From owner-svn-src-user@FreeBSD.ORG Tue Dec 30 20:10:41 2014 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C6F36B97; Tue, 30 Dec 2014 20:10:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B02301C04; Tue, 30 Dec 2014 20:10:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBUKAfG1030267; Tue, 30 Dec 2014 20:10:41 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBUKAcl6030247; Tue, 30 Dec 2014 20:10:38 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201412302010.sBUKAcl6030247@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 30 Dec 2014 20:10:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r276418 - in user/cperciva/freebsd-update-build/patches: 10.0-RELEASE 10.1-RELEASE 8.4-RELEASE 9.1-RELEASE 9.2-RELEASE 9.3-RELEASE X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Dec 2014 20:10:41 -0000 Author: delphij Date: Tue Dec 30 20:10:37 2014 New Revision: 276418 URL: https://svnweb.freebsd.org/changeset/base/276418 Log: Add patchset for previous batch. Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-SA-14:31.ntp user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-SA-14:31.ntp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-SA-14:31.ntp user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-SA-14:31.ntp user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-SA-14:31.ntp user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-EN-14:13.freebsd-update user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-SA-14:31.ntp Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/15-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/3-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/8.4-RELEASE/21-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.1-RELEASE/24-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.2-RELEASE/17-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", Added: user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-EN-14:13.freebsd-update ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-EN-14:13.freebsd-update Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,12 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh.orig ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1395,6 +1395,7 @@ + # matter, since we add a leading "/" when we use paths later. + cut -f 3- -d '|' $1 | + sed -e 's,/|d|,|d|,' | ++ sed -e 's,/|-|,|-|,' | + sort -u > $1.tmp + + # Figure out which lines to ignore and remove them. Added: user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-SA-14:31.ntp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/9.3-RELEASE/7-SA-14:31.ntp Tue Dec 30 20:10:37 2014 (r276418) @@ -0,0 +1,145 @@ +Index: contrib/ntp/ntpd/ntp_config.c +=================================================================== +--- contrib/ntp/ntpd/ntp_config.c.orig ++++ contrib/ntp/ntpd/ntp_config.c +@@ -1887,7 +1887,7 @@ + + for (i = 0; i < 8; i++) + for (j = 1; j < 100; ++j) { +- rankey[i] = (char) (ntp_random() & 0xff); ++ rankey[i] = (char) (arc4random() & 0xff); + if (rankey[i] != 0) break; + } + rankey[8] = 0; +Index: contrib/ntp/ntpd/ntp_control.c +=================================================================== +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -24,6 +24,10 @@ + #include + #include + ++#ifndef MIN ++#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) ++#endif ++ + /* + * Structure to hold request procedure information + */ +@@ -893,6 +897,7 @@ + ) + { + int overhead; ++ unsigned int currentlen; + + overhead = 0; + if (!bin) { +@@ -916,12 +921,22 @@ + /* + * Save room for trailing junk + */ +- if (dlen + overhead + datapt > dataend) { ++ while (dlen + overhead + datapt > dataend) { + /* + * Not enough room in this one, flush it out. + */ ++ currentlen = MIN(dlen, dataend - datapt); ++ ++ memcpy(datapt, dp, currentlen); ++ ++ datapt += currentlen; ++ dp += currentlen; ++ dlen -= currentlen; ++ datalinelen += currentlen; ++ + ctl_flushpkt(CTL_MORE); + } ++ + memmove((char *)datapt, dp, (unsigned)dlen); + datapt += dlen; + datalinelen += dlen; +Index: contrib/ntp/ntpd/ntp_crypto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -864,12 +864,24 @@ + * errors. + */ + if (vallen == (u_int) EVP_PKEY_size(host_pkey)) { +- RSA_private_decrypt(vallen, ++ u_int32 *cookiebuf = malloc( ++ RSA_size(host_pkey->pkey.rsa)); ++ if (cookiebuf == NULL) { ++ rval = XEVNT_CKY; ++ break; ++ } ++ if (RSA_private_decrypt(vallen, + (u_char *)ep->pkt, +- (u_char *)&temp32, ++ (u_char *)cookiebuf, + host_pkey->pkey.rsa, +- RSA_PKCS1_OAEP_PADDING); +- cookie = ntohl(temp32); ++ RSA_PKCS1_OAEP_PADDING) != 4) { ++ rval = XEVNT_CKY; ++ free(cookiebuf); ++ break; ++ } else { ++ cookie = ntohl(*cookiebuf); ++ free(cookiebuf); ++ } + } else { + rval = XEVNT_CKY; + break; +@@ -3914,7 +3926,7 @@ + rand_file); + exit (-1); + } +- get_systime(&seed); ++ arc4random_buf(&seed, sizeof(l_fp)); + RAND_seed(&seed, sizeof(l_fp)); + RAND_write_file(rand_file); + OpenSSL_add_all_algorithms(); +Index: contrib/ntp/ntpd/ntp_proto.c +=================================================================== +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -649,6 +649,7 @@ + has_mac)) { + is_authentic = AUTH_ERROR; + sys_badauth++; ++ return; + } else { + is_authentic = AUTH_OK; + } +Index: contrib/ntp/util/ntp-keygen.c +=================================================================== +--- contrib/ntp/util/ntp-keygen.c.orig ++++ contrib/ntp/util/ntp-keygen.c +@@ -642,7 +642,7 @@ + for (i = 1; i <= MD5KEYS; i++) { + for (j = 0; j < 16; j++) { + while (1) { +- temp = ntp_random() & 0xff; ++ temp = arc4random() & 0xff; + if (temp == '#') + continue; + if (temp > 0x20 && temp < 0x7f) +@@ -675,7 +675,7 @@ + FILE *str; + + fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "RSA"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "RSA"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n", +@@ -954,7 +954,7 @@ + */ + fprintf(stderr, + "Generating GQ parameters (%d bits)...\n", modulus); +- rsa = RSA_generate_key(modulus, 3, cb, "GQ"); ++ rsa = RSA_generate_key(modulus, 65537, cb, "GQ"); + fprintf(stderr, "\n"); + if (rsa == NULL) { + fprintf(stderr, "RSA generate keys fails\n%s\n",