From 27146c98dfd6ebd11a3bc78c0b64ebd317d38d7f Mon Sep 17 00:00:00 2001
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 16 Sep 2015 21:14:16 +0000
Subject: [PATCH] Add EN-15:16 - EN-15:18.
---
.../advisories/FreeBSD-EN-15:16.pw.asc | 125 +++
.../advisories/FreeBSD-EN-15:17.libc.asc | 129 +++
.../advisories/FreeBSD-EN-15:18.pkg.asc | 137 ++++
share/security/patches/EN-15:16/pw.patch | 20 +
share/security/patches/EN-15:16/pw.patch.asc | 17 +
share/security/patches/EN-15:17/libc.patch | 771 ++++++++++++++++++
.../security/patches/EN-15:17/libc.patch.asc | 17 +
share/security/patches/EN-15:18/pkg-10.patch | 320 ++++++++
.../patches/EN-15:18/pkg-10.patch.asc | 17 +
share/security/patches/EN-15:18/pkg-9.patch | 357 ++++++++
.../security/patches/EN-15:18/pkg-9.patch.asc | 17 +
share/xml/notices.xml | 20 +
12 files changed, 1947 insertions(+)
create mode 100644 share/security/advisories/FreeBSD-EN-15:16.pw.asc
create mode 100644 share/security/advisories/FreeBSD-EN-15:17.libc.asc
create mode 100644 share/security/advisories/FreeBSD-EN-15:18.pkg.asc
create mode 100644 share/security/patches/EN-15:16/pw.patch
create mode 100644 share/security/patches/EN-15:16/pw.patch.asc
create mode 100644 share/security/patches/EN-15:17/libc.patch
create mode 100644 share/security/patches/EN-15:17/libc.patch.asc
create mode 100644 share/security/patches/EN-15:18/pkg-10.patch
create mode 100644 share/security/patches/EN-15:18/pkg-10.patch.asc
create mode 100644 share/security/patches/EN-15:18/pkg-9.patch
create mode 100644 share/security/patches/EN-15:18/pkg-9.patch.asc
diff --git a/share/security/advisories/FreeBSD-EN-15:16.pw.asc b/share/security/advisories/FreeBSD-EN-15:16.pw.asc
new file mode 100644
index 0000000000..c16f671d4f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-15:16.pw.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:16.pw Errata Notice
+ The FreeBSD Project
+
+Topic: Regression in pw(8) when creating numeric users or groups
+
+Category: core
+Module: pw
+Announced: 2015-09-16
+Credits: Thierry Caillet, Baptiste Daroussin
+Affects: 10.2-RELEASE
+Corrected: 2015-08-23 21:42:27 UTC (stable/10, 10.2-STABLE)
+ 2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The pw(8) utility is used to create, remove, modify, and display system
+users and groups.
+
+II. Problem Description
+
+The pw(8) utility will fail to create users and groups that only contain
+numeric values [0-9].
+
+III. Impact
+
+An attempt to create a user or group containing only numeric values will
+fail.
+
+IV. Workaround
+
+No workaround is available, but systems configured to create users or groups
+that do not contain numeric-only names are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch.asc
+# gpg --verify pw.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+A reboot of the running system is not necessary after installing the updated
+pw(8) utility.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r287084
+releng/10.2/ r287872
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<other info on vulnerability>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:26.pw.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJV+dpkAAoJEO1n7NZdz2rndhEQAKKeeQnj+Woggr6L1x8R3uTt
+q7ljwpAq2v3bMRQwMg/F3DOivcFAw9fn63u/siZLnZj0oqCCns0UT8ResHL6wMlD
+dVYav/npB/XeJTpqF6kuLKelqrzL+/YnU2lVe7SBQQibdszrn3sZSdeyF/XQrSOg
+Fqpa+xAP4/ZrSQviuyLe1AM1UI4RXVGssxmHO16zQTO+fp3cPmwP/wZ/Dlk/jnwa
+GugIuf/Vc7lzyDCtbOifRLLmiRo3IVoR7temMHEaBsTPClVzb+OHOdiD3aVYL6Vy
+Mp4oFBC7txmfIjDfmZ11EX4OBnCLpx3JEOAMTya0Mvo5PMLoymhu0RoWUyNXX4s7
+ThEjCaUWfEOYIDbP54ZCOrIooCvnjQFcs5MWys6tYO6iOOW96FUu4cV0ez8u+ukS
+Zz1b/TGEgks+/74mMgDO3z1FhGbJeRVFmQUUd+/ZboLIYhTOmop/puHLMpnSV0hY
+C0GSwhUtMD/E3a9AmyMoo9Wj1TySlxAmjb0kHPh0IpY0xPHmfXSJ17+LpGPeEHEj
+LLFRTHBiA/Qs/WJCSMy6XhztRJ2WPomqefhUtrh1mzzeJgQPX2yWRizvTboD0zAA
+yb4U22iuu1gkA7vEaOAW5RFGEKg3cGmHSqB/r0gZ20zazv0//l0Q8Sm0slP53kDs
+K+wCT8FF22Fgy0ZPw831
+=m4lo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-15:17.libc.asc b/share/security/advisories/FreeBSD-EN-15:17.libc.asc
new file mode 100644
index 0000000000..a44617a959
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-15:17.libc.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:17.libc Errata Notice
+ The FreeBSD Project
+
+Topic: libc incorrectly handles signals for multi-threaded processes
+
+Category: core
+Module: libc
+Announced: 2015-09-16
+Credits: Konstantin Belousov
+Affects: FreeBSD 10.2
+Corrected: 2015-09-05 08:55:51 UTC (stable/10, 10.2-STABLE)
+ 2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The FreeBSD libc library is the core C runtime library which implements
+the ANSI C, POSIX APIs and BSD extensions for applications on top of the
+FreeBSD kernel. The internal operations of libc change when the threading
+library is loaded, ensuring service implementations are operational in
+multi-threaded environments, while avoiding unnecessary overhead for
+applications not utilizing threads. The implementation of some services
+is delegated to the threading library, for instance, the signal management.
+
+II. Problem Description
+
+Signal-related services, such as signal(3), sigprocmask(2), and sigwait(2)
+are not properly redirected to the threading library implementation when
+used by libc directly.
+
+III. Impact
+
+The full impact of the bug is difficult to enumerate precisely based on the
+nature of the problem, though some visible effects include runtime linker
+hang during signal delivery, and delivery of a signal to the application
+at an unexpected time.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:17/libc.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:17/libc.patch.asc
+# gpg --verify libc.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r287480
+releng/10.2/ r287872
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:17.libc.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJV+dppAAoJEO1n7NZdz2rnKb8P/1D1VyY3WoenCbDAx/diaqpf
+yFV5ncQBF2yQ+ADJ9WcGVmVqx4AjP56a2PGZ0YaEG/wUbqrfdzABfA+phr+tIm65
+7QaNcPFSnvtGUH28hXkGT4sf4tpb2H/dD3eGTz4a8Fp8KbDcnYyg0kvOlBo1m7l7
+kfPt0fBH9yn5nf36mI6hD7SsajLnh92pvHG0tIlojDDU34zgrqA408BV7nWM8tvf
+jZxS7dLm0ZXUnlwXohwuESqT+GTsANjIv8pldWLxBAN+0qJ6+ZMvhgknkN9pu42D
+Zi/Hb/C/g6HmeglXbHvAbFzdLLfcduY3B469CuPPYwm7qVmkJvsbsyj+Tq/OtswX
+r50fFALF3LcRVzuRwRXDUciXufw0AdBNMCykl0kfai2r2R1CHvtfGC2bLyZoRk21
+1Kr/uh/eMqBs6OyW14ASfB6jOtjInYnVMYyjNeo75qUYOj7z5ybieNfM5X1kNfs1
+7Qckinr0bW9o2MMAj4bewJ6KkLlN1YAQqa3lx4JipFz/jut/9L1XWzsJMYNT7N7J
+G/qOBGjoH1lF56VvtngOVYTOdsxdZfu0s8KweH8SyzZHsnf7jHeHinp/ECo36hR6
++xQQO01w97xQLlKx5P0uODQb3aXMpfS3SjmSbGuAu60bXw74oMBeLlkSXR3t5DT+
+nw53+Y2BwV4yWz//iacR
+=lA5q
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-15:18.pkg.asc b/share/security/advisories/FreeBSD-EN-15:18.pkg.asc
new file mode 100644
index 0000000000..5e1c30e365
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-15:18.pkg.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:18.pkg Errata Notice
+ The FreeBSD Project
+
+Topic: Implement pubkey support for pkg(7) bootstrap
+
+Category: core
+Module: pkg
+Announced: 2015-09-16
+Credits: Baptiste Daroussin
+Affects: All supported versions of FreeBSD.
+Corrected: 2015-09-15 05:56:16 UTC (stable/10, 10.2-STABLE)
+ 2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3)
+ 2015-09-16 21:00:21 UTC (releng/10.1, 10.1-RELEASE-p20)
+ 2015-09-15 08:34:32 UTC (stable/9, 9.3-STABLE)
+ 2015-09-16 21:00:21 UTC (releng/9.3, 9.3-RELEASE-p26)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The pkg(8) utility is the package management tool for FreeBSD. The base
+system includes a pkg(7) bootstrap utility used to install the latest
+pkg(8) utility.
+
+II. Problem Description
+
+The pubkey method is not supported by the pkg(7) bootstrap utility.
+Previously, before EN-15:15.pkg, if the system administrator requested
+this method, it is silently ignored and no check is performed.
+
+In EN-15:15.pkg, pkg(7) have been modified to issue warning and refuse
+to proceed any further.
+
+III. Impact
+
+There is no way to use the pubkey method to bootstrap pkg(8) on the
+system.
+
+IV. Workaround
+
+No workaround is available, but the default FreeBSD configuration is not
+affected because it uses "fingerprint" method.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.x]
+# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-10.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-10.patch.asc
+# gpg --verify pkg-10.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-9.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:18/pkg-9.patch.asc
+# gpg --verify pkg-9.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r287814
+releng/9.3/ r287873
+stable/10/ r287810
+releng/10.1/ r287873
+releng/10.2/ r287872
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:18.pkg.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJV+dppAAoJEO1n7NZdz2rn9cUP/0CWVv/p9UJb53HzTjFJTmm3
+WS0eDqvGS9DS9G/QWsYUWqDQY+Sf9kIFpSQFjIxNbhGlxxRyYaU7hrn2fqbxdJvk
+wOlr+7Enui5d9dFLSYKuMfxY5dlyX+Y9WshdH5WI1I4jYrsEPrLc+YeJ7aaQ2QmP
+GbXHl21SenB32GxLh1/THuWPYRaMuOujbpO3DCbbTsxFfdgytUO3cbefvuKn4gfe
+Ol8yDUS9emD5mmD55uSuIvbOgywWFqpYGBcnAIwB5oRRKgJitbeZbXjOjyxCTVvT
+B3lBdPP6RIWnrMpBiQ9NPVWpYvk5jHnhUOfVDmVFIpG6UzRqqbLQVn4m2QoHmaxe
+eHNMuRT/Zpf5QIPZBpdVITz647V1M/gEb5GRnQ1B2JA0KXAxCsnt6qHPoG8JsrRW
+6G90QHjHqGLFtssGIILeCTRHJHYzjCxlRVWF8LgUgshQBbxpUmde6VedahdwKFel
+JG34M4Qxr9PIQ9u7UN4+bolxXtRSsUiKDtakYQs/NrnF48OZJSY98e4QG4tRsxvy
+cWcSsjkFbqzn/Z14KFb8zfygJCGdvOEOjl0Is44w+y9R8dddcwoFW3ufvsJi9KMc
+jQ622C+jZHa+fdUED4qJU9HDMEMDcMFH6Ule4JYwegBSq463keFX/gRoDvQK/eTS
+9KWvZ0KR3azq26fp7Ni4
+=ru1t
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-15:16/pw.patch b/share/security/patches/EN-15:16/pw.patch
new file mode 100644
index 0000000000..a11abadf9e
--- /dev/null
+++ b/share/security/patches/EN-15:16/pw.patch
@@ -0,0 +1,20 @@
+Index: usr.sbin/pw/pw.c
+===================================================================
+--- usr.sbin/pw/pw.c (revision 287410)
++++ usr.sbin/pw/pw.c (working copy)
+@@ -272,14 +272,7 @@
+ errstr);
+ break;
+ case 'n':
+- if (strspn(optarg, "0123456789") != strlen(optarg)) {
+- name = optarg;
+- break;
+- }
+- id = strtonum(optarg, 0, LONG_MAX, &errstr);
+- if (errstr != NULL)
+- errx(EX_USAGE, "Bad id '%s': %s", optarg,
+- errstr);
++ name = optarg;
+ break;
+ case 'o':
+ conf.checkduplicate = false;
diff --git a/share/security/patches/EN-15:16/pw.patch.asc b/share/security/patches/EN-15:16/pw.patch.asc
new file mode 100644
index 0000000000..8fcd68e13d
--- /dev/null
+++ b/share/security/patches/EN-15:16/pw.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnarwQAOPy1lZk3bioNnSmfjgmofDK
+6GH/macYjrW96GYeeojKtMybdMS2WXjljBrcsF07vZrpGOy10N0keEja79V6UeLa
+XJXVZ627z2iDHlSYK8jnhf5LWG3oGBLElKr+toIPCY45w+gA2hPgnZg0NBpw/Qwv
+I3ktLoMMr7Ie9k9xLJ3g1ySHqALX1fPYowUUqBNSgazCiBNCPTH5kh1fj2sdPA6S
+COtgXMOPjS/f+7Q7ixGvsruJj66tOs73gzhaVLjoi52SYL0G71gxhPEJzA2dDnRi
+j+V4U/GXJrCp0UKP89TBksNoYm2dd/nIy1TOyqCV+SozFvwjmP/zx9fcBbCQGPaH
+5fdcqMGvfXGEYn7kcybslPX1dVhtBsVPc20us/jx1KjwOla0yGScqhwfzii+NHTF
+0hKNvzExDazJZf/EIAj2Nnrd4kcj3kCm/kNPy+ypF2WxoeDyJwFertCZfsGrXSIU
+ValKtb+AzXZ+SxTj3B5Rl3wY9OG+i8V4nR9PG7SHWP9s3GEa5GrQVWUcr8qbFEED
+stiJhUtxyHU8E20oGnyrQrGOUyjvq8gWvNtov7bln9tvnG91LLVMBnQNGsHIshzE
+/OP6hgAaaNL+6zQ0XgUMO+RpyKg4Zvj7jHpcHonuwQqUno1zcqGPU/m3GMlyWb/9
+Aydc6sgQYRTF5pvuYeba
+=4C+I
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-15:17/libc.patch b/share/security/patches/EN-15:17/libc.patch
new file mode 100644
index 0000000000..238ca1ca2d
--- /dev/null
+++ b/share/security/patches/EN-15:17/libc.patch
@@ -0,0 +1,771 @@
+Index: lib/libc/amd64/gen/setjmp.S
+===================================================================
+--- lib/libc/amd64/gen/setjmp.S (revision 287549)
++++ lib/libc/amd64/gen/setjmp.S (working copy)
+@@ -55,7 +55,7 @@ ENTRY(setjmp)
+ movq $0,%rsi /* (sigset_t*)set */
+ leaq 72(%rcx),%rdx /* 9,10; (sigset_t*)oset */
+ /* stack is 16-byte aligned */
+- call PIC_PLT(CNAME(_sigprocmask))
++ call __libc_sigprocmask
+ popq %rdi
+ movq %rdi,%rcx
+ movq 0(%rsp),%rdx /* retval */
+@@ -83,7 +83,7 @@ ENTRY(__longjmp)
+ leaq 72(%rdx),%rsi /* (sigset_t*)set */
+ movq $0,%rdx /* (sigset_t*)oset */
+ subq $0x8,%rsp /* make the stack 16-byte aligned */
+- call PIC_PLT(CNAME(_sigprocmask))
++ call __libc_sigprocmask
+ addq $0x8,%rsp
+ popq %rsi
+ popq %rdi /* jmpbuf */
+Index: lib/libc/amd64/gen/sigsetjmp.S
+===================================================================
+--- lib/libc/amd64/gen/sigsetjmp.S (revision 287549)
++++ lib/libc/amd64/gen/sigsetjmp.S (working copy)
+@@ -63,7 +63,7 @@ ENTRY(sigsetjmp)
+ movq $0,%rsi /* (sigset_t*)set */
+ leaq 72(%rcx),%rdx /* 9,10 (sigset_t*)oset */
+ /* stack is 16-byte aligned */
+- call PIC_PLT(CNAME(_sigprocmask))
++ call __libc_sigprocmask
+ popq %rdi
+ 2: movq %rdi,%rcx
+ movq 0(%rsp),%rdx /* retval */
+@@ -92,7 +92,7 @@ ENTRY(__siglongjmp)
+ leaq 72(%rdx),%rsi /* (sigset_t*)set */
+ movq $0,%rdx /* (sigset_t*)oset */
+ subq $0x8,%rsp /* make the stack 16-byte aligned */
+- call PIC_PLT(CNAME(_sigprocmask))
++ call __libc_sigprocmask
+ addq $0x8,%rsp
+ popq %rsi
+ popq %rdi /* jmpbuf */
+Index: lib/libc/compat-43/sigcompat.c
+===================================================================
+--- lib/libc/compat-43/sigcompat.c (revision 287549)
++++ lib/libc/compat-43/sigcompat.c (working copy)
+@@ -59,7 +59,7 @@ sigvec(signo, sv, osv)
+ } else
+ sap = NULL;
+ osap = osv != NULL ? &osa : NULL;
+- ret = _sigaction(signo, sap, osap);
++ ret = __libc_sigaction(signo, sap, osap);
+ if (ret == 0 && osv != NULL) {
+ osv->sv_handler = osa.sa_handler;
+ osv->sv_flags = osa.sa_flags ^ SV_INTERRUPT;
+@@ -77,7 +77,7 @@ sigsetmask(mask)
+
+ sigemptyset(&set);
+ set.__bits[0] = mask;
+- n = _sigprocmask(SIG_SETMASK, &set, &oset);
++ n = __libc_sigprocmask(SIG_SETMASK, &set, &oset);
+ if (n)
+ return (n);
+ return (oset.__bits[0]);
+@@ -92,7 +92,7 @@ sigblock(mask)
+
+ sigemptyset(&set);
+ set.__bits[0] = mask;
+- n = _sigprocmask(SIG_BLOCK, &set, &oset);
++ n = __libc_sigprocmask(SIG_BLOCK, &set, &oset);
+ if (n)
+ return (n);
+ return (oset.__bits[0]);
+@@ -105,7 +105,7 @@ sigpause(int mask)
+
+ sigemptyset(&set);
+ set.__bits[0] = mask;
+- return (_sigsuspend(&set));
++ return (__libc_sigsuspend(&set));
+ }
+
+ int
+@@ -113,11 +113,11 @@ xsi_sigpause(int sig)
+ {
+ sigset_t set;
+
+- if (_sigprocmask(SIG_BLOCK, NULL, &set) == -1)
++ if (__libc_sigprocmask(SIG_BLOCK, NULL, &set) == -1)
+ return (-1);
+ if (sigdelset(&set, sig) == -1)
+ return (-1);
+- return (_sigsuspend(&set));
++ return (__libc_sigsuspend(&set));
+ }
+
+ int
+@@ -128,7 +128,7 @@ sighold(int sig)
+ sigemptyset(&set);
+ if (sigaddset(&set, sig) == -1)
+ return (-1);
+- return (_sigprocmask(SIG_BLOCK, &set, NULL));
++ return (__libc_sigprocmask(SIG_BLOCK, &set, NULL));
+ }
+
+ int
+@@ -138,7 +138,7 @@ sigignore(int sig)
+
+ bzero(&sa, sizeof(sa));
+ sa.sa_handler = SIG_IGN;
+- return (_sigaction(sig, &sa, NULL));
++ return (__libc_sigaction(sig, &sa, NULL));
+ }
+
+ int
+@@ -149,7 +149,7 @@ sigrelse(int sig)
+ sigemptyset(&set);
+ if (sigaddset(&set, sig) == -1)
+ return (-1);
+- return (_sigprocmask(SIG_UNBLOCK, &set, NULL));
++ return (__libc_sigprocmask(SIG_UNBLOCK, &set, NULL));
+ }
+
+ void
+@@ -161,26 +161,26 @@ void
+ sigemptyset(&set);
+ if (sigaddset(&set, sig) == -1)
+ return (SIG_ERR);
+- if (_sigprocmask(SIG_BLOCK, NULL, &pset) == -1)
++ if (__libc_sigprocmask(SIG_BLOCK, NULL, &pset) == -1)
+ return (SIG_ERR);
+ if ((__sighandler_t *)disp == SIG_HOLD) {
+- if (_sigprocmask(SIG_BLOCK, &set, &pset) == -1)
++ if (__libc_sigprocmask(SIG_BLOCK, &set, &pset) == -1)
+ return (SIG_ERR);
+ if (sigismember(&pset, sig))
+ return (SIG_HOLD);
+ else {
+- if (_sigaction(sig, NULL, &psa) == -1)
++ if (__libc_sigaction(sig, NULL, &psa) == -1)
+ return (SIG_ERR);
+ return (psa.sa_handler);
+ }
+ } else {
+- if (_sigprocmask(SIG_UNBLOCK, &set, &pset) == -1)
++ if (__libc_sigprocmask(SIG_UNBLOCK, &set, &pset) == -1)
+ return (SIG_ERR);
+ }
+
+ bzero(&sa, sizeof(sa));
+ sa.sa_handler = disp;
+- if (_sigaction(sig, &sa, &psa) == -1)
++ if (__libc_sigaction(sig, &sa, &psa) == -1)
+ return (SIG_ERR);
+ if (sigismember(&pset, sig))
+ return (SIG_HOLD);
+Index: lib/libc/db/btree/bt_open.c
+===================================================================
+--- lib/libc/db/btree/bt_open.c (revision 287549)
++++ lib/libc/db/btree/bt_open.c (working copy)
+@@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
+ #include <string.h>
+ #include <unistd.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ #include <db.h>
+ #include "btree.h"
+@@ -401,10 +402,10 @@ tmp(void)
+ }
+
+ (void)sigfillset(&set);
+- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
++ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
+ if ((fd = mkostemp(path, O_CLOEXEC)) != -1)
+ (void)unlink(path);
+- (void)_sigprocmask(SIG_SETMASK, &oset, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oset, NULL);
+ return(fd);
+ }
+
+Index: lib/libc/db/hash/hash_page.c
+===================================================================
+--- lib/libc/db/hash/hash_page.c (revision 287549)
++++ lib/libc/db/hash/hash_page.c (working copy)
+@@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$");
+ #include <assert.h>
+ #endif
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ #include <db.h>
+ #include "hash.h"
+@@ -861,10 +862,10 @@ open_temp(HTAB *hashp)
+
+ /* Block signals; make sure file goes away at process exit. */
+ (void)sigfillset(&set);
+- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
++ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
+ if ((hashp->fp = mkostemp(path, O_CLOEXEC)) != -1)
+ (void)unlink(path);
+- (void)_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);
+ return (hashp->fp != -1 ? 0 : -1);
+ }
+
+Index: lib/libc/gen/daemon.c
+===================================================================
+--- lib/libc/gen/daemon.c (revision 287549)
++++ lib/libc/gen/daemon.c (working copy)
+@@ -41,10 +41,10 @@ __FBSDID("$FreeBSD$");
+ #include <signal.h>
+ #include <unistd.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ int
+-daemon(nochdir, noclose)
+- int nochdir, noclose;
++daemon(int nochdir, int noclose)
+ {
+ struct sigaction osa, sa;
+ int fd;
+@@ -56,7 +56,7 @@ int
+ sigemptyset(&sa.sa_mask);
+ sa.sa_handler = SIG_IGN;
+ sa.sa_flags = 0;
+- osa_ok = _sigaction(SIGHUP, &sa, &osa);
++ osa_ok = __libc_sigaction(SIGHUP, &sa, &osa);
+
+ switch (fork()) {
+ case -1:
+@@ -74,7 +74,7 @@ int
+ newgrp = setsid();
+ oerrno = errno;
+ if (osa_ok != -1)
+- _sigaction(SIGHUP, &osa, NULL);
++ __libc_sigaction(SIGHUP, &osa, NULL);
+
+ if (newgrp == -1) {
+ errno = oerrno;
+Index: lib/libc/gen/posix_spawn.c
+===================================================================
+--- lib/libc/gen/posix_spawn.c (revision 287549)
++++ lib/libc/gen/posix_spawn.c (working copy)
+@@ -118,15 +118,18 @@ process_spawnattr(const posix_spawnattr_t sa)
+ return (errno);
+ }
+
+- /* Set signal masks/defaults */
++ /*
++ * Set signal masks/defaults.
++ * Use unwrapped syscall, libthr is in undefined state after vfork().
++ */
+ if (sa->sa_flags & POSIX_SPAWN_SETSIGMASK) {
+- _sigprocmask(SIG_SETMASK, &sa->sa_sigmask, NULL);
++ __sys_sigprocmask(SIG_SETMASK, &sa->sa_sigmask, NULL);
+ }
+
+ if (sa->sa_flags & POSIX_SPAWN_SETSIGDEF) {
+ for (i = 1; i <= _SIG_MAXSIG; i++) {
+ if (sigismember(&sa->sa_sigdefault, i))
+- if (_sigaction(i, &sigact, NULL) != 0)
++ if (__sys_sigaction(i, &sigact, NULL) != 0)
+ return (errno);
+ }
+ }
+Index: lib/libc/gen/readpassphrase.c
+===================================================================
+--- lib/libc/gen/readpassphrase.c (revision 287549)
++++ lib/libc/gen/readpassphrase.c (working copy)
+@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
+ #include <unistd.h>
+ #include <readpassphrase.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ static volatile sig_atomic_t signo[NSIG];
+
+@@ -104,15 +105,15 @@ restart:
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0; /* don't restart system calls */
+ sa.sa_handler = handler;
+- (void)_sigaction(SIGALRM, &sa, &savealrm);
+- (void)_sigaction(SIGHUP, &sa, &savehup);
+- (void)_sigaction(SIGINT, &sa, &saveint);
+- (void)_sigaction(SIGPIPE, &sa, &savepipe);
+- (void)_sigaction(SIGQUIT, &sa, &savequit);
+- (void)_sigaction(SIGTERM, &sa, &saveterm);
+- (void)_sigaction(SIGTSTP, &sa, &savetstp);
+- (void)_sigaction(SIGTTIN, &sa, &savettin);
+- (void)_sigaction(SIGTTOU, &sa, &savettou);
++ (void)__libc_sigaction(SIGALRM, &sa, &savealrm);
++ (void)__libc_sigaction(SIGHUP, &sa, &savehup);
++ (void)__libc_sigaction(SIGINT, &sa, &saveint);
++ (void)__libc_sigaction(SIGPIPE, &sa, &savepipe);
++ (void)__libc_sigaction(SIGQUIT, &sa, &savequit);
++ (void)__libc_sigaction(SIGTERM, &sa, &saveterm);
++ (void)__libc_sigaction(SIGTSTP, &sa, &savetstp);
++ (void)__libc_sigaction(SIGTTIN, &sa, &savettin);
++ (void)__libc_sigaction(SIGTTOU, &sa, &savettou);
+
+ if (!(flags & RPP_STDIN))
+ (void)_write(output, prompt, strlen(prompt));
+@@ -142,15 +143,15 @@ restart:
+ errno == EINTR && !signo[SIGTTOU])
+ continue;
+ }
+- (void)_sigaction(SIGALRM, &savealrm, NULL);
+- (void)_sigaction(SIGHUP, &savehup, NULL);
+- (void)_sigaction(SIGINT, &saveint, NULL);
+- (void)_sigaction(SIGQUIT, &savequit, NULL);
+- (void)_sigaction(SIGPIPE, &savepipe, NULL);
+- (void)_sigaction(SIGTERM, &saveterm, NULL);
+- (void)_sigaction(SIGTSTP, &savetstp, NULL);
+- (void)_sigaction(SIGTTIN, &savettin, NULL);
+- (void)_sigaction(SIGTTOU, &savettou, NULL);
++ (void)__libc_sigaction(SIGALRM, &savealrm, NULL);
++ (void)__libc_sigaction(SIGHUP, &savehup, NULL);
++ (void)__libc_sigaction(SIGINT, &saveint, NULL);
++ (void)__libc_sigaction(SIGQUIT, &savequit, NULL);
++ (void)__libc_sigaction(SIGPIPE, &savepipe, NULL);
++ (void)__libc_sigaction(SIGTERM, &saveterm, NULL);
++ (void)__libc_sigaction(SIGTSTP, &savetstp, NULL);
++ (void)__libc_sigaction(SIGTTIN, &savettin, NULL);
++ (void)__libc_sigaction(SIGTTOU, &savettou, NULL);
+ if (input != STDIN_FILENO)
+ (void)_close(input);
+
+Index: lib/libc/gen/setmode.c
+===================================================================
+--- lib/libc/gen/setmode.c (revision 287549)
++++ lib/libc/gen/setmode.c (working copy)
+@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
+ #include <stdio.h>
+ #endif
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ #define SET_LEN 6 /* initial # of bitcmd struct to malloc */
+ #define SET_LEN_INCR 4 /* # of bitcmd structs to add as needed */
+@@ -187,10 +188,10 @@ setmode(const char *p)
+ * as best we can.
+ */
+ sigfillset(&sigset);
+- (void)_sigprocmask(SIG_BLOCK, &sigset, &sigoset);
++ (void)__libc_sigprocmask(SIG_BLOCK, &sigset, &sigoset);
+ (void)umask(mask = umask(0));
+ mask = ~mask;
+- (void)_sigprocmask(SIG_SETMASK, &sigoset, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &sigoset, NULL);
+
+ setlen = SET_LEN + 2;
+
+Index: lib/libc/gen/siginterrupt.c
+===================================================================
+--- lib/libc/gen/siginterrupt.c (revision 287549)
++++ lib/libc/gen/siginterrupt.c (working copy)
+@@ -43,14 +43,13 @@ __FBSDID("$FreeBSD$");
+ * after an instance of the indicated signal.
+ */
+ int
+-siginterrupt(sig, flag)
+- int sig, flag;
++siginterrupt(int sig, int flag)
+ {
+ extern sigset_t _sigintr __hidden;
+ struct sigaction sa;
+ int ret;
+
+- if ((ret = _sigaction(sig, (struct sigaction *)0, &sa)) < 0)
++ if ((ret = __libc_sigaction(sig, (struct sigaction *)0, &sa)) < 0)
+ return (ret);
+ if (flag) {
+ sigaddset(&_sigintr, sig);
+@@ -59,5 +58,5 @@ int
+ sigdelset(&_sigintr, sig);
+ sa.sa_flags |= SA_RESTART;
+ }
+- return (_sigaction(sig, &sa, (struct sigaction *)0));
++ return (__libc_sigaction(sig, &sa, (struct sigaction *)0));
+ }
+Index: lib/libc/gen/signal.c
+===================================================================
+--- lib/libc/gen/signal.c (revision 287549)
++++ lib/libc/gen/signal.c (working copy)
+@@ -44,9 +44,7 @@ __FBSDID("$FreeBSD$");
+ sigset_t _sigintr __hidden; /* shared with siginterrupt */
+
+ sig_t
+-signal(s, a)
+- int s;
+- sig_t a;
++signal(int s, sig_t a)
+ {
+ struct sigaction sa, osa;
+
+@@ -55,7 +53,7 @@ sig_t
+ sa.sa_flags = 0;
+ if (!sigismember(&_sigintr, s))
+ sa.sa_flags |= SA_RESTART;
+- if (_sigaction(s, &sa, &osa) < 0)
++ if (__libc_sigaction(s, &sa, &osa) < 0)
+ return (SIG_ERR);
+ return (osa.sa_handler);
+ }
+Index: lib/libc/gen/wordexp.c
+===================================================================
+--- lib/libc/gen/wordexp.c (revision 287549)
++++ lib/libc/gen/wordexp.c (working copy)
+@@ -38,6 +38,7 @@
+ #include <unistd.h>
+ #include <wordexp.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ __FBSDID("$FreeBSD$");
+
+@@ -127,12 +128,12 @@ we_askshell(const char *words, wordexp_t *we, int
+ return (WRDE_NOSPACE); /* XXX */
+ (void)sigemptyset(&newsigblock);
+ (void)sigaddset(&newsigblock, SIGCHLD);
+- (void)_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
++ (void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
+ if ((pid = fork()) < 0) {
+ serrno = errno;
+ _close(pdes[0]);
+ _close(pdes[1]);
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+ errno = serrno;
+ return (WRDE_NOSPACE); /* XXX */
+ }
+@@ -141,7 +142,7 @@ we_askshell(const char *words, wordexp_t *we, int
+ * We are the child; just get /bin/sh to run the wordexp
+ * builtin on `words'.
+ */
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+ if ((pdes[1] != STDOUT_FILENO ?
+ _dup2(pdes[1], STDOUT_FILENO) :
+ _fcntl(pdes[1], F_SETFD, 0)) < 0)
+@@ -210,7 +211,7 @@ cleanup:
+ do
+ wpid = _waitpid(pid, &status, 0);
+ while (wpid < 0 && errno == EINTR);
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+ if (error != 0) {
+ errno = serrno;
+ return (error);
+Index: lib/libc/i386/gen/setjmp.S
+===================================================================
+--- lib/libc/i386/gen/setjmp.S (revision 287549)
++++ lib/libc/i386/gen/setjmp.S (working copy)
+@@ -50,21 +50,12 @@ __FBSDID("$FreeBSD$");
+
+ ENTRY(setjmp)
+ movl 4(%esp),%ecx
+- PIC_PROLOGUE
+-#ifdef PIC
+- subl $12,%esp /* make the stack 16-byte aligned */
+-#endif
+ leal 28(%ecx), %eax
+ pushl %eax /* (sigset_t*)oset */
+ pushl $0 /* (sigset_t*)set */
+ pushl $1 /* SIG_BLOCK */
+- call PIC_PLT(CNAME(_sigprocmask))
+-#ifdef PIC
+- addl $24,%esp
+-#else
++ call __libc_sigprocmask
+ addl $12,%esp
+-#endif
+- PIC_EPILOGUE
+ movl 4(%esp),%ecx
+ movl 0(%esp),%edx
+ movl %edx, 0(%ecx)
+@@ -82,21 +73,12 @@ END(setjmp)
+ .set CNAME(longjmp),CNAME(__longjmp)
+ ENTRY(__longjmp)
+ movl 4(%esp),%edx
+- PIC_PROLOGUE
+-#ifdef PIC
+- subl $12,%esp /* make the stack 16-byte aligned */
+-#endif
+ pushl $0 /* (sigset_t*)oset */
+ leal 28(%edx), %eax
+ pushl %eax /* (sigset_t*)set */
+ pushl $3 /* SIG_SETMASK */
+- call PIC_PLT(CNAME(_sigprocmask))
+-#ifdef PIC
+- addl $24,%esp
+-#else
++ call __libc_sigprocmask
+ addl $12,%esp
+-#endif
+- PIC_EPILOGUE
+ movl 4(%esp),%edx
+ movl 8(%esp),%eax
+ movl 0(%edx),%ecx
+Index: lib/libc/i386/gen/sigsetjmp.S
+===================================================================
+--- lib/libc/i386/gen/sigsetjmp.S (revision 287549)
++++ lib/libc/i386/gen/sigsetjmp.S (working copy)
+@@ -59,21 +59,12 @@ ENTRY(sigsetjmp)
+ movl %eax,44(%ecx)
+ testl %eax,%eax
+ jz 2f
+- PIC_PROLOGUE
+-#ifdef PIC
+- subl $12,%esp /* make the stack 16-byte aligned */
+-#endif
+ leal 28(%ecx), %eax
+ pushl %eax /* (sigset_t*)oset */
+ pushl $0 /* (sigset_t*)set */
+ pushl $1 /* SIG_BLOCK */
+- call PIC_PLT(CNAME(_sigprocmask))
+-#ifdef PIC
+- addl $24,%esp
+-#else
++ call __libc_sigprocmask
+ addl $12,%esp
+-#endif
+- PIC_EPILOGUE
+ movl 4(%esp),%ecx
+ 2: movl 0(%esp),%edx
+ movl %edx, 0(%ecx)
+@@ -93,21 +84,12 @@ ENTRY(__siglongjmp)
+ movl 4(%esp),%edx
+ cmpl $0,44(%edx)
+ jz 2f
+- PIC_PROLOGUE
+-#ifdef PIC
+- subl $12,%esp /* make the stack 16-byte aligned */
+-#endif
+ pushl $0 /* (sigset_t*)oset */
+ leal 28(%edx), %eax
+ pushl %eax /* (sigset_t*)set */
+ pushl $3 /* SIG_SETMASK */
+- call PIC_PLT(CNAME(_sigprocmask))
+-#ifdef PIC
+- addl $24,%esp
+-#else
++ call __libc_sigprocmask
+ addl $12,%esp
+-#endif
+- PIC_EPILOGUE
+ movl 4(%esp),%edx
+ 2: movl 8(%esp),%eax
+ movl 0(%edx),%ecx
+Index: lib/libc/include/libc_private.h
+===================================================================
+--- lib/libc/include/libc_private.h (revision 287549)
++++ lib/libc/include/libc_private.h (working copy)
+@@ -368,6 +368,11 @@ __pid_t __sys_wait6(enum idtype, __id_t, int *, i
+ __ssize_t __sys_write(int, const void *, __size_t);
+ __ssize_t __sys_writev(int, const struct iovec *, int);
+
++int __libc_sigaction(int, const struct sigaction *,
++ struct sigaction *) __hidden;
++int __libc_sigprocmask(int, const __sigset_t *, __sigset_t *)
++ __hidden;
++int __libc_sigsuspend(const __sigset_t *) __hidden;
+ int __libc_sigwait(const __sigset_t * __restrict,
+ int * restrict sig);
+ int __libc_system(const char *);
+Index: lib/libc/net/rcmd.c
+===================================================================
+--- lib/libc/net/rcmd.c (revision 287549)
++++ lib/libc/net/rcmd.c (working copy)
+@@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
+ #endif
+ #include <arpa/nameser.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ extern int innetgr( const char *, const char *, const char *, const char * );
+
+@@ -148,7 +149,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
+ refused = 0;
+ sigemptyset(&newmask);
+ sigaddset(&newmask, SIGURG);
+- _sigprocmask(SIG_BLOCK, (const sigset_t *)&newmask, &oldmask);
++ __libc_sigprocmask(SIG_BLOCK, (const sigset_t *)&newmask, &oldmask);
+ for (timo = 1, lport = IPPORT_RESERVED - 1;;) {
+ s = rresvport_af(&lport, ai->ai_family);
+ if (s < 0) {
+@@ -163,7 +164,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
+ (void)fprintf(stderr, "rcmd: socket: %s\n",
+ strerror(errno));
+ freeaddrinfo(res);
+- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
++ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
+ NULL);
+ return (-1);
+ }
+@@ -181,7 +182,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p,
+ (void)fprintf(stderr, "%s: %s\n",
+ *ahost, strerror(errno));
+ freeaddrinfo(res);
+- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
++ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask,
+ NULL);
+ return (-1);
+ }
+@@ -306,7 +307,7 @@ again:
+ }
+ goto bad2;
+ }
+- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
++ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
+ freeaddrinfo(res);
+ return (s);
+ bad2:
+@@ -314,7 +315,7 @@ bad2:
+ (void)_close(*fd2p);
+ bad:
+ (void)_close(s);
+- _sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
++ __libc_sigprocmask(SIG_SETMASK, (const sigset_t *)&oldmask, NULL);
+ freeaddrinfo(res);
+ return (-1);
+ }
+Index: lib/libc/stdio/tmpfile.c
+===================================================================
+--- lib/libc/stdio/tmpfile.c (revision 287549)
++++ lib/libc/stdio/tmpfile.c (working copy)
+@@ -46,9 +46,10 @@ __FBSDID("$FreeBSD$");
+ #include <string.h>
+ #include <paths.h>
+ #include "un-namespace.h"
++#include "libc_private.h"
+
+ FILE *
+-tmpfile()
++tmpfile(void)
+ {
+ sigset_t set, oset;
+ FILE *fp;
+@@ -69,7 +70,7 @@ FILE *
+ return (NULL);
+
+ sigfillset(&set);
+- (void)_sigprocmask(SIG_BLOCK, &set, &oset);
++ (void)__libc_sigprocmask(SIG_BLOCK, &set, &oset);
+
+ fd = mkstemp(buf);
+ if (fd != -1)
+@@ -77,7 +78,7 @@ FILE *
+
+ free(buf);
+
+- (void)_sigprocmask(SIG_SETMASK, &oset, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oset, NULL);
+
+ if (fd == -1)
+ return (NULL);
+Index: lib/libc/stdlib/abort.c
+===================================================================
+--- lib/libc/stdlib/abort.c (revision 287549)
++++ lib/libc/stdlib/abort.c (working copy)
+@@ -61,7 +61,7 @@ abort()
+ * any errors -- ISO C doesn't allow abort to return anyway.
+ */
+ sigdelset(&act.sa_mask, SIGABRT);
+- (void)_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
+ (void)raise(SIGABRT);
+
+ /*
+@@ -71,9 +71,9 @@ abort()
+ act.sa_handler = SIG_DFL;
+ act.sa_flags = 0;
+ sigfillset(&act.sa_mask);
+- (void)_sigaction(SIGABRT, &act, NULL);
++ (void)__libc_sigaction(SIGABRT, &act, NULL);
+ sigdelset(&act.sa_mask, SIGABRT);
+- (void)_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &act.sa_mask, NULL);
+ (void)raise(SIGABRT);
+ exit(1);
+ }
+Index: lib/libc/stdlib/system.c
+===================================================================
+--- lib/libc/stdlib/system.c (revision 287549)
++++ lib/libc/stdlib/system.c (working copy)
+@@ -70,16 +70,20 @@ __libc_system(const char *command)
+ (void)sigaddset(&newsigblock, SIGCHLD);
+ (void)sigaddset(&newsigblock, SIGINT);
+ (void)sigaddset(&newsigblock, SIGQUIT);
+- (void)_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
++ (void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
+ switch(pid = vfork()) {
++ /*
++ * In the child, use unwrapped syscalls. libthr is in
++ * undefined state after vfork().
++ */
+ case -1: /* error */
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+ return (-1);
+ case 0: /* child */
+ /*
+ * Restore original signal dispositions and exec the command.
+ */
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ (void)__sys_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+ execl(_PATH_BSHELL, "sh", "-c", command, (char *)NULL);
+ _exit(127);
+ }
+@@ -92,16 +96,16 @@ __libc_system(const char *command)
+ memset(&ign, 0, sizeof(ign));
+ ign.sa_handler = SIG_IGN;
+ (void)sigemptyset(&ign.sa_mask);
+- (void)_sigaction(SIGINT, &ign, &intact);
+- (void)_sigaction(SIGQUIT, &ign, &quitact);
++ (void)__libc_sigaction(SIGINT, &ign, &intact);
++ (void)__libc_sigaction(SIGQUIT, &ign, &quitact);
+ savedpid = pid;
+ do {
+ pid = _wait4(savedpid, &pstat, 0, (struct rusage *)0);
+ } while (pid == -1 && errno == EINTR);
+- (void)_sigaction(SIGINT, &intact, NULL);
+- (void)_sigaction(SIGQUIT, &quitact, NULL);
+- (void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
+- return(pid == -1 ? -1 : pstat);
++ (void)__libc_sigaction(SIGINT, &intact, NULL);
++ (void)__libc_sigaction(SIGQUIT, &quitact, NULL);
++ (void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
++ return (pid == -1 ? -1 : pstat);
+ }
+
+ __weak_reference(__libc_system, __system);
+Index: lib/libc/sys/sigaction.c
+===================================================================
+--- lib/libc/sys/sigaction.c (revision 287549)
++++ lib/libc/sys/sigaction.c (working copy)
+@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
+ #include "libc_private.h"
+
+ __weak_reference(__sys_sigaction, __sigaction);
++__weak_reference(sigaction, __libc_sigaction);
+
+ #pragma weak sigaction
+ int
+Index: lib/libc/sys/sigprocmask.c
+===================================================================
+--- lib/libc/sys/sigprocmask.c (revision 287549)
++++ lib/libc/sys/sigprocmask.c (working copy)
+@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
+ #include "libc_private.h"
+
+ __weak_reference(__sys_sigprocmask, __sigprocmask);
++__weak_reference(sigprocmask, __libc_sigprocmask);
+
+ #pragma weak sigprocmask
+ int
+Index: lib/libc/sys/sigsuspend.c
+===================================================================
+--- lib/libc/sys/sigsuspend.c (revision 287549)
++++ lib/libc/sys/sigsuspend.c (working copy)
+@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
+ #include "libc_private.h"
+
+ __weak_reference(__sys_sigsuspend, __sigsuspend);
++__weak_reference(sigsuspend, __libc_sigsuspend);
+
+ #pragma weak sigsuspend
+ int
diff --git a/share/security/patches/EN-15:17/libc.patch.asc b/share/security/patches/EN-15:17/libc.patch.asc
new file mode 100644
index 0000000000..c720e7f6c7
--- /dev/null
+++ b/share/security/patches/EN-15:17/libc.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rn2C4QAMDDczxpTAeDoMkZB3TUT21G
+sXpFS4/YvZUWTrXgKTFmHP9vy2wzE0u2TU2sFq/h8lJ6WMiKi7siP92/eb9CJWlY
+5LzgKiAgVpTrmXWJUPraBPGjSdgKs3hW3nzwfWqnQi0EH4Wv0rGSLyQoY1N4N1A4
+W1tg/GRSkoyCko3RlvnE3nGnR8h+rbQiWw6dlDf2+IARwJWb66O8riHfrHpkinfo
+IoEMnRQttIoeNsSFAVEnWSBkZYs9eSRkSZMgsBPSGgTNMXjO3MwimKkcOVoJshim
+zekorHKeUEtz77AUqFnpyGE/GFobkYJD/Dc5tyBYNaZv4eCzWDB2o8wDqR/35U1A
+peLD1w7cJkKdjklsb5apWby8ccM5EwS6JTiuce3y5o6gGoDc6EhhsmJbpKazKHVy
+SjnFWiLHW3D/J3W/seDNo5Gz1Tq/zpJ74OUqT1YrkVfTTRYUcHDpeerHpy4hTwGF
+kTaHYTBMifwJP3FZJwZ3UfafN/0hUguiPQJwVONt7lKl8tpOU/EQ4cFPLKf/Thns
+SXnOFINEwPrW+J+aQ/ZkA+7RsTYHW5appRcIjjIeQVexWUKf+ICZBq3Pc/iZLTET
+D49+Dt2T0fBT7kIv1yZ1rePzYZ2kWiruLiWMw55WbComgbYEc9LPKw0qHWMPw4h1
+RLPHdFcVjvF5HzlkoHnr
+=RjtR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-15:18/pkg-10.patch b/share/security/patches/EN-15:18/pkg-10.patch
new file mode 100644
index 0000000000..df7ab9232e
--- /dev/null
+++ b/share/security/patches/EN-15:18/pkg-10.patch
@@ -0,0 +1,320 @@
+Index: usr.sbin/pkg/config.c
+===================================================================
+--- usr.sbin/pkg/config.c (revision 287854)
++++ usr.sbin/pkg/config.c (working copy)
+@@ -131,6 +131,15 @@ static struct config_entry c[] = {
+ false,
+ true,
+ },
++ [PUBKEY] = {
++ PKG_CONFIG_STRING,
++ "PUBKEY",
++ NULL,
++ NULL,
++ NULL,
++ false,
++ false
++ }
+ };
+
+ static int
+@@ -231,6 +240,8 @@ config_parse(const ucl_object_t *obj, pkg_conf_fil
+ sbuf_cpy(buf, "SIGNATURE_TYPE");
+ else if (strcasecmp(key, "fingerprints") == 0)
+ sbuf_cpy(buf, "FINGERPRINTS");
++ else if (strcasecmp(key, "pubkey") == 0)
++ sbuf_cpy(buf, "PUBKEY");
+ else if (strcasecmp(key, "enabled") == 0) {
+ if ((cur->type != UCL_BOOLEAN) ||
+ !ucl_object_toboolean(cur))
+Index: usr.sbin/pkg/config.h
+===================================================================
+--- usr.sbin/pkg/config.h (revision 287854)
++++ usr.sbin/pkg/config.h (working copy)
+@@ -40,6 +40,7 @@ typedef enum {
+ SIGNATURE_TYPE,
+ FINGERPRINTS,
+ REPOS_DIR,
++ PUBKEY,
+ CONFIG_SIZE
+ } pkg_config_key;
+
+Index: usr.sbin/pkg/pkg.c
+===================================================================
+--- usr.sbin/pkg/pkg.c (revision 287854)
++++ usr.sbin/pkg/pkg.c (working copy)
+@@ -65,6 +65,11 @@ struct sig_cert {
+ bool trusted;
+ };
+
++struct pubkey {
++ unsigned char *sig;
++ int siglen;
++};
++
+ typedef enum {
+ HASH_UNKNOWN,
+ HASH_SHA256,
+@@ -470,6 +475,25 @@ cleanup:
+ }
+
+ static EVP_PKEY *
++load_public_key_file(const char *file)
++{
++ EVP_PKEY *pkey;
++ BIO *bp;
++ char errbuf[1024];
++
++ bp = BIO_new_file(file, "r");
++ if (!bp)
++ errx(EXIT_FAILURE, "Unable to read %s", file);
++
++ if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL)
++ warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf));
++
++ BIO_free(bp);
++
++ return (pkey);
++}
++
++static EVP_PKEY *
+ load_public_key_buf(const unsigned char *cert, int certlen)
+ {
+ EVP_PKEY *pkey;
+@@ -487,8 +511,8 @@ load_public_key_buf(const unsigned char *cert, int
+ }
+
+ static bool
+-rsa_verify_cert(int fd, const unsigned char *key, int keylen,
+- unsigned char *sig, int siglen)
++rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key,
++ int keylen, unsigned char *sig, int siglen)
+ {
+ EVP_MD_CTX *mdctx;
+ EVP_PKEY *pkey;
+@@ -500,6 +524,8 @@ static bool
+ mdctx = NULL;
+ ret = false;
+
++ SSL_load_error_strings();
++
+ /* Compute SHA256 of the package. */
+ if (lseek(fd, 0, 0) == -1) {
+ warn("lseek");
+@@ -510,9 +536,16 @@ static bool
+ goto cleanup;
+ }
+
+- if ((pkey = load_public_key_buf(key, keylen)) == NULL) {
+- warnx("Error reading public key");
+- goto cleanup;
++ if (sigfile != NULL) {
++ if ((pkey = load_public_key_file(sigfile)) == NULL) {
++ warnx("Error reading public key");
++ goto cleanup;
++ }
++ } else {
++ if ((pkey = load_public_key_buf(key, keylen)) == NULL) {
++ warnx("Error reading public key");
++ goto cleanup;
++ }
+ }
+
+ /* Verify signature of the SHA256(pkg) is valid. */
+@@ -552,6 +585,35 @@ cleanup:
+ return (ret);
+ }
+
++static struct pubkey *
++read_pubkey(int fd)
++{
++ struct pubkey *pk;
++ struct sbuf *sig;
++ char buf[4096];
++ int r;
++
++ if (lseek(fd, 0, 0) == -1) {
++ warn("lseek");
++ return (NULL);
++ }
++
++ sig = sbuf_new_auto();
++
++ while ((r = read(fd, buf, sizeof(buf))) >0) {
++ sbuf_bcat(sig, buf, r);
++ }
++
++ sbuf_finish(sig);
++ pk = calloc(1, sizeof(struct pubkey));
++ pk->siglen = sbuf_len(sig);
++ pk->sig = calloc(1, pk->siglen);
++ memcpy(pk->sig, sbuf_data(sig), pk->siglen);
++ sbuf_delete(sig);
++
++ return (pk);
++}
++
+ static struct sig_cert *
+ parse_cert(int fd) {
+ int my_fd;
+@@ -625,6 +687,45 @@ parse_cert(int fd) {
+ }
+
+ static bool
++verify_pubsignature(int fd_pkg, int fd_sig)
++{
++ struct pubkey *pk;
++ const char *pubkey;
++ bool ret;
++
++ pk = NULL;
++ pubkey = NULL;
++ ret = false;
++ if (config_string(PUBKEY, &pubkey) != 0) {
++ warnx("No CONFIG_PUBKEY defined");
++ goto cleanup;
++ }
++
++ if ((pk = read_pubkey(fd_sig)) == NULL) {
++ warnx("Error reading signature");
++ goto cleanup;
++ }
++
++ /* Verify the signature. */
++ printf("Verifying signature with public key %s... ", pubkey);
++ if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig,
++ pk->siglen) == false) {
++ fprintf(stderr, "Signature is not valid\n");
++ goto cleanup;
++ }
++
++ ret = true;
++
++cleanup:
++ if (pk) {
++ free(pk->sig);
++ free(pk);
++ }
++
++ return (ret);
++}
++
++static bool
+ verify_signature(int fd_pkg, int fd_sig)
+ {
+ struct fingerprint_list *trusted, *revoked;
+@@ -702,7 +803,7 @@ verify_signature(int fd_pkg, int fd_sig)
+
+ /* Verify the signature. */
+ printf("Verifying signature with trusted certificate %s... ", sc->name);
+- if (rsa_verify_cert(fd_pkg, sc->cert, sc->certlen, sc->sig,
++ if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig,
+ sc->siglen) == false) {
+ fprintf(stderr, "Signature is not valid\n");
+ goto cleanup;
+@@ -768,24 +869,42 @@ bootstrap_pkg(bool force)
+
+ if (signature_type != NULL &&
+ strcasecmp(signature_type, "NONE") != 0) {
+- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++
++ snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
++ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
++ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
++ packagesite);
++
++ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto fetchfail;
++ }
++
++ if (verify_signature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
++
++ snprintf(tmpsig, MAXPATHLEN,
++ "%s/pkg.txz.pubkeysig.XXXXXX",
++ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
++ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.pubkeysig",
++ packagesite);
++
++ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto fetchfail;
++ }
++
++ if (verify_pubsignature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++ } else {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+-
+- snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
+- getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
+- snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
+- packagesite);
+-
+- if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
+- fprintf(stderr, "Signature for pkg not available.\n");
+- goto fetchfail;
+- }
+-
+- if (verify_signature(fd_pkg, fd_sig) == false)
+- goto cleanup;
+ }
+
+ if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
+@@ -862,21 +981,37 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
+ }
+ if (signature_type != NULL &&
+ strcasecmp(signature_type, "NONE") != 0) {
+- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++
++ snprintf(path, sizeof(path), "%s.sig", pkgpath);
++
++ if ((fd_sig = open(path, O_RDONLY)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto cleanup;
++ }
++
++ if (verify_signature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++
++ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
++
++ snprintf(path, sizeof(path), "%s.pubkeysig", pkgpath);
++
++ if ((fd_sig = open(path, O_RDONLY)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto cleanup;
++ }
++
++ if (verify_pubsignature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++
++ } else {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+-
+- snprintf(path, sizeof(path), "%s.sig", pkgpath);
+-
+- if ((fd_sig = open(path, O_RDONLY)) == -1) {
+- fprintf(stderr, "Signature for pkg not available.\n");
+- goto cleanup;
+- }
+-
+- if (verify_signature(fd_pkg, fd_sig) == false)
+- goto cleanup;
+ }
+
+ if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
diff --git a/share/security/patches/EN-15:18/pkg-10.patch.asc b/share/security/patches/EN-15:18/pkg-10.patch.asc
new file mode 100644
index 0000000000..6c725d8287
--- /dev/null
+++ b/share/security/patches/EN-15:18/pkg-10.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnbogP/3iMJ97jTQzuwDxcGM/QwOuL
+nvh5/Q0/8wj9yunL2YwlhZBEpL4Z73/SAgiyle6kjZTJIQBiVnLU4C9zmx7K2Nop
+vAEhYc/pFc+iZKQWdQatL0LcWDhg+9eOEiy9AwaxTYQ8PM5XHv7blQ8LAboGwNnP
+P8hyDquMJVYWjd0haqIZMTBKI8a9/kyO0e8QAjfKXZIrS3wOiAEGFfD2cUUKEzvv
+MNsuz4RECKw+r+sZlHk2XJYmiJfvzw0Nc/6qEejt0XhsXeePEY8/wk9EOkL6SX9p
+EOEXQ9QvgwkZvpDgn38cXTSzfZi9/Fr+S+mFTyBKRAICB8v1nrccKzQ6VONun6c+
+fwb5K/IiF5VP5x7SRNv0bqF3CwmdTJBGflN6kYFstUNSbZEnAa5YNBukOX0QozzW
+p2EBQyPF8zyeBbwuYCuyLcyIGDi2Oda9SDqEBL8Nj3un07yP2qSFuKBGhPESPGm4
+qwSSzcQqf3PdIG81NjFhvVyQ8gVambvglVS6uCcF3Wy/UGoYz3srFLOeuh5EDCYw
+ClyIFgJUj9o9eQoi3Efw/SmEVdp6IhPAJai3SVuXkU2LUMp3X3XxmA1ZmvWnxyBO
+WDglAKFiUSQD9miFc4kkJBohB0JGl0FsiWV/axE1SZEpaSUkbemwJz7E+NczHRQh
+2N5QEydvrxCZ5SswDIL3
+=TPCJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-15:18/pkg-9.patch b/share/security/patches/EN-15:18/pkg-9.patch
new file mode 100644
index 0000000000..fe4c40e36b
--- /dev/null
+++ b/share/security/patches/EN-15:18/pkg-9.patch
@@ -0,0 +1,357 @@
+Index: usr.sbin/pkg/config.c
+===================================================================
+--- usr.sbin/pkg/config.c (revision 287854)
++++ usr.sbin/pkg/config.c (working copy)
+@@ -131,6 +131,15 @@ static struct config_entry c[] = {
+ false,
+ true,
+ },
++ [PUBKEY] = {
++ PKG_CONFIG_STRING,
++ "PUBKEY",
++ NULL,
++ NULL,
++ NULL,
++ false,
++ false
++ }
+ };
+
+ static const char *
+@@ -347,6 +356,8 @@ config_parse(ucl_object_t *obj, pkg_conf_file_t co
+ sbuf_cpy(buf, "SIGNATURE_TYPE");
+ else if (strcasecmp(key, "fingerprints") == 0)
+ sbuf_cpy(buf, "FINGERPRINTS");
++ else if (strcasecmp(key, "pubkey") == 0)
++ sbuf_cpy(buf, "PUBKEY");
+ else if (strcasecmp(key, "enabled") == 0) {
+ if ((cur->type != UCL_BOOLEAN) ||
+ !ucl_object_toboolean(cur))
+Index: usr.sbin/pkg/config.h
+===================================================================
+--- usr.sbin/pkg/config.h (revision 287854)
++++ usr.sbin/pkg/config.h (working copy)
+@@ -40,6 +40,7 @@ typedef enum {
+ SIGNATURE_TYPE,
+ FINGERPRINTS,
+ REPOS_DIR,
++ PUBKEY,
+ CONFIG_SIZE
+ } pkg_config_key;
+
+Index: usr.sbin/pkg/pkg.c
+===================================================================
+--- usr.sbin/pkg/pkg.c (revision 287854)
++++ usr.sbin/pkg/pkg.c (working copy)
+@@ -47,7 +47,6 @@ __FBSDID("$FreeBSD$");
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+-#include <time.h>
+ #include <unistd.h>
+ #include <ucl.h>
+
+@@ -66,6 +65,11 @@ struct sig_cert {
+ bool trusted;
+ };
+
++struct pubkey {
++ unsigned char *sig;
++ int siglen;
++};
++
+ typedef enum {
+ HASH_UNKNOWN,
+ HASH_SHA256,
+@@ -176,14 +180,11 @@ fetch_to_fd(const char *url, char *path)
+ /* To store _https._tcp. + hostname + \0 */
+ int fd;
+ int retry, max_retry;
+- off_t done, r;
+- time_t now, last;
++ ssize_t r;
+ char buf[10240];
+ char zone[MAXHOSTNAMELEN + 13];
+ static const char *mirror_type = NULL;
+
+- done = 0;
+- last = 0;
+ max_retry = 3;
+ current = mirrors = NULL;
+ remote = NULL;
+@@ -233,19 +234,16 @@ fetch_to_fd(const char *url, char *path)
+ }
+ }
+
+- while (done < st.size) {
+- if ((r = fread(buf, 1, sizeof(buf), remote)) < 1)
+- break;
+-
++ while ((r = fread(buf, 1, sizeof(buf), remote)) > 0) {
+ if (write(fd, buf, r) != r) {
+ warn("write()");
+ goto fetchfail;
+ }
++ }
+
+- done += r;
+- now = time(NULL);
+- if (now > last || done == st.size)
+- last = now;
++ if (r != 0) {
++ warn("An error occurred while fetching pkg(8)");
++ goto fetchfail;
+ }
+
+ if (ferror(remote))
+@@ -480,6 +478,29 @@ cleanup:
+ }
+
+ static RSA *
++load_rsa_public_key_file(const char *file)
++{
++ RSA *rsa = NULL;
++ BIO *bp;
++ char errbuf[1024];
++
++ bp = BIO_new_file(file, "r");
++ if (!bp)
++ errx(EXIT_FAILURE, "Unable to read %s", file);
++
++ if (!PEM_read_bio_RSA_PUBKEY(bp, &rsa, NULL, NULL)) {
++ warn("error reading public key: %s",
++ ERR_error_string(ERR_get_error(), errbuf));
++ BIO_free(bp);
++ return (NULL);
++ }
++
++ BIO_free(bp);
++
++ return (rsa);
++}
++
++static RSA *
+ load_rsa_public_key_buf(unsigned char *cert, int certlen)
+ {
+ RSA *rsa = NULL;
+@@ -499,8 +520,8 @@ load_rsa_public_key_buf(unsigned char *cert, int c
+
+
+ static bool
+-rsa_verify_cert(int fd, unsigned char *key, int keylen,
+- unsigned char *sig, int siglen)
++rsa_verify_cert(int fd, const char *sigfile, unsigned char *key,
++ int keylen, unsigned char *sig, int siglen)
+ {
+ char sha256[SHA256_DIGEST_LENGTH *2 +1];
+ char hash[SHA256_DIGEST_LENGTH];
+@@ -517,7 +538,11 @@ static bool
+
+ sha256_buf_bin(sha256, strlen(sha256), hash);
+
+- rsa = load_rsa_public_key_buf(key, keylen);
++ if (sigfile != NULL) {
++ rsa = load_rsa_public_key_file(sigfile);
++ } else {
++ rsa = load_rsa_public_key_buf(key, keylen);
++ }
+ if (rsa == NULL)
+ return (false);
+ ret = RSA_verify(NID_sha256, hash, sizeof(hash), sig, siglen, rsa);
+@@ -532,6 +557,35 @@ static bool
+ return (true);
+ }
+
++static struct pubkey *
++read_pubkey(int fd)
++{
++ struct pubkey *pk;
++ struct sbuf *sig;
++ char buf[4096];
++ int r;
++
++ if (lseek(fd, 0, 0) == -1) {
++ warn("lseek");
++ return (NULL);
++ }
++
++ sig = sbuf_new_auto();
++
++ while ((r = read(fd, buf, sizeof(buf))) >0) {
++ sbuf_bcat(sig, buf, r);
++ }
++
++ sbuf_finish(sig);
++ pk = calloc(1, sizeof(struct pubkey));
++ pk->siglen = sbuf_len(sig);
++ pk->sig = calloc(1, pk->siglen);
++ memcpy(pk->sig, sbuf_data(sig), pk->siglen);
++ sbuf_delete(sig);
++
++ return (pk);
++}
++
+ static struct sig_cert *
+ parse_cert(int fd) {
+ int my_fd;
+@@ -605,6 +659,45 @@ parse_cert(int fd) {
+ }
+
+ static bool
++verify_pubsignature(int fd_pkg, int fd_sig)
++{
++ struct pubkey *pk;
++ const char *pubkey;
++ bool ret;
++
++ pk = NULL;
++ pubkey = NULL;
++ ret = false;
++ if (config_string(PUBKEY, &pubkey) != 0) {
++ warnx("No CONFIG_PUBKEY defined");
++ goto cleanup;
++ }
++
++ if ((pk = read_pubkey(fd_sig)) == NULL) {
++ warnx("Error reading signature");
++ goto cleanup;
++ }
++
++ /* Verify the signature. */
++ printf("Verifying signature with public key %s... ", pubkey);
++ if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig,
++ pk->siglen) == false) {
++ fprintf(stderr, "Signature is not valid\n");
++ goto cleanup;
++ }
++
++ ret = true;
++
++cleanup:
++ if (pk) {
++ free(pk->sig);
++ free(pk);
++ }
++
++ return (ret);
++}
++
++static bool
+ verify_signature(int fd_pkg, int fd_sig)
+ {
+ struct fingerprint_list *trusted, *revoked;
+@@ -682,7 +775,7 @@ verify_signature(int fd_pkg, int fd_sig)
+
+ /* Verify the signature. */
+ printf("Verifying signature with trusted certificate %s... ", sc->name);
+- if (rsa_verify_cert(fd_pkg, sc->cert, sc->certlen, sc->sig,
++ if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig,
+ sc->siglen) == false) {
+ printf("failed\n");
+ fprintf(stderr, "Signature is not valid\n");
+@@ -750,24 +843,42 @@ bootstrap_pkg(bool force)
+
+ if (signature_type != NULL &&
+ strcasecmp(signature_type, "NONE") != 0) {
+- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++
++ snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
++ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
++ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
++ packagesite);
++
++ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto fetchfail;
++ }
++
++ if (verify_signature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
++
++ snprintf(tmpsig, MAXPATHLEN,
++ "%s/pkg.txz.pubkeysig.XXXXXX",
++ getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
++ snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.pubkeysig",
++ packagesite);
++
++ if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto fetchfail;
++ }
++
++ if (verify_pubsignature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++ } else {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+-
+- snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
+- getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
+- snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
+- packagesite);
+-
+- if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) {
+- fprintf(stderr, "Signature for pkg not available.\n");
+- goto fetchfail;
+- }
+-
+- if (verify_signature(fd_pkg, fd_sig) == false)
+- goto cleanup;
+ }
+
+ if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
+@@ -841,21 +952,37 @@ bootstrap_pkg_local(const char *pkgpath, bool forc
+ }
+ if (signature_type != NULL &&
+ strcasecmp(signature_type, "NONE") != 0) {
+- if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
++ if (strcasecmp(signature_type, "FINGERPRINTS") == 0) {
++
++ snprintf(path, sizeof(path), "%s.sig", pkgpath);
++
++ if ((fd_sig = open(path, O_RDONLY)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto cleanup;
++ }
++
++ if (verify_signature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++
++ } else if (strcasecmp(signature_type, "PUBKEY") == 0) {
++
++ snprintf(path, sizeof(path), "%s.pubkeysig", pkgpath);
++
++ if ((fd_sig = open(path, O_RDONLY)) == -1) {
++ fprintf(stderr, "Signature for pkg not "
++ "available.\n");
++ goto cleanup;
++ }
++
++ if (verify_pubsignature(fd_pkg, fd_sig) == false)
++ goto cleanup;
++
++ } else {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+-
+- snprintf(path, sizeof(path), "%s.sig", pkgpath);
+-
+- if ((fd_sig = open(path, O_RDONLY)) == -1) {
+- fprintf(stderr, "Signature for pkg not available.\n");
+- goto cleanup;
+- }
+-
+- if (verify_signature(fd_pkg, fd_sig) == false)
+- goto cleanup;
+ }
+
+ if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0)
diff --git a/share/security/patches/EN-15:18/pkg-9.patch.asc b/share/security/patches/EN-15:18/pkg-9.patch.asc
new file mode 100644
index 0000000000..8e23083c10
--- /dev/null
+++ b/share/security/patches/EN-15:18/pkg-9.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJV+dqfAAoJEO1n7NZdz2rnLWcP/1zQAgu+QIRE2D8yqeV+SeRe
+qTOY0rkBqHoIaFw7HfzN/bkK5+niWwKf2GCienwLJ7JAmxcOkE1lthjfe4eUBWMx
+0pWxGfY77barfwNbbXM/yEYGqlVtzDK7o9QmVOar48SQDm3w2bCIF1C+MMDmP2UT
+M9voEUGG2JjgYDu9nW3JdqUiX2UEJwq47XE/n+imAWOef7f4rHNFeJB4CdS99xAV
+iuJaS6GqhGKLjHXUiQd6Er4VxbwMyrCf+yfoAtul8xY95og4f0TJPcVcbpll+Dw5
+kwxRIaL+6AfBPGq6GIMvBP/2Cu84c/GmoLWmS/PQqJe+AUcUGxy+mNJHKFXrqyTB
+4ewgRiFd30H4b5pwMjSlQx5RMZGnbXzUiuuU1tMy2rd+zJGAQE/maIdIfS0rJUUx
+xJ9bPSfkf18K6QUtltSLhMOfOEmxIthBtxSbtUGpNFBhh/DN6qaDnQWL2ve6DzRR
+N+2P89Om2LjFZZI2rulOF8lDvBV2rqbGU9sU8qEl6BoabJhC01RFFxwAkEAy5NYa
+djF17XTFBJ2EtltaySlQGY0cdGstl7ISdfttWrKr3VFf1ZFa1RHWRkdI63ARsf7u
+E9wNeIyDJFvhkiCMcERcBECAc3NZtze8Lnx7ArBgX9omL+zjssufFVqOsguA908t
+acyV6BWgVpt1sWgzk+IP
+=I0E2
+-----END PGP SIGNATURE-----
diff --git a/share/xml/notices.xml b/share/xml/notices.xml
index 9e292abd6b..2520c88383 100644
--- a/share/xml/notices.xml
+++ b/share/xml/notices.xml
@@ -7,6 +7,26 @@
<year>
<name>2015</name>
+ <month>
+ <name>9</name>
+
+ <day>
+ <name>16</name>
+
+ <notice>
+ <name>FreeBSD-EN-15:18.pkg</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-15:17.libc</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-15:16.pw</name>
+ </notice>
+ </day>
+ </month>
+
<month>
<name>8</name>