spec
+>8	string		dmpf		\b, Digital Media Project
+>8	string		drc1		\b, Dirac (wavelet compression), encap in ISO base media (MP4)
+>8	string		dv1a		\b, DMB MAF vid w/ AVC vid, ER-BSAC aud, BIFS, JPG/PNG/MNG, TS
+>8	string		dv1b		\b, DMB MAF, ext dv1a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		dv2a		\b, DMB MAF vid w/ AVC vid, HE-AAC v2 aud, BIFS, JPG/PNG/MNG, TS
+>8	string		dv2b		\b, DMB MAF, ext dv2a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		dv3a		\b, DMB MAF vid w/ AVC vid, HE-AAC aud, BIFS, JPG/PNG/MNG, TS
+>8	string		dv3b		\b, DMB MAF, ext dv3a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8	string		dvr1		\b, DVB (.DVB) over RTP
+!:mime	video/vnd.dvb.file
+>8	string		dvt1		\b, DVB (.DVB) over MPEG-2 Transport Stream
+!:mime	video/vnd.dvb.file
+>8	string		F4V		\b, Video for Adobe Flash Player 9+ (.F4V)
+!:mime	video/mp4
+>8	string		F4P		\b, Protected Video for Adobe Flash Player 9+ (.F4P)
+!:mime	video/mp4
+>8	string		F4A		\b, Audio for Adobe Flash Player 9+ (.F4A)
+!:mime	audio/mp4
+>8	string		F4B		\b, Audio Book for Adobe Flash Player 9+ (.F4B)
+!:mime	audio/mp4
+>8	string		isc2		\b, ISMACryp 2.0 Encrypted File
+#	?/enc-isoff-generic
+>8	string		iso2		\b, MP4 Base Media v2 [ISO 14496-12:2005]
+!:mime	video/mp4
+>8	string		isom		\b, MP4 Base Media v1 [IS0 14496-12:2003]
+!:mime	video/mp4
+>8	string/W	jp2		\b, JPEG 2000
+!:mime	image/jp2
+>8	string		JP2		\b, JPEG 2000 Image (.JP2) [ISO 15444-1 ?]
+!:mime	image/jp2
+>8	string		JP20		\b, Unknown, from GPAC samples (prob non-existent)
+>8	string		jpm		\b, JPEG 2000 Compound Image (.JPM) [ISO 15444-6]
+!:mime	image/jpm
+>8	string		jpx		\b, JPEG 2000 w/ extensions (.JPX) [ISO 15444-2]
+!:mime	image/jpx
+>8	string		KDDI		\b, 3GPP2 EZmovie for KDDI 3G cellphones
 !:mime	video/3gpp2
->>11	byte		4		\b v4 (H.263/AMR GSM 6.10)
->>11	byte		5		\b v5 (H.263/AMR GSM 6.10)
->>11	byte		6		\b v6 (ITU H.264/AMR GSM 6.10)
+>8	string		M4A 		\b, Apple iTunes ALAC/AAC-LC (.M4A) Audio
+!:mime	audio/x-m4a
+>8	string		M4B 		\b, Apple iTunes ALAC/AAC-LC (.M4B) Audio Book
+!:mime	audio/mp4
+>8	string		M4P 		\b, Apple iTunes ALAC/AAC-LC (.M4P) AES Protected Audio
+!:mime	video/mp4
+>8	string		M4V 		\b, Apple iTunes Video (.M4V) Video
+!:mime	video/x-m4v
+>8	string		M4VH		\b, Apple TV (.M4V)
+!:mime	video/x-m4v
+>8	string		M4VP		\b, Apple iPhone (.M4V)
+!:mime	video/x-m4v
+>8	string		mj2s		\b, Motion JPEG 2000 [ISO 15444-3] Simple Profile
+!:mime	video/mj2
+>8	string		mjp2		\b, Motion JPEG 2000 [ISO 15444-3] General Profile
+!:mime	video/mj2
+>8	string		mmp4		\b, MPEG-4/3GPP Mobile Profile (.MP4 / .3GP) (for NTT)
+!:mime	video/mp4
+>8	string		mobi		\b, MPEG-4, MOBI format
+!:mime	video/mp4
+>8	string		mp21		\b, MPEG-21 [ISO/IEC 21000-9]
+>8	string		mp41		\b, MP4 v1 [ISO 14496-1:ch13]
+!:mime	video/mp4
+>8	string		mp42		\b, MP4 v2 [ISO 14496-14]
+!:mime	video/mp4
+>8	string		mp71		\b, MP4 w/ MPEG-7 Metadata [per ISO 14496-12]
+>8	string		mp7t		\b, MPEG v4 system, MPEG v7 XML
+>8	string		mp7b		\b, MPEG v4 system, MPEG v7 binary XML
 >8	string		mmp4		\b, MPEG v4 system, 3GPP Mobile
 !:mime	video/mp4
->8	string		avc1		\b, MPEG v4 system, 3GPP JVT AVC
-!:mime	video/3gpp
->8	string/W	M4A		\b, MPEG v4 system, iTunes AAC-LC
+>8	string		MPPI		\b, Photo Player, MAF [ISO/IEC 23000-3]
+>8	string		mqt		\b, Sony / Mobile QuickTime (.MQV) US Pat 7,477,830
+!:mime	video/quicktime
+>8	string		MSNV		\b, MPEG-4 (.MP4) for SonyPSP
+!:mime	audio/mp4
+>8	string		NDAS		\b, MP4 v2 [ISO 14496-14] Nero Digital AAC Audio
 !:mime	audio/mp4
->8	string/W	M4V		\b, MPEG v4 system, iTunes AVC-LC
+>8	string		NDSC		\b, MPEG-4 (.MP4) Nero Cinema Profile
 !:mime	video/mp4
->8	string/W	M4P		\b, MPEG v4 system, iTunes AES encrypted
->8	string/W	M4B		\b, MPEG v4 system, iTunes bookmarked
->8	string/W	qt		\b, Apple QuickTime movie
+>8	string		NDSH		\b, MPEG-4 (.MP4) Nero HDTV Profile
+!:mime	video/mp4
+>8	string		NDSM		\b, MPEG-4 (.MP4) Nero Mobile Profile
+!:mime	video/mp4
+>8	string		NDSP		\b, MPEG-4 (.MP4) Nero Portable Profile
+!:mime	video/mp4
+>8	string		NDSS		\b, MPEG-4 (.MP4) Nero Standard Profile
+!:mime	video/mp4
+>8	string		NDXC		\b, H.264/MPEG-4 AVC (.MP4) Nero Cinema Profile
+!:mime	video/mp4
+>8	string		NDXH		\b, H.264/MPEG-4 AVC (.MP4) Nero HDTV Profile
+!:mime	video/mp4
+>8	string		NDXM		\b, H.264/MPEG-4 AVC (.MP4) Nero Mobile Profile
+!:mime	video/mp4
+>8	string		NDXP		\b, H.264/MPEG-4 AVC (.MP4) Nero Portable Profile
+!:mime	video/mp4
+>8	string		NDXS		\b, H.264/MPEG-4 AVC (.MP4) Nero Standard Profile
+!:mime	video/mp4
+>8	string		odcf  		\b, OMA DCF DRM Format 2.0 (OMA-TS-DRM-DCF-V2_0-20060303-A)
+>8	string		opf2 		\b, OMA PDCF DRM Format 2.1 (OMA-TS-DRM-DCF-V2_1-20070724-C)
+>8	string		opx2  		\b, OMA PDCF DRM + XBS ext (OMA-TS-DRM_XBS-V1_0-20070529-C)
+>8	string		pana		\b, Panasonic Digital Camera
+>8	string		qt  		\b, Apple QuickTime (.MOV/QT)
 !:mime	video/quicktime
+>8	string		ROSS		\b, Ross Video
+>8	string		sdv		\b, SD Memory Card Video
+>8	string		ssc1		\b, Samsung stereo, single stream (patent pending)
+>8	string		ssc2		\b, Samsung stereo, dual stream (patent pending)
 
 # MPEG sequences
 # Scans for all common MPEG header start codes

Modified: releng/10.1/contrib/file/magic/Magdir/archive
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/archive	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/archive	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,5 +1,5 @@
 #------------------------------------------------------------------------------
-# $File: archive,v 1.87 2014/06/03 19:15:58 christos Exp $
+# $File: archive,v 1.88 2014/08/16 10:42:17 christos Exp $
 # archive:  file(1) magic for archive formats (see also "msdos" for self-
 #           extracting compressed archives)
 #
@@ -954,34 +954,3 @@
 >0xE08	search/7776		\x55\xAA	
 >>&-512	indirect		x		\b; contains 
 
-# Symantec GHOST image by Joerg Jenderek at May 2014
-# http://us.norton.com/ghost/
-# http://www.garykessler.net/library/file_sigs.html
-0		ubelong&0xFFFFf7f0	0xFEEF0100	Norton GHost image
-# *.GHO
->2		ubyte&0x08		0x00		\b, first file
-# *.GHS or *.[0-9] with cns program option
->2		ubyte&0x08		0x08		\b, split file
-# part of split index interesting for *.ghs
->>4		ubyte			x		id=0x%x
-# compression tag minus one equals numeric compression command line switch z[1-9]
->3		ubyte			0		\b, no compression
->3		ubyte			2		\b, fast compression (Z1)
->3		ubyte			3		\b, medium compression (Z2)
->3		ubyte			>3		
->>3		ubyte			<11		\b, compression (Z%d-1)
->2		ubyte&0x08		0x00		
-# ~ 30 byte password field only for *.gho
->>12		ubequad			!0		\b, password protected
->>44		ubyte			!1		
-# 1~Image All, sector-by-sector only for *.gho
->>>10		ubyte			1		\b, sector copy
-# 1~Image Boot track only for *.gho
->>>43		ubyte			1		\b, boot track
-# 1~Image Disc only for *.gho implies Image Boot track and sector copy
->>44		ubyte			1		\b, disc sector copy
-# optional image description only *.gho
->>0xff		string			>\0		"%-.254s"
-# look for DOS sector end sequence
->0xE08	search/7776		\x55\xAA	
->>&-512	indirect		x		\b; contains 

Modified: releng/10.1/contrib/file/magic/Magdir/blender
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/blender	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/blender	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: blender,v 1.5 2009/09/19 16:28:08 christos Exp $
+# $File: blender,v 1.6 2014/08/30 08:34:17 christos Exp $
 # blender: file(1) magic for Blender 3D related files
 #
 # Native format rule v1.2. For questions use the developers list 
@@ -35,5 +35,5 @@
 >>>0x44		string	=GLOB		\b.
 >>>>0x60	beshort	x		\b%.4d
 
-# Scripts that run in the embeded Python interpreter
+# Scripts that run in the embedded Python interpreter
 0		string	#!BPY		Blender3D BPython script

Modified: releng/10.1/contrib/file/magic/Magdir/cafebabe
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/cafebabe	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/cafebabe	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: cafebabe,v 1.16 2014/04/30 21:41:02 christos Exp $
+# $File: cafebabe,v 1.17 2015/01/01 17:07:00 christos Exp $
 # Cafe Babes unite!
 #
 # Since Java bytecode and Mach-O universal binaries have the same magic number,
@@ -45,7 +45,7 @@
 
 0	name		mach-o		\b [
 >0	use		mach-o-cpu	\b
->&(8.L)	indirect			\b: 
+>(8.L)	indirect			\b: 
 >0	belong		x		\b]
 
 0	belong		0xcafebabe

Modified: releng/10.1/contrib/file/magic/Magdir/commands
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/commands	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/commands	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: commands,v 1.50 2014/05/30 16:48:44 christos Exp $
+# $File: commands,v 1.51 2014/09/27 00:12:55 christos Exp $
 # commands:  file(1) magic for various shells and interpreters
 #
 #0	string/w	:			shell archive or script for antique kernel text
@@ -56,7 +56,7 @@
 !:mime	text/x-awk
 0	string/wt	#!\ /usr/bin/awk	awk script text executable
 !:mime	text/x-awk
-0	regex/4096	=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+0	regex/4096	=^\\s{0,100}BEGIN\\s{0,100}[{]	awk or perl script text
 
 # AT&T Bell Labs' Plan 9 shell
 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable

Modified: releng/10.1/contrib/file/magic/Magdir/compress
==============================================================================
--- releng/10.1/contrib/file/magic/Magdir/compress	Tue Jun  9 21:39:38 2015	(r284192)
+++ releng/10.1/contrib/file/magic/Magdir/compress	Tue Jun  9 22:13:25 2015	(r284193)
@@ -1,5 +1,5 @@
 #------------------------------------------------------------------------------
-# $File: compress,v 1.58 2014/05/07 19:36:59 christos Exp $
+# $File: compress,v 1.62 2014/09/13 14:27:12 christos Exp $
 # compress:  file(1) magic for pure-compression formats (no archives)
 #
 # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc.
@@ -251,3 +251,13 @@
 # http://code.google.com/p/snappy/source/browse/trunk/framing_format.txt
 0	string	\377\006\0\0sNaPpY	snappy framed data
 !:mime	application/x-snappy-framed
+
+# qpress, http://www.quicklz.com/
+0	string	qpress10	qpress compressed data
+!:mime	application/x-qpress
+
+# Zlib https://www.ietf.org/rfc/rfc6713.txt
+0	beshort%31	=0	

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-releng@FreeBSD.ORG  Tue Jun  9 22:13:55 2015
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 11740677;
 Tue,  9 Jun 2015 22:13:55 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EEB2611D1;
 Tue,  9 Jun 2015 22:13:54 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t59MDsTg055405;
 Tue, 9 Jun 2015 22:13:54 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t59MDsE2055394;
 Tue, 9 Jun 2015 22:13:54 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201506092213.t59MDsE2055394@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 9 Jun 2015 22:13:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r284194 - in releng: 8.4 8.4/contrib/file
 8.4/contrib/file/Magdir 8.4/contrib/file/doc 8.4/contrib/file/magic
 8.4/contrib/file/magic/Magdir 8.4/contrib/file/src 8.4/contrib/file/tests
 8...
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2015 22:13:55 -0000

Author: delphij
Date: Tue Jun  9 22:13:53 2015
New Revision: 284194
URL: https://svnweb.freebsd.org/changeset/base/284194

Log:
  Update base system file(1) to 5.22 to address multiple denial of
  service issues. [EN-15:06]
  
  Approved by:	so

Added:
  releng/8.4/contrib/file/config.guess   (contents, props changed)
  releng/8.4/contrib/file/config.sub   (contents, props changed)
  releng/8.4/contrib/file/depcomp   (contents, props changed)
  releng/8.4/contrib/file/doc/
  releng/8.4/contrib/file/doc/Makefile.am   (contents, props changed)
  releng/8.4/contrib/file/doc/Makefile.in   (contents, props changed)
  releng/8.4/contrib/file/doc/file.man
  releng/8.4/contrib/file/doc/libmagic.man
  releng/8.4/contrib/file/doc/magic.man
  releng/8.4/contrib/file/ltmain.sh   (contents, props changed)
  releng/8.4/contrib/file/magic/
  releng/8.4/contrib/file/magic/Header
  releng/8.4/contrib/file/magic/Localstuff
  releng/8.4/contrib/file/magic/Magdir/
  releng/8.4/contrib/file/magic/Magdir/acorn
  releng/8.4/contrib/file/magic/Magdir/adi
  releng/8.4/contrib/file/magic/Magdir/adventure
  releng/8.4/contrib/file/magic/Magdir/allegro
  releng/8.4/contrib/file/magic/Magdir/alliant
  releng/8.4/contrib/file/magic/Magdir/amanda
  releng/8.4/contrib/file/magic/Magdir/amigaos
  releng/8.4/contrib/file/magic/Magdir/android
  releng/8.4/contrib/file/magic/Magdir/animation
  releng/8.4/contrib/file/magic/Magdir/aout
  releng/8.4/contrib/file/magic/Magdir/apl
  releng/8.4/contrib/file/magic/Magdir/apple
  releng/8.4/contrib/file/magic/Magdir/applix
  releng/8.4/contrib/file/magic/Magdir/archive
  releng/8.4/contrib/file/magic/Magdir/assembler
  releng/8.4/contrib/file/magic/Magdir/asterix
  releng/8.4/contrib/file/magic/Magdir/att3b
  releng/8.4/contrib/file/magic/Magdir/audio
  releng/8.4/contrib/file/magic/Magdir/basis
  releng/8.4/contrib/file/magic/Magdir/bflt
  releng/8.4/contrib/file/magic/Magdir/blackberry
  releng/8.4/contrib/file/magic/Magdir/blcr
  releng/8.4/contrib/file/magic/Magdir/blender
  releng/8.4/contrib/file/magic/Magdir/blit
  releng/8.4/contrib/file/magic/Magdir/bout
  releng/8.4/contrib/file/magic/Magdir/bsdi
  releng/8.4/contrib/file/magic/Magdir/bsi
  releng/8.4/contrib/file/magic/Magdir/btsnoop
  releng/8.4/contrib/file/magic/Magdir/c-lang
  releng/8.4/contrib/file/magic/Magdir/c64
  releng/8.4/contrib/file/magic/Magdir/cad
  releng/8.4/contrib/file/magic/Magdir/cafebabe
  releng/8.4/contrib/file/magic/Magdir/cddb
  releng/8.4/contrib/file/magic/Magdir/chord
  releng/8.4/contrib/file/magic/Magdir/cisco
  releng/8.4/contrib/file/magic/Magdir/citrus
  releng/8.4/contrib/file/magic/Magdir/clarion
  releng/8.4/contrib/file/magic/Magdir/claris
  releng/8.4/contrib/file/magic/Magdir/clipper
  releng/8.4/contrib/file/magic/Magdir/commands
  releng/8.4/contrib/file/magic/Magdir/communications
  releng/8.4/contrib/file/magic/Magdir/compress
  releng/8.4/contrib/file/magic/Magdir/console
  releng/8.4/contrib/file/magic/Magdir/convex
  releng/8.4/contrib/file/magic/Magdir/cracklib
  releng/8.4/contrib/file/magic/Magdir/ctags
  releng/8.4/contrib/file/magic/Magdir/ctf
  releng/8.4/contrib/file/magic/Magdir/cubemap
  releng/8.4/contrib/file/magic/Magdir/cups
  releng/8.4/contrib/file/magic/Magdir/dact
  releng/8.4/contrib/file/magic/Magdir/database
  releng/8.4/contrib/file/magic/Magdir/diamond
  releng/8.4/contrib/file/magic/Magdir/diff
  releng/8.4/contrib/file/magic/Magdir/digital
  releng/8.4/contrib/file/magic/Magdir/dolby
  releng/8.4/contrib/file/magic/Magdir/dump
  releng/8.4/contrib/file/magic/Magdir/dyadic
  releng/8.4/contrib/file/magic/Magdir/ebml
  releng/8.4/contrib/file/magic/Magdir/editors
  releng/8.4/contrib/file/magic/Magdir/efi
  releng/8.4/contrib/file/magic/Magdir/elf
  releng/8.4/contrib/file/magic/Magdir/encore
  releng/8.4/contrib/file/magic/Magdir/epoc
  releng/8.4/contrib/file/magic/Magdir/erlang
  releng/8.4/contrib/file/magic/Magdir/esri
  releng/8.4/contrib/file/magic/Magdir/fcs
  releng/8.4/contrib/file/magic/Magdir/filesystems
  releng/8.4/contrib/file/magic/Magdir/flash
  releng/8.4/contrib/file/magic/Magdir/fonts
  releng/8.4/contrib/file/magic/Magdir/fortran
  releng/8.4/contrib/file/magic/Magdir/frame
  releng/8.4/contrib/file/magic/Magdir/freebsd
  releng/8.4/contrib/file/magic/Magdir/fsav
  releng/8.4/contrib/file/magic/Magdir/fusecompress
  releng/8.4/contrib/file/magic/Magdir/games
  releng/8.4/contrib/file/magic/Magdir/gcc
  releng/8.4/contrib/file/magic/Magdir/geo
  releng/8.4/contrib/file/magic/Magdir/geos
  releng/8.4/contrib/file/magic/Magdir/gimp
  releng/8.4/contrib/file/magic/Magdir/gnome
  releng/8.4/contrib/file/magic/Magdir/gnu
  releng/8.4/contrib/file/magic/Magdir/gnumeric
  releng/8.4/contrib/file/magic/Magdir/gpt
  releng/8.4/contrib/file/magic/Magdir/grace
  releng/8.4/contrib/file/magic/Magdir/graphviz
  releng/8.4/contrib/file/magic/Magdir/gringotts
  releng/8.4/contrib/file/magic/Magdir/guile
  releng/8.4/contrib/file/magic/Magdir/hitachi-sh
  releng/8.4/contrib/file/magic/Magdir/hp
  releng/8.4/contrib/file/magic/Magdir/human68k
  releng/8.4/contrib/file/magic/Magdir/ibm370
  releng/8.4/contrib/file/magic/Magdir/ibm6000
  releng/8.4/contrib/file/magic/Magdir/icc
  releng/8.4/contrib/file/magic/Magdir/iff
  releng/8.4/contrib/file/magic/Magdir/images
  releng/8.4/contrib/file/magic/Magdir/inform
  releng/8.4/contrib/file/magic/Magdir/intel
  releng/8.4/contrib/file/magic/Magdir/interleaf
  releng/8.4/contrib/file/magic/Magdir/island
  releng/8.4/contrib/file/magic/Magdir/ispell
  releng/8.4/contrib/file/magic/Magdir/isz
  releng/8.4/contrib/file/magic/Magdir/java
  releng/8.4/contrib/file/magic/Magdir/javascript
  releng/8.4/contrib/file/magic/Magdir/jpeg
  releng/8.4/contrib/file/magic/Magdir/karma
  releng/8.4/contrib/file/magic/Magdir/kde
  releng/8.4/contrib/file/magic/Magdir/keepass
  releng/8.4/contrib/file/magic/Magdir/kerberos
  releng/8.4/contrib/file/magic/Magdir/kml
  releng/8.4/contrib/file/magic/Magdir/lecter
  releng/8.4/contrib/file/magic/Magdir/lex
  releng/8.4/contrib/file/magic/Magdir/lif
  releng/8.4/contrib/file/magic/Magdir/linux
  releng/8.4/contrib/file/magic/Magdir/lisp
  releng/8.4/contrib/file/magic/Magdir/llvm
  releng/8.4/contrib/file/magic/Magdir/lua
  releng/8.4/contrib/file/magic/Magdir/luks
  releng/8.4/contrib/file/magic/Magdir/m4
  releng/8.4/contrib/file/magic/Magdir/mach
  releng/8.4/contrib/file/magic/Magdir/macintosh
  releng/8.4/contrib/file/magic/Magdir/macos
  releng/8.4/contrib/file/magic/Magdir/magic
  releng/8.4/contrib/file/magic/Magdir/mail.news
  releng/8.4/contrib/file/magic/Magdir/make
  releng/8.4/contrib/file/magic/Magdir/map
  releng/8.4/contrib/file/magic/Magdir/maple
  releng/8.4/contrib/file/magic/Magdir/marc21
  releng/8.4/contrib/file/magic/Magdir/mathcad
  releng/8.4/contrib/file/magic/Magdir/mathematica
  releng/8.4/contrib/file/magic/Magdir/matroska
  releng/8.4/contrib/file/magic/Magdir/mcrypt
  releng/8.4/contrib/file/magic/Magdir/mercurial
  releng/8.4/contrib/file/magic/Magdir/metastore
  releng/8.4/contrib/file/magic/Magdir/meteorological
  releng/8.4/contrib/file/magic/Magdir/mime
  releng/8.4/contrib/file/magic/Magdir/mips
  releng/8.4/contrib/file/magic/Magdir/mirage
  releng/8.4/contrib/file/magic/Magdir/misctools
  releng/8.4/contrib/file/magic/Magdir/mkid
  releng/8.4/contrib/file/magic/Magdir/mlssa
  releng/8.4/contrib/file/magic/Magdir/mmdf
  releng/8.4/contrib/file/magic/Magdir/modem
  releng/8.4/contrib/file/magic/Magdir/motorola
  releng/8.4/contrib/file/magic/Magdir/mozilla
  releng/8.4/contrib/file/magic/Magdir/msdos
  releng/8.4/contrib/file/magic/Magdir/msooxml
  releng/8.4/contrib/file/magic/Magdir/msvc
  releng/8.4/contrib/file/magic/Magdir/msx
  releng/8.4/contrib/file/magic/Magdir/mup
  releng/8.4/contrib/file/magic/Magdir/music
  releng/8.4/contrib/file/magic/Magdir/natinst
  releng/8.4/contrib/file/magic/Magdir/ncr
  releng/8.4/contrib/file/magic/Magdir/neko
  releng/8.4/contrib/file/magic/Magdir/netbsd
  releng/8.4/contrib/file/magic/Magdir/netscape
  releng/8.4/contrib/file/magic/Magdir/netware
  releng/8.4/contrib/file/magic/Magdir/news
  releng/8.4/contrib/file/magic/Magdir/nitpicker
  releng/8.4/contrib/file/magic/Magdir/oasis
  releng/8.4/contrib/file/magic/Magdir/ocaml
  releng/8.4/contrib/file/magic/Magdir/octave
  releng/8.4/contrib/file/magic/Magdir/ole2compounddocs
  releng/8.4/contrib/file/magic/Magdir/olf
  releng/8.4/contrib/file/magic/Magdir/os2
  releng/8.4/contrib/file/magic/Magdir/os400
  releng/8.4/contrib/file/magic/Magdir/os9
  releng/8.4/contrib/file/magic/Magdir/osf1
  releng/8.4/contrib/file/magic/Magdir/palm
  releng/8.4/contrib/file/magic/Magdir/parix
  releng/8.4/contrib/file/magic/Magdir/parrot
  releng/8.4/contrib/file/magic/Magdir/pascal
  releng/8.4/contrib/file/magic/Magdir/pbf
  releng/8.4/contrib/file/magic/Magdir/pbm
  releng/8.4/contrib/file/magic/Magdir/pdf
  releng/8.4/contrib/file/magic/Magdir/pdp
  releng/8.4/contrib/file/magic/Magdir/perl
  releng/8.4/contrib/file/magic/Magdir/pgf
  releng/8.4/contrib/file/magic/Magdir/pgp
  releng/8.4/contrib/file/magic/Magdir/pkgadd
  releng/8.4/contrib/file/magic/Magdir/plan9
  releng/8.4/contrib/file/magic/Magdir/plus5
  releng/8.4/contrib/file/magic/Magdir/printer
  releng/8.4/contrib/file/magic/Magdir/project
  releng/8.4/contrib/file/magic/Magdir/psdbms
  releng/8.4/contrib/file/magic/Magdir/pulsar
  releng/8.4/contrib/file/magic/Magdir/pwsafe
  releng/8.4/contrib/file/magic/Magdir/pyramid
  releng/8.4/contrib/file/magic/Magdir/python
  releng/8.4/contrib/file/magic/Magdir/qt
  releng/8.4/contrib/file/magic/Magdir/revision
  releng/8.4/contrib/file/magic/Magdir/riff
  releng/8.4/contrib/file/magic/Magdir/rpm
  releng/8.4/contrib/file/magic/Magdir/rtf
  releng/8.4/contrib/file/magic/Magdir/ruby
  releng/8.4/contrib/file/magic/Magdir/sc
  releng/8.4/contrib/file/magic/Magdir/sccs
  releng/8.4/contrib/file/magic/Magdir/scientific
  releng/8.4/contrib/file/magic/Magdir/securitycerts
  releng/8.4/contrib/file/magic/Magdir/selinux
  releng/8.4/contrib/file/magic/Magdir/sendmail
  releng/8.4/contrib/file/magic/Magdir/sequent
  releng/8.4/contrib/file/magic/Magdir/sereal
  releng/8.4/contrib/file/magic/Magdir/sgi
  releng/8.4/contrib/file/magic/Magdir/sgml
  releng/8.4/contrib/file/magic/Magdir/sharc
  releng/8.4/contrib/file/magic/Magdir/sinclair
  releng/8.4/contrib/file/magic/Magdir/sisu
  releng/8.4/contrib/file/magic/Magdir/sketch
  releng/8.4/contrib/file/magic/Magdir/smalltalk
  releng/8.4/contrib/file/magic/Magdir/smile
  releng/8.4/contrib/file/magic/Magdir/sniffer
  releng/8.4/contrib/file/magic/Magdir/softquad
  releng/8.4/contrib/file/magic/Magdir/spec
  releng/8.4/contrib/file/magic/Magdir/spectrum
  releng/8.4/contrib/file/magic/Magdir/sql
  releng/8.4/contrib/file/magic/Magdir/ssh
  releng/8.4/contrib/file/magic/Magdir/ssl
  releng/8.4/contrib/file/magic/Magdir/sun
  releng/8.4/contrib/file/magic/Magdir/symbos
  releng/8.4/contrib/file/magic/Magdir/sysex
  releng/8.4/contrib/file/magic/Magdir/tcl
  releng/8.4/contrib/file/magic/Magdir/teapot
  releng/8.4/contrib/file/magic/Magdir/terminfo
  releng/8.4/contrib/file/magic/Magdir/tex
  releng/8.4/contrib/file/magic/Magdir/tgif
  releng/8.4/contrib/file/magic/Magdir/ti-8x
  releng/8.4/contrib/file/magic/Magdir/timezone
  releng/8.4/contrib/file/magic/Magdir/troff
  releng/8.4/contrib/file/magic/Magdir/tuxedo
  releng/8.4/contrib/file/magic/Magdir/typeset
  releng/8.4/contrib/file/magic/Magdir/unicode
  releng/8.4/contrib/file/magic/Magdir/unknown
  releng/8.4/contrib/file/magic/Magdir/uterus
  releng/8.4/contrib/file/magic/Magdir/uuencode
  releng/8.4/contrib/file/magic/Magdir/varied.out
  releng/8.4/contrib/file/magic/Magdir/varied.script
  releng/8.4/contrib/file/magic/Magdir/vax
  releng/8.4/contrib/file/magic/Magdir/vicar
  releng/8.4/contrib/file/magic/Magdir/virtual
  releng/8.4/contrib/file/magic/Magdir/virtutech
  releng/8.4/contrib/file/magic/Magdir/visx
  releng/8.4/contrib/file/magic/Magdir/vms
  releng/8.4/contrib/file/magic/Magdir/vmware
  releng/8.4/contrib/file/magic/Magdir/vorbis
  releng/8.4/contrib/file/magic/Magdir/vxl
  releng/8.4/contrib/file/magic/Magdir/warc
  releng/8.4/contrib/file/magic/Magdir/weak
  releng/8.4/contrib/file/magic/Magdir/windows
  releng/8.4/contrib/file/magic/Magdir/wireless
  releng/8.4/contrib/file/magic/Magdir/wordprocessors
  releng/8.4/contrib/file/magic/Magdir/wsdl
  releng/8.4/contrib/file/magic/Magdir/xdelta
  releng/8.4/contrib/file/magic/Magdir/xenix
  releng/8.4/contrib/file/magic/Magdir/xilinx
  releng/8.4/contrib/file/magic/Magdir/xo65
  releng/8.4/contrib/file/magic/Magdir/xwindows
  releng/8.4/contrib/file/magic/Magdir/zfs
  releng/8.4/contrib/file/magic/Magdir/zilog
  releng/8.4/contrib/file/magic/Magdir/zyxel
  releng/8.4/contrib/file/magic/Makefile.am   (contents, props changed)
  releng/8.4/contrib/file/magic/Makefile.in   (contents, props changed)
  releng/8.4/contrib/file/missing   (contents, props changed)
  releng/8.4/contrib/file/src/
  releng/8.4/contrib/file/src/Makefile.am   (contents, props changed)
  releng/8.4/contrib/file/src/Makefile.in   (contents, props changed)
  releng/8.4/contrib/file/src/apprentice.c
  releng/8.4/contrib/file/src/apptype.c
  releng/8.4/contrib/file/src/ascmagic.c
  releng/8.4/contrib/file/src/asctime_r.c   (contents, props changed)
  releng/8.4/contrib/file/src/asprintf.c   (contents, props changed)
  releng/8.4/contrib/file/src/cdf.c   (contents, props changed)
  releng/8.4/contrib/file/src/cdf.h   (contents, props changed)
  releng/8.4/contrib/file/src/cdf_time.c   (contents, props changed)
  releng/8.4/contrib/file/src/compress.c
  releng/8.4/contrib/file/src/ctime_r.c   (contents, props changed)
  releng/8.4/contrib/file/src/elfclass.h   (contents, props changed)
  releng/8.4/contrib/file/src/encoding.c   (contents, props changed)
  releng/8.4/contrib/file/src/file.c
  releng/8.4/contrib/file/src/file.h
  releng/8.4/contrib/file/src/file_opts.h
  releng/8.4/contrib/file/src/fmtcheck.c   (contents, props changed)
  releng/8.4/contrib/file/src/fsmagic.c
  releng/8.4/contrib/file/src/funcs.c
  releng/8.4/contrib/file/src/getline.c   (contents, props changed)
  releng/8.4/contrib/file/src/getopt_long.c   (contents, props changed)
  releng/8.4/contrib/file/src/is_tar.c
  releng/8.4/contrib/file/src/magic.c
  releng/8.4/contrib/file/src/magic.h
  releng/8.4/contrib/file/src/magic.h.in   (contents, props changed)
  releng/8.4/contrib/file/src/mygetopt.h   (contents, props changed)
  releng/8.4/contrib/file/src/pread.c   (contents, props changed)
  releng/8.4/contrib/file/src/print.c
  releng/8.4/contrib/file/src/readcdf.c   (contents, props changed)
  releng/8.4/contrib/file/src/readelf.c
  releng/8.4/contrib/file/src/readelf.h
  releng/8.4/contrib/file/src/softmagic.c
  releng/8.4/contrib/file/src/strcasestr.c   (contents, props changed)
  releng/8.4/contrib/file/src/strlcat.c
  releng/8.4/contrib/file/src/strlcpy.c
  releng/8.4/contrib/file/src/tar.h
  releng/8.4/contrib/file/src/vasprintf.c   (contents, props changed)
  releng/9.3/contrib/file/config.guess   (contents, props changed)
  releng/9.3/contrib/file/config.sub   (contents, props changed)
  releng/9.3/contrib/file/depcomp   (contents, props changed)
  releng/9.3/contrib/file/doc/
  releng/9.3/contrib/file/doc/Makefile.am   (contents, props changed)
  releng/9.3/contrib/file/doc/Makefile.in   (contents, props changed)
  releng/9.3/contrib/file/doc/file.man
  releng/9.3/contrib/file/doc/libmagic.man
  releng/9.3/contrib/file/doc/magic.man
  releng/9.3/contrib/file/ltmain.sh   (contents, props changed)
  releng/9.3/contrib/file/magic/
  releng/9.3/contrib/file/magic/Header
  releng/9.3/contrib/file/magic/Localstuff
  releng/9.3/contrib/file/magic/Magdir/
  releng/9.3/contrib/file/magic/Magdir/acorn
  releng/9.3/contrib/file/magic/Magdir/adi
  releng/9.3/contrib/file/magic/Magdir/adventure
  releng/9.3/contrib/file/magic/Magdir/allegro
  releng/9.3/contrib/file/magic/Magdir/alliant
  releng/9.3/contrib/file/magic/Magdir/amanda
  releng/9.3/contrib/file/magic/Magdir/amigaos
  releng/9.3/contrib/file/magic/Magdir/android
  releng/9.3/contrib/file/magic/Magdir/animation
  releng/9.3/contrib/file/magic/Magdir/aout
  releng/9.3/contrib/file/magic/Magdir/apl
  releng/9.3/contrib/file/magic/Magdir/apple
  releng/9.3/contrib/file/magic/Magdir/applix
  releng/9.3/contrib/file/magic/Magdir/archive
  releng/9.3/contrib/file/magic/Magdir/assembler
  releng/9.3/contrib/file/magic/Magdir/asterix
  releng/9.3/contrib/file/magic/Magdir/att3b
  releng/9.3/contrib/file/magic/Magdir/audio
  releng/9.3/contrib/file/magic/Magdir/basis
  releng/9.3/contrib/file/magic/Magdir/bflt
  releng/9.3/contrib/file/magic/Magdir/blackberry
  releng/9.3/contrib/file/magic/Magdir/blcr
  releng/9.3/contrib/file/magic/Magdir/blender
  releng/9.3/contrib/file/magic/Magdir/blit
  releng/9.3/contrib/file/magic/Magdir/bout
  releng/9.3/contrib/file/magic/Magdir/bsdi
  releng/9.3/contrib/file/magic/Magdir/bsi
  releng/9.3/contrib/file/magic/Magdir/btsnoop
  releng/9.3/contrib/file/magic/Magdir/c-lang
  releng/9.3/contrib/file/magic/Magdir/c64
  releng/9.3/contrib/file/magic/Magdir/cad
  releng/9.3/contrib/file/magic/Magdir/cafebabe
  releng/9.3/contrib/file/magic/Magdir/cddb
  releng/9.3/contrib/file/magic/Magdir/chord
  releng/9.3/contrib/file/magic/Magdir/cisco
  releng/9.3/contrib/file/magic/Magdir/citrus
  releng/9.3/contrib/file/magic/Magdir/clarion
  releng/9.3/contrib/file/magic/Magdir/claris
  releng/9.3/contrib/file/magic/Magdir/clipper
  releng/9.3/contrib/file/magic/Magdir/commands
  releng/9.3/contrib/file/magic/Magdir/communications
  releng/9.3/contrib/file/magic/Magdir/compress
  releng/9.3/contrib/file/magic/Magdir/console
  releng/9.3/contrib/file/magic/Magdir/convex
  releng/9.3/contrib/file/magic/Magdir/cracklib
  releng/9.3/contrib/file/magic/Magdir/ctags
  releng/9.3/contrib/file/magic/Magdir/ctf
  releng/9.3/contrib/file/magic/Magdir/cubemap
  releng/9.3/contrib/file/magic/Magdir/cups
  releng/9.3/contrib/file/magic/Magdir/dact
  releng/9.3/contrib/file/magic/Magdir/database
  releng/9.3/contrib/file/magic/Magdir/diamond
  releng/9.3/contrib/file/magic/Magdir/diff
  releng/9.3/contrib/file/magic/Magdir/digital
  releng/9.3/contrib/file/magic/Magdir/dolby
  releng/9.3/contrib/file/magic/Magdir/dump
  releng/9.3/contrib/file/magic/Magdir/dyadic
  releng/9.3/contrib/file/magic/Magdir/ebml
  releng/9.3/contrib/file/magic/Magdir/editors
  releng/9.3/contrib/file/magic/Magdir/efi
  releng/9.3/contrib/file/magic/Magdir/elf
  releng/9.3/contrib/file/magic/Magdir/encore
  releng/9.3/contrib/file/magic/Magdir/epoc
  releng/9.3/contrib/file/magic/Magdir/erlang
  releng/9.3/contrib/file/magic/Magdir/esri
  releng/9.3/contrib/file/magic/Magdir/fcs
  releng/9.3/contrib/file/magic/Magdir/filesystems
  releng/9.3/contrib/file/magic/Magdir/flash
  releng/9.3/contrib/file/magic/Magdir/fonts
  releng/9.3/contrib/file/magic/Magdir/fortran
  releng/9.3/contrib/file/magic/Magdir/frame
  releng/9.3/contrib/file/magic/Magdir/freebsd
  releng/9.3/contrib/file/magic/Magdir/fsav
  releng/9.3/contrib/file/magic/Magdir/fusecompress
  releng/9.3/contrib/file/magic/Magdir/games
  releng/9.3/contrib/file/magic/Magdir/gcc
  releng/9.3/contrib/file/magic/Magdir/geo
  releng/9.3/contrib/file/magic/Magdir/geos
  releng/9.3/contrib/file/magic/Magdir/gimp
  releng/9.3/contrib/file/magic/Magdir/gnome
  releng/9.3/contrib/file/magic/Magdir/gnu
  releng/9.3/contrib/file/magic/Magdir/gnumeric
  releng/9.3/contrib/file/magic/Magdir/gpt
  releng/9.3/contrib/file/magic/Magdir/grace
  releng/9.3/contrib/file/magic/Magdir/graphviz
  releng/9.3/contrib/file/magic/Magdir/gringotts
  releng/9.3/contrib/file/magic/Magdir/guile
  releng/9.3/contrib/file/magic/Magdir/hitachi-sh
  releng/9.3/contrib/file/magic/Magdir/hp
  releng/9.3/contrib/file/magic/Magdir/human68k
  releng/9.3/contrib/file/magic/Magdir/ibm370
  releng/9.3/contrib/file/magic/Magdir/ibm6000
  releng/9.3/contrib/file/magic/Magdir/icc
  releng/9.3/contrib/file/magic/Magdir/iff
  releng/9.3/contrib/file/magic/Magdir/images
  releng/9.3/contrib/file/magic/Magdir/inform
  releng/9.3/contrib/file/magic/Magdir/intel
  releng/9.3/contrib/file/magic/Magdir/interleaf
  releng/9.3/contrib/file/magic/Magdir/island
  releng/9.3/contrib/file/magic/Magdir/ispell
  releng/9.3/contrib/file/magic/Magdir/isz
  releng/9.3/contrib/file/magic/Magdir/java
  releng/9.3/contrib/file/magic/Magdir/javascript
  releng/9.3/contrib/file/magic/Magdir/jpeg
  releng/9.3/contrib/file/magic/Magdir/karma
  releng/9.3/contrib/file/magic/Magdir/kde
  releng/9.3/contrib/file/magic/Magdir/keepass
  releng/9.3/contrib/file/magic/Magdir/kerberos
  releng/9.3/contrib/file/magic/Magdir/kml
  releng/9.3/contrib/file/magic/Magdir/lecter
  releng/9.3/contrib/file/magic/Magdir/lex
  releng/9.3/contrib/file/magic/Magdir/lif
  releng/9.3/contrib/file/magic/Magdir/linux
  releng/9.3/contrib/file/magic/Magdir/lisp
  releng/9.3/contrib/file/magic/Magdir/llvm
  releng/9.3/contrib/file/magic/Magdir/lua
  releng/9.3/contrib/file/magic/Magdir/luks
  releng/9.3/contrib/file/magic/Magdir/m4
  releng/9.3/contrib/file/magic/Magdir/mach
  releng/9.3/contrib/file/magic/Magdir/macintosh
  releng/9.3/contrib/file/magic/Magdir/macos
  releng/9.3/contrib/file/magic/Magdir/magic
  releng/9.3/contrib/file/magic/Magdir/mail.news
  releng/9.3/contrib/file/magic/Magdir/make
  releng/9.3/contrib/file/magic/Magdir/map
  releng/9.3/contrib/file/magic/Magdir/maple
  releng/9.3/contrib/file/magic/Magdir/marc21
  releng/9.3/contrib/file/magic/Magdir/mathcad
  releng/9.3/contrib/file/magic/Magdir/mathematica
  releng/9.3/contrib/file/magic/Magdir/matroska
  releng/9.3/contrib/file/magic/Magdir/mcrypt
  releng/9.3/contrib/file/magic/Magdir/mercurial
  releng/9.3/contrib/file/magic/Magdir/metastore
  releng/9.3/contrib/file/magic/Magdir/meteorological
  releng/9.3/contrib/file/magic/Magdir/mime
  releng/9.3/contrib/file/magic/Magdir/mips
  releng/9.3/contrib/file/magic/Magdir/mirage
  releng/9.3/contrib/file/magic/Magdir/misctools
  releng/9.3/contrib/file/magic/Magdir/mkid
  releng/9.3/contrib/file/magic/Magdir/mlssa
  releng/9.3/contrib/file/magic/Magdir/mmdf
  releng/9.3/contrib/file/magic/Magdir/modem
  releng/9.3/contrib/file/magic/Magdir/motorola
  releng/9.3/contrib/file/magic/Magdir/mozilla
  releng/9.3/contrib/file/magic/Magdir/msdos
  releng/9.3/contrib/file/magic/Magdir/msooxml
  releng/9.3/contrib/file/magic/Magdir/msvc
  releng/9.3/contrib/file/magic/Magdir/msx
  releng/9.3/contrib/file/magic/Magdir/mup
  releng/9.3/contrib/file/magic/Magdir/music
  releng/9.3/contrib/file/magic/Magdir/natinst
  releng/9.3/contrib/file/magic/Magdir/ncr
  releng/9.3/contrib/file/magic/Magdir/neko
  releng/9.3/contrib/file/magic/Magdir/netbsd
  releng/9.3/contrib/file/magic/Magdir/netscape
  releng/9.3/contrib/file/magic/Magdir/netware
  releng/9.3/contrib/file/magic/Magdir/news
  releng/9.3/contrib/file/magic/Magdir/nitpicker
  releng/9.3/contrib/file/magic/Magdir/oasis
  releng/9.3/contrib/file/magic/Magdir/ocaml
  releng/9.3/contrib/file/magic/Magdir/octave
  releng/9.3/contrib/file/magic/Magdir/ole2compounddocs
  releng/9.3/contrib/file/magic/Magdir/olf
  releng/9.3/contrib/file/magic/Magdir/os2
  releng/9.3/contrib/file/magic/Magdir/os400
  releng/9.3/contrib/file/magic/Magdir/os9
  releng/9.3/contrib/file/magic/Magdir/osf1
  releng/9.3/contrib/file/magic/Magdir/palm
  releng/9.3/contrib/file/magic/Magdir/parix
  releng/9.3/contrib/file/magic/Magdir/parrot
  releng/9.3/contrib/file/magic/Magdir/pascal
  releng/9.3/contrib/file/magic/Magdir/pbf
  releng/9.3/contrib/file/magic/Magdir/pbm
  releng/9.3/contrib/file/magic/Magdir/pdf
  releng/9.3/contrib/file/magic/Magdir/pdp
  releng/9.3/contrib/file/magic/Magdir/perl
  releng/9.3/contrib/file/magic/Magdir/pgf
  releng/9.3/contrib/file/magic/Magdir/pgp
  releng/9.3/contrib/file/magic/Magdir/pkgadd
  releng/9.3/contrib/file/magic/Magdir/plan9
  releng/9.3/contrib/file/magic/Magdir/plus5
  releng/9.3/contrib/file/magic/Magdir/printer
  releng/9.3/contrib/file/magic/Magdir/project
  releng/9.3/contrib/file/magic/Magdir/psdbms
  releng/9.3/contrib/file/magic/Magdir/pulsar
  releng/9.3/contrib/file/magic/Magdir/pwsafe
  releng/9.3/contrib/file/magic/Magdir/pyramid
  releng/9.3/contrib/file/magic/Magdir/python
  releng/9.3/contrib/file/magic/Magdir/qt
  releng/9.3/contrib/file/magic/Magdir/revision
  releng/9.3/contrib/file/magic/Magdir/riff
  releng/9.3/contrib/file/magic/Magdir/rpm
  releng/9.3/contrib/file/magic/Magdir/rtf
  releng/9.3/contrib/file/magic/Magdir/ruby
  releng/9.3/contrib/file/magic/Magdir/sc
  releng/9.3/contrib/file/magic/Magdir/sccs
  releng/9.3/contrib/file/magic/Magdir/scientific
  releng/9.3/contrib/file/magic/Magdir/securitycerts
  releng/9.3/contrib/file/magic/Magdir/selinux
  releng/9.3/contrib/file/magic/Magdir/sendmail
  releng/9.3/contrib/file/magic/Magdir/sequent
  releng/9.3/contrib/file/magic/Magdir/sereal
  releng/9.3/contrib/file/magic/Magdir/sgi
  releng/9.3/contrib/file/magic/Magdir/sgml
  releng/9.3/contrib/file/magic/Magdir/sharc
  releng/9.3/contrib/file/magic/Magdir/sinclair
  releng/9.3/contrib/file/magic/Magdir/sisu
  releng/9.3/contrib/file/magic/Magdir/sketch
  releng/9.3/contrib/file/magic/Magdir/smalltalk
  releng/9.3/contrib/file/magic/Magdir/smile
  releng/9.3/contrib/file/magic/Magdir/sniffer
  releng/9.3/contrib/file/magic/Magdir/softquad
  releng/9.3/contrib/file/magic/Magdir/spec
  releng/9.3/contrib/file/magic/Magdir/spectrum
  releng/9.3/contrib/file/magic/Magdir/sql
  releng/9.3/contrib/file/magic/Magdir/ssh
  releng/9.3/contrib/file/magic/Magdir/ssl
  releng/9.3/contrib/file/magic/Magdir/sun
  releng/9.3/contrib/file/magic/Magdir/symbos
  releng/9.3/contrib/file/magic/Magdir/sysex
  releng/9.3/contrib/file/magic/Magdir/tcl
  releng/9.3/contrib/file/magic/Magdir/teapot
  releng/9.3/contrib/file/magic/Magdir/terminfo
  releng/9.3/contrib/file/magic/Magdir/tex
  releng/9.3/contrib/file/magic/Magdir/tgif
  releng/9.3/contrib/file/magic/Magdir/ti-8x
  releng/9.3/contrib/file/magic/Magdir/timezone
  releng/9.3/contrib/file/magic/Magdir/troff
  releng/9.3/contrib/file/magic/Magdir/tuxedo
  releng/9.3/contrib/file/magic/Magdir/typeset
  releng/9.3/contrib/file/magic/Magdir/unicode
  releng/9.3/contrib/file/magic/Magdir/unknown
  releng/9.3/contrib/file/magic/Magdir/uterus
  releng/9.3/contrib/file/magic/Magdir/uuencode
  releng/9.3/contrib/file/magic/Magdir/varied.out
  releng/9.3/contrib/file/magic/Magdir/varied.script
  releng/9.3/contrib/file/magic/Magdir/vax
  releng/9.3/contrib/file/magic/Magdir/vicar
  releng/9.3/contrib/file/magic/Magdir/virtual
  releng/9.3/contrib/file/magic/Magdir/virtutech
  releng/9.3/contrib/file/magic/Magdir/visx
  releng/9.3/contrib/file/magic/Magdir/vms
  releng/9.3/contrib/file/magic/Magdir/vmware
  releng/9.3/contrib/file/magic/Magdir/vorbis
  releng/9.3/contrib/file/magic/Magdir/vxl
  releng/9.3/contrib/file/magic/Magdir/warc
  releng/9.3/contrib/file/magic/Magdir/weak
  releng/9.3/contrib/file/magic/Magdir/windows
  releng/9.3/contrib/file/magic/Magdir/wireless
  releng/9.3/contrib/file/magic/Magdir/wordprocessors
  releng/9.3/contrib/file/magic/Magdir/wsdl
  releng/9.3/contrib/file/magic/Magdir/xdelta
  releng/9.3/contrib/file/magic/Magdir/xenix
  releng/9.3/contrib/file/magic/Magdir/xilinx
  releng/9.3/contrib/file/magic/Magdir/xo65
  releng/9.3/contrib/file/magic/Magdir/xwindows
  releng/9.3/contrib/file/magic/Magdir/zfs
  releng/9.3/contrib/file/magic/Magdir/zilog
  releng/9.3/contrib/file/magic/Magdir/zyxel
  releng/9.3/contrib/file/magic/Makefile.am   (contents, props changed)
  releng/9.3/contrib/file/magic/Makefile.in   (contents, props changed)
  releng/9.3/contrib/file/missing   (contents, props changed)
  releng/9.3/contrib/file/src/
  releng/9.3/contrib/file/src/Makefile.am   (contents, props changed)
  releng/9.3/contrib/file/src/Makefile.in   (contents, props changed)
  releng/9.3/contrib/file/src/apprentice.c
  releng/9.3/contrib/file/src/apptype.c
  releng/9.3/contrib/file/src/ascmagic.c
  releng/9.3/contrib/file/src/asctime_r.c   (contents, props changed)
  releng/9.3/contrib/file/src/asprintf.c   (contents, props changed)
  releng/9.3/contrib/file/src/cdf.c   (contents, props changed)
  releng/9.3/contrib/file/src/cdf.h   (contents, props changed)
  releng/9.3/contrib/file/src/cdf_time.c   (contents, props changed)
  releng/9.3/contrib/file/src/compress.c
  releng/9.3/contrib/file/src/ctime_r.c   (contents, props changed)
  releng/9.3/contrib/file/src/elfclass.h   (contents, props changed)
  releng/9.3/contrib/file/src/encoding.c   (contents, props changed)
  releng/9.3/contrib/file/src/file.c
  releng/9.3/contrib/file/src/file.h
  releng/9.3/contrib/file/src/file_opts.h
  releng/9.3/contrib/file/src/fmtcheck.c   (contents, props changed)
  releng/9.3/contrib/file/src/fsmagic.c
  releng/9.3/contrib/file/src/funcs.c
  releng/9.3/contrib/file/src/getline.c   (contents, props changed)
  releng/9.3/contrib/file/src/getopt_long.c   (contents, props changed)
  releng/9.3/contrib/file/src/is_tar.c
  releng/9.3/contrib/file/src/magic.c
  releng/9.3/contrib/file/src/magic.h
  releng/9.3/contrib/file/src/magic.h.in   (contents, props changed)
  releng/9.3/contrib/file/src/mygetopt.h   (contents, props changed)
  releng/9.3/contrib/file/src/pread.c   (contents, props changed)
  releng/9.3/contrib/file/src/print.c
  releng/9.3/contrib/file/src/readcdf.c   (contents, props changed)
  releng/9.3/contrib/file/src/readelf.c
  releng/9.3/contrib/file/src/readelf.h
  releng/9.3/contrib/file/src/softmagic.c
  releng/9.3/contrib/file/src/strcasestr.c   (contents, props changed)
  releng/9.3/contrib/file/src/strlcat.c
  releng/9.3/contrib/file/src/strlcpy.c
  releng/9.3/contrib/file/src/tar.h
  releng/9.3/contrib/file/src/vasprintf.c   (contents, props changed)
Deleted:
  releng/8.4/contrib/file/Header
  releng/8.4/contrib/file/Localstuff
  releng/8.4/contrib/file/Magdir/
  releng/8.4/contrib/file/Makefile.am-src
  releng/8.4/contrib/file/apprentice.c
  releng/8.4/contrib/file/apptype.c
  releng/8.4/contrib/file/ascmagic.c
  releng/8.4/contrib/file/asprintf.c
  releng/8.4/contrib/file/cdf.c
  releng/8.4/contrib/file/cdf.h
  releng/8.4/contrib/file/cdf_time.c
  releng/8.4/contrib/file/compress.c
  releng/8.4/contrib/file/elfclass.h
  releng/8.4/contrib/file/encoding.c
  releng/8.4/contrib/file/file.c
  releng/8.4/contrib/file/file.h
  releng/8.4/contrib/file/file.man
  releng/8.4/contrib/file/file_opts.h
  releng/8.4/contrib/file/fsmagic.c
  releng/8.4/contrib/file/funcs.c
  releng/8.4/contrib/file/getopt_long.c
  releng/8.4/contrib/file/is_tar.c
  releng/8.4/contrib/file/libmagic.man
  releng/8.4/contrib/file/magic.c
  releng/8.4/contrib/file/magic.h
  releng/8.4/contrib/file/magic.man
  releng/8.4/contrib/file/magic2mime
  releng/8.4/contrib/file/mygetopt.h
  releng/8.4/contrib/file/names.h
  releng/8.4/contrib/file/patchlevel.h
  releng/8.4/contrib/file/print.c
  releng/8.4/contrib/file/readcdf.c
  releng/8.4/contrib/file/readelf.c
  releng/8.4/contrib/file/readelf.h
  releng/8.4/contrib/file/softmagic.c
  releng/8.4/contrib/file/strlcat.c
  releng/8.4/contrib/file/strlcpy.c
  releng/8.4/contrib/file/tar.h
  releng/8.4/contrib/file/tests/
  releng/8.4/contrib/file/vasprintf.c
  releng/9.3/contrib/file/Header
  releng/9.3/contrib/file/Localstuff
  releng/9.3/contrib/file/Magdir/
  releng/9.3/contrib/file/Makefile.am-src
  releng/9.3/contrib/file/apprentice.c
  releng/9.3/contrib/file/apptype.c
  releng/9.3/contrib/file/ascmagic.c
  releng/9.3/contrib/file/asprintf.c
  releng/9.3/contrib/file/cdf.c
  releng/9.3/contrib/file/cdf.h
  releng/9.3/contrib/file/cdf_time.c
  releng/9.3/contrib/file/compress.c
  releng/9.3/contrib/file/elfclass.h
  releng/9.3/contrib/file/encoding.c
  releng/9.3/contrib/file/file.c
  releng/9.3/contrib/file/file.h
  releng/9.3/contrib/file/file.man
  releng/9.3/contrib/file/file_opts.h
  releng/9.3/contrib/file/fsmagic.c
  releng/9.3/contrib/file/funcs.c
  releng/9.3/contrib/file/getline.c
  releng/9.3/contrib/file/getopt_long.c
  releng/9.3/contrib/file/is_tar.c
  releng/9.3/contrib/file/libmagic.man
  releng/9.3/contrib/file/magic.c
  releng/9.3/contrib/file/magic.h
  releng/9.3/contrib/file/magic.man
  releng/9.3/contrib/file/magic2mime
  releng/9.3/contrib/file/mygetopt.h
  releng/9.3/contrib/file/names.h
  releng/9.3/contrib/file/print.c
  releng/9.3/contrib/file/readcdf.c
  releng/9.3/contrib/file/readelf.c
  releng/9.3/contrib/file/readelf.h
  releng/9.3/contrib/file/softmagic.c
  releng/9.3/contrib/file/strlcat.c
  releng/9.3/contrib/file/strlcpy.c
  releng/9.3/contrib/file/tar.h
  releng/9.3/contrib/file/tests/
  releng/9.3/contrib/file/vasprintf.c
Modified:
  releng/8.4/UPDATING
  releng/8.4/contrib/file/ChangeLog
  releng/8.4/contrib/file/INSTALL
  releng/8.4/contrib/file/Makefile.am
  releng/8.4/contrib/file/Makefile.in
  releng/8.4/contrib/file/README
  releng/8.4/contrib/file/TODO
  releng/8.4/contrib/file/acinclude.m4
  releng/8.4/contrib/file/aclocal.m4
  releng/8.4/contrib/file/compile
  releng/8.4/contrib/file/config.h.in
  releng/8.4/contrib/file/configure
  releng/8.4/contrib/file/configure.ac
  releng/8.4/contrib/file/install-sh
  releng/8.4/lib/libmagic/Makefile
  releng/8.4/lib/libmagic/config.h
  releng/8.4/sys/conf/newvers.sh
  releng/8.4/usr.bin/file/Makefile
  releng/9.3/UPDATING
  releng/9.3/contrib/file/ChangeLog
  releng/9.3/contrib/file/Makefile.am
  releng/9.3/contrib/file/Makefile.in
  releng/9.3/contrib/file/README
  releng/9.3/contrib/file/TODO
  releng/9.3/contrib/file/aclocal.m4
  releng/9.3/contrib/file/compile
  releng/9.3/contrib/file/config.h.in
  releng/9.3/contrib/file/configure
  releng/9.3/contrib/file/configure.ac
  releng/9.3/contrib/file/install-sh
  releng/9.3/lib/libmagic/Makefile
  releng/9.3/lib/libmagic/config.h
  releng/9.3/sys/conf/newvers.sh
  releng/9.3/usr.bin/file/Makefile

Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING	Tue Jun  9 22:13:25 2015	(r284193)
+++ releng/8.4/UPDATING	Tue Jun  9 22:13:53 2015	(r284194)
@@ -15,6 +15,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20150609:	p29	FreeBSD-EN-15:06.file
+
+	Updated base system file(1) to 5.22 to address multiple denial
+	of service issues.
+
 20150513:	p28	FreeBSD-EN-15:04.freebsd-update
 
 	Fix bug with freebsd-update(8) that does not ensure the previous

Modified: releng/8.4/contrib/file/ChangeLog
==============================================================================
--- releng/8.4/contrib/file/ChangeLog	Tue Jun  9 22:13:25 2015	(r284193)
+++ releng/8.4/contrib/file/ChangeLog	Tue Jun  9 22:13:53 2015	(r284194)
@@ -1,3 +1,645 @@
+2015-01-02  15:15  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.22
+
+2015-01-01  12:01  Christos Zoulas <christos@zoulas.com>
+
+	* add indirect relative for TIFF/Exif
+
+2014-12-16  18:10  Christos Zoulas <christos@zoulas.com>
+	
+	* restructure elf note printing to avoid repeated messages
+	* add note limit, suggested by Alexander Cherepanov
+
+2014-12-16  16:53  Christos Zoulas <christos@zoulas.com>
+	
+	* Bail out on partial pread()'s (Alexander Cherepanov)
+	* Fix incorrect bounds check in file_printable (Alexander Cherepanov)
+
+2014-12-11  20:01  Christos Zoulas <christos@zoulas.com>
+
+	* PR/405: ignore SIGPIPE from uncompress programs
+	* change printable -> file_printable and use it in
+	  more places for safety
+	* in ELF, instead of "(uses dynamic libraries)" when PT_INTERP
+	  is present print the interpreter name.
+	
+2014-12-10  20:01  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.21
+
+2014-11-27  18:40  Christos Zoulas <christos@zoulas.com>
+
+	* Allow setting more parameters from the command line.
+	* Split name/use and indirect magic recursion limits.
+
+2014-11-27  11:12  Christos Zoulas <christos@zoulas.com>
+
+	* Adjust ELF parameters and the default recursion
+	  level.
+	* Allow setting the recursion level dynamically.
+
+2014-11-24   8:55  Christos Zoulas <christos@zoulas.com>
+
+	* The following fixes resulted from Thomas Jarosch's fuzzing
+	  tests that revealed severe performance issues on pathological
+	  input:
+	    - limit number of elf program and sections processing
+	    - abort elf note processing quickly
+	    - reduce the number of recursion levels from 20 to 10
+	    - preserve error messages in indirect magic handling
+
+	This is tracked as CVE-2014-8116 and CVE-2014-8117
+
+2014-11-12  10:30  Christos Zoulas <christos@zoulas.com>
+
+	* fix bogus free in the user buffer case.
+
+2014-11-11  12:35  Christos Zoulas <christos@zoulas.com>
+
+	* fix out of bounds read for pascal strings
+	* fix memory leak (not freeing the head of each mlist)
+
+2014-11-07  10:25  Christos Zoulas <christos@zoulas.com>
+
+	* When printing strings from a file, convert them to printable
+	  on a byte by byte basis, so that we don't get issues with
+	  locale's trying to interpret random byte streams as UTF-8 and
+	  having printf error out with EILSEQ.
+	  
+2014-10-17  11:48  Christos Zoulas <christos@zoulas.com>
+
+	* fix bounds in note reading (Francisco Alonso / Red Hat)
+
+2014-10-11  15:02  Christos Zoulas <christos@zoulas.com>
+
+	* fix autoconf glue for setlocale and locale_t; some OS's
+	  have locale_t in xlocale.h
+
+2014-10-10  15:01  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.20
+
+2014-08-17  10:01  Christos Zoulas <christos@zoulas.com>
+
+	* recognize encrypted CDF documents
+
+2014-08-04   9:18  Christos Zoulas <christos@zoulas.com>
+
+	* add magic_load_buffers from Brooks Davis
+
+2014-07-24  16:40  Christos Zoulas <christos@zoulas.com>
+
+	* add thumbs.db support
+
+2014-06-12  12:28  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.19
+
+2014-06-09   9:04  Christos Zoulas <christos@zoulas.com>
+	
+	* Misc buffer overruns and missing buffer size tests in cdf parsing
+	  (Francisco Alonso, Jan Kaluza)
+
+2014-06-02  14:50  Christos Zoulas <christos@zoulas.com>
+
+	* Enforce limit of 8K on regex searches that have no limits
+	* Allow the l modifier for regex to mean line count. Default
+	  to byte count. If line count is specified, assume a max
+	  of 80 characters per line to limit the byte count.
+	* Don't allow conversions to be used for dates, allowing
+	  the mask field to be used as an offset.
+
+2014-05-30  12:51  Christos Zoulas <christos@zoulas.com>
+
+	* Make the range operator limit the length of the
+	  regex search.
+
+2014-05-14  19:23  Christos Zoulas <christos@zoulas.com>
+
+	* PR/347: Windows fixes
+	* PR/352: Hangul word processor recognition
+	* PR/354: Encoding irregularities in text files
+
+2014-05-06  6:12  Christos Zoulas <christos@zoulas.com>
+
+	* Fix uninitialized title in CDF files (Jan Kaluza)
+
+2014-05-04  14:55  Christos Zoulas <christos@zoulas.com>
+
+	* PR/351: Fix compilation of empty files 
+
+2014-04-30  17:39  Christos Zoulas <christos@zoulas.com>
+
+	* Fix integer formats: We don't specify 'l' or
+	  'h' and 'hh' specifiers anymore, only 'll' for
+	  quads and nothing for the rest. This is so that
+	  magic writing is simpler.
+
+2014-04-01  15:25  Christos Zoulas <christos@zoulas.com>
+
+	* PR/341: Jan Kaluza, fix memory leak
+	* PR/342: Jan Kaluza, fix out of bounds read
+
+2014-03-28  15:25  Christos Zoulas <christos@zoulas.com>
+
+	* Fix issue with long formats not matching fmtcheck
+
+2014-03-26  11:25  Christos Zoulas <christos@zoulas.com>
+
+	* release 5.18
+
+2014-03-15  17:45  Christos Zoulas <christos@zoulas.com>
+
+	* add fmtcheck(3) for those who don't have it
+
+2014-03-14  15:12  Christos Zoulas <christos@zoulas.com>
+
+	* prevent mime entries from being attached to magic
+	  entries with no descriptions
+
+	* adjust magic strength for regex type
+
+	* remove superfluous ascmagic with encoding test
+
+2014-03-06  12:01  Christos Zoulas <christos@zoulas.com>
+
+	* fix regression fix echo -ne "\012\013\014" | file -i -
+	  which printed "binary" instead of "application/octet-stream"
+
+	* add size_t overflow check for magic file size
+
+2014-02-27  16:01  Christos Zoulas <christos@zoulas.com>
+
+	* experimental support for matching with CFD CLSID
+
+2014-02-18  13:04  Kimmo Suominen (kimmo@suominen.com)
+
+	* Cache old LC_CTYPE locale before setting it to "C", so
+	  we can use it to restore LC_CTYPE instead of asking
+	  setlocale() to scan the environment variables.
+
+2014-02-12  18:21  Christos Zoulas <christos@zoulas.com>
+
+	* Count recursion levels through indirect magic
+
+2014-02-11  10:40  Christos Zoulas <christos@zoulas.com>
+
+	* Prevent infinite recursion on files with indirect offsets of 0
+
+2014-01-30  21:00  Christos Zoulas <christos@zoulas.com>
+
+	* Add -E flag that makes file print filesystem errors to stderr
+	  and exit.
+
+2014-01-08  17:20  Christos Zoulas <christos@zoulas.com>
+
+	* mime printing could print results from multiple magic entries
+	  if there were multiple matches.
+	* in some cases overflow was not detected when computing offsets
+	  in softmagic.
+
+2013-12-05  12:00  Christos Zoulas <christos@zoulas.com>
+
+	* use strcasestr() to for cdf strings
+	* reset to the "C" locale while doing regex operations, or case
+	  insensitive comparisons; this is provisional
+
+2013-11-19  20:10  Christos Zoulas <christos@zoulas.com>
+
+	* always leave magic file loaded, don't unload for magic_check, etc.
+	* fix default encoding to binary instead of unknown which broke recently
+	* handle empty and one byte files, less specially so that
+	  --mime-encoding does not break completely.
+		`
+2013-11-06  14:40  Christos Zoulas <christos@zoulas.com>
+
+	* fix erroneous non-zero exit code from non-existant file and message
+
+2013-10-29  14:25  Christos Zoulas <christos@zoulas.com>
+
+	* add CDF MSI file detection (Guy Helmer)
+
+2013-09-03  11:56  Christos Zoulas <christos@zoulas.com>
+
+	* Don't mix errors and regular output if there was an error
+	* in magic_descriptor() don't close the file and try to restore
+	  its position
+
+2013-05-30  17:25  Christos Zoulas <christos@zoulas.com>
+
+	* Don't treat magic as an error if offset was past EOF (Christoph Biedl)
+
+2013-05-28  17:25  Christos Zoulas <christos@zoulas.com>
+	
+	* Fix spacing issues in softmagic and elf (Jan Kaluza)
+
+2013-05-02  18:00  Christos Zoulas <christos@zoulas.com>
+
+	* Fix segmentation fault with multiple magic_load commands.
+
+2013-04-22  11:20  Christos Zoulas <christos@zoulas.com>
+
+	* The way "default" was implemented was not very useful
+	  because the "if something was printed at that level"
+	  was not easily controlled by the user, and the format
+	  was bound to a string which is too restrictive. Add
+	  a "clear" for that level keyword and make "default"
+	  void. This way one can do:
+
+		>>13	clear	x
+		>>13	lelong	1	foo
+		>>13	lelong	2	bar
+		>>13	default	x
+		>>>13	lelong	x	unknown %x
+
+2013-03-25  13:20  Christos Zoulas <christos@zoulas.com>
+
+	* disallow strength setting in "name" entries
+
+2013-03-06  21:24  Christos Zoulas <christos@zoulas.com>
+
+	* fix recursive magic separator printing
+
+2013-02-26  19:28  Christos Zoulas <christos@zoulas.com>
+
+	* limit recursion level for mget
+	* fix pread() related breakage in cdf
+	* handle offsets properly in recursive "use"
+
+2013-02-18  10:39  Christos Zoulas <christos@zoulas.com>
+
+	* add elf reading of debug info to determine if file is stripped
+	  (Jan Kaluza)
+	* use pread()
+
+2013-01-25  18:05  Christos Zoulas <christos@zoulas.com>
+
+	* change mime description size from 64 to 80 to accommodate OOXML.
+
+2013-01-11  14:50  Christos Zoulas <christos@zoulas.com>
+
+	* Warn about inconsistent continuation levels.
+	* Change fsmagic to add a space after it prints.
+
+2013-01-10  21:00  Christos Zoulas <christos@zoulas.com>
+
+	* Make getline public so that file can link against it.
+	  Perhaps it is better to rename it, or hide it differently.
+	  Fixes builds on platforms that do not provide it.
+	  
+2013-01-07  16:30  Christos Zoulas <christos@zoulas.com>
+
+	* Add SuS d{,1,2,4,8}, u{,1,2,4,8} and document
+	  what long, int, short, etc is (Guy Harris)
+
+2013-01-06  11:20  Christos Zoulas <christos@zoulas.com>
+
+	* add magic_version function and constant
+	* Redo memory allocation and de-allocation.
+	  (prevents double frees on non mmap platforms)
+	* Fix bug with name/use having to do with passing
+	  found state from the parent to the child and back.
+
+2012-12-19   8:47  Christos Zoulas <christos@zoulas.com>
+
+	* Only print elf capabilities for archs we know (Jan Kaluza)
+
+2012-10-30  19:14  Christos Zoulas <christos@zoulas.com>
+
+	* Add "name" and "use" file types in order to look
+	  inside mach-o files.
+
+2012-09-06  10:40  Christos Zoulas <christos@zoulas.com>
+
+	* make --version exit 0 (Matthew Schultz)
+	* add string/T (Jan Kaluza)
+
+2012-08-09  2:15  Christos Zoulas <christos@zoulas.com>
+
+	* add z and t modifiers for our own vasprintf
+	* search for $HOME/.magic.mgc if it is there first
+	* fix reads from a pipe, and preserve errno
+
+2012-05-15  13:12  Christos Zoulas <christos@zoulas.com>
+
+	* use ctime_r, asctime_r
+
+2012-04-06  17:18  Christos Zoulas <christos@zoulas.com>
+
+	* Fixes for indirect offsets to handle apple disk formats
+
+2012-04-03  18:26  Christos Zoulas <christos@zoulas.com>
+
+	* Add windows date field types
+	* More info for windows shortcuts (incomplete)
+
+2012-02-20  17:33  Christos Zoulas <christos@zoulas.com>
+
+	* Fix CDF parsing issues found by CERT's fuzzing tool (Will Dormann)
+
+2011-12-15  12:17  Chris Metcalf <cmetcalf@tilera.com>
+
+	* Support Tilera architectures (tile64, tilepro, tilegx).
+
+2011-12-16  16:33  Reuben Thomas <rrt@sc3d.org>
+
+	* Add magic for /usr/bin/env Perl scripts
+	* Weaken generic script magic to avoid clashing with
+	language-specific magic.
+
+2011-12-08  13:37  Reuben Thomas <rrt@sc3d.org>
+
+	* Simplify if (p) free(p) to free(p).
+
+2011-12-08  13:07  Reuben Thomas <rrt@sc3d.org>
+
+	* Remove hardwired token finding (names.h), turning it into soft
+	magic. Patterns are either anchored regexs or search/8192. English
+	language detection and PL/1 detection have been removed as they
+	were too fragile. -e tokens is still accepted for backwards
+	compatibility.
+	* Move 3ds patterns (which are commented out anyway) into autodesk
+	(they were, oddly, in c-lang).
+
+2011-12-06  00:16  Reuben Thomas <rrt@sc3d.org>
+
+	* Tweak strength of generic hash-bang detectors to be less than
+	specific ones.
+	* Make an inconsistent description of Python scripts consistent.
+
+2011-12-05  23:58  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix minor error in file(1).
+
+2011-11-05  00:00  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix issue #150 (I hope).
+
+2011-09-22  12:57  Christos Zoulas <christos@zoulas.com>
+
+	* Python3 binding fixes from Kelly Anderson
+
+2011-09-20  11:32  Christos Zoulas <christos@zoulas.com>
+
+	* If a string type magic entry is marked as text or binary
+	  only match text files against text entries and binary
+	  files against binary entries.
+
+2011-09-01  12:12  Christos Zoulas <christos@zoulas.com>
+
+	* Don't wait for any subprocess, just the one we forked.
+
+2011-08-26  16:40  Christos Zoulas <christos@zoulas.com>
+
+	* If the application name is not set in a cdf file, try to see
+	  if it has a directory with the application name on it.
+
+2011-08-17  14:32  Christos Zoulas <christos@zoulas.com>
+
+	* Fix ELF lseek(2) madness. Inspired by PR/134 by Jan Kaluza
+
+2011-08-14  09:03  Christos Zoulas <christos@zoulas.com>
+
+	* Don't use variable string formats.
+
+2011-07-12  12:32  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix detection of Zip files (Mantis #128).
+	* Make some minor improvements to file(1).
+	* Rename MIME types for filesystem objects for consistency with
+	  xdg-utils. Typically this means that application/x-foo becomes
+	  inode/foo, but some names also change slightly, e.g.
+	  application/x-character-device becomes inode/chardevice.
+
+2011-05-10  20:57  Christos Zoulas <christos@zoulas.com>
+
+	* fix mingw compilation (Abradoks)
+
+2011-05-10  20:57  Christos Zoulas <christos@zoulas.com>
+
+	* remove patchlevel.h
+	* Fix read past allocated memory caused by double-incrementing
+	  a pointer in a loop (reported by Roberto Maar)
+
+2011-03-30  15:45  Christos Zoulas <christos@zoulas.com>
+
+	* Fix cdf string buffer setting (Sven Anders)
+
+2011-03-20  16:35  Christos Zoulas <christos@zoulas.com>
+
+	* Eliminate MAXPATHLEN and use dynamic allocation for
+	  path and file buffers.
+
+2011-03-15  18:15  Christos Zoulas <christos@zoulas.com>
+
+	* binary tests on magic entries with masks could spuriously
+	  get converted to ascii.
+
+2011-03-12  18:06  Reuben Thomas <rrt@sc3d.org>
+
+	* Improve file.man (remove BUGS, present email addresses consistently).
+
+2011-03-07  19:38  Christos Zoulas <christos@zoulas.com>
+
+	* add lrzip support (from Ville Skytta)
+
+2011-02-10  16:36  Christos Zoulas <christos@zoulas.com>
+
+	* fix CDF bounds checking (Guy Helmer)
+
+2011-02-10  12:03  Christos Zoulas <christos@zoulas.com>
+
+	* add cdf_ctime() that prints a meaningful error when time cannot
+	  be converted.
+
+2011-02-02  20:40  Christos Zoulas <christos@zoulas.com>
+
+	* help and version output to stdout.
+
+	* When matching softmagic for ascii files, don't just print
+	  the softmagic classification, keep going and print the
+	  text classification too. This fixes broken troff files when
+	  we moved them from keyword recognition to softmagic
+	  (they stopped printing "with CRLF" etc.)
+	  Reported by Doug McIlroy.
+
+2011-01-16  19:31  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix two potential buffer overruns in apprentice_list.
+
+2011-01-14  22:33  Reuben Thomas <rrt@sc3d.org>
+
+	* New Python binding in pure Python.
+	* Update libmagic(3).
+
+2011-01-06  21:40  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix Python bindings (including recent Python 3 compatibility
+	  update).
+
+2011-01-04  18:43  Reuben Thomas <rrt@sc3d.org>
+
+	* magic/Makefile.am: make it easier to recover from magic build failures.
+	* Fix pstring length specifier parsing to avoid generating invalid
+	  magic files.
+	* Add pstring length "J" (for "JPEG") to specify that the length
+	  include itself.
+	* Fix JPEG comment parsing at last using pstring/HJ!
+	* Ignore section 5 man pages in doc/.cvsignore.
+
+2010-12-22  13:12  Christos Zoulas <christos@zoulas.com>
+
+	* Add pstring/BHhLl to specify the type of the length of pascal
+	  strings.
+
+2010-11-26  18:39  Reuben Thomas <rrt@sc3d.org>
+
+	* Fix "-e soft": it was ignored when softmagic was called
+	  during asciimagic.
+	* Improve comments and use "unsigned char" in tar.h/is_tar.c.
+
+2010-11-05  17:26  Reuben Thomas <rrt@sc3d.org>
+
+	* Make bug reporting addresses more visible.
+
+2010-11-01  18:35  Reuben Thomas <rrt@sc3d.org>
+
+	* Add tcl magic from Gustaf Neumann
+
+2010-10-24  10:42  Christos Zoulas <christos@zoulas.com>
+
+	* Fix the whitespace comparing code (Christopher Chittleborough)
+
+2010-10-06  21:05  Christos Zoulas <christos@zoulas.com>
+
+	* allow string/t to work (Jan Kaluza)
+
+2010-09-20  22:11  Reuben Thomas <rrt@sc3d.org>
+
+	* Apply some patches from Ubuntu and Fedora.
+
+2010-09-20  21:16  Reuben Thomas <rrt@sc3d.org>
+
+	* Apply all patches from Debian package 5.04-6 which have not
+	  already been applied and are not Debian-specific.
+
+2010-09-20  15:24  Reuben Thomas <rrt@sc3d.org>
+
+	* Minor security fix to softmagic.c (don't use untrusted
+	  string as printf format).
+
+2010-07-21  12:20  Christos Zoulas <christos@zoulas.com>
+
+	* MINGW32 portability from LRN
+
+	* Don't warn about escaping magic regex chars when we are in a regex.
+
+2010-07-19  10:55  Christos Zoulas <christos@zoulas.com>
+
+	* Only try to print prpsinfo for core files. (Jan Kaluza)
+
+2010-04-22  12:55  Christos Zoulas <christos@zoulas.com>
+
+	* Try more elf offsets for Debian core files.  (Arnaud Giersch)
+
+2010-02-20  15:18  Reuben Thomas <rrt@sc3d.org>
+
+	* Clarify which sort of CDF we mean.
+
+2010-02-14  22:58  Reuben Thomas <rrt@sc3d.org>
+
+	* Re-jig Zip file type magic so that unsupported special
+	  Zip types (those with "mimetype" at offset 30) can be
+	  recognized.
+
+2010-02-02  21:50  Reuben Thomas <rrt@sc3d.org>
+
+	* Add support for OCF (EPUB) files (application/epub+zip)
+
+2010-01-28  18:25  Christos Zoulas <christos@zoulas.com>
+
+	* Fix core-dump from unbound loop:
+	  https://bugzilla.redhat.com/show_bug.cgi?id=533245
+
+2010-01-22  15:45  Christos Zoulas <christos@zoulas.com>
+
+	* print proper mime for crystal reports file
+
+	* print the last summary information of a cdf document, not the
+	  first so that nested documents print the right info
+
+2010-01-16  18:42  Charles Longeau <chl@tuxfamily.org>
+
+	* bring back some fixes from OpenBSD:
+		- make gcc2 builds file
+		- fix typos in a magic file comment
+
+2009-11-17  18:35  Christos Zoulas <christos@zoulas.com>
+
+	* ctime/asctime can return NULL on some OS's although
+	  they should not (Toshit Antani)
+
+2009-09-14  13:49  Christos Zoulas <christos@zoulas.com>
+
+	* Centralize magic path handling routines and remove the
+	  special-casing from file.c so that the python module for
+	  example comes up with the same magic path (Fixes ~/.magic
+	  handling) (from Gab)
+
+2009-09-11  23:38  Reuben Thomas <rrt@sc3d.org>
+
+	* When magic argument is a directory, read the files in
+	  strcmp-sorted order (fixes Debian bug #488562 and our own FIXME).
+
+2009-09-11  13:11  Reuben Thomas <rrt@sc3d.org>
+
+	* Combine overlapping epoc and psion magic files into one (epoc).
+
+	* Add some more EPOC MIME types.
+
+2009-08-19  15:55  Christos Zoulas <christos@zoulas.com>
+
+	* Fix 3 bugs (From Ian Darwin):
+	    - file_showstr could move one past the end of the array
+	    - parse_apple did not nul terminate the string in the overflow case
+	    - parse_mime truncated the wrong string in the overflow case
+
+2009-08-12  12:28  Robert Byrnes  <byrnes@wildpumpkin.net>
+
+	* Include Localstuff when compiling magic.
+
+2009-07-15  10:05  Christos Zoulas <christos@zoulas.com>
+
+	* Fix logic for including mygetopts.h
+
+	* Make cdf.c compile again with debugging
+
+	* Add the necessary field handling for crystal reports files to work
+
+2009-06-23 01:34  Reuben Thomas <rrt@sc3d.org>
+
+	* Stop "(if" identifying Lisp files, that's plain dumb!
+
+2009-06-09 22:13  Reuben Thomas <rrt@sc3d.org>
+
+	* Add a couple of missing MP3 MIME types.
+
+2009-05-27 23:00  Reuben Thomas <rrt@sc3d.org>
+
+	* Add full range of hash-bang tests for Python and Ruby.
+
+	* Add MIME types for Python and Ruby scripts.
+
+2009-05-13  10:44  Christos Zoulas <christos@zoulas.com>
+
+	* off by one in parsing hw capabilities in elf
+	  (Cheng Renquan)
+
+2009-05-08  13:40  Christos Zoulas <christos@zoulas.com>
+	
+	* lint fixes and more from NetBSD
+
 2009-05-06  10:25  Christos Zoulas <christos@zoulas.com>
 
 	* Avoid null dereference in cdf code (Drew Yao)
@@ -545,7 +1187,7 @@
 
 	* Identify gnu tar vs. posix tar
 
-	* When keep going, don't print spurious newlines (Radek Vokál)
+	* When keep going, don't print spurious newlines (Radek Vokal)
 
 2006-04-01 12:02 Christos Zoulas <christos@astron.com>
 
@@ -569,7 +1211,7 @@
 2005-10-31 8:54 Christos Zoulas <christos@astron.com>
 
 	* Fix regression where the core info was not completely processed
-	    (Radek Vokál)
+	    (Radek Vokal)
 
 2005-10-20 11:15 Christos Zoulas <christos@astron.com>
 
@@ -586,7 +1228,7 @@
 2005-09-20 13:33 Christos Zoulas <christos@astron.com>
 
 	* Don't print SVR4 Style in core files multiple times
-	    (Radek Vokál)
+	    (Radek Vokal)
 
 2005-08-27 04:09 Christos Zoulas <christos@astron.com>
 

Modified: releng/8.4/contrib/file/INSTALL
==============================================================================
--- releng/8.4/contrib/file/INSTALL	Tue Jun  9 22:13:25 2015	(r284193)
+++ releng/8.4/contrib/file/INSTALL	Tue Jun  9 22:13:53 2015	(r284194)
@@ -2,18 +2,24 @@ Installation Instructions
 *************************
 
 Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006 Free Software Foundation, Inc.
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
 
-This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
+   Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.  This file is offered as-is,
+without warranty of any kind.
 
 Basic Installation
 ==================
 
-Briefly, the shell commands `./configure; make; make install' should
+   Briefly, the shell commands `./configure; make; make install' should
 configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
+instructions specific to this package.  Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below.  The lack of an optional feature in a given package is not
+necessarily a bug.  More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
 
    The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
@@ -42,7 +48,7 @@ may remove or edit it.
 you want to change it or regenerate `configure' using a newer version
 of `autoconf'.
 
-The simplest way to compile this package is:
+   The simplest way to compile this package is:
 
   1. `cd' to the directory containing the package's source code and type
      `./configure' to configure the package for your system.
@@ -53,12 +59,22 @@ The simplest way to compile this package
   2. Type `make' to compile the package.
 
   3. Optionally, type `make check' to run any self-tests that come with
-     the package.
+     the package, generally using the just-built uninstalled binaries.
 
   4. Type `make install' to install the programs and any data files and
-     documentation.
+     documentation.  When installing into a prefix owned by root, it is
+     recommended that the package be configured and built as a regular
+     user, and only the `make install' phase executed with root
+     privileges.
+
+  5. Optionally, type `make installcheck' to repeat any self-tests, but
+     this time using the binaries in their final installed location.
+     This target does not install anything.  Running this target as a
+     regular user, particularly if the prior `make install' required
+     root privileges, verifies that the installation completed
+     correctly.
 
-  5. You can remove the program binaries and object files from the
+  6. You can remove the program binaries and object files from the
      source code directory by typing `make clean'.  To also remove the
      files that `configure' created (so you can compile the package for
      a different kind of computer), type `make distclean'.  There is
@@ -67,12 +83,22 @@ The simplest way to compile this package
      all sorts of other programs in order to regenerate files that came
      with the distribution.
 
+  7. Often, you can also type `make uninstall' to remove the installed
+     files again.  In practice, not all packages have tested that
+     uninstallation works correctly, even though it is required by the
+     GNU Coding Standards.
+
+  8. Some packages, particularly those that use Automake, provide `make
+     distcheck', which can by used by developers to test that all other
+     targets like `make install' and `make uninstall' work correctly.
+     This target is generally not run by end users.
+
 Compilers and Options
 =====================
 
-Some systems require unusual options for compilation or linking that the
-`configure' script does not know about.  Run `./configure --help' for
-details on some of the pertinent environment variables.
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
 
    You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
@@ -85,25 +111,41 @@ is an example:
 Compiling For Multiple Architectures
 ====================================
 
-You can compile the package for more than one kind of computer at the
+   You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
 own directory.  To do this, you can use GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
+source code in the directory that `configure' is in and in `..'.  This
+is known as a "VPATH" build.
 
    With a non-GNU `make', it is safer to compile the package for one
 architecture at a time in the source code directory.  After you have
 installed the package for one architecture, use `make distclean' before
 reconfiguring for another architecture.
 
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
 Installation Names
 ==================
 
-By default, `make install' installs the package's commands under
+   By default, `make install' installs the package's commands under
 `/usr/local/bin', include files under `/usr/local/include', etc.  You
 can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
 
    You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
@@ -114,16 +156,47 @@ Documentation and other data files still
    In addition, if you use an unusual directory layout you can give
 options like `--bindir=DIR' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
+you can set and what kinds of files go in them.  In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+   The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+   The first method involves providing an override variable for each
+affected directory.  For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'.  Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated.  The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+   The second method involves providing the `DESTDIR' variable.  For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names.  The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters.  On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
 
    If the package supports it, you can cause programs to be installed
 with an extra prefix or suffix on their names by giving `configure' the
 option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
 
-Optional Features
-=================
-
-Some packages pay attention to `--enable-FEATURE' options to
+   Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
@@ -135,14 +208,53 @@ find the X include and library files aut
 you can use the `configure' options `--x-includes=DIR' and
 `--x-libraries=DIR' to specify their locations.
 
+   Some packages offer the ability to configure how verbose the
+execution of `make' will be.  For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
 Specifying the System Type
 ==========================
 
-There may be some features `configure' cannot figure out automatically,
-but needs to determine by the type of machine the package will run on.
-Usually, assuming the package is built to be run on the _same_
-architectures, `configure' can figure that out, but if it prints a
-message saying it cannot guess the machine type, give it the
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:
 
@@ -150,7 +262,8 @@ type, such as `sun4', or a canonical nam
 
 where SYSTEM can have one of these forms:
 
-     OS KERNEL-OS
+     OS
+     KERNEL-OS
 
    See the file `config.sub' for the possible values of each field.  If
 `config.sub' isn't included in this package, then this package doesn't
@@ -168,9 +281,9 @@ eventually be run) with `--host=TYPE'.
 Sharing Defaults
 ================
 
-If you want to set default values for `configure' scripts to share, you
-can create a site shell script called `config.site' that gives default
-values for variables like `CC', `cache_file', and `prefix'.
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
@@ -179,7 +292,7 @@ A warning: not all `configure' scripts l
 Defining Variables
 ==================
 
-Variables not defined in a site shell script can be set in the
+   Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
@@ -198,11 +311,19 @@ an Autoconf bug.  Until the bug is fixed
 `configure' Invocation
 ======================
 
-`configure' recognizes the following options to control how it operates.
+   `configure' recognizes the following options to control how it
+operates.
 
 `--help'
 `-h'
-     Print a summary of the options to `configure', and exit.
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
 
 `--version'
 `-V'
@@ -229,6 +350,16 @@ an Autoconf bug.  Until the bug is fixed
      Look for the package's source code in directory DIR.  Usually
      `configure' can determine that directory automatically.
 
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *note Installation Names::

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-releng@FreeBSD.ORG  Wed Jun 10 08:13:21 2015
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6C111652;
 Wed, 10 Jun 2015 08:13:21 +0000 (UTC)
 (envelope-from madpilot@FreeBSD.org)
Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0836211EB;
 Wed, 10 Jun 2015 08:13:17 +0000 (UTC)
 (envelope-from madpilot@FreeBSD.org)
Received: from mail (mail [192.168.254.3])
 by mail.madpilot.net (Postfix) with ESMTP id 3m61KQ6c6rzblV;
 Wed, 10 Jun 2015 10:13:14 +0200 (CEST)
Received: from mail.madpilot.net ([192.168.254.3])
 by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024)
 with ESMTP id kmududHNETbi; Wed, 10 Jun 2015 10:13:09 +0200 (CEST)
Received: from marvin.madpilot.net (micro.madpilot.net [88.149.173.206])
 by mail.madpilot.net (Postfix) with ESMTPSA;
 Wed, 10 Jun 2015 10:13:09 +0200 (CEST)
Message-ID: <5577F194.8090408@FreeBSD.org>
Date: Wed, 10 Jun 2015 10:13:08 +0200
From: Guido Falsi <madpilot@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Xin LI <delphij@FreeBSD.org>, src-committers@freebsd.org, 
 svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject: Re: svn commit: r284193 - in releng/10.1: . contrib/file
 contrib/file/doc
 contrib/file/magic contrib/file/magic/Magdir contrib/file/src lib/libmagic
 sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/conf
References: <201506092213.t59MDQ26055261@svn.freebsd.org>
In-Reply-To: <201506092213.t59MDQ26055261@svn.freebsd.org>
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2015 08:13:21 -0000

On 06/10/15 00:13, Xin LI wrote:
> Author: delphij
> Date: Tue Jun  9 22:13:25 2015
> New Revision: 284193
> URL: https://svnweb.freebsd.org/changeset/base/284193
> 
> Log:
>   Update base system file(1) to 5.22 to address multiple denial of
>   service issues. [EN-15:06]
>   
>   Improve reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
>   [EN-15:07]
>   
>   Approved by:	so
> 
> Added:
>   releng/10.1/contrib/file/magic/Magdir/kerberos
>   releng/10.1/contrib/file/magic/Magdir/meteorological
>   releng/10.1/contrib/file/magic/Magdir/qt
> Deleted:
>   releng/10.1/contrib/file/magic/Magdir/rinex
> Modified:
>   releng/10.1/UPDATING
>   releng/10.1/contrib/file/ChangeLog
>   releng/10.1/contrib/file/README
>   releng/10.1/contrib/file/TODO
>   releng/10.1/contrib/file/config.h.in
>   releng/10.1/contrib/file/configure
>   releng/10.1/contrib/file/configure.ac
>   releng/10.1/contrib/file/doc/file.man
>   releng/10.1/contrib/file/doc/libmagic.man
>   releng/10.1/contrib/file/doc/magic.man
>   releng/10.1/contrib/file/magic/Magdir/android
>   releng/10.1/contrib/file/magic/Magdir/animation
>   releng/10.1/contrib/file/magic/Magdir/archive
>   releng/10.1/contrib/file/magic/Magdir/blender
>   releng/10.1/contrib/file/magic/Magdir/cafebabe
>   releng/10.1/contrib/file/magic/Magdir/commands
>   releng/10.1/contrib/file/magic/Magdir/compress
>   releng/10.1/contrib/file/magic/Magdir/database
>   releng/10.1/contrib/file/magic/Magdir/elf
>   releng/10.1/contrib/file/magic/Magdir/filesystems
>   releng/10.1/contrib/file/magic/Magdir/images
>   releng/10.1/contrib/file/magic/Magdir/jpeg
>   releng/10.1/contrib/file/magic/Magdir/linux
>   releng/10.1/contrib/file/magic/Magdir/macintosh
>   releng/10.1/contrib/file/magic/Magdir/msooxml
>   releng/10.1/contrib/file/magic/Magdir/netbsd
>   releng/10.1/contrib/file/magic/Magdir/pascal
>   releng/10.1/contrib/file/magic/Magdir/pgp
>   releng/10.1/contrib/file/magic/Magdir/python
>   releng/10.1/contrib/file/magic/Magdir/riff
>   releng/10.1/contrib/file/magic/Magdir/sequent
>   releng/10.1/contrib/file/magic/Magdir/sereal
>   releng/10.1/contrib/file/magic/Magdir/ssh
>   releng/10.1/contrib/file/magic/Magdir/vms
>   releng/10.1/contrib/file/magic/Magdir/vorbis
>   releng/10.1/contrib/file/magic/Magdir/windows
>   releng/10.1/contrib/file/magic/Makefile.am
>   releng/10.1/contrib/file/magic/Makefile.in
>   releng/10.1/contrib/file/src/Makefile.in
>   releng/10.1/contrib/file/src/apprentice.c
>   releng/10.1/contrib/file/src/ascmagic.c
>   releng/10.1/contrib/file/src/cdf.c
>   releng/10.1/contrib/file/src/cdf.h
>   releng/10.1/contrib/file/src/compress.c
>   releng/10.1/contrib/file/src/elfclass.h
>   releng/10.1/contrib/file/src/encoding.c
>   releng/10.1/contrib/file/src/file.c
>   releng/10.1/contrib/file/src/file.h
>   releng/10.1/contrib/file/src/file_opts.h
>   releng/10.1/contrib/file/src/fsmagic.c
>   releng/10.1/contrib/file/src/funcs.c
>   releng/10.1/contrib/file/src/getline.c
>   releng/10.1/contrib/file/src/magic.c
>   releng/10.1/contrib/file/src/magic.h
>   releng/10.1/contrib/file/src/magic.h.in
>   releng/10.1/contrib/file/src/pread.c
>   releng/10.1/contrib/file/src/readcdf.c
>   releng/10.1/contrib/file/src/readelf.c
>   releng/10.1/contrib/file/src/softmagic.c
>   releng/10.1/contrib/file/src/vasprintf.c
>   releng/10.1/lib/libmagic/config.h
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_disk.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_file.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
>   releng/10.1/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_label.c
>   releng/10.1/sys/conf/newvers.sh
> 
> Modified: releng/10.1/UPDATING
> ==============================================================================
> --- releng/10.1/UPDATING	Tue Jun  9 21:39:38 2015	(r284192)
> +++ releng/10.1/UPDATING	Tue Jun  9 22:13:25 2015	(r284193)
> @@ -16,6 +16,15 @@ from older versions of FreeBSD, try WITH
>  stable/10, and then rebuild without this option. The bootstrap process from
>  older version of current is a bit fragile.
>  
> +20150609:	p29	FreeBSD-EN-15:06.file
> +			FreeBSD-EN-15:07.zfs
> +
> +	Updated base system file(1) to 5.22 to address multiple denial
> +	of service issues. [EN-15:06]
> +
> +	Improved reliability of ZFS when TRIM/UNMAP and/or L2ARC is used.
> +	[EN-15:07]
> +
>  20150513:	p10	FreeBSD-EN-15:04.freebsd-update
>  			FreeBSD-EN-15:05.ufs
>  

Noticed this just now, updating some src tree, the p29 number looks
wrong, I think it should have been p11...

Not a big deal, but I thought I'd report this if it can be fixed.

-- 
Guido Falsi <madpilot@FreeBSD.org>

From owner-svn-src-releng@FreeBSD.ORG  Wed Jun 10 17:27:49 2015
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1701A650;
 Wed, 10 Jun 2015 17:27:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0544916F5;
 Wed, 10 Jun 2015 17:27:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5AHRmqe049158;
 Wed, 10 Jun 2015 17:27:48 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5AHRmeC049157;
 Wed, 10 Jun 2015 17:27:48 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201506101727.t5AHRmeC049157@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 10 Jun 2015 17:27:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r284230 - releng/10.1
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2015 17:27:49 -0000

Author: delphij
Date: Wed Jun 10 17:27:48 2015
New Revision: 284230
URL: https://svnweb.freebsd.org/changeset/base/284230

Log:
  src/UPDATING in releng/10.1 should reflect the right patchlevel.
  
  Reported by:	madpilot
  Pointy hat to:	delphij
  Approved by:	so

Modified:
  releng/10.1/UPDATING

Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING	Wed Jun 10 16:15:22 2015	(r284229)
+++ releng/10.1/UPDATING	Wed Jun 10 17:27:48 2015	(r284230)
@@ -16,7 +16,7 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
-20150609:	p29	FreeBSD-EN-15:06.file
+20150609:	p11	FreeBSD-EN-15:06.file
 			FreeBSD-EN-15:07.zfs
 
 	Updated base system file(1) to 5.22 to address multiple denial

From owner-svn-src-releng@FreeBSD.ORG  Fri Jun 12 07:24:04 2015
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0C6DFC3C;
 Fri, 12 Jun 2015 07:24:04 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EB98E129B;
 Fri, 12 Jun 2015 07:24:03 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5C7O3vU013919;
 Fri, 12 Jun 2015 07:24:03 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5C7NtvE013860;
 Fri, 12 Jun 2015 07:23:55 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201506120723.t5C7NtvE013860@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Fri, 12 Jun 2015 07:23:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r284295 - in releng: 10.1 10.1/crypto/openssl/apps
 10.1/crypto/openssl/crypto/bio 10.1/crypto/openssl/crypto/bn
 10.1/crypto/openssl/crypto/buffer 10.1/crypto/openssl/crypto/cms 10.1/cry...
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 07:24:04 -0000

Author: delphij
Date: Fri Jun 12 07:23:55 2015
New Revision: 284295
URL: https://svnweb.freebsd.org/changeset/base/284295

Log:
  Fix OpenSSL multiple vulnerabilities.
  
  Security:	FreeBSD-SA-15:10.openssl
  Approved by:	so

Modified:
  releng/10.1/UPDATING
  releng/10.1/crypto/openssl/apps/dhparam.c
  releng/10.1/crypto/openssl/apps/gendh.c
  releng/10.1/crypto/openssl/apps/s_server.c
  releng/10.1/crypto/openssl/crypto/bio/bio_lib.c
  releng/10.1/crypto/openssl/crypto/bn/bn_gf2m.c
  releng/10.1/crypto/openssl/crypto/bn/bn_print.c
  releng/10.1/crypto/openssl/crypto/buffer/buffer.c
  releng/10.1/crypto/openssl/crypto/cms/cms_smime.c
  releng/10.1/crypto/openssl/crypto/ec/ec2_oct.c
  releng/10.1/crypto/openssl/crypto/ec/ec_check.c
  releng/10.1/crypto/openssl/crypto/ec/ec_key.c
  releng/10.1/crypto/openssl/crypto/ec/ec_lib.c
  releng/10.1/crypto/openssl/crypto/ec/ecp_oct.c
  releng/10.1/crypto/openssl/crypto/ec/ectest.c
  releng/10.1/crypto/openssl/crypto/evp/e_aes.c
  releng/10.1/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
  releng/10.1/crypto/openssl/crypto/evp/evp.h
  releng/10.1/crypto/openssl/crypto/hmac/hmac.c
  releng/10.1/crypto/openssl/crypto/modes/gcm128.c
  releng/10.1/crypto/openssl/crypto/objects/obj_dat.c
  releng/10.1/crypto/openssl/crypto/pkcs12/p12_mutl.c
  releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/10.1/crypto/openssl/crypto/x509/x509_vfy.c
  releng/10.1/crypto/openssl/crypto/x509/x509type.c
  releng/10.1/crypto/openssl/doc/apps/dhparam.pod
  releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
  releng/10.1/crypto/openssl/ssl/d1_both.c
  releng/10.1/crypto/openssl/ssl/d1_lib.c
  releng/10.1/crypto/openssl/ssl/d1_pkt.c
  releng/10.1/crypto/openssl/ssl/s3_cbc.c
  releng/10.1/crypto/openssl/ssl/s3_clnt.c
  releng/10.1/crypto/openssl/ssl/s3_srvr.c
  releng/10.1/crypto/openssl/ssl/ssl.h
  releng/10.1/crypto/openssl/ssl/ssl_err.c
  releng/10.1/crypto/openssl/ssl/ssl_locl.h
  releng/10.1/crypto/openssl/ssl/ssl_sess.c
  releng/10.1/crypto/openssl/ssl/t1_lib.c
  releng/10.1/sys/conf/newvers.sh
  releng/8.4/UPDATING
  releng/8.4/crypto/openssl/crypto/bn/bn_print.c
  releng/8.4/crypto/openssl/crypto/cms/cms_smime.c
  releng/8.4/crypto/openssl/crypto/ec/ec2_smpl.c
  releng/8.4/crypto/openssl/crypto/ec/ec_check.c
  releng/8.4/crypto/openssl/crypto/ec/ec_key.c
  releng/8.4/crypto/openssl/crypto/ec/ec_lib.c
  releng/8.4/crypto/openssl/crypto/ec/ecp_smpl.c
  releng/8.4/crypto/openssl/crypto/ec/ectest.c
  releng/8.4/crypto/openssl/crypto/objects/obj_dat.c
  releng/8.4/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/8.4/crypto/openssl/crypto/x509/x509_vfy.c
  releng/8.4/crypto/openssl/ssl/d1_lib.c
  releng/8.4/crypto/openssl/ssl/s3_clnt.c
  releng/8.4/crypto/openssl/ssl/s3_srvr.c
  releng/8.4/crypto/openssl/ssl/ssl.h
  releng/8.4/crypto/openssl/ssl/ssl_err.c
  releng/8.4/crypto/openssl/ssl/ssl_locl.h
  releng/8.4/crypto/openssl/ssl/ssl_sess.c
  releng/8.4/sys/conf/newvers.sh
  releng/9.3/UPDATING
  releng/9.3/crypto/openssl/crypto/bn/bn_print.c
  releng/9.3/crypto/openssl/crypto/cms/cms_smime.c
  releng/9.3/crypto/openssl/crypto/ec/ec2_smpl.c
  releng/9.3/crypto/openssl/crypto/ec/ec_check.c
  releng/9.3/crypto/openssl/crypto/ec/ec_key.c
  releng/9.3/crypto/openssl/crypto/ec/ec_lib.c
  releng/9.3/crypto/openssl/crypto/ec/ecp_smpl.c
  releng/9.3/crypto/openssl/crypto/ec/ectest.c
  releng/9.3/crypto/openssl/crypto/objects/obj_dat.c
  releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/9.3/crypto/openssl/crypto/x509/x509_vfy.c
  releng/9.3/crypto/openssl/ssl/d1_lib.c
  releng/9.3/crypto/openssl/ssl/s3_clnt.c
  releng/9.3/crypto/openssl/ssl/s3_srvr.c
  releng/9.3/crypto/openssl/ssl/ssl.h
  releng/9.3/crypto/openssl/ssl/ssl_err.c
  releng/9.3/crypto/openssl/ssl/ssl_locl.h
  releng/9.3/crypto/openssl/ssl/ssl_sess.c
  releng/9.3/sys/conf/newvers.sh

Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/UPDATING	Fri Jun 12 07:23:55 2015	(r284295)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20150612:	p12	FreeBSD-SA-15:10.openssl
+	Fix multiple vulnerabilities in OpenSSL.  [SA-15:10]
+
 20150609:	p11	FreeBSD-EN-15:06.file
 			FreeBSD-EN-15:07.zfs
 

Modified: releng/10.1/crypto/openssl/apps/dhparam.c
==============================================================================
--- releng/10.1/crypto/openssl/apps/dhparam.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/apps/dhparam.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -130,7 +130,7 @@
 #undef PROG
 #define PROG	dhparam_main
 
-#define DEFBITS	512
+#define DEFBITS	2048
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
@@ -253,7 +253,7 @@ bad:
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," numbits       number of bits in to generate (default 2048)\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif

Modified: releng/10.1/crypto/openssl/apps/gendh.c
==============================================================================
--- releng/10.1/crypto/openssl/apps/gendh.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/apps/gendh.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -78,7 +78,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
-#define DEFBITS	512
+#define DEFBITS	2048
 #undef PROG
 #define PROG gendh_main
 

Modified: releng/10.1/crypto/openssl/apps/s_server.c
==============================================================================
--- releng/10.1/crypto/openssl/apps/s_server.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/apps/s_server.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -214,7 +214,7 @@ static int generate_session_id(const SSL
 				unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
+static DH *get_dh2048(void);
 #endif
 
 #ifdef MONOLITH
@@ -222,29 +222,49 @@ static void s_server_init(void);
 #endif
 
 #ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-	0x47,0x74,0xE8,0x33,
-	};
-static unsigned char dh512_g[]={
+static unsigned char dh2048_p[] = {
+    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+    0xE9,0x32,0x0B,0x3B,
+};
+
+static unsigned char dh2048_g[] = {
 	0x02,
-	};
+};
 
-static DH *get_dh512(void)
-	{
-	DH *dh=NULL;
+DH *get_dh2048()
+{
+    DH *dh;
 
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		return(NULL);
-	return(dh);
+    if ((dh = DH_new()) == NULL)
+        return NULL;
+    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    if (dh->p == NULL || dh->g == NULL) {
+        DH_free(dh);
+        return NULL;
 	}
+    return dh;
+}
 #endif
 
 
@@ -1661,45 +1681,42 @@ bad:
 #endif 
 
 #ifndef OPENSSL_NO_DH
-	if (!no_dhe)
-		{
-		DH *dh=NULL;
+    if (!no_dhe) {
+        DH *dh = NULL;
 
 		if (dhfile)
 			dh = load_dh_param(dhfile);
 		else if (s_cert_file)
 			dh = load_dh_param(s_cert_file);
 
-		if (dh != NULL)
-			{
-			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+        if (dh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+            dh = get_dh2048();
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
 			}
-		else
-			{
-			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-			dh=get_dh512();
 			}
 		(void)BIO_flush(bio_s_out);
 
-		SSL_CTX_set_tmp_dh(ctx,dh);
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2)
-			{
-			if (!dhfile)
-				{ 
-				DH *dh2=load_dh_param(s_cert_file2);
-				if (dh2 != NULL)
-					{
-					BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+        SSL_CTX_set_tmp_dh(ctx, dh);
+# ifndef OPENSSL_NO_TLSEXT
+        if (ctx2) {
+            if (!dhfile) {
+                DH *dh2 = load_dh_param(s_cert_file2);
+                if (dh2 != NULL) {
+                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
 					(void)BIO_flush(bio_s_out);
 
 					DH_free(dh);
 					dh = dh2;
 					}
 				}
-			SSL_CTX_set_tmp_dh(ctx2,dh);
+            SSL_CTX_set_tmp_dh(ctx2, dh);
 			}
-#endif
+# endif
 		DH_free(dh);
 		}
 #endif

Modified: releng/10.1/crypto/openssl/crypto/bio/bio_lib.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bio/bio_lib.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/bio/bio_lib.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -543,8 +543,10 @@ BIO *BIO_dup_chain(BIO *in)
 
 		/* copy app data */
 		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-					&bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
 			goto err;
+        }
 
 		if (ret == NULL)
 			{
@@ -559,8 +561,8 @@ BIO *BIO_dup_chain(BIO *in)
 		}
 	return(ret);
 err:
-	if (ret != NULL)
-		BIO_free(ret);
+	BIO_free_all(ret);
+
 	return(NULL);	
 	}
 

Modified: releng/10.1/crypto/openssl/crypto/bn/bn_gf2m.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/bn_gf2m.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/bn/bn_gf2m.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -568,10 +568,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIG
 		}
 #else
 	{
-	int i,	ubits = BN_num_bits(u),
-		vbits = BN_num_bits(v),	/* v is copy of p */
-		top = p->top;
-	BN_ULONG *udp,*bdp,*vdp,*cdp;
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
+        BN_ULONG *udp, *bdp, *vdp, *cdp;
 
 	bn_wexpand(u,top);	udp = u->d;
 				for (i=u->top;i<top;i++) udp[i] = 0;
@@ -611,7 +612,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIG
 			ubits--;
 			}
 
-		if (ubits<=BN_BITS2 && udp[0]==1) break;
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }
 
 		if (ubits<vbits)
 			{

Modified: releng/10.1/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/bn_print.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/bn/bn_print.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
 	char *buf;
 	char *p;
 
-	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+	if (a->neg && BN_is_zero(a)) {
+	    /* "-0" == 3 bytes including NULL terminator */
+	    buf = OPENSSL_malloc(3);
+	} else {
+	    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+	}
 	if (buf == NULL)
 		{
 		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);

Modified: releng/10.1/crypto/openssl/crypto/buffer/buffer.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/buffer/buffer.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/buffer/buffer.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
 
 	if (a->data != NULL)
 		{
-		memset(a->data,0,(unsigned int)a->max);
+		OPENSSL_cleanse(a->data, a->max);
 		OPENSSL_free(a->data);
 		}
 	OPENSSL_free(a);

Modified: releng/10.1/crypto/openssl/crypto/cms/cms_smime.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/cms/cms_smime.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/cms/cms_smime.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *up
 			BIO_free(f);
 			f = tbio;
 			}
-		while (f != upto);
+		while (f && f != upto);
 		}
 	else
 		BIO_free_all(f);

Modified: releng/10.1/crypto/openssl/crypto/ec/ec2_oct.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ec2_oct.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ec2_oct.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -390,7 +390,8 @@ int ec_GF2m_simple_oct2point(const EC_GR
 		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
 		}
 	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+	/* test required by X9.62 */
+	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
 		{
 		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;

Modified: releng/10.1/crypto/openssl/crypto/ec/ec_check.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ec_check.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ec_check.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -88,7 +88,7 @@ int EC_GROUP_check(const EC_GROUP *group
 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
 		goto err;
 		}
-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
+	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0)
 		{
 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;

Modified: releng/10.1/crypto/openssl/crypto/ec/ec_key.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ec_key.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ec_key.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -326,7 +326,7 @@ int EC_KEY_check_key(const EC_KEY *eckey
 		goto err;
 
 	/* testing whether the pub_key is on the elliptic curve */
-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
+	if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0)
 		{
 		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;

Modified: releng/10.1/crypto/openssl/crypto/ec/ec_lib.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ec_lib.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ec_lib.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -972,7 +972,15 @@ int EC_POINT_is_at_infinity(const EC_GRO
 	}
 
 
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ *  1: The point is on the curve
+ *  0: The point is not on the curve
+ * -1: An error occurred
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx)
 	{
 	if (group->meth->is_on_curve == 0)
 		{

Modified: releng/10.1/crypto/openssl/crypto/ec/ecp_oct.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ecp_oct.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ecp_oct.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -416,7 +416,8 @@ int ec_GFp_simple_oct2point(const EC_GRO
 		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
 		}
 	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+	/* test required by X9.62 */
+	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
 		{
 		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;

Modified: releng/10.1/crypto/openssl/crypto/ec/ectest.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ectest.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/ec/ectest.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -343,7 +343,7 @@ static void prime_field_tests(void)
 
 	if (!BN_hex2bn(&x, "D")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, Q, ctx))
+	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
 		{
 		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
 		fprintf(stderr, "Point is not on curve: x = 0x");
@@ -439,7 +439,7 @@ static void prime_field_tests(void)
 	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
 	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
 	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
 
@@ -473,7 +473,7 @@ static void prime_field_tests(void)
 
 	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
 
@@ -507,7 +507,7 @@ static void prime_field_tests(void)
 
 	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
 
@@ -541,7 +541,7 @@ static void prime_field_tests(void)
 
 	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
 		"84F3B9CAC2FC632551")) ABORT;
 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -580,7 +580,7 @@ static void prime_field_tests(void)
 	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
 		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -624,7 +624,7 @@ static void prime_field_tests(void)
 		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
 		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
 		"C9B8899C47AEBB6FB71E91386409")) ABORT;
@@ -657,7 +657,7 @@ static void prime_field_tests(void)
 	if (!EC_POINT_copy(Q, P)) ABORT;
 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
 
 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
@@ -771,7 +771,7 @@ static void prime_field_tests(void)
 #define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
 	if (!BN_hex2bn(&x, _x)) ABORT; \
 	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
 	if (!BN_hex2bn(&z, _order)) ABORT; \
 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -789,7 +789,7 @@ static void prime_field_tests(void)
 	if (!BN_hex2bn(&x, _x)) ABORT; \
 	if (!BN_hex2bn(&y, _y)) ABORT; \
 	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
 	if (!BN_hex2bn(&z, _order)) ABORT; \
 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -894,7 +894,7 @@ static void char2_field_tests(void)
 	if (!BN_hex2bn(&y, "8")) ABORT;
 	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
 #endif
-	if (!EC_POINT_is_on_curve(group, Q, ctx))
+	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
 		{
 /* Change test based on whether binary point compression is enabled or not. */
 #ifdef OPENSSL_EC_BIN_PT_COMP
@@ -1133,7 +1133,7 @@ static void char2_field_tests(void)
 	if (!EC_POINT_copy(Q, P)) ABORT;
 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
 
 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;

Modified: releng/10.1/crypto/openssl/crypto/evp/e_aes.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/evp/e_aes.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/evp/e_aes.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -50,6 +50,7 @@
 
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_AES
+#include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
@@ -967,7 +968,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER
 		CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf,
 					EVP_GCM_TLS_TAG_LEN);
 		/* If tag mismatch wipe buffer */
-		if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
+		if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
 			{
 			OPENSSL_cleanse(out, len);
 			goto err;
@@ -1351,7 +1352,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
 			unsigned char tag[16];
 			if (CRYPTO_ccm128_tag(ccm, tag, cctx->M))
 				{
-				if (!memcmp(tag, ctx->buf, cctx->M))
+				if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
 					rv = len;
 				}
 			}

Modified: releng/10.1/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -54,6 +54,7 @@
 
 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
 
+#include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/rc4.h>
@@ -205,7 +206,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
 			MD5_Update(&key->md,mac,MD5_DIGEST_LENGTH);
 			MD5_Final(mac,&key->md);
 
-			if (memcmp(out+plen,mac,MD5_DIGEST_LENGTH))
+			if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
 				return 0;
 		} else {
 			MD5_Update(&key->md,out+md5_off,len-md5_off);

Modified: releng/10.1/crypto/openssl/crypto/evp/evp.h
==============================================================================
--- releng/10.1/crypto/openssl/crypto/evp/evp.h	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/evp/evp.h	Fri Jun 12 07:23:55 2015	(r284295)
@@ -103,7 +103,6 @@
 #define EVP_PKS_RSA	0x0100
 #define EVP_PKS_DSA	0x0200
 #define EVP_PKS_EC	0x0400
-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
 
 #define EVP_PKEY_NONE	NID_undef
 #define EVP_PKEY_RSA	NID_rsaEncryption

Modified: releng/10.1/crypto/openssl/crypto/hmac/hmac.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/hmac/hmac.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/hmac/hmac.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -240,6 +240,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
 	HMAC_CTX_cleanup(&c);
 	return md;
 	err:
+    HMAC_CTX_cleanup(&c);
 	return NULL;
 	}
 

Modified: releng/10.1/crypto/openssl/crypto/modes/gcm128.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/modes/gcm128.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/modes/gcm128.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -1525,7 +1525,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT 
 	ctx->Xi.u[1] ^= ctx->EK0.u[1];
 
 	if (tag && len<=sizeof(ctx->Xi))
-		return memcmp(ctx->Xi.c,tag,len);
+		return CRYPTO_memcmp(ctx->Xi.c, tag, len);
 	else
 		return -1;
 }

Modified: releng/10.1/crypto/openssl/crypto/objects/obj_dat.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/objects/obj_dat.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/objects/obj_dat.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -405,6 +405,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
 	if (a->nid != 0)
 		return(a->nid);
 
+	if (a->length == 0)
+		return NID_undef;
+
 	if (added != NULL)
 		{
 		ad.type=ADDED_DATA;

Modified: releng/10.1/crypto/openssl/crypto/pkcs12/p12_mutl.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/pkcs12/p12_mutl.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/pkcs12/p12_mutl.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -59,6 +59,7 @@
 #ifndef OPENSSL_NO_HMAC
 #include <stdio.h>
 #include "cryptlib.h"
+#include <openssl/crypto.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/pkcs12.h>
@@ -123,7 +124,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const
 		return 0;
 	}
 	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
+        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+		return 0;
 	return 1;
 }
 

Modified: releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -504,6 +504,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 	        goto err;
 		}
 
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
 	/* We will be checking the signature */
 	if (md_sk != NULL)
 		{
@@ -660,7 +666,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 		}
 
 #if 1
-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
+	if (in_bio != NULL)
 		{
 		bio=in_bio;
 		}

Modified: releng/10.1/crypto/openssl/crypto/x509/x509_vfy.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/x509/x509_vfy.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/x509/x509_vfy.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -1679,83 +1679,121 @@ int X509_cmp_current_time(const ASN1_TIM
 }
 
 int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
-	{
+{
 	char *str;
 	ASN1_TIME atm;
 	long offset;
-	char buff1[24],buff2[24],*p;
-	int i,j;
-
-	p=buff1;
-	i=ctm->length;
-	str=(char *)ctm->data;
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		if ((i < 11) || (i > 17)) return 0;
-		memcpy(p,str,10);
-		p+=10;
-		str+=10;
-		}
-	else
-		{
-		if (i < 13) return 0;
-		memcpy(p,str,12);
-		p+=12;
-		str+=12;
-		}
+    char buff1[24], buff2[24], *p;
+    int i, j, remaining;
 
-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
-		{ *(p++)='0'; *(p++)='0'; }
-	else
-		{ 
-		*(p++)= *(str++);
-		*(p++)= *(str++);
-		/* Skip any fractional seconds... */
-		if (*str == '.')
-			{
+    p = buff1;
+    remaining = ctm->length;
+    str = (char *)ctm->data;
+    /*
+     * Note that the following (historical) code allows much more slack in the
+     * time format than RFC5280. In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     */
+    if (ctm->type == V_ASN1_UTCTIME) {
+        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+        int min_length = sizeof("YYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 10);
+        p += 10;
+        str += 10;
+        remaining -= 10;
+    } else {
+        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 12);
+        p += 12;
+        str += 12;
+        remaining -= 12;
+		}
+
+    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
+        *(p++) = '0';
+        *(p++) = '0';
+    } else {
+        /* SS (seconds) */
+        if (remaining < 2)
+            return 0;
+        *(p++) = *(str++);
+        *(p++) = *(str++);
+        remaining -= 2;
+        /*
+         * Skip any (up to three) fractional seconds...
+         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+         * Can we just kill them altogether?
+         */
+        if (remaining && *str == '.') {
 			str++;
-			while ((*str >= '0') && (*str <= '9')) str++;
+            remaining--;
+            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+                if (*str < '0' || *str > '9')
+                    break;
 			}
-		
 		}
-	*(p++)='Z';
-	*(p++)='\0';
 
-	if (*str == 'Z')
-		offset=0;
-	else
-		{
+    }
+    *(p++) = 'Z';
+    *(p++) = '\0';
+
+    /* We now need either a terminating 'Z' or an offset. */
+    if (!remaining)
+        return 0;
+    if (*str == 'Z') {
+        if (remaining != 1)
+            return 0;
+        offset = 0;
+    } else {
+        /* (+-)HHMM */
 		if ((*str != '+') && (*str != '-'))
 			return 0;
-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
-		offset+=(str[3]-'0')*10+(str[4]-'0');
+        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+        if (remaining != 5)
+            return 0;
+        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+            return 0;
+        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
+        offset += (str[3] - '0') * 10 + (str[4] - '0');
 		if (*str == '-')
-			offset= -offset;
+            offset = -offset;
 		}
-	atm.type=ctm->type;
+    atm.type = ctm->type;
 	atm.flags = 0;
-	atm.length=sizeof(buff2);
-	atm.data=(unsigned char *)buff2;
+    atm.length = sizeof(buff2);
+    atm.data = (unsigned char *)buff2;
 
-	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
+    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
 		return 0;
 
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		i=(buff1[0]-'0')*10+(buff1[1]-'0');
-		if (i < 50) i+=100; /* cf. RFC 2459 */
-		j=(buff2[0]-'0')*10+(buff2[1]-'0');
-		if (j < 50) j+=100;
-
-		if (i < j) return -1;
-		if (i > j) return 1;
+    if (ctm->type == V_ASN1_UTCTIME) {
+        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
+        if (i < 50)
+            i += 100;           /* cf. RFC 2459 */
+        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
+        if (j < 50)
+            j += 100;
+
+        if (i < j)
+            return -1;
+        if (i > j)
+            return 1;
 		}
-	i=strcmp(buff1,buff2);
+    i = strcmp(buff1, buff2);
 	if (i == 0) /* wait a second then return younger :-) */
 		return -1;
 	else
 		return i;
-	}
+}
 
 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 {

Modified: releng/10.1/crypto/openssl/crypto/x509/x509type.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/x509/x509type.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/crypto/x509/x509type.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -122,9 +122,6 @@ int X509_certificate_type(X509 *x, EVP_P
 			}
 		}
 
-	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
-					   for, not bytes */
-		ret|=EVP_PKT_EXP;
 	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);
 	}

Modified: releng/10.1/crypto/openssl/doc/apps/dhparam.pod
==============================================================================
--- releng/10.1/crypto/openssl/doc/apps/dhparam.pod	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/doc/apps/dhparam.pod	Fri Jun 12 07:23:55 2015	(r284295)
@@ -71,8 +71,10 @@ check if the parameters are valid primes
 
 =item B<-2>, B<-5>
 
-The generator to use, either 2 or 5. 2 is the default. If present then the
-input file is ignored and parameters are generated instead.
+The generator to use, either 2 or 5. If present then the
+input file is ignored and parameters are generated instead. If not
+present but B<numbits> is present, parameters are generated with the
+default generator 2.
 
 =item B<-rand> I<file(s)>
 
@@ -85,9 +87,10 @@ all others.
 =item I<numbits>
 
 this option specifies that a parameter set should be generated of size
-I<numbits>. It must be the last option. If not present then a value of 512
-is used. If this option is present then the input file is ignored and 
-parameters are generated instead.
+I<numbits>. It must be the last option. If this option is present then
+the input file is ignored and parameters are generated instead. If
+this option is not present but a generator (B<-2> or B<-5>) is
+present, parameters are generated with a default length of 2048 bits.
 
 =item B<-noout>
 

Modified: releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
==============================================================================
--- releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	Fri Jun 12 07:23:55 2015	(r284295)
@@ -61,12 +61,12 @@ negotiation is being saved.
 
 If "strong" primes were used to generate the DH parameters, it is not strictly
 necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured, that "strong" primes were used (see especially
-the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
-in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
-has an impact on the computer time needed during negotiation, but it is not
-very large, so application authors/users should consider to always enable
-this option.
+secrecy. If it is not assured that "strong" primes were used,
+SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
+attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
+computer time needed during negotiation, but it is not very large, so
+application authors/users should consider always enabling this option.
+The option is required to implement perfect forward secrecy (PFS).
 
 As generating DH parameters is extremely time consuming, an application
 should not generate the parameters on the fly but supply the parameters.
@@ -74,82 +74,62 @@ DH parameters can be reused, as the actu
 the negotiation. The risk in reusing DH parameters is that an attacker
 may specialize on a very often used DH group. Applications should therefore
 generate their own DH parameters during the installation process using the
-openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
-time needed for this generation, it is possible to use DSA parameters
-instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
-is mandatory.
+openssl L<dhparam(1)|dhparam(1)> application. This application
+guarantees that "strong" primes are used.
 
-Application authors may compile in DH parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
+Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
 version of the OpenSSL distribution contain the 'SKIP' DH parameters,
 which use safe primes and were generated verifiably pseudo-randomly.
 These files can be converted into C code using the B<-C> option of the
-L<dhparam(1)|dhparam(1)> application.
-Authors may also generate their own set of parameters using
-L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
-generated. The generation of DH parameters during installation is therefore
-recommended.
+L<dhparam(1)|dhparam(1)> application. Generation of custom DH
+parameters during installation should still be preferred to stop an
+attacker from specializing on a commonly used group. Files dh1024.pem
+and dh512.pem contain old parameters that must not be used by
+applications.
 
 An application may either directly specify the DH parameters or
-can supply the DH parameters via a callback function. The callback approach
-has the advantage, that the callback may supply DH parameters for different
-key lengths.
-
-The B<tmp_dh_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral DH key exchange is performed with an export cipher.
+can supply the DH parameters via a callback function.
+
+Previous versions of the callback used B<is_export> and B<keylength>
+parameters to control parameter generation for export and non-export
+cipher suites. Modern servers that do not support export ciphersuites
+are advised to either use SSL_CTX_set_tmp_dh() in combination with
+SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
+B<keylength> and B<is_export> and simply supply at least 2048-bit
+parameters in the callback.
 
 =head1 EXAMPLES
 
-Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
+Setup DH parameters with a key length of 2048 bits. (Error handling
 partly left out.)
 
- ...
- /* Set up ephemeral DH stuff */
- DH *dh_512 = NULL;
- DH *dh_1024 = NULL;
- FILE *paramfile;
+ Command-line parameter generation:
+ $ openssl dhparam -out dh_param_2048.pem 2048
 
+ Code for setting up parameters during server initialization:
+
+ ...
+ SSL_CTX ctx = SSL_CTX_new();
  ...
- /* "openssl dhparam -out dh_param_512.pem -2 512" */
- paramfile = fopen("dh_param_512.pem", "r");
+
+ /* Set up ephemeral DH parameters. */
+ DH *dh_2048 = NULL;
+ FILE *paramfile;
+ paramfile = fopen("dh_param_2048.pem", "r");
  if (paramfile) {
-   dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
    fclose(paramfile);
+ } else {
+   /* Error. */
  }
- /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
- paramfile = fopen("dh_param_1024.pem", "r");
- if (paramfile) {
-   dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
-   fclose(paramfile);
+ if (dh_2048 == NULL) {
+  /* Error. */
  }
- ...
-
- /* "openssl dhparam -C -2 512" etc... */
- DH *get_dh512() { ... }
- DH *get_dh1024() { ... }
-
- DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
- {
-    DH *dh_tmp=NULL;
-
-    switch (keylength) {
-    case 512:
-      if (!dh_512)
-        dh_512 = get_dh512();
-      dh_tmp = dh_512;
-      break;
-    case 1024:
-      if (!dh_1024)
-        dh_1024 = get_dh1024();
-      dh_tmp = dh_1024;
-      break;
-    default:
-      /* Generating a key on the fly is very costly, so use what is there */
-      setup_dh_parameters_like_above();
-    }
-    return(dh_tmp);
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+   /* Error. */
  }
+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+ ...
 
 =head1 RETURN VALUES
 

Modified: releng/10.1/crypto/openssl/ssl/d1_both.c
==============================================================================
--- releng/10.1/crypto/openssl/ssl/d1_both.c	Fri Jun 12 06:28:22 2015	(r284294)
+++ releng/10.1/crypto/openssl/ssl/d1_both.c	Fri Jun 12 07:23:55 2015	(r284295)
@@ -481,6 +481,12 @@ again:
 	else if ( i <= 0 && !*ok)
 		return i;
 
+    if (mt >= 0 && s->s3->tmp.message_type != mt) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
 	p = (unsigned char *)s->init_buf->data;
 	msg_len = msg_hdr->msg_len;
 
@@ -869,6 +875,20 @@ dtls1_get_message_fragment(SSL *s, int s
 	/* parse the message fragment header */
 	dtls1_get_message_header(wire, &msg_hdr);
 
+    len = msg_hdr.msg_len;
+    frag_off = msg_hdr.frag_off;
+    frag_len = msg_hdr.frag_len;
+
+    /*
+     * We must have at least frag_len bytes left in the record to be read.
+     * Fragments must not span records.
+     */
+    if (frag_len > s->s3->rrec.length) {
+        al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
 	/* 
 	 * if this is a future (or stale) message it gets buffered
 	 * (or dropped)--no further processing at this time
@@ -878,10 +898,6 @@ dtls1_get_message_fragment(SSL *s, int s
 	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
-	len = msg_hdr.msg_len;
-	frag_off = msg_hdr.frag_off;
-	frag_len = msg_hdr.frag_len;
-
 	if (frag_len && frag_len < len)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***