svn commit: r293366 - in user/cperciva/freebsd-update-build/patches: 10.0-BETA1 10.0-BETA2 10.0-BETA3 10.0-BETA4 10.0-RC1 10.0-RC2 10.0-RC3 10.0-RC4 10.0-RC5 10.1-BETA1 10.1-BETA2 10.1-BETA3 10.1-R...
Gleb Smirnoff
glebius at FreeBSD.org
Thu Jan 7 20:59:36 UTC 2016
Author: glebius
Date: Thu Jan 7 20:59:31 2016
New Revision: 293366
URL: https://svnweb.freebsd.org/changeset/base/293366
Log:
Add missing patches for historical FreeBSD releases.
Added:
user/cperciva/freebsd-update-build/patches/10.0-BETA1/
user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh
user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/10.0-BETA2/
user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh
user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/10.0-BETA3/
user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh
user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/10.0-BETA4/
user/cperciva/freebsd-update-build/patches/10.0-RC1/
user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl
user/cperciva/freebsd-update-build/patches/10.0-RC2/
user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl
user/cperciva/freebsd-update-build/patches/10.0-RC3/
user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap
user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl
user/cperciva/freebsd-update-build/patches/10.0-RC4/
user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl
user/cperciva/freebsd-update-build/patches/10.0-RC5/
user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd
user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd
user/cperciva/freebsd-update-build/patches/10.1-BETA1/
user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp
user/cperciva/freebsd-update-build/patches/10.1-BETA2/
user/cperciva/freebsd-update-build/patches/10.1-BETA3/
user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold
user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed
user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei
user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl
user/cperciva/freebsd-update-build/patches/10.1-BETA3/2-EN-14:11.crypt
user/cperciva/freebsd-update-build/patches/10.1-RC1/
user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:20.rtsold
user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:21.routed
user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:22.namei
user/cperciva/freebsd-update-build/patches/10.1-RC1/1-SA-14:23.openssl
user/cperciva/freebsd-update-build/patches/10.1-RC1/2-EN-14:11.crypt
user/cperciva/freebsd-update-build/patches/10.1-RC2/
user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:20.rtsold
user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:21.routed
user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:22.namei
user/cperciva/freebsd-update-build/patches/10.1-RC2/1-SA-14:23.openssl
user/cperciva/freebsd-update-build/patches/10.1-RC2/2-EN-14:11.crypt
user/cperciva/freebsd-update-build/patches/10.1-RC2/3-SA-14:25.setlogin
user/cperciva/freebsd-update-build/patches/10.1-RC2/3-SA-14:26.ftp
user/cperciva/freebsd-update-build/patches/10.1-RC3/
user/cperciva/freebsd-update-build/patches/10.1-RC3/1-SA-14:25.setlogin
user/cperciva/freebsd-update-build/patches/10.1-RC3/1-SA-14:26.ftp
user/cperciva/freebsd-update-build/patches/10.1-RC4/
user/cperciva/freebsd-update-build/patches/10.1-RC4/0-volume-label
user/cperciva/freebsd-update-build/patches/10.1-RC4/1-SA-14:25.setlogin
user/cperciva/freebsd-update-build/patches/10.1-RC4/1-SA-14:26.ftp
user/cperciva/freebsd-update-build/patches/10.2-BETA1/
user/cperciva/freebsd-update-build/patches/10.2-BETA1/1-SA-15:13.tcp
user/cperciva/freebsd-update-build/patches/10.2-BETA2/
user/cperciva/freebsd-update-build/patches/10.2-BETA2/1-SA-15:13.tcp
user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:14.tcp
user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:15.bsdpatch
user/cperciva/freebsd-update-build/patches/10.2-BETA2/2-SA-15:16.openssh
user/cperciva/freebsd-update-build/patches/10.2-BETA2/3-SA-15:18.bsdpatch
user/cperciva/freebsd-update-build/patches/10.2-BETA2/3-SA-15:19.routed
user/cperciva/freebsd-update-build/patches/10.2-RC1/
user/cperciva/freebsd-update-build/patches/10.2-RC1/0-ntp
user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:14.tcp
user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:15.bsdpatch
user/cperciva/freebsd-update-build/patches/10.2-RC1/1-SA-15:16.openssh
user/cperciva/freebsd-update-build/patches/10.2-RC1/2-SA-15:18.bsdpatch
user/cperciva/freebsd-update-build/patches/10.2-RC1/2-SA-15:19.routed
user/cperciva/freebsd-update-build/patches/10.2-RC2/
user/cperciva/freebsd-update-build/patches/10.2-RC2/1-SA-15:18.bsdpatch
user/cperciva/freebsd-update-build/patches/10.2-RC2/1-SA-15:19.routed
user/cperciva/freebsd-update-build/patches/10.2-RC3/
user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:11.toolchain
user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:12.netstat
user/cperciva/freebsd-update-build/patches/10.2-RC3/1-EN-15:13.vidcontrol
user/cperciva/freebsd-update-build/patches/10.2-RC3/1-SA-15:20.expat
user/cperciva/freebsd-update-build/patches/10.2-RC3/2-EN-15:15.pkg
user/cperciva/freebsd-update-build/patches/10.2-RC3/2-SA-15:22.openssh
user/cperciva/freebsd-update-build/patches/6.2-BETA1/
user/cperciva/freebsd-update-build/patches/6.2-BETA1/1-SA-06:21.gzip
user/cperciva/freebsd-update-build/patches/6.2-BETA1/2-SA-06:23.openssl
user/cperciva/freebsd-update-build/patches/6.2-BETA1/3-SA-06:23.openssl-correction
user/cperciva/freebsd-update-build/patches/6.2-BETA1/4-SA-06:22.openssh
user/cperciva/freebsd-update-build/patches/6.2-BETA2/
user/cperciva/freebsd-update-build/patches/6.2-BETA3/
user/cperciva/freebsd-update-build/patches/6.2-BETA3/1-SA-06:24.libarchive
user/cperciva/freebsd-update-build/patches/6.2-RC1/
user/cperciva/freebsd-update-build/patches/6.2-RC1/1-SA-06:25.kmem
user/cperciva/freebsd-update-build/patches/6.2-RC1/2-SA-07:01.jail
user/cperciva/freebsd-update-build/patches/6.2-RC2/
user/cperciva/freebsd-update-build/patches/6.2-RC2/1-SA-07:01.jail
user/cperciva/freebsd-update-build/patches/6.3-BETA1/
user/cperciva/freebsd-update-build/patches/6.3-BETA1/1-SA-07:09.random
user/cperciva/freebsd-update-build/patches/6.3-BETA2/
user/cperciva/freebsd-update-build/patches/6.3-BETA2/1-SA-07:09.random
user/cperciva/freebsd-update-build/patches/6.3-RC1/
user/cperciva/freebsd-update-build/patches/6.3-RC1/1-SA-07:09.random
user/cperciva/freebsd-update-build/patches/6.3-RC2/
user/cperciva/freebsd-update-build/patches/6.3-RC2/1-SA-08:01.pty
user/cperciva/freebsd-update-build/patches/6.3-RC2/1-SA-08:02.libc
user/cperciva/freebsd-update-build/patches/6.3-RELEASE/3-SA-08:03.bind
user/cperciva/freebsd-update-build/patches/6.4-BETA/
user/cperciva/freebsd-update-build/patches/6.4-BETA/1-SA-08:10.nd6
user/cperciva/freebsd-update-build/patches/6.4-RC2/
user/cperciva/freebsd-update-build/patches/6.4-RC2/1-SA-08:11.arc4random
user/cperciva/freebsd-update-build/patches/7.0-BETA1.5/
user/cperciva/freebsd-update-build/patches/7.0-BETA2/
user/cperciva/freebsd-update-build/patches/7.0-BETA2/1-SA-07:09.random
user/cperciva/freebsd-update-build/patches/7.0-BETA3/
user/cperciva/freebsd-update-build/patches/7.0-BETA3/1-SA-07:09.random
user/cperciva/freebsd-update-build/patches/7.0-RC1/
user/cperciva/freebsd-update-build/patches/7.0-RC1/1-SA-08:01.pty
user/cperciva/freebsd-update-build/patches/7.0-RC1/1-SA-08:02.libc
user/cperciva/freebsd-update-build/patches/7.0-RC2/
user/cperciva/freebsd-update-build/patches/7.0-RC2/1-SA-08:03.sendfile
user/cperciva/freebsd-update-build/patches/7.0-RELEASE/4-SA-08:09.icmp
user/cperciva/freebsd-update-build/patches/7.1-BETA/
user/cperciva/freebsd-update-build/patches/7.1-BETA/0-openssh.man
user/cperciva/freebsd-update-build/patches/7.1-BETA/1-SA-08:10.nd6
user/cperciva/freebsd-update-build/patches/7.1-BETA2/
user/cperciva/freebsd-update-build/patches/7.1-BETA2/1-SA-08:11.arc4random
user/cperciva/freebsd-update-build/patches/7.1-RC1/
user/cperciva/freebsd-update-build/patches/7.1-RC1/1-SA-08:12.ftpd
user/cperciva/freebsd-update-build/patches/7.1-RC1/1-SA-08:13.protosw
user/cperciva/freebsd-update-build/patches/7.1-RC2/
user/cperciva/freebsd-update-build/patches/7.1-RC2/1-09:01.lukemftpd
user/cperciva/freebsd-update-build/patches/7.1-RC2/1-09:02.openssl
user/cperciva/freebsd-update-build/patches/7.1-RC2/2-09:03.ntpd
user/cperciva/freebsd-update-build/patches/7.1-RC2/2-09:04.bind
user/cperciva/freebsd-update-build/patches/7.2-RC1/
user/cperciva/freebsd-update-build/patches/7.2-RC1/1-SA-09:08.openssl
user/cperciva/freebsd-update-build/patches/8.0-BETA1/
user/cperciva/freebsd-update-build/patches/8.0-BETA1/0-man9
user/cperciva/freebsd-update-build/patches/8.0-BETA1/0-nc.1 (contents, props changed)
user/cperciva/freebsd-update-build/patches/8.0-BETA1/1-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/8.0-BETA2/
user/cperciva/freebsd-update-build/patches/8.0-BETA2/1-SA-09:12.bind
user/cperciva/freebsd-update-build/patches/8.0-BETA4/
user/cperciva/freebsd-update-build/patches/8.0-BETA4/1-EN-09:05.null
user/cperciva/freebsd-update-build/patches/8.0-RC1/
user/cperciva/freebsd-update-build/patches/8.0-RC1/1-EN-09:05.null
user/cperciva/freebsd-update-build/patches/8.0-RC2/
user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:16.rtld
user/cperciva/freebsd-update-build/patches/8.0-RC2/1-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/8.0-RC3/
user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:15.ssl
user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:16.rtld
user/cperciva/freebsd-update-build/patches/8.0-RC3/1-SA-09:17.freebsd-update
user/cperciva/freebsd-update-build/patches/8.1-BETA1/
user/cperciva/freebsd-update-build/patches/8.1-BETA1/0-ssh-pkcs11-helper.patch
user/cperciva/freebsd-update-build/patches/8.1-RC1/
user/cperciva/freebsd-update-build/patches/8.1-RC1/1-SA-10:07.mbuf
user/cperciva/freebsd-update-build/patches/8.1-RC2/
user/cperciva/freebsd-update-build/patches/8.1-RC2/1-SA-10:07.mbuf
user/cperciva/freebsd-update-build/patches/8.1-RELEASE/12-SA-12:04.sysret
user/cperciva/freebsd-update-build/patches/8.4-BETA1/
user/cperciva/freebsd-update-build/patches/8.4-BETA1/1-SA-13:04.bind
user/cperciva/freebsd-update-build/patches/8.4-RC1/
user/cperciva/freebsd-update-build/patches/8.4-RC1/1-SA-13:05.nfsserver
user/cperciva/freebsd-update-build/patches/8.4-RC2/
user/cperciva/freebsd-update-build/patches/8.4-RC2/1-SA-13:05.nfsserver
user/cperciva/freebsd-update-build/patches/8.4-RC3/
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/31-EN-15:08.sendmail
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/32-EN-15:08.sendmail
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/33-SA-15:11.bind
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/34-SA-15:13.tcp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:14.tcp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:16.openssh
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/35-SA-15:17.bind
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/36-SA-15:16.openssh
user/cperciva/freebsd-update-build/patches/9.0-BETA1/
user/cperciva/freebsd-update-build/patches/9.0-BETA1/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-BETA1/1-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/9.0-BETA2/
user/cperciva/freebsd-update-build/patches/9.0-BETA2/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-BETA2/1-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/9.0-BETA3/
user/cperciva/freebsd-update-build/patches/9.0-BETA3/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-BETA3/1-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/9.0-RC1/
user/cperciva/freebsd-update-build/patches/9.0-RC1/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-RC1/1-EN-12:01.freebsd-update
user/cperciva/freebsd-update-build/patches/9.0-RC2/
user/cperciva/freebsd-update-build/patches/9.0-RC2/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:06.bind
user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/9.0-RC2/1-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/9.0-RC3/
user/cperciva/freebsd-update-build/patches/9.0-RC3/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:07.chroot
user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:08.telnetd
user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:09.pam_ssh
user/cperciva/freebsd-update-build/patches/9.0-RC3/1-SA-11:10.pam
user/cperciva/freebsd-update-build/patches/9.1-RC1/
user/cperciva/freebsd-update-build/patches/9.1-RC1/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:06.bind
user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:07.hostapd
user/cperciva/freebsd-update-build/patches/9.1-RC1/1-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/9.1-RC2/
user/cperciva/freebsd-update-build/patches/9.1-RC2/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.1-RC2/1-SA-12:07.hostapd
user/cperciva/freebsd-update-build/patches/9.1-RC2/1-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/9.1-RC3/
user/cperciva/freebsd-update-build/patches/9.1-RC3/0-clang.patch
user/cperciva/freebsd-update-build/patches/9.1-RC3/1-SA-12:07.hostapd
user/cperciva/freebsd-update-build/patches/9.1-RC3/1-SA-12:08.linux
user/cperciva/freebsd-update-build/patches/9.2-BETA1/
user/cperciva/freebsd-update-build/patches/9.2-BETA2/
user/cperciva/freebsd-update-build/patches/9.2-RC1/
user/cperciva/freebsd-update-build/patches/9.2-RC1/1-SA-13:09.ip_multicast
user/cperciva/freebsd-update-build/patches/9.2-RC1/1-SA-13:10.sctp
user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:11.sendfile
user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/9.2-RC1/2-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/9.2-RC2/
user/cperciva/freebsd-update-build/patches/9.2-RC2/1-SA-13:09.ip_multicast
user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:11.sendfile
user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/9.2-RC2/2-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/9.2-RC3/
user/cperciva/freebsd-update-build/patches/9.2-RC3/1-SA-13:12.ifioctl
user/cperciva/freebsd-update-build/patches/9.2-RC3/1-SA-13:13.nullfs
user/cperciva/freebsd-update-build/patches/9.2-RC3/2-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RC3/3-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RC4/
user/cperciva/freebsd-update-build/patches/9.2-RC4/0-mergemaster.patch
user/cperciva/freebsd-update-build/patches/9.2-RC4/1-EN-13:04.freebsd-update
user/cperciva/freebsd-update-build/patches/9.2-RC4/2-EN-13:05.freebsd-update
user/cperciva/freebsd-update-build/patches/9.3-BETA1/
user/cperciva/freebsd-update-build/patches/9.3-BETA1/1-SA-14:12.ktrace
user/cperciva/freebsd-update-build/patches/9.3-BETA1/1-SA-14:13.pam
user/cperciva/freebsd-update-build/patches/9.3-BETA1/2-SA-14:14.openssl
user/cperciva/freebsd-update-build/patches/9.3-BETA1/3-SA-14:16.file
user/cperciva/freebsd-update-build/patches/9.3-BETA2/
user/cperciva/freebsd-update-build/patches/9.3-BETA2/1-SA-14:16.file
user/cperciva/freebsd-update-build/patches/9.3-BETA3/
user/cperciva/freebsd-update-build/patches/9.3-BETA3/1-SA-14:16.file
user/cperciva/freebsd-update-build/patches/9.3-BETA3/2-SA-14:17.kmem
user/cperciva/freebsd-update-build/patches/9.3-RC1/
user/cperciva/freebsd-update-build/patches/9.3-RC1/1-SA-14:16.file
user/cperciva/freebsd-update-build/patches/9.3-RC1/2-SA-14:17.kmem
user/cperciva/freebsd-update-build/patches/9.3-RC2/
user/cperciva/freebsd-update-build/patches/9.3-RC2/1-SA-14:17.kmem
user/cperciva/freebsd-update-build/patches/9.3-RC3/
user/cperciva/freebsd-update-build/patches/9.3-RC3/1-SA-14:17.kmem
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/1-EN-13:04.freebsd-update Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,78 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -1200,7 +1200,7 @@
+ # Some aliases to save space later: ${P} is a character which can
+ # appear in a path; ${M} is the four numeric metadata fields; and
+ # ${H} is a sha256 hash.
+- P="[-+./:=%@_[[:alnum:]]"
++ P="[-+./:=%@_[~[:alnum:]]"
+ M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
+ H="[0-9a-f]{64}"
+
+@@ -2814,16 +2814,24 @@
+
+ # If we haven't already dealt with the world, deal with it.
+ if ! [ -f $1/worlddone ]; then
++ # Create any necessary directories first
++ grep -vE '^/boot/' $1/INDEX-NEW |
++ grep -E '^[^|]+\|d\|' > INDEX-NEW
++ install_from_index INDEX-NEW || return 1
++
+ # Install new shared libraries next
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ install_from_index INDEX-NEW || return 1
+
+ # Deal with everything else
+ grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
++ grep -vE '^[^|]+\|d\|' |
++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ install_from_index INDEX-NEW || return 1
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+@@ -2844,11 +2852,11 @@
+
+ # Do we need to ask the user to portupgrade now?
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
+ cut -f 1 -d '|' |
+ sort > newfiles
+ if grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '/lib/.*\.so\.[0-9]+\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
+ cut -f 1 -d '|' |
+ sort |
+ join -v 1 - newfiles |
+@@ -2868,11 +2876,20 @@
+
+ # Remove old shared libraries
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
++ # Remove old directories
++ grep -vE '^/boot/' $1/INDEX-OLD |
++ grep -E '^[^|]+\|d\|' > INDEX-OLD
++ grep -vE '^/boot/' $1/INDEX-OLD |
++ grep -E '^[^|]+\|d\|' > INDEX-OLD
++ install_delete INDEX-OLD INDEX-NEW || return 1
++
+ # Remove temporary files
+ rm INDEX-OLD INDEX-NEW
+ }
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/2-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: crypto/openssh/monitor_wrap.c
+===================================================================
+--- crypto/openssh/monitor_wrap.c (revision 257864)
++++ crypto/openssh/monitor_wrap.c (working copy)
+@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
+ buffer_init(&b);
+ buffer_append(&b, blob, blen);
+
+- newkey = xmalloc(sizeof(*newkey));
++ newkey = xcalloc(1, sizeof(*newkey));
+ enc = &newkey->enc;
+ mac = &newkey->mac;
+ comp = &newkey->comp;
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA1/3-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,17 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878)
++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879)
+@@ -2884,10 +2884,10 @@
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove old directories
++ grep -vE '^/boot/' $1/INDEX-NEW |
++ grep -E '^[^|]+\|d\|' > INDEX-NEW
+ grep -vE '^/boot/' $1/INDEX-OLD |
+ grep -E '^[^|]+\|d\|' > INDEX-OLD
+- grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '^[^|]+\|d\|' > INDEX-OLD
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove temporary files
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA2/1-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: crypto/openssh/monitor_wrap.c
+===================================================================
+--- crypto/openssh/monitor_wrap.c (revision 257864)
++++ crypto/openssh/monitor_wrap.c (working copy)
+@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
+ buffer_init(&b);
+ buffer_append(&b, blob, blen);
+
+- newkey = xmalloc(sizeof(*newkey));
++ newkey = xcalloc(1, sizeof(*newkey));
+ enc = &newkey->enc;
+ mac = &newkey->mac;
+ comp = &newkey->comp;
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA2/2-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,17 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878)
++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879)
+@@ -2884,10 +2884,10 @@
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove old directories
++ grep -vE '^/boot/' $1/INDEX-NEW |
++ grep -E '^[^|]+\|d\|' > INDEX-NEW
+ grep -vE '^/boot/' $1/INDEX-OLD |
+ grep -E '^[^|]+\|d\|' > INDEX-OLD
+- grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '^[^|]+\|d\|' > INDEX-OLD
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove temporary files
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA3/1-SA-13:14.openssh Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: crypto/openssh/monitor_wrap.c
+===================================================================
+--- crypto/openssh/monitor_wrap.c (revision 257864)
++++ crypto/openssh/monitor_wrap.c (working copy)
+@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
+ buffer_init(&b);
+ buffer_append(&b, blob, blen);
+
+- newkey = xmalloc(sizeof(*newkey));
++ newkey = xcalloc(1, sizeof(*newkey));
+ enc = &newkey->enc;
+ mac = &newkey->mac;
+ comp = &newkey->comp;
Added: user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-BETA3/2-EN-13:05.freebsd-update Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,17 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh (revision 257878)
++++ usr.sbin/freebsd-update/freebsd-update.sh (revision 257879)
+@@ -2884,10 +2884,10 @@
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove old directories
++ grep -vE '^/boot/' $1/INDEX-NEW |
++ grep -E '^[^|]+\|d\|' > INDEX-NEW
+ grep -vE '^/boot/' $1/INDEX-OLD |
+ grep -E '^[^|]+\|d\|' > INDEX-OLD
+- grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '^[^|]+\|d\|' > INDEX-OLD
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+ # Remove temporary files
Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,20 @@
+Index: sys/vm/vm_map.c
+===================================================================
+--- sys/vm/vm_map.c (revision 259950)
++++ sys/vm/vm_map.c (revision 259951)
+@@ -1207,6 +1207,7 @@ charged:
+ }
+ else if ((prev_entry != &map->header) &&
+ (prev_entry->eflags == protoeflags) &&
++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 &&
+ (prev_entry->end == start) &&
+ (prev_entry->wired_count == 0) &&
+ (prev_entry->cred == cred ||
+@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
+ * NOTE: We explicitly allow bi-directional stacks.
+ */
+ orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP);
+- cow &= ~orient;
+ KASSERT(orient != 0, ("No stack grow direction"));
+
+ if (addrbos < vm_map_min(map) ||
Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,16 @@
+Index: contrib/bsnmp/lib/snmpagent.c
+===================================================================
+--- contrib/bsnmp/lib/snmpagent.c (revision 259661)
++++ contrib/bsnmp/lib/snmpagent.c (working copy)
+@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf
+ for (cnt = 0; cnt < pdu->error_index; cnt++) {
+ eomib = 1;
+ for (i = non_rep; i < pdu->nbindings; i++) {
++
++ if (resp->nbindings == SNMP_MAX_BINDINGS)
++ /* PDU is full */
++ goto done;
++
+ if (cnt == 0)
+ result = do_getnext(&context, &pdu->bindings[i],
+ &resp->bindings[resp->nbindings], pdu);
Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c (revision 259828)
++++ contrib/ntp/ntpd/ntp_config.c (working copy)
+@@ -597,6 +597,8 @@ getconfig(
+ #endif /* not SYS_WINNT */
+ }
+
++ proto_config(PROTO_MONITOR, 0, 0., NULL);
++
+ for (;;) {
+ if (tok == CONFIG_END)
+ break;
Added: user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC1/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,91 @@
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 260378)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 260378)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c (revision 260378)
++++ crypto/openssl/ssl/s3_lib.c (working copy)
+@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 260378)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 260378)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
++ dd= s->enc_write_ctx;
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
+ else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+- dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,20 @@
+Index: sys/vm/vm_map.c
+===================================================================
+--- sys/vm/vm_map.c (revision 259950)
++++ sys/vm/vm_map.c (revision 259951)
+@@ -1207,6 +1207,7 @@ charged:
+ }
+ else if ((prev_entry != &map->header) &&
+ (prev_entry->eflags == protoeflags) &&
++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 &&
+ (prev_entry->end == start) &&
+ (prev_entry->wired_count == 0) &&
+ (prev_entry->cred == cred ||
+@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
+ * NOTE: We explicitly allow bi-directional stacks.
+ */
+ orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP);
+- cow &= ~orient;
+ KASSERT(orient != 0, ("No stack grow direction"));
+
+ if (addrbos < vm_map_min(map) ||
Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,16 @@
+Index: contrib/bsnmp/lib/snmpagent.c
+===================================================================
+--- contrib/bsnmp/lib/snmpagent.c (revision 259661)
++++ contrib/bsnmp/lib/snmpagent.c (working copy)
+@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf
+ for (cnt = 0; cnt < pdu->error_index; cnt++) {
+ eomib = 1;
+ for (i = non_rep; i < pdu->nbindings; i++) {
++
++ if (resp->nbindings == SNMP_MAX_BINDINGS)
++ /* PDU is full */
++ goto done;
++
+ if (cnt == 0)
+ result = do_getnext(&context, &pdu->bindings[i],
+ &resp->bindings[resp->nbindings], pdu);
Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c (revision 259828)
++++ contrib/ntp/ntpd/ntp_config.c (working copy)
+@@ -597,6 +597,8 @@ getconfig(
+ #endif /* not SYS_WINNT */
+ }
+
++ proto_config(PROTO_MONITOR, 0, 0., NULL);
++
+ for (;;) {
+ if (tok == CONFIG_END)
+ break;
Added: user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC2/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,91 @@
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 260378)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 260378)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c (revision 260378)
++++ crypto/openssl/ssl/s3_lib.c (working copy)
+@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 260378)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 260378)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
++ dd= s->enc_write_ctx;
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
+ else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+- dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-EN-14:02.mmap Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,20 @@
+Index: sys/vm/vm_map.c
+===================================================================
+--- sys/vm/vm_map.c (revision 259950)
++++ sys/vm/vm_map.c (revision 259951)
+@@ -1207,6 +1207,7 @@ charged:
+ }
+ else if ((prev_entry != &map->header) &&
+ (prev_entry->eflags == protoeflags) &&
++ (cow & (MAP_ENTRY_GROWS_DOWN | MAP_ENTRY_GROWS_UP)) == 0 &&
+ (prev_entry->end == start) &&
+ (prev_entry->wired_count == 0) &&
+ (prev_entry->cred == cred ||
+@@ -3339,7 +3340,6 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
+ * NOTE: We explicitly allow bi-directional stacks.
+ */
+ orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP);
+- cow &= ~orient;
+ KASSERT(orient != 0, ("No stack grow direction"));
+
+ if (addrbos < vm_map_min(map) ||
Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,16 @@
+Index: contrib/bsnmp/lib/snmpagent.c
+===================================================================
+--- contrib/bsnmp/lib/snmpagent.c (revision 259661)
++++ contrib/bsnmp/lib/snmpagent.c (working copy)
+@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf
+ for (cnt = 0; cnt < pdu->error_index; cnt++) {
+ eomib = 1;
+ for (i = non_rep; i < pdu->nbindings; i++) {
++
++ if (resp->nbindings == SNMP_MAX_BINDINGS)
++ /* PDU is full */
++ goto done;
++
+ if (cnt == 0)
+ result = do_getnext(&context, &pdu->bindings[i],
+ &resp->bindings[resp->nbindings], pdu);
Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c (revision 259828)
++++ contrib/ntp/ntpd/ntp_config.c (working copy)
+@@ -597,6 +597,8 @@ getconfig(
+ #endif /* not SYS_WINNT */
+ }
+
++ proto_config(PROTO_MONITOR, 0, 0., NULL);
++
+ for (;;) {
+ if (tok == CONFIG_END)
+ break;
Added: user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC3/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,91 @@
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 260378)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 260378)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c (revision 260378)
++++ crypto/openssl/ssl/s3_lib.c (working copy)
+@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 260378)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 260378)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
++ dd= s->enc_write_ctx;
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
+ else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+- dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,16 @@
+Index: contrib/bsnmp/lib/snmpagent.c
+===================================================================
+--- contrib/bsnmp/lib/snmpagent.c (revision 259661)
++++ contrib/bsnmp/lib/snmpagent.c (working copy)
+@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf
+ for (cnt = 0; cnt < pdu->error_index; cnt++) {
+ eomib = 1;
+ for (i = non_rep; i < pdu->nbindings; i++) {
++
++ if (resp->nbindings == SNMP_MAX_BINDINGS)
++ /* PDU is full */
++ goto done;
++
+ if (cnt == 0)
+ result = do_getnext(&context, &pdu->bindings[i],
+ &resp->bindings[resp->nbindings], pdu);
Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c (revision 259828)
++++ contrib/ntp/ntpd/ntp_config.c (working copy)
+@@ -597,6 +597,8 @@ getconfig(
+ #endif /* not SYS_WINNT */
+ }
+
++ proto_config(PROTO_MONITOR, 0, 0., NULL);
++
+ for (;;) {
+ if (tok == CONFIG_END)
+ break;
Added: user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC4/1-SA-14:03.openssl Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,91 @@
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 260378)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 260378)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -208,7 +208,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c (revision 260378)
++++ crypto/openssl/ssl/s3_lib.c (working copy)
+@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 260378)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 260378)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
++ dd= s->enc_write_ctx;
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
+ else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+- dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
Added: user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:01.bsnmpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,16 @@
+Index: contrib/bsnmp/lib/snmpagent.c
+===================================================================
+--- contrib/bsnmp/lib/snmpagent.c (revision 259661)
++++ contrib/bsnmp/lib/snmpagent.c (working copy)
+@@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf
+ for (cnt = 0; cnt < pdu->error_index; cnt++) {
+ eomib = 1;
+ for (i = non_rep; i < pdu->nbindings; i++) {
++
++ if (resp->nbindings == SNMP_MAX_BINDINGS)
++ /* PDU is full */
++ goto done;
++
+ if (cnt == 0)
+ result = do_getnext(&context, &pdu->bindings[i],
+ &resp->bindings[resp->nbindings], pdu);
Added: user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RC5/1-SA-14:02.ntpd Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c (revision 259828)
++++ contrib/ntp/ntpd/ntp_config.c (working copy)
+@@ -597,6 +597,8 @@ getconfig(
+ #endif /* not SYS_WINNT */
+ }
+
++ proto_config(PROTO_MONITOR, 0, 0., NULL);
++
+ for (;;) {
+ if (tok == CONFIG_END)
+ break;
Added: user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-BETA1/1-SA-14:19.tcp Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,17 @@
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c (revision 271383)
++++ sys/netinet/tcp_input.c (working copy)
+@@ -2092,11 +2092,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th,
+
+ todrop = tp->rcv_nxt - th->th_seq;
+ if (todrop > 0) {
+- /*
+- * If this is a duplicate SYN for our current connection,
+- * advance over it and pretend and it's not a SYN.
+- */
+- if (thflags & TH_SYN && th->th_seq == tp->irs) {
++ if (thflags & TH_SYN) {
+ thflags &= ~TH_SYN;
+ th->th_seq++;
+ if (th->th_urp > 1)
Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:20.rtsold Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,14 @@
+Index: usr.sbin/rtsold/rtsol.c
+===================================================================
+--- usr.sbin/rtsold/rtsol.c.orig
++++ usr.sbin/rtsold/rtsol.c
+@@ -933,7 +933,8 @@
+ dst_origin = dst;
+ memset(dst, '\0', dlen);
+ while (src && (len = (uint8_t)(*src++) & 0x3f) &&
+- (src + len) <= src_last) {
++ (src + len) <= src_last &&
++ (dst - dst_origin < (ssize_t)dlen)) {
+ if (dst != dst_origin)
+ *dst++ = '.';
+ warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len);
Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:21.routed Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,15 @@
+Index: sbin/routed/input.c
+===================================================================
+--- sbin/routed/input.c.orig
++++ sbin/routed/input.c
+@@ -288,6 +288,10 @@
+ /* Answer a query from a utility program
+ * with all we know.
+ */
++ if (aifp == NULL) {
++ trace_pkt("ignore remote query");
++ return;
++ }
+ if (from->sin_port != htons(RIP_PORT)) {
+ supply(from, aifp, OUT_QUERY, 0,
+ rip->rip_vers, ap != 0);
Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:22.namei Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,94 @@
+Index: sys/kern/vfs_lookup.c
+===================================================================
+--- sys/kern/vfs_lookup.c (revision 273277)
++++ sys/kern/vfs_lookup.c (working copy)
+@@ -121,6 +121,16 @@
+ * if symbolic link, massage name in buffer and continue
+ * }
+ */
++static void
++namei_cleanup_cnp(struct componentname *cnp)
++{
++ uma_zfree(namei_zone, cnp->cn_pnbuf);
++#ifdef DIAGNOSTIC
++ cnp->cn_pnbuf = NULL;
++ cnp->cn_nameptr = NULL;
++#endif
++}
++
+ int
+ namei(struct nameidata *ndp)
+ {
+@@ -185,11 +195,7 @@
+ }
+ #endif
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ ndp->ni_vp = NULL;
+ return (error);
+ }
+@@ -256,11 +262,7 @@
+ }
+ }
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ return (error);
+ }
+ }
+@@ -286,6 +288,7 @@
+ if (KTRPOINT(curthread, KTR_CAPFAIL))
+ ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
+ #endif
++ namei_cleanup_cnp(cnp);
+ return (ENOTCAPABLE);
+ }
+ while (*(cnp->cn_nameptr) == '/') {
+@@ -298,11 +301,7 @@
+ ndp->ni_startdir = dp;
+ error = lookup(ndp);
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0,
+ 0, 0);
+ return (error);
+@@ -312,11 +311,7 @@
+ */
+ if ((cnp->cn_flags & ISSYMLINK) == 0) {
+ if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ } else
+ cnp->cn_flags |= HASBUF;
+
+@@ -378,11 +373,7 @@
+ vput(ndp->ni_vp);
+ dp = ndp->ni_dvp;
+ }
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ vput(ndp->ni_vp);
+ ndp->ni_vp = NULL;
+ vrele(ndp->ni_dvp);
Added: user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-BETA3/1-SA-14:23.openssl Thu Jan 7 20:59:31 2016 (r293366)
@@ -0,0 +1,10217 @@
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES (revision 273303)
++++ crypto/openssl/CHANGES (working copy)
+@@ -2,6 +2,57 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
++
++ *) SRTP Memory Leak.
++
++ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
++ sends a carefully crafted handshake message, to cause OpenSSL to fail
++ to free up to 64k of memory causing a memory leak. This could be
++ exploited in a Denial Of Service attack. This issue affects OpenSSL
++ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
++ whether SRTP is used or configured. Implementations of OpenSSL that
++ have been compiled with OPENSSL_NO_SRTP defined are not affected.
++
++ The fix was developed by the OpenSSL team.
++ (CVE-2014-3513)
++ [OpenSSL team]
++
++ *) Session Ticket Memory Leak.
++
++ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
++ integrity of that ticket is first verified. In the event of a session
++ ticket integrity check failing, OpenSSL will fail to free memory
++ causing a memory leak. By sending a large number of invalid session
++ tickets an attacker could exploit this issue in a Denial Of Service
++ attack.
++ (CVE-2014-3567)
++ [Steve Henson]
++
++ *) Build option no-ssl3 is incomplete.
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list