From owner-svn-src-user@FreeBSD.ORG  Thu Apr 17 19:31:11 2014
Return-Path: <owner-svn-src-user@FreeBSD.ORG>
Delivered-To: svn-src-user@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 86736648;
 Thu, 17 Apr 2014 19:31:11 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6F7DB190C;
 Thu, 17 Apr 2014 19:31:11 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3HJVBZk010236;
 Thu, 17 Apr 2014 19:31:11 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3HJV9Ua010227;
 Thu, 17 Apr 2014 19:31:09 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201404171931.s3HJV9Ua010227@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Thu, 17 Apr 2014 19:31:09 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
Subject: svn commit: r264622 - in user/cperciva/freebsd-update-build/patches:
 10.0-RELEASE 5.5-RELEASE 6.0-RELEASE 6.1-RELEASE 6.2-RELEASE 6.3-RELEASE
 6.4-RELEASE 7.0-RELEASE 7.1-RELEASE 7.2-RELEASE 7.3-REL...
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
 src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user/>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 19:31:11 -0000

Author: delphij
Date: Thu Apr 17 19:31:09 2014
New Revision: 264622
URL: http://svnweb.freebsd.org/changeset/base/264622

Log:
  Catch up with update server.

Added:
  user/cperciva/freebsd-update-build/patches/10.0-RELEASE/
  user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver
  user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/14-SA-07:05.libarchive
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:01.jail-correction
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:06.tcpdump
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:07.bind
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/16-SA-07:08.openssl
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/17-SA-07:09.random
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/17-SA-07:10.gtar
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/18-SA-08:01.pty
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/19-SA-08:03.sendfile
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/19-SA-08:04.ipsec
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/2-SA-06:17.sendmail
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/20-SA-08:05.openssh
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/3-SA-06:18.ppp
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/4-SA-06:19.openssl
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/4-SA-06:20.bind
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/5-SA-06:21.gzip
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/6-SA-06:23.openssl
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/7-SA-06:23.openssl-correction
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/8-SA-06:22.openssh
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/9-SA-06:25.kmem
  user/cperciva/freebsd-update-build/patches/5.5-RELEASE/9-SA-06:26.gtar
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/1-EN-05:04.nfs
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/10-SA-06:18.ppp
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/11-SA-06:19.openssl
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/11-SA-06:20.bind
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/12-SA-06:21.gzip
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/13-SA-06:23.openssl
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/14-SA-06:23.openssl-correction
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/15-SA-06:22.openssh
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/16-SA-06:25.kmem
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/17-SA-07:01.jail
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/18-EN-07:01.nfs
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:01.texindex
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:02.ee
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:03.cpio
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:04.ipfw
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/3-SA-06:05.80211
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/4-SA-06:06.kmem
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/4-SA-06:07.pf
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/5-SA-06:10.nfs
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:11.ipsec
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:12.opie
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:13.sendmail
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/7-SA-06:14.fpu
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/8-SA-06:15.ypserv
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/8-SA-06:16.smbfs
  user/cperciva/freebsd-update-build/patches/6.0-RELEASE/9-SA-06:17.sendmail
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/1-SA-06:15.ypserv
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/1-SA-06:16.smbfs
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/10-SA-06:22.openssh
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/11-SA-06:25.kmem
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/12-SA-07:01.jail
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/13-SA-07:02.bind
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/14-EN-07:01.nfs
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/15-EN-07:04.zoneinfo
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/16-SA-07:03.ipv6
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/17-SA-07:04.file
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/18-SA-07:05.libarchive
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/19-SA-07:06.tcpdump
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/19-SA-07:07.bind
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/2-SA-06:17.sendmail
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/20-SA-07:08.openssl
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/21-SA-07:09.random
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/22-SA-08:01.pty
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/23-SA-08:03.sendfile
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/24-SA-08:05.openssh
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/3-EN-06:01.jail
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/4-SA-06:18.ppp
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/5-EN-06:02.net
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/6-SA-06:19.openssl
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/6-SA-06:20.bind
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/7-SA-06:21.gzip
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/8-SA-06:23.openssl
  user/cperciva/freebsd-update-build/patches/6.1-RELEASE/9-SA-06:23.openssl-correction
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/1-SA-07:02.bind
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/10-SA-08:01.pty
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/10-SA-08:02.libc
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/11-SA-08:03.sendfile
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/12-SA-08:05.openssh
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/2-EN-07:02.net
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/2-EN-07:03.jail
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/3-EN-07:05.freebsd-update
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/4-SA-07:03.ipv6
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/5-SA-07:04.file
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/6-SA-07:05.libarchive
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/7-SA-07:06.tcpdump
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/7-SA-07:07.bind
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/8-SA-07:08.openssl
  user/cperciva/freebsd-update-build/patches/6.2-RELEASE/9-SA-07:09.random
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/1-SA-08:03.sendfile
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/10-SA-09:07.libc
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/10-SA-09:08.openssl
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:09.pipe
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:10.ipv6
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:11.ntpd
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/12-SA-09:12.bind
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-EN-09:05.null
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-SA-09:13.pipe
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-SA-09:14.devfs
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/14-SA-09:15.ssl
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/14-SA-09:17.freebsd-update
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/15-SA-10:01.bind
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/15-SA-10:02.ntpd
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/2-EN-08:01.libpthread
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/2-SA-08:05.openssh
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/3-SA-08:06.bind
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/4-SA-08:07.amd64
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/4-SA-08:09.icmp6
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/5-SA-08:10.nd6
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/6-SA-08:11.arc4random
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/7-SA-08:12.ftpd
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/7-SA-08:13.protosw
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/8-09:01.lukemftpd
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/8-09:02.openssl
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/9-09:03.ntpd
  user/cperciva/freebsd-update-build/patches/6.3-RELEASE/9-09:04.bind
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/1-SA-08:12.ftpd
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/1-SA-08:13.protosw
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/10-SA-10:05.opie
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/11-SA-10:08.bzip2
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/2-09:01.lukemftpd
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/2-09:02.openssl
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/3-09:03.ntpd
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/3-09:04.bind
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/4-SA-09:07.libc
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/4-SA-09:08.openssl
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:09.pipe
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:10.ipv6
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:11.ntpd
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/6-SA-09:12.bind
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-EN-09:05.null
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-SA-09:13.pipe
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-SA-09:14.devfs
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/8-SA-09:15.ssl
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/8-SA-09:17.freebsd-update
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/9-SA-10:01.bind
  user/cperciva/freebsd-update-build/patches/6.4-RELEASE/9-SA-10:02.ntpd
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/1-SA-08:05.openssh
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/10-SA-09:05.telnetd
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/11-EN-09:01.kenv
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/11-SA-09:06.ktimer
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/12-SA-09:07.libc
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/12-SA-09:08.openssl
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/2-EN-08:02.tcp
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/3-SA-08:03.bind
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:07.amd64
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:08.nmount
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:09.icmp6
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/5-SA-08:10.nd6
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/6-SA-08:11.arc4random
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/7-SA-08:12.ftpd
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/7-SA-08:13.protosw
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/8-09:01.lukemftpd
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/8-09:02.openssl
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/9-09:03.ntpd
  user/cperciva/freebsd-update-build/patches/7.0-RELEASE/9-09:04.bind
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/1-09:01.lukemftpd
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/1-09:02.openssl
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:01.bind
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:02.ntpd
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:03.zfs
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/11-EN-10:02.sched_ule
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/12-SA-10:05.opie
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/13-SA-10:07.mbuf
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/14-SA-10:08.bzip2
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/15-SA-10:09.pseudofs
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/16-SA-10:10.openssl
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/2-09:03.ntpd
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/2-09:04.bind
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/3-SA-09:05.telnetd
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/4-EN-09:01.kenv
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/4-SA-09:06.ktimer
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/5-SA-09:07.libc
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/5-SA-09:08.openssl
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:09.pipe
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:10.ipv6
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:11.ntpd
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/7-SA-09:12.bind
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/8-EN-09:05.null
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/8-SA-09:14.devfs
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:15.ssl
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:16.rtld
  user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:17.freebsd-update
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:09.pipe
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:10.ipv6
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:11.ntpd
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:02.bce
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:03.fxp
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:04.fork
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/3-SA-09:12.bind
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/4-EN-09:05.null
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/4-SA-09:14.devfs
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:15.ssl
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:16.rtld
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:17.freebsd-update
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:01.bind
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:02.ntpd
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:03.zfs
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/7-EN-10:02.sched_ule
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/8-SA-10:05.opie
  user/cperciva/freebsd-update-build/patches/7.2-RELEASE/8-SA-10:06.nfsclient
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/1-SA-10:05.opie
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/1-SA-10:06.nfsclient
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/10-EN-12:01.freebsd-update
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/2-SA-10:07.mbuf
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/3-SA-10:08.bzip2
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/4-SA-10:10.openssl
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/5-SA-11:01.mountd
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/6-SA-11:02.bind
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/7-SA-11:04.compress
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/7-SA-11:05.unix
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/8-SA-11:05.unix-fix
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:06.bind
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:07.chroot
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:08.telnetd
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:09.pam_ssh
  user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:10.pam
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/1-SA-11:01.mountd
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/10-SA-12:05.bind
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/11-SA-12:06.bind
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/11-SA-12:08.linux
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/12-SA-13:02.libc
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/2-SA-11:02.bind
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/3-SA-11:04.compress
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/3-SA-11:05.unix
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/4-SA-11:05.unix-fix
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:06.bind
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:07.chroot
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:08.telnetd
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:09.pam_ssh
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:10.pam
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/6-EN-12:01.freebsd-update
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/7-SA-12:01.openssl
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/8-SA-12:01.openssl-fix
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/8-SA-12:02.crypt
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/9-SA-12:03.bind
  user/cperciva/freebsd-update-build/patches/7.4-RELEASE/9-SA-12:04.sysret
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:15.ssl
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:16.rtld
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:17.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-mcinit
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-multicast
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-nfsreconnect
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-rename
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-sctp
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-zfsmac
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-zfsvaccess
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:01.bind
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:02.ntpd
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:03.zfs
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:04.jail
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:05.opie
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:06.nfsclient
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/4-SA-10:07.mbuf
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/5-SA-10:08.bzip2
  user/cperciva/freebsd-update-build/patches/8.0-RELEASE/6-SA-10:10.openssl
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/1-SA-10:08.bzip2
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/10-SA-12:01.openssl-fix
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/10-SA-12:02.crypt
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-EN-12:02.ipv6refcount
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-SA-12:03.bind
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-SA-12:04.sysret
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/13-SA-12:05.bind
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/2-SA-10:10.openssl
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/3-SA-11:01.mountd
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/4-SA-11:02.bind
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/5-SA-11:04.compress
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/5-SA-11:05.unix
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/6-SA-11:05.unix-fix
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:06.bind
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:07.chroot
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:08.telnetd
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:09.pam_ssh
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:10.pam
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/8-EN-12:01.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.1-RELEASE/9-SA-12:01.openssl
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/1-SA-11:01.mountd
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/10-SA-12:05.bind
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/2-SA-11:02.bind
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/3-SA-11:04.compress
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/3-SA-11:05.unix
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/4-SA-11:05.unix-fix
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:06.bind
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:07.chroot
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:08.telnetd
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:09.pam_ssh
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:10.pam
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/6-EN-12:01.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/7-SA-12:01.openssl
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/8-SA-12:01.openssl-fix
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/8-SA-12:02.crypt
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-EN-12:02.ipv6refcount
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-SA-12:03.bind
  user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-SA-12:04.sysret
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/1-SA-12:01.openssl
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/10-SA-13:09.ip_multicast
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/10-SA-13:10.sctp
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/11-SA-13:12.ifioctl
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/11-SA-13:13.nullfs
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/12-EN-13:04.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/13-EN-13:05.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-EN-14:01.random
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-EN-14:02.mmap
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:01.bsnmpd
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:02.ntpd
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:04.bind
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/15-SA-14:05.nfsserver
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/15-SA-14:06.openssl
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/2-SA-12:01.openssl-fix
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/2-SA-12:02.crypt
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-EN-12:02.ipv6refcount
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-SA-12:03.bind
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-SA-12:04.sysret
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/4-SA-12:05.bind
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:06.bind
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:07.hostapd
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:08.linux
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/6-SA-13:02.libc
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/7-SA-13:03.openssl
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/8-SA-13:05.nfsserver
  user/cperciva/freebsd-update-build/patches/8.3-RELEASE/9-SA-13:08.nfsserver
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/1-EN-13:01.fxp
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/1-EN-13:02.vtnet
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/2-SA-13:07.bind
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/3-SA-13:09.ip_multicast
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/3-SA-13:10.sctp
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/4-SA-13:12.ifioctl
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/4-SA-13:13.nullfs
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/5-EN-13:04.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/6-EN-13:05.freebsd-update
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-EN-14:01.random
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-EN-14:02.mmap
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:01.bsnmpd
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:02.ntpd
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:04.bind
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/8-SA-14:05.nfsserver
  user/cperciva/freebsd-update-build/patches/8.4-RELEASE/8-SA-14:06.openssl
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/1-SA-12:01.openssl
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/2-SA-12:01.openssl-fix
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/2-SA-12:02.crypt
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-EN-12:02.ipv6refcount
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-SA-12:03.bind
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-SA-12:04.sysret
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/4-SA-12:05.bind
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:06.bind
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:07.hostapd
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:08.linux
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/6-SA-13:01.bind
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/6-SA-13:02.libc
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/7-SA-13:03.openssl
  user/cperciva/freebsd-update-build/patches/9.0-RELEASE/7-SA-13:04.bind
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/1-SA-13:01.bind
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/1-SA-13:02.libc
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-EN-14:01.random
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-EN-14:02.mmap
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:01.bsnmpd
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:02.ntpd
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:04.bind
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/11-SA-14:05.nfsserver
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/11-SA-14:06.openssl
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/2-SA-13:03.openssl
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/2-SA-13:04.bind
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/3-SA-13:05.nfsserver
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/4-SA-13:06.mmap
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/5-SA-13:07.bind
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/5-SA-13:08.nfsserver
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-EN-13:03.mfi
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-SA-13:09.ip_multicast
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-SA-13:10.sctp
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/7-SA-13:12.ifioctl
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/7-SA-13:13.nullfs
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/8-EN-13:04.freebsd-update
  user/cperciva/freebsd-update-build/patches/9.1-RELEASE/9-EN-13:05.freebsd-update
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/1-EN-13:04.freebsd-update
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/2-EN-13:05.freebsd-update
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-EN-14:01.random
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-EN-14:02.mmap
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:01.bsnmpd
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:02.ntpd
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:04.bind
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/4-SA-14:05.nfsserver
  user/cperciva/freebsd-update-build/patches/9.2-RELEASE/4-SA-14:06.openssl

Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,70 @@
+Index: sys/fs/nfsserver/nfs_nfsdserv.c
+===================================================================
+--- sys/fs/nfsserver/nfs_nfsdserv.c	(revision 264251)
++++ sys/fs/nfsserver/nfs_nfsdserv.c	(working copy)
+@@ -1457,10 +1457,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ 		nfsvno_relpathbuf(&fromnd);
+ 		goto out;
+ 	}
++	/*
++	 * Unlock dp in this code section, so it is unlocked before
++	 * tdp gets locked. This avoids a potential LOR if tdp is the
++	 * parent directory of dp.
++	 */
+ 	if (nd->nd_flag & ND_NFSV4) {
+ 		tdp = todp;
+ 		tnes = *toexp;
+-		tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0);
++		if (dp != tdp) {
++			NFSVOPUNLOCK(dp, 0);
++			tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++			    p, 0);	/* Might lock tdp. */
++		} else {
++			tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++			    p, 1);
++			NFSVOPUNLOCK(dp, 0);
++		}
+ 	} else {
+ 		tfh.nfsrvfh_len = 0;
+ 		error = nfsrv_mtofh(nd, &tfh);
+@@ -1481,10 +1494,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ 			tnes = *exp;
+ 			tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
+ 			    p, 1);
++			NFSVOPUNLOCK(dp, 0);
+ 		} else {
++			NFSVOPUNLOCK(dp, 0);
+ 			nd->nd_cred->cr_uid = nd->nd_saveduid;
+ 			nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL,
+-			    0, p);
++			    0, p);	/* Locks tdp. */
+ 			if (tdp) {
+ 				tdirfor_ret = nfsvno_getattr(tdp, &tdirfor,
+ 				    nd->nd_cred, p, 1);
+@@ -1499,7 +1514,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ 		if (error) {
+ 			if (tdp)
+ 				vrele(tdp);
+-			vput(dp);
++			vrele(dp);
+ 			nfsvno_relpathbuf(&fromnd);
+ 			nfsvno_relpathbuf(&tond);
+ 			goto out;
+@@ -1514,7 +1529,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ 		}
+ 		if (tdp)
+ 			vrele(tdp);
+-		vput(dp);
++		vrele(dp);
+ 		nfsvno_relpathbuf(&fromnd);
+ 		nfsvno_relpathbuf(&tond);
+ 		goto out;
+@@ -1523,7 +1538,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ 	/*
+ 	 * Done parsing, now down to business.
+ 	 */
+-	nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp);
++	nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp);
+ 	if (nd->nd_repstat) {
+ 		if (nd->nd_flag & ND_NFSV3) {
+ 			nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret,

Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,241 @@
+Index: crypto/openssl/crypto/bn/bn.h
+===================================================================
+--- crypto/openssl/crypto/bn/bn.h	(revision 264251)
++++ crypto/openssl/crypto/bn/bn.h	(working copy)
+@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+ 
++void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
++
+ /* Deprecated versions */
+ #ifndef OPENSSL_NO_DEPRECATED
+ BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
+ 
+ #define bn_fix_top(a)		bn_check_top(a)
+ 
++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
++#define bn_wcheck_size(bn, words) \
++	do { \
++		const BIGNUM *_bnum2 = (bn); \
++		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
++	} while(0)
++
+ #else /* !BN_DEBUG */
+ 
+ #define bn_pollute(a)
+ #define bn_check_top(a)
+ #define bn_fix_top(a)		bn_correct_top(a)
++#define bn_check_size(bn, bits)
++#define bn_wcheck_size(bn, words)
+ 
+ #endif
+ 
+Index: crypto/openssl/crypto/bn/bn_lib.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_lib.c	(revision 264251)
++++ crypto/openssl/crypto/bn/bn_lib.c	(working copy)
+@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_
+ 		}
+ 	return bn_cmp_words(a,b,cl);
+ 	}
++
++/* 
++ * Constant-time conditional swap of a and b.  
++ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
++ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
++ * and that no more than nwords are used by either a or b.
++ * a and b cannot be the same number
++ */
++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
++	{
++	BN_ULONG t;
++	int i;
++
++	bn_wcheck_size(a, nwords);
++	bn_wcheck_size(b, nwords);
++
++	assert(a != b);
++	assert((condition & (condition - 1)) == 0);
++	assert(sizeof(BN_ULONG) >= sizeof(int));
++
++	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
++
++	t = (a->top^b->top) & condition;
++	a->top ^= t;
++	b->top ^= t;
++
++#define BN_CONSTTIME_SWAP(ind) \
++	do { \
++		t = (a->d[ind] ^ b->d[ind]) & condition; \
++		a->d[ind] ^= t; \
++		b->d[ind] ^= t; \
++	} while (0)
++
++
++	switch (nwords) {
++	default:
++		for (i = 10; i < nwords; i++) 
++			BN_CONSTTIME_SWAP(i);
++		/* Fallthrough */
++	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
++	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
++	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
++	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
++	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
++	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
++	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
++	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
++	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
++	case 1: BN_CONSTTIME_SWAP(0);
++	}
++#undef BN_CONSTTIME_SWAP
++}
+Index: crypto/openssl/crypto/ec/ec2_mult.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_mult.c	(revision 264251)
++++ crypto/openssl/crypto/ec/ec2_mult.c	(working copy)
+@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const B
+ 	return ret;
+ 	}
+ 
++
+ /* Computes scalar*point and stores the result in r.
+  * point can not equal r.
+- * Uses algorithm 2P of
++ * Uses a modified algorithm 2P of
+  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
++ *
++ * To protect against side-channel attack the function uses constant time swap,
++ * avoiding conditional branches.
+  */
+ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ 	const EC_POINT *point, BN_CTX *ctx)
+@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const
+ 	x2 = &r->X;
+ 	z2 = &r->Y;
+ 
++	bn_wexpand(x1, group->field.top);
++	bn_wexpand(z1, group->field.top);
++	bn_wexpand(x2, group->field.top);
++	bn_wexpand(z2, group->field.top);
++
+ 	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
+ 	if (!BN_one(z1)) goto err; /* z1 = 1 */
+ 	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
+@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const
+ 		word = scalar->d[i];
+ 		while (mask)
+ 			{
+-			if (word & mask)
+-				{
+-				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+-				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
+-				}
+-			else
+-				{
+-				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+-				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+-				}
++			BN_consttime_swap(word & mask, x1, x2, group->field.top);
++			BN_consttime_swap(word & mask, z1, z2, group->field.top);
++			if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
++			if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
++			BN_consttime_swap(word & mask, x1, x2, group->field.top);
++			BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ 			mask >>= 1;
+ 			}
+ 		mask = BN_TBIT;
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c	(revision 264251)
++++ crypto/openssl/ssl/d1_both.c	(working copy)
+@@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
++	if (s->msg_callback)
++		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
++			&s->s3->rrec.data[0], s->s3->rrec.length,
++			s, s->msg_callback_arg);
++
+ 	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
+ 	hbtype = *p++;
+ 	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
+ 	pl = p;
+ 
+-	if (s->msg_callback)
+-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+-			&s->s3->rrec.data[0], s->s3->rrec.length,
+-			s, s->msg_callback_arg);
+-
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
++		unsigned int write_length = 1 /* heartbeat type */ +
++					    2 /* heartbeat length */ +
++					    payload + padding;
+ 		int r;
+ 
++		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++			return 0;
++
+ 		/* Allocate memory for the response, size is 1 byte
+ 		 * message type, plus 2 bytes payload length, plus
+ 		 * payload, plus padding
+ 		 */
+-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++		buffer = OPENSSL_malloc(write_length);
+ 		bp = buffer;
+ 
+ 		/* Enter response type, length and copy payload */
+@@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s)
+ 		/* Random padding */
+ 		RAND_pseudo_bytes(bp, padding);
+ 
+-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+ 
+ 		if (r >= 0 && s->msg_callback)
+ 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+-				buffer, 3 + payload + padding,
++				buffer, write_length,
+ 				s, s->msg_callback_arg);
+ 
+ 		OPENSSL_free(buffer);
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c	(revision 264251)
++++ crypto/openssl/ssl/t1_lib.c	(working copy)
+@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
++	if (s->msg_callback)
++		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
++			&s->s3->rrec.data[0], s->s3->rrec.length,
++			s, s->msg_callback_arg);
++
+ 	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
+ 	hbtype = *p++;
+ 	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
+ 	pl = p;
+ 
+-	if (s->msg_callback)
+-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+-			&s->s3->rrec.data[0], s->s3->rrec.length,
+-			s, s->msg_callback_arg);
+-
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,84 @@
+Index: usr.sbin/ypserv/yp_access.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/ypserv/yp_access.c,v
+retrieving revision 1.22
+diff -u -I__FBSDID -r1.22 yp_access.c
+--- usr.sbin/ypserv/yp_access.c	3 May 2003 21:06:42 -0000	1.22
++++ usr.sbin/ypserv/yp_access.c	31 May 2006 03:41:25 -0000
+@@ -87,12 +87,6 @@
+ 	"ypproc_maplist"
+ };
+ 
+-#ifdef TCP_WRAPPER
+-void
+-load_securenets(void)
+-{
+-}
+-#else
+ struct securenet {
+ 	struct in_addr net;
+ 	struct in_addr mask;
+@@ -177,7 +171,6 @@
+ 	fclose(fp);
+ 
+ }
+-#endif
+ 
+ /*
+  * Access control functions.
+@@ -219,11 +212,12 @@
+ #endif
+ {
+ 	struct sockaddr_in *rqhost;
+-	int status = 0;
++	int status_securenets = 0;
++#ifdef TCP_WRAPPER
++	int status_tcpwrap;
++#endif
+ 	static unsigned long oldaddr = 0;
+-#ifndef TCP_WRAPPER
+ 	struct securenet *tmp;
+-#endif
+ 	const char *yp_procedure = NULL;
+ 	char procbuf[50];
+ 
+@@ -274,21 +268,34 @@
+ 	}
+ 
+ #ifdef TCP_WRAPPER
+-	status = hosts_ctl("ypserv", STRING_UNKNOWN,
++	status_tcpwrap = hosts_ctl("ypserv", STRING_UNKNOWN,
+ 			   inet_ntoa(rqhost->sin_addr), "");
+-#else
++#endif
+ 	tmp = securenets;
+ 	while (tmp) {
+ 		if (((rqhost->sin_addr.s_addr & ~tmp->mask.s_addr)
+ 		    | tmp->net.s_addr) == rqhost->sin_addr.s_addr) {
+-			status = 1;
++			status_securenets = 1;
+ 			break;
+ 		}
+ 		tmp = tmp->next;
+ 	}
+-#endif
+ 
+-	if (!status) {
++#ifdef TCP_WRAPPER
++	if (status_securenets == 0 || status_tcpwrap == 0) {
++#else
++	if (status_securenets == 0) {
++#endif
++	/*
++	 * One of the following two events occured:
++	 *
++	 * (1) The /var/yp/securenets exists and the remote host does not
++	 *     match any of the networks specified in it.
++	 * (2) The hosts.allow file has denied access and TCP_WRAPPER is
++	 *     defined.
++	 *
++	 * In either case deny access.
++	 */
+ 		if (rqhost->sin_addr.s_addr != oldaddr) {
+ 			yp_error("connect from %s:%d to procedure %s refused",
+ 					inet_ntoa(rqhost->sin_addr),

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,27 @@
+Index: sys/fs/smbfs/smbfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/smbfs/smbfs_vnops.c,v
+retrieving revision 1.61
+diff -u -I__FBSDID -r1.61 smbfs_vnops.c
+--- sys/fs/smbfs/smbfs_vnops.c	13 Apr 2005 10:59:08 -0000	1.61
++++ sys/fs/smbfs/smbfs_vnops.c	27 May 2006 10:18:33 -0000
+@@ -1018,11 +1018,18 @@
+ static int
+ smbfs_pathcheck(struct smbmount *smp, const char *name, int nmlen, int nameiop)
+ {
+-	static const char *badchars = "*/\\:<>;?";
++	static const char *badchars = "*/:<>;?";
+ 	static const char *badchars83 = " +|,[]=";
+ 	const char *cp;
+ 	int i, error;
+ 
++	/*
++	 * Backslash characters, being a path delimiter, are prohibited
++	 * within a path component even for LOOKUP operations.
++	 */
++	if (index(name, '\\') != NULL)
++		return ENOENT;
++
+ 	if (nameiop == LOOKUP)
+ 		return 0;
+ 	error = ENOENT;

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,211 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.15.2.5
+diff -u -d -r1.15.2.5 jail
+--- etc/rc.d/jail	3 Jul 2005 12:40:13 -0000	1.15.2.5
++++ etc/rc.d/jail	9 Jan 2007 21:58:12 -0000
+@@ -66,6 +66,8 @@
+ 	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
+ 	eval jail_flags=\"\$jail_${_j}_flags\"
+ 	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
++	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
++	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+ 
+ 	# Debugging aid
+ 	#
+@@ -84,6 +86,7 @@
+ 	debug "$_j exec start: $jail_exec_start"
+ 	debug "$_j exec stop: $jail_exec_stop"
+ 	debug "$_j flags: $jail_flags"
++	debug "$_j consolelog: $_consolelog"
+ }
+ 
+ # set_sysctl rc_knob mib msg
+@@ -113,6 +116,56 @@
+ 	fi
+ }
+ 
++# is_current_mountpoint()
++#	Is the directory mount point for a currently mounted file
++#	system?
++#
++is_current_mountpoint()
++{
++	local _dir _dir2
++
++	_dir=$1
++
++	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
++	[ ! -d "${_dir}" ] && return 1
++	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
++	[ "${_dir}" = "${_dir2}" ]
++	return $?
++}
++
++# is_symlinked_mountpoint()
++#	Is a mount point, or any of its parent directories, a symlink?
++#
++is_symlinked_mountpoint()
++{
++	local _dir
++
++	_dir=$1
++
++	[ -L "$_dir" ] && return 0
++	[ "$_dir" = "/" ] && return 1
++	is_symlinked_mountpoint `dirname $_dir`
++	return $?
++}
++
++# secure_umount
++#	Try to unmount a mount point without being vulnerable to
++#	symlink attacks.
++#
++secure_umount()
++{
++	local _dir
++
++	_dir=$1
++
++	if is_current_mountpoint ${_dir}; then
++		umount -f ${_dir} >/dev/null 2>&1
++	else
++		debug "Nothing mounted on ${_dir} - not unmounting"
++	fi
++}
++
++
+ # jail_umount_fs
+ #	This function unmounts certain special filesystems in the
+ #	currently selected jail. The caller must call the init_variables()
+@@ -120,27 +173,65 @@
+ #
+ jail_umount_fs()
+ {
++	local _device _mountpt _rest
++
+ 	if checkyesno jail_fdescfs; then
+ 		if [ -d "${jail_fdescdir}" ] ; then
+-			umount -f ${jail_fdescdir} >/dev/null 2>&1
++			secure_umount ${jail_fdescdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_devfs; then
+ 		if [ -d "${jail_devdir}" ] ; then
+-			umount -f ${jail_devdir} >/dev/null 2>&1
++			secure_umount ${jail_devdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_procfs; then
+ 		if [ -d "${jail_procdir}" ] ; then
+-			umount -f ${jail_procdir} >/dev/null 2>&1
++			secure_umount ${jail_procdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_mount; then
+ 		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
+-		umount -a -F "${jail_fstab}" >/dev/null 2>&1
++		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
++			case ":${_device}" in
++			:#* | :)
++				continue
++				;;
++			esac
++			secure_umount ${_mountpt}
++		done
+ 	fi
+ }
+ 
++# jail_mount_fstab()
++#	Mount file systems from a per jail fstab while trying to
++#	secure against symlink attacks at the mount points.
++#
++#	If we are certain we cannot secure against symlink attacks we
++#	do not mount all of the file systems (since we cannot just not
++#	mount the file system with the problematic mount point).
++#
++#	The caller must call the init_variables() routine before
++#	calling this one.
++#
++jail_mount_fstab()
++{
++	local _device _mountpt _rest
++
++	while read _device _mountpt _rest; do
++		case ":${_device}" in
++		:#* | :)
++			continue
++			;;
++		esac
++		if is_symlinked_mountpoint ${_mountpt}; then
++			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
++			return
++		fi
++	done <${_fstab}
++	mount -a -F "${jail_fstab}"
++}
++
+ jail_start()
+ {
+ 	echo -n 'Configuring jails:'
+@@ -163,9 +254,13 @@
+ 			if [ ! -f "${jail_fstab}" ]; then
+ 				err 3 "$name: ${jail_fstab} does not exist"
+ 			fi
+-			mount -a -F "${jail_fstab}"
++			jail_mount_fstab
+ 		fi
+ 		if checkyesno jail_devfs; then
++			if is_symlinked_mountpoint ${jail_devdir}; then
++				warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
++				continue
++			fi
+ 			info "Mounting devfs on ${jail_devdir}"
+ 			devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+ 
+@@ -186,13 +281,21 @@
+ 			#	cd "$__pwd"
+ 		fi
+ 		if checkyesno jail_fdescfs; then
+-			info "Mounting fdescfs on ${jail_fdescdir}"
+-			mount -t fdescfs fdesc "${jail_fdescdir}"
++ 			if is_symlinked_mountpoint ${jail_fdescdir}; then
++ 				warn "${jail_fdescdir} has symlink as parent, not mounting"
++ 			else
++				info "Mounting fdescfs on ${jail_fdescdir}"
++				mount -t fdescfs fdesc "${jail_fdescdir}"
++			fi
+ 		fi
+ 		if checkyesno jail_procfs; then
+-			info "Mounting procfs onto ${jail_procdir}"
+-			if [ -d "${jail_procdir}" ] ; then
+-				mount -t procfs proc "${jail_procdir}"
++			if is_symlinked_mountpoint ${jail_procdir}; then
++				warn "${jail_procdir} has symlink as parent, not mounting"
++			else
++				info "Mounting procfs onto ${jail_procdir}"
++				if [ -d "${jail_procdir}" ] ; then
++					mount -t procfs proc "${jail_procdir}"
++				fi
+ 			fi
+ 		fi
+ 		_tmp_jail=${_tmp_dir}/jail.$$
+@@ -200,7 +303,7 @@
+ 			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
+ 		[ "$?" -eq 0 ] && echo -n " $jail_hostname"
+ 		_jail_id=$(head -1 ${_tmp_jail})
+-		tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
++		tail +2 ${_tmp_jail} >${_consolelog}
+ 		rm -f ${_tmp_jail}
+ 		echo ${_jail_id} > /var/run/jail_${_jail}.id
+ 	done
+@@ -219,7 +322,7 @@
+ 				init_variables $_jail
+ 				if [ -n "${jail_exec_stop}" ]; then
+ 					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
+-						>> ${jail_rootdir}/var/log/console.log 2>&1
++						>> ${_consolelog} 2>&1
+ 				fi
+ 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ 				sleep 1

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,257 @@
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.2.2.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.2.2.1 resolver.c
+--- contrib/bind9/lib/dns/resolver.c	6 Sep 2006 21:19:20 -0000	1.1.1.2.2.2.2.1
++++ contrib/bind9/lib/dns/resolver.c	9 Feb 2007 07:24:35 -0000
+@@ -215,6 +215,11 @@
+ 	dns_name_t 			nsname; 
+ 	dns_fetch_t *			nsfetch;
+ 	dns_rdataset_t			nsrrset;
++
++	/*%
++	 * Number of queries that reference this context.
++	 */
++	unsigned int			nqueries;
+ };
+ 
+ #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
+@@ -348,6 +353,7 @@
+ 				      dns_rdataset_t *ardataset,
+ 				      isc_result_t *eresultp);
+ static void validated(isc_task_t *task, isc_event_t *event); 
++static void maybe_destroy(fetchctx_t *fctx);
+ 
+ static isc_result_t
+ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
+@@ -366,6 +372,9 @@
+ 	valarg->fctx = fctx;
+ 	valarg->addrinfo = addrinfo;
+ 
++	if (!ISC_LIST_EMPTY(fctx->validators))
++		INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
++
+ 	result = dns_validator_create(fctx->res->view, name, type, rdataset,
+ 				      sigrdataset, fctx->rmessage,
+ 				      valoptions, task, validated, valarg,
+@@ -513,6 +522,9 @@
+ 
+ 	INSIST(query->tcpsocket == NULL);
+ 
++	query->fctx->nqueries--;
++	if (SHUTTINGDOWN(query->fctx))
++		maybe_destroy(query->fctx);	/* Locks bucket. */
+ 	query->magic = 0;
+ 	isc_mem_put(query->mctx, query, sizeof(*query));
+ 	*queryp = NULL;
+@@ -971,6 +983,8 @@
+ 	if (result != ISC_R_SUCCESS)
+ 		return (result);
+ 
++	INSIST(ISC_LIST_EMPTY(fctx->validators));
++
+ 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
+ 
+ 	query = isc_mem_get(res->mctx, sizeof(*query));
+@@ -1084,6 +1098,7 @@
+ 	}
+ 
+ 	ISC_LIST_APPEND(fctx->queries, query, link);
++	query->fctx->nqueries++;
+ 
+ 	return (ISC_R_SUCCESS);
+ 
+@@ -1530,7 +1545,7 @@
+ 			want_done = ISC_TRUE;
+ 		}
+ 	} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
+-		   ISC_LIST_EMPTY(fctx->validators)) {
++		   fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
+ 		bucketnum = fctx->bucketnum;
+ 		LOCK(&res->buckets[bucketnum].lock);
+ 		/*
+@@ -2384,8 +2399,8 @@
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->finds));
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
+ 	REQUIRE(fctx->pending == 0);
+-	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 	REQUIRE(fctx->references == 0);
++	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 
+ 	FCTXTRACE("destroy");
+ 
+@@ -2559,7 +2574,7 @@
+ 	}
+ 
+ 	if (fctx->references == 0 && fctx->pending == 0 &&
+-	    ISC_LIST_EMPTY(fctx->validators))
++	    fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
+ 		bucket_empty = fctx_destroy(fctx);
+ 
+ 	UNLOCK(&res->buckets[bucketnum].lock);
+@@ -2600,6 +2615,7 @@
+ 		 * pending ADB finds and no pending validations.
+ 		 */
+ 		INSIST(fctx->pending == 0);
++		INSIST(fctx->nqueries == 0);
+ 		INSIST(ISC_LIST_EMPTY(fctx->validators));
+ 		if (fctx->references == 0) {
+ 			/*
+@@ -2761,6 +2777,7 @@
+ 	fctx->restarts = 0;
+ 	fctx->timeouts = 0;
+ 	fctx->attributes = 0;
++	fctx->nqueries = 0;
+ 
+ 	dns_name_init(&fctx->nsname, NULL);
+ 	fctx->nsfetch = NULL;
+@@ -3083,12 +3100,21 @@
+ 	unsigned int bucketnum;
+ 	isc_boolean_t bucket_empty = ISC_FALSE;
+ 	dns_resolver_t *res = fctx->res;
++	dns_validator_t *validator;
+ 
+ 	REQUIRE(SHUTTINGDOWN(fctx));
+ 
+-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
++	if (fctx->pending != 0 || fctx->nqueries != 0)
+ 		return;
+ 
++	for (validator = ISC_LIST_HEAD(fctx->validators);
++	     validator != NULL;
++	     validator = ISC_LIST_HEAD(fctx->validators)) {
++		ISC_LIST_UNLINK(fctx->validators, validator, link);
++		dns_validator_cancel(validator);
++		dns_validator_destroy(&validator);
++	}
++
+ 	bucketnum = fctx->bucketnum;
+ 	LOCK(&res->buckets[bucketnum].lock);
+ 	if (fctx->references == 0)
+@@ -3219,7 +3245,9 @@
+ 		result = vevent->result;
+ 		add_bad(fctx, &addrinfo->sockaddr, result);
+ 		isc_event_free(&event);
+-		if (sentresponse)
++		if (!ISC_LIST_EMPTY(fctx->validators))
++			dns_validator_send(ISC_LIST_HEAD(fctx->validators));
++		else if (sentresponse)
+ 			fctx_done(fctx, result);
+ 		else
+ 			fctx_try(fctx);
+@@ -3315,6 +3343,7 @@
+ 		 * more rdatasets that still need to
+ 		 * be validated.
+ 		 */
++		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+ 		goto cleanup_event;
+ 	}
+ 
+@@ -3623,6 +3652,13 @@
+ 							   rdataset,
+ 							   sigrdataset,
+ 							   valoptions, task);
++					/*
++					 * Defer any further validations.
++					 * This prevents multiple validators
++					 * from manipulating fctx->rmessage
++					 * simultaniously.
++					 */
++					valoptions |= DNS_VALIDATOR_DEFER;
+ 				}
+ 			} else if (CHAINING(rdataset)) {
+ 				if (rdataset->type == dns_rdatatype_cname)
+@@ -6346,7 +6382,8 @@
+ 		/*
+ 		 * No one cares about the result of this fetch anymore.
+ 		 */
+-		if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
++		if (fctx->pending == 0 && fctx->nqueries == 0 &&
++		    ISC_LIST_EMPTY(fctx->validators) &&
+ 		    SHUTTINGDOWN(fctx)) {
+ 			/*
+ 			 * This fctx is already shutdown; we were just
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
+retrieving revision 1.1.1.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.1 validator.c
+--- contrib/bind9/lib/dns/validator.c	14 Jan 2006 10:13:45 -0000	1.1.1.2.2.1
++++ contrib/bind9/lib/dns/validator.c	9 Feb 2007 07:24:37 -0000
+@@ -2632,7 +2632,8 @@
+ 	ISC_LINK_INIT(val, link);
+ 	val->magic = VALIDATOR_MAGIC;
+ 
+-	isc_task_send(task, ISC_EVENT_PTR(&event));
++	if ((options & DNS_VALIDATOR_DEFER) == 0)
++		isc_task_send(task, ISC_EVENT_PTR(&event));
+ 
+ 	*validatorp = val;
+ 
+@@ -2650,6 +2651,21 @@
+ }
+ 
+ void
++dns_validator_send(dns_validator_t *validator) {
++	isc_event_t *event;
++	REQUIRE(VALID_VALIDATOR(validator));
++
++	LOCK(&validator->lock);
++
++	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
++	event = (isc_event_t *)validator->event;
++	validator->options &= ~DNS_VALIDATOR_DEFER;
++	UNLOCK(&validator->lock);
++
++	isc_task_send(validator->task, ISC_EVENT_PTR(&event));
++}
++
++void
+ dns_validator_cancel(dns_validator_t *validator) {
+ 	REQUIRE(VALID_VALIDATOR(validator));
+ 
+@@ -2663,6 +2679,12 @@
+ 
+ 		if (validator->subvalidator != NULL)
+ 			dns_validator_cancel(validator->subvalidator);
++		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
++			isc_task_t *task = validator->event->ev_sender;
++			validator->options &= ~DNS_VALIDATOR_DEFER;
++			isc_event_free((isc_event_t **)&validator->event);
++			isc_task_detach(&task);
++		}
+ 	}
+ 	UNLOCK(&validator->lock);
+ }
+Index: contrib/bind9/lib/dns/include/dns/validator.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/validator.h,v
+retrieving revision 1.1.1.1.4.1
+diff -u -I__FBSDID -r1.1.1.1.4.1 validator.h
+--- contrib/bind9/lib/dns/include/dns/validator.h	14 Jan 2006 10:13:45 -0000	1.1.1.1.4.1
++++ contrib/bind9/lib/dns/include/dns/validator.h	9 Feb 2007 07:24:37 -0000
+@@ -129,6 +129,7 @@
+ };
+ 
+ #define DNS_VALIDATOR_DLV 1
++#define DNS_VALIDATOR_DEFER 2
+ 
+ ISC_LANG_BEGINDECLS
+ 
+@@ -173,6 +174,15 @@
+  */
+ 
+ void
++dns_validator_send(dns_validator_t *validator);
++/*%<
++ * Send a deferred validation request
++ *
++ * Requires:
++ *	'validator' to points to a valid DNSSEC validator.
++ */
++
++void
+ dns_validator_cancel(dns_validator_t *validator);
+ /*
+  * Cancel a DNSSEC validation in progress.

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,66 @@
+Index: sys/netinet6/in6.h
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v
+retrieving revision 1.36.2.7
+diff -u -r1.36.2.7 in6.h
+--- sys/netinet6/in6.h	20 Aug 2006 19:28:43 -0000	1.36.2.7
++++ sys/netinet6/in6.h	24 Apr 2007 03:11:29 -0000
+@@ -574,5 +574,6 @@
+ #define IPV6CTL_STEALTH		45
+-#define IPV6CTL_MAXID		46
++#define IPV6CTL_RTHDR0_ALLOWED  46
++#define IPV6CTL_MAXID		47
+ #endif /* __BSD_VISIBLE */
+ 
+ /*
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.32.2.5
+diff -u -r1.32.2.5 in6_proto.c
+--- sys/netinet6/in6_proto.c	16 Oct 2006 15:11:18 -0000	1.32.2.5
++++ sys/netinet6/in6_proto.c	24 Apr 2007 07:46:54 -0000
+@@ -376,6 +376,8 @@
+ #ifdef IPSTEALTH
+ int	ip6stealth = 0;
+ #endif
++int     ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */
++				/* by default. */
+ 
+ /* icmp6 */
+ /*
+@@ -519,6 +521,9 @@
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+ 	&ip6stealth, 0, "");
+ #endif
++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED, 
++	   rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, "");
++
+ 
+ /* net.inet6.icmp6 */
+ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
+Index: sys/netinet6/route6.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v
+retrieving revision 1.11.2.1
+diff -u -r1.11.2.1 route6.c
+--- sys/netinet6/route6.c	4 Nov 2005 20:26:15 -0000	1.11.2.1
++++ sys/netinet6/route6.c	24 Apr 2007 08:06:00 -0000
+@@ -49,6 +49,8 @@
+ 
+ #include <netinet/icmp6.h>
+ 
++extern int ip6_rthdr0_allowed;
++
+ static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *,
+     struct ip6_rthdr0 *));
+ 
+@@ -88,6 +90,8 @@
+ 
+ 	switch (rh->ip6r_type) {
+ 	case IPV6_RTHDR_TYPE_0:
++		if (!ip6_rthdr0_allowed)
++			return (IPPROTO_DONE);
+ 		rhlen = (rh->ip6r_len + 1) << 3;
+ #ifndef PULLDOWN_TEST
+ 		/*

Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file	Thu Apr 17 19:31:09 2014	(r264622)
@@ -0,0 +1,125 @@
+Index: contrib/file/file.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/file.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.7 file.h
+--- contrib/file/file.h	9 Aug 2004 08:45:39 -0000	1.1.1.7
++++ contrib/file/file.h	17 May 2007 17:05:04 -0000
+@@ -225,7 +225,7 @@
+ 	/* Accumulation buffer */
+ 	char *buf;
+ 	char *ptr;
+-	size_t len;
++	size_t left;
+ 	size_t size;
+ 	/* Printable buffer */
+ 	char *pbuf;
+Index: contrib/file/funcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/funcs.c,v
+retrieving revision 1.1.1.1

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***