svn commit: r264622 - in user/cperciva/freebsd-update-build/patches: 10.0-RELEASE 5.5-RELEASE 6.0-RELEASE 6.1-RELEASE 6.2-RELEASE 6.3-RELEASE 6.4-RELEASE 7.0-RELEASE 7.1-RELEASE 7.2-RELEASE 7.3-REL...
Xin LI
delphij at FreeBSD.org
Thu Apr 17 19:31:11 UTC 2014
Author: delphij
Date: Thu Apr 17 19:31:09 2014
New Revision: 264622
URL: http://svnweb.freebsd.org/changeset/base/264622
Log:
Catch up with update server.
Added:
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/14-SA-07:05.libarchive
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:01.jail-correction
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:06.tcpdump
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/15-SA-07:07.bind
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/16-SA-07:08.openssl
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/17-SA-07:09.random
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/17-SA-07:10.gtar
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/18-SA-08:01.pty
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/19-SA-08:03.sendfile
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/19-SA-08:04.ipsec
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/2-SA-06:17.sendmail
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/20-SA-08:05.openssh
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/3-SA-06:18.ppp
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/4-SA-06:19.openssl
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/4-SA-06:20.bind
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/5-SA-06:21.gzip
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/6-SA-06:23.openssl
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/7-SA-06:23.openssl-correction
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/8-SA-06:22.openssh
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/9-SA-06:25.kmem
user/cperciva/freebsd-update-build/patches/5.5-RELEASE/9-SA-06:26.gtar
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/1-EN-05:04.nfs
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/10-SA-06:18.ppp
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/11-SA-06:19.openssl
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/11-SA-06:20.bind
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/12-SA-06:21.gzip
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/13-SA-06:23.openssl
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/14-SA-06:23.openssl-correction
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/15-SA-06:22.openssh
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/16-SA-06:25.kmem
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/17-SA-07:01.jail
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/18-EN-07:01.nfs
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:01.texindex
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:02.ee
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:03.cpio
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/2-SA-06:04.ipfw
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/3-SA-06:05.80211
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/4-SA-06:06.kmem
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/4-SA-06:07.pf
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/5-SA-06:10.nfs
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:11.ipsec
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:12.opie
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/6-SA-06:13.sendmail
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/7-SA-06:14.fpu
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/8-SA-06:15.ypserv
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/8-SA-06:16.smbfs
user/cperciva/freebsd-update-build/patches/6.0-RELEASE/9-SA-06:17.sendmail
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/1-SA-06:15.ypserv
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/1-SA-06:16.smbfs
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/10-SA-06:22.openssh
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/11-SA-06:25.kmem
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/12-SA-07:01.jail
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/13-SA-07:02.bind
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/14-EN-07:01.nfs
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/15-EN-07:04.zoneinfo
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/16-SA-07:03.ipv6
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/17-SA-07:04.file
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/18-SA-07:05.libarchive
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/19-SA-07:06.tcpdump
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/19-SA-07:07.bind
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/2-SA-06:17.sendmail
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/20-SA-07:08.openssl
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/21-SA-07:09.random
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/22-SA-08:01.pty
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/23-SA-08:03.sendfile
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/24-SA-08:05.openssh
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/3-EN-06:01.jail
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/4-SA-06:18.ppp
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/5-EN-06:02.net
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/6-SA-06:19.openssl
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/6-SA-06:20.bind
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/7-SA-06:21.gzip
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/8-SA-06:23.openssl
user/cperciva/freebsd-update-build/patches/6.1-RELEASE/9-SA-06:23.openssl-correction
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/1-SA-07:02.bind
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/10-SA-08:01.pty
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/10-SA-08:02.libc
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/11-SA-08:03.sendfile
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/12-SA-08:05.openssh
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/2-EN-07:02.net
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/2-EN-07:03.jail
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/3-EN-07:05.freebsd-update
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/4-SA-07:03.ipv6
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/5-SA-07:04.file
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/6-SA-07:05.libarchive
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/7-SA-07:06.tcpdump
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/7-SA-07:07.bind
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/8-SA-07:08.openssl
user/cperciva/freebsd-update-build/patches/6.2-RELEASE/9-SA-07:09.random
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/1-SA-08:03.sendfile
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/10-SA-09:07.libc
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/10-SA-09:08.openssl
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:09.pipe
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:10.ipv6
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/11-SA-09:11.ntpd
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/12-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-EN-09:05.null
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-SA-09:13.pipe
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/13-SA-09:14.devfs
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/14-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/14-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/15-SA-10:01.bind
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/15-SA-10:02.ntpd
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/2-EN-08:01.libpthread
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/2-SA-08:05.openssh
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/3-SA-08:06.bind
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/4-SA-08:07.amd64
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/4-SA-08:09.icmp6
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/5-SA-08:10.nd6
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/6-SA-08:11.arc4random
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/7-SA-08:12.ftpd
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/7-SA-08:13.protosw
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/8-09:01.lukemftpd
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/8-09:02.openssl
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/9-09:03.ntpd
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/9-09:04.bind
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/1-SA-08:12.ftpd
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/1-SA-08:13.protosw
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/10-SA-10:05.opie
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/11-SA-10:08.bzip2
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/2-09:01.lukemftpd
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/2-09:02.openssl
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/3-09:03.ntpd
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/3-09:04.bind
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/4-SA-09:07.libc
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/4-SA-09:08.openssl
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:09.pipe
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:10.ipv6
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/5-SA-09:11.ntpd
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/6-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-EN-09:05.null
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-SA-09:13.pipe
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/7-SA-09:14.devfs
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/8-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/8-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/9-SA-10:01.bind
user/cperciva/freebsd-update-build/patches/6.4-RELEASE/9-SA-10:02.ntpd
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/1-SA-08:05.openssh
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/10-SA-09:05.telnetd
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/11-EN-09:01.kenv
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/11-SA-09:06.ktimer
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/12-SA-09:07.libc
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/12-SA-09:08.openssl
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/2-EN-08:02.tcp
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/3-SA-08:03.bind
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:07.amd64
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:08.nmount
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:09.icmp6
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/5-SA-08:10.nd6
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/6-SA-08:11.arc4random
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/7-SA-08:12.ftpd
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/7-SA-08:13.protosw
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/8-09:01.lukemftpd
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/8-09:02.openssl
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/9-09:03.ntpd
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/9-09:04.bind
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/1-09:01.lukemftpd
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/1-09:02.openssl
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:01.bind
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:02.ntpd
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/10-SA-10:03.zfs
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/11-EN-10:02.sched_ule
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/12-SA-10:05.opie
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/13-SA-10:07.mbuf
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/14-SA-10:08.bzip2
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/15-SA-10:09.pseudofs
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/16-SA-10:10.openssl
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/2-09:03.ntpd
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/2-09:04.bind
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/3-SA-09:05.telnetd
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/4-EN-09:01.kenv
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/4-SA-09:06.ktimer
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/5-SA-09:07.libc
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/5-SA-09:08.openssl
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:09.pipe
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:10.ipv6
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/6-SA-09:11.ntpd
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/7-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/8-EN-09:05.null
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/8-SA-09:14.devfs
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:16.rtld
user/cperciva/freebsd-update-build/patches/7.1-RELEASE/9-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:09.pipe
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:10.ipv6
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/1-SA-09:11.ntpd
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:02.bce
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:03.fxp
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/2-EN-09:04.fork
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/3-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/4-EN-09:05.null
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/4-SA-09:14.devfs
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:16.rtld
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/5-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:01.bind
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:02.ntpd
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/6-SA-10:03.zfs
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/7-EN-10:02.sched_ule
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/8-SA-10:05.opie
user/cperciva/freebsd-update-build/patches/7.2-RELEASE/8-SA-10:06.nfsclient
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/1-SA-10:05.opie
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/1-SA-10:06.nfsclient
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/10-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/2-SA-10:07.mbuf
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/3-SA-10:08.bzip2
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/4-SA-10:10.openssl
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/5-SA-11:01.mountd
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/6-SA-11:02.bind
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/7-SA-11:04.compress
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/7-SA-11:05.unix
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/8-SA-11:05.unix-fix
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:06.bind
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/7.3-RELEASE/9-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/1-SA-11:01.mountd
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/10-SA-12:05.bind
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/11-SA-12:06.bind
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/11-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/12-SA-13:02.libc
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/2-SA-11:02.bind
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/3-SA-11:04.compress
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/3-SA-11:05.unix
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/4-SA-11:05.unix-fix
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:06.bind
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/5-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/6-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/7-SA-12:01.openssl
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/8-SA-12:01.openssl-fix
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/8-SA-12:02.crypt
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/9-SA-12:03.bind
user/cperciva/freebsd-update-build/patches/7.4-RELEASE/9-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:16.rtld
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/1-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-mcinit
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-multicast
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-nfsreconnect
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-rename
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-sctp
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-zfsmac
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-EN-10:01.freebsd-zfsvaccess
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:01.bind
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:02.ntpd
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/2-SA-10:03.zfs
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:04.jail
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:05.opie
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/3-SA-10:06.nfsclient
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/4-SA-10:07.mbuf
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/5-SA-10:08.bzip2
user/cperciva/freebsd-update-build/patches/8.0-RELEASE/6-SA-10:10.openssl
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/1-SA-10:08.bzip2
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/10-SA-12:01.openssl-fix
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/10-SA-12:02.crypt
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-EN-12:02.ipv6refcount
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-SA-12:03.bind
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/11-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/13-SA-12:05.bind
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/2-SA-10:10.openssl
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/3-SA-11:01.mountd
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/4-SA-11:02.bind
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/5-SA-11:04.compress
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/5-SA-11:05.unix
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/6-SA-11:05.unix-fix
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:06.bind
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/7-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/8-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/9-SA-12:01.openssl
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/1-SA-11:01.mountd
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/10-SA-12:05.bind
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/2-SA-11:02.bind
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/3-SA-11:04.compress
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/3-SA-11:05.unix
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/4-SA-11:05.unix-fix
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:06.bind
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/5-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/6-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/7-SA-12:01.openssl
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/8-SA-12:01.openssl-fix
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/8-SA-12:02.crypt
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-EN-12:02.ipv6refcount
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-SA-12:03.bind
user/cperciva/freebsd-update-build/patches/8.2-RELEASE/9-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/1-SA-12:01.openssl
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/10-SA-13:09.ip_multicast
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/10-SA-13:10.sctp
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/11-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/11-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/12-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/13-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-EN-14:01.random
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/14-SA-14:04.bind
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/15-SA-14:05.nfsserver
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/15-SA-14:06.openssl
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/2-SA-12:01.openssl-fix
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/2-SA-12:02.crypt
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-EN-12:02.ipv6refcount
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-SA-12:03.bind
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/3-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/4-SA-12:05.bind
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:06.bind
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:07.hostapd
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/5-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/6-SA-13:02.libc
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/7-SA-13:03.openssl
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/8-SA-13:05.nfsserver
user/cperciva/freebsd-update-build/patches/8.3-RELEASE/9-SA-13:08.nfsserver
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/1-EN-13:01.fxp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/1-EN-13:02.vtnet
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/2-SA-13:07.bind
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/3-SA-13:09.ip_multicast
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/3-SA-13:10.sctp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/4-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/4-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/5-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/6-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-EN-14:01.random
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/7-SA-14:04.bind
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/8-SA-14:05.nfsserver
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/8-SA-14:06.openssl
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/1-SA-12:01.openssl
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/2-SA-12:01.openssl-fix
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/2-SA-12:02.crypt
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-EN-12:02.ipv6refcount
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-SA-12:03.bind
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/3-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/4-SA-12:05.bind
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:06.bind
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:07.hostapd
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/5-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/6-SA-13:01.bind
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/6-SA-13:02.libc
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/7-SA-13:03.openssl
user/cperciva/freebsd-update-build/patches/9.0-RELEASE/7-SA-13:04.bind
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/1-SA-13:01.bind
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/1-SA-13:02.libc
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-EN-14:01.random
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/10-SA-14:04.bind
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/11-SA-14:05.nfsserver
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/11-SA-14:06.openssl
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/2-SA-13:03.openssl
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/2-SA-13:04.bind
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/3-SA-13:05.nfsserver
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/4-SA-13:06.mmap
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/5-SA-13:07.bind
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/5-SA-13:08.nfsserver
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-EN-13:03.mfi
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-SA-13:09.ip_multicast
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/6-SA-13:10.sctp
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/7-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/7-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/8-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/9.1-RELEASE/9-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/1-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/2-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-EN-14:01.random
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/3-SA-14:04.bind
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/4-SA-14:05.nfsserver
user/cperciva/freebsd-update-build/patches/9.2-RELEASE/4-SA-14:06.openssl
Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:05.nfsserver Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,70 @@
+Index: sys/fs/nfsserver/nfs_nfsdserv.c
+===================================================================
+--- sys/fs/nfsserver/nfs_nfsdserv.c (revision 264251)
++++ sys/fs/nfsserver/nfs_nfsdserv.c (working copy)
+@@ -1457,10 +1457,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ nfsvno_relpathbuf(&fromnd);
+ goto out;
+ }
++ /*
++ * Unlock dp in this code section, so it is unlocked before
++ * tdp gets locked. This avoids a potential LOR if tdp is the
++ * parent directory of dp.
++ */
+ if (nd->nd_flag & ND_NFSV4) {
+ tdp = todp;
+ tnes = *toexp;
+- tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0);
++ if (dp != tdp) {
++ NFSVOPUNLOCK(dp, 0);
++ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++ p, 0); /* Might lock tdp. */
++ } else {
++ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++ p, 1);
++ NFSVOPUNLOCK(dp, 0);
++ }
+ } else {
+ tfh.nfsrvfh_len = 0;
+ error = nfsrv_mtofh(nd, &tfh);
+@@ -1481,10 +1494,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ tnes = *exp;
+ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
+ p, 1);
++ NFSVOPUNLOCK(dp, 0);
+ } else {
++ NFSVOPUNLOCK(dp, 0);
+ nd->nd_cred->cr_uid = nd->nd_saveduid;
+ nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL,
+- 0, p);
++ 0, p); /* Locks tdp. */
+ if (tdp) {
+ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor,
+ nd->nd_cred, p, 1);
+@@ -1499,7 +1514,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ if (error) {
+ if (tdp)
+ vrele(tdp);
+- vput(dp);
++ vrele(dp);
+ nfsvno_relpathbuf(&fromnd);
+ nfsvno_relpathbuf(&tond);
+ goto out;
+@@ -1514,7 +1529,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ }
+ if (tdp)
+ vrele(tdp);
+- vput(dp);
++ vrele(dp);
+ nfsvno_relpathbuf(&fromnd);
+ nfsvno_relpathbuf(&tond);
+ goto out;
+@@ -1523,7 +1538,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, int isdgr
+ /*
+ * Done parsing, now down to business.
+ */
+- nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp);
++ nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp);
+ if (nd->nd_repstat) {
+ if (nd->nd_flag & ND_NFSV3) {
+ nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret,
Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/1-SA-14:06.openssl Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,241 @@
+Index: crypto/openssl/crypto/bn/bn.h
+===================================================================
+--- crypto/openssl/crypto/bn/bn.h (revision 264251)
++++ crypto/openssl/crypto/bn/bn.h (working copy)
+@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+
++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
++
+ /* Deprecated versions */
+ #ifndef OPENSSL_NO_DEPRECATED
+ BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
+
+ #define bn_fix_top(a) bn_check_top(a)
+
++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
++#define bn_wcheck_size(bn, words) \
++ do { \
++ const BIGNUM *_bnum2 = (bn); \
++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
++ } while(0)
++
+ #else /* !BN_DEBUG */
+
+ #define bn_pollute(a)
+ #define bn_check_top(a)
+ #define bn_fix_top(a) bn_correct_top(a)
++#define bn_check_size(bn, bits)
++#define bn_wcheck_size(bn, words)
+
+ #endif
+
+Index: crypto/openssl/crypto/bn/bn_lib.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_lib.c (revision 264251)
++++ crypto/openssl/crypto/bn/bn_lib.c (working copy)
+@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_
+ }
+ return bn_cmp_words(a,b,cl);
+ }
++
++/*
++ * Constant-time conditional swap of a and b.
++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
++ * and that no more than nwords are used by either a or b.
++ * a and b cannot be the same number
++ */
++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
++ {
++ BN_ULONG t;
++ int i;
++
++ bn_wcheck_size(a, nwords);
++ bn_wcheck_size(b, nwords);
++
++ assert(a != b);
++ assert((condition & (condition - 1)) == 0);
++ assert(sizeof(BN_ULONG) >= sizeof(int));
++
++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
++
++ t = (a->top^b->top) & condition;
++ a->top ^= t;
++ b->top ^= t;
++
++#define BN_CONSTTIME_SWAP(ind) \
++ do { \
++ t = (a->d[ind] ^ b->d[ind]) & condition; \
++ a->d[ind] ^= t; \
++ b->d[ind] ^= t; \
++ } while (0)
++
++
++ switch (nwords) {
++ default:
++ for (i = 10; i < nwords; i++)
++ BN_CONSTTIME_SWAP(i);
++ /* Fallthrough */
++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
++ case 1: BN_CONSTTIME_SWAP(0);
++ }
++#undef BN_CONSTTIME_SWAP
++}
+Index: crypto/openssl/crypto/ec/ec2_mult.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_mult.c (revision 264251)
++++ crypto/openssl/crypto/ec/ec2_mult.c (working copy)
+@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const B
+ return ret;
+ }
+
++
+ /* Computes scalar*point and stores the result in r.
+ * point can not equal r.
+- * Uses algorithm 2P of
++ * Uses a modified algorithm 2P of
+ * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
++ *
++ * To protect against side-channel attack the function uses constant time swap,
++ * avoiding conditional branches.
+ */
+ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ const EC_POINT *point, BN_CTX *ctx)
+@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const
+ x2 = &r->X;
+ z2 = &r->Y;
+
++ bn_wexpand(x1, group->field.top);
++ bn_wexpand(z1, group->field.top);
++ bn_wexpand(x2, group->field.top);
++ bn_wexpand(z2, group->field.top);
++
+ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
+ if (!BN_one(z1)) goto err; /* z1 = 1 */
+ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
+@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const
+ word = scalar->d[i];
+ while (mask)
+ {
+- if (word & mask)
+- {
+- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
+- }
+- else
+- {
+- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+- }
++ BN_consttime_swap(word & mask, x1, x2, group->field.top);
++ BN_consttime_swap(word & mask, z1, z2, group->field.top);
++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
++ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
++ BN_consttime_swap(word & mask, x1, x2, group->field.top);
++ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ mask >>= 1;
+ }
+ mask = BN_TBIT;
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 264251)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
++ if (s->msg_callback)
++ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
++ &s->s3->rrec.data[0], s->s3->rrec.length,
++ s, s->msg_callback_arg);
++
+ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
+- if (s->msg_callback)
+- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+- &s->s3->rrec.data[0], s->s3->rrec.length,
+- s, s->msg_callback_arg);
+-
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
++ unsigned int write_length = 1 /* heartbeat type */ +
++ 2 /* heartbeat length */ +
++ payload + padding;
+ int r;
+
++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++ return 0;
++
+ /* Allocate memory for the response, size is 1 byte
+ * message type, plus 2 bytes payload length, plus
+ * payload, plus padding
+ */
+- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++ buffer = OPENSSL_malloc(write_length);
+ bp = buffer;
+
+ /* Enter response type, length and copy payload */
+@@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s)
+ /* Random padding */
+ RAND_pseudo_bytes(bp, padding);
+
+- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+ if (r >= 0 && s->msg_callback)
+ s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+- buffer, 3 + payload + padding,
++ buffer, write_length,
+ s, s->msg_callback_arg);
+
+ OPENSSL_free(buffer);
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c (revision 264251)
++++ crypto/openssl/ssl/t1_lib.c (working copy)
+@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
++ if (s->msg_callback)
++ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
++ &s->s3->rrec.data[0], s->s3->rrec.length,
++ s, s->msg_callback_arg);
++
+ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
+- if (s->msg_callback)
+- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+- &s->s3->rrec.data[0], s->s3->rrec.length,
+- s, s->msg_callback_arg);
+-
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:15.ypserv Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,84 @@
+Index: usr.sbin/ypserv/yp_access.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/ypserv/yp_access.c,v
+retrieving revision 1.22
+diff -u -I__FBSDID -r1.22 yp_access.c
+--- usr.sbin/ypserv/yp_access.c 3 May 2003 21:06:42 -0000 1.22
++++ usr.sbin/ypserv/yp_access.c 31 May 2006 03:41:25 -0000
+@@ -87,12 +87,6 @@
+ "ypproc_maplist"
+ };
+
+-#ifdef TCP_WRAPPER
+-void
+-load_securenets(void)
+-{
+-}
+-#else
+ struct securenet {
+ struct in_addr net;
+ struct in_addr mask;
+@@ -177,7 +171,6 @@
+ fclose(fp);
+
+ }
+-#endif
+
+ /*
+ * Access control functions.
+@@ -219,11 +212,12 @@
+ #endif
+ {
+ struct sockaddr_in *rqhost;
+- int status = 0;
++ int status_securenets = 0;
++#ifdef TCP_WRAPPER
++ int status_tcpwrap;
++#endif
+ static unsigned long oldaddr = 0;
+-#ifndef TCP_WRAPPER
+ struct securenet *tmp;
+-#endif
+ const char *yp_procedure = NULL;
+ char procbuf[50];
+
+@@ -274,21 +268,34 @@
+ }
+
+ #ifdef TCP_WRAPPER
+- status = hosts_ctl("ypserv", STRING_UNKNOWN,
++ status_tcpwrap = hosts_ctl("ypserv", STRING_UNKNOWN,
+ inet_ntoa(rqhost->sin_addr), "");
+-#else
++#endif
+ tmp = securenets;
+ while (tmp) {
+ if (((rqhost->sin_addr.s_addr & ~tmp->mask.s_addr)
+ | tmp->net.s_addr) == rqhost->sin_addr.s_addr) {
+- status = 1;
++ status_securenets = 1;
+ break;
+ }
+ tmp = tmp->next;
+ }
+-#endif
+
+- if (!status) {
++#ifdef TCP_WRAPPER
++ if (status_securenets == 0 || status_tcpwrap == 0) {
++#else
++ if (status_securenets == 0) {
++#endif
++ /*
++ * One of the following two events occured:
++ *
++ * (1) The /var/yp/securenets exists and the remote host does not
++ * match any of the networks specified in it.
++ * (2) The hosts.allow file has denied access and TCP_WRAPPER is
++ * defined.
++ *
++ * In either case deny access.
++ */
+ if (rqhost->sin_addr.s_addr != oldaddr) {
+ yp_error("connect from %s:%d to procedure %s refused",
+ inet_ntoa(rqhost->sin_addr),
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/1-SA-06:16.smbfs Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,27 @@
+Index: sys/fs/smbfs/smbfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/smbfs/smbfs_vnops.c,v
+retrieving revision 1.61
+diff -u -I__FBSDID -r1.61 smbfs_vnops.c
+--- sys/fs/smbfs/smbfs_vnops.c 13 Apr 2005 10:59:08 -0000 1.61
++++ sys/fs/smbfs/smbfs_vnops.c 27 May 2006 10:18:33 -0000
+@@ -1018,11 +1018,18 @@
+ static int
+ smbfs_pathcheck(struct smbmount *smp, const char *name, int nmlen, int nameiop)
+ {
+- static const char *badchars = "*/\\:<>;?";
++ static const char *badchars = "*/:<>;?";
+ static const char *badchars83 = " +|,[]=";
+ const char *cp;
+ int i, error;
+
++ /*
++ * Backslash characters, being a path delimiter, are prohibited
++ * within a path component even for LOOKUP operations.
++ */
++ if (index(name, '\\') != NULL)
++ return ENOENT;
++
+ if (nameiop == LOOKUP)
+ return 0;
+ error = ENOENT;
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/10-SA-07:01.jail Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,211 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.15.2.5
+diff -u -d -r1.15.2.5 jail
+--- etc/rc.d/jail 3 Jul 2005 12:40:13 -0000 1.15.2.5
++++ etc/rc.d/jail 9 Jan 2007 21:58:12 -0000
+@@ -66,6 +66,8 @@
+ [ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
+ eval jail_flags=\"\$jail_${_j}_flags\"
+ [ -z "${jail_flags}" ] && jail_flags="-l -U root"
++ eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
++ [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+
+ # Debugging aid
+ #
+@@ -84,6 +86,7 @@
+ debug "$_j exec start: $jail_exec_start"
+ debug "$_j exec stop: $jail_exec_stop"
+ debug "$_j flags: $jail_flags"
++ debug "$_j consolelog: $_consolelog"
+ }
+
+ # set_sysctl rc_knob mib msg
+@@ -113,6 +116,56 @@
+ fi
+ }
+
++# is_current_mountpoint()
++# Is the directory mount point for a currently mounted file
++# system?
++#
++is_current_mountpoint()
++{
++ local _dir _dir2
++
++ _dir=$1
++
++ _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
++ [ ! -d "${_dir}" ] && return 1
++ _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
++ [ "${_dir}" = "${_dir2}" ]
++ return $?
++}
++
++# is_symlinked_mountpoint()
++# Is a mount point, or any of its parent directories, a symlink?
++#
++is_symlinked_mountpoint()
++{
++ local _dir
++
++ _dir=$1
++
++ [ -L "$_dir" ] && return 0
++ [ "$_dir" = "/" ] && return 1
++ is_symlinked_mountpoint `dirname $_dir`
++ return $?
++}
++
++# secure_umount
++# Try to unmount a mount point without being vulnerable to
++# symlink attacks.
++#
++secure_umount()
++{
++ local _dir
++
++ _dir=$1
++
++ if is_current_mountpoint ${_dir}; then
++ umount -f ${_dir} >/dev/null 2>&1
++ else
++ debug "Nothing mounted on ${_dir} - not unmounting"
++ fi
++}
++
++
+ # jail_umount_fs
+ # This function unmounts certain special filesystems in the
+ # currently selected jail. The caller must call the init_variables()
+@@ -120,27 +173,65 @@
+ #
+ jail_umount_fs()
+ {
++ local _device _mountpt _rest
++
+ if checkyesno jail_fdescfs; then
+ if [ -d "${jail_fdescdir}" ] ; then
+- umount -f ${jail_fdescdir} >/dev/null 2>&1
++ secure_umount ${jail_fdescdir}
+ fi
+ fi
+ if checkyesno jail_devfs; then
+ if [ -d "${jail_devdir}" ] ; then
+- umount -f ${jail_devdir} >/dev/null 2>&1
++ secure_umount ${jail_devdir}
+ fi
+ fi
+ if checkyesno jail_procfs; then
+ if [ -d "${jail_procdir}" ] ; then
+- umount -f ${jail_procdir} >/dev/null 2>&1
++ secure_umount ${jail_procdir}
+ fi
+ fi
+ if checkyesno jail_mount; then
+ [ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
+- umount -a -F "${jail_fstab}" >/dev/null 2>&1
++ tail -r ${jail_fstab} | while read _device _mountpt _rest; do
++ case ":${_device}" in
++ :#* | :)
++ continue
++ ;;
++ esac
++ secure_umount ${_mountpt}
++ done
+ fi
+ }
+
++# jail_mount_fstab()
++# Mount file systems from a per jail fstab while trying to
++# secure against symlink attacks at the mount points.
++#
++# If we are certain we cannot secure against symlink attacks we
++# do not mount all of the file systems (since we cannot just not
++# mount the file system with the problematic mount point).
++#
++# The caller must call the init_variables() routine before
++# calling this one.
++#
++jail_mount_fstab()
++{
++ local _device _mountpt _rest
++
++ while read _device _mountpt _rest; do
++ case ":${_device}" in
++ :#* | :)
++ continue
++ ;;
++ esac
++ if is_symlinked_mountpoint ${_mountpt}; then
++ warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
++ return
++ fi
++ done <${_fstab}
++ mount -a -F "${jail_fstab}"
++}
++
+ jail_start()
+ {
+ echo -n 'Configuring jails:'
+@@ -163,9 +254,13 @@
+ if [ ! -f "${jail_fstab}" ]; then
+ err 3 "$name: ${jail_fstab} does not exist"
+ fi
+- mount -a -F "${jail_fstab}"
++ jail_mount_fstab
+ fi
+ if checkyesno jail_devfs; then
++ if is_symlinked_mountpoint ${jail_devdir}; then
++ warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
++ continue
++ fi
+ info "Mounting devfs on ${jail_devdir}"
+ devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+
+@@ -186,13 +281,21 @@
+ # cd "$__pwd"
+ fi
+ if checkyesno jail_fdescfs; then
+- info "Mounting fdescfs on ${jail_fdescdir}"
+- mount -t fdescfs fdesc "${jail_fdescdir}"
++ if is_symlinked_mountpoint ${jail_fdescdir}; then
++ warn "${jail_fdescdir} has symlink as parent, not mounting"
++ else
++ info "Mounting fdescfs on ${jail_fdescdir}"
++ mount -t fdescfs fdesc "${jail_fdescdir}"
++ fi
+ fi
+ if checkyesno jail_procfs; then
+- info "Mounting procfs onto ${jail_procdir}"
+- if [ -d "${jail_procdir}" ] ; then
+- mount -t procfs proc "${jail_procdir}"
++ if is_symlinked_mountpoint ${jail_procdir}; then
++ warn "${jail_procdir} has symlink as parent, not mounting"
++ else
++ info "Mounting procfs onto ${jail_procdir}"
++ if [ -d "${jail_procdir}" ] ; then
++ mount -t procfs proc "${jail_procdir}"
++ fi
+ fi
+ fi
+ _tmp_jail=${_tmp_dir}/jail.$$
+@@ -200,7 +303,7 @@
+ ${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
+ [ "$?" -eq 0 ] && echo -n " $jail_hostname"
+ _jail_id=$(head -1 ${_tmp_jail})
+- tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
++ tail +2 ${_tmp_jail} >${_consolelog}
+ rm -f ${_tmp_jail}
+ echo ${_jail_id} > /var/run/jail_${_jail}.id
+ done
+@@ -219,7 +322,7 @@
+ init_variables $_jail
+ if [ -n "${jail_exec_stop}" ]; then
+ eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
+- >> ${jail_rootdir}/var/log/console.log 2>&1
++ >> ${_consolelog} 2>&1
+ fi
+ killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ sleep 1
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/11-SA-07:02.bind Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,257 @@
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.2.2.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.2.2.1 resolver.c
+--- contrib/bind9/lib/dns/resolver.c 6 Sep 2006 21:19:20 -0000 1.1.1.2.2.2.2.1
++++ contrib/bind9/lib/dns/resolver.c 9 Feb 2007 07:24:35 -0000
+@@ -215,6 +215,11 @@
+ dns_name_t nsname;
+ dns_fetch_t * nsfetch;
+ dns_rdataset_t nsrrset;
++
++ /*%
++ * Number of queries that reference this context.
++ */
++ unsigned int nqueries;
+ };
+
+ #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!')
+@@ -348,6 +353,7 @@
+ dns_rdataset_t *ardataset,
+ isc_result_t *eresultp);
+ static void validated(isc_task_t *task, isc_event_t *event);
++static void maybe_destroy(fetchctx_t *fctx);
+
+ static isc_result_t
+ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
+@@ -366,6 +372,9 @@
+ valarg->fctx = fctx;
+ valarg->addrinfo = addrinfo;
+
++ if (!ISC_LIST_EMPTY(fctx->validators))
++ INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
++
+ result = dns_validator_create(fctx->res->view, name, type, rdataset,
+ sigrdataset, fctx->rmessage,
+ valoptions, task, validated, valarg,
+@@ -513,6 +522,9 @@
+
+ INSIST(query->tcpsocket == NULL);
+
++ query->fctx->nqueries--;
++ if (SHUTTINGDOWN(query->fctx))
++ maybe_destroy(query->fctx); /* Locks bucket. */
+ query->magic = 0;
+ isc_mem_put(query->mctx, query, sizeof(*query));
+ *queryp = NULL;
+@@ -971,6 +983,8 @@
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
++ INSIST(ISC_LIST_EMPTY(fctx->validators));
++
+ dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
+
+ query = isc_mem_get(res->mctx, sizeof(*query));
+@@ -1084,6 +1098,7 @@
+ }
+
+ ISC_LIST_APPEND(fctx->queries, query, link);
++ query->fctx->nqueries++;
+
+ return (ISC_R_SUCCESS);
+
+@@ -1530,7 +1545,7 @@
+ want_done = ISC_TRUE;
+ }
+ } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
+- ISC_LIST_EMPTY(fctx->validators)) {
++ fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
+ bucketnum = fctx->bucketnum;
+ LOCK(&res->buckets[bucketnum].lock);
+ /*
+@@ -2384,8 +2399,8 @@
+ REQUIRE(ISC_LIST_EMPTY(fctx->finds));
+ REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
+ REQUIRE(fctx->pending == 0);
+- REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ REQUIRE(fctx->references == 0);
++ REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+
+ FCTXTRACE("destroy");
+
+@@ -2559,7 +2574,7 @@
+ }
+
+ if (fctx->references == 0 && fctx->pending == 0 &&
+- ISC_LIST_EMPTY(fctx->validators))
++ fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
+ bucket_empty = fctx_destroy(fctx);
+
+ UNLOCK(&res->buckets[bucketnum].lock);
+@@ -2600,6 +2615,7 @@
+ * pending ADB finds and no pending validations.
+ */
+ INSIST(fctx->pending == 0);
++ INSIST(fctx->nqueries == 0);
+ INSIST(ISC_LIST_EMPTY(fctx->validators));
+ if (fctx->references == 0) {
+ /*
+@@ -2761,6 +2777,7 @@
+ fctx->restarts = 0;
+ fctx->timeouts = 0;
+ fctx->attributes = 0;
++ fctx->nqueries = 0;
+
+ dns_name_init(&fctx->nsname, NULL);
+ fctx->nsfetch = NULL;
+@@ -3083,12 +3100,21 @@
+ unsigned int bucketnum;
+ isc_boolean_t bucket_empty = ISC_FALSE;
+ dns_resolver_t *res = fctx->res;
++ dns_validator_t *validator;
+
+ REQUIRE(SHUTTINGDOWN(fctx));
+
+- if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
++ if (fctx->pending != 0 || fctx->nqueries != 0)
+ return;
+
++ for (validator = ISC_LIST_HEAD(fctx->validators);
++ validator != NULL;
++ validator = ISC_LIST_HEAD(fctx->validators)) {
++ ISC_LIST_UNLINK(fctx->validators, validator, link);
++ dns_validator_cancel(validator);
++ dns_validator_destroy(&validator);
++ }
++
+ bucketnum = fctx->bucketnum;
+ LOCK(&res->buckets[bucketnum].lock);
+ if (fctx->references == 0)
+@@ -3219,7 +3245,9 @@
+ result = vevent->result;
+ add_bad(fctx, &addrinfo->sockaddr, result);
+ isc_event_free(&event);
+- if (sentresponse)
++ if (!ISC_LIST_EMPTY(fctx->validators))
++ dns_validator_send(ISC_LIST_HEAD(fctx->validators));
++ else if (sentresponse)
+ fctx_done(fctx, result);
+ else
+ fctx_try(fctx);
+@@ -3315,6 +3343,7 @@
+ * more rdatasets that still need to
+ * be validated.
+ */
++ dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+ goto cleanup_event;
+ }
+
+@@ -3623,6 +3652,13 @@
+ rdataset,
+ sigrdataset,
+ valoptions, task);
++ /*
++ * Defer any further validations.
++ * This prevents multiple validators
++ * from manipulating fctx->rmessage
++ * simultaniously.
++ */
++ valoptions |= DNS_VALIDATOR_DEFER;
+ }
+ } else if (CHAINING(rdataset)) {
+ if (rdataset->type == dns_rdatatype_cname)
+@@ -6346,7 +6382,8 @@
+ /*
+ * No one cares about the result of this fetch anymore.
+ */
+- if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
++ if (fctx->pending == 0 && fctx->nqueries == 0 &&
++ ISC_LIST_EMPTY(fctx->validators) &&
+ SHUTTINGDOWN(fctx)) {
+ /*
+ * This fctx is already shutdown; we were just
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
+retrieving revision 1.1.1.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.1 validator.c
+--- contrib/bind9/lib/dns/validator.c 14 Jan 2006 10:13:45 -0000 1.1.1.2.2.1
++++ contrib/bind9/lib/dns/validator.c 9 Feb 2007 07:24:37 -0000
+@@ -2632,7 +2632,8 @@
+ ISC_LINK_INIT(val, link);
+ val->magic = VALIDATOR_MAGIC;
+
+- isc_task_send(task, ISC_EVENT_PTR(&event));
++ if ((options & DNS_VALIDATOR_DEFER) == 0)
++ isc_task_send(task, ISC_EVENT_PTR(&event));
+
+ *validatorp = val;
+
+@@ -2650,6 +2651,21 @@
+ }
+
+ void
++dns_validator_send(dns_validator_t *validator) {
++ isc_event_t *event;
++ REQUIRE(VALID_VALIDATOR(validator));
++
++ LOCK(&validator->lock);
++
++ INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
++ event = (isc_event_t *)validator->event;
++ validator->options &= ~DNS_VALIDATOR_DEFER;
++ UNLOCK(&validator->lock);
++
++ isc_task_send(validator->task, ISC_EVENT_PTR(&event));
++}
++
++void
+ dns_validator_cancel(dns_validator_t *validator) {
+ REQUIRE(VALID_VALIDATOR(validator));
+
+@@ -2663,6 +2679,12 @@
+
+ if (validator->subvalidator != NULL)
+ dns_validator_cancel(validator->subvalidator);
++ if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
++ isc_task_t *task = validator->event->ev_sender;
++ validator->options &= ~DNS_VALIDATOR_DEFER;
++ isc_event_free((isc_event_t **)&validator->event);
++ isc_task_detach(&task);
++ }
+ }
+ UNLOCK(&validator->lock);
+ }
+Index: contrib/bind9/lib/dns/include/dns/validator.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/validator.h,v
+retrieving revision 1.1.1.1.4.1
+diff -u -I__FBSDID -r1.1.1.1.4.1 validator.h
+--- contrib/bind9/lib/dns/include/dns/validator.h 14 Jan 2006 10:13:45 -0000 1.1.1.1.4.1
++++ contrib/bind9/lib/dns/include/dns/validator.h 9 Feb 2007 07:24:37 -0000
+@@ -129,6 +129,7 @@
+ };
+
+ #define DNS_VALIDATOR_DLV 1
++#define DNS_VALIDATOR_DEFER 2
+
+ ISC_LANG_BEGINDECLS
+
+@@ -173,6 +174,15 @@
+ */
+
+ void
++dns_validator_send(dns_validator_t *validator);
++/*%<
++ * Send a deferred validation request
++ *
++ * Requires:
++ * 'validator' to points to a valid DNSSEC validator.
++ */
++
++void
+ dns_validator_cancel(dns_validator_t *validator);
+ /*
+ * Cancel a DNSSEC validation in progress.
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/12-SA-07:03.ipv6 Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,66 @@
+Index: sys/netinet6/in6.h
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v
+retrieving revision 1.36.2.7
+diff -u -r1.36.2.7 in6.h
+--- sys/netinet6/in6.h 20 Aug 2006 19:28:43 -0000 1.36.2.7
++++ sys/netinet6/in6.h 24 Apr 2007 03:11:29 -0000
+@@ -574,5 +574,6 @@
+ #define IPV6CTL_STEALTH 45
+-#define IPV6CTL_MAXID 46
++#define IPV6CTL_RTHDR0_ALLOWED 46
++#define IPV6CTL_MAXID 47
+ #endif /* __BSD_VISIBLE */
+
+ /*
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.32.2.5
+diff -u -r1.32.2.5 in6_proto.c
+--- sys/netinet6/in6_proto.c 16 Oct 2006 15:11:18 -0000 1.32.2.5
++++ sys/netinet6/in6_proto.c 24 Apr 2007 07:46:54 -0000
+@@ -376,6 +376,8 @@
+ #ifdef IPSTEALTH
+ int ip6stealth = 0;
+ #endif
++int ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */
++ /* by default. */
+
+ /* icmp6 */
+ /*
+@@ -519,6 +521,9 @@
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+ &ip6stealth, 0, "");
+ #endif
++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED,
++ rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, "");
++
+
+ /* net.inet6.icmp6 */
+ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
+Index: sys/netinet6/route6.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v
+retrieving revision 1.11.2.1
+diff -u -r1.11.2.1 route6.c
+--- sys/netinet6/route6.c 4 Nov 2005 20:26:15 -0000 1.11.2.1
++++ sys/netinet6/route6.c 24 Apr 2007 08:06:00 -0000
+@@ -49,6 +49,8 @@
+
+ #include <netinet/icmp6.h>
+
++extern int ip6_rthdr0_allowed;
++
+ static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *,
+ struct ip6_rthdr0 *));
+
+@@ -88,6 +90,8 @@
+
+ switch (rh->ip6r_type) {
+ case IPV6_RTHDR_TYPE_0:
++ if (!ip6_rthdr0_allowed)
++ return (IPPROTO_DONE);
+ rhlen = (rh->ip6r_len + 1) << 3;
+ #ifndef PULLDOWN_TEST
+ /*
Added: user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/5.5-RELEASE/13-SA-07:04.file Thu Apr 17 19:31:09 2014 (r264622)
@@ -0,0 +1,125 @@
+Index: contrib/file/file.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/file.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.7 file.h
+--- contrib/file/file.h 9 Aug 2004 08:45:39 -0000 1.1.1.7
++++ contrib/file/file.h 17 May 2007 17:05:04 -0000
+@@ -225,7 +225,7 @@
+ /* Accumulation buffer */
+ char *buf;
+ char *ptr;
+- size_t len;
++ size_t left;
+ size_t size;
+ /* Printable buffer */
+ char *pbuf;
+Index: contrib/file/funcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/funcs.c,v
+retrieving revision 1.1.1.1
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list