Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Oct 2016 07:38:24 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r49477 - in head/share: security/advisories security/patches/SA-16:27 security/patches/SA-16:28 security/patches/SA-16:29 security/patches/SA-16:30 security/patches/SA-16:31 xml
Message-ID:  <201610100738.u9A7cOSU053277@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Mon Oct 10 07:38:23 2016
New Revision: 49477
URL: https://svnweb.freebsd.org/changeset/doc/49477

Log:
  Add SA-16:27-31.

Added:
  head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:28.bind.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc   (contents, props changed)
  head/share/security/patches/SA-16:27/
  head/share/security/patches/SA-16:27/openssl.patch   (contents, props changed)
  head/share/security/patches/SA-16:27/openssl.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:28/
  head/share/security/patches/SA-16:28/bind.patch   (contents, props changed)
  head/share/security/patches/SA-16:28/bind.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:29/
  head/share/security/patches/SA-16:29/bspatch.patch   (contents, props changed)
  head/share/security/patches/SA-16:29/bspatch.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:30/
  head/share/security/patches/SA-16:30/portsnap-10.patch   (contents, props changed)
  head/share/security/patches/SA-16:30/portsnap-10.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:30/portsnap-9.3.patch   (contents, props changed)
  head/share/security/patches/SA-16:30/portsnap-9.3.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:31/
  head/share/security/patches/SA-16:31/libarchive-10.1.patch   (contents, props changed)
  head/share/security/patches/SA-16:31/libarchive-10.1.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:31/libarchive-10.2.patch   (contents, props changed)
  head/share/security/patches/SA-16:31/libarchive-10.2.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:31/libarchive-10.3.patch   (contents, props changed)
  head/share/security/patches/SA-16:31/libarchive-10.3.patch.asc   (contents, props changed)
Modified:
  head/share/xml/advisories.xml

Added: head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:27.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Regression in OpenSSL suite
+
+Category:       contrib
+Module:         openssl
+Announced:      2016-10-10
+Credits:        OpenSSL Project
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-26 14:30:19 UTC (stable/11, 11.0-STABLE)
+                2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1)
+CVE Name:       CVE-2016-7052
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+The OpenSSL version included in FreeBSD 11.0-RELEASE is 1.0.2i.  The version
+has bug fix for CVE-2016-7052, which should have included CRL sanity check,
+but the check was omitted.
+
+III. Impact
+
+Any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer
+exception.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all daemons that use the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r306343
+releng/11.0/                                                      r306354
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://www.openssl.org/news/secadv/20160926.txt>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnEPYQAOewieypFMknEi5Q02IBVhcC
+Bs1sczFLXaSz+4c9lNRi+m6Q5TXbW0MM9ZhZDnoLOXZ9OZ7DsQ0OVJcmWPHCSTkT
+WAlZgiB5B2xtZpLUNi0XAVPyegh+YxWCKa5mq/e4gC7BL+QhtTQqIlzsNylBDcI0
+2Tp5fPfO3vIJlSwPpsUA2peYlm2c75/dusE0+bvWnqickWbEmFdCAd8rzTLrsm9R
+w5essD2o6BzFPA9j+3X/LNaMI6ZKKa4EkaXXB42KHruDfNTV8dmYL/LLxWs6aj1f
+Li++71GPh3aZZCA5SCo6NYdI25kg4xORZzqUmYzT856kdmpaemLd8oVT8/ojOCTX
+CoNtA9yVphhYgfSGLy2BIs0u7U3H16SVjZ1oC5MjTAY6kUsEDt6x2vlKOt5452yN
+3v2fHf9I8/ibgo4d4ovpGGzvrj/8EfodmDLhjYP5RcwZH4FW1jCUzXTflsYmPWMi
+8+COC+K19MNIXR0M8ajs2M8z2ILc3pOUZ1sdrNhU1jEIyYCl8EDMEU0Bc13XlUKS
+UE92RKfxIAMh+Zyu44++8UizfOorBVKhQVd+9NthMnfXW6xlnwujjbabam8k2E5V
+Za4sBQ57JvL9aKrsbmB/hhVnxXE6jYqtp7tagXK+wwULO1SarpRp7HENd50ggH5l
+yu2DM4rkIcwzTaJEdvyT
+=5rNc
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-16:28.bind.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:28.bind.asc	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:28.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND remote Denial of Service vulnerability
+
+Category:       contrib
+Module:         bind
+Announced:      2016-10-10
+Credits:        ISC
+Affects:        FreeBSD 9.x
+Corrected:      2016-09-28 06:11:01 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+CVE Name:       CVE-2016-2776
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II.  Problem Description
+
+Testing by ISC has uncovered a critical error condition which can occur when
+a nameserver is constructing a response.  A defect in the rendering of
+messages into packets can cause named to exit with an assertion failure in
+buffer.c while constructing a response to a query that meets certain
+criteria.
+
+This assertion can be triggered even if the apparent source address is not
+allowed to make queries (i.e. doesn't match 'allow-query'). [CVE-2016-2776]
+
+III. Impact
+
+A remote attacker who can send queries to a server running BIND can cause
+the server to crash, resulting in a Denial of Service condition.
+
+IV.  Workaround
+
+No workaround is available, but hosts not running named(8) are not
+vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The named service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The named service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named service, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306394
+releng/9.3/                                                       r306942
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://kb.isc.org/article/AA-01419>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnt/cQAJJ/P9/cNH4mB3Oq9kks1TJI
+thye1Bmd6BAS16UYj+S2POSkrwkTJLhg/Rtch/4O1TUJ7q86Dko/0nciF/4Qin/J
+LrNhX2TUUTpQygfWdzTqdk9EiHLKT46sNh1Two4Lb9gMuBulES9Fy40gj8y81ypv
+uys05i6DMAlY/EsmidTHFKUGGC9160XLS7wFWnlw9XglDHn2+pIDALHl77mmoXwR
+VKiCbGO6IybDV5bATh12eflCSb+IJRT0MMOwJAt3Nhzp//7t2tf+izazzfs43IH4
+HRkiDfkkxqAMus6h0Dm4xR91oe/oSzlEedKFM3ctHfQqyIi+AP0FKixf8pS72n7o
+M0W5vIbkMSuTsiOTzyQUJpQ3tExvWeZjhNZj9U5trs2YNdPCRaM3pETUdF6GZmNC
+tnPiTZFst3ARsy/4oJg8Eeo/cyrd/sfPm4fXCbXkakL7ml/Mu+/KEyq5qw43FIXn
+96/btRfHsPSpy74KRtLsqSM29eCK9puGhJIk1iBtuhuTvze/48Od7U5zWOjn8XiS
+o4oOyCtm3nQfB8VIzfypFAIUFFOqfHmsfP3s51J9tUXjxvORO3UWD3/R2wXLre2Y
+Z5+s7IUhesunZztGtaUFCqG28KCrzmSiIVXGRd/IsQCuTJ4DNiUFZofKYdI0B7fE
+hrSETFwDg/OYusZ5/96D
+=v9vM
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:29.bspatch                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Heap overflow vulnerability in bspatch
+
+Category:       core
+Module:         bsdiff
+Announced:      2016-10-10
+Affects:        All supported versions of FreeBSD.
+                2016-09-22 21:05:21 UTC (stable/11, 11.0-STABLE)
+                2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-09-22 21:16:54 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+                2016-09-23 01:52:06 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The bspatch utility generates newfile from oldfile and patchfile where
+patchfile is a binary patch built by bsdiff(1).
+
+II.  Problem Description
+
+The implementation of bspatch is susceptible to integer overflows with
+carefully crafted input, potentially allowing an attacker who can control
+the patch file to write at arbitrary locations in the heap. This issue
+was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible
+integer overflows remained.
+
+III. Impact
+
+An attacker who can control the patch file can cause a crash or run arbitrary
+code under the credentials of the user who runs bspatch, in many cases, root.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+Because this vulnerability exists in bspatch, a component used by
+freebsd-update, a special procedure must be followed to safely update.
+First, truncate bspatch to a zero byte file:
+
+# :> /usr/bin/bspatch
+
+FreeBSD-update will fall back to replacing bspatch, rather than applying
+a binary patch. Proceed with FreeBSD-update as usual:
+
+# freebsd-update fetch
+# freebsd-update install
+
+No reboot is needed.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch.asc
+# gpg --verify bspatch.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306222
+releng/9.3/                                                       r306942
+stable/10/                                                        r306215
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306213
+releng/11.0/                                                      r306379
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:29.bspatch.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OmAAoJEO1n7NZdz2rnMHQQALyzQ6rIFLMV+qfIKr/dxUmv
+frrY3rE8GbHNI6UYnlB7T97SZBVG2lOGpUO7sGNzsqAol+aBEn44mX88ijCQk+mc
+pIHcbwACkAG6u5c6nyelHAa3ZLc8PkPbNaryjfc9Y0vZxGFKI5ETpdN1nFxUBKRA
+eGt4h4GW3ZxHTkc3DDogDM6kBds3DYAnQjnqvkH6QesM/cMIdnU2NMjIrYDdtcsJ
+Mp92PqRl8/qCZxcpfoHSl3S190Dmu9KNjEwXdk8gvtr7aTe/OG9fcIOAwIJHMi/n
+E3tojTrSGLl0v9yuznG8rU0Hr6VyFNRv9i5QhPEQF4ZQ0HT2/naV0v/THMB1JdeR
+8rszvO8HIdYkKEYPEp4RZ+QWJX36xK0ZOA0BSF3+OW6VYMIEB+iMvK1xAlGWmyJq
+D6f5AQuw559o4MNZ9gh1tXl+PXjYHvwSOrHb1EZ7mDZ3zVarn8TwUjxaE2ILIhjW
+wS+wqbxZt1eENfKbhLHxSavIE+Bi59ab/iymmOFtFdgDDDpQhzx13MUFM17v270g
+1OCXnx7HLMIr5ibndJBQbjPmZT0InMM9856Hij8UhcFjyFpytCJie7sVcDFG9nNp
+z3VXrSIdEIA5MwaD6MYGW8nUfBwQnD/rSh6t2Tt4qz24FPk9K9pbzpb8CDIOImiF
+GnLZXJQlgmJ55XOa0EgR
+=uRNW
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:30.portsnap                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple portsnap vulnerabilities
+
+Category:       core
+Module:         portsnap
+Announced:      2016-10-10
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-28 21:33:35 UTC (stable/11, 11.0-STABLE)
+                2016-09-28 22:04:07 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-10-05 00:33:06 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+                2016-10-05 01:01:10 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The portsnap utility is used to fetch and update compressed snapshots of
+the FreeBSD ports tree. Portsnap fetches snapshots and updates over http,
+and then cryptographically verifies the downloaded files.
+
+II.  Problem Description
+
+Flaws in portsnap's verification of downloaded tar files allows additional
+files to be included without causing the verification to fail. Portsnap may
+then use or execute these files.
+
+III. Impact
+
+An attacker who can conduct man in the middle attack on the network at the
+time when portsnap is run can cause portsnap to execute arbitrary commands
+under the credentials of the user who runs portsnap, typically root.
+
+IV.  Workaround
+
+The ports tree may be obtained by methods other than portsnap, as
+described in the FreeBSD handbook.
+
+V.   Solution
+
+portsnap has been modified to explicitly validate compressed files within
+the tar file by full name, rather than relying on gunzip's filename search
+logic. portsnap now verifies that snapshots contain only the expected files.
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+This advisory is released concurrently with FreeBSD-SA-16:29.bspatch
+which contains special instructions for using freebsd-update. Following
+the instructions in that advisory will safely apply updates for
+FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and
+FreeBSD-SA-16:31.libarchive.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.x]
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch.asc
+# gpg --verify portsnap-10.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch.asc
+# gpg --verify portsnap-9.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306701
+releng/9.3/                                                       r306942
+stable/10/                                                        r306697
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306418
+releng/11.0/                                                      r306419
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:30.portsnap.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OqAAoJEO1n7NZdz2rns54P/3N6V4ZGWZ8jXDSw7KPRhF16
+gUs2AQx+rL+o5rOVsMZ6DulVtFP+AzUvEsLIJeARdaOJar9St1cQVTZHa+8CtWr5
+aCSgx5r39srcvvMuQ34z0yss7eEkHRubzkIzrjHcD6MweFg4tAIufXHgxmhNVuKp
+QOQCwUbWIp8MssNbd/nYr1fpNoEvhkuzEv+EsvU+gTXeYNbHDS8zN/XC1a4167Q9
+flFCqVn45ZpYR+2ifeLv0s+Rj4MQdnaCUYPpt1JoY5pIr/1GbNuywam9YgUQJZ7o
+gbY+S9Un0aByEOmPgD2e6qb8qhQFtaJgAbhB51dsI/qpZUljQKERmV1vd78drqWB
+1gss/MFe5oyxZ5IbmHLBabIcKvvtH72gSaD8Zp973TbD72usjC/ZfdkukNBlWkbm
+M4PFTK+VQA1y5c8R2RduVoz3ioaBtRisxqqGOi0i3AUgiWx6IeP9jkIana28dGtJ
+Mkm4ZiWBj12lT5B+gafpy7+bLkbYl2sEFYIt+YUlJ1GqAumyDnnmYt5rDhZwMLFo
+7ywCpCwtoBc49sCV7szV4MdFw0Zmo8tT0uiWBehferN1SHygKVNGnXIj+NotRXx0
+mp0j7pgK4AcML2y7pJLEUwyWUKE5tBkPKmHg+4ELhqPb0mjm+A+KHX/8vXxlPpRJ
+2yVhfIubEhECQJeJKAqm
+=y+kG
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:31.libarchive                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple libarchive vulnerabilities
+
+Category:       core
+Module:         portsnap
+Announced:      2016-10-05
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-25 22:02:27 UTC (stable/11, 11.0-STABLE)
+                2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-09-25 22:04:02 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The libarchive(3) library provides a flexible interface for reading and
+writing streaming archive files such as tar(1) and cpio(1), and has been the
+basis for the FreeBSD implementation of the tar(1) and cpio(1) utilities
+since FreeBSD 5.3.
+
+II.  Problem Description
+
+Flaws in libarchive's handling of symlinks and hard links allow overwriting
+files outside the extraction directory, or permission changes to a directory
+outside the extraction directory.
+
+III. Impact
+
+An attacker who can control freebsd-update's or portsnap's input to tar can
+change file content or permisssions on files outside of the update tool's
+working sandbox.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+This advisory is released concurrently with FreeBSD-SA-16:29.bspatch
+which contains special instructions for using freebsd-update. Following
+the instructions in that advisory will safely apply updates for
+FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and
+FreeBSD-SA-16:31.libarchive.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc
+# gpg --verify libarchive.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r306322
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306321
+releng/11.0/                                                      r306379
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>;
+<URL:https://github.com/libarchive/libarchive/issues/743>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:31.libarchive.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OrAAoJEO1n7NZdz2rnkaAP/i5Njok8Lg3ogwRGVo/HVQfA
+AzRz2oQ5oAuwZhmpkQ3CzHArRsaTGuKK5C1SNJpmEDuq5XM2u5Td2ph/R5ry0fwF
+7B58Ci+o7ngRWtJ/N8dYk3cXfg0sjPZKDO1otIyfh8HF3UAq5uB3/w/8UFOpqcxQ
+guMKahd/r9PnfrD8GtS+t/2V+KHInNH0J4YD/+hoqcdZPzMKtlE5D5OjqOov9rVn
+myQwAuN+w2buPj2gXSuubq5wTNFOvj8u06mVpRj+0X0VoybdN5cohuqSx7s4vlw+
+/qV7gT2993aijXp43dGGSUeuGl1ZbrKp233vntkIYrsjJzaw56YMHL3ushopGGhj
+OfC/ilXmsUjrlHgCrWpMiTuN7cdWDXrpMnaf4c99yMxdYUuRtbbnVthdOpZB8iOt
+7xeVnvHiYTYbQu+4xy4SPOWqPLOnrbwVqIocXU1QjWJice5A3EU/mSAd2IpX04a2
+prdlaGxBNZlziLgzsZoiER+5u0S3owbx7y2SVhMEslHyrRQ92X7SZjfu4NrvlX5k
+Dw6xjpHD51pshj4GXTPuznbCyd8246u1fRnH3fnlNLhz5/XhrYbG+OVQ9WDbnX2C
+6SzS/oOcjA9qcq1+Ghmz6G7S2MuWZ0XcKfzV0ygX2RZEhU1p0rZfsF/2cGrKIGY1
+JguXI1tZdrjfSZisAI+l
+=vqSJ
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-16:27/openssl.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-16:27/openssl.patch	Mon Oct 10 07:38:23 2016	(r49477)
@@ -0,0 +1,4151 @@
+--- crypto/openssl/crypto/engine/eng_cryptodev.c.orig
++++ crypto/openssl/crypto/engine/eng_cryptodev.c
+@@ -939,7 +939,7 @@
+     if (fstate->mac_len != 0) {
+         if (fstate->mac_data != NULL) {
+             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+-            if (dstate->ac_data == NULL) {
++            if (dstate->mac_data == NULL) {
+                 printf("cryptodev_digest_init: malloc failed\n");
+                 return 0;
+             }
+--- crypto/openssl/crypto/x509/x509_vfy.c.orig
++++ crypto/openssl/crypto/x509/x509_vfy.c
+@@ -1124,10 +1124,10 @@
+         crl = sk_X509_CRL_value(crls, i);
+         reasons = *preasons;
+         crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+-        if (crl_score < best_score)
++        if (crl_score < best_score || crl_score == 0)
+             continue;
+         /* If current CRL is equivalent use it if it is newer */
+-        if (crl_score == best_score) {
++        if (crl_score == best_score && best_crl != NULL) {
+             int day, sec;
+             if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
+                                X509_CRL_get_lastUpdate(crl)) == 0)
+--- crypto/openssl/crypto/opensslv.h.orig
++++ crypto/openssl/crypto/opensslv.h
+@@ -30,11 +30,11 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-# define OPENSSL_VERSION_NUMBER  0x1000209fL
++# define OPENSSL_VERSION_NUMBER  0x100020afL
+ # ifdef OPENSSL_FIPS
+-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-fips  22 Sep 2016"
++#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-fips  26 Sep 2016"
+ # else
+-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-freebsd  22 Sep 2016"
++#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-freebsd  26 Sep 2016"
+ # endif
+ # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+ 
+--- crypto/openssl/ssl/t1_ext.c.orig
++++ crypto/openssl/ssl/t1_ext.c
+@@ -275,7 +275,9 @@
+     case TLSEXT_TYPE_ec_point_formats:
+     case TLSEXT_TYPE_elliptic_curves:
+     case TLSEXT_TYPE_heartbeat:
++# ifndef OPENSSL_NO_NEXTPROTONEG
+     case TLSEXT_TYPE_next_proto_neg:
++# endif
+     case TLSEXT_TYPE_padding:
+     case TLSEXT_TYPE_renegotiate:
+     case TLSEXT_TYPE_server_name:
+--- crypto/openssl/CHANGES.orig
++++ crypto/openssl/CHANGES
+@@ -2,6 +2,18 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
++
++  *) Missing CRL sanity check
++
++     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
++     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
++     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
++
++     This issue only affects the OpenSSL 1.0.2i
++     (CVE-2016-7052)
++     [Matt Caswell]
++
+  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
+ 
+   *) OCSP Status Request extension unbounded memory growth
+--- crypto/openssl/Makefile.orig
++++ crypto/openssl/Makefile
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+ 
+-VERSION=1.0.2i
++VERSION=1.0.2j
+ MAJOR=1
+ MINOR=0.2
+ SHLIB_VERSION_NUMBER=1.0.0
+--- crypto/openssl/NEWS.orig
++++ crypto/openssl/NEWS
+@@ -5,6 +5,10 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
++
++      o Fix Use After Free for large message sizes (CVE-2016-6309)
++
+   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
+ 
+       o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+--- crypto/openssl/README.orig
++++ crypto/openssl/README
+@@ -1,5 +1,5 @@
+ 
+- OpenSSL 1.0.2i 22 Sep 2016
++ OpenSSL 1.0.2j 26 Sep 2016
+ 
+  Copyright (c) 1998-2015 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+--- secure/lib/libcrypto/man/ASN1_OBJECT_new.3.orig
++++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_OBJECT_new 3"
+-.TH ASN1_OBJECT_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_OBJECT_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_length.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_length.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_length 3"
+-.TH ASN1_STRING_length 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_length 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_new.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_new 3"
+-.TH ASN1_STRING_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_print_ex 3"
+-.TH ASN1_STRING_print_ex 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_print_ex 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_TIME_set.3.orig
++++ secure/lib/libcrypto/man/ASN1_TIME_set.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_TIME_set 3"
+-.TH ASN1_TIME_set 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_TIME_set 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_generate_nconf.3.orig
++++ secure/lib/libcrypto/man/ASN1_generate_nconf.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_generate_nconf 3"
+-.TH ASN1_generate_nconf 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_generate_nconf 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_ctrl.3.orig
++++ secure/lib/libcrypto/man/BIO_ctrl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_ctrl 3"
+-.TH BIO_ctrl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_ctrl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_base64.3.orig
++++ secure/lib/libcrypto/man/BIO_f_base64.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_base64 3"
+-.TH BIO_f_base64 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_base64 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_buffer.3.orig
++++ secure/lib/libcrypto/man/BIO_f_buffer.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_buffer 3"
+-.TH BIO_f_buffer 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_buffer 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_cipher.3.orig
++++ secure/lib/libcrypto/man/BIO_f_cipher.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_cipher 3"
+-.TH BIO_f_cipher 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_cipher 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_md.3.orig
++++ secure/lib/libcrypto/man/BIO_f_md.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_md 3"
+-.TH BIO_f_md 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_md 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_null.3.orig
++++ secure/lib/libcrypto/man/BIO_f_null.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_null 3"
+-.TH BIO_f_null 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_null 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_ssl.3.orig
++++ secure/lib/libcrypto/man/BIO_f_ssl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_ssl 3"
+-.TH BIO_f_ssl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_ssl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_find_type.3.orig
++++ secure/lib/libcrypto/man/BIO_find_type.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_find_type 3"
+-.TH BIO_find_type 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_find_type 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_new.3.orig
++++ secure/lib/libcrypto/man/BIO_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_new 3"
+-.TH BIO_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_new_CMS.3.orig
++++ secure/lib/libcrypto/man/BIO_new_CMS.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_new_CMS 3"
+-.TH BIO_new_CMS 3 "2016-09-22" "1.0.2i" "OpenSSL"

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610100738.u9A7cOSU053277>