Date: Thu, 7 Jan 2016 20:59:31 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r293366 - in user/cperciva/freebsd-update-build/patches: 10.0-BETA1 10.0-BETA2 10.0-BETA3 10.0-BETA4 10.0-RC1 10.0-RC2 10.0-RC3 10.0-RC4 10.0-RC5 10.1-BETA1 10.1-BETA2 10.1-BETA3 10.1-R... Message-ID: <201601072059.u07KxVbG041778@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Thu Jan 7 20:59:31 2016 New Revision: 293366 URL: https://svnweb.freebsd.org/changeset/base/293366 Log: Add missing patches for historical FreeBSD releases. Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/ user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-BETA2/ user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-BETA3/ user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-BETA4/ user/cperciva/freebsd-update-build/patches/10.0-RC1/ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl user/cperciva/freebsd-update-build/patches/10.0-RC2/ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl user/cperciva/freebsd-update-build/patches/10.0-RC3/ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl user/cperciva/freebsd-update-build/patches/10.0-RC4/ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl user/cperciva/freebsd-update-build/patches/10.0-RC5/ user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd user/cperciva/freebsd-update-build/patches/10.1-BETA1/ user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp user/cperciva/freebsd-update-build/patches/10.1-BETA2/ user/cperciva/freebsd-update-build/patches/10.1-BETA3/ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl user/cperciva/freebsd-update-build/patches/10.1-BETA3/2-EN-14:11.crypt user/cperciva/freebsd-update-build/patches/10.1-RC1/ user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:20.rtsold user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:21.routed user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:22.namei user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:23.openssl user/cperciva/freebsd-update-build/patches/10.1-RC1/2-EN-14:11.crypt user/cperciva/freebsd-update-build/patches/10.1-RC2/ user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:20.rtsold user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:21.routed user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:22.namei user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:23.openssl user/cperciva/freebsd-update-build/patches/10.1-RC2/2-EN-14:11.crypt user/cperciva/freebsd-update-build/patches/10.1-RC2/3-SA-14:25.setlogin user/cperciva/freebsd-update-build/patches/10.1-RC2/3-SA-14:26.ftp user/cperciva/freebsd-update-build/patches/10.1-RC3/ user/cperciva/freebsd-update-build/patches/10.1-RC3/1-SA-14:25.setlogin user/cperciva/freebsd-update-build/patches/10.1-RC3/1-SA-14:26.ftp user/cperciva/freebsd-update-build/patches/10.1-RC4/ user/cperciva/freebsd-update-build/patches/10.1-RC4/0-volume-label user/cperciva/freebsd-update-build/patches/10.1-RC4/1-SA-14:25.setlogin user/cperciva/freebsd-update-build/patches/10.1-RC4/1-SA-14:26.ftp user/cperciva/freebsd-update-build/patches/10.2-BETA1/ user/cperciva/freebsd-update-build/patches/10.2-BETA1/1-SA-15:13.tcp user/cperciva/freebsd-update-build/patches/10.2-BETA2/ user/cperciva/freebsd-update-build/patches/10.2-BETA2/1-SA-15:13.tcp user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:14.tcp user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:15.bsdpatch user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:16.openssh user/cperciva/freebsd-update-build/patches/10.2-BETA2/3-SA-15:18.bsdpatch user/cperciva/freebsd-update-build/patches/10.2-BETA2/3-SA-15:19.routed user/cperciva/freebsd-update-build/patches/10.2-RC1/ user/cperciva/freebsd-update-build/patches/10.2-RC1/0-ntp user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:14.tcp user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:15.bsdpatch user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:16.openssh user/cperciva/freebsd-update-build/patches/10.2-RC1/2-SA-15:18.bsdpatch user/cperciva/freebsd-update-build/patches/10.2-RC1/2-SA-15:19.routed user/cperciva/freebsd-update-build/patches/10.2-RC2/ user/cperciva/freebsd-update-build/patches/10.2-RC2/1-SA-15:18.bsdpatch user/cperciva/freebsd-update-build/patches/10.2-RC2/1-SA-15:19.routed user/cperciva/freebsd-update-build/patches/10.2-RC3/ user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:11.toolchain user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:12.netstat user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:13.vidcontrol user/cperciva/freebsd-update-build/patches/10.2-RC3/1-SA-15:20.expat user/cperciva/freebsd-update-build/patches/10.2-RC3/2-EN-15:15.pkg user/cperciva/freebsd-update-build/patches/10.2-RC3/2-SA-15:22.openssh user/cperciva/freebsd-update-build/patches/6.2-BETA1/ user/cperciva/freebsd-update-build/patches/6.2-BETA1/1-SA-06:21.gzip user/cperciva/freebsd-update-build/patches/6.2-BETA1/2-SA-06:23.openssl user/cperciva/freebsd-update-build/patches/6.2-BETA1/3-SA-06:23.openssl-correction user/cperciva/freebsd-update-build/patches/6.2-BETA1/4-SA-06:22.openssh user/cperciva/freebsd-update-build/patches/6.2-BETA2/ user/cperciva/freebsd-update-build/patches/6.2-BETA3/ user/cperciva/freebsd-update-build/patches/6.2-BETA3/1-SA-06:24.libarchive user/cperciva/freebsd-update-build/patches/6.2-RC1/ user/cperciva/freebsd-update-build/patches/6.2-RC1/1-SA-06:25.kmem user/cperciva/freebsd-update-build/patches/6.2-RC1/2-SA-07:01.jail user/cperciva/freebsd-update-build/patches/6.2-RC2/ user/cperciva/freebsd-update-build/patches/6.2-RC2/1-SA-07:01.jail user/cperciva/freebsd-update-build/patches/6.3-BETA1/ user/cperciva/freebsd-update-build/patches/6.3-BETA1/1-SA-07:09.random user/cperciva/freebsd-update-build/patches/6.3-BETA2/ user/cperciva/freebsd-update-build/patches/6.3-BETA2/1-SA-07:09.random user/cperciva/freebsd-update-build/patches/6.3-RC1/ user/cperciva/freebsd-update-build/patches/6.3-RC1/1-SA-07:09.random user/cperciva/freebsd-update-build/patches/6.3-RC2/ user/cperciva/freebsd-update-build/patches/6.3-RC2/1-SA-08:01.pty user/cperciva/freebsd-update-build/patches/6.3-RC2/1-SA-08:02.libc user/cperciva/freebsd-update-build/patches/6.3-RELEASE/3-SA-08:03.bind user/cperciva/freebsd-update-build/patches/6.4-BETA/ user/cperciva/freebsd-update-build/patches/6.4-BETA/1-SA-08:10.nd6 user/cperciva/freebsd-update-build/patches/6.4-RC2/ user/cperciva/freebsd-update-build/patches/6.4-RC2/1-SA-08:11.arc4random user/cperciva/freebsd-update-build/patches/7.0-BETA1.5/ user/cperciva/freebsd-update-build/patches/7.0-BETA2/ user/cperciva/freebsd-update-build/patches/7.0-BETA2/1-SA-07:09.random user/cperciva/freebsd-update-build/patches/7.0-BETA3/ user/cperciva/freebsd-update-build/patches/7.0-BETA3/1-SA-07:09.random user/cperciva/freebsd-update-build/patches/7.0-RC1/ user/cperciva/freebsd-update-build/patches/7.0-RC1/1-SA-08:01.pty user/cperciva/freebsd-update-build/patches/7.0-RC1/1-SA-08:02.libc user/cperciva/freebsd-update-build/patches/7.0-RC2/ user/cperciva/freebsd-update-build/patches/7.0-RC2/1-SA-08:03.sendfile user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:09.icmp user/cperciva/freebsd-update-build/patches/7.1-BETA/ user/cperciva/freebsd-update-build/patches/7.1-BETA/0-openssh.man user/cperciva/freebsd-update-build/patches/7.1-BETA/1-SA-08:10.nd6 user/cperciva/freebsd-update-build/patches/7.1-BETA2/ user/cperciva/freebsd-update-build/patches/7.1-BETA2/1-SA-08:11.arc4random user/cperciva/freebsd-update-build/patches/7.1-RC1/ user/cperciva/freebsd-update-build/patches/7.1-RC1/1-SA-08:12.ftpd user/cperciva/freebsd-update-build/patches/7.1-RC1/1-SA-08:13.protosw user/cperciva/freebsd-update-build/patches/7.1-RC2/ user/cperciva/freebsd-update-build/patches/7.1-RC2/1-09:01.lukemftpd user/cperciva/freebsd-update-build/patches/7.1-RC2/1-09:02.openssl user/cperciva/freebsd-update-build/patches/7.1-RC2/2-09:03.ntpd user/cperciva/freebsd-update-build/patches/7.1-RC2/2-09:04.bind user/cperciva/freebsd-update-build/patches/7.2-RC1/ user/cperciva/freebsd-update-build/patches/7.2-RC1/1-SA-09:08.openssl user/cperciva/freebsd-update-build/patches/8.0-BETA1/ user/cperciva/freebsd-update-build/patches/8.0-BETA1/0-man9 user/cperciva/freebsd-update-build/patches/8.0-BETA1/0-nc.1 (contents, props changed) user/cperciva/freebsd-update-build/patches/8.0-BETA1/1-SA-09:12.bind user/cperciva/freebsd-update-build/patches/8.0-BETA2/ user/cperciva/freebsd-update-build/patches/8.0-BETA2/1-SA-09:12.bind user/cperciva/freebsd-update-build/patches/8.0-BETA4/ user/cperciva/freebsd-update-build/patches/8.0-BETA4/1-EN-09:05.null user/cperciva/freebsd-update-build/patches/8.0-RC1/ user/cperciva/freebsd-update-build/patches/8.0-RC1/1-EN-09:05.null user/cperciva/freebsd-update-build/patches/8.0-RC2/ user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:15.ssl user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:16.rtld user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:17.freebsd-update user/cperciva/freebsd-update-build/patches/8.0-RC3/ user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:15.ssl user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:16.rtld user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:17.freebsd-update user/cperciva/freebsd-update-build/patches/8.1-BETA1/ user/cperciva/freebsd-update-build/patches/8.1-BETA1/0-ssh-pkcs11-helper.patch user/cperciva/freebsd-update-build/patches/8.1-RC1/ user/cperciva/freebsd-update-build/patches/8.1-RC1/1-SA-10:07.mbuf user/cperciva/freebsd-update-build/patches/8.1-RC2/ user/cperciva/freebsd-update-build/patches/8.1-RC2/1-SA-10:07.mbuf user/cperciva/freebsd-update-build/patches/8.1-RELEASE/12-SA-12:04.sysret user/cperciva/freebsd-update-build/patches/8.4-BETA1/ user/cperciva/freebsd-update-build/patches/8.4-BETA1/1-SA-13:04.bind user/cperciva/freebsd-update-build/patches/8.4-RC1/ user/cperciva/freebsd-update-build/patches/8.4-RC1/1-SA-13:05.nfsserver user/cperciva/freebsd-update-build/patches/8.4-RC2/ user/cperciva/freebsd-update-build/patches/8.4-RC2/1-SA-13:05.nfsserver user/cperciva/freebsd-update-build/patches/8.4-RC3/ user/cperciva/freebsd-update-build/patches/8.4-RELEASE/31-EN-15:08.sendmail user/cperciva/freebsd-update-build/patches/8.4-RELEASE/32-EN-15:08.sendmail user/cperciva/freebsd-update-build/patches/8.4-RELEASE/33-SA-15:11.bind user/cperciva/freebsd-update-build/patches/8.4-RELEASE/34-SA-15:13.tcp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:14.tcp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:16.openssh user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:17.bind user/cperciva/freebsd-update-build/patches/8.4-RELEASE/36-SA-15:16.openssh user/cperciva/freebsd-update-build/patches/9.0-BETA1/ user/cperciva/freebsd-update-build/patches/9.0-BETA1/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-BETA1/1-EN-12:01.freebsd-update user/cperciva/freebsd-update-build/patches/9.0-BETA2/ user/cperciva/freebsd-update-build/patches/9.0-BETA2/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-BETA2/1-EN-12:01.freebsd-update user/cperciva/freebsd-update-build/patches/9.0-BETA3/ user/cperciva/freebsd-update-build/patches/9.0-BETA3/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-BETA3/1-EN-12:01.freebsd-update user/cperciva/freebsd-update-build/patches/9.0-RC1/ user/cperciva/freebsd-update-build/patches/9.0-RC1/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-RC1/1-EN-12:01.freebsd-update user/cperciva/freebsd-update-build/patches/9.0-RC2/ user/cperciva/freebsd-update-build/patches/9.0-RC2/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:06.bind user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:07.chroot user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:08.telnetd user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:09.pam_ssh user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:10.pam user/cperciva/freebsd-update-build/patches/9.0-RC3/ user/cperciva/freebsd-update-build/patches/9.0-RC3/0-clang.patch user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:07.chroot user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:08.telnetd user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:09.pam_ssh user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:10.pam user/cperciva/freebsd-update-build/patches/9.1-RC1/ user/cperciva/freebsd-update-build/patches/9.1-RC1/0-clang.patch user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:06.bind user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:07.hostapd user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:08.linux user/cperciva/freebsd-update-build/patches/9.1-RC2/ user/cperciva/freebsd-update-build/patches/9.1-RC2/0-clang.patch user/cperciva/freebsd-update-build/patches/9.1-RC2/1-SA-12:07.hostapd user/cperciva/freebsd-update-build/patches/9.1-RC2/1-SA-12:08.linux user/cperciva/freebsd-update-build/patches/9.1-RC3/ user/cperciva/freebsd-update-build/patches/9.1-RC3/0-clang.patch user/cperciva/freebsd-update-build/patches/9.1-RC3/1-SA-12:07.hostapd user/cperciva/freebsd-update-build/patches/9.1-RC3/1-SA-12:08.linux user/cperciva/freebsd-update-build/patches/9.2-BETA1/ user/cperciva/freebsd-update-build/patches/9.2-BETA2/ user/cperciva/freebsd-update-build/patches/9.2-RC1/ user/cperciva/freebsd-update-build/patches/9.2-RC1/1-SA-13:09.ip_multicast user/cperciva/freebsd-update-build/patches/9.2-RC1/1-SA-13:10.sctp user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:11.sendfile user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:12.ifioctl user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:13.nullfs user/cperciva/freebsd-update-build/patches/9.2-RC2/ user/cperciva/freebsd-update-build/patches/9.2-RC2/1-SA-13:09.ip_multicast user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:11.sendfile user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:12.ifioctl user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:13.nullfs user/cperciva/freebsd-update-build/patches/9.2-RC3/ user/cperciva/freebsd-update-build/patches/9.2-RC3/1-SA-13:12.ifioctl user/cperciva/freebsd-update-build/patches/9.2-RC3/1-SA-13:13.nullfs user/cperciva/freebsd-update-build/patches/9.2-RC3/2-EN-13:04.freebsd-update user/cperciva/freebsd-update-build/patches/9.2-RC3/3-EN-13:05.freebsd-update user/cperciva/freebsd-update-build/patches/9.2-RC4/ user/cperciva/freebsd-update-build/patches/9.2-RC4/0-mergemaster.patch user/cperciva/freebsd-update-build/patches/9.2-RC4/1-EN-13:04.freebsd-update user/cperciva/freebsd-update-build/patches/9.2-RC4/2-EN-13:05.freebsd-update user/cperciva/freebsd-update-build/patches/9.3-BETA1/ user/cperciva/freebsd-update-build/patches/9.3-BETA1/1-SA-14:12.ktrace user/cperciva/freebsd-update-build/patches/9.3-BETA1/1-SA-14:13.pam user/cperciva/freebsd-update-build/patches/9.3-BETA1/2-SA-14:14.openssl user/cperciva/freebsd-update-build/patches/9.3-BETA1/3-SA-14:16.file user/cperciva/freebsd-update-build/patches/9.3-BETA2/ user/cperciva/freebsd-update-build/patches/9.3-BETA2/1-SA-14:16.file user/cperciva/freebsd-update-build/patches/9.3-BETA3/ user/cperciva/freebsd-update-build/patches/9.3-BETA3/1-SA-14:16.file user/cperciva/freebsd-update-build/patches/9.3-BETA3/2-SA-14:17.kmem user/cperciva/freebsd-update-build/patches/9.3-RC1/ user/cperciva/freebsd-update-build/patches/9.3-RC1/1-SA-14:16.file user/cperciva/freebsd-update-build/patches/9.3-RC1/2-SA-14:17.kmem user/cperciva/freebsd-update-build/patches/9.3-RC2/ user/cperciva/freebsd-update-build/patches/9.3-RC2/1-SA-14:17.kmem user/cperciva/freebsd-update-build/patches/9.3-RC3/ user/cperciva/freebsd-update-build/patches/9.3-RC3/1-SA-14:17.kmem Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,78 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1200,7 +1200,7 @@ + # Some aliases to save space later: ${P} is a character which can + # appear in a path; ${M} is the four numeric metadata fields; and + # ${H} is a sha256 hash. +- P="[-+./:=%@_[[:alnum:]]" ++ P="[-+./:=%@_[~[:alnum:]]" + M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" + H="[0-9a-f]{64}" + +@@ -2814,16 +2814,24 @@ + + # If we haven't already dealt with the world, deal with it. + if ! [ -f $1/worlddone ]; then ++ # Create any necessary directories first ++ grep -vE '^/boot/' $1/INDEX-NEW | ++ grep -E '^[^|]+\|d\|' > INDEX-NEW ++ install_from_index INDEX-NEW || return 1 ++ + # Install new shared libraries next + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + install_from_index INDEX-NEW || return 1 + + # Deal with everything else + grep -vE '^/boot/' $1/INDEX-OLD | +- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD ++ grep -vE '^[^|]+\|d\|' | ++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + install_from_index INDEX-NEW || return 1 + install_delete INDEX-OLD INDEX-NEW || return 1 + +@@ -2844,11 +2852,11 @@ + + # Do we need to ask the user to portupgrade now? + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' | + cut -f 1 -d '|' | + sort > newfiles + if grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '/lib/.*\.so\.[0-9]+\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' | + cut -f 1 -d '|' | + sort | + join -v 1 - newfiles | +@@ -2868,11 +2876,20 @@ + + # Remove old shared libraries + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD + install_delete INDEX-OLD INDEX-NEW || return 1 + ++ # Remove old directories ++ grep -vE '^/boot/' $1/INDEX-OLD | ++ grep -E '^[^|]+\|d\|' > INDEX-OLD ++ grep -vE '^/boot/' $1/INDEX-OLD | ++ grep -E '^[^|]+\|d\|' > INDEX-OLD ++ install_delete INDEX-OLD INDEX-NEW || return 1 ++ + # Remove temporary files + rm INDEX-OLD INDEX-NEW + } Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: crypto/openssh/monitor_wrap.c +=================================================================== +--- crypto/openssh/monitor_wrap.c (revision 257864) ++++ crypto/openssh/monitor_wrap.c (working copy) +@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) + buffer_init(&b); + buffer_append(&b, blob, blen); + +- newkey = xmalloc(sizeof(*newkey)); ++ newkey = xcalloc(1, sizeof(*newkey)); + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,17 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878) ++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879) +@@ -2884,10 +2884,10 @@ + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove old directories ++ grep -vE '^/boot/' $1/INDEX-NEW | ++ grep -E '^[^|]+\|d\|' > INDEX-NEW + grep -vE '^/boot/' $1/INDEX-OLD | + grep -E '^[^|]+\|d\|' > INDEX-OLD +- grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '^[^|]+\|d\|' > INDEX-OLD + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove temporary files Added: user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: crypto/openssh/monitor_wrap.c +=================================================================== +--- crypto/openssh/monitor_wrap.c (revision 257864) ++++ crypto/openssh/monitor_wrap.c (working copy) +@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) + buffer_init(&b); + buffer_append(&b, blob, blen); + +- newkey = xmalloc(sizeof(*newkey)); ++ newkey = xcalloc(1, sizeof(*newkey)); + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; Added: user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,17 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878) ++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879) +@@ -2884,10 +2884,10 @@ + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove old directories ++ grep -vE '^/boot/' $1/INDEX-NEW | ++ grep -E '^[^|]+\|d\|' > INDEX-NEW + grep -vE '^/boot/' $1/INDEX-OLD | + grep -E '^[^|]+\|d\|' > INDEX-OLD +- grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '^[^|]+\|d\|' > INDEX-OLD + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove temporary files Added: user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: crypto/openssh/monitor_wrap.c +=================================================================== +--- crypto/openssh/monitor_wrap.c (revision 257864) ++++ crypto/openssh/monitor_wrap.c (working copy) +@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) + buffer_init(&b); + buffer_append(&b, blob, blen); + +- newkey = xmalloc(sizeof(*newkey)); ++ newkey = xcalloc(1, sizeof(*newkey)); + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; Added: user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,17 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878) ++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879) +@@ -2884,10 +2884,10 @@ + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove old directories ++ grep -vE '^/boot/' $1/INDEX-NEW | ++ grep -E '^[^|]+\|d\|' > INDEX-NEW + grep -vE '^/boot/' $1/INDEX-OLD | + grep -E '^[^|]+\|d\|' > INDEX-OLD +- grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '^[^|]+\|d\|' > INDEX-OLD + install_delete INDEX-OLD INDEX-NEW || return 1 + + # Remove temporary files Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,20 @@ +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 259950) ++++ sys/vm/vm_map.c (revision 259951) +@@ -1207,6 +1207,7 @@ charged: + } + else if ((prev_entry != &map->header) && + (prev_entry->eflags == protoeflags) && ++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 && + (prev_entry->end == start) && + (prev_entry->wired_count == 0) && + (prev_entry->cred == cred || +@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm + * NOTE: We explicitly allow bi-directional stacks. + */ + orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); +- cow &= ~orient; + KASSERT(orient != 0, ("No stack grow direction")); + + if (addrbos < vm_map_min(map) || Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,16 @@ +Index: contrib/bsnmp/lib/snmpagent.c +=================================================================== +--- contrib/bsnmp/lib/snmpagent.c (revision 259661) ++++ contrib/bsnmp/lib/snmpagent.c (working copy) +@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf + for (cnt = 0; cnt < pdu->error_index; cnt++) { + eomib = 1; + for (i = non_rep; i < pdu->nbindings; i++) { ++ ++ if (resp->nbindings == SNMP_MAX_BINDINGS) ++ /* PDU is full */ ++ goto done; ++ + if (cnt == 0) + result = do_getnext(&context, &pdu->bindings[i], + &resp->bindings[resp->nbindings], pdu); Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c (revision 259828) ++++ contrib/ntp/ntpd/ntp_config.c (working copy) +@@ -597,6 +597,8 @@ getconfig( + #endif /* not SYS_WINNT */ + } + ++ proto_config(PROTO_MONITOR, 0, 0., NULL); ++ + for (;;) { + if (tok == CONFIG_END) + break; Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,91 @@ +Index: crypto/openssl/ssl/d1_both.c +=================================================================== +--- crypto/openssl/ssl/d1_both.c (revision 260378) ++++ crypto/openssl/ssl/d1_both.c (working copy) +@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int + static void + dtls1_hm_fragment_free(hm_fragment *frag) + { ++ ++ if (frag->msg_header.is_ccs) ++ { ++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); ++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); ++ } + if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +Index: crypto/openssl/ssl/s3_both.c +=================================================================== +--- crypto/openssl/ssl/s3_both.c (revision 260378) ++++ crypto/openssl/ssl/s3_both.c (working copy) +@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; +- ++ /* If no new cipher setup return immediately: other functions will ++ * set the appropriate error. ++ */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return; + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; +Index: crypto/openssl/ssl/s3_lib.c +=================================================================== +--- crypto/openssl/ssl/s3_lib.c (revision 260378) ++++ crypto/openssl/ssl/s3_lib.c (working copy) +@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. + long ssl_get_algorithm2(SSL *s) + { + long alg2 = s->s3->tmp.new_cipher->algorithm2; +- if (TLS1_get_version(s) >= TLS1_2_VERSION && ++ if (s->method->version == TLS1_2_VERSION && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +Index: crypto/openssl/ssl/ssl_locl.h +=================================================================== +--- crypto/openssl/ssl/ssl_locl.h (revision 260378) ++++ crypto/openssl/ssl/ssl_locl.h (working copy) +@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; + extern SSL3_ENC_METHOD SSLv3_enc_data; + extern SSL3_ENC_METHOD DTLSv1_enc_data; + ++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) ++ + #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ + s_get_meth) \ + const SSL_METHOD *func_name(void) \ +Index: crypto/openssl/ssl/t1_enc.c +=================================================================== +--- crypto/openssl/ssl/t1_enc.c (revision 260378) ++++ crypto/openssl/ssl/t1_enc.c (working copy) +@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; +- if (s->enc_write_ctx != NULL) ++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + reuse_dd = 1; +- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) ++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) + goto err; ++ dd= s->enc_write_ctx; ++ if (SSL_IS_DTLS(s)) ++ { ++ mac_ctx = EVP_MD_CTX_create(); ++ if (!mac_ctx) ++ goto err; ++ s->write_hash = mac_ctx; ++ } + else +- /* make sure it's intialized in case we exit later with an error */ +- EVP_CIPHER_CTX_init(s->enc_write_ctx); +- dd= s->enc_write_ctx; +- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); ++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + #ifndef OPENSSL_NO_COMP + if (s->compress != NULL) + { Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,20 @@ +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 259950) ++++ sys/vm/vm_map.c (revision 259951) +@@ -1207,6 +1207,7 @@ charged: + } + else if ((prev_entry != &map->header) && + (prev_entry->eflags == protoeflags) && ++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 && + (prev_entry->end == start) && + (prev_entry->wired_count == 0) && + (prev_entry->cred == cred || +@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm + * NOTE: We explicitly allow bi-directional stacks. + */ + orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); +- cow &= ~orient; + KASSERT(orient != 0, ("No stack grow direction")); + + if (addrbos < vm_map_min(map) || Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,16 @@ +Index: contrib/bsnmp/lib/snmpagent.c +=================================================================== +--- contrib/bsnmp/lib/snmpagent.c (revision 259661) ++++ contrib/bsnmp/lib/snmpagent.c (working copy) +@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf + for (cnt = 0; cnt < pdu->error_index; cnt++) { + eomib = 1; + for (i = non_rep; i < pdu->nbindings; i++) { ++ ++ if (resp->nbindings == SNMP_MAX_BINDINGS) ++ /* PDU is full */ ++ goto done; ++ + if (cnt == 0) + result = do_getnext(&context, &pdu->bindings[i], + &resp->bindings[resp->nbindings], pdu); Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c (revision 259828) ++++ contrib/ntp/ntpd/ntp_config.c (working copy) +@@ -597,6 +597,8 @@ getconfig( + #endif /* not SYS_WINNT */ + } + ++ proto_config(PROTO_MONITOR, 0, 0., NULL); ++ + for (;;) { + if (tok == CONFIG_END) + break; Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,91 @@ +Index: crypto/openssl/ssl/d1_both.c +=================================================================== +--- crypto/openssl/ssl/d1_both.c (revision 260378) ++++ crypto/openssl/ssl/d1_both.c (working copy) +@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int + static void + dtls1_hm_fragment_free(hm_fragment *frag) + { ++ ++ if (frag->msg_header.is_ccs) ++ { ++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); ++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); ++ } + if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +Index: crypto/openssl/ssl/s3_both.c +=================================================================== +--- crypto/openssl/ssl/s3_both.c (revision 260378) ++++ crypto/openssl/ssl/s3_both.c (working copy) +@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; +- ++ /* If no new cipher setup return immediately: other functions will ++ * set the appropriate error. ++ */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return; + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; +Index: crypto/openssl/ssl/s3_lib.c +=================================================================== +--- crypto/openssl/ssl/s3_lib.c (revision 260378) ++++ crypto/openssl/ssl/s3_lib.c (working copy) +@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. + long ssl_get_algorithm2(SSL *s) + { + long alg2 = s->s3->tmp.new_cipher->algorithm2; +- if (TLS1_get_version(s) >= TLS1_2_VERSION && ++ if (s->method->version == TLS1_2_VERSION && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +Index: crypto/openssl/ssl/ssl_locl.h +=================================================================== +--- crypto/openssl/ssl/ssl_locl.h (revision 260378) ++++ crypto/openssl/ssl/ssl_locl.h (working copy) +@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; + extern SSL3_ENC_METHOD SSLv3_enc_data; + extern SSL3_ENC_METHOD DTLSv1_enc_data; + ++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) ++ + #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ + s_get_meth) \ + const SSL_METHOD *func_name(void) \ +Index: crypto/openssl/ssl/t1_enc.c +=================================================================== +--- crypto/openssl/ssl/t1_enc.c (revision 260378) ++++ crypto/openssl/ssl/t1_enc.c (working copy) +@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; +- if (s->enc_write_ctx != NULL) ++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + reuse_dd = 1; +- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) ++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) + goto err; ++ dd= s->enc_write_ctx; ++ if (SSL_IS_DTLS(s)) ++ { ++ mac_ctx = EVP_MD_CTX_create(); ++ if (!mac_ctx) ++ goto err; ++ s->write_hash = mac_ctx; ++ } + else +- /* make sure it's intialized in case we exit later with an error */ +- EVP_CIPHER_CTX_init(s->enc_write_ctx); +- dd= s->enc_write_ctx; +- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); ++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + #ifndef OPENSSL_NO_COMP + if (s->compress != NULL) + { Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,20 @@ +Index: sys/vm/vm_map.c +=================================================================== +--- sys/vm/vm_map.c (revision 259950) ++++ sys/vm/vm_map.c (revision 259951) +@@ -1207,6 +1207,7 @@ charged: + } + else if ((prev_entry != &map->header) && + (prev_entry->eflags == protoeflags) && ++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 && + (prev_entry->end == start) && + (prev_entry->wired_count == 0) && + (prev_entry->cred == cred || +@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm + * NOTE: We explicitly allow bi-directional stacks. + */ + orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); +- cow &= ~orient; + KASSERT(orient != 0, ("No stack grow direction")); + + if (addrbos < vm_map_min(map) || Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,16 @@ +Index: contrib/bsnmp/lib/snmpagent.c +=================================================================== +--- contrib/bsnmp/lib/snmpagent.c (revision 259661) ++++ contrib/bsnmp/lib/snmpagent.c (working copy) +@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf + for (cnt = 0; cnt < pdu->error_index; cnt++) { + eomib = 1; + for (i = non_rep; i < pdu->nbindings; i++) { ++ ++ if (resp->nbindings == SNMP_MAX_BINDINGS) ++ /* PDU is full */ ++ goto done; ++ + if (cnt == 0) + result = do_getnext(&context, &pdu->bindings[i], + &resp->bindings[resp->nbindings], pdu); Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c (revision 259828) ++++ contrib/ntp/ntpd/ntp_config.c (working copy) +@@ -597,6 +597,8 @@ getconfig( + #endif /* not SYS_WINNT */ + } + ++ proto_config(PROTO_MONITOR, 0, 0., NULL); ++ + for (;;) { + if (tok == CONFIG_END) + break; Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,91 @@ +Index: crypto/openssl/ssl/d1_both.c +=================================================================== +--- crypto/openssl/ssl/d1_both.c (revision 260378) ++++ crypto/openssl/ssl/d1_both.c (working copy) +@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int + static void + dtls1_hm_fragment_free(hm_fragment *frag) + { ++ ++ if (frag->msg_header.is_ccs) ++ { ++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); ++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); ++ } + if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +Index: crypto/openssl/ssl/s3_both.c +=================================================================== +--- crypto/openssl/ssl/s3_both.c (revision 260378) ++++ crypto/openssl/ssl/s3_both.c (working copy) +@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; +- ++ /* If no new cipher setup return immediately: other functions will ++ * set the appropriate error. ++ */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return; + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; +Index: crypto/openssl/ssl/s3_lib.c +=================================================================== +--- crypto/openssl/ssl/s3_lib.c (revision 260378) ++++ crypto/openssl/ssl/s3_lib.c (working copy) +@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. + long ssl_get_algorithm2(SSL *s) + { + long alg2 = s->s3->tmp.new_cipher->algorithm2; +- if (TLS1_get_version(s) >= TLS1_2_VERSION && ++ if (s->method->version == TLS1_2_VERSION && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +Index: crypto/openssl/ssl/ssl_locl.h +=================================================================== +--- crypto/openssl/ssl/ssl_locl.h (revision 260378) ++++ crypto/openssl/ssl/ssl_locl.h (working copy) +@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; + extern SSL3_ENC_METHOD SSLv3_enc_data; + extern SSL3_ENC_METHOD DTLSv1_enc_data; + ++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) ++ + #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ + s_get_meth) \ + const SSL_METHOD *func_name(void) \ +Index: crypto/openssl/ssl/t1_enc.c +=================================================================== +--- crypto/openssl/ssl/t1_enc.c (revision 260378) ++++ crypto/openssl/ssl/t1_enc.c (working copy) +@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; +- if (s->enc_write_ctx != NULL) ++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + reuse_dd = 1; +- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) ++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) + goto err; ++ dd= s->enc_write_ctx; ++ if (SSL_IS_DTLS(s)) ++ { ++ mac_ctx = EVP_MD_CTX_create(); ++ if (!mac_ctx) ++ goto err; ++ s->write_hash = mac_ctx; ++ } + else +- /* make sure it's intialized in case we exit later with an error */ +- EVP_CIPHER_CTX_init(s->enc_write_ctx); +- dd= s->enc_write_ctx; +- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); ++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + #ifndef OPENSSL_NO_COMP + if (s->compress != NULL) + { Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,16 @@ +Index: contrib/bsnmp/lib/snmpagent.c +=================================================================== +--- contrib/bsnmp/lib/snmpagent.c (revision 259661) ++++ contrib/bsnmp/lib/snmpagent.c (working copy) +@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf + for (cnt = 0; cnt < pdu->error_index; cnt++) { + eomib = 1; + for (i = non_rep; i < pdu->nbindings; i++) { ++ ++ if (resp->nbindings == SNMP_MAX_BINDINGS) ++ /* PDU is full */ ++ goto done; ++ + if (cnt == 0) + result = do_getnext(&context, &pdu->bindings[i], + &resp->bindings[resp->nbindings], pdu); Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c (revision 259828) ++++ contrib/ntp/ntpd/ntp_config.c (working copy) +@@ -597,6 +597,8 @@ getconfig( + #endif /* not SYS_WINNT */ + } + ++ proto_config(PROTO_MONITOR, 0, 0., NULL); ++ + for (;;) { + if (tok == CONFIG_END) + break; Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,91 @@ +Index: crypto/openssl/ssl/d1_both.c +=================================================================== +--- crypto/openssl/ssl/d1_both.c (revision 260378) ++++ crypto/openssl/ssl/d1_both.c (working copy) +@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int + static void + dtls1_hm_fragment_free(hm_fragment *frag) + { ++ ++ if (frag->msg_header.is_ccs) ++ { ++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); ++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); ++ } + if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +Index: crypto/openssl/ssl/s3_both.c +=================================================================== +--- crypto/openssl/ssl/s3_both.c (revision 260378) ++++ crypto/openssl/ssl/s3_both.c (working copy) +@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; +- ++ /* If no new cipher setup return immediately: other functions will ++ * set the appropriate error. ++ */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return; + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; +Index: crypto/openssl/ssl/s3_lib.c +=================================================================== +--- crypto/openssl/ssl/s3_lib.c (revision 260378) ++++ crypto/openssl/ssl/s3_lib.c (working copy) +@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. + long ssl_get_algorithm2(SSL *s) + { + long alg2 = s->s3->tmp.new_cipher->algorithm2; +- if (TLS1_get_version(s) >= TLS1_2_VERSION && ++ if (s->method->version == TLS1_2_VERSION && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +Index: crypto/openssl/ssl/ssl_locl.h +=================================================================== +--- crypto/openssl/ssl/ssl_locl.h (revision 260378) ++++ crypto/openssl/ssl/ssl_locl.h (working copy) +@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; + extern SSL3_ENC_METHOD SSLv3_enc_data; + extern SSL3_ENC_METHOD DTLSv1_enc_data; + ++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) ++ + #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ + s_get_meth) \ + const SSL_METHOD *func_name(void) \ +Index: crypto/openssl/ssl/t1_enc.c +=================================================================== +--- crypto/openssl/ssl/t1_enc.c (revision 260378) ++++ crypto/openssl/ssl/t1_enc.c (working copy) +@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; +- if (s->enc_write_ctx != NULL) ++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + reuse_dd = 1; +- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) ++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) + goto err; ++ dd= s->enc_write_ctx; ++ if (SSL_IS_DTLS(s)) ++ { ++ mac_ctx = EVP_MD_CTX_create(); ++ if (!mac_ctx) ++ goto err; ++ s->write_hash = mac_ctx; ++ } + else +- /* make sure it's intialized in case we exit later with an error */ +- EVP_CIPHER_CTX_init(s->enc_write_ctx); +- dd= s->enc_write_ctx; +- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); ++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + #ifndef OPENSSL_NO_COMP + if (s->compress != NULL) + { Added: user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,16 @@ +Index: contrib/bsnmp/lib/snmpagent.c +=================================================================== +--- contrib/bsnmp/lib/snmpagent.c (revision 259661) ++++ contrib/bsnmp/lib/snmpagent.c (working copy) +@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf + for (cnt = 0; cnt < pdu->error_index; cnt++) { + eomib = 1; + for (i = non_rep; i < pdu->nbindings; i++) { ++ ++ if (resp->nbindings == SNMP_MAX_BINDINGS) ++ /* PDU is full */ ++ goto done; ++ + if (cnt == 0) + result = do_getnext(&context, &pdu->bindings[i], + &resp->bindings[resp->nbindings], pdu); Added: user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,13 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c (revision 259828) ++++ contrib/ntp/ntpd/ntp_config.c (working copy) +@@ -597,6 +597,8 @@ getconfig( + #endif /* not SYS_WINNT */ + } + ++ proto_config(PROTO_MONITOR, 0, 0., NULL); ++ + for (;;) { + if (tok == CONFIG_END) + break; Added: user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,17 @@ +Index: sys/netinet/tcp_input.c +=================================================================== +--- sys/netinet/tcp_input.c (revision 271383) ++++ sys/netinet/tcp_input.c (working copy) +@@ -2092,11 +2092,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, + + todrop = tp->rcv_nxt - th->th_seq; + if (todrop > 0) { +- /* +- * If this is a duplicate SYN for our current connection, +- * advance over it and pretend and it's not a SYN. +- */ +- if (thflags & TH_SYN && th->th_seq == tp->irs) { ++ if (thflags & TH_SYN) { + thflags &= ~TH_SYN; + th->th_seq++; + if (th->th_urp > 1) Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,14 @@ +Index: usr.sbin/rtsold/rtsol.c +=================================================================== +--- usr.sbin/rtsold/rtsol.c.orig ++++ usr.sbin/rtsold/rtsol.c +@@ -933,7 +933,8 @@ + dst_origin = dst; + memset(dst, '\0', dlen); + while (src && (len = (uint8_t)(*src++) & 0x3f) && +- (src + len) <= src_last) { ++ (src + len) <= src_last && ++ (dst - dst_origin < (ssize_t)dlen)) { + if (dst != dst_origin) + *dst++ = '.'; + warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len); Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,15 @@ +Index: sbin/routed/input.c +=================================================================== +--- sbin/routed/input.c.orig ++++ sbin/routed/input.c +@@ -288,6 +288,10 @@ + /* Answer a query from a utility program + * with all we know. + */ ++ if (aifp == NULL) { ++ trace_pkt("ignore remote query"); ++ return; ++ } + if (from->sin_port != htons(RIP_PORT)) { + supply(from, aifp, OUT_QUERY, 0, + rip->rip_vers, ap != 0); Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,94 @@ +Index: sys/kern/vfs_lookup.c +=================================================================== +--- sys/kern/vfs_lookup.c (revision 273277) ++++ sys/kern/vfs_lookup.c (working copy) +@@ -121,6 +121,16 @@ + * if symbolic link, massage name in buffer and continue + * } + */ ++static void ++namei_cleanup_cnp(struct componentname *cnp) ++{ ++ uma_zfree(namei_zone, cnp->cn_pnbuf); ++#ifdef DIAGNOSTIC ++ cnp->cn_pnbuf = NULL; ++ cnp->cn_nameptr = NULL; ++#endif ++} ++ + int + namei(struct nameidata *ndp) + { +@@ -185,11 +195,7 @@ + } + #endif + if (error) { +- uma_zfree(namei_zone, cnp->cn_pnbuf); +-#ifdef DIAGNOSTIC +- cnp->cn_pnbuf = NULL; +- cnp->cn_nameptr = NULL; +-#endif ++ namei_cleanup_cnp(cnp); + ndp->ni_vp = NULL; + return (error); + } +@@ -256,11 +262,7 @@ + } + } + if (error) { +- uma_zfree(namei_zone, cnp->cn_pnbuf); +-#ifdef DIAGNOSTIC +- cnp->cn_pnbuf = NULL; +- cnp->cn_nameptr = NULL; +-#endif ++ namei_cleanup_cnp(cnp); + return (error); + } + } +@@ -286,6 +288,7 @@ + if (KTRPOINT(curthread, KTR_CAPFAIL)) + ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL); + #endif ++ namei_cleanup_cnp(cnp); + return (ENOTCAPABLE); + } + while (*(cnp->cn_nameptr) == '/') { +@@ -298,11 +301,7 @@ + ndp->ni_startdir = dp; + error = lookup(ndp); + if (error) { +- uma_zfree(namei_zone, cnp->cn_pnbuf); +-#ifdef DIAGNOSTIC +- cnp->cn_pnbuf = NULL; +- cnp->cn_nameptr = NULL; +-#endif ++ namei_cleanup_cnp(cnp); + SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0, + 0, 0); + return (error); +@@ -312,11 +311,7 @@ + */ + if ((cnp->cn_flags & ISSYMLINK) == 0) { + if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) { +- uma_zfree(namei_zone, cnp->cn_pnbuf); +-#ifdef DIAGNOSTIC +- cnp->cn_pnbuf = NULL; +- cnp->cn_nameptr = NULL; +-#endif ++ namei_cleanup_cnp(cnp); + } else + cnp->cn_flags |= HASBUF; + +@@ -378,11 +373,7 @@ + vput(ndp->ni_vp); + dp = ndp->ni_dvp; + } +- uma_zfree(namei_zone, cnp->cn_pnbuf); +-#ifdef DIAGNOSTIC +- cnp->cn_pnbuf = NULL; +- cnp->cn_nameptr = NULL; +-#endif ++ namei_cleanup_cnp(cnp); + vput(ndp->ni_vp); + ndp->ni_vp = NULL; + vrele(ndp->ni_dvp); Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl Thu Jan 7 20:59:31 2016 (r293366) @@ -0,0 +1,10217 @@ +Index: crypto/openssl/CHANGES +=================================================================== +--- crypto/openssl/CHANGES (revision 273303) ++++ crypto/openssl/CHANGES (working copy) +@@ -2,6 +2,57 @@ + OpenSSL CHANGES + _______________ + ++ Changes between 1.0.1i and 1.0.1j [15 Oct 2014] ++ ++ *) SRTP Memory Leak. ++ ++ A flaw in the DTLS SRTP extension parsing code allows an attacker, who ++ sends a carefully crafted handshake message, to cause OpenSSL to fail ++ to free up to 64k of memory causing a memory leak. This could be ++ exploited in a Denial Of Service attack. This issue affects OpenSSL ++ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of ++ whether SRTP is used or configured. Implementations of OpenSSL that ++ have been compiled with OPENSSL_NO_SRTP defined are not affected. ++ ++ The fix was developed by the OpenSSL team. ++ (CVE-2014-3513) ++ [OpenSSL team] ++ ++ *) Session Ticket Memory Leak. ++ ++ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the ++ integrity of that ticket is first verified. In the event of a session ++ ticket integrity check failing, OpenSSL will fail to free memory ++ causing a memory leak. By sending a large number of invalid session ++ tickets an attacker could exploit this issue in a Denial Of Service ++ attack. ++ (CVE-2014-3567) ++ [Steve Henson] ++ ++ *) Build option no-ssl3 is incomplete. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601072059.u07KxVbG041778>