From owner-svn-src-stable-7@FreeBSD.ORG  Thu May  3 15:25:12 2012
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C6B811065672;
	Thu,  3 May 2012 15:25:12 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id ACC978FC18;
	Thu,  3 May 2012 15:25:12 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q43FPC3V048763;
	Thu, 3 May 2012 15:25:12 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q43FPCZ9048751;
	Thu, 3 May 2012 15:25:12 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <201205031525.q43FPCZ9048751@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Thu, 3 May 2012 15:25:12 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r234954 - head/crypto/openssl/crypto
	head/crypto/openssl/crypto/asn1 head/crypto/openssl/crypto/buffer
	head/crypto/openssl/crypto/pkcs7
	head/crypto/openssl/crypto/x509v3 head/crypto/ope...
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 15:25:12 -0000

Author: bz
Date: Thu May  3 15:25:11 2012
New Revision: 234954
URL: http://svn.freebsd.org/changeset/base/234954

Log:
  Fix multiple OpenSSL vulnerabilities.
  
  Security:	CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
  Security:	CVE-2012-0884, CVE-2012-2110
  Security:	FreeBSD-SA-12:01.openssl
  Approved by:	so (bz,simon)

Modified:
  stable/7/crypto/openssl/crypto/asn1/a_d2i_fp.c
  stable/7/crypto/openssl/crypto/buffer/buffer.c
  stable/7/crypto/openssl/crypto/mem.c
  stable/7/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/7/crypto/openssl/crypto/x509v3/pcy_map.c
  stable/7/crypto/openssl/crypto/x509v3/pcy_tree.c
  stable/7/crypto/openssl/ssl/s3_enc.c
  stable/7/crypto/openssl/ssl/s3_srvr.c
  stable/7/crypto/openssl/ssl/ssl.h
  stable/7/crypto/openssl/ssl/ssl3.h
  stable/7/crypto/openssl/ssl/ssl_err.c

Changes in other areas also in this revision:
Modified:
  head/crypto/openssl/crypto/asn1/a_d2i_fp.c
  head/crypto/openssl/crypto/buffer/buffer.c
  head/crypto/openssl/crypto/mem.c
  head/crypto/openssl/crypto/pkcs7/pk7_doit.c
  head/crypto/openssl/crypto/x509v3/pcy_map.c
  head/crypto/openssl/crypto/x509v3/pcy_tree.c
  head/crypto/openssl/ssl/s3_enc.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/crypto/openssl/ssl/ssl.h
  head/crypto/openssl/ssl/ssl3.h
  head/crypto/openssl/ssl/ssl_err.c
  releng/7.4/UPDATING
  releng/7.4/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/7.4/crypto/openssl/crypto/buffer/buffer.c
  releng/7.4/crypto/openssl/crypto/mem.c
  releng/7.4/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/7.4/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/7.4/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/7.4/crypto/openssl/ssl/s3_enc.c
  releng/7.4/crypto/openssl/ssl/s3_srvr.c
  releng/7.4/crypto/openssl/ssl/ssl.h
  releng/7.4/crypto/openssl/ssl/ssl3.h
  releng/7.4/crypto/openssl/ssl/ssl_err.c
  releng/7.4/sys/conf/newvers.sh
  releng/8.1/UPDATING
  releng/8.1/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/8.1/crypto/openssl/crypto/buffer/buffer.c
  releng/8.1/crypto/openssl/crypto/mem.c
  releng/8.1/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/8.1/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/8.1/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/8.1/crypto/openssl/ssl/s3_enc.c
  releng/8.1/crypto/openssl/ssl/s3_srvr.c
  releng/8.1/crypto/openssl/ssl/ssl.h
  releng/8.1/crypto/openssl/ssl/ssl3.h
  releng/8.1/crypto/openssl/ssl/ssl_err.c
  releng/8.1/sys/conf/newvers.sh
  releng/8.2/UPDATING
  releng/8.2/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/8.2/crypto/openssl/crypto/buffer/buffer.c
  releng/8.2/crypto/openssl/crypto/mem.c
  releng/8.2/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/8.2/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/8.2/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/8.2/crypto/openssl/ssl/s3_enc.c
  releng/8.2/crypto/openssl/ssl/s3_srvr.c
  releng/8.2/crypto/openssl/ssl/ssl.h
  releng/8.2/crypto/openssl/ssl/ssl3.h
  releng/8.2/crypto/openssl/ssl/ssl_err.c
  releng/8.2/sys/conf/newvers.sh
  releng/8.3/UPDATING
  releng/8.3/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/8.3/crypto/openssl/crypto/buffer/buffer.c
  releng/8.3/crypto/openssl/crypto/mem.c
  releng/8.3/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/8.3/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/8.3/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/8.3/crypto/openssl/ssl/s3_enc.c
  releng/8.3/crypto/openssl/ssl/s3_srvr.c
  releng/8.3/crypto/openssl/ssl/ssl.h
  releng/8.3/crypto/openssl/ssl/ssl3.h
  releng/8.3/crypto/openssl/ssl/ssl_err.c
  releng/8.3/sys/conf/newvers.sh
  releng/9.0/UPDATING
  releng/9.0/crypto/openssl/crypto/asn1/a_d2i_fp.c
  releng/9.0/crypto/openssl/crypto/buffer/buffer.c
  releng/9.0/crypto/openssl/crypto/mem.c
  releng/9.0/crypto/openssl/crypto/pkcs7/pk7_doit.c
  releng/9.0/crypto/openssl/crypto/x509v3/pcy_map.c
  releng/9.0/crypto/openssl/crypto/x509v3/pcy_tree.c
  releng/9.0/crypto/openssl/ssl/s3_enc.c
  releng/9.0/crypto/openssl/ssl/s3_srvr.c
  releng/9.0/crypto/openssl/ssl/ssl.h
  releng/9.0/crypto/openssl/ssl/ssl3.h
  releng/9.0/crypto/openssl/ssl/ssl_err.c
  releng/9.0/sys/conf/newvers.sh
  stable/8/crypto/openssl/crypto/asn1/a_d2i_fp.c
  stable/8/crypto/openssl/crypto/buffer/buffer.c
  stable/8/crypto/openssl/crypto/mem.c
  stable/8/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/8/crypto/openssl/crypto/x509v3/pcy_map.c
  stable/8/crypto/openssl/crypto/x509v3/pcy_tree.c
  stable/8/crypto/openssl/ssl/s3_enc.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
  stable/8/crypto/openssl/ssl/ssl.h
  stable/8/crypto/openssl/ssl/ssl3.h
  stable/8/crypto/openssl/ssl/ssl_err.c
  stable/9/crypto/openssl/crypto/asn1/a_d2i_fp.c
  stable/9/crypto/openssl/crypto/buffer/buffer.c
  stable/9/crypto/openssl/crypto/mem.c
  stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/9/crypto/openssl/crypto/x509v3/pcy_map.c
  stable/9/crypto/openssl/crypto/x509v3/pcy_tree.c
  stable/9/crypto/openssl/ssl/s3_enc.c
  stable/9/crypto/openssl/ssl/s3_srvr.c
  stable/9/crypto/openssl/ssl/ssl.h
  stable/9/crypto/openssl/ssl/ssl3.h
  stable/9/crypto/openssl/ssl/ssl_err.c

Modified: stable/7/crypto/openssl/crypto/asn1/a_d2i_fp.c
==============================================================================
--- stable/7/crypto/openssl/crypto/asn1/a_d2i_fp.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/asn1/a_d2i_fp.c	Thu May  3 15:25:11 2012	(r234954)
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
@@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BU
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	int ret=-1;
 	ASN1_const_CTX c;
-	int want=HEADER_SIZE;
+	size_t want=HEADER_SIZE;
 	int eos=0;
-#if defined(__GNUC__) && defined(__ia64)
-	/* pathetic compiler bug in all known versions as of Nov. 2002 */
-	long off=0;
-#else
-	int off=0;
-#endif
-	int len=0;
+	size_t off=0;
+	size_t len=0;
 
 	b=BUF_MEM_new();
 	if (b == NULL)
@@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BU
 			{
 			want-=(len-off);
 
-			if (!BUF_MEM_grow_clean(b,len+want))
+			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
 				{
 				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BU
 				goto err;
 				}
 			if (i > 0)
+				{
+				if (len+i < len)
+					{
+					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+					goto err;
+					}
 				len+=i;
+				}
 			}
 		/* else data already loaded */
 
@@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BU
 			{
 			/* no data body so go round again */
 			eos++;
+			if (eos < 0)
+				{
+				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
+				goto err;
+				}
 			want=HEADER_SIZE;
 			}
 		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
@@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BU
 		else 
 			{
 			/* suck in c.slen bytes of data */
-			want=(int)c.slen;
+			want=c.slen;
 			if (want > (len-off))
 				{
 				want-=(len-off);
+				if (want > INT_MAX /* BIO_read takes an int length */ ||
+					len+want < len)
+						{
+						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+						goto err;
+						}
 				if (!BUF_MEM_grow_clean(b,len+want))
 					{
 					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
@@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BU
 						    ASN1_R_NOT_ENOUGH_DATA);
 						goto err;
 						}
+					/* This can't overflow because
+					 * |len+want| didn't overflow. */
 					len+=i;
-					want -= i;
+					want-=i;
 					}
 				}
-			off+=(int)c.slen;
+			if (off + c.slen < off)
+				{
+				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+				goto err;
+				}
+			off+=c.slen;
 			if (eos <= 0)
 				{
 				break;
@@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BU
 			}
 		}
 
+	if (off > INT_MAX)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+		goto err;
+		}
+
 	*pb = b;
 	return off;
 err:
 	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
+	return -1;
 	}

Modified: stable/7/crypto/openssl/crypto/buffer/buffer.c
==============================================================================
--- stable/7/crypto/openssl/crypto/buffer/buffer.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/buffer/buffer.c	Thu May  3 15:25:11 2012	(r234954)
@@ -60,6 +60,11 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
 BUF_MEM *BUF_MEM_new(void)
 	{
 	BUF_MEM *ret;
@@ -94,6 +99,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
 	char *ret;
 	unsigned int n;
 
+	if (len < 0)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
 	if (str->length >= len)
 		{
 		str->length=len;
@@ -105,6 +115,12 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
 		str->length=len;
 		return(len);
 		}
+	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+	if (len > LIMIT_BEFORE_EXPANSION)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
 	n=(len+3)/3*4;
 	if (str->data == NULL)
 		ret=OPENSSL_malloc(n);
@@ -130,6 +146,11 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int
 	char *ret;
 	unsigned int n;
 
+	if (len < 0)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
 	if (str->length >= len)
 		{
 		memset(&str->data[len],0,str->length-len);
@@ -142,6 +163,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int
 		str->length=len;
 		return(len);
 		}
+	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+	if (len > LIMIT_BEFORE_EXPANSION)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
 	n=(len+3)/3*4;
 	if (str->data == NULL)
 		ret=OPENSSL_malloc(n);

Modified: stable/7/crypto/openssl/crypto/mem.c
==============================================================================
--- stable/7/crypto/openssl/crypto/mem.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/mem.c	Thu May  3 15:25:11 2012	(r234954)
@@ -372,6 +372,10 @@ void *CRYPTO_realloc_clean(void *str, in
 
 	if (num <= 0) return NULL;
 
+	/* We don't support shrinking the buffer. Note the memcpy that copies
+	 * |old_len| bytes to the new buffer, below. */
+	if (num < old_len) return NULL;
+
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);
 	ret=malloc_ex_func(num,file,line);

Modified: stable/7/crypto/openssl/crypto/pkcs7/pk7_doit.c
==============================================================================
--- stable/7/crypto/openssl/crypto/pkcs7/pk7_doit.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/pkcs7/pk7_doit.c	Thu May  3 15:25:11 2012	(r234954)
@@ -420,6 +420,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 		int max;
 		X509_OBJECT ret;
 #endif
+		unsigned char *tkey = NULL;
+		int tkeylen;
 		int jj;
 
 		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
@@ -461,36 +463,42 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 
 		if (pcert == NULL)
 			{
+			/* Temporary storage in case EVP_PKEY_decrypt
+			 * overwrites output buffer on error.
+			 */
+			unsigned char *tmp2;
+			tmp2 = OPENSSL_malloc(jj);
+			if (!tmp2)
+				goto err;
+			jj = -1;
+			/* Always attempt to decrypt all cases to avoid
+			 * leaking timing information about a successful
+			 * decrypt.
+			 */
 			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
 				{
+				int tret;
 				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				jj=EVP_PKEY_decrypt(tmp,
+				tret=EVP_PKEY_decrypt(tmp2,
 					M_ASN1_STRING_data(ri->enc_key),
 					M_ASN1_STRING_length(ri->enc_key),
 						pkey);
-				if (jj > 0)
-					break;
+				if (tret > 0)
+					{
+					memcpy(tmp, tmp2, tret);
+					OPENSSL_cleanse(tmp2, tret);
+					jj = tret;
+					}
 				ERR_clear_error();
-				ri = NULL;
-				}
-			if (ri == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-				      PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
-				goto err;
 				}
+			OPENSSL_free(tmp2);
 			}
 		else
 			{
 			jj=EVP_PKEY_decrypt(tmp,
 				M_ASN1_STRING_data(ri->enc_key),
 				M_ASN1_STRING_length(ri->enc_key), pkey);
-			if (jj <= 0)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-								ERR_R_EVP_LIB);
-				goto err;
-				}
+			ERR_clear_error();
 			}
 
 		evp_ctx=NULL;
@@ -499,24 +507,49 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 			goto err;
 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
 			goto err;
+		/* Generate random key to counter MMA */
+		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+		tkey = OPENSSL_malloc(tkeylen);
+		if (!tkey)
+			goto err;
+		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+			goto err;
+		/* If we have no key use random key */
+		if (jj <= 0)
+			{
+			OPENSSL_free(tmp);
+			jj = tkeylen;
+			tmp = tkey;
+			tkey = NULL;
+			}
 
-		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+		if (jj != tkeylen) {
 			/* Some S/MIME clients don't use the same key
 			 * and effective key length. The key length is
 			 * determined by the size of the decrypted RSA key.
 			 */
 			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
 				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-				goto err;
+				/* As MMA defence use random key instead */
+				OPENSSL_cleanse(tmp, jj);
+				OPENSSL_free(tmp);
+				jj = tkeylen;
+				tmp = tkey;
+				tkey = NULL;
 				}
 		} 
+		ERR_clear_error();
 		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
 			goto err;
 
 		OPENSSL_cleanse(tmp,jj);
 
+		if (tkey)
+			{
+			OPENSSL_cleanse(tkey, tkeylen);
+			OPENSSL_free(tkey);
+			}
+
 		if (out == NULL)
 			out=etmp;
 		else

Modified: stable/7/crypto/openssl/crypto/x509v3/pcy_map.c
==============================================================================
--- stable/7/crypto/openssl/crypto/x509v3/pcy_map.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/x509v3/pcy_map.c	Thu May  3 15:25:11 2012	(r234954)
@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF
 
 static void policy_map_free(X509_POLICY_REF *map)
 	{
-	if (map->subjectDomainPolicy)
-		ASN1_OBJECT_free(map->subjectDomainPolicy);
 	OPENSSL_free(map);
 	}
 
@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO
 	{
 	POLICY_MAPPING *map;
 	X509_POLICY_REF *ref = NULL;
+	ASN1_OBJECT *subjectDomainPolicyRef;
 	X509_POLICY_DATA *data;
 	X509_POLICY_CACHE *cache = x->policy_cache;
 	int i;
@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO
 		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
 						map->subjectDomainPolicy))
 			goto bad_mapping;
+                /* map->subjectDomainPolicy will be freed when
+                 * cache->data is freed. Set it to NULL to avoid double-free. */
+                subjectDomainPolicyRef = map->subjectDomainPolicy;
+                map->subjectDomainPolicy = NULL;
 		
 		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
 		if (!ref)
 			goto bad_mapping;
 
-		ref->subjectDomainPolicy = map->subjectDomainPolicy;
-		map->subjectDomainPolicy = NULL;
+		ref->subjectDomainPolicy = subjectDomainPolicyRef;
 		ref->data = data;
 
 		if (!sk_X509_POLICY_REF_push(cache->maps, ref))

Modified: stable/7/crypto/openssl/crypto/x509v3/pcy_tree.c
==============================================================================
--- stable/7/crypto/openssl/crypto/x509v3/pcy_tree.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/crypto/x509v3/pcy_tree.c	Thu May  3 15:25:11 2012	(r234954)
@@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE *
 		case 2:
 		return 1;
 
+                /* Some internal error */
+		case -1:
+		return -1;
+
 		/* Some internal error */
 		case 0:
 		return 0;
@@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE *
 	return 0;
 
 	}
-

Modified: stable/7/crypto/openssl/ssl/s3_enc.c
==============================================================================
--- stable/7/crypto/openssl/ssl/s3_enc.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/ssl/s3_enc.c	Thu May  3 15:25:11 2012	(r234954)
@@ -479,6 +479,9 @@ int ssl3_enc(SSL *s, int send)
 
 			/* we need to add 'i-1' padding bytes */
 			l+=i;
+			/* the last of these zero bytes will be overwritten
+			 * with the padding length. */
+			memset(&rec->input[rec->length], 0, i);
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}

Modified: stable/7/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/7/crypto/openssl/ssl/s3_srvr.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/ssl/s3_srvr.c	Thu May  3 15:25:11 2012	(r234954)
@@ -235,6 +235,7 @@ int ssl3_accept(SSL *s)
 				}
 
 			s->init_num=0;
+			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
 
 			if (s->state != SSL_ST_RENEGOTIATE)
 				{
@@ -697,6 +698,14 @@ int ssl3_check_client_hello(SSL *s)
 	int ok;
 	long n;
 
+	/* We only allow the client to restart the handshake once per
+	 * negotiation. */
+	if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+		return -1;
+		}
+
 	/* this function is called when we really expect a Certificate message,
 	 * so permit appropriate message length */
 	n=s->method->ssl_get_message(s,
@@ -725,6 +734,7 @@ int ssl3_check_client_hello(SSL *s)
 			s->s3->tmp.ecdh = NULL;
 			}
 #endif
+		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
 		return 2;
 		}
 	return 1;

Modified: stable/7/crypto/openssl/ssl/ssl.h
==============================================================================
--- stable/7/crypto/openssl/ssl/ssl.h	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/ssl/ssl.h	Thu May  3 15:25:11 2012	(r234954)
@@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CALLBACK_CTRL			 233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 292
 #define SSL_F_SSL3_CLIENT_HELLO				 131
 #define SSL_F_SSL3_CONNECT				 132
 #define SSL_F_SSL3_CTRL					 213
@@ -1974,6 +1975,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_TMP_RSA_KEY			 172
 #define SSL_R_MISSING_TMP_RSA_PKEY			 173
 #define SSL_R_MISSING_VERIFY_MESSAGE			 174
+#define SSL_R_MULTIPLE_SGC_RESTARTS			 325
 #define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
 #define SSL_R_NO_CERTIFICATES_RETURNED			 176
 #define SSL_R_NO_CERTIFICATE_ASSIGNED			 177

Modified: stable/7/crypto/openssl/ssl/ssl3.h
==============================================================================
--- stable/7/crypto/openssl/ssl/ssl3.h	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/ssl/ssl3.h	Thu May  3 15:25:11 2012	(r234954)
@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 typedef struct ssl3_state_st
 	{

Modified: stable/7/crypto/openssl/ssl/ssl_err.c
==============================================================================
--- stable/7/crypto/openssl/ssl/ssl_err.c	Thu May  3 13:08:11 2012	(r234953)
+++ stable/7/crypto/openssl/ssl/ssl_err.c	Thu May  3 15:25:11 2012	(r234954)
@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},
 {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),	"SSL3_CHECK_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
 {ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
@@ -375,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
 {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
+{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
 {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
 {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
 {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},

From owner-svn-src-stable-7@FreeBSD.ORG  Thu May  3 16:21:27 2012
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8C9A3106564A;
	Thu,  3 May 2012 16:21:27 +0000 (UTC)
	(envelope-from eadler@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 772F38FC1E;
	Thu,  3 May 2012 16:21:27 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q43GLR8T051423;
	Thu, 3 May 2012 16:21:27 GMT (envelope-from eadler@svn.freebsd.org)
Received: (from eadler@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q43GLRBM051421;
	Thu, 3 May 2012 16:21:27 GMT (envelope-from eadler@svn.freebsd.org)
Message-Id: <201205031621.q43GLRBM051421@svn.freebsd.org>
From: Eitan Adler <eadler@FreeBSD.org>
Date: Thu, 3 May 2012 16:21:27 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r234965 - stable/7/lib/libc/gen
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 16:21:27 -0000

Author: eadler
Date: Thu May  3 16:21:26 2012
New Revision: 234965
URL: http://svn.freebsd.org/changeset/base/234965

Log:
  MFC r234714, r234700:
  	Document the standardization status of err* and warn*
  
  PR:		docs/164939
  Approved by:	cperciva (implicit)

Modified:
  stable/7/lib/libc/gen/err.3
Directory Properties:
  stable/7/lib/libc/   (props changed)

Modified: stable/7/lib/libc/gen/err.3
==============================================================================
--- stable/7/lib/libc/gen/err.3	Thu May  3 16:20:50 2012	(r234964)
+++ stable/7/lib/libc/gen/err.3	Thu May  3 16:21:26 2012	(r234965)
@@ -28,7 +28,7 @@
 .\"	From: @(#)err.3	8.1 (Berkeley) 6/9/93
 .\" $FreeBSD$
 .\"
-.Dd March 6, 1999
+.Dd March 29, 2012
 .Dt ERR 3
 .Os
 .Sh NAME
@@ -211,6 +211,18 @@ if (error != 0)
 .Xr printf 3 ,
 .Xr strerror 3 ,
 .Xr sysexits 3
+.Sh STANDARDS
+The
+.Fn err
+and
+.Fn warn
+families of functions are
+.Bx
+extensions.
+As such they should not be used in truly portable code.
+Use
+.Fn strerror
+or similar functions instead.
 .Sh HISTORY
 The
 .Fn err

From owner-svn-src-stable-7@FreeBSD.ORG  Thu May  3 16:32:10 2012
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 464B3106567A;
	Thu,  3 May 2012 16:32:10 +0000 (UTC)
	(envelope-from eadler@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 2C0E58FC22;
	Thu,  3 May 2012 16:32:09 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q43GW9Aa051969;
	Thu, 3 May 2012 16:32:09 GMT (envelope-from eadler@svn.freebsd.org)
Received: (from eadler@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q43GW96h051966;
	Thu, 3 May 2012 16:32:09 GMT (envelope-from eadler@svn.freebsd.org)
Message-Id: <201205031632.q43GW96h051966@svn.freebsd.org>
From: Eitan Adler <eadler@FreeBSD.org>
Date: Thu, 3 May 2012 16:32:09 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r234968 - stable/7/lib/libc/sys
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 16:32:10 -0000

Author: eadler
Date: Thu May  3 16:32:09 2012
New Revision: 234968
URL: http://svn.freebsd.org/changeset/base/234968

Log:
  MFC r234131:
  	Return EBADF instead of EMFILE from dup2 when the second argument is
  	outside the range of valid file descriptors
  
  PR:		kern/164970
  Approved by:	cperciva (implicit)

Modified:
  stable/7/lib/libc/sys/dup.2
  stable/7/lib/libc/sys/fcntl.2
Directory Properties:
  stable/7/lib/libc/   (props changed)

Modified: stable/7/lib/libc/sys/dup.2
==============================================================================
--- stable/7/lib/libc/sys/dup.2	Thu May  3 16:31:44 2012	(r234967)
+++ stable/7/lib/libc/sys/dup.2	Thu May  3 16:32:09 2012	(r234968)
@@ -123,20 +123,27 @@ indicates the cause of the error.
 .Sh ERRORS
 The
 .Fn dup
-and
-.Fn dup2
-system calls fail if:
+system call fails if:
 .Bl -tag -width Er
 .It Bq Er EBADF
 The
 .Fa oldd
-or
-.Fa newd
 argument
 is not a valid active descriptor
 .It Bq Er EMFILE
 Too many descriptors are active.
 .El
+The
+.Fn dup2
+system call fails if:
+.Bl -tag -width Er
+.It Bq Er EBADF
+The
+.Fa oldd
+argument is not a valid active descriptor or the
+.Fa newd
+argument is negative or exceeds the maximum allowable descriptor number
+.El
 .Sh SEE ALSO
 .Xr accept 2 ,
 .Xr close 2 ,

Modified: stable/7/lib/libc/sys/fcntl.2
==============================================================================
--- stable/7/lib/libc/sys/fcntl.2	Thu May  3 16:31:44 2012	(r234967)
+++ stable/7/lib/libc/sys/fcntl.2	Thu May  3 16:32:09 2012	(r234968)
@@ -523,8 +523,6 @@ The argument
 .Fa cmd
 is
 .Dv F_DUPFD
-or
-.Dv F_DUP2FD
 and the maximum number of file descriptors permitted for the
 process are already in use,
 or no file descriptors greater than or equal to

From owner-svn-src-stable-7@FreeBSD.ORG  Thu May  3 19:56:51 2012
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 88C47106566C;
	Thu,  3 May 2012 19:56:51 +0000 (UTC)
	(envelope-from eadler@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 71DF98FC12;
	Thu,  3 May 2012 19:56:51 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q43JupsX060420;
	Thu, 3 May 2012 19:56:51 GMT (envelope-from eadler@svn.freebsd.org)
Received: (from eadler@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q43Jupqa060414;
	Thu, 3 May 2012 19:56:51 GMT (envelope-from eadler@svn.freebsd.org)
Message-Id: <201205031956.q43Jupqa060414@svn.freebsd.org>
From: Eitan Adler <eadler@FreeBSD.org>
Date: Thu, 3 May 2012 19:56:51 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r234980 - in stable/7: etc/mtree etc/root
	share/examples share/examples/csh share/skel
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 19:56:51 -0000

Author: eadler
Date: Thu May  3 19:56:50 2012
New Revision: 234980
URL: http://svn.freebsd.org/changeset/base/234980

Log:
  MFC r233429,r233435,r233437,r234077,r234133,r234135,r234159,r234823:
  	A variety of changes that make the default shell easier to use.
  
  Approved by:	cperciva (implicit)

Added:
  stable/7/share/examples/csh/
     - copied from r233429, head/share/examples/csh/
Modified:
  stable/7/etc/mtree/BSD.usr.dist
  stable/7/etc/root/dot.cshrc
  stable/7/share/examples/Makefile
  stable/7/share/examples/csh/dot.cshrc
  stable/7/share/skel/dot.cshrc
Directory Properties:
  stable/7/etc/   (props changed)
  stable/7/share/examples/   (props changed)
  stable/7/share/skel/   (props changed)

Modified: stable/7/etc/mtree/BSD.usr.dist
==============================================================================
--- stable/7/etc/mtree/BSD.usr.dist	Thu May  3 19:56:17 2012	(r234979)
+++ stable/7/etc/mtree/BSD.usr.dist	Thu May  3 19:56:50 2012	(r234980)
@@ -193,6 +193,8 @@
             ..
             bootforth
             ..
+	    csh
+	    	..
             cvs
                 contrib
                 ..

Modified: stable/7/etc/root/dot.cshrc
==============================================================================
--- stable/7/etc/root/dot.cshrc	Thu May  3 19:56:17 2012	(r234979)
+++ stable/7/etc/root/dot.cshrc	Thu May  3 19:56:50 2012	(r234980)
@@ -3,13 +3,14 @@
 # .cshrc - csh resource script, read at beginning of execution by each shell
 #
 # see also csh(1), environ(7).
+# more examples available at /usr/share/examples/csh/
 #
 
 alias h		history 25
 alias j		jobs -l
-alias la	ls -a
+alias la	ls -aF
 alias lf	ls -FA
-alias ll	ls -lA
+alias ll	ls -lAF
 
 # A righteous umask
 umask 22
@@ -17,19 +18,29 @@ umask 22
 set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)
 
 setenv	EDITOR	vi
-setenv	PAGER	more
+setenv	PAGER	less
 setenv	BLOCKSIZE	K
 
 if ($?prompt) then
 	# An interactive shell -- set some stuff up
-	set prompt = "`/bin/hostname -s`# "
+	if ($uid == 0) then
+		set user = root
+	endif
+	set prompt = "%n@%m:%/ %# "
+	set promptchars = "%#"
+
 	set filec
-	set history = 100
-	set savehist = 100
+	set history = 1000
+	set savehist = (1000 merge)
+	set autolist = ambiguous
+	# Use history to aid expansion
+	set autoexpand
+	set autorehash
 	set mail = (/var/mail/$USER)
 	if ( $?tcsh ) then
 		bindkey "^W" backward-delete-word
 		bindkey -k up history-search-backward
 		bindkey -k down history-search-forward
 	endif
+
 endif

Modified: stable/7/share/examples/Makefile
==============================================================================
--- stable/7/share/examples/Makefile	Thu May  3 19:56:17 2012	(r234979)
+++ stable/7/share/examples/Makefile	Thu May  3 19:56:50 2012	(r234980)
@@ -8,6 +8,7 @@ LDIRS=	BSD_daemon \
 	FreeBSD_version \
 	IPv6 \
 	bootforth \
+	csh \
 	cvsup \
 	diskless \
 	drivers \
@@ -52,6 +53,7 @@ XFILES=	BSD_daemon/FreeBSD.pfa \
 	bootforth/menu.4th \
 	bootforth/menuconf.4th \
 	bootforth/screen.4th \
+	csh/dot.cshrc \
 	cvsup/README \
 	cvsup/cvs-supfile \
 	cvsup/doc-supfile \

Modified: stable/7/share/examples/csh/dot.cshrc
==============================================================================
--- head/share/examples/csh/dot.cshrc	Sat Mar 24 18:43:18 2012	(r233429)
+++ stable/7/share/examples/csh/dot.cshrc	Thu May  3 19:56:50 2012	(r234980)
@@ -21,19 +21,20 @@ bindkey "^[[3~" delete-char-or-list-or-e
 # Make the Ins key work
 bindkey "\e[2~" overwrite-mode 
 
+# Aliases used for completions
+alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-name -r | cut -d . -f 1'
+alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-`uname -r | cut -d . -f 1`&& pkg_info -E \*'
+
 # Some common completions
 complete chown          'p/1/u/'
-complete man            'C/*/c/'
-complete service        'n/*/`service -l`/'
-complete service  	'c/-/(e l r v)/' 'p/1/`service -l`/' 'n/*/(start stop reload restart status rcvar onestart onestop)/'
+complete dd		'c/[io]f=/f/ n/*/"(if of ibs obs bs skip seek count)"/='
+complete kill		'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $1}'"'"'`/'
+complete killall	'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $5}'"'"'`/'
 complete kldunload	'n@*@`kldstat | awk \{sub\(\/\.ko\/,\"\",\$NF\)\;print\ \$NF\} | grep -v Name` @'
 complete make           'n@*@`make -pn | sed -n -E "/^[#_.\/[:blank:]]+/d; /=/d; s/[[:blank:]]*:.*//gp;"`@'
+complete man            'C/*/c/'
 complete pkg_delete     'c/-/(i v D n p d f G x X r)/' 'n@*@`ls /var/db/pkg`@'
-complete pkg_info       'c/-/(a b v p q Q c d D f g i I j k K r R m L s o G O x X e E l t V P)/' 'n@*@`\ls -1 /var/db/pkg | sed svar/db/pkg/%%`@"
-complete kill		'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $1}'"'"'`/'
-complete killall	'c/-/S/' 'c/%/j/' 'n/*/`ps -ax | awk '"'"'{print $5}'"'"'`/'
-alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-name -r | cut -d . -f 1A
-alias _PKGS_PkGs_PoRtS_ 'awk -F\| \{sub\(\"\/usr\/ports\/\"\,\"\"\,\$2\)\;print\ \$2\} /usr/ports/INDEX-`uname -r | cut -d . -f 1`&& pkg_info -E \*'
+complete pkg_info       'c/-/(a b v p q Q c d D f g i I j k K r R m L s o G O x X e E l t V P)/' 'n@*@`\ls -1 /var/db/pkg | sed s%/var/db/pkg/%%`@'
 complete portmaster   'c/--/(always-fetch check-depends check-port-dbdir clean-distfiles \
     clean-packages delete-build-only delete-packages force-config help \
     index index-first index-only list-origins local-packagedir no-confirm \
@@ -41,6 +42,8 @@ complete portmaster   'c/--/(always-fetc
     packages-local packages-only show-work update-if-newer version)/' \
     'c/-/(a b B C d D e f F g G h H i l L m n o p r R s t u v w x)/' \
     'n@*@`_PKGS_PkGs_PoRtS_`@'
+complete service  	'c/-/(e l r v)/' 'p/1/`service -l`/' 'n/*/(start stop reload restart status rcvar onestart onestop)/'
+complete sysctl 'n/*/`sysctl -Na`/'
 
 # Alternate prompts
 set prompt = '#'
@@ -56,5 +59,8 @@ set ellipsis
 alias ll	ls -lAhG
 alias ls	ls -G
 
+# Color on many system utilities
+setenv CLICOLOR 1
+
 # other autolist options
 set		autolist = TAB

Modified: stable/7/share/skel/dot.cshrc
==============================================================================
--- stable/7/share/skel/dot.cshrc	Thu May  3 19:56:17 2012	(r234979)
+++ stable/7/share/skel/dot.cshrc	Thu May  3 19:56:50 2012	(r234980)
@@ -3,13 +3,14 @@
 # .cshrc - csh resource script, read at beginning of execution by each shell
 #
 # see also csh(1), environ(7).
+# more examples available at /usr/share/examples/csh/
 #
 
 alias h		history 25
 alias j		jobs -l
-alias la	ls -a
+alias la	ls -aF
 alias lf	ls -FA
-alias ll	ls -lA
+alias ll	ls -lAF
 
 # A righteous umask
 umask 22
@@ -17,18 +18,29 @@ umask 22
 set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)
 
 setenv	EDITOR	vi
-setenv	PAGER	more
+setenv	PAGER	less
 setenv	BLOCKSIZE	K
 
 if ($?prompt) then
 	# An interactive shell -- set some stuff up
+	if ($uid == 0) then
+		set user = root
+	endif
+	set prompt = "%n@%m:%/ %# "
+	set promptchars = "%#"
+
 	set filec
-	set history = 100
-	set savehist = 100
+	set history = 1000
+	set savehist = (1000 merge)
+	set autolist = ambiguous
+	# Use history to aid expansion
+	set autoexpand
+	set autorehash
 	set mail = (/var/mail/$USER)
 	if ( $?tcsh ) then
 		bindkey "^W" backward-delete-word
 		bindkey -k up history-search-backward
 		bindkey -k down history-search-forward
 	endif
+
 endif

From owner-svn-src-stable-7@FreeBSD.ORG  Sat May  5 02:53:19 2012
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BCAAE106564A;
	Sat,  5 May 2012 02:53:19 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id A6D528FC0A;
	Sat,  5 May 2012 02:53:19 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q452rJex034358;
	Sat, 5 May 2012 02:53:19 GMT (envelope-from gjb@svn.freebsd.org)
Received: (from gjb@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q452rJmj034356;
	Sat, 5 May 2012 02:53:19 GMT (envelope-from gjb@svn.freebsd.org)
Message-Id: <201205050253.q452rJmj034356@svn.freebsd.org>
From: Glen Barber <gjb@FreeBSD.org>
Date: Sat, 5 May 2012 02:53:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r235049 - stable/7/usr.sbin/cron/crontab
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2012 02:53:19 -0000

Author: gjb (doc committer)
Date: Sat May  5 02:53:19 2012
New Revision: 235049
URL: http://svn.freebsd.org/changeset/base/235049

Log:
  MFC r234775:
  
  As cron(8) is started with '-s' by default, timezones that observe
  DST should not need to worry about scheduling jobs when the DST time
  changes.
  
  Rather than removing the BUGS section in crontab(5) regarding this,
  note that disabling '-s' may still cause jobs to be executed twice or
  not at all.
  
  PR:		166318

Modified:
  stable/7/usr.sbin/cron/crontab/crontab.5
Directory Properties:
  stable/7/usr.sbin/cron/crontab/   (props changed)

Modified: stable/7/usr.sbin/cron/crontab/crontab.5
==============================================================================
--- stable/7/usr.sbin/cron/crontab/crontab.5	Sat May  5 02:53:02 2012	(r235048)
+++ stable/7/usr.sbin/cron/crontab/crontab.5	Sat May  5 02:53:19 2012	(r235049)
@@ -17,7 +17,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2012
+.Dd April 28, 2012
 .Dt CRONTAB 5
 .Os
 .Sh NAME
@@ -296,10 +296,21 @@ are extensions.
 .An Paul Vixie Aq paul@vix.com
 .Sh BUGS
 If you are in one of the 70-odd countries that observe Daylight
-Savings Time, jobs scheduled during the rollback or advance will be
-affected.
+Savings Time, jobs scheduled during the rollback or advance may be
+affected if
+.Xr cron 8
+is not started with the
+.Fl s
+flag.
 In general, it is not a good idea to schedule jobs during
-this period.
+this period if
+.Xr cron 8
+is not started with the
+.Fl s
+flag, which is enabled by default.
+See
+.Xr cron 8
+for more details.
 .Pp
 For US timezones (except parts of AZ and HI) the time shift occurs at
 2AM local time.