From owner-svn-src-user@freebsd.org  Thu Jan  7 20:54:02 2016
Return-Path: <owner-svn-src-user@freebsd.org>
Delivered-To: svn-src-user@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95F3DA66DD8
 for <svn-src-user@mailman.ysv.freebsd.org>;
 Thu,  7 Jan 2016 20:54:02 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 61EDE1E60;
 Thu,  7 Jan 2016 20:54:02 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u07Ks1HX041439;
 Thu, 7 Jan 2016 20:54:01 GMT (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u07Ks0UD041422;
 Thu, 7 Jan 2016 20:54:00 GMT (envelope-from glebius@FreeBSD.org)
Message-Id: <201601072054.u07Ks0UD041422@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: glebius set sender to
 glebius@FreeBSD.org using -f
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Thu, 7 Jan 2016 20:54:00 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
Subject: svn commit: r293363 -
 user/cperciva/freebsd-update-build/patches/10.1-RELEASE
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
 src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user/>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2016 20:54:02 -0000

Author: glebius
Date: Thu Jan  7 20:53:59 2016
New Revision: 293363
URL: https://svnweb.freebsd.org/changeset/base/293363

Log:
  Add missing files for 10.1-RELEASE.

Added:
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/13-EN-15:08.sendmail
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:08.sendmail
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:09.xlocale
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:10.iconv
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/15-SA-15:13.tcp
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:14.tcp
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:15.bsdpatch
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:16.openssh
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:18.bsdpatch
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:19.routed
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/18-SA-15:20.expat
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:14.ixgbe
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:15.pkg
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:21.amd64
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:22.openssh
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/20-EN-15:18.pkg
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/21-SA-15:24.rpcbind
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/22-SA-15:24.rpcbind
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/23-SA-15:25.ntp
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/24-EN-15:19.ntp
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/24-EN-15:20.vm
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/24-EN-15:21.kqueue
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/25-SA-15:26.openssl

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/13-EN-15:08.sendmail
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/13-EN-15:08.sendmail	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,24 @@
+Index: contrib/sendmail/src/tls.c
+===================================================================
+--- contrib/sendmail/src/tls.c
++++ contrib/sendmail/src/tls.c
+@@ -650,7 +650,7 @@
+ 	**  1024	generate 1024 bit parameters
+ 	**  2048	generate 2048 bit parameters
+ 	**  /file/name	read parameters from /file/name
+-	**  default is: 1024 for server, 512 for client (OK? XXX)
++	**  default is: 1024
+ 	*/
+ 
+ 	if (bitset(TLS_I_TRY_DH, req))
+@@ -676,8 +676,8 @@
+ 		}
+ 		if (dhparam == NULL)
+ 		{
+-			dhparam = srv ? "1" : "5";
+-			req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
++			dhparam = "1";
++			req |= TLS_I_DH1024;
+ 		}
+ 		else if (*dhparam == '/')
+ 		{

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:08.sendmail
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:08.sendmail	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,13 @@
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+--- contrib/sendmail/src/sendmail.h	(revision 284940)
++++ contrib/sendmail/src/sendmail.h	(working copy)
+@@ -1935,7 +1935,7 @@ struct termescape
+ 
+ /* server requirements */
+ #define TLS_I_SRV	(TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
+-			 TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \
++			 TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \
+ 			 TLS_I_CACHE)
+ 
+ /* client requirements */

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:09.xlocale
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:09.xlocale	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,58 @@
+Index: lib/libc/locale/setrunelocale.c
+===================================================================
+--- lib/libc/locale/setrunelocale.c	(revision 284940)
++++ lib/libc/locale/setrunelocale.c	(working copy)
+@@ -202,6 +202,8 @@ __set_thread_rune_locale(locale_t loc)
+ 
+ 	if (loc == NULL) {
+ 		_ThreadRuneLocale = &_DefaultRuneLocale;
++	} else if (loc == LC_GLOBAL_LOCALE) {
++		_ThreadRuneLocale = 0;
+ 	} else {
+ 		_ThreadRuneLocale = XLOCALE_CTYPE(loc)->runes;
+ 	}
+Index: lib/libc/locale/xlocale.c
+===================================================================
+--- lib/libc/locale/xlocale.c	(revision 284940)
++++ lib/libc/locale/xlocale.c	(working copy)
+@@ -154,23 +154,24 @@ __get_locale(void)
+ static void
+ set_thread_locale(locale_t loc)
+ {
++	locale_t l = (loc == LC_GLOBAL_LOCALE) ? 0 : loc;
+ 
+ 	_once(&once_control, init_key);
+ 	
+-	if (NULL != loc) {
+-		xlocale_retain((struct xlocale_refcounted*)loc);
++	if (NULL != l) {
++		xlocale_retain((struct xlocale_refcounted*)l);
+ 	}
+ 	locale_t old = pthread_getspecific(locale_info_key);
+-	if ((NULL != old) && (loc != old)) {
++	if ((NULL != old) && (l != old)) {
+ 		xlocale_release((struct xlocale_refcounted*)old);
+ 	}
+ 	if (fake_tls) {
+-		thread_local_locale = loc;
++		thread_local_locale = l;
+ 	} else {
+-		pthread_setspecific(locale_info_key, loc);
++		pthread_setspecific(locale_info_key, l);
+ 	}
+ #ifndef __NO_TLS
+-	__thread_locale = loc;
++	__thread_locale = l;
+ 	__set_thread_rune_locale(loc);
+ #endif
+ }
+@@ -361,9 +362,6 @@ locale_t uselocale(locale_t loc)
+ {
+ 	locale_t old = get_thread_locale();
+ 	if (NULL != loc) {
+-		if (LC_GLOBAL_LOCALE == loc) {
+-			loc = NULL;
+-		}
+ 		set_thread_locale(loc);
+ 	}
+ 	return (old ? old : LC_GLOBAL_LOCALE);

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:10.iconv
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/14-EN-15:10.iconv	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,107 @@
+Index: lib/libiconv_modules/UTF7/citrus_utf7.c
+===================================================================
+--- lib/libiconv_modules/UTF7/citrus_utf7.c	(revision 284940)
++++ lib/libiconv_modules/UTF7/citrus_utf7.c	(working copy)
+@@ -62,8 +62,7 @@ typedef struct {
+ 	unsigned int
+ 		mode: 1,	/* whether base64 mode */
+ 		bits: 4,	/* need to hold 0 - 15 */
+-		cache: 22,	/* 22 = BASE64_BIT + UTF16_BIT */
+-		surrogate: 1;	/* whether surrogate pair or not */
++		cache: 22;	/* 22 = BASE64_BIT + UTF16_BIT */
+ 	int chlen;
+ 	char ch[4]; /* BASE64_IN, 3 * 6 = 18, most closed to UTF16_BIT */
+ } _UTF7State;
+@@ -154,12 +153,11 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+     uint16_t * __restrict u16, const char ** __restrict s, size_t n,
+     _UTF7State * __restrict psenc, size_t * __restrict nresult)
+ {
+-	_UTF7State sv;
+ 	const char *s0;
+ 	int done, i, len;
+ 
++	*nresult = 0;
+ 	s0 = *s;
+-	sv = *psenc;
+ 
+ 	for (i = 0, done = 0; done == 0; i++) {
+ 		if (i == psenc->chlen) {
+@@ -166,9 +164,6 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+ 			if (n-- < 1) {
+ 				*nresult = (size_t)-2;
+ 				*s = s0;
+-				sv.chlen = psenc->chlen;
+-				memcpy(sv.ch, psenc->ch, sizeof(sv.ch));
+-				*psenc = sv;
+ 				return (0);
+ 			}
+ 			psenc->ch[psenc->chlen++] = *s0++;
+@@ -257,34 +252,31 @@ _citrus_UTF7_mbrtowc_priv(_UTF7EncodingInfo * __re
+ 		*nresult = (size_t)_ENCODING_IS_STATE_DEPENDENT;
+ 		return (0);
+ 	}
+-	if (psenc->surrogate) {
+-		hi = (psenc->cache >> psenc->bits) & UTF16_MAX;
+-		if (hi < HISRG_MIN || hi > HISRG_MAX)
+-			return (EINVAL);
+-		siz = 0;
+-	} else {
+-		err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
+-		if (nr == (size_t)-1 || nr == (size_t)-2) {
+-			*nresult = nr;
+-			return (err);
+-		}
+-		if (err != 0)
+-			return (err);
+-		n -= nr;
+-		siz = nr;
+-		if (hi < HISRG_MIN || hi > HISRG_MAX) {
+-			u32 = (uint32_t)hi;
+-			goto done;
+-		}
+-		psenc->surrogate = 1;
++	err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
++	if (nr == (size_t)-1 || nr == (size_t)-2) {
++		*nresult = nr;
++		return (err);
+ 	}
++	if (err != 0)
++		return (err);
++	n -= nr;
++	siz = nr;
++	if (hi < HISRG_MIN || hi > HISRG_MAX) {
++		u32 = (uint32_t)hi;
++		goto done;
++	}
+ 	err = _citrus_UTF7_mbtoutf16(ei, &lo, s, n, psenc, &nr);
+ 	if (nr == (size_t)-1 || nr == (size_t)-2) {
++		psenc->chlen = 1; /* make get_state_desc return incomplete */
+ 		*nresult = nr;
+ 		return (err);
+ 	}
+ 	if (err != 0)
+ 		return (err);
++	if (lo < LOSRG_MIN || lo > LOSRG_MAX) {
++		*nresult = (size_t)-1;
++		return (EILSEQ);
++	}
+ 	hi -= HISRG_MIN;
+ 	lo -= LOSRG_MIN;
+ 	u32 = (hi << 10 | lo) + SRG_BASE;
+@@ -297,7 +289,6 @@ done:
+ 		_citrus_UTF7_init_state(ei, psenc);
+ 	} else {
+ 		*nresult = siz;
+-		psenc->surrogate = 0;
+ 	}
+ 	return (err);
+ }
+@@ -396,7 +387,7 @@ _citrus_UTF7_put_state_reset(_UTF7EncodingInfo * _
+ {
+ 	int bits, pos;
+ 
+-	if (psenc->chlen != 0 || psenc->bits > BASE64_BIT || psenc->surrogate)
++	if (psenc->chlen != 0 || psenc->bits > BASE64_BIT)
+ 		return (EINVAL);
+ 
+ 	if (psenc->mode) {

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/15-SA-15:13.tcp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/15-SA-15:13.tcp	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,31 @@
+Index: sys/netinet/tcp_output.c
+===================================================================
+--- sys/netinet/tcp_output.c	(revision 285435)
++++ sys/netinet/tcp_output.c	(working copy)
+@@ -400,7 +400,7 @@ after_sack_rexmit:
+ 		flags &= ~TH_FIN;
+ 	}
+ 
+-	if (len < 0) {
++	if (len <= 0) {
+ 		/*
+ 		 * If FIN has been sent but not acked,
+ 		 * but we haven't been called to retransmit,
+@@ -410,9 +410,16 @@ after_sack_rexmit:
+ 		 * to (closed) window, and set the persist timer
+ 		 * if it isn't already going.  If the window didn't
+ 		 * close completely, just wait for an ACK.
++		 *
++		 * We also do a general check here to ensure that
++		 * we will set the persist timer when we have data
++		 * to send, but a 0-byte window. This makes sure
++		 * the persist timer is set even if the packet
++		 * hits one of the "goto send" lines below.
+ 		 */
+ 		len = 0;
+-		if (sendwin == 0) {
++		if ((sendwin == 0) && (TCPS_HAVEESTABLISHED(tp->t_state)) &&
++			(off < (int) so->so_snd.sb_cc)) {
+ 			tcp_timer_activate(tp, TT_REXMT, 0);
+ 			tp->t_rxtshift = 0;
+ 			tp->snd_nxt = tp->snd_una;

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:14.tcp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:14.tcp	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,194 @@
+Index: sys/netinet/tcp_reass.c
+===================================================================
+--- sys/netinet/tcp_reass.c	(revision 285923)
++++ sys/netinet/tcp_reass.c	(working copy)
+@@ -79,25 +79,22 @@ static int tcp_reass_sysctl_qsize(SYSCTL_HANDLER_A
+ static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
+     "TCP Segment Reassembly Queue");
+ 
+-static VNET_DEFINE(int, tcp_reass_maxseg) = 0;
+-#define	V_tcp_reass_maxseg		VNET(tcp_reass_maxseg)
+-SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN,
+-    &VNET_NAME(tcp_reass_maxseg), 0,
++static int tcp_reass_maxseg = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN,
++    &tcp_reass_maxseg, 0,
+     "Global maximum number of TCP Segments in Reassembly Queue");
+ 
+-SYSCTL_VNET_PROC(_net_inet_tcp_reass, OID_AUTO, cursegments,
++SYSCTL_PROC(_net_inet_tcp_reass, OID_AUTO, cursegments,
+     (CTLTYPE_INT | CTLFLAG_RD), NULL, 0, &tcp_reass_sysctl_qsize, "I",
+     "Global number of TCP Segments currently in Reassembly Queue");
+ 
+-static VNET_DEFINE(int, tcp_reass_overflows) = 0;
+-#define	V_tcp_reass_overflows		VNET(tcp_reass_overflows)
+-SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, overflows,
++static int tcp_reass_overflows = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows,
+     CTLTYPE_INT | CTLFLAG_RD,
+-    &VNET_NAME(tcp_reass_overflows), 0,
++    &tcp_reass_overflows, 0,
+     "Global number of TCP Segment Reassembly Queue Overflows");
+ 
+-static VNET_DEFINE(uma_zone_t, tcp_reass_zone);
+-#define	V_tcp_reass_zone		VNET(tcp_reass_zone)
++static uma_zone_t tcp_reass_zone;
+ 
+ /* Initialize TCP reassembly queue */
+ static void
+@@ -105,37 +102,28 @@ tcp_reass_zone_change(void *tag)
+ {
+ 
+ 	/* Set the zone limit and read back the effective value. */
+-	V_tcp_reass_maxseg = nmbclusters / 16;
+-	V_tcp_reass_maxseg = uma_zone_set_max(V_tcp_reass_zone,
+-	    V_tcp_reass_maxseg);
++	tcp_reass_maxseg = nmbclusters / 16;
++	tcp_reass_maxseg = uma_zone_set_max(tcp_reass_zone,
++	    tcp_reass_maxseg);
+ }
+ 
+ void
+-tcp_reass_init(void)
++tcp_reass_global_init(void)
+ {
+ 
+-	V_tcp_reass_maxseg = nmbclusters / 16;
++	tcp_reass_maxseg = nmbclusters / 16;
+ 	TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
+-	    &V_tcp_reass_maxseg);
+-	V_tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent),
++	    &tcp_reass_maxseg);
++	tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent),
+ 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
+ 	/* Set the zone limit and read back the effective value. */
+-	V_tcp_reass_maxseg = uma_zone_set_max(V_tcp_reass_zone,
+-	    V_tcp_reass_maxseg);
++	tcp_reass_maxseg = uma_zone_set_max(tcp_reass_zone,
++	    tcp_reass_maxseg);
+ 	EVENTHANDLER_REGISTER(nmbclusters_change,
+ 	    tcp_reass_zone_change, NULL, EVENTHANDLER_PRI_ANY);
+ }
+ 
+-#ifdef VIMAGE
+ void
+-tcp_reass_destroy(void)
+-{
+-
+-	uma_zdestroy(V_tcp_reass_zone);
+-}
+-#endif
+-
+-void
+ tcp_reass_flush(struct tcpcb *tp)
+ {
+ 	struct tseg_qent *qe;
+@@ -145,7 +133,7 @@ tcp_reass_flush(struct tcpcb *tp)
+ 	while ((qe = LIST_FIRST(&tp->t_segq)) != NULL) {
+ 		LIST_REMOVE(qe, tqe_q);
+ 		m_freem(qe->tqe_m);
+-		uma_zfree(V_tcp_reass_zone, qe);
++		uma_zfree(tcp_reass_zone, qe);
+ 		tp->t_segqlen--;
+ 	}
+ 
+@@ -159,7 +147,7 @@ tcp_reass_sysctl_qsize(SYSCTL_HANDLER_ARGS)
+ {
+ 	int qsize;
+ 
+-	qsize = uma_zone_get_cur(V_tcp_reass_zone);
++	qsize = uma_zone_get_cur(tcp_reass_zone);
+ 	return (sysctl_handle_int(oidp, &qsize, 0, req));
+ }
+ 
+@@ -207,7 +195,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
+ 	 */
+ 	if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
+ 	    tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) {
+-		V_tcp_reass_overflows++;
++		tcp_reass_overflows++;
+ 		TCPSTAT_INC(tcps_rcvmemdrop);
+ 		m_freem(m);
+ 		*tlenp = 0;
+@@ -226,7 +214,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
+ 	 * Use a temporary structure on the stack for the missing segment
+ 	 * when the zone is exhausted. Otherwise we may get stuck.
+ 	 */
+-	te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT);
++	te = uma_zalloc(tcp_reass_zone, M_NOWAIT);
+ 	if (te == NULL) {
+ 		if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) {
+ 			TCPSTAT_INC(tcps_rcvmemdrop);
+@@ -277,7 +265,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
+ 				TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp);
+ 				m_freem(m);
+ 				if (te != &tqs)
+-					uma_zfree(V_tcp_reass_zone, te);
++					uma_zfree(tcp_reass_zone, te);
+ 				tp->t_segqlen--;
+ 				/*
+ 				 * Try to present any queued data
+@@ -314,7 +302,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
+ 		nq = LIST_NEXT(q, tqe_q);
+ 		LIST_REMOVE(q, tqe_q);
+ 		m_freem(q->tqe_m);
+-		uma_zfree(V_tcp_reass_zone, q);
++		uma_zfree(tcp_reass_zone, q);
+ 		tp->t_segqlen--;
+ 		q = nq;
+ 	}
+@@ -353,7 +341,7 @@ present:
+ 		else
+ 			sbappendstream_locked(&so->so_rcv, q->tqe_m);
+ 		if (q != &tqs)
+-			uma_zfree(V_tcp_reass_zone, q);
++			uma_zfree(tcp_reass_zone, q);
+ 		tp->t_segqlen--;
+ 		q = nq;
+ 	} while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+Index: sys/netinet/tcp_subr.c
+===================================================================
+--- sys/netinet/tcp_subr.c	(revision 285923)
++++ sys/netinet/tcp_subr.c	(working copy)
+@@ -375,7 +375,6 @@ tcp_init(void)
+ 	tcp_tw_init();
+ 	syncache_init();
+ 	tcp_hc_init();
+-	tcp_reass_init();
+ 
+ 	TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack);
+ 	V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole),
+@@ -385,6 +384,8 @@ tcp_init(void)
+ 	if (!IS_DEFAULT_VNET(curvnet))
+ 		return;
+ 
++	tcp_reass_global_init();
++
+ 	/* XXX virtualize those bellow? */
+ 	tcp_delacktime = TCPTV_DELACK;
+ 	tcp_keepinit = TCPTV_KEEP_INIT;
+@@ -432,7 +433,6 @@ void
+ tcp_destroy(void)
+ {
+ 
+-	tcp_reass_destroy();
+ 	tcp_hc_destroy();
+ 	syncache_destroy();
+ 	tcp_tw_destroy();
+Index: sys/netinet/tcp_var.h
+===================================================================
+--- sys/netinet/tcp_var.h	(revision 285923)
++++ sys/netinet/tcp_var.h	(working copy)
+@@ -666,11 +666,8 @@ char	*tcp_log_addrs(struct in_conninfo *, struct t
+ char	*tcp_log_vain(struct in_conninfo *, struct tcphdr *, void *,
+ 	    const void *);
+ int	 tcp_reass(struct tcpcb *, struct tcphdr *, int *, struct mbuf *);
+-void	 tcp_reass_init(void);
++void	 tcp_reass_global_init(void);
+ void	 tcp_reass_flush(struct tcpcb *);
+-#ifdef VIMAGE
+-void	 tcp_reass_destroy(void);
+-#endif
+ void	 tcp_input(struct mbuf *, int);
+ u_long	 tcp_maxmtu(struct in_conninfo *, struct tcp_ifcap *);
+ u_long	 tcp_maxmtu6(struct in_conninfo *, struct tcp_ifcap *);

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:15.bsdpatch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:15.bsdpatch	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,188 @@
+Index: usr.bin/patch/common.h
+===================================================================
+--- usr.bin/patch/common.h	(revision 285926)
++++ usr.bin/patch/common.h	(working copy)
+@@ -43,12 +43,10 @@
+ #define	LINENUM_MAX LONG_MAX
+ 
+ #define	SCCSPREFIX "s."
+-#define	GET "get -e %s"
+-#define	SCCSDIFF "get -p %s | diff - %s >/dev/null"
+ 
+ #define	RCSSUFFIX ",v"
+-#define	CHECKOUT "co -l %s"
+-#define	RCSDIFF "rcsdiff %s > /dev/null"
++#define	CHECKOUT "/usr/bin/co"
++#define	RCSDIFF "/usr/bin/rcsdiff"
+ 
+ #define	ORIGEXT ".orig"
+ #define	REJEXT ".rej"
+Index: usr.bin/patch/inp.c
+===================================================================
+--- usr.bin/patch/inp.c	(revision 285926)
++++ usr.bin/patch/inp.c	(working copy)
+@@ -31,8 +31,10 @@
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ #include <sys/mman.h>
++#include <sys/wait.h>
+ 
+ #include <ctype.h>
++#include <errno.h>
+ #include <libgen.h>
+ #include <stddef.h>
+ #include <stdint.h>
+@@ -133,12 +135,14 @@ reallocate_lines(size_t *lines_allocated)
+ static bool
+ plan_a(const char *filename)
+ {
+-	int		ifd, statfailed;
++	int		ifd, statfailed, devnull, pstat;
+ 	char		*p, *s, lbuf[INITLINELEN];
+ 	struct stat	filestat;
+ 	ptrdiff_t	sz;
+ 	size_t		i;
+ 	size_t		iline, lines_allocated;
++	pid_t		pid;
++	char		*argp[4] = {NULL};
+ 
+ #ifdef DEBUGGING
+ 	if (debug & 8)
+@@ -166,13 +170,14 @@ plan_a(const char *filename)
+ 	}
+ 	if (statfailed && check_only)
+ 		fatal("%s not found, -C mode, can't probe further\n", filename);
+-	/* For nonexistent or read-only files, look for RCS or SCCS versions.  */
++	/* For nonexistent or read-only files, look for RCS versions.  */
++
+ 	if (statfailed ||
+ 	    /* No one can write to it.  */
+ 	    (filestat.st_mode & 0222) == 0 ||
+ 	    /* I can't write to it.  */
+ 	    ((filestat.st_mode & 0022) == 0 && filestat.st_uid != getuid())) {
+-		const char	*cs = NULL, *filebase, *filedir;
++		char	*filebase, *filedir;
+ 		struct stat	cstat;
+ 		char *tmp_filename1, *tmp_filename2;
+ 
+@@ -180,43 +185,26 @@ plan_a(const char *filename)
+ 		tmp_filename2 = strdup(filename);
+ 		if (tmp_filename1 == NULL || tmp_filename2 == NULL)
+ 			fatal("strdupping filename");
++
+ 		filebase = basename(tmp_filename1);
+ 		filedir = dirname(tmp_filename2);
+ 
+-		/* Leave room in lbuf for the diff command.  */
+-		s = lbuf + 20;
+-
+ #define try(f, a1, a2, a3) \
+-	(snprintf(s, buf_size - 20, f, a1, a2, a3), stat(s, &cstat) == 0)
++	(snprintf(lbuf, sizeof(lbuf), f, a1, a2, a3), stat(lbuf, &cstat) == 0)
+ 
+-		if (try("%s/RCS/%s%s", filedir, filebase, RCSSUFFIX) ||
+-		    try("%s/RCS/%s%s", filedir, filebase, "") ||
+-		    try("%s/%s%s", filedir, filebase, RCSSUFFIX)) {
+-			snprintf(buf, buf_size, CHECKOUT, filename);
+-			snprintf(lbuf, sizeof lbuf, RCSDIFF, filename);
+-			cs = "RCS";
+-		} else if (try("%s/SCCS/%s%s", filedir, SCCSPREFIX, filebase) ||
+-		    try("%s/%s%s", filedir, SCCSPREFIX, filebase)) {
+-			snprintf(buf, buf_size, GET, s);
+-			snprintf(lbuf, sizeof lbuf, SCCSDIFF, s, filename);
+-			cs = "SCCS";
+-		} else if (statfailed)
+-			fatal("can't find %s\n", filename);
+-
+-		free(tmp_filename1);
+-		free(tmp_filename2);
+-
+ 		/*
+ 		 * else we can't write to it but it's not under a version
+ 		 * control system, so just proceed.
+ 		 */
+-		if (cs) {
++		if (try("%s/RCS/%s%s", filedir, filebase, RCSSUFFIX) ||
++		    try("%s/RCS/%s%s", filedir, filebase, "") ||
++		    try("%s/%s%s", filedir, filebase, RCSSUFFIX)) {
+ 			if (!statfailed) {
+ 				if ((filestat.st_mode & 0222) != 0)
+ 					/* The owner can write to it.  */
+ 					fatal("file %s seems to be locked "
+-					    "by somebody else under %s\n",
+-					    filename, cs);
++					    "by somebody else under RCS\n",
++					    filename);
+ 				/*
+ 				 * It might be checked out unlocked.  See if
+ 				 * it's safe to check out the default version
+@@ -224,21 +212,59 @@ plan_a(const char *filename)
+ 				 */
+ 				if (verbose)
+ 					say("Comparing file %s to default "
+-					    "%s version...\n",
+-					    filename, cs);
+-				if (system(lbuf))
++					    "RCS version...\n", filename);
++
++				switch (pid = fork()) {
++				case -1:
++					fatal("can't fork: %s\n",
++					    strerror(errno));
++				case 0:
++					devnull = open("/dev/null", O_RDONLY);
++					if (devnull == -1) {
++						fatal("can't open /dev/null: %s",
++						    strerror(errno));
++					}
++					(void)dup2(devnull, STDOUT_FILENO);
++					argp[0] = strdup(RCSDIFF);
++					argp[1] = strdup(filename);
++					execv(RCSDIFF, argp);
++					exit(127);
++				}
++				pid = waitpid(pid, &pstat, 0);
++				if (pid == -1 || WEXITSTATUS(pstat) != 0) {
+ 					fatal("can't check out file %s: "
+-					    "differs from default %s version\n",
+-					    filename, cs);
++					    "differs from default RCS version\n",
++					    filename);
++				}
+ 			}
++
+ 			if (verbose)
+-				say("Checking out file %s from %s...\n",
+-				    filename, cs);
+-			if (system(buf) || stat(filename, &filestat))
+-				fatal("can't check out file %s from %s\n",
+-				    filename, cs);
++				say("Checking out file %s from RCS...\n",
++				    filename);
++
++			switch (pid = fork()) {
++			case -1:
++				fatal("can't fork: %s\n", strerror(errno));
++			case 0:
++				argp[0] = strdup(CHECKOUT);
++				argp[1] = strdup("-l");
++				argp[2] = strdup(filename);
++				execv(CHECKOUT, argp);
++				exit(127);
++			}
++			pid = waitpid(pid, &pstat, 0);
++			if (pid == -1 || WEXITSTATUS(pstat) != 0 ||
++			    stat(filename, &filestat)) {
++				fatal("can't check out file %s from RCS\n",
++				    filename);
++			}
++		} else if (statfailed) {
++			fatal("can't find %s\n", filename);
+ 		}
++		free(tmp_filename1);
++		free(tmp_filename2);
+ 	}
++
+ 	filemode = filestat.st_mode;
+ 	if (!S_ISREG(filemode))
+ 		fatal("%s is not a normal file--can't patch\n", filename);

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:16.openssh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/16-SA-15:16.openssh	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,90 @@
+Index: crypto/openssh/auth2-chall.c
+===================================================================
+--- crypto/openssh/auth2-chall.c	(revision 285923)
++++ crypto/openssh/auth2-chall.c	(working copy)
+@@ -82,6 +82,7 @@ struct KbdintAuthctxt
+ 	void *ctxt;
+ 	KbdintDevice *device;
+ 	u_int nreq;
++	u_int devices_done;
+ };
+ 
+ #ifdef USE_PAM
+@@ -168,11 +169,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthc
+ 		if (len == 0)
+ 			break;
+ 		for (i = 0; devices[i]; i++) {
+-			if (!auth2_method_allowed(authctxt,
++			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
++			    !auth2_method_allowed(authctxt,
+ 			    "keyboard-interactive", devices[i]->name))
+ 				continue;
+-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
++			if (strncmp(kbdintctxt->devices, devices[i]->name,
++			    len) == 0) {
+ 				kbdintctxt->device = devices[i];
++				kbdintctxt->devices_done |= 1 << i;
++			}
+ 		}
+ 		t = kbdintctxt->devices;
+ 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
+Index: crypto/openssh/sshconnect.c
+===================================================================
+--- crypto/openssh/sshconnect.c	(revision 285923)
++++ crypto/openssh/sshconnect.c	(working copy)
+@@ -1247,29 +1247,39 @@ verify_host_key(char *host, struct sockaddr *hosta
+ {
+ 	int flags = 0;
+ 	char *fp;
++	Key *plain = NULL;
+ 
+ 	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ 	debug("Server host key: %s %s", key_type(host_key), fp);
+ 	free(fp);
+ 
+-	/* XXX certs are not yet supported for DNS */
+-	if (!key_is_cert(host_key) && options.verify_host_key_dns &&
+-	    verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
+-		if (flags & DNS_VERIFY_FOUND) {
+-
+-			if (options.verify_host_key_dns == 1 &&
+-			    flags & DNS_VERIFY_MATCH &&
+-			    flags & DNS_VERIFY_SECURE)
+-				return 0;
+-
+-			if (flags & DNS_VERIFY_MATCH) {
+-				matching_host_key_dns = 1;
+-			} else {
+-				warn_changed_key(host_key);
+-				error("Update the SSHFP RR in DNS with the new "
+-				    "host key to get rid of this message.");
++	if (options.verify_host_key_dns) {
++		/*
++		 * XXX certs are not yet supported for DNS, so downgrade
++		 * them and try the plain key.
++		 */
++		plain = key_from_private(host_key);
++		if (key_is_cert(plain))
++			key_drop_cert(plain);
++		if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
++			if (flags & DNS_VERIFY_FOUND) {
++				if (options.verify_host_key_dns == 1 &&
++				    flags & DNS_VERIFY_MATCH &&
++				    flags & DNS_VERIFY_SECURE) {
++					key_free(plain);
++					return 0;
++				}
++				if (flags & DNS_VERIFY_MATCH) {
++					matching_host_key_dns = 1;
++				} else {
++					warn_changed_key(plain);
++					error("Update the SSHFP RR in DNS "
++					    "with the new host key to get rid "
++					    "of this message.");
++				}
+ 			}
+ 		}
++		key_free(plain);
+ 	}
+ 
+ 	return check_host_key(host, hostaddr, options.port, host_key, RDRW,

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:18.bsdpatch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:18.bsdpatch	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,57 @@
+Index: usr.bin/patch/pathnames.h
+===================================================================
+--- usr.bin/patch/pathnames.h	(revision 286254)
++++ usr.bin/patch/pathnames.h	(working copy)
+@@ -9,4 +9,4 @@
+ 
+ #include <paths.h>
+ 
+-#define	_PATH_ED		"/bin/ed"
++#define	_PATH_RED		"/bin/red"
+Index: usr.bin/patch/pch.c
+===================================================================
+--- usr.bin/patch/pch.c	(revision 286254)
++++ usr.bin/patch/pch.c	(working copy)
+@@ -1,4 +1,3 @@
+-
+ /*-
+  * Copyright 1986, Larry Wall
+  * 
+@@ -1409,6 +1408,7 @@ do_ed_script(void)
+ 	char	*t;
+ 	off_t	beginning_of_this_line;
+ 	FILE	*pipefp = NULL;
++	int	continuation;
+ 
+ 	if (!skip_rest_of_patch) {
+ 		if (copy_file(filearg[0], TMPOUTNAME) < 0) {
+@@ -1415,7 +1415,7 @@ do_ed_script(void)
+ 			unlink(TMPOUTNAME);
+ 			fatal("can't create temp file %s", TMPOUTNAME);
+ 		}
+-		snprintf(buf, buf_size, "%s%s%s", _PATH_ED,
++		snprintf(buf, buf_size, "%s%s%s", _PATH_RED,
+ 		    verbose ? " " : " -s ", TMPOUTNAME);
+ 		pipefp = popen(buf, "w");
+ 	}
+@@ -1433,7 +1433,19 @@ do_ed_script(void)
+ 		    (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t == 's')) {
+ 			if (pipefp != NULL)
+ 				fputs(buf, pipefp);
+-			if (*t != 'd') {
++			if (*t == 's') {
++				for (;;) {
++					continuation = 0;
++					t = strchr(buf, '\0') - 1;
++					while (--t >= buf && *t == '\\')
++						continuation = !continuation;
++					if (!continuation ||
++					    pgets(true) == 0)
++						break;
++					if (pipefp != NULL)
++						fputs(buf, pipefp);
++				}
++			} else if (*t != 'd') {
+ 				while (pgets(true)) {
+ 					p_input_line++;
+ 					if (pipefp != NULL)

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:19.routed
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/17-SA-15:19.routed	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,17 @@
+Index: sbin/routed/input.c
+===================================================================
+--- sbin/routed/input.c	(revision 286262)
++++ sbin/routed/input.c	(working copy)
+@@ -160,6 +160,12 @@ input(struct sockaddr_in *from,		/* received from
+ 
+ 	trace_rip("Recv", "from", from, sifp, rip, cc);
+ 
++	if (sifp == 0) {
++		trace_pkt("    discard a request from an indirect router"
++		    " (possibly an attack)");
++		return;
++	}
++
+ 	if (rip->rip_vers == 0) {
+ 		msglim(&bad_router, FROM_NADDR,
+ 		       "RIP version 0, cmd %d, packet received from %s",

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/18-SA-15:20.expat
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/18-SA-15:20.expat	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,49 @@
+Index: contrib/expat/lib/xmlparse.c
+===================================================================
+--- contrib/expat/lib/xmlparse.c	(revision 286868)
++++ contrib/expat/lib/xmlparse.c	(working copy)
+@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int is
+ void * XMLCALL
+ XML_GetBuffer(XML_Parser parser, int len)
+ {
++/* BEGIN MOZILLA CHANGE (sanity check len) */
++  if (len < 0) {
++    errorCode = XML_ERROR_NO_MEMORY;
++    return NULL;
++  }
++/* END MOZILLA CHANGE */
+   switch (ps_parsing) {
+   case XML_SUSPENDED:
+     errorCode = XML_ERROR_SUSPENDED;
+@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len)
+   }
+ 
+   if (len > bufferLim - bufferEnd) {
+-    /* FIXME avoid integer overflow */
+     int neededSize = len + (int)(bufferEnd - bufferPtr);
++/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
++    if (neededSize < 0) {
++      errorCode = XML_ERROR_NO_MEMORY;
++      return NULL;
++    }
++/* END MOZILLA CHANGE */
+ #ifdef XML_CONTEXT_BYTES
+     int keep = (int)(bufferPtr - buffer);
+ 
+@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+         bufferSize *= 2;
+-      } while (bufferSize < neededSize);
++/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
++      } while (bufferSize < neededSize && bufferSize > 0);
++/* END MOZILLA CHANGE */
++/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
++      if (bufferSize <= 0) {
++        errorCode = XML_ERROR_NO_MEMORY;
++        return NULL;
++      }
++/* END MOZILLA CHANGE */
+       newBuf = (char *)MALLOC(bufferSize);
+       if (newBuf == 0) {
+         errorCode = XML_ERROR_NO_MEMORY;

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:14.ixgbe
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:14.ixgbe	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,26 @@
+Index: sys/conf/files
+===================================================================
+--- sys/conf/files	(revision 286787)
++++ sys/conf/files	(working copy)
+@@ -1704,7 +1704,7 @@ dev/ixgb/if_ixgb.c		optional ixgb
+ dev/ixgb/ixgb_ee.c		optional ixgb
+ dev/ixgb/ixgb_hw.c		optional ixgb
+ dev/ixgbe/ixgbe.c		optional ixgbe inet \
+-	compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR"
++	compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP"
+ dev/ixgbe/ixv.c			optional ixgbe inet \
+ 	compile-with "${NORMAL_C} -I$S/dev/ixgbe"
+ dev/ixgbe/ixgbe_phy.c		optional ixgbe inet \
+Index: sys/modules/ixgbe/Makefile
+===================================================================
+--- sys/modules/ixgbe/Makefile	(revision 286787)
++++ sys/modules/ixgbe/Makefile	(working copy)
+@@ -12,7 +12,7 @@ SRCS    += ixgbe.c ixv.c
+ SRCS    += ixgbe_common.c ixgbe_api.c ixgbe_phy.c ixgbe_mbx.c ixgbe_vf.c
+ SRCS    += ixgbe_dcb.c ixgbe_dcb_82598.c ixgbe_dcb_82599.c
+ SRCS    += ixgbe_82599.c ixgbe_82598.c ixgbe_x540.c
+-CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP -DIXGBE_FDIR
++CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP
+ 
+ .if !defined(KERNBUILDDIR)
+ .if ${MK_INET_SUPPORT} != "no"

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:15.pkg
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-EN-15:15.pkg	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,34 @@
+Index: usr.sbin/pkg/pkg.c
+===================================================================
+--- usr.sbin/pkg/pkg.c	(revision 286787)
++++ usr.sbin/pkg/pkg.c	(working copy)
+@@ -749,7 +749,13 @@ bootstrap_pkg(bool force)
+ 		goto fetchfail;
+ 
+ 	if (signature_type != NULL &&
+-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++	    strcasecmp(signature_type, "NONE") != 0) {
++		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++			warnx("Signature type %s is not supported for "
++			    "bootstrapping.", signature_type);
++			goto cleanup;
++		}
++
+ 		snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
+ 		    getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
+ 		snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
+@@ -834,7 +840,13 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
+ 		return (-1);
+ 	}
+ 	if (signature_type != NULL &&
+-	    strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++	    strcasecmp(signature_type, "NONE") != 0) {
++		if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++			warnx("Signature type %s is not supported for "
++			    "bootstrapping.", signature_type);
++			goto cleanup;
++		}
++
+ 		snprintf(path, sizeof(path), "%s.sig", pkgpath);
+ 
+ 		if ((fd_sig = open(path, O_RDONLY)) == -1) {

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:21.amd64
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:21.amd64	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,53 @@
+Index: sys/amd64/amd64/exception.S
+===================================================================
+--- sys/amd64/amd64/exception.S	(revision 286969)
++++ sys/amd64/amd64/exception.S	(working copy)
+@@ -154,9 +154,13 @@ IDTVEC(xmm)
+ IDTVEC(tss)
+ 	TRAP_ERR(T_TSSFLT)
+ IDTVEC(missing)
+-	TRAP_ERR(T_SEGNPFLT)
++	subq	$TF_ERR,%rsp
++	movl	$T_SEGNPFLT,TF_TRAPNO(%rsp)
++	jmp	prot_addrf
+ IDTVEC(stk)
+-	TRAP_ERR(T_STKFLT)
++	subq	$TF_ERR,%rsp
++	movl	$T_STKFLT,TF_TRAPNO(%rsp)
++	jmp	prot_addrf
+ IDTVEC(align)
+ 	TRAP_ERR(T_ALIGNFLT)
+ 
+@@ -319,6 +323,7 @@ IDTVEC(page)
+ IDTVEC(prot)
+ 	subq	$TF_ERR,%rsp
+ 	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
++prot_addrf:
+ 	movq	$0,TF_ADDR(%rsp)
+ 	movq	%rdi,TF_RDI(%rsp)	/* free up a GP register */
+ 	leaq	doreti_iret(%rip),%rdi
+Index: sys/amd64/amd64/machdep.c
+===================================================================
+--- sys/amd64/amd64/machdep.c	(revision 286969)
++++ sys/amd64/amd64/machdep.c	(working copy)
+@@ -428,6 +428,7 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *
+ 	regs->tf_rflags &= ~(PSL_T | PSL_D);
+ 	regs->tf_cs = _ucodesel;
+ 	regs->tf_ds = _udatasel;
++	regs->tf_ss = _udatasel;
+ 	regs->tf_es = _udatasel;
+ 	regs->tf_fs = _ufssel;
+ 	regs->tf_gs = _ugssel;
+Index: sys/amd64/amd64/trap.c
+===================================================================
+--- sys/amd64/amd64/trap.c	(revision 286969)
++++ sys/amd64/amd64/trap.c	(working copy)
+@@ -473,8 +473,6 @@ trap(struct trapframe *frame)
+ 			goto out;
+ 
+ 		case T_STKFLT:		/* stack fault */
+-			break;
+-
+ 		case T_PROTFLT:		/* general protection fault */
+ 		case T_SEGNPFLT:	/* segment not present fault */
+ 			if (td->td_intr_nesting_level != 0)

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:22.openssh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/19-SA-15:22.openssh	Thu Jan  7 20:53:59 2016	(r293363)
@@ -0,0 +1,68 @@
+Index: crypto/openssh/monitor.c
+===================================================================
+--- crypto/openssh/monitor.c	(revision 286787)
++++ crypto/openssh/monitor.c	(working copy)
+@@ -1027,9 +1027,7 @@ extern KbdintDevice sshpam_device;
+ int
+ mm_answer_pam_init_ctx(int sock, Buffer *m)
+ {
+-
+ 	debug3("%s", __func__);
+-	authctxt->user = buffer_get_string(m, NULL);
+ 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+ 	sshpam_authok = NULL;
+ 	buffer_clear(m);

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***