diff --git a/de_DE.ISO8859-1/articles/Makefile b/de_DE.ISO8859-1/articles/Makefile
index 7d45a87782..f03aafea75 100644
--- a/de_DE.ISO8859-1/articles/Makefile
+++ b/de_DE.ISO8859-1/articles/Makefile
@@ -3,7 +3,6 @@
# The FreeBSD German Documentation Project
#
# $FreeBSD$
-# $FreeBSDde: de-docproj/articles/Makefile,v 1.7 2010/09/18 13:58:33 bcr Exp $
# basiert auf: 1.42
SUBDIR = contributing
@@ -11,6 +10,7 @@ SUBDIR+= contributing-ports
SUBDIR+= explaining-bsd
SUBDIR+= laptop
SUBDIR+= linux-comparison
+SUBDIR+= nanobsd
SUBDIR+= new-users
SUBDIR+= port-mentor-guidelines
SUBDIR+= solid-state
diff --git a/de_DE.ISO8859-1/articles/nanobsd/Makefile b/de_DE.ISO8859-1/articles/nanobsd/Makefile
new file mode 100644
index 0000000000..52a520f415
--- /dev/null
+++ b/de_DE.ISO8859-1/articles/nanobsd/Makefile
@@ -0,0 +1,29 @@
+#
+# The FreeBSD Documentation Project
+# The FreeBSD German Documentation Project
+#
+# $FreeBSD$
+# basiert auf: r39631
+#
+# Article: Einführung in NanoBSD
+
+DOC?= article
+
+FORMATS?= html
+WITH_ARTICLE_TOC?= YES
+
+INSTALL_COMPRESSED?=gz
+INSTALL_ONLY_COMPRESSED?=
+
+# Images from the cross-document image library
+IMAGES_LIB= callouts/1.png
+IMAGES_LIB+= callouts/2.png
+IMAGES_LIB+= callouts/3.png
+IMAGES_LIB+= callouts/4.png
+
+SRCS= article.xml
+
+URL_RELPREFIX?=../../../..
+DOC_PREFIX?= ${.CURDIR}/../../..
+
+.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/de_DE.ISO8859-1/articles/nanobsd/article.xml b/de_DE.ISO8859-1/articles/nanobsd/article.xml
new file mode 100644
index 0000000000..875d6c7214
--- /dev/null
+++ b/de_DE.ISO8859-1/articles/nanobsd/article.xml
@@ -0,0 +1,548 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.5-Based Extension//EN"
+ "../../../share/xml/freebsd45.dtd">
+
+<article lang="de">
+ <articleinfo>
+ <title>Einführung in NanoBSD</title>
+
+ <authorgroup>
+ <author>
+ <firstname>Daniel</firstname>
+ <surname>Gerzo</surname>
+ <!-- 14 March 2006 -->
+ </author>
+ </authorgroup>
+
+ <pubdate>$FreeBSD$</pubdate>
+
+ <copyright>
+ <year>2006</year>
+ <holder>The FreeBSD Documentation Project</holder>
+ </copyright>
+
+ <legalnotice id="trademarks" role="trademarks">
+ &tm-attrib.freebsd;
+ &tm-attrib.general;
+ </legalnotice>
+
+ <abstract>
+ <para>Dieses Dokument stellt Informationen zu den
+ <application>NanoBSD</application> Werkzeugen bereit, die dazu
+ verwendet werden können ein &os; Abbild für eingebettete
+ Systeme zu erstellen, welche auf eine Compact Flash Karte
+ passen (oder andere Massenspeicher).</para>
+
+ <para><emphasis>Übersetzt von Björn
+ Heidotting</emphasis>.</para>
+ </abstract>
+ </articleinfo>
+
+ <sect1 id="intro">
+ <title>Einführung in NanoBSD</title>
+
+ <indexterm><primary>NanoBSD</primary></indexterm>
+
+ <para><application>NanoBSD</application> ist ein Werkzeug welches
+ derzeit von &a.phk; entwickelt wird. Es erstellt ein &os;
+ Systemabbild für eingebettete Systeme, die auf eine Compact
+ Flash Karte passen (oder andere Massenspeicher).</para>
+
+ <para>Es kann dazu benutzt werden um spezialisierte
+ Installationsabbilder zu bauen, entworfen für die einfache
+ Installation und Wartung von Systemen die als "Computer
+ Appliances" bekannt sind. Computer Appliances haben ihre Hard-
+ und Software fest verbaut, dass bedeutet alle Anwendungen sind
+ vorinstalliert. Die Appliance wird an ein bestehendes Netzwerk
+ angeschlossen und kann mit der Arbeit (fast) sofort
+ beginnen.</para>
+
+ <para>Zu den Eigenschaften von <application>NanoBSD</application>
+ gehören:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Ports und Pakete funktionieren wie in &os; — Jede
+ einzelne Anwendung kann auf dem
+ <application>NanoBSD</application> Abbild installiert und
+ benutzt werden, auf die gleiche Weise wie Sie es aus &os;
+ gewohnt sind.</para>
+ </listitem>
+
+ <listitem>
+ <para>Keine fehlende Funktionalität — Wenn es möglich
+ ist, etwas mit &os; zu tun, ist es auch möglich, die
+ gleiche Sache mit <application>NanoBSD</application> zu tun,
+ es sei denn, eine oder mehrere Funktionen wurden
+ ausdrücklich vor dem Bau des
+ <application>NanoBSD</application> Abbilds entfernt.</para>
+ </listitem>
+
+ <listitem>
+ <para>Zur Laufzeit ist alles read-only — Es ist sicher
+ den Stromstecker zu ziehen. Es besteht dann keine
+ Notwendigkeit, einen &man.fsck.8; nach einem nicht
+ ordnungsgemäßem Herunterfahren des Systems
+ auszuführen.</para>
+ </listitem>
+
+ <listitem>
+ <para>Einfach zu bauen und anzupassen — Unter Verwendung
+ von nur einem Shell-Skript und einer Konfigurationsdatei ist
+ es möglich, ein reduziertes und angepasstes Abbild zu
+ bauen, welches jegliche Reihe von Anforderungen
+ erfüllt.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="howto">
+ <title>NanoBSD Anleitung</title>
+
+ <sect2 id="design">
+ <title>Das Design von NanoBSD</title>
+
+ <para>Sobald das Abbild auf dem Medium verfügbar ist, kann
+ <application>NanoBSD</application> gebootet werden. Der
+ Massenspeicher ist standardmäßig in drei Teile
+ unterteilt:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Zwei Abbild Partitionen: <literal>code#1</literal> und
+ <literal>code#2</literal>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Die Partition der Konfigurationsdatei, welche zur
+ Laufzeit unter dem <filename
+ class="directory">/cfg</filename> Verzeichnis gemountet
+ werden kann.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Diese Partitionen sind im Allgemeinen read-only.</para>
+
+ <para>Die <filename class="directory">/etc</filename> und
+ <filename class="directory">/var</filename> Verzeichnisse sind
+ &man.md.4; (malloc) Speicher.</para>
+
+ <para>Die Partition der Konfigurationsdatei besteht unter dem
+ <filename class="directory">/cfg</filename> Verzeichnis. Sie
+ enthält Dateien für das <filename
+ class="directory">/etc</filename> Verzeichnis und wird
+ direkt nach dem Botten read-only eingehangen, weshalb es
+ erforderlich ist geänderte Dateien von <filename
+ class="directory">/etc</filename> zurück nach <filename
+ class="directory">/cfg</filename> zu kopieren falls die
+ Änderungen nach einem Neustart bestehen bleiben
+ sollen.</para>
+
+ <example>
+ <title>Dauerhafte Änderungen in
+ <filename>/etc/resolv.conf</filename> vornehmen</title>
+
+ <screen>&prompt.root; <userinput>vi /etc/resolv.conf</userinput>
+[...]
+&prompt.root; <userinput>mount /cfg</userinput>
+&prompt.root; <userinput>cp /etc/resolv.conf /cfg</userinput>
+&prompt.root; <userinput>umount /cfg</userinput></screen>
+ </example>
+
+ <note>
+ <para>Die <filename class="directory">/cfg</filename>
+ Partition sollte nur während des Bootvorgangs und zu
+ Änderungen an den Konfigurationsdateien gemountet
+ werden.</para>
+
+ <para>Die <filename class="directory">/cfg</filename>
+ Partition jederzeit gemountet zu haben ist keine gute Idee,
+ besonders wenn das <application>NanoBSD</application> System
+ auf einem Massenspeicher betrieben wird, der eventuell druch
+ eine große Anzahl von Schreiboperationen nachteilig
+ beeinträchtigt wird (z. B. wenn der Dateisystem-Syncer den
+ Speicher mit Daten überflutet).</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Ein NanoBSD Abbild erstellen</title>
+
+ <para>Ein <application>NanoBSD</application> Abbild wird über
+ ein einfaches <filename>nanobsd.sh</filename> Shell-Skript
+ gebaut, das sich unter <filename
+ class="directory"><replaceable>/usr</replaceable>/src/tools/tools/nanobsd</filename>
+ befindet. Das Skript erstellt ein Abbild, welches dann
+ mittels &man.dd.1; auf einen Massenspeicher kopiert werden
+ kann.</para>
+
+ <para>Die folgenden Kommandos sind notwendig um ein
+ <application>NanoBSD</application> Abbild zu erstellen:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/tools/tools/nanobsd</userinput> <co id="nbsd-cd"/>
+&prompt.root; <userinput>sh nanobsd.sh</userinput> <co id="nbsd-sh"/>
+&prompt.root; <userinput>cd /usr/obj/nanobsd.full</userinput> <co id="nbsd-cd2"/>
+&prompt.root; <userinput>dd if=_.disk.full of=/dev/da0 bs=64k</userinput> <co id="nbsd-dd"/></screen>
+
+ <calloutlist>
+ <callout arearefs="nbsd-cd">
+ <para>Wechsel in das Basisverzeichnis des
+ <application>NanoBSD</application> Skripts.</para>
+ </callout>
+
+ <callout arearefs="nbsd-sh">
+ <para>Den Bauprozess starten.</para>
+ </callout>
+
+ <callout arearefs="nbsd-cd2">
+ <para>Wechsel in das Verzeichnis, in dem das gebaute Abbild
+ liegt.</para>
+ </callout>
+
+ <callout arearefs="nbsd-dd">
+ <para><application>NanoBSD</application> auf einem
+ Massenspeicher installieren.</para>
+ </callout>
+ </calloutlist>
+ </sect2>
+
+ <sect2>
+ <title>Ein NanoBSD Abbild anpassen</title>
+
+ <para>Dies ist wahrscheinlich das wichtigste und interessanteste
+ Merkmal von <application>NanoBSD</application>. Hierbei
+ werden Sie auch die meiste Zeit mit der Entwicklung von
+ <application>NanoBSD</application> verbringen.</para>
+
+ <para>Der Aufruf des folgenden Kommandos wird
+ <filename>nanobsd.sh</filename> dazu zwingen, seine
+ Konfiguration aus <filename>myconf.nano</filename> aus dem
+ aktuellen Verzeichnis zu lesen:</para>
+
+ <screen>&prompt.root; <userinput>sh nanobsd.sh -c myconf.nano</userinput></screen>
+
+ <para>Die Anpassung wird auf zwei Arten geschehen:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Konfigurations-Optionen</para>
+ </listitem>
+
+ <listitem>
+ <para>Benutzerdefinierte Funktionen</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect3>
+ <title>Konfigurations-Optionen</title>
+
+ <para>Durch Konfigurationseinstellungen ist es möglich
+ Optionen zu übergeben, die sowohl die
+ <maketarget>buildworld</maketarget> und
+ <maketarget>installworld</maketarget> Phasen des
+ <application>NanoBSD</application> Bauprozesses betreffen,
+ sowie interne Optionen, die den Haupt-Bauprozess von
+ <application>NanoBSD</application> beeinflussen. Durch diese
+ Optionen ist es möglich, das System so zu reduzieren, dass
+ es mit wenig Platz, etwa 64 MB auskommt. Sie können die
+ Konfigurationsdateien dazu nutzten &os; noch weiter zu
+ trimmen, bis es nur noch aus dem Kernel und zwei oder drei
+ Dateien im Userland besteht.</para>
+
+ <para>Die Konfigurationsdatei besteht aus
+ Konfigurations-Optionen, welche die Standardwerte
+ überschreiben.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>NANO_NAME</literal> — Name des Build
+ (wird verwendet, um die workdir Namen zu
+ konstruieren).</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>NANO_SRC</literal> — Pfad zum
+ Quelltextverzeichnis, das für den Bau des Abbilds
+ verwendet wird.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>NANO_KERNEL</literal> — Name der
+ Kernelkonfigurationsdatei, die für den Bau des Kernels
+ verwendet wird.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>CONF_BUILD</literal> — Optionen für
+ die <maketarget>buildworld</maketarget> Phase des
+ Bauprozesses.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>CONF_INSTALL</literal> — Optionen
+ für die <maketarget>installworld</maketarget> Phase
+ des Bauprozesses.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>CONF_WORLD</literal> — Optionen für
+ die <maketarget>buildworld</maketarget> und
+ <maketarget>installworld</maketarget> Phasen des
+ Bauprozesses.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>FlashDevice</literal> — Definiert den
+ zu benutzenden Medientyp. Überprüfen Sie die
+ Datei <filename>FlashDevice.sub</filename> für
+ weitere Informationen.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ <sect3>
+ <title>Benutzerdefinierte Funktionen</title>
+
+ <para>Mit Hilfe von Shell-Funktionen in der
+ Konfigurationsdatei besteht die Möglichkeit zur
+ Feinabstimmung von <application>NanoBSD</application>. Das
+ folgende Beispiel illustriert das Grundmodell von
+ benutzerdefinierten Funktionen:</para>
+
+ <programlisting>cust_foo () (
+ echo "bar=baz" > \
+ ${NANO_WORLDDIR}/etc/foo
+)
+customize_cmd cust_foo</programlisting>
+
+ <para>Ein besseres Beispiel für eine Anpassung ist folgende,
+ welche die Standardgröße des <filename
+ class="directory">/etc</filename> Verzeichnisses von 5 MB
+ auf 30 MB ändert:</para>
+
+ <programlisting>cust_etc_size () (
+ cd ${NANO_WORLDDIR}/conf
+ echo 30000 > default/etc/md_size
+)
+customize_cmd cust_etc_size</programlisting>
+
+ <para>Es gibt ein paar vordefinierte Standardfunktionen die
+ Sie nutzen können:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>cust_comconsole</literal> —
+ Deaktiviert &man.getty.8; auf den VGA Geräten (den
+ <filename>/dev/ttyv*</filename> Gerätedateien) und
+ ermöglicht die Nutzung der seriellen Schnittstelle COM1
+ als Systemkonsole.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>cust_allow_ssh_root</literal> —
+ Erlaubt es <username>root</username> sich über
+ &man.sshd.8; anzumelden.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>cust_install_files</literal> —
+ Installiert Dateien aus dem <filename
+ class="directory">nanobsd/Files</filename>
+ Verzeichnis, das einige nützliche Skripte für die
+ Systemverwaltung enthält.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ <sect3>
+ <title>Pakete hinzufügen</title>
+
+ <para>Durch benutzerdefinierte Funktionen können Pakete zum
+ <application>NanoBSD</application> Abbild hinzugefügt
+ werden. Die nachfolgende Funktion installiert alle Pakete
+ aus
+ <filename>/usr/src/tools/tools/nanobsd/packages</filename>:</para>
+
+ <programlisting>install_packages () (
+mkdir -p ${NANO_WORLDDIR}/packages
+cp /usr/src/tools/tools/nanobsd/packages/* ${NANO_WORLDDIR}/packages
+chroot ${NANO_WORLDDIR} sh -c 'cd packages; pkg_add -v *;cd ..;'
+rm -rf ${NANO_WORLDDIR}/packages
+)
+customize_cmd install_packages</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Beispiel einer Konfigurationsdatei</title>
+
+ <para>Ein komplettes Beispiel für eine Konfigurationsdatei
+ zum Erstellen eines benutzerdefinierten
+ <application>NanoBSD</application> Abbilds könnte folgende
+ sein:</para>
+
+ <programlisting>NANO_NAME=custom
+NANO_SRC=/usr/src
+NANO_KERNEL=MYKERNEL
+NANO_IMAGES=2
+
+CONF_BUILD='
+NO_KLDLOAD=YES
+NO_NETGRAPH=YES
+NO_PAM=YES
+'
+
+CONF_INSTALL='
+NO_ACPI=YES
+NO_BLUETOOTH=YES
+NO_CVS=YES
+NO_FORTRAN=YES
+NO_HTML=YES
+NO_LPR=YES
+NO_MAN=YES
+NO_SENDMAIL=YES
+NO_SHAREDOCS=YES
+NO_EXAMPLES=YES
+NO_INSTALLLIB=YES
+NO_CALENDAR=YES
+NO_MISC=YES
+NO_SHARE=YES
+'
+
+CONF_WORLD='
+NO_BIND=YES
+NO_MODULES=YES
+NO_KERBEROS=YES
+NO_GAMES=YES
+NO_RESCUE=YES
+NO_LOCALES=YES
+NO_SYSCONS=YES
+NO_INFO=YES
+'
+
+FlashDevice SanDisk 1G
+
+cust_nobeastie() (
+ touch ${NANO_WORLDDIR}/boot/loader.conf
+ echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf
+)
+
+customize_cmd cust_comconsole
+customize_cmd cust_install_files
+customize_cmd cust_allow_ssh_root
+customize_cmd cust_nobeastie</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>NanoBSD aktualisieren</title>
+
+ <para>The Update-Prozess von <application>NanoBSD</application>
+ ist relativ einfach:</para>
+
+ <procedure>
+ <step>
+ <para>Erstellen Sie ein neues
+ <application>NanoBSD</application> Abbild.</para>
+ </step>
+
+ <step>
+ <para>Laden Sie das neue Abbild in eine unbenutzte Partition
+ eines laufenden <application>NanoBSD</application>
+ Systems.</para>
+
+ <para>Der wichtigste Unterschied dieses Schrittes zur ersten
+ <application>NanoBSD</application> Installation besteht
+ darin, das jetzt anstatt der Datei
+ <filename>_.disk.full</filename> (enthält ein Abbild der
+ gesamten Platte) die Datei
+ <filename>_.disk.image</filename> (enthält ein Abbild
+ einer einzelnen System-Partition) installiert wird.</para>
+ </step>
+
+ <step>
+ <para>Neustart, um das System von der neu installierten
+ Partition zu starten.</para>
+ </step>
+
+ <step>
+ <para>Wenn alles gut geht, ist die Aktualisierung
+ abgeschlossen.</para>
+ </step>
+
+ <step>
+ <para>Wenn etwas schief läuft, starten Sie wieder in die
+ vorherige Partition (die das alte, funktionierende Abbild
+ enthält) um die System-Funktionalität so schnell wie
+ möglich wieder herzustellen. Beheben Sie alle Probleme
+ des neu gebauten Abbilds, und wiederholen Sie den
+ Vorgang.</para>
+ </step>
+ </procedure>
+
+ <para>Um das neue Abbild auf das laufende
+ <application>NanoBSD</application> System zu installieren, ist
+ es möglich, entweder das <filename>updatep1</filename> oder
+ <filename>updatep2</filename> Skript im <filename
+ class="directory">/root</filename> Verzeichnis zu verwenden,
+ je nachdem, von welcher Partition das aktuelle System
+ läuft.</para>
+
+ <para>In Abhängigkeit davon welche Dienste der Host, der das
+ <application>NanoBSD</application> Abbild anbietet, und welche
+ Art von Transfer bevorzugt wird, bestehen eine von drei zu
+ prüfenden Möglichkeiten:</para>
+
+ <sect3>
+ <title>Verwendung von &man.ftp.1;</title>
+
+ <para>Wenn die Übertragungsgeschwindigkeit an erster
+ Stelle steht, verwenden Sie dieses Beispiel:</para>
+
+ <screen>&prompt.root; <userinput>ftp myhost
+get _.disk.image "| sh updatep1"</userinput></screen>
+ </sect3>
+
+ <sect3>
+ <title>Verwendung von &man.ssh.1;</title>
+
+ <para>Wenn eine sichere Übertragung bevorzugt wird,
+ sollten Sie die Verwendung dieses Beispiels in Betracht
+ ziehen:</para>
+
+ <screen>&prompt.root; <userinput>ssh myhost cat _.disk.image.gz | zcat | sh updatep1</userinput></screen>
+ </sect3>
+
+ <sect3>
+ <title>Verwendung von &man.nc.1;</title>
+
+ <para>Verwenden Sie dieses Beispiel, wenn auf dem Remote-Host
+ kein &man.ftpd.8; oder &man.sshd.8; Dienst läuft:</para>
+
+ <procedure>
+ <step>
+ <para>Zunächst öffnen Sie eine TCP-Listener auf dem Host
+ der das Abbild bereitstellt und zum Client
+ sendet:</para>
+
+ <screen>myhost&prompt.root; <userinput>nc -l <replaceable>2222</replaceable> < _.disk.image</userinput></screen>
+
+ <note>
+ <para>Stellen Sie sicher das der benutzte Port nicht
+ blockiert wird, um eingehende Verbindungen, vom
+ <application>NanoBSD</application> Host durch die
+ Firewall, zu ermöglichen.</para>
+ </note>
+ </step>
+
+ <step>
+ <para>Verbinden Sie sich zum Host der das Abbild
+ bereitstellt und führen Sie das
+ <filename>updatep1</filename> Skript aus:</para>
+
+ <screen>&prompt.root; <userinput>nc myhost <replaceable>2222</replaceable> | sh updatep1</userinput></screen>
+ </step>
+ </procedure>
+ </sect3>
+ </sect2>
+ </sect1>
+</article>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/book.xml b/de_DE.ISO8859-1/books/fdp-primer/book.xml
index 47117f0cfb..4dd715903b 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/book.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/book.xml
@@ -36,7 +36,7 @@
$FreeBSD$
$FreeBSDde: de-docproj/books/fdp-primer/book.xml,v 1.24 2012/03/25 14:39:26 bcr Exp $
- basiert auf: r38826
+ basiert auf: r40986
-->
<book lang="de">
@@ -140,7 +140,7 @@
<row>
<entry>Datei- und Verzeichnisnamen</entry>
- <entry>Bearbeiten Sie die Datei
+ <entry>Bearbeiten Sie
<filename>.login</filename>.</entry>
</row>
@@ -194,7 +194,7 @@
</sect1>
<sect1 id="preface-notes">
- <title>Anmerkungen, Tips, wichtige Hinweise, Warnungen und
+ <title>Anmerkungen, Tipps, wichtige Hinweise, Warnungen und
Beispiel</title>
<para>An einigen Stellen innerhalb dieses Buchs werden
diff --git a/de_DE.ISO8859-1/books/fdp-primer/doc-build/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/doc-build/chapter.xml
index 0f59db4f4f..b98298a25f 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/doc-build/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/doc-build/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38845
+ basiert auf: r39631
-->
<chapter id="doc-build">
@@ -82,12 +82,12 @@
Werkzeuge</title>
<para>Zus�tzlich zu den im Kapitel <link
- linkend="tools">SGML-Werkzeuge</link> beschriebenen
+ linkend="tools">XML-Werkzeuge</link> beschriebenen
Werkzeugen ben�tigen Sie noch folgende Programme:</para>
<itemizedlist>
<listitem>
- <para>Das wichtigste Werzeug zum Bau der Dokumentation ist
+ <para>Das wichtigste Werkzeug zum Bau der Dokumentation ist
<application>make</application>, genauer
<application>Berkeley Make</application>.</para>
</listitem>
@@ -179,7 +179,7 @@ DOC_PREFIX?= ${.CURDIR}/..
Variable <makevar>SUBDIR</makevar> den Wert
<literal>articles books</literal>.</para>
- <para>Die Anweisung <makevar>DOC_PREFIX</makevar> zweigt, wie
+ <para>Die Anweisung <makevar>DOC_PREFIX</makevar> zeigt, wie
man einer Variable einen Wert zuweist (vorausgesetzt, die
Variable ist nicht bereits definiert). Eine derartige
Anweisung ist beispielsweise sinnvoll, wenn sich
@@ -304,7 +304,7 @@ DOC_PREFIX?= ${.CURDIR}/../../..
<listitem>
<para><filename>doc.docbook.mk</filename> wird verwendet, wenn
die Variable <makevar>DOCFORMAT</makevar> den Wert
- <literal>docbook</literal> hat und und die Variable
+ <literal>docbook</literal> hat und die Variable
<makevar>DOC</makevar> gesetzt ist.</para>
</listitem>
</itemizedlist>
@@ -502,7 +502,7 @@ PRI_LANG?= en_US.ISO8859-1
<itemizedlist>
<listitem>
<para><literal>exists</literal> gibt "wahr" zur�ck, wenn
- wenn die angegebene Datei bereits existiert.</para>
+ die angegebene Datei bereits existiert.</para>
</listitem>
<listitem>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/examples/appendix.xml b/de_DE.ISO8859-1/books/fdp-primer/examples/appendix.xml
index 958bdb08f5..fcc9b34592 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/examples/appendix.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/examples/appendix.xml
@@ -30,13 +30,13 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38847
+ basiert auf: r39632
-->
<appendix id="examples">
<title>Beispiele</title>
- <para>In diesem Anhang sind SGML-Beispieldokumente und Befehle
+ <para>In diesem Anhang sind XML-Beispieldokumente und Befehle
enthalten, die zeigen, wie man aus DocBook-Dokumenten verschiedene
Ausgabeformate erzeugen kann. Sofern alle Werkzeuge f�r das
Dokumentationsprojekt ordnungsgem�� installiert wurden,
@@ -51,7 +51,7 @@
<application>svn</application> doc-Repository und online unter <ulink
url="http://svnweb.FreeBSD.org/doc/"></ulink> verf�gbar.</para>
- <para>Um Irritationen zu vermeiden, bauen die SGML-Beispiele auf der
+ <para>Um Irritationen zu vermeiden, bauen die XML-Beispiele auf der
4.1er Standard-DocBook DTD anstatt auf der erweiterten
FreeBSD-Variante auf. Ebenso werden die Standardstylesheets von
Norman Welsh, anstatt der angepassten Stylesheets des
@@ -274,7 +274,7 @@
<title>Ein DocBook-Dokument nach Postscript umwandeln</title>
<para>Um eine Postscript-Ausgabe zu erzeugen, muss zuerst
- die SGML-Quelle in eine &tex;-Datei umgewandelt werden.</para>
+ die XML-Quelle in eine &tex;-Datei umgewandelt werden.</para>
<screen>&prompt.user; <userinput>jade -V tex-backend \ <co id="examples-co-jade-3-tex-backend"/>
-c /usr/local/share/xml/docbook/dsssl/modular/catalog \ <co id="examples-co-jade-3-catalog"/>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/overview/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/overview/chapter.xml
index f19ff6aa9f..dbfe39477b 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/overview/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/overview/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38854
+ basiert auf: r41125
-->
@@ -55,7 +55,7 @@
<primary>Mitgliedschaft</primary>
</indexterm>
- <para>Wie jedes Opensourceprojekt, ist auch das FDP auf die Mithilfe
+ <para>Wie jedes Open-Source-Projekt, ist auch das FDP auf die Mithilfe
vieler angewiesen. Deshalb ist jeder herzlich eingeladen
mitzuarbeiten. Die daf�r erforderlichen Voraussetzungen sind
gering und es gibt keine Verpflichtung eine bestimmte Menge an
@@ -88,7 +88,7 @@
<sect1 id="overview-doc">
<title>Die FreeBSD-Dokumentationsreihe</title>
- <para>Das FDP umfa�t vier verschiedene Kategorien:</para>
+ <para>Das FDP umfasst vier verschiedene Kategorien:</para>
<variablelist>
<varlistentry>
@@ -114,7 +114,7 @@
<listitem>
<para>Das Ziel der FAQ ist es, Fragen, die auf den
- verschiedenen Maillinglisten und in Newsgruppen
+ verschiedenen Mailinglisten und in Newsgruppen
regelm��ig diskutiert werden, nach einem
einfachen Frage- und Antwort-Muster zu behandeln. Das
schlie�t nicht aus, das auf bestimmte Fragen
@@ -148,12 +148,12 @@
<para>Die Quellen f�r die FreeBSD-Website, das &os; Handbuch
sowie die &os; FAQ werden im <literal>doc/</literal>
Subversion-Repository von &os; verwaltet, das Sie �ber
- <literal>svn://svn.FreeBSD.org/doc/</literal> erreichen
+ <literal>https://svn.FreeBSD.org/doc/</literal> erreichen
k�nnen.</para>
<para>Manualpages werden im <literal>src/</literal>
Subversion-Repository von &os; verwaltet, das Sie �ber
- <literal>svn://svn.FreeBSD.org/base/</literal> erreichen
+ <literal>https://svn.FreeBSD.org/base/</literal> erreichen
k�nnen.</para>
<para>Das bedeutet, dass alle �nderungen an den
@@ -225,15 +225,26 @@
<screen>&prompt.user; <userinput>mkdir -p head/share</userinput>
&prompt.user; <userinput>mkdir -p head/en_US.ISO8859-1/share</userinput>
-&prompt.user; <userinput>svn checkout svn://svn.FreeBSD.org/doc/head/share head/share</userinput>
-&prompt.user; <userinput>svn checkout svn://svn.FreeBSD.org/doc/head/en_US.ISO8859-1/share head/en_US.ISO8859-1/share</userinput></screen>
+&prompt.user; <userinput>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head/share head/share</userinput>
+&prompt.user; <userinput>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head/en_US.ISO8859-1/share head/en_US.ISO8859-1/share</userinput></screen>
<para>F�r den Fall, dass ausreichend Platz auf der
- Festplatte vorhanden ist, kann auch eine eine
+ Festplatte vorhanden ist, kann auch eine
vollst�ndige Arbeitskopie des gesamten Subversion-Baumes
anlegt werden.</para>
- <screen>&prompt.user; <userinput>svn checkout svn://svn.FreeBSD.org/doc/head head</userinput></screen>
+ <screen>&prompt.user; <userinput>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head head</userinput></screen>
+
+ <note>
+ <para><ulink url="https://svn0.us-east.FreeBSD.org/">svn0.us-east.FreeBSD.org</ulink>
+ ist ein �ffentlicher Server. W�hlen Sie einen Mirror
+ in Ihrer N�he und �berpr�fen Sie das Serverzertifikat
+ auf der Seite <ulink url="&url.books.handbook;/svn-mirrors.html">Subversion
+ mirror sites</ulink>.</para>
+ </note>
</step>
<step>
@@ -255,7 +266,8 @@
<filename>articles</filename> aus dem FreeBSD-CVS-Archiv
lokal angelegt:</para>
- <screen>&prompt.user; <userinput>svn checkout svn://svn.FreeBSD.org/doc/head/en_US.ISO8859-1/articles</userinput></screen>
+ <screen>&prompt.user; <userinput>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head/en_US.ISO8859-1/articles</userinput></screen>
</step>
<step>
@@ -269,13 +281,14 @@
</step>
</procedure>
- <para>Bereits exisitierende Dokumente, die ge�ndert
+ <para>Bereits existierende Dokumente, die ge�ndert
werden sollen, k�nnen direkt aus dem CVS-Archiv
geholt werden. Das folgende Beispiel zeigt das
f�r die FAQ aus dem Verzeichnis
<filename>head/en_US.ISO8859-1/books/faq</filename>:</para>
- <screen>&prompt.user; <userinput>svn checkout svn://svn.FreeBSD.org/doc/head/en_US.ISO8859-1/books/faq</userinput></screen>
+ <screen>&prompt.user; <userinput>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head/en_US.ISO8859-1/books/faq</userinput></screen>
</step>
<step>
@@ -339,7 +352,7 @@
</step>
<step>
- <para>Zum Schlu� m�ssen die �nderungen an das
+ <para>Zum Schluss m�ssen die �nderungen an das
FDP mittels &man.send-pr.1; eingesandt werden.</para>
</step>
</procedure>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/psgml-mode/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/psgml-mode/chapter.xml
index 8170263207..7c18f9e9da 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/psgml-mode/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/psgml-mode/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38826
+ basiert auf: r39632
Anmerkungen:
Dieser Text wurde nach dem Lesen von "Technisches Schreiben
@@ -70,7 +70,7 @@
Funktion Start- und Endtag des neuen Elements ein. Sofern
das eingef�gte Element laut DTD andere Elemente
enthalten mu�, werden diese ebenfalls
- miteingef�gt.</para>
+ eingef�gt.</para>
<para>Falls Sie unsicher sind, wie der Name des
gew�nschten Elements lautet oder welche Elemente an der
diff --git a/de_DE.ISO8859-1/books/fdp-primer/see-also/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/see-also/chapter.xml
index cf7bd22aa9..d46df3d784 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/see-also/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/see-also/chapter.xml
@@ -30,14 +30,14 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38826
+ basiert auf: r39631
-->
<chapter id="see-also">
<title>Weiterf�hrende Quellen</title>
<para>In dieser Fibel werden absichtlich nicht alle Aspekte von
- SGML, der erw�hnten DTDs und des
+ XML, der erw�hnten DTDs und des
FreeBSD-Dokumentationsprojekts behandelt. Interessierten werden daher
die nachfolgenden Quellen empfohlen.</para>
@@ -58,20 +58,14 @@
</itemizedlist>
</sect1>
- <sect1 id="see-also-sgml">
- <title>SGML</title>
+ <sect1 id="see-also-xml">
+ <title>XML</title>
<itemizedlist>
<listitem>
- <para><ulink url="http://www.oasis-open.org/cover/">Die
- SGML/XML-Webseite</ulink>, eine umfangreiche Quelle zu
- SGML.</para>
- </listitem>
-
- <listitem>
- <para><ulink
- url="http://www-sul.stanford.edu/tools/tutorials/html2.0/gentle.html">Gentle
- introduction to SGML</ulink></para>
+ <para><ulink url="http://www.w3.org/XML/">W3C's
+ XML-Webseite</ulink>, eine umfangreiche Quelle zu
+ XML.</para>
</listitem>
</itemizedlist>
</sect1>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/sgml-markup/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/sgml-markup/chapter.xml
index 6ad69cb4be..4f9e407ffd 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/sgml-markup/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/sgml-markup/chapter.xml
@@ -30,14 +30,14 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38851
+ basiert auf: r39632
-->
-<chapter id="sgml-markup">
- <title>SGML-Dokumente erstellen</title>
+<chapter id="xml-markup">
+ <title>XML-Dokumente erstellen</title>
- <para>In diesem Kapitel werden die beiden vom FDP eingesetzen
- Auszeichnungssprachen HTML und DocBook behandelt. Hierbei
+ <para>In diesem Kapitel werden die beiden vom FDP eingesetzten
+ Auszeichnungssprachen XHTML und DocBook behandelt. Hierbei
beschr�nkt sich dieses Kapitel auf die Elemente, die bei der
t�glichen Arbeit am ehesten zum Einsatz kommen werden.</para>
@@ -62,7 +62,7 @@
Oliver Fischer
-->
- <para>Wenn im folgenden von
+ <para>Wenn im Folgenden von
<emphasis>Flu�elementen</emphasis> die Rede ist, sind
damit Elemente gemeint, die in einem Blockelement auftreten
k�nnen und keinen Zeilenumbruch hervorrufen.
@@ -74,64 +74,64 @@
�bersetzt.</para></footnote>.</para>
</note>
- <sect1 id="sgml-markup-html">
- <title>HTML</title>
+ <sect1 id="xml-markup-xhtml">
+ <title>XHTML</title>
- <para>HTML, die <foreignphrase>HyperText Markup
- Language</foreignphrase>, ist die Auszeichnungssprache des
- Internets. Weitere Informationen zu HTML finden sich unter
+ <para>XHTML ist die XML Version der HyperText Markup Language,
+ der Auszeichnungssprache der Wahl im World Wide Web.
+ Weitere Informationen zu XHTML finden sich unter
<ulink url="http://www.w3.org/"></ulink>.</para>
- <para>Sie kommt bei der Erstellung der Webseiten des
+ <para>XHTML kommt bei der Erstellung der Webseiten des
FreeBSD-Projektes zum Einsatz. F�r technische Dokumentationen
- sollte HTML jedoch nicht eingesetzt werden, da DocBook eine
+ sollte XHTML jedoch nicht eingesetzt werden, da DocBook eine
gr��ere und bessere Auswahl an Elementen bietet. Folglich
- sollte HTML nur f�r die FreeBSD-Webseiten verwendet werden.</para>
+ sollte XHTML nur f�r die FreeBSD-Webseiten verwendet werden.</para>
<para>Die HTML-Spezifikation liegt bis jetzt in mehreren Versionen
- vor: 1, 2, 3.0, 3.2 und (die aktuelle) 4.0. Von letzterer
- existieren zwei Varianten: <quote>streng</quote> (HTML 4.0
- Strict) und <quote>locker</quote> (HTML 4.0
- Transitional).</para>
+ vor: 1, 2, 3.0, 3.2, 4.0 sowie eine XML konforme Version namens
+ XHTML in seiner neuesten Version XHTML 1.0 (verf�gbar als
+ <emphasis>strict</emphasis> und <emphasis>transitional</emphasis>
+ Variante.</para>
- <para>Die HTML-DTDs sind �ber den Port <filename
- role="package">textproc/html</filename> verf�gbar und werden
+ <para>Die XHTML-DTDs sind �ber den Port <filename
+ role="package">textproc/xhtml</filename> verf�gbar und werden
automatisch als Teil des Metaports <filename
role="package">textproc/docproj</filename>
- mitinstalliert.</para>
+ installiert.</para>
<sect2>
<title>Formale �ffentliche Bezeichner</title>
<!--@todo Optimierungskandidat. Oliver Fischer -->
- <para>Da es mehrere Version von HTML gibt, existieren auch
- mehrere F�Ps, zu denen ein HTML-Dokument konform
+ <para>Da es mehrere Version von XHTML gibt, existieren auch
+ mehrere F�Ps, zu denen ein XHTML-Dokument konform
erkl�rt werden kann. Die Mehrzahl der sich auf der
- FreeBSD-Webseite befindenen HTML-Seiten sind zu der lockeren
- Version von HTML 4.0 konform.</para>
+ FreeBSD-Webseite befindenden XHTML-Seiten sind zu der lockeren
+ Version von XHTML 1.0 konform.</para>
- <programlisting>PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"</programlisting>
+ <programlisting>PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"</programlisting>
</sect2>
<sect2>
<title>Die Elemente <sgmltag>head</sgmltag> und
<sgmltag>body</sgmltag></title>
- <para>Ein HTML-Dokument unterteilt sich normalerweise in zwei
+ <para>Ein XHTML-Dokument unterteilt sich normalerweise in zwei
Bereiche: <quote>head</quote> und <quote>body</quote>. Der
Kopf (<foreignphrase>head</foreignphrase>) enth�lt Metadaten
wie den Dokumententitel und Angaben zum Autor. Der Rumpf
- (<foreignphrase>body</foreignphrase>) umfa�t den eigentlichen
+ (<foreignphrase>body</foreignphrase>) umfasst den eigentlichen
Dokumenteninhalt, der f�r den Leser bestimmt ist. In einem
- HTML-Dokument werden diese Bereiche �ber die Elemente
+ XHTML-Dokument werden diese Bereiche �ber die Elemente
<sgmltag>head</sgmltag> und <sgmltag>body</sgmltag>
voneinander abgegrenzt. Beide sind Kinder des Wurzelelementes
<sgmltag>html</sgmltag>.</para>
<example>
- <title>Die Struktur eines HTML-Dokumentes</title>
+ <title>Die Struktur eines XHTML-Dokumentes</title>
- <programlisting><html>
+ <programlisting><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><replaceable>Der Dokumententitel</replaceable></title>
</head>
@@ -151,7 +151,7 @@
<sect3>
<title>�berschriften</title>
- <para>HTML kennt sechs verschiedene Elemente, mit denen
+ <para>XHTML kennt sechs verschiedene Elemente, mit denen
�berschriften ausgezeichnet werden k�nnen. Das bekannteste
Element ist <sgmltag>h1</sgmltag>, das sich am Anfang der
�berschriftenhierarchie befindet. <sgmltag>h1</sgmltag>
@@ -182,7 +182,7 @@
<!-- Hier steht der Inhalt des zweiten Kapitels -->]]></programlisting>
</example>
- <para>Eine HTML-Seite sollte immer nur eine �berschrift
+ <para>Eine XHTML-Seite sollte immer nur eine �berschrift
<sgmltag>h1</sgmltag> haben. Dieser �berschrift k�nnen
beliebig viele Kapitel mit einer �berschrift
<sgmltag>h2</sgmltag> folgen, die selbst wiederum eine
@@ -211,7 +211,7 @@
<sect3>
<title>Abs�tze</title>
- <para>Abs�tze k�nnen in HTML mit Hilfe des Elementes
+ <para>Abs�tze k�nnen in XHTML mit Hilfe des Elementes
<sgmltag>p</sgmltag> ausgezeichnet werden.</para>
<example>
@@ -220,7 +220,7 @@
<para>F�gen Sie in eine der existierenden �bungsdateien folgendes ein:</para>
<programlisting><![CDATA[<p>Das hier, das ist ein Absatz. Abs�tze k�nnen
- andere Elemente enhalten.</p>]]></programlisting>
+ andere Elemente enthalten.</p>]]></programlisting>
</example>
</sect3>
@@ -266,7 +266,7 @@
<sect3>
<title>Listen</title>
- <para>HTML kennt drei Arten von Listen: sortierte, unsortierte
+ <para>XHTML kennt drei Arten von Listen: sortierte, unsortierte
und Definitionslisten. Ein Eintrag in einer sortierten Liste
wird �blicherweise mit einer Nummer versehen, Eintr�ge in
unsortierten Listen hingegen mit einem Aufz�hlungspunkt.
@@ -361,10 +361,10 @@
<para>In einigen F�llen ist es gewollt, dass die Formatierung
eines Textes im Quelldokument erhalten bleibt, damit der
Leser diesen genau so sieht, wie ihn der Autor erstellt hat.
- In der HTML-Spezifikation ist daf�r das Element
+ In der XHTML-Spezifikation ist daf�r das Element
<sgmltag>pre</sgmltag> vorgesehen, welches daf�r sorgt, dass
Zeilenumbr�che erhalten bleiben und Leerzeichen nicht
- zusammengefa�t werden. Browser verwenden f�r den
+ zusammengefasst werden. Browser verwenden f�r den
Inhalt des Elementes <sgmltag>pre</sgmltag>
�blicherweise eine Fixschrift.</para>
@@ -414,7 +414,7 @@
eine angemessene Darstellung sicherzustellen.</para>
</note>
- <para>Tabellen lassen sich in HTML mit Hilfe des Elements
+ <para>Tabellen lassen sich in XHTML mit Hilfe des Elements
<sgmltag>table</sgmltag> auszeichnen. Eine Tabelle setzt
sich aus einer oder mehreren Zeilen (<sgmltag>tr</sgmltag>)
zusammen, von denen jede mindestens eine Zelle
@@ -446,10 +446,10 @@
</tr>
</table>]]></programlisting></example>
- <para>HTML kennt die M�glichkeit, dass sich eine
+ <para>XHTML kennt die M�glichkeit, dass sich eine
Zelle mehrere Zeilen und/oder Spalten erstrecken kann.
Sollen beispielsweise mehrere Spalten zusammenfassen werden,
- kann dies mit mit Hilfe des Attributes
+ kann dies mit Hilfe des Attributes
<literal>colspan</literal> erreicht werden, indem man ihm
die Anzahl der zusammenzufassenden Spalten zuweist.
�hnliches gilt f�r die Zusammenfassung von Zeilen:
@@ -497,7 +497,7 @@
<title>Gemeinsame Anwendung der Attrbute <literal>rowspan</literal> und
<literal>colspan</literal></title>
- <programlisting><![CDATA[<p>Eine Tablle mit 3-mal-3 Zellen. Oben links
+ <programlisting><![CDATA[<p>Eine Tabelle mit 3-mal-3 Zellen. Oben links
werden 2 mal 2 Zelle zusammengezogen.</p>
<table>
@@ -508,7 +508,7 @@
</tr>
<tr>
- <!-- Da sich die zusammengefa�te Zelle �ber zwei Zeilen
+ <!-- Da sich die zusammengefasste Zelle �ber zwei Zeilen
erstreckt, befindet sich das die durch dieses <td>
definierte Zelle ganz rechts. -->
@@ -541,8 +541,13 @@
wobei mit <sgmltag>strong</sgmltag> ausgezeichnete Elemente
fett und mit <sgmltag>em</sgmltag> ausgezeichnete Elemente
kursiv dargestellt werden. Allerdings ist diese Aussage
- nicht verl��lich, da die Darstellung vom Browser
- abh�ngig ist.</para>
+ nicht verl�sslich, da die Darstellung vom Browser
+ abh�ngig ist. In der Praxis ist es so, dass Webseiten
+ nur strukturelle und semantische Informationen enthalten
+ und Stylesheets sp�ter auf diese Informationen
+ angewendet werden. Beachten Sie also die Semantik und
+ nicht die Formatierung wenn Sie mit diesen
+ Tags arbeiten.</para>
<example>
<title>Text mit <sgmltag>em</sgmltag> und <sgmltag>strong</sgmltag>
@@ -553,28 +558,6 @@
</example>
</sect3>
- <sect3>
- <!--? Was ist typografisch richtig: schr�g oder kursiv?
- Oliver Fischer -->
- <title>Fett- und Schr�gschrift</title>
-
- <para>Da mittels HTML auch Festlegungen �ber die
- Darstellung getroffen werden k�nnen, gibt es die
- M�glichkeit direkt zu bestimmen, dass bestimmte
- Inhalte fett oder kursiv dargestellt werden sollen. Mit
- <sgmltag>b</sgmltag> eingefa�te Inhalte werden fett
- und mit <sgmltag>i</sgmltag> eingefa�te kursiv
- dargestellt.</para>
-
- <example>
- <title>Text mit <sgmltag>b</sgmltag> und <sgmltag>i</sgmltag>
- formatieren</title>
-
- <programlisting><![CDATA[<p><b>Dieses</b> Wort wird fett dargestellt,
-w�hrend <i>dieses</i> kursiv dargestellt wird.</p>]]></programlisting>
- </example>
- </sect3>
-
<sect3>
<title>Nicht-proportionale Schrift f�r Texte</title>
@@ -592,68 +575,6 @@ w
</example>
</sect3>
-
- <sect3>
- <title>�nderung der Schriftgr��e</title>
-
- <para>HTML bietet auch M�glichkeiten, um Einflu�
- auf die Schriftgr��e zu nehmen, das hei�t,
- zu bestimmen, ob die Schrift gr��er oder kleiner
- als die Standardschrift dargestellt werden soll. Es gibt
- drei verschiedene Wege, dies zu erreichen:</para>
-
- <orderedlist>
- <listitem>
- <para>Mittels der Tags <sgmltag>big</sgmltag> und
- <sgmltag>small</sgmltag> kann die
- Darstellungsgr��e des eingeschlossenen Textes
- vergr��ert respektive verkleinert werden.
- HTML erlaubt es zudem, diese Tags zu verschachteln, so
- dass auch <literal><big><big>Das ist
- wesentlich
- gr��er.</big></big></literal>
- geschrieben werden kann.</para>
- </listitem>
-
- <listitem>
- <para>Das gleiche Ergebnis kann �ber die Zuweisung der
- Werte <literal>1</literal> und <literal>-1</literal> an
- das Attribut <sgmltag role="attribute">size</sgmltag>
- des Tags <sgmltag>font</sgmltag> erreicht werden. Diese
- Vorgehensweise sollte allerdings als veraltet betrachtet
- werden, da der Einsatz eines CSS hierf�r die bessere
- L�sung darstellt.</para>
- </listitem>
-
- <listitem>
- <para>�ber die Zuweisung von absoluten Werten im Bereich
- von <literal>1</literal> bis <literal>7</literal> an das
- Attribut <literal>size</literal> des Tags
- <sgmltag>font</sgmltag> <footnote>
- <para>Der Standardwert f�r <literal>size</literal> ist
- <literal>3</literal>.</para></footnote>. Diese
- Herangehensweise ist ebenfalls veraltet und sollte nicht
- mehr angewandt werden.</para>
- </listitem>
- </orderedlist>
-
- <example>
- <title>Schriftgr��e �ndern mit
- <sgmltag>big</sgmltag>, <sgmltag>small</sgmltag> und
- <sgmltag>font</sgmltag></title>
-
- <para>Die folgenden HTML-Schnipsel bewirken alle das gleiche:</para>
-
- <programlisting><![CDATA[<p>Dieser Text ist <small>etwas kleiner</small>. Dieser
- jedoch <big>ein wenig gr��er</big>.</p>
-
-<p>Dieser Text ist <font size="-1">etwas kleiner</font>. Dieser
- jedoch <font size="+1">ein wenig gr��er</font>.</p>
-
-<p>Dieser Text ist <font size="2">etwas kleiner</font>. Dieser
- jedoch <font size="4">ein wenig gr��er</font>.</p>]]></programlisting>
- </example>
- </sect3>
</sect2>
<sect2 id="links">
@@ -692,18 +613,18 @@ w
<sect3>
<title>Auf bestimmte Dokumentenabschnitte verweisen</title>
- <para>HTML unterst�tzt neben einfachen Links auch solche, die
+ <para>XHTML unterst�tzt neben einfachen Links auch solche, die
auf einen bestimmten Abschnitt innerhalb eines Dokumentes
verweisen. Dazu m�ssen die Abschnitte, auf die verwiesen
werden soll, mit Hilfe von sogenannten <quote>Ankern</quote>
markiert werden. Diese Anker k�nnen ebenfalls mit Hilfe des
Tags <sgmltag>a</sgmltag> gesetzt werden, nur das anstelle
- von <sgmltag role="attribute">href</sgmltag> das Attribut
- <sgmltag role="attribute">name</sgmltag> gesetzt werden
+ von <literal>href</literal> das Attribut
+ <literal>name</literal> gesetzt werden
muss.</para>
<example>
- <title>Anwendung von <literal><a name="..."></literal></title>
+ <title>Anwendung von <literal><a id="..."></literal></title>
<programlisting><![CDATA[<p><a name="absatz1">Auf</a> diesen Absatz kann mit
Hilfe seines Namens (<tt>absatz1</tt>) verwiesen werden.</p>]]></programlisting>
@@ -720,7 +641,7 @@ w
<para>F�r dieses Beispiel wird davon ausgegangen, dass der mit
<literal>absatz1</literal> gekennzeichnete Absatz sich in
- der HTML-Datei <filename>foo.html</filename>
+ der XHTML-Datei <filename>foo.html</filename>
befindet.</para>
<programlisting><![CDATA[<p>Weitere Informationen k�nnen im
@@ -732,10 +653,10 @@ w
</sect2>
</sect1>
- <sect1 id="sgml-markup-docbook">
+ <sect1 id="xml-markup-docbook">
<title>Die DocBook DTD</title>
- <para>DocBook wurde urspr�glich von HaL Computer Systems and
+ <para>DocBook wurde urspr�nglich von HaL Computer Systems und
O'Reilly & Associates als DTD f�r das Erstellen von
technischen Dokumenten entwickelt
@@ -749,7 +670,7 @@ w
DocBook Technical Committee</ulink> gewartet. DocBook ist sehr
stark auf die Beschreibung von Inhalten, und nicht auf die
Darstellung des Inhalts ausgerichtet. Damit steht es im Gegensatz
- zu LinuxDoc und HTML.</para>
+ zu LinuxDoc und XHTML.</para>
<note>
<title>Formelle und informelle Elemente</title>
@@ -758,7 +679,7 @@ w
vorhanden: <emphasis>formell</emphasis> und
<emphasis>informell</emphasis>. �blicherweise besitzt die
formelle Variante einen Titel, dem der eigentliche
- Elementeninhalt folgt. Die informelle Variante hingegen hat
+ Elementinhalt folgt. Die informelle Variante hingegen hat
keinen Titel.</para>
</note>
@@ -766,7 +687,7 @@ w
role="package">textproc/docbook</filename> enthalten und wird
bei der Installation des Metaports <filename
role="package">textproc/docproj</filename> automatisch
- mitinstalliert.</para>
+ installiert.</para>
<sect2>
<title>Die FreeBSD-Erweiterungen</title>
@@ -807,7 +728,7 @@ w
Erstellung von Bezeichnern f�r DocBook-Erweiterungen lautet
der Bezeichner der erweiterten FreeBSD-Variante:</para>
- <programlisting>PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN"</programlisting>
+ <programlisting>PUBLIC "-//FreeBSD//DTD DocBook V4.2-Based Extension//EN"</programlisting>
</sect2>
<sect2 id="docbookstructure">
@@ -835,7 +756,7 @@ w
dem Artikel oder Buch geht, wird unterhalb der hier genannten
Elemente eingef�gt.</para>
- <para>Vom Aufbau her ist ein Artikel ist einfacher strukturiert
+ <para>Vom Aufbau her ist ein Artikel einfacher strukturiert
als ein Buch. So kann ein Artikel beispielsweise keine Kapitel
(<sgmltag>chapter</sgmltag>) enthalten. Stattdessen kann der
Inhalt eines Artikels nur durch die schon bekannten
@@ -854,11 +775,11 @@ w
enthalten k�nnen.</para>
<para>Alle <ulink url="&url.base;/de/docs.html">Tutorien von
- FreeBSD</ulink> sind als Artikel verfa�t, w�hrend
+ FreeBSD</ulink> sind als Artikel verfasst, w�hrend
hingegen die <ulink
url="&url.books.faq;/index.html">FreeBSD-FAQ</ulink> und das <ulink
url="&url.books.handbook;/index.html">FreeBSD-Handbuch</ulink> als
- B�cher verfa�t wurden.</para>
+ B�cher verfasst wurden.</para>
<sect3>
<title>B�cher schreiben</title>
@@ -975,7 +896,7 @@ w
</chapter>]]></programlisting>
</example>
- <para>Kapitel k�nnen nicht leer sein. Nebem einem
+ <para>Kapitel k�nnen nicht leer sein. Neben einem
<sgmltag>title</sgmltag>-Element m�ssen sie weiteren Inhalt
beinhalten. Falls ein leeres Kapitel ben�tig wird, kann dies
durch das Einf�gen eines leeren Absatzes
@@ -1068,7 +989,7 @@ w
<title>B�cher mittels <sgmltag>part</sgmltag>
unterteilen</title>
- <para>In den F�llen, in denen die Unteilung eines Buches in
+ <para>In den F�llen, in denen die Unterteilung eines Buches in
Kapitel nicht ausreichend ist, k�nnen mehrere
Kapitel mit dem Element <sgmltag>part</sgmltag> zu
einem Teil zusammengefasst werden.</para>
@@ -1212,7 +1133,7 @@ w
Warnungen), <sgmltag>caution</sgmltag> (f�r besonders
ernstzunehmende Warnungen) und <sgmltag>important</sgmltag>
(f�r wichtige Anmerkungen) ausgezeichnet werden. Trifft
- keines dieser Element f�r die auszuzeichnende Stelle
+ keines dieser Elemente f�r die auszuzeichnende Stelle
zu, sollte diese mit dem Element <sgmltag>sidebar</sgmltag>
ausgezeichnet werden.</para>
@@ -1659,7 +1580,7 @@ main(void)
<listitem>
<para>Eingabeaufforderungen des Rechners
- (Betriebssysten, Shell oder Anwendung) sind ein h�ufig
+ (Betriebssystem, Shell oder Anwendung) sind ein h�ufig
auftretender Teil dessen, was der Benutzer auf dem
Bildschirm zu sehen bekommt. Sie sollten mit
<sgmltag>prompt</sgmltag> ausgezeichnet werden.</para>
@@ -1667,7 +1588,7 @@ main(void)
<para>Ein Spezialfall sind die beiden
Eingabeaufforderungen der Shell f�r normale
Benutzer und den Superuser <username>root</username>.
- Jedesmal wenn auf eine von diesen beiden Nutzerrollen
+ Jedes mal wenn auf eine von diesen beiden Nutzerrollen
hingewiesen werden soll, sollte entweder
<literal>&prompt.root;</literal> oder
<literal>&prompt.user;</literal> eingesetzt
@@ -1767,7 +1688,7 @@ This is the file called 'foo2'</screen>
<title>Das Element <sgmltag>emphasis</sgmltag></title>
<programlisting><![CDATA[<para>FreeBSD ist zweifelslos <emphasis>das</emphasis> f�hrende
- Unix-artige Bestriebssystem f�r die Intel-Plattform.</para>]]></programlisting>
+ Unix-artige Betriebssystem f�r die Intel-Plattform.</para>]]></programlisting>
<para>Darstellung:</para>
@@ -1887,7 +1808,7 @@ This is the file called 'foo2'</screen>
von einem Programm (in einem bestimmten Fall)
akzeptierten Optionen genannt werden m�ssen.</para>
- <para>Schlu�endlich ist es oft gew�nscht, zu einem
+ <para>Schlussendlich ist es oft gew�nscht, zu einem
Befehl dessen Abschnitt der Manualseiten im
Unix-�blichen Stil <quote>Befehl(Zahl)</quote>
anzugeben.</para>
@@ -1905,7 +1826,7 @@ This is the file called 'foo2'</screen>
<para>Diese Art auf Befehle zu verweisen kann sehr
erm�dent sein. Daher gibt es einen Satz von
- <link linkend="sgml-primer-general-entities">Allgemeinen
+ <link linkend="xml-primer-general-entities">Allgemeinen
Entit�ten</link>, der diese Arbeit erleichtert. Er
ist in der Datei
<filename>doc/share/xml/man-refs.ent</filename> enhalten
@@ -1924,7 +1845,7 @@ This is the file called 'foo2'</screen>
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
%man; … ]></programlisting>
- <para>Um Befehle innerhalb des Flie�textes auszuzeichen,
+ <para>Um Befehle innerhalb des Flie�textes auszuzeichnen,
kann das Element <sgmltag>command</sgmltag> genutzt werden.
Die Optionen eines Befehles k�nnen mit Hilfe von
<sgmltag>option</sgmltag> ausgezeichnet werden.</para>
@@ -1946,7 +1867,7 @@ This is the file called 'foo2'</screen>
<example>
<title>Anwendungen, Befehle und Optionen</title>
- <programlisting><![CDATA[<para><application>Sendmail</application> ist der verbreitetste
+ <programlisting><![CDATA[<para><application>Sendmail</application> ist der verbreiteteste
UNIX-Mailserver.</para>
<para><application>Sendmail</application> besteht aus den Programmen
@@ -2092,7 +2013,7 @@ This is the file called 'foo2'</screen>
<para>Allerdings besteht nicht immer diese
Wahlm�glichkeit. Einige Ger�te, wie zum Beispiel
- Netzwerkkartenm haben keinen Eintrag unter
+ Netzwerkkarten haben keinen Eintrag unter
<filename>/dev</filename> oder werden anders
dargestellt.</para>
@@ -2103,7 +2024,7 @@ This is the file called 'foo2'</screen>
<programlisting><![CDATA[<para>Unter FreeBSD wird die serielle Daten�bertragung �ber
<devicename>sio</devicename> abgewickelt, das unterhalb von
<filename>/dev</filename> eine Reihe von Eintr�gen anlegt.
- Zu diesen Eintr�gen beh�ren beispielsweise
+ Zu diesen Eintr�gen geh�ren beispielsweise
<filename>/dev/ttyd0</filename> und
<filename>/dev/cuaa0</filename>.</para>
@@ -2111,7 +2032,7 @@ This is the file called 'foo2'</screen>
<devicename>ed0</devicename> nicht unterhalb von
<filename>/dev</filename>.</para>
- <para>Unter MS-DOS wird das erste Diskettelaufwerk als
+ <para>Unter MS-DOS wird das erste Diskettenlaufwerk als
<devicename>a:</devicename> bezeichnet. FreeBSD
bezeichnet es als <filename>/dev/fd0</filename>.</para>]]></programlisting>
@@ -2162,7 +2083,7 @@ This is the file called 'foo2'</screen>
<listitem>
<para>Ohne Rollenattribut stellt der umschlossene Text
- einen normlen Rechnernamen wie
+ einen normalen Rechnernamen wie
<literal>freefall</literal> oder
<literal>wcarchive</literal> dar. Wenn es
gew�nscht ist, kann mittels
@@ -2347,13 +2268,13 @@ This is the file called 'foo2'</screen>
<para>�blicherweise wird, wenn das Ziel <maketarget>all</maketarget>
aufgerufen wird, die gesamte Anwendung neu erstellt. Der Aufruf
- des Zieles <maketarget>clean</maketarget> veranla�t das
+ des Zieles <maketarget>clean</maketarget> veranlasst das
L�schen aller tempor�ren Dateien (zum Beispiel
<filename>.o</filename>), die w�hrend der �bersetzung erzeugt
wurden.</para>
<para>Das genaue Verhalten von <maketarget>clean</maketarget>
- kann von einer Reihe von Variablen beeinflu�t werden.
+ kann von einer Reihe von Variablen beeinflusst werden.
Stellvertretend seien hier <makevar>CLOBBER</makevar> und
<makevar>RECURSE</makevar> genannt.</para>]]></programlisting>
@@ -2374,7 +2295,7 @@ This is the file called 'foo2'</screen>
<para>Das genaue Verhalten von
<maketarget>clean</maketarget> kann von einer Reihe von
- Variablen beeinflu�t werden. Stellvertretend seien
+ Variablen beeinflusst werden. Stellvertretend seien
hier <makevar>CLOBBER</makevar> und
<makevar>RECURSE</makevar> genannt.</para>
</example>
@@ -2403,7 +2324,7 @@ This is the file called 'foo2'</screen>
<programlisting><![CDATA[<para>Die Zeile <literal>maxusers 10</literal> in der
Kernelkonfigurationsdatei beeinflu�t die Gr��e vieler
Systemtabellen und kann als ungef�hr als Richtwert daf�r
- gelten, wie viele paralle Anmeldungen das System handhaben
+ gelten, wie viele parallele Anmeldungen das System handhaben
kann.</para>]]></programlisting>
<para>Darstellung:</para>
@@ -2609,7 +2530,7 @@ This is the file called 'foo2'</screen>
</itemizedlist>
<para>Das folgende Beispiel soll das bisher geschriebene
- illustrieren. Angenommen es liegt eine einzubindene Grafik
+ illustrieren. Angenommen es liegt eine einzubindende Grafik
in der Datei <filename>bild1.png</filename> vor, die die
Darstellung eines As in einem Rechteck enth�lt. Die
ASCII-Alternative k�nnte so ausgezeichnet werden:</para>
@@ -2651,7 +2572,7 @@ This is the file called 'foo2'</screen>
stellen.</para>
<para>Wichtig ist, dass die erste und die letzte
- Zeile sich gleichauf mit dem �ffenden und dem
+ Zeile sich gleichauf mit dem �ffnenden und dem
schlie�enden Tag befindet. Dadurch wird
sichergestellt, dass keine unn�tigen
Leerzeichen in die Ausgabe aufgenommen werden.</para>
@@ -2708,7 +2629,7 @@ IMAGES+= bild3.png
<para>Wenn Sie Ihre Dokumentation in mehrere kleine
Dateien aufspalten (siehe
- <xref linkend="sgml-primer-include-using-gen-entities"/>),
+ <xref linkend="xml-primer-include-using-gen-entities"/>),
m�ssen Sie sorgf�ltig vorgehen.</para>
<para>Angenommen es handelt sich um ein Buch, dessen drei
@@ -2721,7 +2642,7 @@ IMAGES+= bild3.png
Falle gilt es jedoch zu beachten, dass die Pfade der
Grafikdateien in der Variable <makevar>IMAGES</makevar> und
in den <sgmltag>imagedata</sgmltag>-Elementen immer auch den
- Verzeichnisnamen mitenthalten.</para>
+ Verzeichnisnamen enthalten.</para>
<para>Soll beispielsweise die Datei
<filename>kapitel1/bild1.png</filename> in das in
diff --git a/de_DE.ISO8859-1/books/fdp-primer/sgml-primer/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/sgml-primer/chapter.xml
index b46813fd41..e764116813 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/sgml-primer/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/sgml-primer/chapter.xml
@@ -40,12 +40,12 @@ Oliver Fischer
-->
-<chapter id="sgml-primer">
- <title>Die SGML-Fibel</title>
+<chapter id="xml-primer">
+ <title>Die XML-Fibel</title>
- <para>Die Mehrzahl der Dokumente des FDPs sind in SGML geschrieben.
+ <para>Die Mehrzahl der Dokumente des FDPs sind in XML geschrieben.
Ziel dieses Kapitels ist es, genau zu erkl�ren, was
- das bedeutet und wie man die SGML-Quellen liest und versteht.
+ das bedeutet und wie man die XML-Quellen liest und versteht.
Ebenso werden die in den Quellen genutzten Kniffe erkl�rt,
auf die man beim Lesen der Dokumente sto�en wird.</para>
@@ -53,7 +53,7 @@ Oliver Fischer
url="http://www.galassi.org/mark/mydocs/docbook-intro/docbook-intro.html">Get
Going With DocBook</ulink></quote>.</para>
- <sect1 id="sgml-primer-overview">
+ <sect1 id="xml-primer-overview">
<title>�berblick</title>
<para>In den guten alten Zeiten war der Umgang mit
@@ -64,7 +64,7 @@ Oliver Fischer
Schnickschnack.</para>
<para>F�r viele Zwecke war dies allerdings nicht ausreichend.
- Von einem machinenlesbaren Text wird erwartet, dass er auch von
+ Von einem maschinenlesbaren Text wird erwartet, dass er auch von
Maschinen gelesen und intelligent weiterverarbeitet werden kann.
Einzelne Stellen sollen hervorgehoben werden, andere sollen in ein
Glossar aufgenommen werden oder auf andere Textstellen
@@ -99,7 +99,7 @@ Oliver Fischer
<quote>auszuzeichnen</quote>.</para>
<para>Der Begriff <quote>Auszeichnung<footnote> <para>Im
- angels�chischschen Sprachraum wird von
+ angels�chsischen Sprachraum wird von
<quote>markup</quote>
gesprochen.</para></footnote></quote> bedeutet, dass
sich der Wert eines Textes erh�ht, aber auch seine Kosten.
@@ -156,11 +156,11 @@ Oliver Fischer
unterscheiden. Die universelle L�sung ist eine
Basissprache, mit deren Hilfe weitere Sprachen entwickelt werden
k�nnen – eine
- <emphasis>Meta-Auszeichungssprache</emphasis> also.</para>
+ <emphasis>Meta-Auszeichnungssprache</emphasis> also.</para>
<para>Genau diese Anforderung wird von der Standard Generalized
Markup Language (<abbrev>SGML</abbrev>) erf�llt. Mit ihrer
- Hilfe wurden viele andere Auszeichungssprachen wie
+ Hilfe wurden viele andere Auszeichnungssprachen wie
beispielsweise HTML und DocBook, welche beide von FDP genutzt
werden, entwickelt.</para>
@@ -180,7 +180,7 @@ Oliver Fischer
inside other markup) and related information. A DTD is sometimes
referred to as an <emphasis>application</emphasis> of SGML.</para>-->
- <para id="sgml-primer-validating">Eine DTD ist eine
+ <para id="xml-primer-validating">Eine DTD ist eine
<emphasis>vollst�ndige</emphasis> Definition aller
m�glichen Sprachelemente, ihrer
Reihenfolge<footnote><para>Bei nat�rlichen Sprachen spricht
@@ -217,7 +217,7 @@ Oliver Fischer
nicht erkl�rt, wie eine DTD entwickelt wird.</para>
</sect1>
- <sect1 id="sgml-primer-elements">
+ <sect1 id="xml-primer-elements">
<title>Von Elementen, Tags und Attributen</title>
<!-- Bei der �bersetzung des ersten Satzes bin ich mir nicht
@@ -273,7 +273,7 @@ Oliver Fischer
<para>Wenn man m�chte, kann man sich das als
<quote>Unterteilung</quote><footnote><para>Im
- angels�chsichen Sprachraum wird hier von
+ angels�chsischen Sprachraum wird hier von
<quote>chunking</quote> gesprochen.</para></footnote> des
Inhalts vorstellen. Auf der obersten Ebene gibt es ein Element:
das Buch selbst. Schaut man ein wenig tiefer, findet man weitere
@@ -483,7 +483,7 @@ Oliver Fischer
werden.</simpara>
</footnote> gesetzt werden.</para>
- <example id="sgml-primer-envars">
+ <example id="xml-primer-envars">
<title><filename>.profile</filename>, f�r &man.sh.1; und
&man.bash.1; Benutzer</title>
@@ -556,7 +556,7 @@ setenv SGML_CATALOG_FILES /usr/doc/de_DE.ISO8859-1/share/xml/catalog:$SGML_CATAL
<para>Bestandteil von <filename role="package">textproc/docproj</filename>
ist <command>onsgmls</command> - ein <link
- linkend="sgml-primer-validating">validierender Parser</link>.
+ linkend="xml-primer-validating">validierender Parser</link>.
<command>onsgmls</command> liest ein Dokument entsprechend einer SGML-DTD
ein und gibt anschlie�end ein Element-Structure-Information-Set
(ESIS) aus. Allerdings ist das an dieser Stelle nicht weiter
@@ -672,7 +672,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</step>
<step>
- <para>Zum Schlu� sollte der Tag
+ <para>Zum Schluss sollte der Tag
<sgmltag>title</sgmltag> wieder in die Beispieldatei
eingef�gt werden.</para>
</step>
@@ -680,7 +680,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-doctype-declaration">
+ <sect1 id="xml-primer-doctype-declaration">
<!--? Oliver Fischer: Man sollte mal feststellen, welche Bezeichung
von w3c.de oder so hier verwendet wird.-->
<title>Die DOCTYPE-Deklaration</title>
@@ -738,7 +738,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
<listitem>
<para>Nennt das erste <link
- linkend="sgml-primer-elements">Element</link>, das im
+ linkend="xml-primer-elements">Element</link>, das im
Dokument auftaucht.</para>
</listitem>
</varlistentry>
@@ -759,7 +759,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
geh�rt nicht zum �ffentlichen Bezeichner,
sondern legt fest, wie ein SGML-Parser die DTD finden
kann. Alternative Wege eine DTD zu referenzieren werden
- <link linkend="sgml-primer-fpi-alternatives">sp�ter
+ <link linkend="xml-primer-fpi-alternatives">sp�ter
gezeigt</link>.</para>
</listitem>
</varlistentry>
@@ -803,7 +803,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
<para>Nennt den Besitzer des �ffentlichen Bezeichners.</para>
<para>Falls diese Zeichenkette mit <quote>ISO</quote>
- beginnt, geh�rt der Bezeichner dem ISO-Kommitee.
+ beginnt, geh�rt der Bezeichner dem ISO-Komitee.
Der Bezeichner <literal>"ISO 8879:1986//ENTITIES Greek
Symbols//EN"</literal> nennt <quote>ISO
8879:1986</quote> als den Besitzer des Satzes von
@@ -840,7 +840,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
ISO-Publikationen, von ISBN-Nummern oder einer
Organisationsbezeichnungen entsprechend ISO 6523
abgeleitet werden. Antr�ge f�r neue offiziell
- registrierte Bezeichner werden vom ISO-Kommitee an das
+ registrierte Bezeichner werden vom ISO-Komitee an das
American National Standards Institute (ANSI)
weitergeleitet.</para>
@@ -975,20 +975,20 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</itemizedlist>
<para>Allerdings sollte das
- <link linkend="sgml-primer-envars">schon geschehen
+ <link linkend="xml-primer-envars">schon geschehen
sein</link>.</para>
</sect3>
</sect2>
- <sect2 id="sgml-primer-fpi-alternatives">
+ <sect2 id="xml-primer-fpi-alternatives">
<title>Alternativen zu Formalen �ffentlichen Bezeichnern</title>
<para>Anstatt mit einem Bezeichner die zum Dokument
geh�rende DTD zu referenzieren, kann auch explizit auf
die Datei der DTD verwiesen werden.</para>
- <para>Die Syntax des DOCTYPE-Deklaration ist in diesem Falle
+ <para>Die Syntax der DOCTYPE-Deklaration ist in diesem Falle
anders:</para>
<!--<para>The syntax for this is slightly different:</para>-->
@@ -1011,7 +1011,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-sgml-escape">
+ <sect1 id="xml-primer-xml-escape">
<title>Die R�ckkehr zu SGML</title>
<para>An einer fr�heren Stelle wurde erw�hnt, dass
@@ -1033,18 +1033,18 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
werden kann.</para>
<para>Demnach ist die <link
- linkend="sgml-primer-doctype-declaration">DOCTYPE-Deklaration</link>
+ linkend="xml-primer-doctype-declaration">DOCTYPE-Deklaration</link>
ein gutes Beispiel f�r SGML, das in Dokumenten verwendet
werden muss…</para>
</sect1>
- <sect1 id="sgml-primer-comments">
+ <sect1 id="xml-primer-comments">
<title>Kommentare</title>
<para>Kommentare sind SGML-Konstrukte, die normalerweise nur
in DTDs g�ltig sind. Dennoch ist es, wie in
- <xref linkend="sgml-primer-sgml-escape"/> gezeigt,
+ <xref linkend="xml-primer-xml-escape"/> gezeigt,
m�glich Fragmente mit SGML-Syntax in Dokumenten zu
verwenden.</para>
@@ -1139,7 +1139,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-entities">
+ <sect1 id="xml-primer-entities">
<title>Entit�ten</title>
<para>Entit�ten stellen einen Mechanismus dar, mit dem
@@ -1158,14 +1158,14 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
<emphasis>Allgemeine Entit�ten</emphasis> und
<emphasis>Parameterentit�ten</emphasis>.</para>
- <sect2 id="sgml-primer-general-entities">
+ <sect2 id="xml-primer-general-entities">
<title>Allgemeine Entit�ten</title>
<para>Allgemeine Entit�ten k�nnen nur in
Dokumenten benutzt werden. Sie k�nnen zwar im
SGML-Kontext definiert aber dort nicht benutzt
werden. Vergleichen Sie dies mit
- Im <link linkend="sgml-primer-parameter-entities">Parameterentit�ten</link>.</para>
+ Im <link linkend="xml-primer-parameter-entities">Parameterentit�ten</link>.</para>
<para>Jede allgemeine Entit�t hat einen Namen, �ber
den sie angesprochen werden kann, um den von ihr
@@ -1245,16 +1245,16 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</example>
</sect2>
- <sect2 id="sgml-primer-parameter-entities">
+ <sect2 id="xml-primer-parameter-entities">
<title>Parameterentit�ten</title>
<para>Genau wie <link
- linkend="sgml-primer-general-entities">Allgemeine
+ linkend="xml-primer-general-entities">Allgemeine
Entit�ten</link> werden Parameterentit�ten
eingesetzt um wiederverwendbare Inhaltsteile mit Namen zu
versehen. Im Gegensatz zu Allgemeinen Entit�ten
k�nnen sie aber nur innerhalb eines <link
- linkend="sgml-primer-sgml-escape">SGML-Kontextes</link>
+ linkend="xml-primer-xml-escape">SGML-Kontextes</link>
genutzt werden.</para>
<para>Die Definition von Parameterentit�ten erfolgt
@@ -1381,7 +1381,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-include">
+ <sect1 id="xml-primer-include">
<title>Dateien mit Entit�ten einbinden</title>
<!--?
@@ -1390,13 +1390,13 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
-->
<para>Sowohl <link
- linkend="sgml-primer-general-entities">Allgemeine</link> als
+ linkend="xml-primer-general-entities">Allgemeine</link> als
auch <link
- linkend="sgml-primer-parameter-entities">Parameterentit�ten</link>
+ linkend="xml-primer-parameter-entities">Parameterentit�ten</link>
sind n�tzliche Helfer, wenn es darum geht, eine Datei in
eine andere einzubinden.</para>
- <sect2 id="sgml-primer-include-using-gen-entities">
+ <sect2 id="xml-primer-include-using-gen-entities">
<title>Dateien mit Allgemeinen Entit�ten einbinden</title>
<para>Angenommen man hat ein Buch geschrieben, dessen Inhalt
@@ -1634,7 +1634,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-marked-sections">
+ <sect1 id="xml-primer-marked-sections">
<title>Markierte Bereiche</title>
<para>SGML erlaubt es, dass bestimmte Dokumentabschnitte
@@ -1811,7 +1811,7 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
<para>Kombiniert man <literal>IGNORE</literal> hingegen mit
<link
- linkend="sgml-primer-parameter-entities">Parameterentit�ten</link>,
+ linkend="xml-primer-parameter-entities">Parameterentit�ten</link>,
steht so ein Weg zur Verf�gung, um dessen Anwendung
besser steuern zu k�nnen. Zwar k�nnen
Parameterentit�ten nur in einem SGML-Kontext einsetzt
@@ -1923,8 +1923,8 @@ onsgmls:beispiel.xml:6:8:E: end tag for "HEAD" which is not finished</screen>
</sect2>
</sect1>
- <sect1 id="sgml-primer-conclusion">
- <title>Schlu�bemerkung</title>
+ <sect1 id="xml-primer-conclusion">
+ <title>Schlussbemerkung</title>
<para>Aus Platzgr�nden, und um der Verst�ndlichkeit
Willen, wurden viele Gesichtspunkte nicht in aller Tiefe
diff --git a/de_DE.ISO8859-1/books/fdp-primer/structure/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/structure/chapter.xml
index 39c7607cf4..33915bf998 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/structure/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/structure/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38868
+ basiert auf: r39632
-->
<chapter id="structure">
@@ -216,7 +216,7 @@
<title><filename>Makefile</filename></title>
<para>Das <filename>Makefile</filename> definiert verschiedene
- Variablen zur Konvertierung der SGML-Quellen in andere
+ Variablen zur Konvertierung der XML-Quellen in andere
Formate. Au�erdem listet es die verschiedenen Dateien
auf, aus denen das Handbuch gebaut wird. Zus�tzlich
wird die Standard-<filename>doc.project.mk</filename>
@@ -228,17 +228,17 @@
<title><filename>book.xml</filename></title>
<para>Das Hauptdokument innerhalb des Handbuchs. Neben der
- <link linkend="sgml-primer-doctype-declaration">
+ <link linkend="xml-primer-doctype-declaration">
DOCTYPE-Deklaration</link> des Handbuchs werden hier auch
die Elemente aufgelistet, die die Struktur des Handbuchs
definieren.</para>
<para><filename>book.xml</filename> verwendet <link
- linkend="sgml-primer-parameter-entities">
+ linkend="xml-primer-parameter-entities">
Parameterentit�ten</link>, um Dateien mit der
Endung <filename>.ent</filename> zu laden. Diese
Dateien definieren die <link
- linkend="sgml-primer-general-entities">allgemeinen
+ linkend="xml-primer-general-entities">allgemeinen
Entit�ten</link>, die innerhalb des Handbuchs
verwendet werden.</para>
</sect4>
@@ -265,8 +265,8 @@
<filename>kernelconfig</filename>. Im Allgemeinen
enth�lt diese Datei das komplette Kapitel.</para>
- <para>Wird die HTML-Version des Handbuchs gebaut, entsteht
- dadurch die HTML-Datei
+ <para>Wird die XHTML-Version des Handbuchs gebaut, entsteht
+ dadurch
<filename>kernelconfig.html</filename>. Der Grund
daf�r ist allerdings der Wert des
<literal>id</literal>-Attributs, und nicht der Name des
@@ -285,7 +285,7 @@
werden zentral im Verzeichnis <filename
class="directory">share/images/books/handbook</filename>
gespeichert. Existiert eine lokalisierte Version eines
- Bildes, wird diese hingegen gemeinsam mit dem SGML-Quellcode
+ Bildes, wird diese hingegen gemeinsam mit dem XML-Quellcode
im gleichen Verzeichnis gespeichert. Ein Vorteil
dieser Methode ist beispielsweise die Vermeidung von
Namenskollisionen. Au�erdem ist es
@@ -313,7 +313,7 @@
</important>
<para>Die Datei <filename>chapter.xml</filename> ist keine
- komplette SGML-Datei, da unter anderem die Zeilen mit
+ komplette XML-Datei, da unter anderem die Zeilen mit
der DOCTYPE-Deklaration am Beginn der Datei nicht
vorhanden sind.</para>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/stylesheets/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/stylesheets/chapter.xml
index c578236df5..7047aa418c 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/stylesheets/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/stylesheets/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38869
+ basiert auf: r39632
-->
<chapter id="stylesheets">
@@ -54,7 +54,7 @@
beispielsweise DynaText, Panorama, SPICE, JSSS, FOSI, CSS, DSSSL
und andere mehr.</para>
- <para>DocBook verwendet in DSSSL geschriebene Stylesheets. HTML
+ <para>DocBook verwendet in DSSSL geschriebene Stylesheets. XHTML
verwendet hingegen in CSS geschriebene Stylesheets.</para>
<sect1 id="stylesheets-dsssl">
@@ -80,8 +80,8 @@
<title>CSS</title>
<para>Cascading Stylesheets (CSS) erlauben es, Elementen eines
- HTML-Dokuments Formatangaben (wie Schriftart, Gr��e,
- Schriftfarbe und andere mehr) zuzuweisen, ohne das HTML-Dokument
+ XHTML-Dokuments Formatangaben (wie Schriftart, Gr��e,
+ Schriftfarbe und andere mehr) zuzuweisen, ohne das XHTML-Dokument
mit diesen Informationen zu �berfrachten.</para>
<sect2>
@@ -89,10 +89,10 @@
<para>The FreeBSD DSSSL-Stylesheets enthalten eine Referenz auf
ein Stylesheet namens <filename>docbook.css</filename>, das sich
- im gleichen Verzeichnis wie die HTML-Dateien befindet. Diese
+ im gleichen Verzeichnis wie die XHTML-Dateien befindet. Diese
projektweite CSS-Datei wird automatisch von
<filename>doc/share/misc/docbook.css</filename> kopiert und
- installiert, wenn DocBook-Dokumente nach HTML konvertiert
+ installiert, wenn DocBook-Dokumente nach XHTML konvertiert
werden.</para>
</sect2>
</sect1>
diff --git a/de_DE.ISO8859-1/books/fdp-primer/the-website/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/the-website/chapter.xml
index 76f757a07f..a1adb37ffe 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/the-website/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/the-website/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38870
+ basiert auf: r41125
-->
<chapter id="the-website">
@@ -83,7 +83,15 @@
<para>Um alle zum Bau der Webseite ben�tigten Quellen
auszuchecken, f�hren Sie den folgenden Befehl aus:</para>
- <screen>&prompt.root; <userinput><command>svn checkout svn://svn.FreeBSD.org/doc/head/ <replaceable>/usr/build</replaceable></command></userinput></screen>
+<screen>&prompt.root; <userinput><command>svn checkout <replaceable>https://svn0.us-
+east.FreeBSD.org</replaceable>/doc/head/ <replaceable>/usr/build</replaceable></command></userinput></screen>
+
+ <para><ulink
+ url="https://svn0.us-east.FreeBSD.org/">svn0.us-east.FreeBSD.org</ulink>
+ ist ein �ffentlicher Server. W�hlen Sie einen Mirror in Ihrer
+ N�he und �berpr�fen Sie das Serverzertifikat aus der Liste
+ <ulink url="&url.books.handbook;/svn-mirrors.html">Subversion
+ mirror sites</ulink>.</para>
<tip>
<para>Falls Sie <command>svn</command> nicht als Benutzer
diff --git a/de_DE.ISO8859-1/books/fdp-primer/tools/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/tools/chapter.xml
index bcdcbd7d7e..5cad0b9773 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/tools/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/tools/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38826
+ basiert auf: r39631
-->
<chapter id="tools">
@@ -110,7 +110,7 @@
<para>Die folgenden Programme sind notwendig, um sinnvoll
an der FreeBSD-Dokumentation arbeiten und diese in andere
Formate wie HTML, reinen Text und RTF umwandeln zu
- k�nnen. Sie m�ssen diese aber nicht seperat
+ k�nnen. Sie m�ssen diese aber nicht separat
installieren, da alle Programme automatisch durch den
Metaport <filename
role="package">textproc/docproj</filename> installiert
diff --git a/de_DE.ISO8859-1/books/fdp-primer/translations/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/translations/chapter.xml
index ed36ca7129..3ccb09e9c5 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/translations/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/translations/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38888
+ basiert auf: r41125
-->
<chapter id="translations">
@@ -154,7 +154,17 @@
Subversion-Repository (als Minimum den Dokumentationsteil)
anzulegen. Dazu geben Sie den folgenden Befehl ein:</para>
- <screen>&prompt.user; <userinput><command>svn</command> checkout svn://svn.FreeBSD.org/doc/head/ head</userinput></screen>
+ <screen>&prompt.user; <userinput><command>svn</command> checkout <replaceable>https://svn0.us-east.FreeBSD.org</replaceable>/doc/head/ head</userinput></screen>
+
+ <note>
+ <para><ulink
+ url="https://svn0.us-east.FreeBSD.org/">svn0.us-east.FreeBSD.org</ulink>
+ ist ein �ffentlicher Server. W�hlen Sie einen Mirror in
+ Ihrer N�he und �berpr�fen Sie das Serverzertifikat auf der
+ Seite <ulink
+ url="&url.books.handbook;/svn-mirrors.html">Subversion
+ mirror sites</ulink>.</para>
+ </note>
<note>
<para>Damit dieser Befehl funktioniert, muss der Port
diff --git a/de_DE.ISO8859-1/books/fdp-primer/writing-style/chapter.xml b/de_DE.ISO8859-1/books/fdp-primer/writing-style/chapter.xml
index 7739ae90bd..5dc80f2671 100644
--- a/de_DE.ISO8859-1/books/fdp-primer/writing-style/chapter.xml
+++ b/de_DE.ISO8859-1/books/fdp-primer/writing-style/chapter.xml
@@ -30,7 +30,7 @@
$FreeBSD$
$FreeBSDde$
- basiert auf: r38872
+ basiert auf: r40542
-->
<chapter id="writing-style">
@@ -131,12 +131,12 @@
zweiten Beispiels.</para>
<informalexample>
- <para>Verwenden Sie den Befehl <command>cvsup</command>, um
+ <para>Verwenden Sie den Befehl <command>svn</command>, um
Ihre Quellen zu aktualisieren.</para>
</informalexample>
<informalexample>
- <para>Verwenden Sie <command>cvsup</command>, um Ihre Quellen
+ <para>Verwenden Sie <command>svn</command>, um Ihre Quellen
zu aktualisieren.</para>
</informalexample>
diff --git a/de_DE.ISO8859-1/htdocs/ports/Makefile b/de_DE.ISO8859-1/htdocs/ports/Makefile
index f5dea5f3d5..4c197e2dfc 100644
--- a/de_DE.ISO8859-1/htdocs/ports/Makefile
+++ b/de_DE.ISO8859-1/htdocs/ports/Makefile
@@ -27,7 +27,7 @@ ${INDEX}:
.endif
HOSTNAME!= hostname
-.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org"
+.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org" || ${HOSTNAME} == "build-web.stream.FreeBSD.org"
CLUSTER_MACHINE= YES
.endif
diff --git a/de_DE.ISO8859-1/htdocs/where.xml b/de_DE.ISO8859-1/htdocs/where.xml
index ea5a390df7..010f8b84c5 100644
--- a/de_DE.ISO8859-1/htdocs/where.xml
+++ b/de_DE.ISO8859-1/htdocs/where.xml
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
"http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
<!ENTITY dedate "$FreeBSDde$">
-<!ENTITY reference "basiert auf: r41232">
+<!ENTITY reference "basiert auf: r41269">
<!ENTITY title "FreeBSD Bezugsquellen">
<!ENTITY url.rel "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases">
]>
@@ -76,7 +76,7 @@
</tr>
<tr>
<td></td>
- <td>amd64</td>
+ <td>amd64<br/>(x86-64, x64)</td>
<td><a href="&url.rel;/amd64/amd64/&rel.current;-RELEASE">[Distribution]</a></td>
<td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&rel.current;/">[ISO]</a></td>
</tr>
@@ -122,7 +122,7 @@
</tr>
<tr>
<td></td>
- <td>amd64</td>
+ <td>amd64<br/>(x86-64, x64)</td>
<td><a href="&url.rel;/amd64/&rel2.current;-RELEASE">[Distribution]</a></td>
<td><a href="&url.rel;/amd64/ISO-IMAGES/&rel2.current;/">[ISO]</a></td>
</tr>
@@ -157,7 +157,7 @@
</tr>
<tr>
<td></td>
- <td>amd64</td>
+ <td>amd64<br/>(x86-64, x64)</td>
<td><a href="&url.rel;/amd64/&rel3.current;-RELEASE">[Distribution]</a></td>
<td colspan="2" align="right"><a href="&url.rel;/amd64/ISO-IMAGES/&rel3.current;/">[ISO]</a></td>
</tr>
diff --git a/de_DE.ISO8859-1/share/xml/news.xml b/de_DE.ISO8859-1/share/xml/news.xml
index 38460194a4..3a09d17989 100644
--- a/de_DE.ISO8859-1/share/xml/news.xml
+++ b/de_DE.ISO8859-1/share/xml/news.xml
@@ -4,7 +4,7 @@
<!--
$FreeBSD$
$FreeBSDde$
- basiert auf: r41225
+ basiert auf: r41381
-->
<!-- Simple schema for FreeBSD Project news.
@@ -38,9 +38,55 @@
<year>
<name>2013</name>
+ <month>
+ <name>4</name>
+
+ <day>
+ <name>3</name>
+
+ <event>
+ <p>Erweiterte Commit-Privilegien: <a
+ href="mailto:antoine@FreeBSD.org">Antoine Brodin</a> (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>1</name>
+
+ <event>
+ <p>Neuer Committer: <a
+ href="mailto:wg@FreeBSD.org">William Grzybowski</a> (ports)</p>
+ </event>
+ </day>
+ </month>
+
<month>
<name>3</name>
+ <day>
+ <name>27</name>
+
+ <event>
+ <p>Erweiterte Commit-Privilegien: <a
+ href="mailto:tijl@FreeBSD.org">Tijl Coosemans</a> (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>22</name>
+
+ <event>
+ <title>&os; 8.4-BETA1 verf�gbar</title>
+
+ <p>Die erste BETA-Version aus dem &os;-8.4-Releasezyklus ist
+ <a href="&lists.stable;/2013-March/072913.html">verf�gbar</a>.
+ ISO-Images f�r die Architekturen amd64, i386 sowie
+ pc98 sind inzwischen auf den meisten <a
+ href="&enbase;/doc/de_DE.ISO8859-1/books/handbook/mirrors-ftp.html">&os;
+ Spiegelservern</a> vorhanden.</p>
+ </event>
+ </day>
+
<day>
<name>14</name>
diff --git a/de_DE.ISO8859-1/share/xml/release.l10n.ent b/de_DE.ISO8859-1/share/xml/release.l10n.ent
index 7685ffd9dc..4e5d8bcdcf 100644
--- a/de_DE.ISO8859-1/share/xml/release.l10n.ent
+++ b/de_DE.ISO8859-1/share/xml/release.l10n.ent
@@ -1,4 +1,9 @@
<?xml version="1.0" encoding="iso-8859-1"?>
+<!--
+ $FreeBSD$
+ $FreeBSDde$
+ basiert auf: r41289
+-->
<![%beta2.testing;[
<!ENTITY beta.plural 'en'>
]]>
@@ -85,39 +90,47 @@
<td colspan="2">Version & Plattform</td>
<td>Distribution</td>
<td title="ISO9660 CD image"><a href="&enbase;/doc/de_DE.ISO8859-1/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
- <td>Statusseite</td>
+ <!--<td>Statusseite</td>-->
</tr>
</thead>
<tbody>
<tr>
<td colspan="2">FreeBSD &betarel.current;-&betarel.vers;</td>
<td colspan="2"></td>
- <td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[Lesen]</a></td>
+ <!--<td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[View]</a></td>-->
</tr>
<tr>
<td></td>
- <td>amd64</td>
- <td><a href="&url.rel;/amd64/amd64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td>amd64<br/>(x86-64, x64)</td>
+ <td><a href="&url.rel;/amd64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>i386</td>
- <td><a href="&url.rel;/i386/i386/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/i386/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/i386/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ </tr>
+ <tr>
+ <td></td>
+ <td>pc98</td>
+ <td><a href="&url.rel;/pc98/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/pc98/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ </tr>
+ <!--
+ <tr>
+ <td></td>
+ <td>sparc64</td>
+ <td><a href="&url.rel;/sparc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>powerpc64</td>
- <td><a href="&url.rel;/powerpc/powerpc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/powerpc/powerpc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
- </tr>
- <tr>
- <td></td>
- <td>sparc64</td>
- <td><a href="&url.rel;/sparc64/sparc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/sparc64/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/powerpc/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/powerpc/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
+ -->
</tbody>
</table>
diff --git a/en_US.ISO8859-1/articles/contributors/contrib.additional.xml b/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
index a695819954..5e1fcb9f59 100644
--- a/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
+++ b/en_US.ISO8859-1/articles/contributors/contrib.additional.xml
@@ -843,6 +843,11 @@
<email>a.reilly@lake.com</email></para>
</listitem>
+ <listitem>
+ <para>Andrew Romanenko
+ <email>melanhit@gmail.com</email></para>
+ </listitem>
+
<listitem>
<para>Andrew S. Midthune
<email>amidthune@cableone.net</email></para>
@@ -3574,6 +3579,11 @@
<email>xcas@cox.net</email></para>
</listitem>
+ <listitem>
+ <para>Greg Kennedy
+ <email>kennedy.greg@gmail.com</email></para>
+ </listitem>
+
<listitem>
<para>Greg Robinson
<email>greg@rosevale.com.au</email></para>
@@ -7408,6 +7418,11 @@
<email>nikola.lecic@anthesphoria.net</email></para>
</listitem>
+ <listitem>
+ <para>Nikola Kolev
+ <email>koue@chaosophia.net</email></para>
+ </listitem>
+
<listitem>
<para>Nikos Ntarmos
<email>ntarmos@ceid.upatras.gr</email></para>
@@ -10402,6 +10417,11 @@
<email>tzhuan@gmail.com</email></para>
</listitem>
+ <listitem>
+ <para>Tzanetos Balitsaris
+ <email>tzabal@it.teithe.gr</email></para>
+ </listitem>
+
<listitem>
<para>UMENO Takashi
<email>umeno@rr.iij4u.or.jp</email></para>
@@ -10793,11 +10813,6 @@
<email>wvengen@stack.nl</email></para>
</listitem>
- <listitem>
- <para>William Grzybowski
- <email>william88@gmail.com</email></para>
- </listitem>
-
<listitem>
<para>William Jolitz
<email>withheld</email></para>
diff --git a/en_US.ISO8859-1/articles/contributors/contrib.committers.xml b/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
index e680c609b8..d79f3d4082 100644
--- a/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
+++ b/en_US.ISO8859-1/articles/contributors/contrib.committers.xml
@@ -495,6 +495,10 @@
<para>&a.edwin;</para>
</listitem>
+ <listitem>
+ <para>&a.wg;</para>
+ </listitem>
+
<listitem>
<para>&a.bar;</para>
</listitem>
diff --git a/en_US.ISO8859-1/articles/freebsd-questions/article.xml b/en_US.ISO8859-1/articles/freebsd-questions/article.xml
index 63acc47dc7..0ea4545f87 100644
--- a/en_US.ISO8859-1/articles/freebsd-questions/article.xml
+++ b/en_US.ISO8859-1/articles/freebsd-questions/article.xml
@@ -19,7 +19,6 @@
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.microsoft;
- &tm-attrib.netscape;
&tm-attrib.opengroup;
&tm-attrib.qualcomm;
&tm-attrib.general;
@@ -308,10 +307,6 @@ your options page that will email your current password to you.</literallayout>
them:</para>
<itemizedlist>
- <listitem>
- <para>cc:Mail</para>
- </listitem>
-
<listitem>
<para>&eudora;</para>
</listitem>
@@ -324,23 +319,12 @@ your options page that will email your current password to you.</literallayout>
<para>µsoft; Exchange</para>
</listitem>
- <listitem>
- <para>µsoft; Internet Mail</para>
- </listitem>
-
<listitem>
<para>µsoft; &outlook;</para>
</listitem>
-
- <listitem>
- <para>&netscape;</para>
- </listitem>
</itemizedlist>
- <para>As you can see, the mailers in the Microsoft world are frequent
- offenders. If at all possible, use a &unix; mailer. If you must use a
- mailer under Microsoft environments, make sure it is set up
- correctly. Try not to use <acronym>MIME</acronym>: a lot of people
+ <para>Try not to use <acronym>MIME</acronym>: a lot of people
use mailers which do not get on very well with
<acronym>MIME</acronym>.</para>
</listitem>
diff --git a/en_US.ISO8859-1/articles/freebsd-update-server/article.xml b/en_US.ISO8859-1/articles/freebsd-update-server/article.xml
index 8c2ff9996a..3eb9bec50b 100644
--- a/en_US.ISO8859-1/articles/freebsd-update-server/article.xml
+++ b/en_US.ISO8859-1/articles/freebsd-update-server/article.xml
@@ -505,7 +505,7 @@ Wed Aug 26 12:50:07 PDT 2009 Cleaning staging area for FreeBSD/amd64 7.2-RELEASE
<literal>ServerName</literal> in
<filename>/etc/freebsd-update.conf</filename>, and perform updates as
instructed in the <ulink
- url="&url.books.handbook;/updating-freebsdupdate.html">&os;
+ url="&url.books.handbook;/updating-upgrading-freebsdupdate.html">&os;
Update</ulink>
<!-- One sentence, two instances of 'in'. We can probably reword this
part to avoid repetition. -->
diff --git a/en_US.ISO8859-1/articles/portbuild/article.xml b/en_US.ISO8859-1/articles/portbuild/article.xml
index 8076215730..02effad991 100644
--- a/en_US.ISO8859-1/articles/portbuild/article.xml
+++ b/en_US.ISO8859-1/articles/portbuild/article.xml
@@ -628,19 +628,19 @@ PKG_BIN=/usr/local/sbin/pkg</programlisting>
<example>
<title>Update the i386-7 tree and do a complete build</title>
- <screen>&prompt.user; <userinput>dopackages.wrapper i386 7 -nosrc -norestr -nofinish</userinput></screen>
+ <screen>&prompt.user; <userinput>dopackages.wrapper i386 8 latest -nosrc -norestr -nofinish</userinput></screen>
</example>
<example>
<title>Restart an interrupted amd64-8 build without updating</title>
- <screen>&prompt.user; <userinput>dopackages.wrapper amd64 8 -nosrc -noports -norestr -continue -noindex -noduds -nofinish</userinput></screen>
+ <screen>&prompt.user; <userinput>dopackages.wrapper amd64 8 latest -nosrc -noports -norestr -continue -noindex -noduds -nofinish</userinput></screen>
</example>
<example>
- <title>Post-process a completed sparc64-7 tree</title>
+ <title>Post-process a completed sparc64-8 tree</title>
- <screen>&prompt.user; <userinput>dopackages.wrapper sparc64 7 -finish</userinput></screen>
+ <screen>&prompt.user; <userinput>dopackages.wrapper sparc64 8 -finish</userinput></screen>
</example>
<para>Hint: it is usually best to run the <command>dopackages</command>
@@ -1358,7 +1358,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/53837/compat/linux/proc failed!
<para>The following command will set up the control branch for
the partial build:</para>
- <screen>&prompt.user; <userinput>/a/portbuild/scripts/dopackages.wrapper i386 8 -noportsvcs -nobuild -novcs -nofinish</userinput></screen>
+ <screen>&prompt.user; <userinput>/a/portbuild/scripts/dopackages.wrapper i386 8 latest -noportsvcs -nobuild -novcs -nofinish</userinput></screen>
<!-- XXX MCL obsolete -->
<para>The builds must be performed from the
@@ -1707,8 +1707,8 @@ sshd_program="/usr/local/sbin/sshd"</programlisting>
cache on the client, add the following</para>
<programlisting>squid_enable="YES"
-squid_chdir="<filename>/<replaceable>usr2</replaceable>/squid/logs</filename>"
-squid_pidfile="<filename>/<replaceable>usr2</replaceable>/squid/logs/squid.pid</filename>"</programlisting>
+squid_chdir="<filename>/<replaceable>a</replaceable>/squid/logs</filename>"
+squid_pidfile="<filename>/<replaceable>a</replaceable>/squid/logs/squid.pid</filename>"</programlisting>
<para>Required entries for VMWare-based nodes:</para>
<programlisting>vmware_guest_vmmemctl_enable="YES"
@@ -1729,8 +1729,8 @@ sshd_program="/usr/local/sbin/sshd"
gmond_enable="YES"
squid_enable="YES"
-squid_chdir="<filename>/<replaceable>usr2</replaceable>/squid/logs</filename>"
-squid_pidfile="<filename>/<replaceable>usr2</replaceable>/squid/logs/squid.pid</filename>"</programlisting>
+squid_chdir="<filename>/<replaceable>a</replaceable>/squid/logs</filename>"
+squid_pidfile="<filename>/<replaceable>a</replaceable>/squid/logs/squid.pid</filename>"</programlisting>
<para>&man.ntpd.8; should <emphasis>not</emphasis>
be enabled for VMWare instances.</para>
@@ -1738,7 +1738,7 @@ squid_pidfile="<filename>/<replaceable>usr2</replaceable>/squid/logs/squid.pid</
<para>Also, it may be possible to leave
<application>squid</application> disabled by default
so as to not have
- <filename>/<replaceable>usr2</replaceable></filename>
+ <filename>/<replaceable>a</replaceable></filename>
persistent (which should save instantiation time.)
Work is still ongoing.
</para>
@@ -1753,7 +1753,7 @@ squid_pidfile="<filename>/<replaceable>usr2</replaceable>/squid/logs/squid.pid</
<para>Modify <filename>etc/sysctl.conf</filename>:</para>
<screen>9a10,30
-> kern.corefile=<filename>/<replaceable>usr2</replaceable>/%N.core</filename>
+> kern.corefile=<filename>/<replaceable>a</replaceable>/%N.core</filename>
> kern.sugid_coredump=1
> #debug.witness_ddb=0
> #debug.witness_watch=0
@@ -1808,7 +1808,7 @@ security/sudo</programlisting>
<para>If you are using a local <application>squid</application>
cache on the client, install the following</para>
- <programlisting>www/squid (with SQUID_AUFS on)</programlisting>
+ <programlisting>www/squid31 (with SQUID_AUFS on)</programlisting>
</step>
<step>
@@ -1861,7 +1861,7 @@ security/sudo</programlisting>
#
# Configure a package build system post-boot
-scratchdir=<filename>/<replaceable>usr2</replaceable></filename>
+scratchdir=<filename>/<replaceable>a</replaceable></filename>
ln -sf ${scratchdir}/portbuild /var/
diff --git a/en_US.ISO8859-1/articles/releng/article.xml b/en_US.ISO8859-1/articles/releng/article.xml
index 2f92b6a7bc..6f855f1f03 100644
--- a/en_US.ISO8859-1/articles/releng/article.xml
+++ b/en_US.ISO8859-1/articles/releng/article.xml
@@ -44,8 +44,6 @@
<pubdate>$FreeBSD$</pubdate>
- <releaseinfo>$FreeBSD$</releaseinfo>
-
<abstract>
<para>
<warning>
diff --git a/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml b/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
index aa80bb4bf9..b901c833e4 100644
--- a/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
+++ b/en_US.ISO8859-1/books/developers-handbook/kerneldebug/chapter.xml
@@ -695,9 +695,9 @@
debugging information. Copy this kernel to the target machine, strip
the debugging symbols off with <command>strip -x</command>, and boot it
using the <option>-d</option> boot option. Connect the serial line
- of the target machine that has "flags 080" set on its sio device
- to any serial line of the debugging host. See &man.sio.4; for
- information on how to set the flags on an sio device.
+ of the target machine that has "flags 080" set on its uart device
+ to any serial line of the debugging host. See &man.uart.4; for
+ information on how to set the flags on an uart device.
Now, on the debugging machine, go to the compile directory of the target
kernel, and start <command>gdb</command>:</para>
@@ -712,7 +712,7 @@ Copyright 1996 Free Software Foundation, Inc...
<para>Initialize the remote debugging session (assuming the first serial
port is being used) by:</para>
- <screen><prompt>(kgdb)</prompt> <userinput>target remote /dev/cuaa0</userinput></screen>
+ <screen><prompt>(kgdb)</prompt> <userinput>target remote /dev/cuau0</userinput></screen>
<para>Now, on the target host (the one that entered DDB right before even
starting the device probe), type:</para>
@@ -730,7 +730,7 @@ Stopped at Debugger+0x35: movb $0, edata+0x51bc
immediately, simply type <command>s</command> (step). Your hosting GDB
will now gain control over the target kernel:</para>
- <screen>Remote debugging using /dev/cuaa0
+ <screen>Remote debugging using /dev/cuau0
Debugger (msg=0xf01b0383 "Boot flags requested debugger")
at ../../i386/i386/db_interface.c:257
<prompt>(kgdb)</prompt></screen>
diff --git a/en_US.ISO8859-1/books/faq/book.xml b/en_US.ISO8859-1/books/faq/book.xml
index fe14d6d59b..fb6bc89e00 100644
--- a/en_US.ISO8859-1/books/faq/book.xml
+++ b/en_US.ISO8859-1/books/faq/book.xml
@@ -21,7 +21,7 @@
<book lang='en'>
<bookinfo>
<title>Frequently Asked Questions for &os;
- &rel2.relx;, and &rel.relx;</title>
+ &rel2.relx;, and &rel.relx;</title>
<corpauthor>The &os; Documentation Project</corpauthor>
@@ -69,7 +69,7 @@
<abstract>
<para>This is the FAQ for &os; versions &rel2.relx; and
- &rel.relx;. Every effort has been made to make this FAQ as
+ &rel.relx;. Every effort has been made to make this FAQ as
informative as possible; if you have any suggestions as to how
it may be improved, please feel free to mail them to the
&a.doc;.</para>
@@ -81,7 +81,7 @@
url="book.html">HTML</ulink> file with HTTP or as a variety
of other formats from the <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">&os; FTP
- server</ulink>.</para>
+ server</ulink>.</para>
</abstract>
</bookinfo>
@@ -332,13 +332,13 @@
&rel2.relx; series was the one known as
<emphasis>-STABLE</emphasis>. However, as of
&rel.head.relx;, the
- &rel2.relx;. branch will be designated for
+ &rel2.relx; branch will be designated for
an <quote>extended support</quote> status and receive only
fixes for major problems, such as security-related fixes.
- There will be no more releases made from the
+ <!--There will be no more releases made from the
&rel2.stable; branch, and it is considered a
<quote>legacy</quote> branch and most current work will only
- become a part of &rel.stable; and &rel2.stable;.</para>
+ become a part of &rel.stable; and &rel2.stable;.--></para>
<para>Version <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/i386/&rel.current;-RELEASE/">&rel.current;</ulink>
@@ -370,8 +370,8 @@
<para>More information on &os; releases can be found on the
<ulink
- url="http://www.FreeBSD.org/releng/index.html">Release Engineering page</ulink>
- on the &os; Web site.</para>
+ url="http://www.FreeBSD.org/releng/index.html#release-build">Release Engineering page</ulink>
+ and in &man.release.7;.</para>
</answer>
</qandaentry>
@@ -513,7 +513,7 @@
pages on the &os; Web site.</para>
<para>For people who need or want a little more excitement,
- binary snapshots are made daily as discussed above.</para>
+ binary snapshots are made weekly as discussed above.</para>
</answer>
</qandaentry>
@@ -1501,7 +1501,7 @@
<qandaentry>
<question id="archsw-readin-failed-error">
<para>Why do I get an error message,
- <errorname>archsw.readin.failed</errorname> after compiling
+ <errorname>readin failed</errorname> after compiling
and booting a new kernel?</para>
</question>
@@ -1895,7 +1895,7 @@
<answer>
<para>The answer is, unfortunately, <quote>It
- depends</quote>. These mice with additional features
+ depends</quote>. These mice with additional features
require specialized driver in most cases. Unless the
mouse device driver or the user program has specific
support for the mouse, it will act just like a standard
@@ -2149,7 +2149,7 @@ bindkey ^[[3~ delete-char # for xterm</programlisting>
<qandaentry>
<question id="trap-12-panic">
<para>My system crashes with either <errorname>Fatal trap 12:
- page fault in kernel mode</errorname>, or
+ page fault in kernel mode</errorname>, or
<errorname>panic:</errorname>, and spits out a bunch of
information. What should I do?</para>
</question>
@@ -2210,7 +2210,7 @@ bindkey ^[[3~ delete-char # for xterm</programlisting>
<question id="mail-loopback">
<para>Why does <application>sendmail</application> give me an
error reading <errorname>mail loops back to
- myself</errorname>?</para>
+ myself</errorname>?</para>
</question>
<answer>
@@ -2412,7 +2412,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
<qandaentry>
<question id="indefinite-wait-buffer">
<para>What does the error <errorname>swap_pager: indefinite
- wait buffer:</errorname> mean?</para>
+ wait buffer:</errorname> mean?</para>
</question>
<answer>
@@ -2431,7 +2431,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
<qandaentry>
<question id="lock-order-reversal">
<para>What is a <errorname>lock order
- reversal</errorname>?</para>
+ reversal</errorname>?</para>
</question>
<answer>
@@ -2473,7 +2473,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
<qandaentry>
<question id="called-with-non-sleepable-locks-held">
<para>What does <errorname>Called ... with the following
- non-sleepable locks held</errorname> mean?</para>
+ non-sleepable locks held</errorname> mean?</para>
</question>
<answer>
@@ -2511,7 +2511,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
<para>Why does
<maketarget>buildworld</maketarget>/<maketarget>installworld</maketarget>
die with the message <errorname>touch: not
- found</errorname>?</para>
+ found</errorname>?</para>
</question>
<answer>
@@ -2777,7 +2777,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
compare for yourself the memory utilization of all these
shells by looking at the <quote>VSZ</quote> and
<quote>RSS</quote> columns in a <command>ps
- <option>-u</option></command> listing.)</para>
+ <option>-u</option></command> listing.)</para>
</answer>
</qandaentry>
@@ -2811,7 +2811,7 @@ kern.timecounter.hardware: TSC -> i8254</screen>
<answer>
<para>The open-source <application><ulink
- url="http://www.openoffice.org">Apache OpenOffice</ulink></application>
+ url="http://www.openoffice.org">Apache OpenOffice</ulink></application>
and <application><ulink
url="http://www.libreoffice.org">LibreOffice</ulink></application>
office suites work natively on &os;.</para>
@@ -3375,13 +3375,13 @@ C:\="DOS"</programlisting>
&man.sysinstall.8; copies the partition table before copying
<filename>/boot/boot0</filename> to the MBR.</para>
- <warning>
- <para><emphasis>Do not simply copy
+ <warning>
+ <para><emphasis>Do not simply copy
<filename>/boot/boot0</filename> instead of
<filename>/boot/boot1</filename>; you will overwrite
your partition table and render your computer
un-bootable!</emphasis></para>
- </warning>
+ </warning>
<para>When the &os; boot manager runs it records the last OS
booted by setting the active flag on the partition table
@@ -3546,7 +3546,7 @@ C:\="DOS"</programlisting>
<qandaentry>
<question id="mount-cd-superblock">
<para>Why do I get <errorname>Incorrect super
- block</errorname> when mounting a CD-ROM?</para>
+ block</errorname> when mounting a CD-ROM?</para>
</question>
<answer>
@@ -3561,7 +3561,7 @@ C:\="DOS"</programlisting>
<qandaentry>
<question id="cdrom-not-configured">
<para>Why do I get <errorname>Device not
- configured</errorname> when mounting a CD-ROM?</para>
+ configured</errorname> when mounting a CD-ROM?</para>
</question>
<answer>
@@ -3624,7 +3624,7 @@ C:\="DOS"</programlisting>
<qandaentry>
<question id="mount-audio-CD">
<para>Why can I not <command>mount</command> an audio
- CD?</para>
+ CD?</para>
</question>
<answer>
@@ -3888,7 +3888,7 @@ C:\="DOS"</programlisting>
because part of the ARC is holding the L2ARC index,
pushing part of the working set into the
L2ARC which is slower than RAM.</para>
- </answer>
+ </answer>
</qandaentry>
<qandaentry>
@@ -4022,8 +4022,8 @@ C:\="DOS"</programlisting>
<qandaentry>
<question id="root-not-found-cron-errors">
<para>Why do I keep getting messages like <errorname>root: not
- found</errorname> after editing
- <filename>/etc/crontab</filename></para>
+ found</errorname> after editing
+ <filename>/etc/crontab</filename></para>
</question>
<answer>
@@ -4071,7 +4071,7 @@ C:\="DOS"</programlisting>
<qandaentry>
<question id="su-wheel-group">
<para>Why do I get the error, <errorname>you are not in the
- correct group to su root</errorname> when I try to
+ correct group to su root</errorname> when I try to
<command>su</command> to <username>root</username>?</para>
</question>
@@ -4283,7 +4283,7 @@ options SYSVMSG # enable for messaging</programlisting>
different mail-servers to chose from is considered a good
thing; therefore try to avoid asking questions like
<quote>Is <application>sendmail</application> better than
- <application>qmail</application>?</quote> in the mailing
+ <application>qmail</application>?</quote> in the mailing
lists. If you do feel like asking, first check the mailing
list archives. The advantages and disadvantages of each and
every one of the available MTAs have already been discussed
@@ -4441,7 +4441,7 @@ options SYSVMSG # enable for messaging</programlisting>
<answer>
<para>Short answer: it is just a name.
<emphasis>RC</emphasis> stands for <quote>Release
- Candidate</quote>. It signifies that a release is imminent.
+ Candidate</quote>. It signifies that a release is imminent.
In &os;, <emphasis>-PRERELEASE</emphasis> is typically
synonymous with the code freeze before a release. (For some
releases, the <emphasis>-BETA</emphasis> label was used in
@@ -4451,7 +4451,7 @@ options SYSVMSG # enable for messaging</programlisting>
places. Major, dot-zero, releases, such as 9.0-RELEASE
are branched from the head of the development
stream, commonly referred to as <link
- linkend="current">-CURRENT</link>. Minor releases, such as
+ linkend="current">-CURRENT</link>. Minor releases, such as
6.3-RELEASE or 5.2-RELEASE, have been snapshots of the
active <link linkend="stable">-STABLE</link> branch.
Starting with 4.3-RELEASE, each release also now has its own
@@ -4574,7 +4574,7 @@ options SYSVMSG # enable for messaging</programlisting>
<para>You are running at an elevated (i.e., greater than 0)
securelevel. Lower the securelevel and try again. For more
information, see <link linkend="securelevel">the FAQ entry
- on securelevel</link> and the &man.init.8; manual
+ on securelevel</link> and the &man.init.8; manual
page.</para>
</answer>
</qandaentry>
@@ -4634,7 +4634,7 @@ options SYSVMSG # enable for messaging</programlisting>
<command>top</command> mean?</para>
</question>
-<!-- Provided by John Dyson via Usenet -->
+ <!-- Provided by John Dyson via Usenet -->
<answer>
<itemizedlist>
<listitem>
@@ -4701,10 +4701,10 @@ options SYSVMSG # enable for messaging</programlisting>
<para>How much free memory is available?</para>
</question>
-<!-- Provided by John Dyson via Usenet -->
+ <!-- Provided by John Dyson via Usenet -->
<answer>
<para>There are a couple of kinds of <quote>free
- memory</quote>. One kind is the amount of memory
+ memory</quote>. One kind is the amount of memory
immediately available without paging anything else out.
That is approximately the size of cache queue + size of free
queue (with a derating factor, depending upon system
@@ -4744,7 +4744,7 @@ options SYSVMSG # enable for messaging</programlisting>
<question id="newsyslog-expectations">
<para>I just changed
<filename>/etc/newsyslog.conf</filename>. How can I check
- if it does what I expect?</para>
+ if it does what I expect?</para>
</question>
<answer>
@@ -4791,7 +4791,7 @@ options SYSVMSG # enable for messaging</programlisting>
<para>Many implementations are available for different
architectures and operating systems. An implementation of
the server-side code is properly known as an <literal>X
- server</literal>.</para>
+ server</literal>.</para>
</answer>
</qandaentry>
@@ -4948,7 +4948,7 @@ EndSection</programlisting>
</answer>
</qandaentry>
- <qandaentry>
+ <qandaentry>
<question id="x-and-synaptic">
<para>My laptop has a Synaptics touchpad. Can I use
it in X?</para>
@@ -5028,7 +5028,7 @@ EndSection</programlisting>
(hold down <keycap>Alt</keycap> and press
<keycap>F2</keycap>), and you will find a login prompt
waiting for you on the second <quote>virtual
- console</quote>! When you want to go back to the original
+ console</quote>! When you want to go back to the original
session, do <keycombo
action="simul"><keycap>Alt</keycap><keycap>F1</keycap></keycombo>.</para>
@@ -5065,7 +5065,7 @@ ttyvb "/usr/libexec/getty Pc" xterm on secure</programlisting>
cons25</quote> terminal type, and not <quote>
xterm</quote>. Existing entries in
<filename>/etc/ttys</filename> can be used on which to
- base new additions.</para>
+ base new additions.</para>
</note>
<important>
@@ -5195,7 +5195,7 @@ ttyvb "/usr/libexec/getty Pc" xterm off secure</programlisting>
<qandaentry>
<question id="xconsole-failure">
<para>Why do I get <errorname>Couldn't open
- console</errorname> when I run
+ console</errorname> when I run
<command>xconsole</command>?</para>
</question>
@@ -5247,7 +5247,11 @@ ttyvb "/usr/libexec/getty Pc" xterm off secure</programlisting>
<para>If this happens, disable the synchronization check code
by setting the driver flags for the PS/2 mouse driver to
<literal>0x100</literal>. This can be easiest achieved
- by adding <screen>hint.psm.0.flags="0x100"</screen> to
+ by adding
+
+ <screen>hint.psm.0.flags="0x100"</screen>
+
+ to
<filename>/boot/loader.conf</filename> and rebooting.</para>
</answer>
</qandaentry>
@@ -5429,13 +5433,13 @@ Key F15 A A Menu Workplace Nop</programlisting>
<para><quote>Diskless booting</quote> means that the &os;
box is booted over a network, and reads the necessary
files from a server instead of its hard disk. For full
- details, please read <ulink
- url="&url.books.handbook;/network-diskless.html">the Handbook entry on diskless booting</ulink>.</para>
- </answer>
- </qandaentry>
+ details, please read <ulink
+ url="&url.books.handbook;/network-diskless.html">the Handbook entry on diskless booting</ulink>.</para>
+ </answer>
+ </qandaentry>
- <qandaentry>
- <question id="router">
+ <qandaentry>
+ <question id="router">
<para>Can a &os; box be used as a dedicated network
router?</para>
</question>
@@ -5520,7 +5524,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<answer>
<para>If the alias is on the same subnet as an address already
configured on the interface, then add <literal>netmask
- 0xffffffff</literal> to your &man.ifconfig.8; command-line,
+ 0xffffffff</literal> to your &man.ifconfig.8; command-line,
as in the following:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>ed0</replaceable> alias <replaceable>192.0.2.2</replaceable> netmask 0xffffffff</userinput></screen>
@@ -5607,7 +5611,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<qandaentry>
<question id="network-permission-denied">
<para>Why do I get an error, <errorname>Permission
- denied</errorname>, for all networking operations?</para>
+ denied</errorname>, for all networking operations?</para>
</question>
<answer>
@@ -5710,7 +5714,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<qandaentry>
<question id="bpf-not-configured">
<para>Why do I get <errorname>/dev/bpf0: device not
- configured</errorname>?</para>
+ configured</errorname>?</para>
</question>
<answer>
@@ -5740,7 +5744,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<qandaentry>
<question id="icmp-response-bw-limit">
<para>What are these messages about: <errorname>Limiting
- icmp/open port/closed port response</errorname> in my log
+ icmp/open port/closed port response</errorname> in my log
files?</para>
</question>
@@ -5797,7 +5801,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<qandaentry>
<question id="unknown-hw-addr-format">
<para>What are these <errorname>arp: unknown hardware address
- format</errorname> error messages?</para>
+ format</errorname> error messages?</para>
</question>
<answer>
@@ -5814,7 +5818,7 @@ Key F15 A A Menu Workplace Nop</programlisting>
<qandaentry>
<question id="arp-wrong-iface">
<para>Why do I keep seeing messages like: <errorname>192.168.0.10 is on
- fxp1 but got reply from 00:15:17:67:cf:82 on rl0</errorname>, and how do I
+ fxp1 but got reply from 00:15:17:67:cf:82 on rl0</errorname>, and how do I
disable it?</para>
</question>
@@ -6412,7 +6416,7 @@ deny pred1 deflate deflate24 protocomp acfcomp shortseq vj</programlisting>
<answer>
<para>Occasionally, just after connecting, you may see
messages in the log that say <errorname>Magic is
- same</errorname>. Sometimes, these messages are harmless,
+ same</errorname>. Sometimes, these messages are harmless,
and sometimes one side or the other exits. Most PPP
implementations cannot survive this problem, and even if the
link seems to come up, you will see repeated configure
@@ -6637,7 +6641,7 @@ set dfilter 3 permit 0/0 0/0</programlisting>
everything until the queue is run (usually, sendmail is
run with <option>-bd -q30m</option>, telling it to run
the queue every 30 minutes) or until a <command>sendmail
- <option>-q</option></command> is done (perhaps from your
+ <option>-q</option></command> is done (perhaps from your
<filename>ppp.linkup</filename>).</para>
</answer>
</qandaentry>
@@ -7027,7 +7031,7 @@ ATDT1234567</programlisting>
<para>This section answers common questions about serial
communications with &os;. PPP is covered in the <link
- linkend="networking">Networking</link> section.</para>
+ linkend="networking">Networking</link> section.</para>
<qandaset>
<qandaentry>
@@ -7471,7 +7475,7 @@ hint.sio.7.irq="12"</programlisting>
<answer>
<para>He does not have one, and is just called <quote>the BSD
- daemon</quote>. If you insist upon using a name, call him
+ daemon</quote>. If you insist upon using a name, call him
<quote>beastie</quote>. Note that <quote>beastie</quote> is
pronounced <quote>BSD</quote>.</para>
@@ -7545,7 +7549,7 @@ hint.sio.7.irq="12"</programlisting>
long argument about whether &man.sleep.1; should take
fractional second arguments, &a.phk; posted a long message
entitled <quote><ulink
- url="http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=506636+517178+/usr/local/www/db/text/1999/freebsd-hackers/19991003.freebsd-hackers">A bike shed (any color will do) on greener grass...</ulink></quote>.
+ url="http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=506636+517178+/usr/local/www/db/text/1999/freebsd-hackers/19991003.freebsd-hackers">A bike shed (any color will do) on greener grass...</ulink></quote>.
The appropriate portions of that message are quoted
below.</para>
@@ -7559,11 +7563,11 @@ hint.sio.7.irq="12"</programlisting>
<para>It is a long story, or rather it is an old story, but
it is quite short actually. C. Northcote Parkinson wrote
a book in the early 1960s, called <quote>Parkinson's
- Law</quote>, which contains a lot of insight into the
+ Law</quote>, which contains a lot of insight into the
dynamics of management.</para>
<para><emphasis>[snip a bit of commentary on the
- book]</emphasis></para>
+ book]</emphasis></para>
<para>In the specific example involving the bike shed, the
other vital component is an atomic power-plant, I guess
@@ -7592,10 +7596,10 @@ hint.sio.7.irq="12"</programlisting>
<emphasis>here</emphasis>.</para>
<para>In Denmark we call it <quote>setting your
- fingerprint</quote>. It is about personal pride and
+ fingerprint</quote>. It is about personal pride and
prestige, it is about being able to point somewhere and
say <quote>There! <emphasis>I</emphasis> did
- that.</quote> It is a strong trait in politicians, but
+ that.</quote> It is a strong trait in politicians, but
present in most people given the chance. Just think about
footsteps in wet cement.</para>
</blockquote>
@@ -7697,7 +7701,7 @@ hint.sio.7.irq="12"</programlisting>
<para>Three to submit PRs about it, one of which is misfiled
under doc and consists only of <quote>it's
- dark</quote>;</para>
+ dark</quote>;</para>
<para>One to commit an untested lightbulb which breaks
buildworld, then back it out five minutes later;</para>
@@ -7759,8 +7763,8 @@ hint.sio.7.irq="12"</programlisting>
-chat and unsubscribe in protest;</para>
<para>Thirteen to post <quote>unsubscribe</quote>, <quote>How
- do I unsubscribe?</quote>, or <quote>Please remove me from
- the list</quote>, followed by the usual footer;</para>
+ do I unsubscribe?</quote>, or <quote>Please remove me from
+ the list</quote>, followed by the usual footer;</para>
<para>One to commit a working lightbulb while everybody is too
busy flaming everybody else to notice;</para>
@@ -7774,7 +7778,7 @@ hint.sio.7.irq="12"</programlisting>
fairings;</para>
<para>Nine (including the PR originators) to ask <quote>what
- is MFC?</quote>;</para>
+ is MFC?</quote>;</para>
<para>Fifty-seven to complain about the lights being out two
weeks after the bulb has been changed.</para>
@@ -7782,18 +7786,18 @@ hint.sio.7.irq="12"</programlisting>
<para><emphasis>&a.nik; adds:</emphasis></para>
<para><emphasis>I was laughing quite hard at
- this.</emphasis></para>
+ this.</emphasis></para>
<para><emphasis>And then I thought, <quote>Hang on, shouldn't
- there be '1 to document it.' in that list
- somewhere?</quote></emphasis></para>
+ there be '1 to document it.' in that list
+ somewhere?</quote></emphasis></para>
<para><emphasis>And then I was enlightened
- :-)</emphasis></para>
+ :-)</emphasis></para>
<para><emphasis>&a.tabthorpe;</emphasis> says: <quote>None,
- <emphasis>real</emphasis> &os; hackers are not afraid of the
- dark!</quote></para>
+ <emphasis>real</emphasis> &os; hackers are not afraid of the
+ dark!</quote></para>
</answer>
</qandaentry>
@@ -7934,7 +7938,7 @@ hint.sio.7.irq="12"</programlisting>
<para><literal>HEAD</literal> is not an actual branch tag,
like the others; it is simply a symbolic constant for
<quote><emphasis>the current, non-branched development
- stream</emphasis></quote> which we simply refer to as
+ stream</emphasis></quote> which we simply refer to as
<emphasis>-CURRENT</emphasis>.</para>
<para>Right now, <emphasis>-CURRENT</emphasis> is the
@@ -8126,7 +8130,7 @@ panic: page fault</programlisting>
it recover the crash dump to another directory where you
have more room. It is possible to limit the size of the
crash dump by using <literal>options
- MAXMEM=<replaceable>N</replaceable></literal> where
+ MAXMEM=<replaceable>N</replaceable></literal> where
<replaceable>N</replaceable> is the size of kernel's
memory usage in KBs. For example, if you have 1 GB
of RAM, you can limit the kernel's memory usage to
diff --git a/en_US.ISO8859-1/books/handbook/basics/chapter.xml b/en_US.ISO8859-1/books/handbook/basics/chapter.xml
index f00c1cc8f4..ef4171b7be 100644
--- a/en_US.ISO8859-1/books/handbook/basics/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/basics/chapter.xml
@@ -606,7 +606,7 @@ total 530
<programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting>
- <para>Several file flags may only added or removed by the
+ <para>Several file flags may only be added or removed by the
<username>root</username> user. In other cases, the file
owner may set its file flags. Refer to &man.chflags.1; and
&man.chflags.2; for more information.</para>
@@ -1401,8 +1401,8 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<firstterm>partitions</firstterm>, which are represented as
letters from <literal>a</literal> to <literal>h</literal>. This
letter is appended to the device name, so
- <quote>da0<emphasis>a</emphasis></quote> is the a partition on
- the first da drive, which is <quote>dangerously
+ <quote>da0<emphasis>a</emphasis></quote> is the <literal>a</literal> partition on
+ the first <literal>da</literal> drive, which is <quote>dangerously
dedicated</quote>. <quote>ad1s3<emphasis>e</emphasis></quote> is
the fifth partition in the third slice of the second IDE disk
drive.</para>
@@ -1869,7 +1869,6 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
298 p0 Ss 0:01.10 tcsh
7078 p0 S 2:40.88 xemacs mdoc.xsl (xemacs-21.1.14)
37393 p0 I 0:03.11 xemacs freebsd.dsl (xemacs-21.1.14)
-48630 p0 S 2:50.89 /usr/local/lib/netscape-linux/navigator-linux-4.77.bi
72210 p0 R+ 0:00.00 ps
390 p1 Is 0:01.14 tcsh
7059 p2 Is+ 1:36.18 /usr/local/bin/mutt -y
@@ -1922,7 +1921,6 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
7078 nik 2 0 15280K 10960K select 2:54 0.88% 0.88% xemacs-21.1.14
281 nik 2 0 18636K 7112K select 5:36 0.73% 0.73% XF86_SVGA
296 nik 2 0 3240K 1644K select 0:12 0.05% 0.05% xterm
-48630 nik 2 0 29816K 9148K select 3:18 0.00% 0.00% navigator-linu
175 root 2 0 924K 252K select 1:41 0.00% 0.00% syslogd
7059 nik 2 0 7260K 4644K poll 1:38 0.00% 0.00% mutt
...</screen>
@@ -1944,9 +1942,9 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
columns: one for total size and one for resident size. Total
size is how much memory the application has needed and the
resident size is how much it is actually using at the moment.
- In this example, <application>&netscape;</application> has
- required almost 30 MB of RAM, but is currently only using
- 9 MB.</para>
+ In this example, <application>mutt</application> has
+ required almost 8 MB of RAM, but is currently only using
+ 5 MB.</para>
<para>&man.top.1; automatically updates the display every two
seconds. A different interval can be specified with
diff --git a/en_US.ISO8859-1/books/handbook/book.xml b/en_US.ISO8859-1/books/handbook/book.xml
index 31559d5a4a..33ae587894 100644
--- a/en_US.ISO8859-1/books/handbook/book.xml
+++ b/en_US.ISO8859-1/books/handbook/book.xml
@@ -68,7 +68,6 @@
&tm-attrib.m-systems;
&tm-attrib.macromedia;
&tm-attrib.microsoft;
- &tm-attrib.netscape;
&tm-attrib.nexthop;
&tm-attrib.opengroup;
&tm-attrib.oracle;
diff --git a/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml b/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml
index 22ae2e6433..a7160bfae3 100644
--- a/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml
@@ -2542,7 +2542,7 @@ Script done, …</screen>
<screen>&prompt.root; <userinput>diff /etc/shells /var/tmp/root/etc/shells</userinput></screen>
<para>This command will show the differences between the
- existing <filename>/etc/shells</filename>and the new
+ existing <filename>/etc/shells</filename> and the new
<filename>/var/tmp/root/etc/shells</filename>. Review the
differences to decide whether to merge in custom changes
or to replace the existing file with the new one.</para>
diff --git a/en_US.ISO8859-1/books/handbook/disks/chapter.xml b/en_US.ISO8859-1/books/handbook/disks/chapter.xml
index 65a7b3f721..56996b94d2 100644
--- a/en_US.ISO8859-1/books/handbook/disks/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/disks/chapter.xml
@@ -4152,9 +4152,7 @@ Device 1K-blocks Used Avail Capacity
before actually storing the data. The data on the
remote node will be stored directly after sending the
acknowledgement. This mode is intended to reduce
- latency, but still provides very good reliability. The
- <emphasis>memsync</emphasis> replication mode is
- currently not implemented.</para>
+ latency, but still provides very good reliability.</para>
</listitem>
<listitem>
@@ -4170,16 +4168,9 @@ Device 1K-blocks Used Avail Capacity
as completed when local write completes. This is the
fastest and the most dangerous replication mode. It
should be used when replicating to a distant node where
- latency is too high for other modes. The
- <emphasis>async</emphasis> replication mode is currently
- not implemented.</para>
+ latency is too high for other modes.</para>
</listitem>
</itemizedlist>
-
- <warning>
- <para>Only the <emphasis>fullsync</emphasis> replication
- mode is currently supported.</para>
- </warning>
</sect3>
</sect2>
diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
index 1a1981fa35..f7867afa2b 100644
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
@@ -433,7 +433,7 @@ pflog_flags="" # additional flags for pflogd startup</programli
functionality:</para>
<programlisting>options ALTQ
-options ALTQ_CBQ # Class Bases Queuing (CBQ)
+options ALTQ_CBQ # Class Based Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
diff --git a/en_US.ISO8859-1/books/handbook/install/chapter.xml b/en_US.ISO8859-1/books/handbook/install/chapter.xml
index bbdf7cc3a8..499bff5f43 100644
--- a/en_US.ISO8859-1/books/handbook/install/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/install/chapter.xml
@@ -4502,7 +4502,7 @@ Please press any key to reboot.</screen>
<para>That directory will normally contain the following images:</para>
<table frame="none">
- <title>&os; 8.<replaceable>X</replaceable>
+ <title>&os;
ISO Image Names and Meanings</title>
<tgroup cols="2">
@@ -4559,7 +4559,7 @@ Please press any key to reboot.</screen>
<entry>A CD image with as many third-party packages
as would fit on the disc. This image is not
- available for &os; 8.<replaceable>X</replaceable>.</entry>
+ available for &os; 9.<replaceable>X</replaceable>.</entry>
</row>
<row>
@@ -4567,14 +4567,7 @@ Please press any key to reboot.</screen>
<entry>Another CD image with as many third-party
packages as would fit on the disc. This image is
- not available for &os; 8.<replaceable>X</replaceable>.</entry>
- </row>
-
- <row>
- <entry><filename>&os;-<replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-docs.iso</filename></entry>
-
- <entry>The &os; documentation. This image is
- not available for &os; 8.<replaceable>X</replaceable>.</entry>
+ not available for &os; 9.<replaceable>X</replaceable>.</entry>
</row>
<row>
diff --git a/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml b/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml
index afa565509c..409c4ce7cf 100644
--- a/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml
@@ -1749,6 +1749,15 @@ usr.bin/</programlisting>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>RELENG_9_1</term>
+
+ <listitem>
+ <para>The release branch for &os;-9.1, used only for
+ security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_9_0</term>
@@ -1767,6 +1776,15 @@ usr.bin/</programlisting>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>RELENG_8_4</term>
+
+ <listitem>
+ <para>The release branch for &os;-8.4, used only for
+ security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_8_3</term>
@@ -2105,6 +2123,14 @@ usr.bin/</programlisting>
is not tagged with any special name for releases.</para>
<variablelist>
+ <varlistentry>
+ <term>RELENG_9_1_0_RELEASE</term>
+
+ <listitem>
+ <para>&os; 9.1</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_9_0_0_RELEASE</term>
diff --git a/en_US.ISO8859-1/books/handbook/ports/chapter.xml b/en_US.ISO8859-1/books/handbook/ports/chapter.xml
index 29f63e6902..99652c5c74 100644
--- a/en_US.ISO8859-1/books/handbook/ports/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/ports/chapter.xml
@@ -204,7 +204,7 @@
related to the application or install <filename
role="package">ports-mgmt/portaudit</filename>. Once
installed, type <command>portaudit -F -a</command> to check
- all installed applications for known vulnerabilities</para>
+ all installed applications for known vulnerabilities.</para>
</warning>
<para>The remainder of this chapter explains how to use packages
@@ -279,7 +279,7 @@ lsof: /usr/ports/sysutils/lsof</screen>
<maketarget>search</maketarget>
name=<replaceable>program-name</replaceable></command>
where <replaceable>program-name</replaceable> is the name of
- the software. For example,to search for
+ the software. For example, to search for
<command>lsof</command>:</para>
<screen>&prompt.root; <userinput>cd /usr/ports</userinput>
@@ -977,9 +977,8 @@ Deinstalling ca_root_nss-3.13.5... done</screen>
is <application>Portsnap</application>. Users requiring local
customization of ports (that is, maintaining additional local
patches) will probably prefer to use Subversion directly. The
- <application>CVSup</application> service is being phased out
- as of February 28, 2013, and further use is
- discouraged.</para>
+ <application>CVSup</application> service was phased out
+ as of February 28, 2013.</para>
</warning>
<sect2 id="ports-tree">
@@ -1293,7 +1292,7 @@ Deinstalling ca_root_nss-3.13.5... done</screen>
up-to-date Ports Collection and check <ulink
url="http://vuxml.freebsd.org/"></ulink> for security
issues related to your port. If <filename
- role="package">ports-mgmt/portaudit</filename>) is
+ role="package">ports-mgmt/portaudit</filename> is
installed, run <command>portaudit -F</command> before
installing a new port, to fetch the current vulnerabilities
database. A security audit and an update of the database
@@ -1454,8 +1453,9 @@ Deinstalling ca_root_nss-3.13.5... done</screen>
depends on libraries or other ports, this will
<emphasis>not</emphasis> fetch the distfiles of ports
from another category. Use
- <command>make<maketarget>fetch-recursive</maketarget>
- <maketarget>fetch</maketarget></command> to fetch
+ <command>make
+ <maketarget>fetch-recursive</maketarget></command>
+ to fetch
all the dependencies of a port.</para>
<note>
@@ -1784,9 +1784,7 @@ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ fetch</userinput></screen>
<para><filename
role="package">ports-mgmt/pkg_cutleaves</filename> automates
the task of removing installed ports that are no longer
- needed.
-
- port.</para>
+ needed.</para>
</sect2>
</sect1>
diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.xml b/en_US.ISO8859-1/books/handbook/security/chapter.xml
index 99223339db..0beccf251e 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1084,8 +1084,9 @@
<title>Recognizing Your Crypt Mechanism</title>
<para>Currently the library supports DES, MD5, Blowfish, SHA256,
- and SHA512 hash functions. By default &os; uses MD5 to
- encrypt passwords.</para>
+ and SHA512 hash functions. By default &os; 9.1 and later
+ uses SHA512 to encrypt passwords. Older versions use MD5 by
+ default.</para>
<para>It is pretty easy to identify which encryption method &os;
is set up to use. Examining the encrypted passwords in the
diff --git a/en_US.ISO8859-1/books/handbook/x11/chapter.xml b/en_US.ISO8859-1/books/handbook/x11/chapter.xml
index c6a5d19166..bfd3ae1ec0 100644
--- a/en_US.ISO8859-1/books/handbook/x11/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/x11/chapter.xml
@@ -824,7 +824,7 @@ EndSection</programlisting>
<para>The default fonts that ship with X11 are less than ideal
for typical desktop publishing applications. Large
presentation fonts show up jagged and unprofessional looking,
- and small fonts in <application>&netscape;</application> are
+ and small fonts are
almost completely unintelligible. However, there are several
free, high quality Type1 (&postscript;) fonts available which
can be readily used with X11. For instance, the URW font
@@ -921,9 +921,8 @@ EndSection</programlisting>
<para>or add a <literal>FontPath</literal> line to the
<filename>xorg.conf</filename> file.</para>
- <para>That's it. Now <application>&netscape;</application>,
- <application>Gimp</application>,
- <application>&staroffice;</application>, and all of the
+ <para>That's it. Now <application>Gimp</application>,
+ <application>Apache OpenOffice</application>, and all of the
other X applications should now recognize the installed
&truetype; fonts. Extremely small fonts (as with text in a
high resolution display on a web page) and extremely large
diff --git a/en_US.ISO8859-1/books/porters-handbook/book.xml b/en_US.ISO8859-1/books/porters-handbook/book.xml
index c6d652470f..f71209149c 100644
--- a/en_US.ISO8859-1/books/porters-handbook/book.xml
+++ b/en_US.ISO8859-1/books/porters-handbook/book.xml
@@ -3796,10 +3796,10 @@ ALWAYS_KEEP_DISTFILES= yes
<sect2 id="uses">
<title><makevar>USES</makevar></title>
- <para>There several parameters exist for defining different kind
- of features and dependencies that the port in question uses.
- They can be specified by adding the following line to the
- <filename>Makefile</filename> of the port:</para>
+ <para>There several parameters exist for defining different
+ kind of features and dependencies that the port in question
+ uses. They can be specified by adding the following line to
+ the <filename>Makefile</filename> of the port:</para>
<programlisting>USES= feature[:arguments]</programlisting>
@@ -3807,8 +3807,8 @@ ALWAYS_KEEP_DISTFILES= yes
linkend="uses-values"/>.</para>
<warning>
- <para><makevar>USES</makevar> cannot be assigned after inclusion of
- <filename>bsd.port.pre.mk</filename>.</para>
+ <para><makevar>USES</makevar> cannot be assigned after
+ inclusion of <filename>bsd.port.pre.mk</filename>.</para>
</warning>
</sect2>
@@ -4464,7 +4464,7 @@ OPTIONS_SINGLE_SG1= OPT3 OPT4</programlisting>
choices, where none or only one choice from each group
is allowed:</para>
- <programlisting>OPTIONS_RADIO= RG1
+ <programlisting>OPTIONS_RADIO= RG1
OPTIONS_RADIO_RG1= OPT7 OPT8</programlisting>
<para><makevar>OPTIONS</makevar> can also be grouped as
@@ -4527,7 +4527,9 @@ RUN_DEPENDS+= bar:${PORTSDIR}/bar/bar
</example>
<example id ="ports-options-check-unset">
- <title>Check for Unset Port <makevar>OPTIONS</makevar></title>
+ <title>Check for Unset Port
+ <makevar>OPTIONS</makevar></title>
+
<programlisting>.if ! ${PORT_OPTIONS:MEXAMPLES}
CONFIGURE_ARGS+=--without-examples
.endif</programlisting>
@@ -4580,30 +4582,37 @@ CONFIGURE_ARGS+= --without-examples
<sect3>
<title>Default Options</title>
- <para>The following options are always on by default.</para>
- <itemizedlist>
+
+ <para>The following options are always on by default.</para>
+
+ <itemizedlist>
<listitem>
<para><literal>DOCS</literal> — build and install
documentation.</para>
</listitem>
+
<listitem>
<para><literal>NLS</literal> — Native Language
Support.</para>
- </listitem>
- <listitem>
- <para><literal>EXAMPLES</literal> — build and install
- examples.</para>
</listitem>
+
<listitem>
- <para><literal>IPV6</literal> — IPv6 protocol support.</para>
+ <para><literal>EXAMPLES</literal> — build and
+ install examples.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>IPV6</literal> — IPv6 protocol
+ support.</para>
</listitem>
</itemizedlist>
+
<note>
<para>There is no need to add these to
- <makevar>OPTIONS_DEFAULT</makevar>. To have them show up
- in the options selection dialog, however, they must be added
- to <makevar>OPTIONS_DEFINE</makevar>.</para>
- </note>
+ <makevar>OPTIONS_DEFAULT</makevar>. To have them show
+ up in the options selection dialog, however, they must
+ be added to <makevar>OPTIONS_DEFINE</makevar>.</para>
+ </note>
</sect3>
</sect2>
@@ -4884,7 +4893,7 @@ PORTVERSION= 1.0</programlisting>
<programlisting>post-install:
${MKDIR} ${EXAMPLESDIR}
- (cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${EXAMPLESDIR})</programlisting>
+ (cd ${WRKSRC}/examples && ${COPYTREE_SHARE} . ${EXAMPLESDIR})</programlisting>
<para>This example will install the contents of
<filename>examples</filename> directory in the vendor
@@ -4893,7 +4902,7 @@ PORTVERSION= 1.0</programlisting>
<programlisting>post-install:
${MKDIR} ${DATADIR}/summer
- (cd ${WRKSRC}/temperatures/ && ${COPYTREE_SHARE} "June July August" ${DATADIR}/summer/)</programlisting>
+ (cd ${WRKSRC}/temperatures && ${COPYTREE_SHARE} "June July August" ${DATADIR}/summer)</programlisting>
<para>And this example will install the data of summer months
to the <filename>summer</filename> subdirectory of a
@@ -4907,8 +4916,8 @@ PORTVERSION= 1.0</programlisting>
<programlisting>post-install:
${MKDIR} ${EXAMPLESDIR}
- (cd ${WRKSRC}/examples/ && \
- ${COPYTREE_SHARE} \* ${EXAMPLESDIR} "! -name Makefile")</programlisting>
+ (cd ${WRKSRC}/examples && \
+ ${COPYTREE_SHARE} . ${EXAMPLESDIR} "! -name Makefile")</programlisting>
<para>Note that these macros does not add the installed files
to <filename>pkg-plist</filename>. You still need to list
@@ -4979,13 +4988,14 @@ PORTVERSION= 1.0</programlisting>
</itemizedlist>
<note>
- <para>The <literal>DOCS</literal> option only controls additional
- documentation installed in <makevar>DOCSDIR</makevar>. It
- does not apply to standard man pages and info pages.
- Things installed in <makevar>DATADIR</makevar> and
+ <para>The <literal>DOCS</literal> option only controls
+ additional documentation installed in
+ <makevar>DOCSDIR</makevar>. It does not apply to standard
+ man pages and info pages. Things installed in
+ <makevar>DATADIR</makevar> and
<makevar>EXAMPLESDIR</makevar> are controlled by
- <literal>DATA</literal> and
- <literal>EXAMPLES</literal> options, respectively.</para>
+ <literal>DATA</literal> and <literal>EXAMPLES</literal>
+ options, respectively.</para>
</note>
<para>These variables are exported to
@@ -5019,14 +5029,13 @@ PORTVERSION= 1.0</programlisting>
is listed in <makevar>PORTDOCS</makevar> or matched by a
glob pattern from this variable, the entire subtree of
contained files and directories will be registered in the
- final packing list. If the <literal>DOCS</literal> option has
- been unset then files and directories listed in
- <makevar>PORTDOCS</makevar> would not be installed
- or added to port packing list. Installing the
- documentation at <makevar>PORTDOCS</makevar> as shown above
- remains up to the port itself. A typical example of
- utilizing <makevar>PORTDOCS</makevar> looks as
- follows:</para>
+ final packing list. If the <literal>DOCS</literal> option
+ has been unset then files and directories listed in
+ <makevar>PORTDOCS</makevar> would not be installed or added
+ to port packing list. Installing the documentation at
+ <makevar>PORTDOCS</makevar> as shown above remains up to the
+ port itself. A typical example of utilizing
+ <makevar>PORTDOCS</makevar> looks as follows:</para>
<programlisting>PORTDOCS= README.* ChangeLog docs/*</programlisting>
@@ -5419,6 +5428,110 @@ IGNORE= may not be redistributed because of licensing reasons. Please visit <rep
</table>
</sect2>
+ <sect2 id="using-cmake">
+ <title>Using <command>cmake</command></title>
+
+ <para>For ports that use <application>CMake</application>,
+ define <literal>USES= cmake</literal>, or
+ <literal>USES= cmake:outsource</literal> to build in a
+ separate directory (see below).</para>
+
+ <table frame="none">
+ <title>Variables for Ports That Use
+ <command>cmake</command></title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>CMAKE_ARGS</makevar></entry>
+ <entry>Port specific <application>CMake</application>
+ flags to be passed to the <command>cmake</command>
+ binary.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CMAKE_BUILD_TYPE</makevar></entry>
+ <entry>Type of build (<application>CMake</application>
+ predefined build profiles). Default is
+ <literal>Release</literal>, or
+ <literal>Debug</literal> if
+ <makevar>WITH_DEBUG</makevar> is set.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CMAKE_ENV</makevar></entry>
+ <entry>Environment variables to be set for
+ <command>cmake</command> binary. Default is
+ <literal>${CONFIGURE_ENV}</literal>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CMAKE_SOURCE_PATH</makevar></entry>
+ <entry>Path to the source directory. Default is
+ <literal>${WRKSRC}</literal>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para><application>CMake</application> supports the following
+ build profiles: <literal>Debug</literal>,
+ <literal>Release</literal>,
+ <literal>RelWithDebInfo</literal> and
+ <literal>MinSizeRel</literal>. <literal>Debug</literal> and
+ <literal>Release</literal> profiles respect system
+ <literal>*FLAGS</literal>, <literal>RelWithDebInfo</literal>
+ and <literal>MinSizeRel</literal> will set
+ <makevar>CFLAGS</makevar> to <literal>-O2 -g</literal> and
+ <literal>-Os -DNDEBUG</literal> correspondingly. The
+ lower-cased value of <makevar>CMAKE_BUILD_TYPE</makevar> is
+ exported to the <makevar>PLIST_SUB</makevar> and should be
+ used if port installs <literal>*.cmake</literal> files
+ depending on the build type (see <filename
+ role="package">deskutils/strigi</filename> for an
+ example). Please note that some projects may define their
+ own build profiles and/or force particular build type by
+ setting <literal>CMAKE_BUILD_TYPE</literal> in
+ <filename>CMakeLists.txt </filename> files. In order to
+ make a port for such a project respect
+ <makevar>CFLAGS</makevar> and <makevar>WITH_DEBUG</makevar>,
+ the <literal>CMAKE_BUILD_TYPE</literal> definitions must be
+ removed from those files.</para>
+
+ <para>Most <application>CMake</application>-based projects
+ support an out-of-source method of building. The
+ out-of-source build for a port can be requested by using the
+ <literal>:outsource</literal> suffix. When enabled,
+ <makevar>CONFIGURE_WRKSRC</makevar>,
+ <makevar>BUILD_WRKSRC</makevar> and
+ <makevar>INSTALL_WRKSRC</makevar> will be set to
+ <literal>${WRKDIR}/.build</literal> and this
+ directory will be used to keep all files generated during
+ configuration and build stages, leaving the source directory
+ intact.</para>
+
+ <example id="using-cmake-example">
+ <title><literal>USES= cmake</literal> Example</title>
+
+ <para>The following snippet demonstrates the use of
+ <application>CMake</application> for a port.
+ <makevar>CMAKE_SOURCE_PATH</makevar> is not usually
+ required, but can be set when the sources are not located
+ in the top directory, or if only a subset of the project
+ is intended to be built by the port.</para>
+
+ <programlisting>USES= cmake:outsource
+CMAKE_SOURCE_PATH= ${WRKSRC}/subproject</programlisting>
+ </example>
+ </sect2>
+
<sect2 id="using-scons">
<title>Using <command>scons</command></title>
@@ -5809,13 +5922,15 @@ PLIST_SUB+= NLS="@comment "
reside under
<filename><makevar>LOCALBASE</makevar>/share/locale</filename>,
should rarely be created and removed by a port. The most
+
popular languages have their respective directories listed
- in <filename><makevar>PORTSDIR</makevar>/Templates/BSD.local.dist</filename>.
+ in
+ <filename><makevar>PORTSDIR</makevar>/Templates/BSD.local.dist</filename>.
The directories for many other languages are governed by the
<filename role="package">devel/gettext</filename> port.
- Consult its <filename>pkg-plist</filename> and see
- whether the port is going to install a message catalog file
- for a unique language.</para>
+ Consult its <filename>pkg-plist</filename> and see whether
+ the port is going to install a message catalog file for a
+ unique language.</para>
</sect2>
</sect1>
@@ -6733,7 +6848,7 @@ do-configure:
<literal>_run</literal> suffixes can be used to force
components dependency type (e.g.,
<literal>baseapps_run</literal>). If no suffix is set, a
- default dependency type will be used. If you want to force
+ default dependency type will be used. If you want to force
both types, add the component twice with both suffixes
(e.g., <literal>automoc4_build automoc4_run</literal>). The
most commonly used components are listed below (up-to-date
@@ -6899,9 +7014,10 @@ do-configure:
<title><makevar>USE_KDE4</makevar> Example</title>
<para>This is a simple example for a KDE 4 port.
- <makevar>USE_CMAKE</makevar> instructs the port to utilize
- <application>CMake</application> — configuration
- tool widely spread among KDE 4 projects.
+ <literal>USES= cmake:outsource</literal> instructs the
+ port to utilize <application>CMake</application>, a
+ configuration tool widely used by KDE 4 projects (see
+ <xref linkend="using-cmake"/> for detailed usage).
<makevar>USE_KDE4</makevar> brings dependency on KDE
libraries and makes port using
<command>automoc4</command> at build stage.
@@ -6912,7 +7028,7 @@ do-configure:
Qt 4 components, they should be specified in
<makevar>USE_QT4</makevar>.</para>
- <programlisting>USE_CMAKE= yes
+ <programlisting>USES= cmake:outsource
USE_KDE4= kdelibs kdeprefix automoc4
USE_QT4= moc_build qmake_build rcc_build uic_build</programlisting>
</example>
@@ -10514,7 +10630,8 @@ as .putsy.conf and edit it.</programlisting>
<literal>portsmon</literal>). This system attempts to classify
port PRs by portname. To search for PRs about a particular
port, use the <ulink
- url="http://portsmon.FreeBSD.org/portoverview.py">Overview of One Port</ulink>.</para>
+ url="http://portsmon.FreeBSD.org/portoverview.py">Overview of
+ One Port</ulink>.</para>
<para>If there is no pending PR, the next step is to send an email
to the port's maintainer, as shown by <command>make
@@ -10614,13 +10731,13 @@ as .putsy.conf and edit it.</programlisting>
<sect1 id="svn-diff">
<title>Using <literal>SVN</literal> to Make Patches</title>
- <para>If you can, please submit a &man.svn.1; diff — they are
- easier to handle than diffs between <quote>new and old</quote>
- directories. Plus it is easier for you to see what you have
- changed and to update your diff if something is modified in
- the Ports Collection from when you started to work on it until
- you submit your changes, or if the committer asks you to fix
- something.</para>
+ <para>If you can, please submit a &man.svn.1; diff — they
+ are easier to handle than diffs between <quote>new and
+ old</quote> directories. Plus it is easier for you to see
+ what you have changed and to update your diff if something is
+ modified in the Ports Collection from when you started to work
+ on it until you submit your changes, or if the committer asks
+ you to fix something.</para>
<screen>&prompt.user; <userinput>cd ~/my_wrkdir</userinput> <co id="my-wrkdir"/>
&prompt.user; <userinput>svn co <replaceable>https://svn0.us-west.FreeBSD.org</replaceable>/ports/head/dns/pdnsd</userinput> <co id="svn-FreeBSD-org"/>
@@ -15289,6 +15406,19 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
(RELENG_8_3).</entry>
</row>
+ <row>
+ <entry>804000</entry>
+ <entry>March 28, 2013</entry>
+ <entry>releng/8.4 (RELENG_8_4) branch point.</entry>
+ </row>
+
+ <row>
+ <entry>804500</entry>
+ <entry>March 28, 2013</entry>
+ <entry>8.4-STABLE after branching releng/8.4
+ (RELENG_8_4).</entry>
+ </row>
+
<row>
<entry>900000</entry>
<entry>August 22, 2009</entry>
@@ -15699,29 +15829,30 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
<row>
<entry>901501</entry>
<entry>November 11, 2012</entry>
- <entry>9.1-STABLE after LIST_PREV() added to queue.h.</entry>
+ <entry>9.1-STABLE after LIST_PREV() added to
+ queue.h.</entry>
</row>
<row>
<entry>901502</entry>
<entry>November 28, 2012</entry>
- <entry>9.1-STABLE after USB serial jitter buffer requires
- rebuild of USB serial device modules.</entry>
+ <entry>9.1-STABLE after USB serial jitter buffer
+ requires rebuild of USB serial device modules.</entry>
</row>
<row>
<entry>901503</entry>
<entry>February 21, 2013</entry>
- <entry>9.1-STABLE after USB moved to the driver structure
- requiring a rebuild of all USB modules. Also indicates
- the presence of nmtree.</entry>
+ <entry>9.1-STABLE after USB moved to the driver
+ structure requiring a rebuild of all USB modules.
+ Also indicates the presence of nmtree.</entry>
</row>
<row>
<entry>901504</entry>
<entry>March 15, 2013</entry>
- <entry>9.1-STABLE after install gained -l, -M, -N and related
- flags and cat gained the -l option.</entry>
+ <entry>9.1-STABLE after install gained -l, -M, -N and
+ related flags and cat gained the -l option.</entry>
</row>
<row>
@@ -15890,7 +16021,7 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
<entry>October 16, 2012</entry>
<entry>10-CURRENT after the network interface cloning
KPI changed and struct if_clone becoming opaque (rev
- <svnref>241610</svnref>).</entry>
+ <svnref>241610</svnref>).</entry>
</row>
<row>
@@ -15932,21 +16063,21 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
<row>
<entry>1000025</entry>
<entry>November 17, 2012</entry>
- <entry>10-CURRENT after the sin6_scope_id member variable
- in struct sockaddr_in6 was changed to being filled by the
- kernel before passing the structure to the userland via
- sysctl or routing socket. This means the KAME-specific
- embedded scope id in sin6_addr.s6_addr[2] is always
- cleared in userland application (rev
- <svnref>243443</svnref>).</entry>
+ <entry>10-CURRENT after the sin6_scope_id member
+ variable in struct sockaddr_in6 was changed to being
+ filled by the kernel before passing the structure to
+ the userland via sysctl or routing socket. This means
+ the KAME-specific embedded scope id in
+ sin6_addr.s6_addr[2] is always cleared in userland
+ application (rev <svnref>243443</svnref>).</entry>
</row>
<row>
<entry>1000026</entry>
<entry>January 11, 2013</entry>
<entry>10-CURRENT after install gained the -N flag (rev
- <svnref>245313</svnref>). May also be used to indicate
- the presense of nmtree.</entry>
+ <svnref>245313</svnref>). May also be used to
+ indicate the presence of nmtree.</entry>
</row>
<row>
@@ -16048,7 +16179,7 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
<row>
<entry><makevar>LOCALBASE</makevar></entry>
<entry>The base of the <quote>local</quote> tree (e.g.,
- <literal>/usr/local/</literal>)</entry>
+ <literal>/usr/local</literal>)</entry>
</row>
<row>
@@ -16074,8 +16205,7 @@ Reference: <http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-00
<programlisting># no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
-.endif
- </programlisting>
+.endif</programlisting>
<para>You did remember to use tab instead of spaces after
<literal>BROKEN=</literal> and
@@ -16223,12 +16353,12 @@ exec %%LOCALBASE%%/bin/java -jar %%DATADIR%%/foo.jar "$@"</programlisting>
<note>
<para>If building the port errors out with
- <literal>unrecognized option '-pthread'</literal>,
- it may be desirable to use <command>cc</command> as linker by
- setting <makevar>CONFIGURE_ENV</makevar> to
- <literal>LD=${CC}</literal>. The
- <literal>-pthread</literal> option is not supported by
- <command>ld</command> directly.</para>
+ <literal>unrecognized option '-pthread'</literal>, it may be
+ desirable to use <command>cc</command> as linker by setting
+ <makevar>CONFIGURE_ENV</makevar> to
+ <literal>LD=${CC}</literal>. The
+ <literal>-pthread</literal> option is not supported by
+ <command>ld</command> directly.</para>
</note>
</sect1>
@@ -16827,9 +16957,9 @@ pre-install:
release of each port with distfiles that have already been
fetched. However, as the Internet continually changes,
distfiles can quickly go missing. <ulink
- url="http://portscout.FreeBSD.org">Portscout</ulink>, the &os;
- Ports distfile scanner, attempts to query every download site
- for every port to find out if each distfile is still
+ url="http://portscout.FreeBSD.org">Portscout</ulink>, the
+ &os; Ports distfile scanner, attempts to query every download
+ site for every port to find out if each distfile is still
available. <application>Portscout</application> can generate
<acronym>HTML</acronym> reports and send emails about newly
available ports to those who request them. Unless not
diff --git a/en_US.ISO8859-1/books/porters-handbook/uses.xml b/en_US.ISO8859-1/books/porters-handbook/uses.xml
index 905e5b2963..cebb571834 100644
--- a/en_US.ISO8859-1/books/porters-handbook/uses.xml
+++ b/en_US.ISO8859-1/books/porters-handbook/uses.xml
@@ -24,18 +24,28 @@
role="package">devel/bison</filename> in one way or another. By
default, with no arguments or with the <literal>build</literal>
argument, it implies <command>bison</command> as a build-time
- dependency, <literal>run</literal> implies a run-time dependency, and
- <literal>both</literal> implies both run-time and build-time
+ dependency, <literal>run</literal> implies a run-time dependency,
+ and <literal>both</literal> implies both run-time and build-time
dependencies.</entry>
</row>
+<row>
+ <entry><literal>cmake</literal></entry>
+ <entry>none, <literal>outsource</literal></entry>
+
+ <entry>The port will use <application>CMake</application> for
+ configuring and building. With the <literal>outsource</literal>
+ argument, an out-of-source build will be performed. For more
+ information see <xref linkend="using-cmake"/>.</entry>
+</row>
+
<row>
<entry><literal>fuse</literal></entry>
<entry>none</entry>
- <entry>Implies the port will depend on the FUSE library and handle the
- the dependency on the kernel module depending on the version of
- &os;.
- </entry>
+
+ <entry>Implies the port will depend on the FUSE library and handle
+ the the dependency on the kernel module depending on the version
+ of &os;.</entry>
</row>
<row>
@@ -52,10 +62,20 @@
<entry>none, <literal>build</literal>, <literal>run</literal>,
<literal>both</literal>, <literal>vars</literal></entry>
<entry>Implies that the port uses <filename
- role="package">mail/qmail</filename> in one way or another. With
- the <literal>build</literal> argument, it implies <command>qmail</command>
- as a build-time dependency. <literal>run</literal> implies a run-time
- dependency. Using no argument or the <literal>both</literal> argument
- implies both run-time and build-time dependencies. <literal>vars</literal>
+ role="package">mail/qmail</filename> in one way or another.
+ With the <literal>build</literal> argument, it implies
+ <command>qmail</command> as a build-time dependency.
+ <literal>run</literal> implies a run-time dependency. Using no
+ argument or the <literal>both</literal> argument implies both
+ run-time and build-time dependencies. <literal>vars</literal>
will only set QMAIL variables for the port to use.</entry>
</row>
+
+<row>
+ <entry><literal>zenoss</literal></entry>
+ <entry>none</entry>
+ <entry>Implies the port uses <filename
+ role="package">net-mgmt/zenoss</filename> in one way or another,
+ but largely is used for building zenoss related zenpack
+ ports.</entry>
+</row>
diff --git a/en_US.ISO8859-1/htdocs/administration.xml b/en_US.ISO8859-1/htdocs/administration.xml
index 05ad8c7121..82fa56ef41 100644
--- a/en_US.ISO8859-1/htdocs/administration.xml
+++ b/en_US.ISO8859-1/htdocs/administration.xml
@@ -143,7 +143,7 @@
<p>The Primary Release Engineering Team is responsible for setting and
publishing release schedules for official project releases of FreeBSD,
- announcing code freezes and maintaining <code>RELENG_*</code> branches, among other
+ announcing code freezes and maintaining <code>releng/*</code> branches, among other
things. The <a
href="releng/charter.html">release engineering team charter</a>
describes the duties and responsibilities of the Primary Release
@@ -238,14 +238,15 @@
<li>&a.cperciva; <<a href="mailto:cperciva@FreeBSD.org">cperciva@FreeBSD.org</a>> (Officer Emeritus)</li>
<li>&a.csjp; <<a href="mailto:csjp@FreeBSD.org">csjp@FreeBSD.org</a>></li>
<li>&a.delphij; <<a href="mailto:delphij@FreeBSD.org">delphij@FreeBSD.org</a>> (Officer Deputy)</li>
- <li>&a.des; <<a href="mailto:des@FreeBSD.org">des@FreeBSD.org</a>></li>
- <li>&a.gavin; <<a href="mailto:gavin@FreeBSD.org">gavin@FreeBSD.org</a>></li>
+ <li>&a.des; <<a href="mailto:des@FreeBSD.org">des@FreeBSD.org</a>> (Officer)</li>
+ <li>&a.gavin; <<a href="mailto:gavin@FreeBSD.org">gavin@FreeBSD.org</a>> (Core Team Liaison)</li>
+ <li>&a.gnn; <<a href="mailto:gnn@FreeBSD.org">gavin@FreeBSD.org</a>> (Secretary)</li>
<li>&a.jonathan; <<a href="mailto:jonathan@FreeBSD.org">jonathan@FreeBSD.org</a>></li>
<li>&a.philip; <<a href="mailto:philip@FreeBSD.org">philip@FreeBSD.org</a>></li>
<li>&a.remko; <<a href="mailto:remko@FreeBSD.org">remko@FreeBSD.org</a>></li>
<li>&a.rwatson; <<a href="mailto:rwatson@FreeBSD.org">rwatson@FreeBSD.org</a>></li>
<li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>>
- (Officer)</li>
+ (Officer Emeritus)</li>
<li>&a.stas; <<a href="mailto:stas@FreeBSD.org">stas@FreeBSD.org</a>></li>
<li>&a.trasz; <<a href="mailto:trasz@FreeBSD.org">trasz@FreeBSD.org</a>></li>
</ul>
@@ -302,7 +303,7 @@
Team Secretary does not handle Security Officer Team items.</p>
<ul>
- <li>&a.remko; <<a href="mailto:remko@FreeBSD.org">remko@FreeBSD.org</a>></li>
+ <li>&a.gnn; <<a href="mailto:gnn@FreeBSD.org">gnn@FreeBSD.org</a>></li>
</ul>
<hr/>
diff --git a/en_US.ISO8859-1/htdocs/news/2012-compromise.xml b/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
index 0802682ebe..f593509d68 100644
--- a/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
+++ b/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
@@ -62,6 +62,7 @@
<ul>
<li><a href="#announce">Announcement</a></li>
+ <li><a href="#update20130323">Update: 23rd March 2013</a></li>
<li><a href="#update20130303">Update: 3rd March 2013</a></li>
<li><a href="#update20121229">Update: 29th December 2012</a></li>
<li><a href="#update20121127">Update: 27th November 2012</a></li>
@@ -73,6 +74,23 @@
<li><a href="#recommend">Recommendations</a></li>
</ul>
+ <h1><a name="update20130323">Update: March 23rd, 2013</a></h1>
+
+ <p>Port managers have successfully restored some of the Project's
+ binary package building capacity. There are some issues left
+ still to resolve, e.g. how to publish the resulting package sets
+ in a secure manner or how to build packages seamlessly for 8.x and
+ 9.x systems on a recent 10.x system that the head node
+ ("pointyhat") is running, but we are very close to finish with the
+ preparations required for providing binary packages for the
+ upcoming 8.4 and further releases.</p>
+
+ <p>Unless there are any other major changes, this is planned to be
+ the last status update to this page. An email will be sent to
+ the <a href="http://lists.freebsd.org/mailman/listinfo/freebsd-announce">
+ FreeBSD announcements mailing list</a> when the package build
+ infrastructure is online and packages are once again available.</p>
+
<h1><a name="update20130302">Update: March 3rd, 2013</a></h1>
<p>Redports underwent a full security audit, and as a result could
@@ -88,12 +106,6 @@
bringing it up on new hardware. At this point, we expect new
binary packages to be available in 2-4 weeks.</p>
- <p>Unless there are any other major changes, this is planned to be
- the last status update to this page. An email will be sent to
- the <a href="http://lists.freebsd.org/mailman/listinfo/freebsd-announce">
- FreeBSD announcements mailing list</a> when the package build
- infrastructure is online and packages are once again available.</p>
-
<h1><a name="update20121229">Update: December 29th, 2012</a></h1>
<p>With the exception of systems relating to the building and testing
diff --git a/en_US.ISO8859-1/htdocs/ports/Makefile b/en_US.ISO8859-1/htdocs/ports/Makefile
index 4a08d3ecc0..285972b22f 100644
--- a/en_US.ISO8859-1/htdocs/ports/Makefile
+++ b/en_US.ISO8859-1/htdocs/ports/Makefile
@@ -25,7 +25,7 @@ ${INDEX}:
.endif
HOSTNAME!= hostname
-.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org"
+.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org" || ${HOSTNAME} == "build-web.stream.FreeBSD.org"
CLUSTER_MACHINE= YES
.endif
diff --git a/en_US.ISO8859-1/htdocs/releases/8.4R/schedule.xml b/en_US.ISO8859-1/htdocs/releases/8.4R/schedule.xml
index 95e972c8ba..1e6bfbf800 100644
--- a/en_US.ISO8859-1/htdocs/releases/8.4R/schedule.xml
+++ b/en_US.ISO8859-1/htdocs/releases/8.4R/schedule.xml
@@ -56,7 +56,7 @@
<tr>
<td>Code freeze begins</td>
<td>08 March 2013</td>
- <td>-</td>
+ <td>08 March 2013</td>
<td>Release Engineers announce that all further commits to the
stable/8 branch will require explicit approval.
Certain blanket approvals will be granted for narrow areas of
@@ -66,7 +66,7 @@
<tr>
<td>BETA1</td>
<td>20 March 2013</td>
- <td>-</td>
+ <td>22 March 2013</td>
<td>First beta test snapshot.</td>
</tr>
@@ -83,7 +83,7 @@
<tr>
<td>releng/&local.rel; branch</td>
<td>18 March 2013</td>
- <td>-</td>
+ <td>28 March 2013</td>
<td>Subversion branch created, propagated to CVS; future
release engineering proceeds on this branch.</td>
</tr>
@@ -91,7 +91,7 @@
<tr>
<td>RC1</td>
<td>30 March 2013</td>
- <td>-</td>
+ <td>10 April 2013</td>
<td>First release candidate.</td>
</tr>
diff --git a/en_US.ISO8859-1/htdocs/releng/charter.xml b/en_US.ISO8859-1/htdocs/releng/charter.xml
index 88a16f52c4..536b0ddf52 100644
--- a/en_US.ISO8859-1/htdocs/releng/charter.xml
+++ b/en_US.ISO8859-1/htdocs/releng/charter.xml
@@ -29,9 +29,9 @@
change-review committee to decide which changes may be made to a
branch during a code freeze. This includes freezes for HEAD when
approaching a .0 release as well as the traditional
- <tt>RELENG_*</tt> code freeze pending a -STABLE release.</p></li>
+ <tt>releng/*</tt> code freeze pending a -STABLE release.</p></li>
- <li><p>Creation and maintenance of <tt>RELENG_*</tt> branches of the
+ <li><p>Creation and maintenance of <tt>releng/*</tt> branches of the
<tt>src/</tt> tree. This includes final authority over what
commits are made (and remain in) the -STABLE branch prior to the
branching of a release branch.</p></li>
@@ -60,7 +60,7 @@
<li><p>Coordinating with the security officer team to ensure that
pending FreeBSD releases are not affected by recently disclosed
vulnerabilities. Also, approximately 1 week after a release,
- change approval control of release branches (<tt>RELENG_X_Y</tt>)
+ change approval control of release branches (<tt>releng/X.Y/</tt>)
is transfered from the release engineers to the security-officer
team. The exact transfer date is to be worked out by the two
parties once it is clear that the release was a success. A heads
diff --git a/en_US.ISO8859-1/htdocs/security/security.xml b/en_US.ISO8859-1/htdocs/security/security.xml
index 0afd7d6254..c85776e424 100644
--- a/en_US.ISO8859-1/htdocs/security/security.xml
+++ b/en_US.ISO8859-1/htdocs/security/security.xml
@@ -85,10 +85,20 @@
mail alias are currently delivered to:</p>
<table>
+ <tr valign="top">
+ <td>&a.des; <a
+ href="mailto:des@FreeBSD.org"><des@FreeBSD.org></a></td>
+ <td>Security Officer</td>
+ </tr>
+ <tr valign="top">
+ <td>&a.delphij; <a
+ href="mailto:delphij@FreeBSD.org"><delphij@FreeBSD.org></a></td>
+ <td>Deputy Security Officer</td>
+ </tr>
<tr valign="top">
<td>&a.simon; <a
href="mailto:simon@FreeBSD.org"><simon@FreeBSD.org></a></td>
- <td>Security Officer</td>
+ <td>Security Officer Emeritus</td>
</tr>
<tr valign="top">
<td>&a.cperciva; <a
@@ -101,11 +111,6 @@
<td>Release Engineering liaison,<br/>
TrustedBSD Project liaison, system security architecture expert</td>
</tr>
- <tr valign="top">
- <td>&a.delphij; <a
- href="mailto:delphij@FreeBSD.org"><delphij@FreeBSD.org></a></td>
- <td>Deputy Security Officer</td>
- </tr>
</table>
<p>The Security Officer is supported by the <a
@@ -275,13 +280,6 @@
<td>n/a</td>
<td>last release + 2 years</td>
</tr>
- <tr>
- <td>RELENG_9_0</td>
- <td>9.0-RELEASE</td>
- <td>Normal</td>
- <td>January 10, 2012</td>
- <td>March 31, 2013</td>
- </tr>
<tr>
<td>RELENG_9_1</td>
<td>9.1-RELEASE</td>
@@ -474,6 +472,13 @@
<td>February 24, 2011</td>
<td>July 31, 2012</td>
</tr>
+ <tr>
+ <td>RELENG_9_0</td>
+ <td>9.0-RELEASE</td>
+ <td>Normal</td>
+ <td>January 10, 2012</td>
+ <td>March 31, 2013</td>
+ </tr>
</table>
</body>
diff --git a/en_US.ISO8859-1/htdocs/where.xml b/en_US.ISO8859-1/htdocs/where.xml
index 05fea09307..4a88d3f02a 100644
--- a/en_US.ISO8859-1/htdocs/where.xml
+++ b/en_US.ISO8859-1/htdocs/where.xml
@@ -59,7 +59,7 @@
<tr style="text-align: center;">
<td colspan="2">Version & Platform</td>
<td>Distribution</td>
- <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
+ <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
<td>Release<br/>Notes</td>
<td>Hardware<br/>Notes</td>
<td>Installation<br/>Notes</td>
diff --git a/en_US.ISO8859-1/share/xml/release.l10n.ent b/en_US.ISO8859-1/share/xml/release.l10n.ent
index 1878197419..e531408961 100644
--- a/en_US.ISO8859-1/share/xml/release.l10n.ent
+++ b/en_US.ISO8859-1/share/xml/release.l10n.ent
@@ -1,4 +1,6 @@
<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- $FreeBSD$ -->
+
<![%beta2.testing;[
<!ENTITY beta.plural 's'>
]]>
@@ -11,7 +13,7 @@
<tr style="text-align: center;">
<td colspan="2">Version & Platform</td>
<td>Distribution</td>
- <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
+ <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
<td>TODO List</td>
</tr>
</thead>
@@ -27,7 +29,7 @@
</tr>
<tr>
<td></td>
- <td>amd64</td>
+ <td>amd64<br/>(x86-64, x64)</td>
<td><a href="&url.rel;/amd64/amd64/&betarel2.current;-&betarel2.vers;">[Distribution]</a></td>
<td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&betarel2.current;/">[ISO]</a></td>
</tr>
@@ -85,40 +87,48 @@
<tr style="text-align: center;">
<td colspan="2">Version & Platform</td>
<td>Distribution</td>
- <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
- <td>Status page</td>
+ <td title="ISO9660 CD image"><a href="&base;/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
+ <!--<td>Status page</td>-->
</tr>
</thead>
<tbody>
<tr>
<td colspan="2">FreeBSD &betarel.current;-&betarel.vers;</td>
<td colspan="2"></td>
- <td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[View]</a></td>
+ <!--<td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[View]</a></td>-->
</tr>
<tr>
<td></td>
- <td>amd64</td>
- <td><a href="&url.rel;/amd64/amd64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td>amd64<br/>(x86-64, x64)</td>
+ <td><a href="&url.rel;/amd64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>i386</td>
- <td><a href="&url.rel;/i386/i386/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/i386/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/i386/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
+ <tr>
+ <td></td>
+ <td>pc98</td>
+ <td><a href="&url.rel;/pc98/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/pc98/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ </tr>
+ <!--
<tr>
<td></td>
<td>sparc64</td>
- <td><a href="&url.rel;/sparc64/sparc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/sparc64/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/sparc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>powerpc64</td>
- <td><a href="&url.rel;/powerpc/powerpc64/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
- <td><a href="&url.rel;/powerpc/powerpc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/powerpc/&betarel.current;-&betarel.vers;">[Distribution]</a></td>
+ <td><a href="&url.rel;/powerpc/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
+ -->
</tbody>
</table>
diff --git a/ja_JP.eucJP/articles/fbsd-from-scratch/article.xml b/ja_JP.eucJP/articles/fbsd-from-scratch/article.xml
index e2f4733638..e25c4e9760 100644
--- a/ja_JP.eucJP/articles/fbsd-from-scratch/article.xml
+++ b/ja_JP.eucJP/articles/fbsd-from-scratch/article.xml
@@ -431,11 +431,11 @@ Do you wish to delete what is left of /var/tmp/temproot.stage1? [no] <userinput>
</warning>
<programlisting>
-<xi:include href="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_1.conf.default" parse="text"/>
+<xi:include href="stage_1.conf.default" parse="text"/>
</programlisting>
<para>�����������: <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_1.conf.default"><filename>stage_1.conf.default</filename>
+ url="stage_1.conf.default"><filename>stage_1.conf.default</filename>
</ulink>.</para>
<para>���Υ�����ץȤ�¹Ԥ���ȡ�
@@ -539,11 +539,11 @@ news inn-stable CONFIGURE_ARGS="--enable-uucp-rnews --enable-setgid-inews" make
�Ȥ���̾���Υ����ե����뤬��������ޤ���</para>
<programlisting>
-<xi:include href="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_2.conf.default" parse="text"/>
+<xi:include href="stage_2.conf.default" parse="text"/>
</programlisting>
<para>�����������: <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_2.conf.default"><filename>stage_2.conf.default</filename></ulink>.</para>
+ url="stage_2.conf.default"><filename>stage_2.conf.default</filename></ulink>.</para>
</sect1>
<sect1 id="stage3">
@@ -673,36 +673,36 @@ fi
3 �ĤΥե�������ޤ���</para>
<para>����� <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_1.sh"><filename>stage_1.sh</filename></ulink>
+ url="stage_1.sh"><filename>stage_1.sh</filename></ulink>
������ץȤǤ������Ƥ��ѹ�����ɬ�פϤʤ��Ǥ��礦��</para>
<programlisting>
-<xi:include href="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_1.sh" parse="text"/>
+<xi:include href="stage_1.sh" parse="text"/>
</programlisting>
<para>�����������: <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_1.sh"><filename>stage_1.sh</filename></ulink>.</para>
+ url="stage_1.sh"><filename>stage_1.sh</filename></ulink>.</para>
<para>����� <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_2.sh"><filename>stage_2.sh</filename></ulink>
+ url="stage_2.sh"><filename>stage_2.sh</filename></ulink>
������ץȤǤ����ǽ����ʬ�ˤ����ѿ����ѹ����ޤ��礦��</para>
<programlisting>
-<xi:include href="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_2.sh" parse="text"/>
+<xi:include href="stage_2.sh" parse="text"/>
</programlisting>
<para>�����������: <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_2.sh"><filename>stage_2.sh</filename></ulink>.</para>
+ url="stage_2.sh"><filename>stage_2.sh</filename></ulink>.</para>
<para>����ϡ��錄�����ȤäƤ��� <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_3.mk"><filename>stage_3.mk</filename></ulink> �Ǥ���
+ url="stage_3.mk"><filename>stage_3.mk</filename></ulink> �Ǥ���
�����ưŪ�ˤ����ʤ�����μ�����������ޤ���</para>
<programlisting>
-<xi:include href="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_3.mk" parse="text"/>
+<xi:include href="stage_3.mk" parse="text"/>
</programlisting>
<para>�����������: <ulink
- url="../../../en_US.ISO8859-1/articles/fbsd-from-scratch/stage_3.mk"><filename>stage_3.mk</filename></ulink>.</para>
+ url="stage_3.mk"><filename>stage_3.mk</filename></ulink>.</para>
</sect1>
</article>
diff --git a/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml b/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
index 38b4dfd103..192d028849 100644
--- a/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r20104
+ Original revision: r20284
$FreeBSD$
-->
@@ -487,6 +487,139 @@ host2.example.com link#1 UC 0 0
���������̾����Ѥ˴ؤ��ƤϽ�ʬ�Ȥ����ޤ���</para>
</sect2>
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Al</firstname>
+ <surname>Hoang</surname>
+ <contrib>���: </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <!-- Feb 2004 -->
+ <title>��Ū�ʷ�ϩ������</title>
+
+ <sect3>
+ <title>��ư�ˤ���ϩ������</title>
+
+ <para>�ʲ��Τ褦�ʥͥåȥ����¸�ߤ���Ȳ��ꤷ�ޤ���</para>
+
+ <literallayout class="monospaced">
+ INTERNET
+ | (10.0.0.1/24) Default Router to Internet
+ |
+ |Interface xl0
+ |10.0.0.10/24
+ +------+
+ | | RouterA
+ | | (FreeBSD gateway)
+ +------+
+ | Interface xl1
+ | 192.168.1.1/24
+ |
+ +--------------------------------+
+ Internal Net 1 | 192.168.1.2/24
+ |
+ +------+
+ | | RouterB
+ | |
+ +------+
+ | 192.168.2.1/24
+ |
+ Internal Net 2
+ </literallayout>
+
+ <para>���Υ��ʥꥪ�Ǥϡ�&os; �ޥ���� <hostid>RouterA</hostid>
+ �������ͥåȤ˸�����줿�롼���Ȥ���ư��ޤ���
+ �롼���ϳ�¦�Υͥåȥ������³�Ǥ���褦��
+ <hostid role="ipaddr">10.0.0.1</hostid>
+ �ظ������ǥե���ȥ롼�Ȥ��ݻ����Ƥ��ޤ���
+ <hostid>RouterB</hostid> �Ϥ��Ǥ�Ŭ�ڤ����ꤵ��Ƥ��ꡢ
+ �ɤ��ظ�����ɬ�פ����뤫��
+ �Ԥ��夯��ˡ���ΤäƤ���Ȳ��ꤷ�ޤ�
+ (������Ǥϡ��ޤΤ褦�˴�ñ�Ǥ���
+ <hostid role="ipaddr">192.168.1.1</hostid>
+ ���ȥ������Ȥ��� <hostid>RouterB</hostid>
+ �˥ǥե���ȥ롼�Ȥ��ɲä�������Ǥ�)��</para>
+
+ <para><hostid>RouterA</hostid>
+ �Υ롼�ƥ��ơ��֥���ǧ����ȡ�
+ �ʲ��Τ褦�ʽ��Ϥ����ޤ���</para>
+
+ <screen>&prompt.user; <userinput>netstat -nr</userinput>
+Routing tables
+
+Internet:
+Destination Gateway Flags Refs Use Netif Expire
+default 10.0.0.1 UGS 0 49378 xl0
+127.0.0.1 127.0.0.1 UH 0 6 lo0
+10.0.0/24 link#1 UC 0 0 xl0
+192.168.1/24 link#2 UC 0 0 xl1</screen>
+
+ <para>���ߤΥ롼�ƥ��ơ��֥�Ǥϡ�<hostid>RouterA</hostid>
+ �Ϥޤ� Internal Net 2 �ˤ���ã�Ǥ��ʤ��Ǥ��礦��
+ <hostid role="ipaddr">192.168.2.0/24</hostid>
+ �η�ϩ���ݻ����Ƥ��ʤ�����Ǥ���
+ ��褹�뤿��ΰ�Ĥ���ˡ�ϡ���ϩ���ư���ɲä��뤳�ȤǤ���
+ �ʲ��Υ��ޥ�ɤ� <hostid>RouterA</hostid>
+ �Υ롼�ƥ��ơ��֥�� <hostid
+ role="ipaddr">192.168.1.2</hostid>
+ ��������Ȥ��ơ�Internal Net 2 �ͥåȥ�����ɲä��ޤ���</para>
+
+ <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
+
+ <para>����ˤ�ꡢ<hostid>RouterA</hostid> �ϡ�
+ <hostid role="ipaddr">192.168.2.0/24</hostid>
+ �ͥåȥ����Υۥ��Ȥ���ã����ޤ���</para>
+ </sect3>
+
+ <sect3>
+ <title>��³Ū������</title>
+
+ <para>�嵭����ϡ�
+ ��ư���Ƥ��륷���ƥ�����Ū�ʷ�ϩ�����ꤹ����ˡ�Ȥ��Ƥϴ����Ǥ���
+ �������ʤ��顢&os;
+ �ޥ����Ƶ�ư�����ݤ˥롼�ƥ����Ĥ�ʤ��Ȥ������꤬��Ĥ���ޤ���
+ ��Ū�ʷ�ϩ���ɲä���ˤϡ�<filename>/etc/rc.conf</filename>
+ �ե�����˥롼�Ȥ��ɲä��Ƥ���������</para>
+
+ <programlisting># Add Internal Net 2 as a static route
+static_routes="internalnet2"
+route_internalnet2="-net 192.168.2.0/24 192.168.1.2"</programlisting>
+
+ <para><literal>static_routes</literal> �������ѿ��ϡ�
+ ���ڡ����ˤ�ä�ʬΥ�����ʸ����Υꥹ�ȤǤ���
+ ���줾���ʸ����Ϸ�ϩ̾�Ȥ��ƻ��Ȥ���ޤ���
+ �嵭����Ǥ� <literal>static_routes</literal>
+ �ϰ�Ĥ�ʸ����Τߤ�����ޤ���
+ ����ʸ����� <replaceable>internalnet2</replaceable> �Ǥ������θ塢
+ <literal>route_<replaceable>internalnet2</replaceable></literal>
+ �Ȥ��������ѿ����ɲä���
+ &man.route.8; ���ޥ�ɤ�Ϳ���뤹�٤Ƥ�����ѥ�������ꤷ�Ƥ��ޤ���
+ �������Ǥϡ��ʲ��Υ��ޥ��</para>
+
+ <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
+
+ <para>���Ѥ����Τǡ�
+ <literal>"-net 192.168.2.0/24 192.168.1.2"</literal>
+ ��ɬ�פˤʤ�ޤ���</para>
+
+ <para>�嵭�Τ褦�� <literal>static_routes</literal>
+ �ϰ�İʾ��ʸ�������Ĥ��Ȥ������Τǡ�
+ ¿������Ū�ʷ�ϩ���뤳�Ȥ��Ǥ��ޤ���
+ �ʲ��ιԤ� <hostid role="ipaddr">192.168.0.0/24</hostid>
+ ����� <hostid role="ipaddr">192.168.1.0/24</hostid>
+ �ͥåȥ����
+ ���ۥ롼�������Ū�ʷ�ϩ�Ȥ����ɲä�����Ǥ���</para>
+
+ <programlisting>static_routes="net1 net2"
+route_net1="-net 192.168.0.0/24 192.168.0.1"
+route_net2="-net 192.168.1.0/24 192.168.1.1"</programlisting>
+
+ </sect3>
+ </sect2>
+
<sect2>
<title>�롼�ƥ�������</title>
<indexterm><primary>�롼�ƥ�������</primary></indexterm>
@@ -739,16 +872,17 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
&prompt.root; <userinput>sysctl net.link.ether.bridge.config="wi0,xl0"</userinput>
&prompt.root; <userinput>sysctl net.inet.ip.forwarding=1</userinput></screen>
- <para>���ơ�̵�������ɤ����ꤹ��Ȥ��Ǥ���</para>
- <para>���Υ��ޥ�ɤϥ����ɤ������ݥ���ȤȤ������ꤷ�ޤ���</para>
+ <para>���ơ�̵�������ɤ����ꤹ��Ȥ��Ǥ���
+ ���Υ��ޥ�ɤϥ����ɤ������ݥ���ȤȤ������ꤷ�ޤ���</para>
<screen>
-&prompt.root; <userinput>ifconfig wi0 ssid my_net channel 11 media DS/11Mbps mediaopt hostap up stationname "FreeBSD AP"</userinput></screen>
+&prompt.root; <userinput>ifconfig wi0 ssid <replaceable>my_net</replaceable> channel 11 media DS/11Mbps mediaopt hostap up stationname "<replaceable>FreeBSD AP</replaceable>"</userinput>
+ </screen>
<para>���� &man.ifconfig.8; ���ޥ�ɹԤ�
<devicename>wi0</devicename> ���ե������� up
- ���֤ˤ���SSID �� <literal>my_net</literal> �����ꤷ��
- ���ơ������̾�� <literal>FreeBSD AP</literal> �����ꤷ�ޤ���
+ ���֤ˤ���SSID �� <replaceable>my_net</replaceable> �����ꤷ��
+ ���ơ������̾�� <replaceable>FreeBSD AP</replaceable> �����ꤷ�ޤ���
<option>media DS/11Mbps</option> ���ץ����ϥ����ɤ� 11Mbps
�⡼�ɤ����ꤷ���ޤ� <option>mediaopt</option>
��ºݤ�ͭ���ˤ���Τ�ɬ�פǤ���
@@ -757,7 +891,7 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
<option>channel 11</option> ���ץ����ϻ��Ѥ������ͥ��
802.11b �����ꤷ�ޤ���
�Ƶ����ϰ� (regulatory domain) ��ͭ���ʥ���ͥ��ֹ��
- &man.wicontrol.8; �ޥ˥奢��˺ܤäƤ��ޤ���</para>
+ &man.wicontrol.8; �ޥ˥奢��ڡ����˺ܤäƤ��ޤ���</para>
<para>���ơ�
����Ǵ����˵�ǽ���륢�������ݥ���Ȥ�Ω���夬�ꡢư��Ƥ��ޤ���
@@ -817,14 +951,14 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
<para>�����Ϥ�������ˡ�
���ʤ�����³���褦�Ȥ���̵���ͥåȥ���ˤĤ��Ƥ����Ĥ��ΤäƤ����ʤ���Фʤ�ޤ���
- ������Ǥϡ�<literal>my_net</literal>
+ ������Ǥϡ�<replaceable>my_net</replaceable>
�Ȥ���̾���ǰŹ沽��̵���ˤʤäƤ���ͥåȥ������³���褦�Ȥ��Ƥ��ޤ���</para>
- <para>Note: ������ǤϰŹ沽��ԤäƤ��ʤ��ΤǤ�����
+ <note><para>������ǤϰŹ沽��ԤäƤ��ʤ��ΤǤ�����
����ϴ����ʾ����Ǥ���������ǡ��Ź沽��ͭ���ˤ�����ˡ�ȡ�
�ʤ����줬���פǡ�
�Ź浻�Ѥˤ�äƤϴ����ˤϤ��ʤ����ݸ�뤳�Ȥ��Ǥ��ʤ��ΤϤʤ�����
- �Ȥ������Ȥ�ؤ֤Ǥ��礦��</para>
+ �Ȥ������Ȥ�ؤ֤Ǥ��礦��</para></note>
<para>�����ɤ� FreeBSD ��ǧ������Ƥ��뤳�Ȥ��ǧ���Ƥ���������</para>
@@ -840,9 +974,9 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
channel 10 authmode OPEN powersavemode OFF powersavesleep 100
wepmode OFF weptxkey 1</screen>
- <para>����Ǥϡ����Υ����ɤ�ͥåȥ���˹�碌�����ꤷ�ޤ��礦��</para>
+ <para>����Ǥϡ����Υ����ɤ�ͥåȥ���˹�碌�����ꤷ�ޤ��礦��</para>
- <screen>&prompt.root; <userinput>ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_net</userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet <replaceable>192.168.0.20</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>my_net</replaceable></userinput></screen>
<para><hostid role="ipaddr">192.168.0.20</hostid> ��
<hostid role="netmask">255.255.255.0</hostid>
@@ -865,9 +999,9 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
������˰ʲ���ɽ��������Ϥ��Ǥ���</para>
<screen>status: associated</screen>
- <para>�⤷���Τ褦����³����Ƥ����ɽ������ʤ���С�
+ <para>�⤷ <literal>associated</literal> ��ɽ������ʤ���С�
���������ݥ���Ȥ��ϰϳ����⤷��ʤ�����
- �Ź沽��ͭ���ˤʤäƤ��ʤ��Τ��⤷��ʤ�����
+ �Ź沽��ͭ���ˤʤäƤ��뤫�⤷��ʤ�����
�ޤ������������������Ƥ���Τ��⤷��ޤ���</para>
</sect4>
</sect3>
@@ -906,13 +1040,13 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
���Υ��ޥ�ɤ�Ȥäơ����ʤ��ο����� FreeBSD ���������ݥ���Ⱦ��
WEP ��ͭ���ˤ��Ƥ���������</para>
- <screen>&prompt.root; <userinput>ifconfig wi0 inet up ssid my_net wepmode on wepkey 0x1234567890 media DS/11Mbps mediaopt hostap</userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet up ssid <replaceable>my_net</replaceable> wepmode on wepkey <replaceable>0x1234567890</replaceable> media DS/11Mbps mediaopt hostap</userinput></screen>
<para>���饤����ȤˤĤ��Ƥϼ��Υ��ޥ�ɤ� WEP ��ͭ���ˤǤ��ޤ���</para>
- <screen>&prompt.root; <userinput>ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_net wepmode on wepkey 0x1234567890</userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet <replaceable>192.168.0.20</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>my_net</replaceable> wepmode on wepkey <replaceable>0x1234567890</replaceable></userinput></screen>
- <para><literal>0x1234567890</literal>
+ <para><replaceable>0x1234567890</replaceable>
�����ðۤʥ������ѹ����٤��Ǥ��뤳�Ȥ����դ��Ƥ���������</para>
</sect4>
@@ -922,7 +1056,7 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
<para>&man.ipsec.4;
�ϥͥåȥ����Ǹ�蘆���ǡ�����Ź沽���뤿��Ρ�
�Ϥ뤫�˴��Ƕ��Ϥʥġ���Ǥ���
- ����ϥͥåȥ�����̵���ǡ�����Ź沽�������餫�˹��ޤ�����ˡ�Ǥ���
+ �����̵���ͥåȥ����Υǡ�����Ź沽�������餫�˹��ޤ�����ˡ�Ǥ���
�ϥ�ɥ֥å���� <link linkend="ipsec">IPsec</link> ���
&man.ipsec.4; �������ƥ���
����Ӥ��μ�����ˡ�ξܺ٤��ɤळ�Ȥ��Ǥ��ޤ���</para>
@@ -945,7 +1079,7 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
<para><application>bsd-airtools</application> �桼�ƥ���ƥ���
<filename role="package">net/bsd-airtools</filename> port
���饤�ȡ���Ǥ��ޤ���
- ports �Υ��ȡ���˴ؤ������ϥϥ�ɥ֥å���
+ ports �Υ��ȡ���˴ؤ������Ϥ��Υϥ�ɥ֥å���
<xref linkend="ports"/> �Ȥ��Ƥ���������</para>
<para><command>dstumbler</command> �ץ������ϡ�
@@ -963,7 +1097,7 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
</sect4>
<sect4>
- <title><application>wicontrol</application>, <application>ancontrol</application> ����� <application>raycontrol</application> �桼�ƥ���ƥ�</title>
+ <title><command>wicontrol</command>, <command>ancontrol</command> ����� <command>raycontrol</command> �桼�ƥ���ƥ�</title>
<para>�����ϡ�̵���ͥåȥ�����̵�������ɤ��ɤΤ褦��ư��뤫�����椹��ġ���Ǥ���
�嵭����Ǥϡ�̵�������ɤ� <devicename>wi0</devicename>
@@ -975,7 +1109,7 @@ wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
</sect4>
<sect4>
- <title><application>ifconfig</application> ���ޥ��</title>
+ <title><command>ifconfig</command> ���ޥ��</title>
<indexterm><primary>ifconfig</primary></indexterm>
<para>&man.ifconfig.8; �� &man.wicontrol.8;
diff --git a/ja_JP.eucJP/books/handbook/book.xml b/ja_JP.eucJP/books/handbook/book.xml
index ff5d5dbbef..1a73483977 100644
--- a/ja_JP.eucJP/books/handbook/book.xml
+++ b/ja_JP.eucJP/books/handbook/book.xml
@@ -11,7 +11,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r40585
+ Original revision: r41343
$FreeBSD$
-->
@@ -58,7 +58,6 @@
&tm-attrib.adaptec;
&tm-attrib.adobe;
&tm-attrib.apple;
- &tm-attrib.corel;
&tm-attrib.creative;
&tm-attrib.cvsup;
&tm-attrib.heidelberger;
@@ -71,7 +70,6 @@
&tm-attrib.m-systems;
&tm-attrib.macromedia;
&tm-attrib.microsoft;
- &tm-attrib.netscape;
&tm-attrib.nexthop;
&tm-attrib.opengroup;
&tm-attrib.oracle;
diff --git a/ja_JP.eucJP/books/handbook/cutting-edge/chapter.xml b/ja_JP.eucJP/books/handbook/cutting-edge/chapter.xml
index 33574695da..180080dfad 100644
--- a/ja_JP.eucJP/books/handbook/cutting-edge/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/cutting-edge/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r40809
+ Original revision: r41349
$FreeBSD$
-->
@@ -52,11 +52,9 @@
�������ƥ���¾�ν��פʽ����Τ��ᡢ���ˤϥ��åץǡ��Ȥ�Ԥ�ɬ�פ�����ޤ���
���Ѥ��Ƥ���С������˴ؤ�餺��&os; �ϡ�
�긵�Υ����ƥ��ǿ��γ�ȯ�ĥ��Ʊ�����뤿���ɬ�פʥġ���٤��Ѱդ��Ƥ��ޤ���
- �����ơ������Υġ���ϡ�&os; �ΥС������åץ��졼�ɤ��뤿��ˤ�Ȥ��ޤ���
- �⤷�⤢�ʤ�������ȯ����Υ����ƥ���ɤ������褦����
- ����Ȥ�����С������Τɤ줫��Ȥ�³���褦�����¤äƤ���Τʤ顢
- ���äȤ��ξϤ����ͤˤʤ�Ǥ��礦��
- �긵�Υ����ƥ�åץǡ��Ȥ������Ū�ʥġ���ˤĤ��Ƥ���⤷�Ƥ��ޤ���</para>
+ �����ơ������Υġ���ϡ�&os; �ΥС������åץ��졼�ɤ��뤿��˻Ȥ��ޤ���
+ ���ξϤǤϡ���ȯ�֥������ɤ���������ˡ������ӡ�&os;
+ �����ƥ�åץǡ��Ȥ������Ū�ʥġ���ˤĤ��Ʋ��⤷�Ƥ��ޤ���</para>
<para>���ξϤ��ɤ��ʬ����Τ�:</para>
@@ -70,7 +68,7 @@
<para><application>freebsd-update</application>,
<application>Subversion</application> �⤷����
<application>CTM</application>
- ��Ȥä������ƥ����ˡ</para>
+ ��Ȥä� &os; �����ƥ�ι�����ˡ</para>
</listitem>
<listitem>
@@ -81,7 +79,7 @@
<para><application>Subversion</application>
�ޤ��ϥɥ�������Ѥ� ports<!-- and
<application>Docsnap</application>--> ��Ȥäơ�
- �ɥ�����Ȥ�ǿ��Τ�Τ˥��åץǡ��Ȥ�����ˡ��</para>
+ ���ȡ��뤵��Ƥ���ɥ�����Ȥ�ǿ��Τ�Τ˥��åץǡ��Ȥ�����ˡ��</para>
</listitem>
<listitem>
@@ -89,8 +87,7 @@
</listitem>
<listitem>
- <para><command>make buildworld</command> (��)
- ��Ȥäƥ١��������ƥ����Τ�ƹ��ۤ����ȡ��뤹����ˡ</para>
+ <para>�١��������ƥ����Τ�ƹ��ۤ����ȡ��뤹����ˡ</para>
</listitem>
</itemizedlist>
@@ -98,8 +95,9 @@
<para>���ξϤ��ɤ����ˡ��ʲ��ν����ޤ��礦��</para>
<itemizedlist>
- <listitem><para>�ͥåȥ����³��Ŭ�ڤ����� (<xref
- linkend="advanced-networking"/>)</para>
+ <listitem>
+ <para>�ͥåȥ����³��Ŭ�ڤ����� (<xref
+ linkend="advanced-networking"/>)</para>
</listitem>
<listitem><para>�����ɥѡ��ƥ����Υ��եȥ������Υ��ȡ�����ˡ�ν���
(<xref linkend="ports"/>)</para></listitem>
@@ -108,8 +106,8 @@
<note>
<para>���ξϤ��̤��ơ�
&os; �Υ����������ɤ����������ɤ����ꥢ�åץǡ��Ȥ���Τ�
- <command>svn</command> ���ޥ�ɤ��Ѥ����ޤ���
- ���Υ��ޥ�ɤ�Ȥ��ˤϡ�<filename
+ <command>svn</command> ���Ѥ����ޤ���
+ ���Υ��ޥ�ɤ�Ȥ�����ˤϡ�<filename
role="package">devel/subversion</filename> port �ޤ��� package
�ȡ��뤷�Ƥ���ɬ�פ�����ޤ���</para>
</note>
@@ -132,7 +130,7 @@
</author>
</authorgroup>
</sect1info>
- <title>FreeBSD Update</title>
+ <title>&os; Update</title>
<indexterm><primary>Updating and Upgrading</primary></indexterm>
<indexterm>
@@ -157,9 +155,10 @@
<note>
<para>�Х��ʥꥢ�åץǡ��Ȥϡ�
�������ƥ������ब���ݡ��Ȥ��Ƥ��뤹�٤ƤΥ������ƥ�����ȥ��������ѤǤ��ޤ���
- �����������˥��åץǡ��Ȥ������ˡ����ߤΥ����Υ��ʥ����ܤ��̤���
- ���åץǡ��Ȥ��褦�Ȥ��Ƥ���������Ф��ƽ��פʾ��ʤ����ɤ������ǧ���Ƥ���������
- �����Υ��ʥ���
+ �����������˥��åץǡ��Ȥ������ˡ�
+ ���åץǡ��Ȥ��褦�Ȥ��Ƥ�������Υ��ʥ����ܤ��̤���
+ ���פʾ��ʤ����ɤ������ǧ���Ƥ���������
+ �����Υ��ʥ���
<ulink url="http://www.FreeBSD.org/ja/releases/"></ulink>
�dz�ǧ�Ǥ��ޤ���</para>
</note>
@@ -171,11 +170,11 @@
<sect2 id="freebsdupdate-config-file">
<title>����ե�����</title>
- <para>����ե����� <filename>/etc/freebsd-update.conf</filename>
- ��ǥե���Ȥ��餭��٤���Ĵ�����ơ�
+ <para><filename>/etc/freebsd-update.conf</filename>
+ �������ǥե���Ȥ��餭��٤���Ĵ�����ơ�
���åץǡ��ȥץ����������椹��桼���⤤�ޤ���
���κ�Ȥ��ɤ�ʸ����Ƥ��ޤ�����
- �ʲ��Τ����Ĥ��ι��ܤˤĤ��Ƥ�������ɬ�פǤ��礦��</para>
+ �ʲ��ι��ܤˤĤ��Ƥ�������ɬ�פǤ��礦��</para>
<programlisting># Components of the base system which should be kept updated.
Components src world kernel</programlisting>
@@ -190,7 +189,7 @@ Components src world kernel</programlisting>
�����������ɤΥ��åץǡ��Ȥ���Ĥ��ޤ���</para>
<para>������ʬ�ˤĤ��Ƥϥǥե���ȤΤޤޤˤ��Ƥ�����
- ���åץǡ��Ȥ��������ܤ�桼�����ꥹ�Ȥ˲ä�����ˤ���Τ��٥��ȤǤ��礦��
+ ���åץǡ��Ȥ�����ܤ�桼�����ꥹ�Ȥ˲ä�����ˤ���Τ��٥��ȤǤ��礦��
�����������ɤȥХ��ʥ꤬Ʊ�����Ƥ��ʤ��ȡ�
�Ỵ�ʷ�̤�⤿�餹��ǽ��������ޤ���</para>
@@ -198,9 +197,10 @@ Components src world kernel</programlisting>
# statement will be ignored.
IgnorePaths</programlisting>
- <para>���åץǡ��Ȥ��ѹ�����ƤϤ����ʤ�����Υǥ��쥯�ȥꡢ
- <filename class="directory">/bin</filename> ��
- <filename class="directory">/sbin</filename> ���Υѥ����ɲä��Ƥ���������
+ <para><filename class="directory">/bin</filename> ��
+ <filename class="directory">/sbin</filename>
+ ��������Υǥ��쥯�ȥ�åץǡ��Ȥ��ѹ����ʤ��褦�ˡ�
+ �����Υѥ����ɲä��Ƥ���������
���Υ��ץ����ϡ�����������ѹ����� <command>freebsd-update</command>
������뤳�Ȥ��ɤ���Ū�ˤ����ѤǤ��ޤ���</para>
@@ -209,7 +209,7 @@ IgnorePaths</programlisting>
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile</programlisting>
- <para>���ꤷ���ǥ��쥯�ȥ�ˤ�������ե������
+ <para>���Υ��ץ����ϡ����ꤷ���ǥ��쥯�ȥ�ˤ�������ե������
����������ѹ�����Ƥ��ʤ����Τߥ��åץǡ��Ȥ��ޤ���
�桼���������Υե�������ѹ����Ƥ���ȡ�
�����Υե�����μ�ư���åץǡ��Ȥ�̵���ˤʤ�ޤ���
@@ -225,14 +225,14 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<para><command>freebsd-update</command>
���ޡ������٤��ե����뤬¸�ߤ���ǥ��쥯�ȥ�ΰ����Ǥ���
�ե�����Υޡ����Υץ������ϡ�
- &man.mergemaster.8; ��Ʊ�� &man.diff.1; �ѥå���Ϣ³�Ǥ���
- �ޡ�����ǧ���뤫�����ǥ�����ư���뤫��
+ &man.mergemaster.8; ��Ʊ�� &man.diff.1; �ѥå���Ϣ³�Ǥ�����
+ �����Ͼ��ʤ����ޡ�����ǧ���뤫�����ǥ�����ư���뤫��
<command>freebsd-update</command>
�����Ǥ��뤫�ɤ���������Ǥ���������
�⤷�����ۤ���������С�
<filename class="directory">/etc</filename>
��Хå����åפ��Ƥ���ޡ�����ǧ���Ƥ���������
- <command>mergemaster</command> ���ޥ�ɤξܺ٤ʾ���ˤĤ��Ƥϡ�
+ <command>mergemaster</command> �ξܺ٤ʾ���ˤĤ��Ƥϡ�
<xref linkend="mergemaster"/> �dz�ǧ���Ƥ���������</para>
<programlisting># Directory in which to store downloaded updates and temporary
@@ -249,7 +249,7 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no</programlisting>
- <para><literal>yes</literal> �����ꤹ��ȡ�
+ <para>���Υ��ץ����� <literal>yes</literal> �����ꤹ��ȡ�
<command>freebsd-update</command> ��
<literal>Components</literal> �Υꥹ�Ȥ���������������Ƚ�Ǥ���
���Υꥹ�Ȱʳ����ѹ����ˤĤ��Ƥϼ�갷���ޤ���
@@ -261,30 +261,32 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<sect2 id="freebsdupdate-security-patches">
<title>�������ƥ��ѥå�</title>
- <para>�������ƥ��ѥå��ϥ�⡼�ȥޥ������¸����Ƥ��ꡢ
- �ʲ��Υ��ޥ�ɤ�¹Ԥ���ȡ�����������ɤ��ƥ��ȡ��뤷�ޤ���</para>
+ <para>�ʲ��Υ��ޥ�ɤ�¹Ԥ���ȡ�&os;
+ �Υ������ƥ��ѥå�������������ɤ��졢���ȡ��뤵��ޤ���</para>
<screen>&prompt.root; <userinput>freebsd-update fetch</userinput>
&prompt.root; <userinput>freebsd-update install</userinput></screen>
- <para>�����ͥ�˥ѥå��������ä����ˤϡ������ƥ��Ƶ�ư����ɬ�פ�����ޤ���
- ���٤Ƥ����ޤ��¹ԤǤ��������ƥ�˥ѥå���������褦�Ǥ���С�
- ���դ� &man.cron.8; ����֤Ȥ��� <command>freebsd-update</command>
- ��¹Ԥ��Ƥ�褤�Ǥ��礦��
- ���Υ�������¹ԤǤ���褦�ˤ���ˤϡ�
- �ʲ��Υ���ȥ�� <filename>/etc/crobntab</filename> ���ɲä��Ƥ���������</para>
+ <para>���åץǡ��Ȥˤ�äƥ����ͥ�˥ѥå��������ä����ˤϡ�
+ �ѥå��������ä������ͥ�ǵ�ư����褦�ˡ�
+ �����ƥ��Ƶ�ư����ɬ�פ�����ޤ���
+ �⤷���ϡ������ƥ�˥ѥå������Ƥ�졢
+ ���դ� &man.cron.8; ����֤Ȥ��ơ�<command>freebsd-update</command>
+ ��¹Ԥ���褦�ˡ�
+ �ʲ��Υ���ȥ�� <filename>/etc/crobntab</filename>
+ ���ɲä��Ƥ���������</para>
<programlisting>@daily root freebsd-update cron</programlisting>
- <para>���Υ���ȥ�ϡ���������
- <command>freebsd-update</command> �桼�ƥ���ƥ���¹Ԥ��뤳�Ȥ��̣���ޤ���
- ���Τ褦�� <option>cron</option> �˵��Ҥ���ȡ�
+ <para>���Υ���ȥ�ϡ��������� <command>freebsd-update</command>
+ ��¹Ԥ��뤳�Ȥ��̣���ޤ���
+ <option>cron</option> �ȶ��˼¹Ԥ���ȡ�
<command>freebsd-update</command>
�ϥ��åץǡ��Ȥ�¸�ߤ���Ȥ�������ǧ���ޤ���
�ѥå���¸�ߤ���ȡ�
��ưŪ�˥�������ǥ������˥���������ɤ���ޤ�����Ŭ�ѤϤ���ޤ���
- ����������ɤ��줿�ѥå����ư�ǥ��ȡ��뤹��ɬ�פ����ꡢ
- ���Τ��Ȥ� <username>root</username> ���Ƥ˥������Τ���ޤ���</para>
+ ����������ɤ��줿�ѥå����ǧ������ư�ǥ��ȡ��뤹��ɬ�פΤ��뤳�Ȥ���
+ <username>root</username> ���Ƥ˥������Τ���ޤ���</para>
<para>���ޤ��Ԥ��ʤ��ä����ˤϡ�<command>freebsd-update</command>
��ʲ��Τ褦�˼¹Ԥ���ȡ��Ǹ���ѹ��ޤǥ�����Хå��Ǥ��ޤ���</para>
@@ -298,15 +300,15 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<para><command>freebsd-update</command>
�桼�ƥ���ƥ�����ưŪ�˥��åץǡ��Ȥ��륫���ͥ��
<filename>GENERIC</filename> �ΤߤǤ���
- �������५���ͥ��ȤäƤ�����ˤϡ�<command>freebsd-update</command>
- ��¾����ʬ�åץǡ��Ȥ����塢
+ �������५���ͥ뤬���ȡ��뤵��Ƥ�����ˤϡ�
+ <command>freebsd-update</command> ��¾����ʬ�ȡ��뤷���塢
�����ͥ��ƹ��ۤ����⤦���٥��ȡ��뤹��ɬ�פ�����ޤ���
- <filename>GENERIC</filename> �����ͥ뤬 <filename
+ �������ʤ��顢<filename>GENERIC</filename> �����ͥ뤬 <filename
class="directory">/boot/GENERIC</filename>
��¸�ߤ�����ˤϡ�
- <command>freebsd-update</command> �ˤ��
- (���ߤΥ����ƥ�Ǽ¹Ԥ���Ƥ��륫���ͥ�Ǥʤ��Ȥ�)
- ���åץǡ��Ȥ���ޤ���</para>
+ ���ߤΥ����ƥ�Ǽ¹Ԥ���Ƥ��륫���ͥ�Ǥʤ��Ȥ⡢
+ <command>freebsd-update</command>
+ �ˤ�ꥢ�åץǡ��Ȥ���ޤ���</para>
<note>
<para><filename>GENERIC</filename> �����ͥ��� <filename
@@ -333,9 +335,10 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
�������५���ͥ��ƹ��ۤ���ɬ�פϤ���ޤ���
�������ʤ��� <command>freebsd-update</command> �ϡ�
<filename>/usr/src/sys/conf/newvers.sh</filename>
- �ե�������˥��åץǡ��Ȥ��ޤ���
- ����ϡ����ߤΥ����ƥ�Υѥå���٥� (<command>uname -r</command> ��
- <literal>-p</literal> ��ɽ�������ֹ�) ���ݤ˻��Ȥ����ե�����Ǥ���
+ ���˥��åץǡ��Ȥ��ޤ���
+ ����ϡ����ߤΥ����ƥ�Υѥå���٥��
+ <command>uname -r</command> �� <literal>-p</literal>
+ ��ɽ��������ˤ��Υե����뤬���Ȥ���ޤ���
���Τ��ᡢ�����ѹ�����Ƥ��ʤ����Ǥ⡢�������५���ͥ��ƹ��ۤ��뤳�Ȥˤ�ꡢ
&man.uname.1; �������ƥ�����Τʥѥå���٥����𤹤�褦�ˤʤ�ޤ���
�ƥ����ƥ�˥��ȡ��뤵��Ƥ��륢�åץǡ��ȤФ䤯�İ��Ǥ���褦�ˤʤ�Τǡ�
@@ -360,12 +363,12 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
�����˰�¸����¿���Υ����ɥѡ��ƥ������ץꥱ�������˱ƶ���Ϳ�����ǽ��������ޤ���
���ȡ��뤵��Ƥ��뤹�٤Ƥ� ports �������ƺƥ��ȡ��뤹�뤫��
��㡼���åץ��졼�ɸ塢
- <filename role="package">ports-mgmt/portupgrade</filename>
- �桼�ƥ���ƥ���Ȥäƥ��åץ��졼�ɤ��뤳�Ȥ��侩����Ƥ��ޤ���
+ <filename role="package">ports-mgmt/portmaster</filename>
+ �Ȥ��ä��桼�ƥ���ƥ���Ȥäƥ��åץ��졼�ɤ��뤳�Ȥ��侩����Ƥ��ޤ���
���ȡ��뤵��Ƥ��륢�ץꥱ�������Υ֥롼�ȥե�����Ū�ʺƹ��ۤϡ�
�ʲ��Υ��ޥ�ɤˤ��Ԥ����Ȥ��Ǥ��ޤ���</para>
- <screen>&prompt.root; <userinput>portupgrade -af</userinput></screen>
+ <screen>&prompt.root; <userinput>portmaster -f</userinput></screen>
<para>���Υ��ޥ�ɤϡ����٤Ƥ� ports ��Ŭ�ڤ˺ƥ��ȡ��뤷�褦�Ȥ��ޤ���
<makevar>BATCH</makevar> �Ķ��ѿ���
@@ -382,7 +385,7 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
���åץ��졼�ɤμ��� &os; �ΥС������ˤ�ä��Ѥ��ޤ���</para>
<sect4 id="freebsd-update-custom-kernel-8x">
- <title>&os; 8.X �����Υ����ƥ�ˤ����륫�����५���ͥ�</title>
+ <title>&os; 8.X �ˤ����륫�����५���ͥ�</title>
<para><filename>GENERIC</filename> �����ͥ뤬
<filename class="directory">/boot/GENERIC</filename>
@@ -397,16 +400,16 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<filename
class="directory">/boot/kernel.old</filename>
�� <filename>GENERIC</filename> �����ͥ뤽�Τ�ΤǤ���
- ����ñ�ˤ��Υǥ��쥯�ȥ��̾����
+ ���Υǥ��쥯�ȥ��̾����
<filename class="directory">/boot/GENERIC</filename>
�ؤ��ѹ����Ƥ���������</para>
</listitem>
<listitem>
<para>����ԥ塼���ؤ�ʪ��Ū�ʥ�����������ǽ�Ǥ���С�
- CD-ROM ��ǥ������� <filename>GENERIC</filename>
- �����ͥ�ȡ���Ǥ��ޤ���
- ���ȡ���ǥ��������������ơ��ʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
+ �ʲ��Υ��ޥ�ɤ�¹Ԥ��뤳�Ȥǡ�
+ ���ȡ����ǥ������� <filename>GENERIC</filename>
+ �����ͥ�ȡ���Ǥ��ޤ���</para>
<screen>&prompt.root; <userinput>mount /cdrom</userinput>
&prompt.root; <userinput>cd /cdrom/<replaceable>X.Y-RELEASE</replaceable>/kernels</userinput>
@@ -458,9 +461,9 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<listitem>
<para>����ԥ塼���ؤ�ʪ��Ū�ʥ�����������ǽ�Ǥ���С�
- CD-ROM ��ǥ������� <filename>GENERIC</filename>
- �����ͥ�ȡ���Ǥ��ޤ���
- ���ȡ���ǥ��������������ơ��ʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
+ �ʲ��Υ��ޥ�ɤǡ����ȡ����ǥ�������
+ <filename>GENERIC</filename>
+ �����ͥ�ȡ���Ǥ��ޤ���</para>
<screen>&prompt.root; <userinput>mount /cdrom</userinput>
&prompt.root; <userinput>cd /cdrom/usr/freebsd-dist</userinput>
@@ -494,20 +497,19 @@ MergeChanges /etc/ /var/named/etc/</programlisting>
<para><command>freebsd-update</command>
�ˤ���㡼���ޤ��ϥޥ��ʡ��С������Υ��åץǡ��ȤǤϡ�
�����С����������åȤˤ��Ƽ¹Ԥ��ޤ���
- ���Ȥ��С�&os; 8.1
- �˥��åץǡ��Ȥ���ˤϰʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
+ �ʲ��Υ��ޥ�ɤϡ�&os; 9.1 �˥��åץǡ��Ȥ��ޤ���</para>
- <screen>&prompt.root; <userinput>freebsd-update -r 8.1-RELEASE upgrade</userinput></screen>
+ <screen>&prompt.root; <userinput>freebsd-update -r 9.1-RELEASE upgrade</userinput></screen>
<para>���ޥ�ɤ�¹Ԥ���ȡ�<command>freebsd-update</command>
������ե�����ȸ��ߤΥ����ƥ��ɾ������
- �����ƥ�åץǡ��Ȥ��뤿���ɬ�פʾ����������ޤ���
+ ���åץǡ��Ȥ��뤿���ɬ�פʾ����������ޤ���
���̤ˤϡ��ɤΥ���ݡ��ͥ�Ȥ�ǧ�����졢
- �ɤΥ���ݡ��ͥ�Ȥ�ǧ������Ƥ��ʤ����Ȥ��ä��ꥹ�Ȥ�ɽ������ޤ���
+ �ɤΥ���ݡ��ͥ�Ȥ�ǧ������Ƥ��ʤ��Ȥ��ä��ꥹ�Ȥ�ɽ������ޤ���
���Ȥ��аʲ��Τ褦��ɽ������ޤ���</para>
<screen>Looking up update.FreeBSD.org mirrors... 1 mirrors found.
-Fetching metadata signature for 8.0-RELEASE from update1.FreeBSD.org... done.
+Fetching metadata signature for 9.0-RELEASE from update1.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
@@ -531,7 +533,7 @@ Does this look reasonable (y/n)? y</screen>
�嵭�Υ��ƥåפǰʲ��Τ褦�ʷٹ�ɽ������ޤ���</para>
<screen>WARNING: This system is running a "<replaceable>MYKERNEL</replaceable>" kernel, which is not a
-kernel configuration distributed as part of FreeBSD 8.0-RELEASE.
+kernel configuration distributed as part of FreeBSD 9.0-RELEASE.
This kernel will not be updated: you MUST update the kernel manually
before running "/usr/sbin/freebsd-update install"</screen>
@@ -541,11 +543,12 @@ before running "/usr/sbin/freebsd-update install"</screen>
<para>���٤ƤΥѥå����������륷���ƥ�إ���������ɤ��줿�顢
���˥ѥå���Ŭ�Ѥ���ޤ���
- ���Υץ������ˤ�������֤ϥ���ԥ塼������ǽ�ȥ�������ɤ˰�¸���ޤ���
+ ���Υץ������ˤϻ��֤�������ޤ���
+ ���λ��֤ϥ���ԥ塼������ǽ�ȥ�������ɤ˰�¸���ޤ���
���θ塢����ե����뤬�ޡ�������ޤ���
- ���Υץ������Ǥϡ��ե������ޡ������뤫��
+ ���Υץ������Ǥϡ��桼���ϥե������ޡ������뤫��
���̾�˥��ǥ�����Ω���夲�Ƽ�ư�ǥޡ������뤫��Ҥͤ��ޤ���
- �ץ��������Ȥˡ��ޡ����������������桼���˼�����ޤ���
+ �ץ��������ʤऴ�Ȥˡ����������ޡ����Τ��٤Ƥη�̤ξ��桼���˼�����ޤ���
�ޡ����˼��Ԥ����ꡢ̵�뤷�����ˤϡ��ץ����������Ǥ��ޤ���
�桼���ˤ�äƤ� <filename class="directory">/etc</filename>
�ΥХå����åפ��ꡢ
@@ -556,51 +559,48 @@ before running "/usr/sbin/freebsd-update install"</screen>
<para>���٤ƤΥѥå����̤Υǥ��쥯�ȥ�ǥޡ�������Ƥ��ꡢ
�ޤ��������ƥ�ˤ�ȿ�Ǥ���Ƥ��ޤ���
���٤ƤΥѥå���������Ŭ�Ѥ��졢
- ���٤Ƥ�����ե����뤬�ޡ�������ƥץ����������ࡼ���˿ʤ�Ǥ�����ˤϡ�
- �桼���ˤ���ѹ����Υ��ߥåȤ�ɬ�פ���ޤ���</para>
- </note>
-
- <para>���Υץ�����������ä��顢
- �ʲ��Υ��ޥ�ɤ��Ѥ��ơ����åץ��졼�ɤ�ǥ�������ȿ�Ǥ��Ƥ���������</para>
+ ���٤Ƥ�����ե����뤬�ޡ�������ƥץ����������ࡼ���˿ʤ���顢
+ �桼���ϰʲ��Υ��ޥ�ɤ��Ѥ��ơ�
+ �ѹ�����ǥ�������ȿ�Ǥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>freebsd-update install</userinput></screen>
+ </note>
+
<para>�ѥå��Ϻǽ�˥����ͥ�ȥ����ͥ�⥸�塼����Ф������Ƥ��ޤ���
�����ǥ���ԥ塼����Ƶ�ư����ɬ�פ�����ޤ���
�����ƥब�������५���ͥ��¹Ԥ��Ƥ�����ˤϡ�
- &man.nextboot.8; ���ޥ�ɤ�ȤäƼ���κƵ�ư���Υ����ͥ��
- (���åץǡ��Ȥ��줿) <filename
- class="directory">/boot/GENERIC</filename> ���ѹ����Ƥ���������</para>
+ &man.nextboot.8; ��ȤäƼ���κƵ�ư���Υ����ͥ��
+ ���åץǡ��Ȥ��줿 <filename
+ class="directory">/boot/GENERIC</filename>
+ �����ꤷ�Ƥ���������</para>
<screen>&prompt.root; <userinput>nextboot -k GENERIC</userinput></screen>
<warning>
<para><filename>GENERIC</filename> �����ͥ�ǺƵ�ư�������ˡ�
- �����ƥबŬ�ڤ˵�ư���뤿���ɬ�פ�
- (�⤷����ԥ塼���˥�⡼�Ȥǥ����������ƥ��åץǡ��Ȥ��Ƥ����ΤǤ���С�
- �ͥåȥ����³��ɬ�פ�)
- ���٤ƤΥɥ饤�Ф��ޤޤ�Ƥ��뤳�Ȥ��ǧ���Ƥ���������
- �äˡ�����ޤǤ˼¹Ԥ��Ƥ����������५���ͥ뤬
- (�̾�ϥ����ͥ�⥸�塼��Ȥ�������Ƥ���)
- �ӥ�ɺѤߤε�ǽ��ޤ�Ǥ���ΤǤ���С�
+ �����ͥ�˥����ƥबŬ�ڤ˵�ư���뤿���ɬ�פʤ��٤ƤΥɥ饤�Ф��ޤޤ�Ƥ��뤳�ȡ�
+ �⤷���åץǡ��Ȥ��Ƥ��륳��ԥ塼������⡼�Ȥǥ����������Ƥ���ΤǤ���С�
+ �ͥåȥ����³��ɬ�פʤ��٤ƤΥɥ饤�Ф�ޤޤ�Ƥ��뤳�Ȥ��ǧ���Ƥ���������
+ �äˡ�����ޤǼ¹Ԥ��Ƥ��륫�����५���ͥ뤬��
+ �����ͥ�⥸�塼��Ȥ�������Ƥ���ӥ�ɥ���ε�ǽ��ޤ�Ǥ���ΤǤ���С�
�����Υ⥸�塼�����Ū�� <filename>/boot/loader.conf</filename>
�ε�ǽ���Ѥ��ơ�
- <filename>GENERIC</filename> �ؤ��ɤ߹���Ǥ���������
+ <filename>GENERIC</filename> ���ɤ߹���Ǥ���������
���åץ��졼�ɥץ������������ޤǤϡ�
- ���פǤϤʤ������ӥ���̵���ˤ���
- �ǥ�������ͥåȥ���Υޥ���Ȥʤɤ��Ƥ���������</para>
+ ���פǤϤʤ������ӥ���̵���ˤ���ȤȤ�ˡ�
+ ɬ�פΤʤ��ǥ�������ͥåȥ���Υޥ���Ȥʤɤ��뤳�Ȥ��侩����Ƥ��ޤ���</para>
</warning>
<para>���åץǡ��Ȥ��줿�����ͥ�ǥ���ԥ塼����Ƶ�ư���Ƥ���������</para>
<screen>&prompt.root; <userinput>shutdown -r now</userinput></screen>
- <para>�����ƥब����饤�����ä��顢
- <command>freebsd-update</command> ��ƤӼ¹Ԥ���ɬ�פ�����ޤ���
+ <para>�����ƥब����饤�����ä��顢�ʲ��Υ��ޥ�ɤ�Ȥä�
+ <command>freebsd-update</command> ��ƤӼ¹Ԥ��Ƥ���������
���åץǡ��ȥץ������ξ��֤���¸����Ƥ���Τǡ�
<command>freebsd-update</command> ��¹Ԥ���ȡ��ǽ餫��ǤϤʤ���
- �Ť���ͭ�饤�֥��ȥ��֥������ȥե������������ץ���������Ϥޤ�ޤ���
- ���Υ��ơ�����³�Ԥ���ˤϡ��ʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
+ �Ť���ͭ�饤�֥��ȥ��֥������ȥե������������ץ���������Ϥޤ�ޤ���</para>
<screen>&prompt.root; <userinput>freebsd-update install</userinput></screen>
@@ -619,19 +619,15 @@ before running "/usr/sbin/freebsd-update install"</screen>
���κ�Ȥ�ɬ�פʤΤϡ����ȡ��뤵��Ƥ��륽�եȥ���������
���åץ��졼�ɤκݤ˺�����줿�饤�֥��˰�¸���Ƥ����ǽ�������뤿��Ǥ���
<filename role="package">ports-mgmt/portupgrade</filename>
- ���ޥ�ɤϡ����Υץ�������ư�����ޤ���
- �ʲ��Υ��ޥ�ɤǡ����Υץ������Ϥ��ޤ���</para>
+ �ϡ����Υץ�������ư�����ޤ���</para>
- <screen>&prompt.root; <userinput>portupgrade -f ruby</userinput>
-&prompt.root; <userinput>rm /var/db/pkg/pkgdb.db</userinput>
-&prompt.root; <userinput>portupgrade -f ruby18-bdb</userinput>
-&prompt.root; <userinput>rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db</userinput>
-&prompt.root; <userinput>portupgrade -af</userinput></screen>
+ <screen>&prompt.root; <userinput>portmaster -f</userinput></screen>
<para>���κ�Ȥν�λ�塢�Ǹ�ˤ⤦����
<command>freebsd-update</command>
- ��¹Ԥ���ȡ����åץ��졼�ɤΥץ���������λ���ޤ���
- �ʲ��Υ��ޥ�ɤǤ��٤ƤΥ��åץ��졼�ɥץ������Τ��Ĥ���Ȥ��Ԥ��ޤ���</para>
+ ��¹Ԥ��ơ�
+ ���٤ƤΥ��åץ��졼�ɥץ������Τ��Ĥ���Ȥ�Ԥ���
+ ���åץ��졼�ɤΥץ�������λ���Ƥ���������</para>
<screen>&prompt.root; <userinput>freebsd-update install</userinput></screen>
@@ -647,7 +643,7 @@ before running "/usr/sbin/freebsd-update install"</screen>
<sect2 id="freebsdupdate-system-comparison">
<title>�����ƥ�ξ��֤����</title>
- <para><command>freebsd-update</command> �桼�ƥ���ƥ����Ѥ��ơ�
+ <para><command>freebsd-update</command> ���Ѥ��ơ�
���ȡ��뤵��Ƥ��� &os; �ξ��֤ȡ�
������ư��뤳�Ȥ�ʬ���äƤ�����֤Ȥ���ӤǤ��ޤ���
���Υ��ץ����ϡ������ƥ�Υ桼�ƥ���ƥ����饤�֥�ꡢ
@@ -659,10 +655,10 @@ before running "/usr/sbin/freebsd-update install"</screen>
<warning>
<para>���ޥ�ɥ饤��̾�� <acronym>IDS</acronym> �Ǥ�����
<filename role="package">security/snort</filename>
- �Τ褦�ʿ������Υ����ƥ���֤������ˤʤ��ΤǤϤ���ޤ���
+ �Τ褦�ʿ������Υ����ƥ���������֤������ˤʤ��ΤǤϤ���ޤ���
<command>freebsd-update</command> �ϥǡ�����ǥ���������¸����Τǡ�
�������ѹ����Ԥ����ǽ��������ޤ���
- <varname>kern.securelevel</varname> ������ȡ�
+ <varname>kern.securelevel</varname> �ȡ�
<command>freebsd-update</command> �Υǡ�������Ѥ��ʤ��Ȥ��ˡ�
�ɤ��Τߤε���°�������ꤵ��Ƥ���ե����륷���ƥ���֤����Ȥǡ�
�������ѹ��β�ǽ�����㤯�Ǥ��ޤ�����
@@ -674,10 +670,8 @@ before running "/usr/sbin/freebsd-update install"</screen>
<para>���Υ��ޥ�ɤ�¹Ԥ���ȡ������ƥ�ϸ������졢
�����ե������ &man.sha256.1;
- �ϥå����ͤȸ��ߥ��ȡ��뤵��Ƥ���ե�����Υϥå����ͤ��ե�����ΰ����ȶ���ɽ������ޤ���
- ���줬 <filename>outfile.ids</filename> �ե�����˽��Ϥ�����ͳ�Ǥ���
- �ܤ���Ӥ���ˤϤȤƤ�����������뤷��
- ������Хåե��äѤ����������Ƥ��ޤ��ޤ���</para>
+ �ϥå����ͤȸ��ߥ��ȡ��뤵��Ƥ���ե�����Υϥå����ͤ��ե�����ΰ����ȶ��ˡ����ꤷ��
+ <filename>outfile.ids</filename> �ե�����������ޤ���</para>
<para>�����ιԤ϶ˤ��Ĺ���ΤǤ��������Ϸ����ϴ�ñ�ˤ����˲��ϤǤ��ޤ���
���Ȥ��С������Υ����ǰۤʤäƤ��뤹�٤ƤΥե�������Τꤿ���ΤǤ���С�
@@ -694,9 +688,9 @@ before running "/usr/sbin/freebsd-update install"</screen>
�����Υե�����ˤϡ���������ѹ������ե����뤬����ޤ���
���Ȥ��С�<filename>/etc/passwd</filename>
�ϥ桼���������ƥ���ɲä������ѹ�����ޤ���
- �ޤ��������ͥ�⥸�塼��Τ褦�ʥե����뤬����ޤ���
- ������ <command>freebsd-update</command>
- �ˤ�ꥢ�åץǡ��Ȥ���ޤ���
+ �ޤ��������ͥ�⥸�塼��Τ褦�ʥե�����ϡ�
+ <command>freebsd-update</command>
+ �ˤ�ꥢ�åץǡ��Ȥ���뤿�ᡢ�ѹ�����ޤ���
���Τ褦�����̤ʥե������ǥ��쥯�ȥ���������ˤϡ�
������ <filename>/etc/freebsd-update.conf</filename> ��
<literal>IDSIgnorePaths</literal> ���ץ������ɲä��Ƥ���������</para>
@@ -731,12 +725,12 @@ before running "/usr/sbin/freebsd-update install"</screen>
<see>���åץǡ��Ȥȥ��åץ��졼��</see>
</indexterm>
- <para>&os; �Υ١��������ƥ�ˤϡ�&man.portsnap.8; �ȸƤФ��
- Ports Collection �Υ��åץǡ��ȥ桼�ƥ���ƥ�������ޤ���
- �¹Ԥ���ȡ���⡼�ȥ����Ȥ���³�����������ƥ������ڤ���
- Ports Collection �����������ɤ��ޤ���
+ <para>&os; �Υ١��������ƥ�ˤϡ�
+ Ports Collection �åץǡ��Ȥ��� &man.portsnap.8; ������ޤ���
+ ���Υ桼�ƥ���ƥ��ϡ�&os; �Υ����Ȥ���³�����������ƥ������ڤ���
+ Ports Collection �κǿ��Ǥ����������ɤ��ޤ���
�������ƥ������ϡ�
- ����������ɤ������٤ƤΥե����뤬���������������ѹ�����Ƥ��ʤ����Ȥθ��ڤ��Ѥ����ޤ���
+ ����������ɤ������٤ƤΥե�����θ��ڤ��Ѥ����ޤ���
�ǿ��� Ports Collection �ե���������������ɤ���ˤϡ�
�ʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
@@ -779,8 +773,8 @@ Fetching 133 new ports or files... done.</screen>
<replaceable>...</replaceable></screen>
<para>���Ǥ˥��ȡ��뤵��Ƥ��� Ports Collection
- �åץǡ��Ȥ���ˤϡ��ʲ��Τ褦��
- <command>portsnap update</command> ���ޥ�ɤ�ȤäƤ���������</para>
+ �åץǡ��Ȥ���ˤϡ�
+ <command>portsnap update</command> ��ȤäƤ���������</para>
<screen>&prompt.root; <userinput>portsnap update</userinput></screen>
@@ -789,9 +783,9 @@ Fetching 133 new ports or files... done.</screen>
���ץꥱ�������ȡ��뤷���ꡢ
���åץ��졼�ɤǤ��ޤ���</para>
- <para><literal>fetch</literal> �� <literal>extract</literal> �ޤ���
- <literal>update</literal> �Υץ�������Ϣ³���ƹԤ��ˤϡ�
- �ʲ�����Τ褦�˼¹Ԥ��Ƥ���������</para>
+ <para><literal>fetch</literal> ��Ȥ����ˤϡ�
+ <literal>extract</literal> ����� <literal>update</literal>
+ ��Ϣ³���ƹԤ����Ȥ��Ǥ��ޤ���</para>
<screen>&prompt.root; <userinput>portsnap fetch update</userinput></screen>
@@ -811,22 +805,20 @@ Fetching 133 new ports or files... done.</screen>
<see>Updating and Upgrading</see>
</indexterm>
- <para>�١��������ƥࡢPorts Collection �˲ä���
- �ɥ�����Ȥ� &os; ���ڥ졼�ƥ������ƥ�ι������ǤǤ���
+ <para>�ɥ�����Ȥϡ�&os; ���ڥ졼�ƥ������ƥ��ɬ�����ǤǤ���
&os; �ɥ�����ȥ��åȤκǿ��С������ϡ�<ulink
url="http://www.freebsd.org/doc/">&os; �����֥�����</ulink>
��������Ǥ��ޤ�����
�ͥåȥ����³���٤����⤷���Ϥޤä�����³�Ǥ��ʤ��桼���⤤�ޤ���
- �����ˤ⡢�ƥ����������ɥ�����Ȥåץǡ��Ȥ��ơ�
- �ǿ��� &os;
- �ɥ�����ȥ��åȤ��������ǰݻ�������ˡ���Ѱդ���Ƥ��ޤ���</para>
+ ��������Υɥ�����Ȥ�ǿ��� &os;
+ �ɥ�����ȥ��åȤ˥��åץǡ��Ȥ�����ˡ�������Ĥ��Ѱդ���Ƥ��ޤ���</para>
<sect2 id="dsvn-doc">
<title><application>Subversion</application>
���Ѥ����ɥ�����ȤΥ��åץǡ�����ˡ</title>
<para>&os; �Υɥ�����ȤΥ������ϡ�
- <application>Subversion</application> ���Ѥ�������Ǥ��ޤ���
+ <application>svn</application> ���Ѥ�������Ǥ��ޤ���
������Ǥϰʲ��ˤĤ����������ޤ���</para>
<itemizedlist>
@@ -837,7 +829,7 @@ Fetching 133 new ports or files... done.</screen>
</listitem>
<listitem>
- <para><application>Subversion</application> ���Ѥ��ơ�
+ <para><application>svn</application> ���Ѥ��ơ�
�ɥ�����ȤΥ�������
<filename class="directory">/usr/doc</filename>
�ʲ��˥���������ɤ�����ˡ��</para>
@@ -858,22 +850,21 @@ Fetching 133 new ports or files... done.</screen>
</sect2>
<sect2 id="installing-documentation-toolchain">
- <title><application>Subversion</application>
+ <title><application>svn</application>
����ӥɥ�����ȥġ����������Υ��ȡ���</title>
<para>&os; �Υɥ�����Ȥ�������ƹ��ۤ���ˤϡ�
- ���ʤ��礭�ʥġ���Υ��쥯�����ɬ�פǤ���
- �����Υġ����¿���Υǥ��������̤�ɬ�פȤ����ޤ���
- ���٤Ƥ� &os; �桼���ˤȤä�ͭ�ѤȤ����櫓�ǤϤʤ��Τǡ�
+ �ġ���Υ��쥯�����ɬ�פǤ���
+ �����Υġ����¿���Υǥ��������̤���Ѥ��뤿�ᡢ
&os; �١��������ƥ�ΰ����ǤϤ���ޤ���
- �����Υġ���ϡ�&os;
+ �ޤ������٤Ƥ� &os; �桼���ˤȤä�ͭ�ѤȤ����櫓�ǤϤʤ���&os;
�Τ���˿������ɥ�����Ȥ��ȯ�˼�ɮ���Ƥ������䡢
���ˤ˥ɥ�����Ȥ������饢�åץǡ��Ȥ������˸�������ΤǤ���</para>
- <para>ɬ�פʥġ���ϡ����٤� Ports Collection ������Ǥ��ޤ���<filename
- role="package">textproc/docproj</filename> �ϡ�
- &os; �ɥ�����ơ������ץ��������Ȥˤ�곫ȯ����Ƥ���ޥ����� port �ǡ�
- �����Υġ���Υ��ȡ���䥢�åץǡ��Ȥ��ưפˤ��ޤ���</para>
+ <para><application>svn</application> ��ޤ�ɬ�פʥġ���ϡ�
+ <filename role="package">textproc/docproj</filename> � port
+ ���饤�ȡ���Ǥ��ޤ������� port �ϡ�
+ &os; �ɥ�����ơ������ץ��������Ȥˤ�곫ȯ����Ƥ��ޤ���</para>
<note>
<para>�ɥ�����Ȥ� &postscript; �� PDF �Ǥ�ɬ�פʤ���С�������
@@ -887,20 +878,14 @@ Fetching 133 new ports or files... done.</screen>
���Τ��ᡢ�⤷ PDF ���Ϥ�������ɬ�פȤ��ʤ���С�
���Υġ���ȡ��뤷�ʤ����ȤϤȤƤ⸭���Ǥ���</para>
</note>
-
- <para><filename role="package">textproc/docproj</filename>
- �ȡ��뤹��ȡ�<application>Subversion</application>
- �⥤�ȡ��뤵��ޤ���</para>
</sect2>
<sect2 id="updating-documentation-sources">
<title>�ɥ�����ȤΥ������åץǡ��Ȥ���</title>
- <para>�ɥ�����ȤΥ������ϡ�
- <application>Subversion</application>
- �ץ�������Ȥäƥ���������ɤǤ��ޤ���
- western US �ߥ顼���� HTTPS
- �ץ��ȥ�����Ѥ��ƥ���������ɤ���ˤϰʲ��Τ褦�����Ϥ��Ƥ���������</para>
+ <para>�ʲ�����Ǥϡ�<application>svn</application> ��Ȥä�
+ western US �ߥ顼���� HTTPS �ץ��ȥ�����Ѥ��ơ�
+ �ɥ�����ȤΥ����������������ɤ��ޤ���</para>
<screen>&prompt.root; <userinput>svn checkout <replaceable>https://svn0.us-west.FreeBSD.org</replaceable>/doc/head /usr/doc</userinput></screen>
@@ -916,9 +901,8 @@ Fetching 133 new ports or files... done.</screen>
<screen>&prompt.root; <userinput>svn update <filename class="directory">/usr/doc</filename></userinput></screen>
- <para>�����������ꤷ���顢<filename
- class="directory">/usr/doc</filename> �ǥ��쥯�ȥ��
- <filename>Makefile</filename> ��Ȥ���
+ <para>�����������ꤷ���顢
+ <filename>/usr/doc/Makefile</filename> ��Ȥ���
�ʲ��Τ褦�˥ɥ�����Ȥåץǡ��Ȥ��뤳�Ȥ�Ǥ��ޤ���</para>
<screen>&prompt.root; <userinput>cd /usr/doc</userinput>
@@ -928,14 +912,14 @@ Fetching 133 new ports or files... done.</screen>
<sect2 id="updating-documentation-options">
<title>�ɥ�����ȤΥ�������Ĵ����ǽ�ʥ��ץ����</title>
- <para>&os; �Υɥ�����ȤΥ��åץǡ��Ȥȥӥ�ɥ����ƥ�ϡ�
+ <para>&os; �Υɥ�����ȥ��åȤΥ��åץǡ��Ȥȥӥ�ɥ����ƥ�ϡ�
�ɥ�����ơ������ΰ����Υ��åץǡ��Ȥ��ñ�ˤ��륪�ץ����䡢
����������Υӥ�ɤ��б����Ƥ��ޤ���
�����Υ��ץ����ϡ������ƥ����̤Υ��ץ����Ǥ���
- <filename>/etc/make.conf</filename> �ե�����䡢&man.make.1;
- �桼�ƥ���ƥ���Ϳ���륳�ޥ�ɥ饤�ץ���������Ǥ��ޤ���</para>
+ <filename>/etc/make.conf</filename> �䡢&man.make.1;
+ ��Ϳ���륳�ޥ�ɥ饤�ץ���������Ǥ��ޤ���</para>
- <para>�ʲ��������Υ��ץ����ΰ����Ǥ���</para>
+ <para>���ץ����ˤϰʲ��Τ褦�ʤ�Τ�����ޤ���</para>
<variablelist>
<varlistentry>
@@ -943,7 +927,7 @@ Fetching 133 new ports or files... done.</screen>
<listitem>
<para>�ӥ�ɤ���ӥ��ȡ���θ��줪��ӥ����ǥ��ΰ�����
- ���Ȥ��С��Ѹ�Υɥ�����ȤΤߤ���ꤹ��ˤ�
+ ���Ȥ��С��Ѹ�Υɥ�����Ȥ���ꤹ��ˤ�
<literal>en_US.ISO8859-1</literal> �����ꤷ�ޤ���</para>
</listitem>
</varlistentry>
@@ -971,11 +955,12 @@ Fetching 133 new ports or files... done.</screen>
</varlistentry>
</variablelist>
- <para>&os; �Υ����ƥ����̤Υ��ץ����˴�Ϣ�����ä�¿���� make �ѿ��ˤĤ��Ƥϡ�
+ <para>&os; �Υ����ƥ����̤Υ��ץ����˴�Ϣ�����ä�¿����
+ <command>make</command> �ѿ��ˤĤ��Ƥϡ�
&man.make.conf.5; ��������������</para>
- <para>&os; �ɥ�����ȤΥӥ�ɥ����ƥ���б����Ƥ��뤵��ʤ� make ���ѿ��˴ؤ��Ƥϡ�
-
+ <para>&os; �ɥ�����ȤΥӥ�ɥ����ƥ���б����Ƥ��뤵��ʤ�
+ <command>make</command> ���ѿ��˴ؤ��Ƥϡ�
<ulink url="&url.doc.langbase.en;/books/fdp-primer">���������ԤΤ���� &os; �ɥ�����ơ������ץ������������� </ulink> �Ȥ��Ƥ���������</para>
</sect2>
@@ -983,11 +968,11 @@ Fetching 133 new ports or files... done.</screen>
<title>���������� &os; �ɥ�����Ȥȡ��뤹��</title>
<para>�ɥ�����ȤΥ������κǿ����ʥåץ���åȤ�
- <filename class="directory">/usr/doc</filename> �˥���������ɤ�����ä��顢
+ <filename class="directory">/usr/doc</filename> �˥���������ɤ����顢
���ȡ��뤵��Ƥ���ɥ�����Ȥåץǡ��Ȥ�����������٤������ޤ�����</para>
- <para>makefile �� <makevar>DOC_LANG</makevar>
- ���ץ������������Ƥ��뤹�٤Ƥθ�������˥��åץǡ��Ȥ���ˤϡ�
+ <para><makevar>DOC_LANG</makevar>
+ ���������Ƥ��뤹�٤Ƥθ�������˥��åץǡ��Ȥ���ˤϡ�
�ʲ��Τ褦�����Ϥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>cd /usr/doc</userinput>
@@ -1000,7 +985,7 @@ Fetching 133 new ports or files... done.</screen>
<screen>&prompt.root; <userinput>cd /usr/doc/en_US.ISO8859-1</userinput>
&prompt.root; <userinput>make update install clean</userinput></screen>
- <para>make �� <makevar>FORMATS</makevar> �ѿ������ꤷ�ơ�
+ <para><makevar>FORMATS</makevar> �����ꤷ�ơ�
�ʲ��Τ褦�˥��ȡ��뤹����Ϸ��������Ǥ��ޤ���</para>
<screen>&prompt.root; <userinput>cd /usr/doc</userinput>
@@ -1008,7 +993,7 @@ Fetching 133 new ports or files... done.</screen>
<para>�ɥ�����Ȥ��Խ������ꡢ����������Τ���Ф�����ˡ�ˤĤ��Ƥϡ�
<ulink
- url="&url.books.fdp-primer;">���������ԤΤ���� FreeBSD
+ url="&url.books.fdp-primer;">���������ԤΤ���� &os;
�ɥ�����ơ������ץ�������������</ulink> ��������������</para>
</sect2>
@@ -1034,31 +1019,32 @@ Fetching 133 new ports or files... done.</screen>
<para>����ޤǤΥ��������Ǥϡ������������ɤ��Ѥ��� &os;
�ɥ�����ȤΥ��åץǡ�����ˡ�ˤĤ����������Ƥ��ޤ�����
- �������ʤ��顢���٤ƤΥ����ƥ�ˤ����ơ�
+ ���٤Ƥ� &os; �����ƥ�ǡ�
����������ɥ�����Ȥåץǡ��Ȥ��뤳�Ȥ��������Τ�ޤ���
�Ǥ����Ȥ��Ƥ⸽��Ū�ǤϤʤ����Ȥ⤢��ޤ���
�ɥ�����Ȥ������鹽�ۤ���ˤϡ�
���ʤ��礭�ʥġ���ȥ桼�ƥ���ƥ����鹽�������
- <emphasis>�ɥ�����ơ������ġ����������</emphasis> ��ɬ�פǤ���
- �ޤ���<application>Subversion</application>
+ <emphasis>�ɥ�����ơ������ġ����������</emphasis>
+ ��ɬ�פʤ���Ǥ���
+ �ޤ���<application>svn</application>
��ݥ��ȥ꤫�饽����������å������Ȥ���
�����å������Ȥ�������������ɥ�����Ȥ��ư�ǹ��ۤ�����ˡ�ˤĤ��ơ�
����ʤ�˽��Τ��Ƥ���ɬ�פ⤢��ޤ���
������Ǥϡ����ȡ��뤵��Ƥ���
&os; �Υɥ�����Ȥåץǡ��Ȥ���⤦��Ĥ���ˡ�Ǥ��롢
- Ports Collection ���Ѥ����ʲ�����ˡ�ˤĤ����������ޤ���</para>
+ Ports Collection ���Ѥ�����ˡ�ˤĤ�����������
+ �ʲ��ˤĤ����������ޤ���</para>
<itemizedlist>
<listitem>
<para>���ۺѤΥɥ�����ȤΥ��ʥåץ���åȤ����������ɤ��ƥ��ȡ��뤹����ˡ��
- ��������Ǥι��ۺ�Ȥ�ɬ�פ���ޤ���
- (�ɥ�����ơ������ġ����������ȡ��뤹��ɬ�פϤ���ޤ���)��</para>
+ ��������Ǥι��ۺ�Ȥ�ɥ�����ơ������ġ����������ȡ��뤹��ɬ�פϤ���ޤ���</para>
</listitem>
<listitem>
<para>�ɥ�����ȤΥ����������������ɤ���ports
- �ե졼������Ȥäƹ��ۤ�����ˡ
- (�����å������Ȥ���ӹ��ۺ�Ȥ���ñ�ˤʤ�ޤ�)��</para>
+ �ե졼������Ȥäƹ��ۤ�����ˡ�Ǥ���
+ �����å������Ȥ���ӹ��ۺ�Ȥ���ñ�ˤʤ�ޤ���</para>
</listitem>
</itemizedlist>
@@ -1068,7 +1054,7 @@ Fetching 133 new ports or files... done.</screen>
�ˤ�ꥵ�ݡ��Ȥ���Ƥ��ޤ���
������ ports �ϡ�&os; Ports Collection �� <ulink
url="http://www.freshports.org/docs/">docs</ulink>
- ���ۥ��ƥ���ˤޤȤ���Ƥ��ޤ���</para>
+ ���ƥ���ˤޤȤ���Ƥ��ޤ���</para>
<sect3 id="doc-ports-install-make">
<title>�ɥ�����ơ������ ports �ι��ۤȥ��ȡ���</title>
@@ -1095,9 +1081,7 @@ Fetching 133 new ports or files... done.</screen>
<listitem>
<para><quote>�ޥ��� port</quote>, <filename
role="package">misc/freebsd-doc-en</filename>��
- �ɥ�����ơ������ port �Υե�����Ϥ����ˤ���ޤ���
- ���� port �ϡ����٤ƤΥɥ�����ơ������ ports �Υ١����Ǥ���
- �ǥե���ȤǤϡ��Ѹ��ʸ��Τߤ��ۤ��ޤ���</para>
+ ���٤ƤαѸ�ʸ��� ports �ȡ��뤷�ޤ���</para>
</listitem>
<listitem>
@@ -1107,35 +1091,30 @@ Fetching 133 new ports or files... done.</screen>
</listitem>
<listitem>
- <para>�Ǹ�ˡ��Ƹ���Τ���� <quote>���졼�� port</quote>
+ <para>�Ƹ���Τ���� <quote>���졼�� port</quote>
���Ѱդ���Ƥ��ޤ������Ȥ��С�<filename
role="package">misc/freebsd-doc-hu</filename>
- �ϥϥ��Υɥ�����ơ������ port �Ǥ���
- ���� port �ϡ����٤ƥޥ��� port �˰�¸����
- �Ƹ�����������줿�ɥ�����Ȥȡ��뤷�ޤ���</para>
+ �ϥϥ��Υɥ�����ơ������ port �Ǥ���</para>
</listitem>
</itemizedlist>
- <para>����������ɥ�����ơ������ port �ȡ��뤹��ˤϡ�
- �ʲ��Υ��ޥ�ɤ� (<username>root</username> ���¤�)
- �¹Ԥ��Ƥ���������</para>
+ <para>���Ȥ��С�<ulink
+ url="http://www.FreeBSD.org"></ulink> ��Ʊ�������Ǥ��롢
+ �Ѹ��Ǥ�ʬ�䤵�줿 <acronym>HTML</acronym> �������ۤ���
+ <filename
+ class="directory">/usr/local/share/doc/freebsd</filename>
+ �˥��ȡ��뤹��ˤϰʲ��� port �ȡ��뤷�Ƥ���������</para>
<screen>&prompt.root; <userinput>cd /usr/ports/misc/freebsd-doc-en</userinput>
&prompt.root; <userinput>make install clean</userinput></screen>
- <para>�Ѹ��Ǥ�ʬ�䤵�줿 <acronym>HTML</acronym> ���� (<ulink
- url="http://www.FreeBSD.org"></ulink> ��Ʊ������)
- �Υɥ�����Ȥ����ۤ��졢<filename
- class="directory">/usr/local/share/doc/freebsd</filename>
- �ǥ��쥯�ȥ�˥��ȡ��뤵��ޤ���</para>
-
<sect4 id="doc-ports-options">
<title>���̤Υ��ץ����</title>
<para>�ɥ�����ơ������ ports
�ˤϤ�������Υ��ץ�����Ѱդ���Ƥ��ꡢ
- ports �ο�����ǥե���Ȥ����꤫���ѹ��Ǥ��ޤ���
- �ʲ��Ϥ����椫�餤���Ĥ���ꥹ�ȥ��åפ�����ΤǤ���</para>
+ �ʲ��Τ褦��
+ ports �ο�����ǥե���Ȥ����꤫���ѹ��Ǥ��ޤ���</para>
<variablelist>
<varlistentry>
@@ -1143,11 +1122,11 @@ Fetching 133 new ports or files... done.</screen>
<listitem>
<para>HTML �������ۤ��ޤ���
- ���줾��Υɥ�����Ȥ��Ȥ�ñ���Ǥ� HTML �ե����뤬���ۤ���ޤ���
+ �ƥɥ�����Ȥ��Ф���ñ���Ǥ� HTML �ե����뤬���ۤ���ޤ���
�������줿�ɥ�����Ȥϡ�
<filename>article.html</filename> ��
<filename>book.html</filename> �Ȥ��ä�̾���ǡ�
- �����ȤȤ�˥��ȡ��뤵��ޤ���</para>
+ ɬ�פ˱����Ʋ����ȤȤ�˥��ȡ��뤵��ޤ���</para>
</listitem>
</varlistentry>
@@ -1155,11 +1134,7 @@ Fetching 133 new ports or files... done.</screen>
<term><makevar>WITH_PDF</makevar></term>
<listitem>
- <para>&adobe; Portable Document Format ���ۤ��ޤ���
- &adobe; &acrobat.reader;,
- <application>Ghostscript</application>��
- �ޤ��ϡ�¾�� PDF
- ������ɤि��Τ�ΤǤ���
+ <para>&adobe; Portable Document Format (PDF) ���ۤ��ޤ���
�������줿�ɥ�����Ȥϡ�
<filename>article.pdf</filename> ��
<filename>book.pdf</filename>
@@ -1178,10 +1153,8 @@ Fetching 133 new ports or files... done.</screen>
<note>
<para>�ǥե���ȤΥ������åȥǥ��쥯�ȥ�ϡ�
- <application>Subversion</application>
+ <application>svn</application>
���Ѥ�����ˡ�Ȥϰۤʤ�ޤ���
- �ʤ��ʤ�С�������������Ƥ�����ˡ�Ǥ�
- port ���Ѥ��ƥ��ȡ��뤷�Ƥ��ꡢ
ports ���̾� <filename
class="directory">/usr/local</filename>
�ǥ��쥯�ȥ�ʲ��˥��ȡ��뤵��뤿��Ǥ���
@@ -1193,7 +1166,7 @@ Fetching 133 new ports or files... done.</screen>
</variablelist>
<para>�ʲ��ϡ��嵭���ѿ����Ѥ��ƥϥ��Υɥ�����Ȥ�
- PDF �����ǥ��ȡ��뤹����ˡ������ñ����Ǥ���</para>
+ PDF �����ǥ��ȡ��뤹����ˡ�Ǥ���</para>
<screen>&prompt.root; cd /usr/ports/misc/freebsd-doc-hu
&prompt.root; make -DWITH_PDF DOCBASE=share/doc/freebsd/hu install clean</screen>
@@ -1231,7 +1204,7 @@ Fetching 133 new ports or files... done.</screen>
<screen>&prompt.root; <userinput>pkg_add -r hu-freebsd-doc</userinput></screen>
<note>
- <para>�ɥ�����Ȥ� package �ϡ����줴�Ȥ��б����� port ��
+ <para>�ɥ�����Ȥ� package �ϡ��б����� port ̾�Ȥϰۤʤꡢ
<literal><replaceable>lang</replaceable>-freebsd-doc</literal>
�η�����̾�����Ĥ����Ƥ��ޤ���
�����ǡ�<replaceable>lang</replaceable> �ϸ��쥳���ɤ�û�̷��Ǥ���
@@ -1243,15 +1216,13 @@ Fetching 133 new ports or files... done.</screen>
<sect3 id="doc-ports-update">
<title>�ɥ�����ơ������ ports �Υ��åץǡ���</title>
- <para>���ȡ���ѤߤΥɥ�����ơ������ port
- �åץǡ��Ȥ���ˤϡ�
- ports �Υ��åץǡ��ȥġ��뤬�Ѱդ���Ƥ���н�ʬ�Ǥ���
+ <para>¾�� port ��Ʊ�ͤˡ��ɥ�����ơ������ port
+ �åץǡ��ȤǤ��ޤ���
���Ȥ��С��ʲ��Υ��ޥ�ɤ�¹Ԥ���ȡ�<filename
role="package">ports-mgmt/portupgrade</filename>
- �ġ���ǡ�package
- ������Ȥäƥϥ��Υɥ�����Ȥåץǡ��Ȥ��ޤ���</para>
+ ���顢package ������Ȥäƥ��ȡ��뤵��Ƥ���ϥ��Υɥ�����Ȥåץǡ��Ȥ��ޤ���</para>
- <screen>&prompt.root; <userinput>portupgrade -PP hu-freebsd-doc</userinput></screen>
+ <screen>&prompt.root; <userinput>portmaster -PP hu-freebsd-doc</userinput></screen>
</sect3>
</sect2>
</sect1>
@@ -1261,11 +1232,10 @@ Fetching 133 new ports or files... done.</screen>
<indexterm><primary>-CURRENT</primary></indexterm>
<indexterm><primary>-STABLE</primary></indexterm>
- <para>FreeBSD �ˤ���Ĥγ�ȯ�֥���������ޤ���
+ <para>&os; �ˤ���Ĥγ�ȯ�֥���������ޤ���
����� &os.current; �� &os.stable; �Ǥ���
- ���ξϤǤϤ��줾��ˤĤ��ƴ�ñ����������
- �ɤΤ褦�ˤ��Ƥ��ʤ��Υ����ƥ���б�����ĥ���Ф��ơ�
- �ɤ���äƾ�˺ǿ��ξ��֤��ݤĤ��ˤĤ��ư����ޤ���
+ ���ξϤǤϤ��줾��ˤĤ�����������
+ �ɤΤ褦�ˤ��ƥ����ƥ���б�����ĥ��ǿ��ξ��֤��ݤĤ��ˤĤ����������ޤ���
�ޤ��� &os.current;������ &os.stable; �ˤĤ����������ޤ���</para>
<para><emphasis>��: &a.hanai;��1996 ǯ 11 �� 6 ��</emphasis></para>
@@ -1273,9 +1243,7 @@ Fetching 133 new ports or files... done.</screen>
<sect2 id="current">
<title>�ǿ��� &os; ���ɤ�������</title>
- <para>������ɤ����ˡ�
- ���ˤȤ�Ƥ������ߤ������Ȥ�����ޤ���
- &os.current; �Ȥ� &os; �γ�ȯ�� <quote>������</quote> ���Ȥ������ȤǤ���
+ <para>&os.current; �Ȥ� &os; �γ�ȯ�� <quote>������</quote> �Ǥ���
&os.current; �Υ桼���Ϲ⤤�����Ϥ���Ĥ��Ȥ��ᤵ�졢
��ʬ�Υ����ƥब�����뺤���������ϤDz��Ǥ��ʤ���Фʤ�ޤ���
�⤷ &os; ��Ȥ��Ϥ�Ф���ʤ顢
@@ -1288,21 +1256,20 @@ Fetching 133 new ports or files... done.</screen>
��ˤϸ��߳�ȯ�Ӿ�Υ��եȥ�������
�¸�Ū���ѹ������뤤�ϲ���Ū�ʵ�ǽ�ʤɤ��ޤޤ�Ƥ��ޤ���
�ޤ�������������äƤ��뵡ǽ�����٤ơ�
- ���θ�������������Ȥϸ¤�ޤ���
- &os.current; ��������ۤ���������ѥ��뤷�Ƥ���ͤ�
- �������ޤ�����
+ ���θ�������������Ȥϸ¤�ޤ���&os.current;
+ ��������ۤ���������ѥ��뤷�Ƥ���ͤϤ������ޤ�����
�����ˤ�äƤϥ���ѥ��뤵���Ǥ��ʤ����֤ˤʤäƤ��뤳�Ȥ⤢��ޤ���
����������ϲ�ǽ�ʸ¤��®�˲�褵��ޤ�����
&os.current; ���Թ���⤿�餹����
����Ȥ����������餷����ǽ��⤿�餹���ϡ�
- �ޤ��˥����������ɤ������줿�ִ֤ˤ��ΤǤ�!</para>
+ �ޤ��˥����������ɤ�Ʊ�������ִ֤ˤ��ΤǤ�!</para>
</sect3>
<sect3>
<title>ï�� &os.current; ��ɬ�פȤ��Ƥ��?</title>
<para>&os.current; �ϡ�
- ���λ��Ĥν��פʥ��롼�פ��оݤȤ��Ƥ��ޤ���</para>
+ ���� 3 �Ĥν��פʥ��롼�פ��оݤȤ��Ƥ��ޤ���</para>
<orderedlist>
<listitem>
@@ -1317,15 +1284,14 @@ Fetching 133 new ports or files... done.</screen>
���ϡ�&os.current;
�� <quote>�����Ǥ���</quote> ���Ȥ��ǽ�ʸ¤��ݾڤ��뤿��ˡ�
���������褹��Τ˻��֤��ˤ��ޤʤ��͡��Ǥ���
- ���Ϥޤ����͡����ѹ��˴ؤ�����Ƥ�
+ �����Υƥ������ϡ����ޤ��ޤ��ѹ��˴ؤ�����Ƥ�
&os; ����ޤ��������դ���Ԥʤ������ȻפäƤ���
�͡��Ǥ⤢�ꡢ�����������뤿��Υѥå������ޤ���</para>
</listitem>
<listitem>
- <para>ñ�ˡ��͡��ʻ����ܤ���������ͤΤ����
- (���Ȥ���ư��������ǤϤʤ�<emphasis>�ɤि��</emphasis>��)
- �ǿ��Υ�������Ȥ������ȻפäƤ���͡���
+ <para>ñ�ˡ����ޤ��ޤʻ����ܤ������
+ ���ͤΤ���˺ǿ��Υ�������Ȥ������ȻפäƤ���͡���
�����ο͡��Ϥޤ���
���������Ȥ䥳���ɤ��Ƥ��Ƥ���ޤ���</para>
</listitem>
@@ -1338,36 +1304,19 @@ Fetching 133 new ports or files... done.</screen>
<orderedlist>
<listitem>
- <para>�ʤˤ����������å�������Τ������ʹ����
- ��ʬ�μ��ϤǤϰ��֤ˤ�����������������ˡ�
- �������Υ����ɤ����Ҥ��ɤ������뤳�ȡ�
- ��������ǽ�����뤿��˰��־��ˤʤ�Ȥ������Ȥϡ�
- �������Х��˺ǽ�ˤ֤�������Ȥ������ȤǤ���</para>
+ <para>���Υ��������ˡ��Ǥ����������ǽ�����ꤹ�뤳�ȡ�
+ �������ε�ǽ�Ͻ�ʬ�˥ƥ��Ȥ���Ƥ��ʤ����ᡢ
+ �Х���ޤ�Ǥ�����ǽ�����礤�ˤ���ޤ���</para>
</listitem>
<listitem>
<para>�Х��������뤿������ᤤ��ˡ��
- �����ʤ�С������� &os.current; �Ǥ��졢
�����餢��Х���������Τ�Ʊ������
�������Х������߽Ф������줬����ޤ���</para>
</listitem>
<listitem>
- <para><quote>�����˥��ݡ��Ȥ���</quote> ���ȡ�
- �錄�������� 3 �Ĥ� <quote>������</quote>
- &os.current; �Υ��롼�פΰ�Ĥˡ�
- �ºݤ�°����͡��������Τ˥٥��Ȥ�Ԥ����ޤ�����
- ����Ū�ʥ��ݡ��Ȥ�Ԥʤ��ˤϡ�ñ�ˡֻ��֤���ʤ��פΤǤ���
- ����Ϥ錄�����������οͤ������ι��ޤʤ���
- �����ǰ��ϰ����ʹ֤��Ȥ������ȤǤϤ���ޤ���
- (�⤷�����ʤ� &os; �ʤ�Ƥ�äƤ��ޤ���)��
- �錄�������ϰ����˲�ɴ�̤�Υ�å�������������
- <emphasis>����</emphasis> &os;
- �κ�Ȥ뤳�Ȥʤɽ���ʤ�!
- �Ȥ��������Τ��ȤʤΤǤ���
- �⤷��&os; �β��ɺ�Ȥ�³���뤫��
- ����Ȥ�¸�Ū�ʥ����ɤ˴ؤ��뤿������μ���������뤫��
- �Ȥ�����Ĥ����������줿�顢��ȯ�Ԥ����Ԥ����֤Ǥ��礦��</para>
+ <para><quote>�����Υ��ݡ���</quote> �Ϥ���ޤ���</para>
</listitem>
</orderedlist>
</sect3>
@@ -1383,28 +1332,21 @@ Fetching 133 new ports or files... done.</screen>
<listitem>
<para>&a.current.name; �� &a.svn-src-head.name; ���ꥹ��
�˲ä�äƤ���������
- �����ñ���ɤ��ͤ��Ǥ���Ȥ��������Ǥʤ���
- <emphasis>ɬ�ܤ�</emphasis>���ȤʤΤǤ���
- �⤷
- <emphasis>&a.current.name;</emphasis>
- ���ꥹ�Ȥ����äƤ��ʤ���С�
- ���ޤ��ޤʿͤ������ƥ�θ��ߤξ��֤ˤĤ���
- �Ҥ٤Ƥ��륳���Ȥ뤳�ȤϷ褷�Ƥ���ޤ���
- ���ä�¾�οͤ����˸��Ĥ��Ʋ�褷�Ƥ���
- ¿��������˸��ǤäƤ������Ƥ��ޤ��Ǥ��礦��
- ����˸����ȡ������ƥ��������ݤĤ����
- ���פʾ����ƨ���Ƥ��ޤ���ǽ���⤢��ޤ���</para>
+ ���ޤ��ޤʿͤ������ƥ�θ��ߤξ��֤ˤĤ��ƽҤ٤Ƥ��륳���Ȥ��ꡢ
+ �����ƥ��������ݤĤ���ν��פʾ����ƨ���ʤ�����ˡ�
+ <emphasis>ɬ�ܤ�</emphasis> ���ȤǤ���</para>
<para>&a.svn-src-head.name; ���ꥹ�ȤǤϡ�
���줾����ѹ��ˤĤ��Ƥ�
- commit �����뤳�Ȥ��Ǥ��ޤ���
+ commit ��������Ͽ����Ƥ��ޤ���
�ޤ�������˴ؤ��Ƶ��������������Ѥξ�������뤳�Ȥ��Ǥ��ޤ��Τǡ�
���ä�����ͤΤ�����ꥹ�ȤǤ���</para>
- <para>�����Ρ��⤷����¾�Υ��ꥹ�Ȥ�����ˤϡ�
- &a.mailman.lists.link; �ɤäƻ��ä���������
- ���Ȥ�å����Ƥ����������Ĥ�μ��������Ϥ����ˤ���ޤ���
- �⤷���������ĥ���Τ��ѹ������ɤ������뤳�Ȥ˶�̣������С�
+ <para>�����Υ��ꥹ�Ȥ�����ˤϡ�
+ &a.mailman.lists.link;
+ �ɤäƻ��ä��������ꥹ�Ȥ�å�����
+ ���������ˤ������äƤ���������
+ �������ĥ���Τ��ѹ������ɤ�������ΤǤ���С�
&a.svn-src-all.name; ���ꥹ�Ȥ���ɤ��Ƥ���������</para>
</listitem>
@@ -1429,7 +1371,7 @@ Fetching 133 new ports or files... done.</screen>
</indexterm>
<listitem>
- <para><link linkend="svn">svn</link> �ץ�������Ȥäơ�
+ <para><link linkend="svn">svn</link> ��Ȥäơ�
��˾���볫ȯ�֥�����
�⤷���ϥ����֥���������å������Ȥ��Ƥ���������
������ˡ�ϡ���ȯ��� &os; ��ݥ��ȥ�ؤΥ������������Ƥ��ꡢ
@@ -1448,53 +1390,47 @@ Fetching 133 new ports or files... done.</screen>
</indexterm>
<para><application><link linkend="ctm">CTM</link></application>���Ѥ��롣
- (��³������ۤ��ä��ꡢemail �ǤΥ������������Ǥ��ʤ��褦��)
+ ��³������ۤ��ä��ꡢemail �ǤΥ������������Ǥ��ʤ��褦�ʡ�
���ޤ��ɼ��Ǥʤ� TCP/IP ��³�ξ��ˤϡ�<application>CTM</application>
- �����Ѥ�����ɤ��Ǥ��礦����������
- ����ˤ�¿���μ�֤�������ޤ�����
- ���줿�ե����������ȤäƤ��ޤ���ǽ���⤢��ޤ���
- ���Τ��ᡢ�Ƕ�ǤϤ��ޤ�Ȥ��ʤ��ʤäƤ��ꡢ
- Ĺ���ֻ��ѤǤ��ʤ��ʤäƤ��ޤ����֤�ȯ�������ǽ��������ޤ�
- (����: �ݼ餹��ͤ����ʤ�����Ǥ�)��
- �����ͥåȤ���³���Ƥ��륷���ƥ�Ǥ���С�
- <application><link linkend="svn">Subversion</link></application>
- �����Ѥ���뤳�Ȥ�侩���ޤ���
- </para>
+ �����Ѥ�����ɤ��Ǥ��礦����������<application><link
+ linkend="svn">Subversion</link></application>
+ �ۤɤˤϿ���ϤǤ��ޤ���
+ ���Τ��ᡢ�����ͥåȤ���³���Ƥ��륷���ƥ�Ǥ���С�
+ <application><link
+ linkend="svn">Subversion</link></application>
+ �����Ѥ���뤳�Ȥ�侩���ޤ���</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>�⤷����������į�������Ǥʤ���
- ���餻�뤿������ꤷ�Ƥ���ΤǤ���С�
+ ���餻�뤿������ꤹ��ΤǤ���С�
�����������֤ΤǤϤʤ���&os.current;
��<emphasis>����</emphasis>��������Ƥ���������
- �ʤ��ʤ顢�������Τ��ޤ��ޤ���ʬ��¾����ʬ�ι����˰�¸���Ƥ��ꡢ
+ �������Τ��ޤ��ޤ���ʬ��¾����ʬ�ι����˰�¸���Ƥ��ꡢ
�����Τߤ�ѥ��뤷�褦�Ȥ���ȡ�
- �ְܴۤ㤤�ʤ��ȥ�֥��������Ǥ���</para>
+ �ְܴۤ㤤�ʤ����꤬�����ޤ���</para>
<indexterm>
<primary>-CURRENT</primary>
<secondary>����ѥ���</secondary>
</indexterm>
<para>&os.current; ��ѥ��뤹������
- <filename>/usr/src</filename> �ˤ��� Makefile
- ���ɤ��ɤ�Ǥ���������
- ���åץ��졼�ɤν����ΰ����Ȥ��ơ�
- ���ʤ��Ȥ���Ϻǽ��
+ <filename>/usr/src/Makefile</filename>
+ �����տ����ɤ�Ǥ���������
+ ���åץ��졼�ɤν����ΰ����Ȥ��ơ��ǽ��
<link linkend="makeworld">�����������ͥ�ȡ��뤷
- �ơ�world ��ƹ���</link> ���٤��Ǥ��礦��&a.current; ��
- <filename>/usr/src/UPDATING</filename> ���ɤ�С����Υ�
- ����ظ����ưܤäƤ椯�������äƻ���ɬ�פȤʤ��¸����
- �ƥफ��ο������ƥ�ι��ۼ��ˤĤ��Ƥκǿ����������
- ��Ǥ��礦��</para>
+ �ơ�world ��ƹ���</link> ���Ƥ���������&a.current; ��
+ <filename>/usr/src/UPDATING</filename> ���ɤ�С�
+ ���Υ����ظ����ưܤäƤ椯�������äơ�
+ �Ȥ��ɤ�ɬ�פȤʤ��¸�����ƥफ��ο������ƥ�ι��ۼ��ˤĤ��Ƥκǿ�����������Ǥ��礦��</para>
</listitem>
<listitem>
<para>�����ƥ��֤ˤʤäƤ�������!
- �⤷ &os.current;
- �����餻�Ƥ���ʤ顢�錄�������Ϥ���˴ؤ��륳���ȡ�
- �ä˳�ĥ��Х��٤��˴ؤ�����Ƥ��ߤ��Ƥ��ޤ���
+ &os.current; �Υ桼���ˤϡ�
+ ��ĥ��Х��٤��˴ؤ�����Ƥ��뤳�Ȥ�������Ƥ��ޤ���
�����ɤ�ȼ����ƤϤ�äȤⴿ�ޤ�����ΤǤ�!</para>
</listitem>
</orderedlist>
@@ -1524,43 +1460,39 @@ Fetching 133 new ports or files... done.</screen>
<sect3>
<title>ï�� &os.stable; ��ɬ�פȤ��Ƥ����?</title>
- <para>�⤷���ʤ��� FreeBSD �γ�ȯ�����˶�̣������Ȥ���
- ������Ф������ͤ��Ƥ��ơ��äˤ��줬
- ����� <quote>�ݥ����</quote> �����˴ط�������
- �Ǥ���ʤ� &os.stable; ���ɤ����Ȥ�ͤ�����ɤ��Ǥ��礦��</para>
+ <para>FreeBSD �γ�ȯ�ץ������˶�̣�����ä��ꡢ
+ ������Ф������ͤ��Ƥ��ơ��äˤ��줬�����
+ <quote>�ݥ����</quote> �����˴ط������ΤǤ���ʤ�
+ &os.stable; ���ɤ����Ȥ�ͤ�����ɤ��Ǥ��礦��</para>
<para>�������ƥ���ν����� &os.stable; �֥������Ф��ƹԤʤ��ޤ�����
���Τ���� &os.stable; ���ɤ�<emphasis>ɬ��</emphasis>�Ϥ���ޤ���
- ���٤Ƥ� FreeBSD �������ƥ�����ˤ�
- �ƶ��Τ������������������������ˡ����������Ƥ���
- <footnote><para>��������ΤǤϤ���ޤ���
- �ºݤ錄�������ϲ�ǯ��δָŤ������� FreeBSD
- �ݡ��Ȥ��ƤϤ���ΤǤ�����
- �ʱ�˥��ݡ��Ȥ�³���뤳�ȤϤǤ��ޤ���
- �������ǤθŤ������� FreeBSD �Υ������ƥ��ݥꥷ�������������Τ�ˤϡ�
- <ulink
- url="&url.base;/security/">http://www.FreeBSD.org/security/</ulink>
- �Ȥ��Ƥ���������</para>
- </footnote>
- ��
- �������ƥ������ͳ�Τߤ��鳫ȯ�ѥ֥������Τ��ɤ������뤳�Ȥϡ�
- Ʊ����˾�ޤ����ʤ��ѹ����ޤǼ�����Ǥ��ޤ���ǽ�������뤫��Ǥ���</para>
+ ���٤Ƥ� &os; �������ƥ�����ˤ�
+ EOL ��ã���Ƥ��ʤ����٤ƤΥ������Ф����������ν�����ˡ����������Ƥ��ޤ���
- <para>�錄�������� &os.stable; �֥��������Ĥ�����ư���褦��
- �ؤ�Ƥ��ޤ��������줬�ݾڤ���Ƥ���Ȥ����櫓�ǤϤ���ޤ���
+ <footnote>
+ <para>�������ǤθŤ������� FreeBSD
+ �Υ������ƥ��ݥꥷ�������������Τ�ˤϡ�<ulink
+ url="&url.base;/security/">http://www.FreeBSD.org/ja/security/</ulink>
+ �Ȥ��Ƥ���������</para>
+ </footnote>��</para>
+
+ <para>&os.stable; �֥����Ϥ��Ĥ⥳��ѥ��뤬�Ǥ���
+ �����ư��٤��Ǥ�����
+ ���줬�ݾڤ���Ƥ���Ȥ����櫓�ǤϤ���ޤ���
�ޤ��������ɤ� &os.stable; �˲ä���������
&os.current; �dz�ȯ�����ΤǤ�����&os.stable; �Υ桼����
- &os.current; ����¿�����ᡢ&os.current; ��ȯ������ʤ��ä�
- �Х��� &os.stable; ��ȯ�����졢�������줬����Ȥʤ뤳�Ȥ�����Τ�
- �뤳�Ȥ��Ǥ��ޤ���</para>
+ &os.current; ����¿�����ᡢ&os.current;
+ ��ȯ������ʤ��ä��Х��� &os.stable; ��ȯ�����졢
+ �Ȥ��ɤ����줬����Ȥʤ뤳�Ȥ�����Τ��뤳�Ȥ��Ǥ��ޤ���</para>
- <para>���Τ褦����ͳ���顢�錄������������Ū�� &os.stable;
- ���ɤ������뤳�Ȥ�侩<emphasis>���ޤ���</emphasis>��
- �äˡ��ǽ�˳�ȯ�Ķ��ǥ����ɤ�ʬ�˻������
+ <para>���Τ褦����ͳ���顢����Ū�� &os.stable;
+ ���ɤ�������٤��Ǥ�<emphasis>����ޤ���</emphasis>��
+ �äˡ��ǽ�˳�ȯ�Ķ��ǥ����ɤ�ʬ�˻�����ˡ�
�ץ�����������ʼ����ᤵ��륵���Ф� &os.stable;
�˥��åץ��졼�ɤ��ƤϤ����ޤ���</para>
- <para>�⤷�������뤿��λ�Ū��;͵���ʤ����ϡ�
+ <para>�⤷����Ū��;͵���ʤ����ϡ�
�����֤ΥХ��ʥꥢ�åץǡ��ȵ�ǽ�����Ѥ��ơ�
�ǿ��� FreeBSD ������Ȥ����Ȥ�侩���ޤ���</para>
</sect3>
@@ -1575,43 +1507,44 @@ Fetching 133 new ports or files... done.</screen>
<orderedlist>
<listitem>
- <para>&a.stable.name; ���ꥹ�Ȥ˲ä�äƤ���������
- ���Υ��ꥹ�ȤǤϡ�
- &os.stable; �ι��ۤ˴�Ϣ��������䡢
- ����¾�����դ��٤��� �˴ؤ������ή��Ƥ��ޤ���
+ <para>&os.stable; �ι��ۤ˴�Ϣ��������䡢
+ ����¾�����դ��٤��� �˴ؤ����������뤿��ˡ�
+ &a.stable.name; ���ꥹ�Ȥ˲ä�äƤ���������
�ޤ���ȯ�Ԥϵ�����;�Ϥ����뽤�����ѹ���ͤ��Ƥ�����ˡ�
���Υ��ꥹ�ȤǸ�ɽ����
��Ƥ��줿�ѹ��˴ؤ������꤬�����뤫�ɤ������������뵡���桼����Ϳ���ޤ���</para>
- <para>�ɤ������Ƥ���֥����˴�Ϣ���� <application>SVN</application>
- ���ꥹ�Ȥ˻��ä��Ƥ���������
- ���Ȥ��С�9-STABLE �֥������ɤ������Ƥ���ΤǤ���С�
+ <para>�ɤ������Ƥ���֥����˴�Ϣ����
+ <application>SVN</application> ���ꥹ�Ȥ˻��ä��Ƥ���������
+ ���Ȥ��С�9-STABLE �֥������ɤ������Ƥ���桼����
&a.svn-src-stable-9.name; ���ꥹ�Ȥ˻��ä��Ƥ���������
+ ���Υꥹ�ȤǤϡ�
�ѹ����ʤ���뤴�Ȥ˺�������� commit log �䤽���ȼ��
- �����ꤦ�������ѤˤĤ��Ƥξ�����ɤळ�Ȥ��Ǥ��ޤ���</para>
+ �����ꤦ�������ѤˤĤ��Ƥξ���Ͽ����Ƥ��ޤ���</para>
- <para>�����Ρ��⤷����¾�Υ��ꥹ�Ȥ�����ˤϡ�
- &a.mailman.lists.link; �ɤäƻ��ä���������
- ���Ȥ�å����Ƥ����������Ĥ�μ��������Ϥ����ˤ���ޤ���
- �⤷���������ĥ���Τ��ѹ������ɤ������뤳�Ȥ˶�̣������С�
+ <para>�����Υ��ꥹ�Ȥ�����ˤϡ�
+ &a.mailman.lists.link;
+ �ɤäƻ��ä��������ꥹ�Ȥ�å�����
+ ���������ˤ������äƤ���������
+ �������ĥ���Τ��ѹ������ɤ�������ˤϡ�
&a.svn-src-all.name; ���ꥹ�Ȥ���ɤ��Ƥ���������</para>
</listitem>
<listitem>
- <para>�⤷�����ʤ��������������ƥ�ȡ��뤷�褦�Ȥ��Ƥ��ơ�
- ����������Ƥ��� &os.stable;
- ����ӥ�ɤ��줿���ʥåץ���åȤȡ��뤷�����ʤ顢
+ <para>����������Ƥ��� &os.stable;
+ ����ӥ�ɤ��줿���ʥåץ���åȤ����餻�뤿��ˡ�
+ �����������ƥ�ȡ��뤹��ˤϡ�
+ �ܺ٤ˤĤ��ơ�
<ulink url="&url.base;/snapshots/">���ʥåץ���å�</ulink>
- web �ڡ�����������������
+ ��������������
�⤷���ϡ�<link linkend="mirrors">�ߥ顼������</link>����Ƕ��
&os.stable; �����ȡ��뤷�������������˽��äƺǿ���
&os.stable; �Υ����������ɤ˹������뤳�Ȥ�Ǥ��ޤ���</para>
- <para>�⤷������ &os; �ΰ����Υ�����ư���Ƥ�����ǡ�
- ����������饢�åץ��졼�ɤ��褦�Ȥ���ʤ�С�
+ <para>���� &os; �ΰ����Υ�����ư���Ƥ��륷���ƥ��
&os; <link linkend="mirrors">�ߥ顼������</link>
- �����ñ�˹Ԥ��ޤ����ʲ��Τ褦�ʤ����Ĥ�����ˡ������ޤ���
- </para>
+ ���饢�åץ��졼�ɤ���ˤϡ�
+ �ʲ��Τ褦�ʤ����Ĥ�����ˡ������ޤ���</para>
<orderedlist>
<indexterm>
@@ -1627,7 +1560,7 @@ Fetching 133 new ports or files... done.</screen>
</indexterm>
<listitem>
- <para><link linkend="svn">svn</link> �ץ�������Ȥäơ�
+ <para><link linkend="svn">svn</link> ��Ȥäơ�
��˾���볫ȯ�֥�����
�⤷���ϥ����֥���������å��������Ƥ���������
������ˡ�ϡ���ȯ��� &os; ��ݥ��ȥ�ؤΥ������������Ƥ��ꡢ
@@ -1653,20 +1586,18 @@ Fetching 133 new ports or files... done.</screen>
<secondary>CTM ��Ȥä�Ʊ������</secondary>
</indexterm>
- <para><application><link
- linkend="ctm">CTM</link></application> ��ǽ��Ȥ��ޤ���
- �����ͥåȤؤ���³�˹�®�ǰ²��ʲ��������ѤǤ��ʤ��ΤǤ���С�
- ������ˡ��Ƥ���Ƥߤޤ��礦��</para>
+ <para>�����ͥåȤؤ���³�˹�®�ʲ��������ѤǤ��ʤ��ΤǤ���С�
+ <application><link linkend="ctm">CTM</link></application>
+ ��Ƥ���Ƥߤޤ��礦��</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
- <para>����Ū�ˤϡ�
- �������˿�®�ǥ���ǥޥ�ɤʥ���������ɬ�פǡ�
+ <para>�������˿�®�ǥ���ǥޥ�ɤʥ���������ɬ�פǡ�
��³�ΥХ����������Ǥʤ���С�
- <command>Subversion</command> ��Ȥ��ޤ��礦��������
- �ʤ����� <application>CTM</application>
+ <command>Subversion</command> ��Ȥ��ޤ��礦��
+ �����Ǥʤ����� <application>CTM</application>
��Ȥ��ޤ��礦��</para>
</listitem>
@@ -1676,16 +1607,14 @@ Fetching 133 new ports or files... done.</screen>
<secondary>���ۡ�����ѥ���</secondary>
</indexterm>
- <para>&os.stable; ��ѥ��뤹�����ˡ�
- <filename>/usr/src</filename> �ˤ��� Makefile ���
- ���ɤ�Ǥ���������
- ���ʤ��Ȥ���ϥ��åץ��졼�ɤν����ΰ����Ȥ��ƺǽ��
- <link linkend="makeworld">�����������ͥ�ȡ��뤷
- �ơ�world ��ƹ���</link> ���٤��Ǥ��礦��&a.stable; ��
- <filename>/usr/src/UPDATING</filename> ���ɤ�С����Υ�
- ����ظ����ưܤäƤ椯�������äƻ���ɬ�פȤʤ��¸����
- �ƥफ��ο������ƥ�ι��ۼ��ˤĤ��Ƥκǿ����������
- ��Ǥ��礦��</para>
+ <para>&os.stable; ��ѥ��뤹�����ˡ�
+ <filename>/usr/src/Makefile</filename> ��褯�ɤ�Ǥ���������
+ ���åץ��졼�ɤν����ΰ����Ȥ��ƺǽ��
+ <link linkend="makeworld">�����������ͥ�ȡ��뤷�ơ�
+ world ��ƹ���</link> ���Ƥ���������&a.stable; ��
+ <filename>/usr/src/UPDATING</filename> ���ɤ�ǡ�
+ ���Υ����ظ����ưܤäƤ椯�������äơ�
+ �Ȥ��ɤ�ɬ�פȤʤ��¸�����ƥफ��ο������ƥ�ι��ۼ��ˤĤ��Ƥκǿ���������Ƥ���������</para>
</listitem>
</orderedlist>
</sect3>
@@ -1697,23 +1626,22 @@ Fetching 133 new ports or files... done.</screen>
<para><emphasis>��: &a.jp.iwasaki;��1997 ǯ 9 �� 13 ��</emphasis></para>
- <para>�����ͥå���³ (�ޤ����Żҥ��) ����Ѥ��ơ�
- ���ʤ��ζ�̣���оݤˤ�ä� &os;
- �ץ��������ȤΥ������Τ������ʬ�ޤ������Τκǿ���
- �ɤ���������ˡ�Ͽ�������ޤ���
- �䤿�������Ƥ������Ū�ʥ����ӥ��� <link
+ <para>�����ͥå���³�ޤ����Żҥ�����Ѥ��ơ�&os;
+ �ץ��������ȤΥ������Τ������ʬ�ޤ������Τκǿ����ɤ���������ˡ�Ͽ�������ޤ���
+ ����Ū�ʥ����ӥ��� <link
linkend="svn">Subversion</link>
�� <link linkend="ctm">CTM</link> �Ǥ���</para>
<warning>
<para>�������ĥ�ΰ�����ǿ��Τ�Τ˹������뤳�Ȥϲ�ǽ�Ǥ���
- �����������ݡ��Ȥ���Ƥ��륢�åץǡ��ȼ��ϡ�
- �������ĥ���Τ�ǿ��Τ�Τ˹������ơ�
- �桼������ (<filename>/bin</filename> �� <filename>/sbin</filename>
- �ˤ���褦�ʡ��桼�����¹Ԥ���ץ���������ΤΤ���)
- ����ӥ����ͥ�Υ���������ƹ��ۤ��뤳�ȤΤߤǤ��뤳�Ȥ����դ��Ƥ���������
- �����ͥ���������뤤�ϥ桼�����ɤ����Ȥ����褦�ˡ�
- �������ĥ�ΰ������������ϡ����꤬�����뤳�Ȥ��褯����ޤ���
+ �����������ݡ��Ȥ���Ƥ��륢�åץǡ��ȼ��ϡ�
+ �������ĥ���Τ�ǿ��Τ�Τ˹�������
+ <filename>/bin</filename>, <filename>/sbin</filename>
+ �Ȥ��ä��桼�����֤�ư����Ρ�
+ ����ӥ����ͥ륽������ƹ��ۤ��뤳�ȤΤߤǤ���
+ �������ĥ�ΰ��������Ǥ��ä��ꡢ�����ͥ������
+ �⤷���ϥ桼�����ɤΥץ������������������ϡ�
+ ���꤬�����뤳�Ȥ��褯����ޤ���
���λ���ȯ����������ϥ���ѥ�����Υ��顼���饫���ͥ�ѥ˥å���
�ǡ������˲��Ȥ��ޤ��ޤǤ���</para>
</warning>
@@ -1728,11 +1656,10 @@ Fetching 133 new ports or files... done.</screen>
��ư�����ե������ǿ����֤ˤ��ޤ���
<application>Subversion</application> �ϡ�
��������Υ������ĥ�åץǡ��Ȥ���Ǥ�ޤ�����ˡ�Ǥ���
- �Ϥ����빹������Ϥ��λ����κǿ��Τ�ΤǤ��ꡢ
- �ޤ�ɬ�פʻ��ˤ��������ޤ���
- ��̣�Τ�������Υե������ǥ��쥯�ȥ�˸��ꤷ�ƹ������뤳�Ȥ��ñ�ˤǤ��ޤ���
- ���饤�����¦�Υ������ĥ�ξ��֡�
- ����ե�����λ���˽����������Фˤ�äƹ������������������ޤ���</para>
+ ��������Ϥ��λ����κǿ��Τ�ΤǤ��ꡢ
+ �桼���Ϥ��ĥ���������ɤ��뤫��ȥ����뤷�ޤ���
+ ����Υե������ǥ��쥯�ȥ�˸��ꤷ�ƹ������뤳�Ȥ��ñ�ˤǤ��ޤ���
+ ��������ϥ����Фˤ�ä������������ޤ���</para>
<indexterm>
<primary><application>CTM</application></primary>
@@ -1744,24 +1671,25 @@ Fetching 133 new ports or files... done.</screen>
���Τ����ˡ�����μ¹Ի�������ѹ���ǧ�����륹����ץȤ�
�ޥ��� CTM �ޥ����ǰ����˿���¹Ԥ��졢
���٤Ƥ��ѹ��� compress �����̤��ֹ�ꡢ
- ������Żҥ���ž���Ǥ���褦�˥����ɤ��ޤ�
- (������ǽ�� ASCII
- ����饯���ΤߤǤ�)������������ϡ�
+ ������Żҥ��ǡ�������ǽ�� ASCII
+ ����饯���Τߤ�ž���Ǥ���褦�˥����ɤ��ޤ���
+ ����������ϡ�
������ <quote>CTM �Υǥ륿</quote> �ϼ�ư
Ū�˥ǥ����ɡ��������ƥ桼���Υ������Υ��ԡ����ѹ���Ŭ�Ѥ���
&man.ctm.rmail.1; �ˤ�äƽ�����ǽ�Ȥʤ�ޤ���
������� <application>Subversion</application>
��ꤺ�äȸ�ΨŪ�Ǥ��ꡢ<emphasis>pull</emphasis> ��ǥ�Ȥ������ष��
- <emphasis>push</emphasis> ��ǥ��
- ���뤿�ᡢ�䤿���Υ����л���٤Ϸڤ��ʤ�ޤ���</para>
+ <emphasis>push</emphasis> ��ǥ�Ǥ��뤿�ᡢ
+ �����л���٤Ϸڤ��ʤ�ޤ���</para>
- <para>�������¾�Υȥ졼�ɥ��դ⤢��ޤ������ä��ꥢ��������
- �ΰ�����ä��Ƥ��ޤäƤ⡢<application>Subversion</application>
- �ϲ��줿��ʬ�Ф��ƺƹ��ۤ��Ƥ���ޤ���
+ <para>¾�Υȥ졼�ɥ��դ⤢��ޤ���
+ <application>Subversion</application> �Ǥ���С�
+ ���ä����������Υ��������֤ΰ�����ä��Ƥ��ޤäƤ⡢
+ ���줿��ʬ�Ф��ƺƹ��ۤ��Ƥ���ޤ���
<application>CTM</application> �Ϥ�����äƤ���ޤ���
- �⤷�������ĥ�ΰ�����ä��Ƥ��ޤä���
- (�����ƥХå����åפ��äƤ��ʤ��ΤǤ����)��(�ǿ��� CTM
- <quote>�١����ǥ륿</quote> ����) �줫����ľ����
+ �⤷�������ĥ�ΰ�����ä��Ƥ��ޤ���
+ �����ƥХå����åפ��äƤ��ʤ��ΤǤ���С��ǿ��� CTM
+ <quote>�١����ǥ륿</quote> ���Ѥ��ơ��줫����ľ����
<application>CTM</application>
��ȤäƤ��٤Ƥ�ƹ��ۤ��ʤ���Фʤ�ޤ���</para>
</sect1>
@@ -1772,24 +1700,25 @@ Fetching 133 new ports or files... done.</screen>
<indexterm>
<primary><quote>world</quote> �κƹ���</primary>
</indexterm>
- <para>&os; �Τɤ줫����ΥС������ (&os.stable;��&os.current; �ʤ�)
- �ˤĤ��ơ���������Υ������ĥ��Ʊ���������顢
+ <para>&os.stable;��&os.current; �ʤɤ�
+ &os; �Τɤ줫����ΥС������ˤĤ��ơ�
+ ��������Υ������ĥ��Ʊ���������顢
���Υ������ĥ��Ȥäƥ����ƥ��ƹ��ۤǤ��ޤ���</para>
<warning>
<title>�Хå����åפκ���</title>
- <para>�����ƥ��ƹ��ۤ���<emphasis>����</emphasis>�Хå����åפ�
- �������뤳�Ȥν������ϡ������鶯Ĵ���Ƥ⤷���ȸ������ȤϤ���ޤ���
- �����ƥ����Τκƹ��ۤȤ�
- (�ʹߤ˽줿���˽��äƤ���¤�) ����ȤǤϤ���ޤ���
+ <para>�����ƥ��ƹ��ۤ���<emphasis>����</emphasis>��
+ �Хå����åפ�������뤳�Ȥν������ϡ�
+ �����鶯Ĵ���Ƥ⤷���ȸ������ȤϤ���ޤ���
+ �����ƥ����Τκƹ��ۤȤ�����ȤǤϤ���ޤ���
�ɤ�ʤ����դ��Ƥ����Ȥ��Ƥ⡢<!-- hrs:2000/01/12 inevitably -->
- ���ʤ����ȡ����뤤�ϥ������ĥ�Ǻ�Ȥ��Ƥ���¾�ο�ã�˼�㤤�����ä����ˤϡ�
+ �������ĥ���Τ�Τ˼�㤤�����ä����ˤϡ�
�����ƥब��ư���ʤ��ʤäƤ��ޤ����֤ˤʤ뤳�Ȥ�����ΤǤ���
</para>
<para>�ޤ����Хå����åפ�������Ⱥ�������Ƥ��뤳�Ȥ��ǧ���ơ�
- fixit �ե��åԡ�����ư��ǽ�� CD ���Ѱդ��Ƥ���������
+ ��ư��ǽ���ȡ����ǥ������Ѱդ��Ƥ���������
¿ʬ�������Ȥ����ȤϤʤ��Ȼפ��ޤ�����
���ȤǸ�����뤳�ȤΤʤ��褦��ǰ�Τ����Ѱդ��Ƥ����ޤ��礦��</para>
</warning>
@@ -1805,24 +1734,23 @@ Fetching 133 new ports or files... done.</screen>
���ˤϥߥ��뤳�Ȥ��äƤ���Ǥ��礦��
</para>
- <para>���Τ褦�ʴְ㤤�ϡ�ñ�˷ٹ��������ʤ�
- ���ǥ�å��������ƥब��ɽ������褦�ʡ�
- �������Τʤ���ΤǤ��뤳�Ȥ⤢��С������ƥ��ư�Ǥ��ʤ������ꡢ
+ <para>���Τ褦�ʴְ㤤�ϡ�
+ ñ�˷ٹ��������ʤ����ǥ�å��������ƥबɽ������褦�ʡ�
+ �ޤä������Τʤ���ΤǤ��뤳�Ȥ⤢��С������ƥ��ư�Ǥ��ʤ������ꡢ
�ե����륷���ƥ���˲����Ƥ��ޤ��褦�ʡ�
- ����������̤���Τ����Τ�ޤ���
- </para>
+ ����������̤���Τ����Τ�ޤ���</para>
- <para>�����졢���Τ褦�����꤬��������硢
+ <para>���꤬��������硢
����ξܺ٤ȡ��ɤΤ褦�ʥ����ƥब�ƶ�������뤫�ˤĤ��ƽ줿
- <quote>���� (heads up)</quote> �����
- Ŭ�ڤʥ��ꥹ�Ȥ���Ƥ��졢�����ơ��������꤬��褵���ȡ�
- <quote>������ (all clear)</quote> �Υ��ʥ�������Ʊ�ͤ�
- ��Ƥ���ޤ���
- </para>
+ <quote>���� (heads up)</quote>
+ �ε�����Ŭ�ڤʥ��ꥹ�Ȥ���Ƥ���ޤ���
+ �����ơ��������꤬��褵���ȡ�
+ <quote>������ (all clear)</quote>
+ �Υ��ʥ�������Ʊ�ͤ���Ƥ���ޤ���</para>
- <para>&os.stable; �� &os.current; �֥������ɿ魯�뤿��˻���Ȥ���Τˡ�
- &a.stable; �� &a.current; ����ˤ����Τܤä��ɤޤʤ��Ȥ����Τϡ�
- �����������Ȥˤʤ�Ǥ��礦��</para>
+ <para>&os.stable; �� &os.current; �֥������ɿ路�Ƥ���桼���ǡ�
+ &a.stable; �� &a.current; ���ɤޤʤ��Ȥ����Τϡ�
+ ���������褦�ʤ�ΤǤ���</para>
<para><emphasis>����:</emphasis>
�����Υ��ꥹ�ȤϱѸ�Ǥ��Ȥꤵ��Ƥ��뤿�ᡢ
@@ -1835,10 +1763,10 @@ Fetching 133 new ports or files... done.</screen>
<warning>
<title><command>make world</command> �ϻȤ�ʤ�����</title>
- <para>�Ť��ɥ�����Ȥ�¿������������Ū��
- <command>make world</command> ��Ȥ����Ȥ�����Ƥ��ޤ���
+ <para>�Ť��ɥ�����Ȥ���ˤϡ�
+ <command>make world</command> ��Ȥ����Ȥ�����Ƥ����Τ�����ޤ���
����ϡ����פʼ����Ĥ�ȴ�����Ƥ��ޤ��Τǡ�
- ���Ƥ��뤫�褯ʬ���äƤ��ʤ���лȤ��٤��ǤϤ���ޤ���
+ �������ѡ��ȤǤʤ���лȤ��٤��ǤϤ���ޤ���
�ۤܤ�������ˤ����ơ�<command>make world</command>
��¹Ԥ���Τϴְ�äƤ��ꡢ
��������������Ƥ�������Ѥ���٤��Ǥ���</para>
@@ -1861,7 +1789,8 @@ Fetching 133 new ports or files... done.</screen>
����ѥ���� <quote>world</quote> �ΰ����Ǥ�����
�����Ĥ����̤˵���Ĥ��ʤ���Фʤ�ʤ����Ȥ�����ޤ���</para>
- <para>�ޤ��������������ƥ�Υ������Ǥ����ꤷ�Ƥ��뤳�ȤⲾ�ꤷ�Ƥ��ޤ���
+ <para>�ޤ��������Υ��ƥåפǤϡ�
+ �������С������Υ������Ǥ����ꤷ�Ƥ��뤳�ȤⲾ�ꤷ�Ƥ��ޤ���
�⤷�����ƥ�Υ����������ɤ��Ť��褦�Ǥ����顢
<xref linkend="synching"/> ���ɤ�ǡ�
�����������ɤ����С�������Ʊ��������ˡ�ξܺ٤����Ƥ���������</para>
@@ -1878,12 +1807,11 @@ Fetching 133 new ports or files... done.</screen>
<itemizedlist>
<listitem>
<para>�Ť�����ѥ���ϡ�
- �����������ͥ��ѥ���Ǥ��ʤ���ǽ��������ޤ�
- (�Ť�����ѥ���ϤȤ��ɤ��Х���ޤ�Ǥ��ޤ�)��
+ �� �Х���ޤ߿����������ͥ��ѥ���Ǥ��ʤ���ǽ��������ޤ�
���Τ��ᡢ�����������ͥ�ι��ۤˤϡ�
����������ѥ����Ȥ�ɬ�פ�����ޤ���
- �äˡ������������ͥ���ۤ������ˡ�
- ����������ѥ��餬���ۤ���Ƥ��ʤ���Фʤ�ޤ���
+ ���ȤΤ��Ȥϡ������������ͥ���ۤ������ˡ�
+ ����������ѥ�����ۤ��Ƥ��ʤ���Фʤ�ʤ����Ȥ��̣���Ƥ��ޤ���
ɬ�����⡢�����������ͥ���ۤ������ˡ�����������ѥ��餬
<emphasis>���ȡ��뤵��Ƥ���</emphasis>
ɬ�פ����뤳�Ȥ��̣���Ƥ���櫓�ǤϤ���ޤ���</para>
@@ -1902,8 +1830,7 @@ Fetching 133 new ports or files... done.</screen>
<maketarget>buildkernel</maketarget>,
<maketarget>installkernel</maketarget>,
<maketarget>installworld</maketarget> �δ��ܤǤ���
- ���߿侩����Ƥ��륢�åץ��졼�ɥץ���������Ѥ����ۤ����ɤ��Ȥ�����ͳ�٤ƴޤ�Ǥ���櫓�ǤϤ���ޤ���
- �ʲ��Ǥϡ��⤦�������ΤǤϤʤ����ˤĤ��ƥꥹ�ȥ��åפ��ޤ���</para>
+ ¾����ͳ�ˤĤ��Ƥϰʲ��ǥꥹ�ȥ��åפ��ޤ���</para>
<itemizedlist>
<listitem>
@@ -1947,9 +1874,10 @@ Fetching 133 new ports or files... done.</screen>
</listitem>
<listitem>
- <para><command>make <maketarget>buildkernel</maketarget></command></para>
+ <para><command>make
+ <maketarget>buildkernel</maketarget></command></para>
- <para>&man.config.8; �� &man.make.1; ���Ѥ����Ť���ˡ�Ȥϰۤʤꡢ
+ <para>�����Ǥϡ�
<filename class="directory">/usr/obj</filename> �ˤ���
<emphasis>������</emphasis> ����ѥ��餬�Ѥ����ޤ���
����ˤ�ꡢ����ѥ���ȥ����ͥ�Υߥ��ޥå����ɤ����Ȥ��Ǥ��ޤ���</para>
@@ -2008,7 +1936,7 @@ Fetching 133 new ports or files... done.</screen>
<para>�⤷��&os; �Τ���֥����Τ���������顢
Ʊ���֥����κǿ������˥��åץǡ��Ȥ���ΤǤ����
- (���Ȥ��� 7.0 ���� 7.1)��
+ (���Ȥ��� 9.0 ���� 9.1)��
���μ��ˤ�������ʤ��Ƥ��ɤ��Ǥ��礦��
�ʤ��ʤ�С�����ѥ��顢�����ͥ롢�桼�����ɡ�����������ե�����δ֤ǡ�
���٤Υߥ��ޥå��������뤳�ȤϤ��ޤ�ͤ����ʤ�����Ǥ���
@@ -2017,14 +1945,13 @@ Fetching 133 new ports or files... done.</screen>
<command>make <maketarget>world</maketarget></command>
���Ѥ��Ƥ⤦�ޤ������Ǥ��礦��</para>
- <para>�������ʤ��顢��㡼������ޤ��������åץǡ��ȤǤϡ�
+ <para>��㡼������ޤ��������åץǡ��ȤǤϡ�
������ˡ���Ѥ��ʤ��ȡ����餫������ˤ֤Ĥ���Ǥ��礦��</para>
- <para>�礭�ʥ��åץ��졼��
- (���Ȥ��� 4.<replaceable>X</replaceable> ���� 5.0 �ؤΥ��åץǡ���)
- �ˤ����Ƥϡ�(���Ȥ��� installworld ����������Υե������̾�����ѹ������ʤɤ�)
- ���̤��ɲäΥ��ƥåפ�ɬ�פȤʤ�Ǥ��礦��
- <filename>/usr/src/UPDATING</filename> �ե���������տ����ɤ�Ǥ���������
+ <para>�礭�ʥ��åץ��졼�ɤˤ����Ƥϡ�
+ installworld ����������Υե������̾�����ѹ���������Ȥ��ä���
+ ���̤��ɲäΥ��ƥåפ�ɬ�פȤʤ뤳�Ȥ�����ޤ���
+ <filename>/usr/src/UPDATING</filename> �����տ����ɤ�Ǥ���������
�ä˥ե�����κǸ�ˤϡ�
���߿侩����Ƥ��륢�åץ��졼�ɤμ�礬�ܤ������Τ���������Ƥ��ޤ���</para>
@@ -2051,9 +1978,9 @@ Fetching 133 new ports or files... done.</screen>
</note>
<para><maketarget>installkernel</maketarget>
- ��̵���˽�λ�����顢(���Ȥ��С��������Υץ���ץȤ���
- <command>boot -s</command> ��Ȥä�)
- ����桼���⡼�ɤ�Ω���夲�ޤ��礦��
+ ��̵���˽�λ�����顢�������Υץ���ץȤ���
+ <command>boot -s</command>
+ ��Ȥäƥ���桼���⡼�ɤ�Ω���夲�Ƥ���������
���줫�顢�ʲ���¹Ԥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>mount -u /</userinput>
@@ -2068,30 +1995,25 @@ Fetching 133 new ports or files... done.</screen>
<warning>
<title>���θ���������ɤ�Ǥ�������</title>
- <para>��Ҥμ��ϡ�
- �Ȥꤢ������ꤹ�뤿��δ�ñ�ʤޤȤ�ˤ����ޤ���
- ���줾��μ���������뤿��ˡ�
- ���θ������ɤ�Ǥ���������
- �������५���ͥ�����Ѥ������ȹͤ��Ƥ���ʤ�ʤ�����Ǥ���</para>
+ <para>���θ����ǤϤ��줾��Υ��ƥåפˤĤ��ƾܤ����������Ƥ��ޤ���
+ �ä˥������५���ͥ�����Ѥ�����ˤĤ����������Ƥ��ޤ���</para>
</warning>
</sect2>
<sect2 id="src-updating">
<title><filename>/usr/src/UPDATING</filename> ���ɤ�</title>
- <para>����Ϥ��ˤ������ޤ��ǽ��
- <filename>/usr/src/UPDATING</filename> (�⤷���Ϥ��ʤ��������������ɤ�
- �ɤ��˥��ԡ������ˤ��褽�����������ե�����) ���ɤߤޤ��礦��
- ���Υե�����ˤϤ��ʤ����������뤫���Τ�ʤ�������Ф�����פʾ����
- �ޤ�Ǥ����ꡢ���ʤ�������Υ��ޥ�ɤ�¹Ԥ��ʤ���Фʤ�ʤ��ʤä���
- ���ν����ؼ������ꤹ��Ϥ��Ǥ���
- <filename>UPDATING</filename> �����ʤ����ɤ��������̷�⤷�Ƥ������
- <filename>UPDATING</filename> ��ͥ�褷�ޤ���</para>
+ <para>���åץǡ��Ȥ������ˡ�
+ <filename>/usr/src/UPDATING</filename> ���ɤ�Ǥ���������
+ ���Υե�����ˤ�����Ū�������
+ ����Υ��ޥ�ɤν�ʤɤν��פʾ��ޤޤ�Ƥ��ޤ���
+ <filename>UPDATING</filename> ��������˽�Ƥ����Τ�̷�⤷�Ƥ������
+ <filename>UPDATING</filename> ��ͥ�褷�Ƥ���������</para>
<important>
- <para><filename>UPDATING</filename> ���ɤ�Ȥ������Ȥϡ����Ҥ�
- Ŭ�ڤʥ��ꥹ�Ȥ���ɤ�������ˤϤʤ�ޤ���
- ��Ĥ��������Ū�ʤ�Τ���¾Ū�ʤ�ΤǤϤʤ��ΤǤ���</para>
+ <para><filename>UPDATING</filename> ���ɤ�Ȥ������Ȥϡ�
+ Ŭ�ڤʥ��ꥹ�Ȥ���ɤ�������ˤϤʤ�ޤ���
+ ��Ĥ��������Ū�ʤ�Τ���¾Ū�ʤ�ΤǤϤʤ��ΤǤ���</para>
</important>
</sect2>
@@ -2115,7 +2037,7 @@ Fetching 133 new ports or files... done.</screen>
&man.make.1; ���Ȥ���ݤˤϾ��ͭ���Ȥʤ�ޤ���
Ports Collection ���饢�ץꥱ��������ѥ��뤹�����
�桼������ C �ץ������� &os;
- ���ڥ졼�ƥ������ƥऽ�Τ�Τ��ۤ���ݤ˱ƶ���ڤܤ��ޤ���</para>
+ ���ڥ졼�ƥ������ƥ���ۤ���ݤ˱ƶ���ڤܤ��ޤ���</para>
</sect2>
<sect2 id="src-conf">
@@ -2140,56 +2062,41 @@ Fetching 133 new ports or files... done.</screen>
<sect2 id="updating-etc">
<title><filename>/etc</filename> �ˤ���ե�����ι���</title>
- <para>
- <filename>/etc</filename> �ǥ��쥯�ȥ�ˤϡ�
+ <para><filename class="directory">/etc</filename> �ˤϡ�
�����ƥ൯ư���˼¹Ԥ���륹����ץȤ����Ǥʤ���
- ���ʤ��Υ����ƥ������˴�Ϣ������������ʬ��
- �ޤޤ�Ƥ��ޤ������Υǥ��쥯�ȥ�˴ޤޤ��
- ������ץȤϡ�FreeBSD �ΥС������ˤ�ä�¿���ۤʤ�ޤ���
- </para>
+ �����ƥ������˴�Ϣ������������ʬ���ޤޤ�Ƥ��ޤ���
+ ���Υǥ��쥯�ȥ�˴ޤޤ�륹����ץȤϡ�
+ &os; �ΥС������ˤ�ä�¿���ۤʤ�ޤ���</para>
- <para>
- �ޤ�������ե�����Τʤ��ˤϡ���Ư��Υ����ƥब�������Ѥ��Ƥ���
- ��Τ⤢��ޤ����ºݤˤϡ�<filename>/etc/group</filename>
- �ʤɤ�����˳������ޤ���
- </para>
+ <para>����ե�����Τʤ��ˤϡ�<filename>/etc/group</filename>
+ �Τ褦�˲�Ư��Υ����ƥब�������Ѥ��Ƥ����Τ⤢��ޤ���</para>
<para>
<command>make installworld</command> �ˤ�륤�ȡ�����ʳ��Ǥϡ�
����Υ桼��̾�����뤤�ϥ��롼�פ�¸�ߤ��Ƥ��뤳�Ȥ�
�᤹����̤�����ޤ��������ƥ�Υ��åץ��졼�ɤ�Ԥʤ��ݤˤϡ�
- �����Υ桼��̾�䥰�롼�פ���������뤤���ѹ������¸�ߤ��Ƥ��ʤ���ǽ����
- �ͤ����ޤ������������ä���硢�����ƥ�Υ��åץ��졼�ɤ�
- �ԤʤäƤ���֤ˡ����꤬ȯ�����븶���ˤʤ�ޤ���
+ �����Υ桼��̾�䥰�롼�פ������
+ ���뤤���ѹ������¸�ߤ��Ƥ��ʤ���ǽ�����ͤ����ޤ���
<command>make buildworld</command> �ˤ����ơ�
�����Υ桼��̾�䥰�롼�פ�¸�ߤ��뤫��ǧ���Ԥ�����⤢��ޤ���
</para>
- <para>������ΰ�Ĥϡ�
- <username>smmsp</username> �桼�����ɲä��줿���Ǥ���
- &man.mtree.8; ��
- <filename>/var/spool/clientmqueue</filename>
- ��������褦�Ȥ������
- ���Υ桼��̾ (����ӥ��롼��)
- ��¸�ߤ��ʤ�����˥��ȡ���˼��Ԥ��Ƥ��ޤä��ΤǤ���</para>
-
<para>�����ˡ�ϡ�buildworld ������ <option>-p</option>
- ���ץ�����Ĥ��� &man.mergemaster.8; ��¹Ԥ��뤳�ȤǤ���
+ ��Ĥ��� &man.mergemaster.8; ��¹Ԥ��뤳�ȤǤ���
�����¹Ԥ���ȡ�<maketarget>buildworld</maketarget> ��
<maketarget>installworld</maketarget>
���������뤿���ɬ�פʥե������������Ӥ��ޤ���</para>
<tip>
- <para>�⤷�����ʤ�����äȿ��м��ʿͤʤ顢���ʤ���̾�����ѹ������ꡢ
- ������Ƥ��ޤä����롼�פ���ͭ���Ƥ���ե������
+ <para>̾�����ѹ������ꡢ������Ƥ��ޤä����롼�פ���ͭ���Ƥ���ե������
���Τ褦�ˤ���Ĵ�٤뤳�Ȥ�Ǥ��ޤ���
</para>
<screen>&prompt.root; <userinput>find / -group <replaceable>GID</replaceable> -print</userinput></screen>
- <para>����� <replaceable>GID</replaceable> (���롼��̾�⤷���Ͽ����Ǽ����줿���롼�� ID) ��
- ���ꤵ�줿���롼�פ���ͭ���뤹�٤ƤΥե������ɽ�����ޤ���
- </para>
+ <para>���Υ��ޥ�ɤϥ��롼��̾�⤷���Ͽ����Ǽ�����륰�롼�� ID
+ �ǻ��ꤵ�줿���롼�� <replaceable>GID</replaceable>
+ ����ͭ���뤹�٤ƤΥե������ɽ�����ޤ���</para>
</tip>
</sect2>
@@ -2197,33 +2104,27 @@ Fetching 133 new ports or files... done.</screen>
<title>����桼���⡼�ɤؤΰܹ�</title>
<indexterm><primary>����桼���⡼��</primary></indexterm>
- <para>����ѥ���ϡ�����桼���⡼�ɤǹԤʤä������ɤ��Ǥ��礦��
- �������뤳�Ȥ�¿��®�٤����夹�롢�Ȥ�������äȤ���������
- ��������Ǥʤ��������ƥ�κƥ��ȡ���Ͻ��פʥ����ƥ�ե����롢
- ɸ�ॳ�ޥ�ɡ��饤�֥�ꡢ���롼�ɥե�����ʤɤ����ޤ���
- ��Ư��Υ����ƥ�� (�ä�¾�Υ桼�������Υ����ƥ�˥������Ƥ������)
- ���Τ褦���ѹ���ä��뤳�Ȥϡ��ȥ�֥����������������Ȥʤ�ޤ���
- </para>
+ <para>����ѥ���ϡ�����桼���⡼�ɤǹԤʤ����Ȥ�ͤ��Ƥ���������
+ �����ƥ�κƥ��ȡ���Ͻ��פʥ����ƥ�ե����롢
+ ���٤Ƥ�ɸ�ॷ���ƥ�ΥХ��ʥꡢ�饤�֥�ꡢ���롼�ɥե���������ޤ���
+ ��Ư��Υ����ƥ�� (�ä�¾�Υ桼�������Υ����ƥ�˥������Ƥ������)
+ ���Τ褦���ѹ���ä��뤳�Ȥϡ��ȥ�֥����������������Ȥʤ�ޤ���</para>
<indexterm><primary>�ޥ���桼���⡼��</primary></indexterm>
<para>�⤦��Ĥ���ˡ�Ȥ��ơ��ޥ���桼���⡼�ɤǥ����ƥ��ƹ��ۤ��ơ�
����桼���⡼�ɤ˰ܹԤ��Ƥ��餽��ȡ��뤹�롢
�Ȥ����Τ�����ޤ����⤷���Τ褦����ˡ�ǹԤʤ��������ϡ�
�ʲ��μ����ۤ���λ����Ȥ����ޤ����Ф��Ƥ���������
- ����桼���⡼�ɤ˰ܹԤ���Τ�
<maketarget>installkernel</maketarget> �⤷����
- <maketarget>installworld</maketarget> ���ʤ���Фʤ�ʤ��ʤ��
- �Ǹ�ˤǤ��ޤ���</para>
-
- <para>��Ư��Υ����ƥ�ǥ���桼���⡼�ɤ˰ܹԤ���ˤϡ�
- �����ѥ桼�� (root) ���¤Ǽ��Υ��ޥ�ɤ�¹Ԥ��ޤ���</para>
+ <maketarget>installworld</maketarget> ��¹Ԥ���ݤˡ�
+ ����桼���⡼�ɤ˰ܹԤ��Ƥ���������</para>
<screen>&prompt.root; <userinput>shutdown now</userinput></screen>
<para>���뤤�ϥ����ƥ��Ƶ�ư�����֡��ȥץ���ץȤ���
- <quote>single user</quote> ������ȡ�
- ����桼���⡼�ɤǥ����ƥ��ư�Ǥ��ޤ���
- ��ư�塢������ץ���ץȤ��鼡�Τ褦�˼¹Ԥ��Ƥ���������</para>
+ <quote>single user</quote> ���ץ��������Ƥ���������
+ ����桼���⡼�ɤǵ�ư������ϡ�
+ ������ץ���ץȤ��鼡�Τ褦�˼¹Ԥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>fsck -p</userinput>
&prompt.root; <userinput>mount -u /</userinput>
@@ -2237,17 +2138,16 @@ Fetching 133 new ports or files... done.</screen>
����åפ�ͭ���ˤ��ޤ���
</para>
-
<note>
<para>CMOS �����å����ϰ���֤����ꤵ��Ƥ���
- GMT �ǤϤʤ���� (&man.date.1; ���ޥ�ɤ����������֤��ϰ�
- ��ɽ�����ʤ��ʤ����ƤϤޤ�ޤ�)��
- ���Υ��ޥ�ɤ�¹Ԥ���ɬ�פ����뤫�⤷��ޤ���</para>
+ GMT �ǤϤʤ����
+ (&man.date.1; �����������֤��ϰ��ɽ�����ʤ��ʤ����ƤϤޤ�ޤ�)��
+ ���Υ��ޥ�ɤ�¹Ԥ����Ƥ���������</para>
+
<screen>&prompt.root; <userinput>adjkerntz -i</userinput></screen>
<para>���������
- �μ¤��ϰ���郎���������ꤵ��ޤ� — ������դ�ȡ�
- ���Ȥ�������ˤʤ뤫�⤷��ޤ���</para>
+ �μ¤��ϰ���郎���������ꤵ��ޤ���</para>
</note>
</sect2>
@@ -2255,21 +2155,20 @@ Fetching 133 new ports or files... done.</screen>
<sect2 id="cleaning-usr-obj">
<title><filename>/usr/obj</filename> ��</title>
- <para>�����ƥब�ƹ��ۤ����������ۤ��줿��Τ� (�ǥե���Ȥ�)
- <filename>/usr/obj</filename> �ʲ��Υǥ��쥯�ȥ�˳�Ǽ���졢
- ���Υǥ��쥯�ȥ�β��� <filename>/usr/src</filename> ��Ʊ����¤�Ȥʤ�ޤ���
- </para>
+ <para>�����ƥब�ƹ��ۤ����������ۤ��줿��Τϥǥե���Ȥ�
+ <filename>/usr/obj</filename> �ʲ��Υ��֥ǥ��쥯�ȥ�˳�Ǽ����ޤ���
+ ���Υǥ��쥯�ȥ�β��� <filename>/usr/src</filename>
+ ��Ʊ����¤�Ȥʤ�ޤ���</para>
- <para>���Υǥ��쥯�ȥ�餫���������Ƥ������Ȥˤ�ꡢ
- <command>make buildworld</command> �ι����ˤ�������֤�û�̤�����
- ��¸�����Ǻ�ޤ����褦�ʥȥ�֥����뤳�Ȥ��Ǥ��ޤ���
- </para>
+ <para>�⤷���Υǥ��쥯�ȥ꤬¸�ߤ��Ƥ���ΤǤ���С�
+ ���Υǥ��쥯�ȥ�������ơ�
+ <command>make buildworld</command> �ι����ˤ�������֤�û�̤���
+ ��¸�����Ǻ�ޤ����褦�ʥȥ�֥����뤳�Ȥ��Ǥ��ޤ���</para>
- <para><filename>/usr/obj</filename> �ʲ��Υե�����ˤϡ�
- �ѹ��Բ� (immutable) �ե饰 (�ܺ٤�
- &man.chflags.1; ����) �����åȤ���Ƥ����Τ������ǽ��������ޤ���
- ���Τ��ᡢ�ޤ��ǽ�ˤ��Υե饰���ѹ����ʤ���Фʤ�ޤ���
- </para>
+ <para><filename>/usr/obj</filename> �ʲ��Υե�����ˤϡ��ѹ��Բ�
+ (immutable) �ե饰�����åȤ���Ƥ����Τ������ǽ��������ޤ���
+ ���Τ褦�ʥե�����Ϻǽ�� &man.chflags.1;
+ ���Ѥ��Ƥ���������ɬ�פ�����ޤ���</para>
<screen>&prompt.root; <userinput>cd /usr/obj</userinput>
&prompt.root; <userinput>chflags -R noschg *</userinput>
@@ -2283,15 +2182,13 @@ Fetching 133 new ports or files... done.</screen>
<title>���ϥ�å���������¸</title>
<para>�¹Ԥ���� &man.make.1; ����ν��Ϥϡ��ե��������¸������ɤ��Ǥ��礦��
- �⤷�������㳲��ȯ��������硢���顼��å������Υ��ԡ���긵�˻Ĥ����Ȥ��Ǥ��ޤ���
- ���������ä��Τ������ʤ����Ȥ����줫�����뤳�ȤϤǤ��ʤ�����
- �Τ�ޤ���&os; ���ꥹ�Ȥ���Ƥ��ơ�
- ï��¾�οͤ���ν��������뤿������Ѥ��뤳�Ȥ��Ǥ��ޤ���</para>
+ �⤷�������㳲��ȯ��������硢���顼��å������Υ��ԡ���
+ &os; ���ꥹ�Ȥ���Ƥ��Ƥ���������</para>
- <para>�ե��������¸����Ǥ��ñ����ˡ�ϡ�&man.script.1; ���ޥ�ɤ�
- �Ȥ��������˽��Ϥ���¸�������ե�����̾����ꤹ�뤳�ȤǤ���
- ����� make world ��ľ���˹Ԥʤ����ƹ��ۤ���λ���Ƥ���
- <userinput>exit</userinput> �����Ϥ���ȡ����Ϥ���¸���뤳�Ȥ��Ǥ��ޤ���</para>
+ <para>�ե��������¸����Ǥ��ñ����ˡ�ϡ�&man.script.1;
+ ���ޥ�ɤ�Ȥ��������˽��Ϥ���¸�������ե�����̾����ꤹ�뤳�ȤǤ���
+ ����� make world ��ľ���˹Ԥʤ����ƹ��ۤ���λ������
+ �ʲ��Τ褦�� <userinput>exit</userinput> �����Ϥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>script /var/tmp/mw.out</userinput>
Script started, output file is /var/tmp/mw.out
@@ -2300,47 +2197,36 @@ Script started, output file is /var/tmp/mw.out
&prompt.root; <userinput>exit</userinput>
Script done, …</screen>
- <para>���Ϥ���¸�����硢<filename>/tmp</filename> �ǥ��쥯�ȥ�����
- ��¸���Ƥ�<emphasis>�����ޤ���</emphasis>��
- ���Υǥ��쥯�ȥ�ϡ����κƵ�ư�Ǻ������Ƥ��ޤ���ǽ��������ޤ���
- ���Ϥ���¸�ˤϡ�(�����Τ褦��) <filename>/var/tmp</filename>��
+ <para><filename class="directory">/tmp</filename>
+ �˽��Ϥ���¸���Ƥ�<emphasis>�����ޤ���</emphasis>��
+ ���Υǥ��쥯�ȥ�ϡ����κƵ�ư�Ǻ������Ƥ��ޤ���ǽ��������ޤ���
+ ���Ϥ���¸�ˤϡ�<filename class="directory">/var/tmp</filename> ��
<username>root</username> �Υۡ���ǥ��쥯�ȥ꤬Ŭ���Ƥ��ޤ���</para>
</sect3>
<sect3 id="make-buildworld">
<title>�١��������ƥ�ι���</title>
- <para>�ޤ��������ȥǥ��쥯�ȥ�� <filename>/usr/src</filename> ��
- �ѹ����ʤ���Фʤ�ޤ����Τ褦�˼¹Ԥ��Ƥ���������</para>
+ <para><filename>/usr/src</filename> �ˤơ�
+ ���Τ褦�˼¹Ԥ��Ƥ���������</para>
- <screen>&prompt.root; <userinput>cd /usr/src</userinput></screen>
-
- <para>(����������������ɤ�¾�Υǥ��쥯�ȥ�ˤ�����ˤϡ�
- <filename>/usr/src</filename> �ǤϤʤ���
- �����������ɤΤ���ǥ��쥯�ȥ�˰�ư���Ƥ�������)��
- </para>
+ <screen>&prompt.root; <userinput>cd /usr/src</userinput></screen>
<indexterm><primary><command>make</command></primary></indexterm>
- <para>
- make world ��Ԥʤ��ˤϡ�&man.make.1; ���ޥ�ɤ���Ѥ��ޤ���
- ���Υ��ޥ�ɤϡ�<filename>Makefile</filename> �Ȥ����ե����뤫�顢
- FreeBSD ��������ץ������κƹ�����ˡ�䡢
- �ɤ��������֤Ǥ������ۤ��٤����Ȥ��ä��褦��
- �ؼ����ɤ߹��ߤޤ���
- </para>
- <para>
- ���ޥ�ɥ饤��ΰ���Ū�ʽϡ����ΤȤ���Ǥ���
- </para>
+ <para>world ��ƹ��ۤ���ˤϡ�&man.make.1; ����Ѥ��Ƥ���������
+ ���Υ��ޥ�ɤϡ�<filename>Makefile</filename> ���顢
+ &os; ��������ץ������κƹ�����ˡ�䡢
+ �ɤ��������֤Ǥ������ۤ��٤����Ȥ��ä��褦�ʻؼ����ɤ߹��ߤޤ���</para>
+
+ <para>���ޥ�ɥ饤��ΰ���Ū�ʽϡ����ΤȤ���Ǥ���</para>
<screen>&prompt.root; <userinput>make -<replaceable>x</replaceable> -D<replaceable>VARIABLE</replaceable> <replaceable>target</replaceable></userinput></screen>
- <para>
- ������Ǥϡ�<option>-<replaceable>x</replaceable></option> ��
- &man.make.1; ���Ϥ���륪�ץ����ˤʤ�ޤ���
- �ɤΤ褦�ʥ��ץ�������ѤǤ��뤫�ˤĤ��Ƥϡ��ޥ˥奢��ڡ�����
- ���Ȥ��Ƥ���������
- </para>
+ <para>������Ǥϡ�<option>-<replaceable>x</replaceable></option> ��
+ &man.make.1; ���Ϥ���륪�ץ����ˤʤ�ޤ���
+ �ɤΤ褦�ʥ��ץ�������ѤǤ��뤫�ˤĤ��Ƥϡ�&man.make.1;
+ �Ȥ��Ƥ���������</para>
<para>
<option>-D<replaceable>VARIABLE</replaceable></option> �ϡ�
@@ -2348,7 +2234,7 @@ Script done, …</screen>
�����ѿ��� <filename>Makefile</filename> ��ư���ȥ����뤷�ޤ���
�ޤ���<filename>/etc/make.conf</filename> �����ꤵ����ѿ���
Ʊ�ͤǤ���������ѿ������ꤹ��⤦��Ĥ���ˡ�Ȥ����Ѱդ���Ƥ��ޤ���
- </para>
+ ���Ȥ��аʲ����̤�Ǥ���</para>
<screen>&prompt.root; <userinput>make -DNO_PROFILE <replaceable>target</replaceable></userinput></screen>
@@ -2360,25 +2246,20 @@ Script done, …</screen>
<para>�ιԤ��б����ޤ���</para>
- <para>
- <replaceable>target</replaceable> �ϡ�&man.make.1; ��
- �ɤΤ褦��ư���Τ���ؼ����뤿��Τ�ΤǤ���
- �ơ��� <filename>Makefile</filename> �ˤϡ���¿���ΰۤʤ�
+ <para><replaceable>target</replaceable> �ϡ�&man.make.1; ��
+ �ɤΤ褦��ư���Τ���ؼ����뤿��Τ�ΤǤ���
+ �� <filename>Makefile</filename> �ˤϡ���¿���ΰۤʤ�
<quote>�������å� (target)</quote> ���������Ƥ��ơ�
���ꤵ�줿�������åȤˤ�ä�ư���ޤ�ޤ���
</para>
- <para>
- <filename>Makefile</filename> �˽�Ƥ��륿�����åȤˤϡ�
- ���ʤ������ꤷ�Ƥ��̣������ʤ���Τ�ޤޤ�ޤ���
- �����ϡ������ƥ�κƹ��ۤ�ɬ�פ��ʳ���¿����
- ����˺٤����ʳ���ʬ�䤹�뤿�ᡢ���ۤβ��������Ѥ�����ΤǤ���
- </para>
+ <para><filename>Makefile</filename> �˽�Ƥ��륿�����åȤˤϡ�
+ �����ƥ�κƹ��ۤ�ɬ�פ��ʳ���
+ ¿���Τ���˺٤����ʳ���ʬ�䤹�뤿�ᡢ
+ ���ۤβ��������Ѥ�����Τ�����ޤ���</para>
- <para>
- ����ξ�硢&man.make.1; �˥ѥ�������ꤹ��ɬ�פϤʤ��Ǥ��礦���顢
- ���ޥ�ɥ饤��ϼ��Τ褦�ʤ�Τˤʤ�Ǥ��礦��
- </para>
+ <para>����ξ�硢&man.make.1; �˥ѥ�������ꤹ��ɬ�פϤʤ��Ǥ��礦���顢
+ ���ޥ�ɥ饤��ϼ��Τ褦�ʤ�Τˤʤ�ޤ���</para>
<screen>&prompt.root; <userinput>make <replaceable>target</replaceable></userinput></screen>
@@ -2387,30 +2268,26 @@ Script done, …</screen>
�ǽ�Υ������åȤϤ��Ĥ� <maketarget>buildworld</maketarget>
�ˤʤ�Ǥ��礦��</para>
- <para>
- ����̾���������褦�ˡ�<maketarget>buildworld</maketarget> ��
- <filename>/usr/obj</filename> �ʲ��˿�����������
- �ǥ��쥯�ȥ�ĥ���ۤ����⤦��ĤΥ������å�
+ <para>����̾���������褦�ˡ�<maketarget>buildworld</maketarget> ��
+ <filename>/usr/obj</filename>
+ �ʲ��˿����������ʥǥ��쥯�ȥ�ĥ���ۤ���
<maketarget>installworld</maketarget> �ϡ����Υĥ��
- ���ߤΥޥ���˥��ȡ��뤷�ޤ���
- </para>
+ ���ߤΥޥ���˥��ȡ��뤷�ޤ���</para>
- <para>����褬ʬ�����Ƥ��뤳�Ȥϡ���Ĥ���ͳ��������ͭ�ѤǤ���
- �ޤ����ˡ���Ư��Υ����ƥ�������ƶ���Ϳ���뤳�Ȥʤ���
- �����˥����ƥ�ι��ۺ�Ȥ�Ԥ��뤳�ȤǤ���
- ���ۺ�Ȥ� <quote>���ˤ��¸������Ω���ƹԤʤ���</quote> ���ᡢ
+ <para>����褬ʬ�����Ƥ��뤳�Ȥϡ���Ĥ���ͳ����ͭ�ѤǤ���
+ �ޤ����ˡ����ۺ�Ȥ�
+ <quote>���ˤ��¸������Ω���ƹԤʤ��</quote>��
+ ��Ư��Υ����ƥ�ˤޤä����ƶ���Ϳ���ޤ���
<!-- hrs:2000/02/14: needs good phrase that means "self hosted" -->
- �ޥ���桼���⡼�ɤDz�Ư��Υ����ƥ�Ǥ⡢�����
+ ���Τ��ᡢ�ޥ���桼���⡼�ɤDz�Ư��Υ����ƥ�Ǥ⡢�����
���ƶ���Ϳ������ <maketarget>buildworld</maketarget> ��
�¹Ԥ��뤳�Ȥ��Ǥ��ޤ���
��������<maketarget>installworld</maketarget> ��
- ����桼���⡼�ɤǹԤʤ����Ȥ����ᤷ�ޤ���
- </para>
+ ����桼���⡼�ɤǹԤʤ����Ȥ����ᤷ�ޤ���</para>
- <para>
- ����ˡ�NFS �ޥ���Ȥ����Ѥ��뤳�Ȥǡ�
- �ͥåȥ�����ʣ���Υޥ���åץ��졼�ɤ��뤳�Ȥ�
- ��ǽ�������������ޤ������Ȥ��л���Υޥ���
+ <para>����ˡ�NFS �ޥ���Ȥ����Ѥ��뤳�Ȥǡ�
+ �ͥåȥ�����ʣ���Υޥ���åץ��졼�ɤ��뤳�Ȥ���ǽ�������������ޤ���
+ ���Ȥ��л���Υޥ���
<hostid>A</hostid>, <hostid>B</hostid>, <hostid>C</hostid>
�åץ��졼�ɤ��������ˤϡ��ޤ��ޥ��� <hostid>A</hostid>
�� <command>make buildworld</command> ��
@@ -2418,20 +2295,19 @@ Script done, …</screen>
���줫�顢�ޥ��� <hostid>B</hostid> �ȥޥ��� <hostid>C</hostid>
�ǥޥ��� <hostid>A</hostid> ��
<filename>/usr/src</filename> �� <filename>/usr/obj</filename> ��
- NFS �ޥ���Ȥ���<command>make installworld</command> �Ȥ��뤳�Ȥ�
- ���ۺѤߤΥ����ƥ��ƥޥ���˥��ȡ��뤹�뤳�Ȥ��Ǥ���ΤǤ���
- </para>
+ NFS �ޥ���Ȥ���<command>make installworld</command>
+ �Ȥ��뤳�Ȥǹ��ۺѤߤΥ����ƥ��ƥޥ���˥��ȡ���Ǥ��ޤ���</para>
<para><maketarget>world</maketarget> �������åȤ����Ѳ�ǽ�Ǥ�����
���Υ������åȤ����ѤϿ侩����Ƥ��ޤ���</para>
- <para>���Υ��ޥ��</para>
+ <para>���Τ���ꡢ���Υ��ޥ��</para>
<screen>&prompt.root; <userinput>make buildworld</userinput></screen>
<para>��¹Ԥ��Ƥ��������������� <command>make</command> ��
- <option>-j</option> ���ץ�����Ĥ���ȡ�
- Ʊ���ˤ����Ĥ��Υץ����������������뤳�Ȥ��Ǥ��ޤ���
+ <option>-j</option> ��Ĥ���ȡ�
+ Ʊ����ʣ���Υץ������������Ǥ��ޤ���
���ε�ǽ�ϥޥ�� CPU �ޥ�����ä˸��̤�ȯ�����ޤ���
���۲���������ʬ�Ǥ� CPU ��ǽ�θ³����
I/O ��ǽ�θ³�����������Ȥʤ뤿�ᡢ���� CPU
@@ -2473,10 +2349,9 @@ Script done, …</screen>
<secondary>���ۡ�����ѥ���</secondary>
</indexterm>
- <para>
- �����������ƥ������ǽ���������ѤǤ���褦�ˤ���ˤϡ�
- �����ͥ�κƹ��ۤ�ɬ�פ�����ޤ���
- �ƹ��ۤϡ������Υ��깽¤�Τ��ѹ����줿���ˤ��ä�ɬ�ܤǤ��ꡢ
+ <para>�����������ƥ������ǽ���������ѤǤ���褦�ˤ���ˤϡ�
+ �����ͥ��ƹ��ۤ��Ƥ���������
+ �ƹ��ۤϡ������Υ��깽¤�Τ��ѹ����줿���ˤ��ä�ɬ�ܤǤ��ꡢ
&man.ps.1; �� &man.top.1; �Τ褦�ʥץ������ϡ�
�����ͥ�ȥ����������ɤΥС�������פ��ʤ��������ư��ʤ��Ǥ��礦��</para>
@@ -2487,31 +2362,32 @@ Script done, …</screen>
��ư������Τ�ɬ�פʤ�ΤϤ��٤����äƤ��ޤ���
����Ͽ������С������Υ����ƥब�������ư��뤫�ɤ���
Ĵ�٤��ɤ���ˡ�ΰ�ĤǤ���
- <filename>GENERIC</filename> �ǵ�ư���Ƥ��顢
- ���ʤ������Ĥ�ȤäƤ��륫���ͥ륳��ե����졼�����ե������
- �Ȥäƿ����������ͥ���ۤ��뤳�Ȥǡ�
- �����ƥब�����ư��Ƥ��뤫�ɤ����Τ���뤳�Ȥ��Ǥ��ޤ���</para>
+ <filename>GENERIC</filename> �ǵ�ư���ơ�
+ �����ƥब�����ư��Ƥ��뤫�ɤ�����Τ���顢
+ �������५���ͥ륳��ե����졼�����ե������Ȥäƿ����������ͥ���ۤ��Ƥ���������</para>
<para>&os; �Ǥϡ������������ͥ���ۤ������� <link
linkend="make-buildworld">build world</link> ��Ԥ����Ȥ����פǤ���
</para>
- <note><para>�������५���ͥ���ۤ�������硢���˥���ե����졼
- �����ե����뤬����ʤ�С�ñ��
- <literal>KERNCONF=<replaceable>MYKERNEL</replaceable></literal>
- ��ȤäƤ���������</para>
+ <note>
+ <para>���ˤ��륳��ե����졼�����ե������Ȥäƥ������५���ͥ���ۤ���ˤϡ�
+ <literal>KERNCONF=<replaceable>MYKERNEL</replaceable></literal>
+ ��ȤäƤ���������</para>
<screen>&prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make buildkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput>
&prompt.root; <userinput>make installkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput></screen>
+
</note>
- <para>�ʤ���<literal>kern.securelevel</literal> �� 1 ����礭��
- ���Ƥ��ơ�<emphasis>����</emphasis>�����ͥ�ΥХ��ʥ�ե�����
- �� <literal>noschg</literal> �Τ褦�ʥե饰�����ꤷ�Ƥ�����
- �ϡ�<maketarget>installkernel</maketarget> ��Ԥ��Τ˥���
- �桼���⡼�ɤ˰ܹԤ��ʤ���Фʤ�ޤ�����ʳ��ξ��ϡ��ޥ�
- ���桼���⡼�ɤǤ����Υ��ޥ�ɤ�����ʤ�ư������Ϥ��Ǥ���
+ <para><literal>kern.securelevel</literal> �� 1 ����礭�����Ƥ��ơ�
+ <emphasis>����</emphasis> �����ͥ�ΥХ��ʥ�ե������
+ <literal>noschg</literal> �Τ褦�ʥե饰�����ꤷ�Ƥ�����ϡ�
+ <maketarget>installkernel</maketarget>
+ ��Ԥ��Τ˥���桼���⡼�ɤ˰ܹԤ��Ƥ���������
+ ����ʳ��ξ��ϡ�
+ �ޥ���桼���⡼�ɤǤ����Υ��ޥ�ɤ�����ʤ�ư������Ϥ��Ǥ���
<literal>kern.securelevel</literal> �ˤĤ��ƾܤ�����
&man.init.8; �ե�������͡��ʥե饰�ˤĤ��ƾܤ�����
&man.chflags.1; ��������������</para>
@@ -2521,9 +2397,8 @@ Script done, …</screen>
<title>����桼���⡼�ɤǺƵ�ư����</title>
<indexterm><primary>single-user mode</primary></indexterm>
- <para>
- �����������ͥ뤬ư��뤫�ɤ����ƥ��Ȥ��뤿��ˡ�
- ����桼���⡼�ɤǺƵ�ư����٤��Ǥ���
+ <para>�����������ͥ뤬ư��뤫�ɤ����ƥ��Ȥ��뤿��ˡ�
+ ����桼���⡼�ɤǺƵ�ư���Ƥ���������
����桼���⡼�ɤǤε�ư�ϡ�
<xref linkend="makeworld-singleuser"/>
�˽�Ƥ�����˽��äƤ���������</para>
@@ -2532,21 +2407,17 @@ Script done, …</screen>
<sect2 id="make-installworld">
<title>�����������ƥ�Х��ʥ�Υ��ȡ���</title>
- <para>���ˡ������� <maketarget>installworld</maketarget>
- ��Ȥ����Ȥǿ����������ƥ�Х��ʥ�Υ��ȡ����Ԥʤ��ޤ���</para>
-
- <para>����ˤϡ��ʲ��Υ��ޥ�ɤ�¹Ԥ��Ƥ���������</para>
+ <para>���ˡ�<maketarget>installworld</maketarget>
+ ��Ȥäƿ����������ƥ�Х��ʥ�Υ��ȡ����Ԥʤ��ޤ���</para>
<screen>&prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make installworld</userinput></screen>
<note>
- <para><command>make buildworld</command> �ǥ��ޥ�ɥ饤��
- �ѿ�����ꤷ�����ϡ�Ʊ�������
- <command>make installworld</command> �Υ��ޥ�ɥ饤��ˤ�
- ���ꤷ�ʤ���Фʤ�ޤ���
- �����������ץ����ˤĤ��ƤϤ��θ¤�ǤϤ���ޤ���
- ���Ȥ��� <option>-j</option> ��
+ <para><command>make buildworld</command>
+ ���ѿ�����ꤷ�����ϡ�Ʊ�������
+ <command>make installworld</command> �ˤ���ꤷ�ʤ���Фʤ�ޤ���
+ ������ <option>-j</option> ��
<maketarget>installworld</maketarget> �����Ф˻ȤäƤϤ����ޤ���</para>
<para>���Ȥ��аʲ��Τ褦�˼¹Ԥ����ʤ顢</para>
@@ -2566,21 +2437,17 @@ Script done, …</screen>
<sect2 id="post-installworld-updates">
<title><command>make installworld</command> �ǹ�������ʤ��ե�����ι���</title>
- <para>
- �����ƥ�κƹ��ۤϡ������Ĥ��Υǥ��쥯�ȥ� (
- �äˡ�<filename>/etc</filename> �� <filename>/var</filename> ��
- <filename>/usr</filename>) �ˤ����ơ�
+ <para>�����ƥ�κƹ��ۤϡ������Ĥ��Υǥ��쥯�ȥꡢ
+ �äˡ�<filename class="directory">/etc</filename> ��
+ <filename class="directory">/var</filename> ��
+ <filename class="directory">/usr</filename> �ˤ����ơ�
������Ƴ�����줿�ꡢ�ѹ����줿����ե�����ˤ��
�ե�����ι����ϹԤʤ��ޤ���</para>
- <para>
- �����Υե�����������äȤ��ñ����ˡ�ϡ�&man.mergemaster.8;
- ��Ȥ����ȤǤ�������ϼ�ʬ�Ǥ�뤳�Ȥ��ǽ�ʤΤǡ��������Ƥ�
- ���ޤ��ޤ���
- ���������ˡ�˽����ˤ��衢
+ <para>�����Υǥ��쥯�ȥ�Υե�����������äȤ��ñ����ˡ�ϡ�
+ &man.mergemaster.8; ��Ȥ����ȤǤ���
ɬ�� <filename>/etc</filename>
- �ΥХå����åפ��ä���¬�λ��֤������Ƥ���������
- </para>
+ �ΥХå����åפ��ä���¬�λ��֤������Ƥ���������</para>
<sect3 id="mergemaster">
<sect3info>
@@ -2595,29 +2462,30 @@ Script done, …</screen>
<title><command>mergemaster</command></title>
<indexterm><primary><command>mergemaster</command></primary></indexterm>
- <para>&man.mergemaster.8; �桼�ƥ���ƥ��� Bourne �����륹����ץȤǡ�
- <filename>/etc</filename> �ˤ�������ե�����ȥ������ĥ��
- <filename>/usr/src/etc</filename> �ˤ�������ե�����ΰ㤤���ǧ����Τ�����äƤ���ޤ���
+ <para>&man.mergemaster.8; �� Bourne �����륹����ץȤǡ�
+ <filename class="directory">/etc</filename>
+ �ˤ�������ե�����ȥ������ĥ��
+ <filename class="directory">/usr/src/etc</filename>
+ �ˤ�������ե�����ΰ㤤���ǧ����Τ�����äƤ���ޤ���
�����Ȥ��Τ����������ĥ�ˤ�������ե�����˥����ƥ������ե������
�������뤿��˿侩�������ˡ�Ǥ���</para>
- <para>�Ϥ��ˤϡ��ץ���ץȤ���ñ��
- <command>mergemaster</command> �����Ϥ��ơ�
- �ե��������ӤϤ���ΤƤ���������
+ <para>�Ϥ��ˤϡ��ץ���ץȤ���
+ <command>mergemaster</command> �����Ϥ��Ƥ�������
<command>mergemaster</command> ��
<filename>/</filename> �����Ȥ������Ū�ʥ롼�ȴĶ����ۤ���
���ޤ��ޤʥ����ƥ�����ե������
(����: �ǥե���ȤǤ� <filename>/var/tmp/temproot</filename> ��)
�֤��Ƥ����ޤ���
- ���ˤ����Υե�����ϸ��ߥ����ƥ�˥��ȡ��뤵��Ƥ���ե��������Ӥ���ޤ���
- ���λ����ǡ��ۤʤ�ե������ &man.diff.1; �����Ǽ����졢
+ �����Υե�����ϸ��ߥ����ƥ�˥��ȡ��뤵��Ƥ���ե��������Ӥ���ޤ���
+ �ۤʤ�ե������ &man.diff.1; �����Ǽ����졢
<option>+</option> �ε�����ɲäޤ����ѹ����줿�Ԥ�ɽ����
<option>-</option> �ϴ����˺�����줿���������֤�������줿�Ԥ�ɽ���ޤ���
&man.diff.1; �νȥե�����ΰ㤤��ɽ����ˡ�ˤĤ��ƤΤ��ܤ�������ϡ�
&man.diff.1; �Ȥ��Ƥ���������</para>
- <para>&man.mergemaster.8; �Ͽ����㤤�������Ƥ���ե�����줾�켨���ޤ���
- �����ǤϿ������ե����� (����ե�����Ȥ��ƻ��Ȥ���Ƥ��ޤ�) �������뤫��
+ <para>&man.mergemaster.8; �ϰ㤤�Τ���ե�����줾�켨���ޤ���
+ �������ե�����������뤫��
����ե�����Τޤޥ��ȡ��뤹�뤫��
����ե�����ȸ��ߥ��ȡ��뤵��Ƥ���ե���������礹�뤫��
�⤷���� &man.diff.1; �η�̤�⤦���ٸ��뤫����Ǥ��ޤ���</para>
@@ -2641,11 +2509,11 @@ Script done, …</screen>
���̾���¤�ξ���Υե�����ƿ������ե������������뤿���ξ������ɬ�פ���ʬ������
2 �ĤΥե���������礹�뤳�Ȥ��Ǥ��ޤ���
�¤�Ǥ���ե��������Ӥ���Ȥ���
- <keycap>l</keycap> �����Ǻ�¦����Ȥ�����
- <keycap>r</keycap> �����DZ�¦����Ȥ����ޤ���
+ <keycap>l</keycap> �Ǻ�¦����Ȥ�����
+ <keycap>r</keycap> �DZ�¦����Ȥ����ޤ���
�ǽ����ϤϺ���ξ������ʬ�ǤǤ����ե�����ˤʤ�Ǥ��礦��
���Υե�����ȡ��뤹�뤳�Ȥ��Ǥ��ޤ���
- �����Ƥ������Υ��ץ����ϥ桼����������ѹ������ե�����˻Ȥ��ޤ���</para>
+ �����Ƥ������Υ��ץ����ϥ桼����������ѹ������ե�����˻Ȥ��ޤ���</para>
<para>&man.diff.1; �η�̤�⤦���ٸ��롢������ȡ�
���礦����ۤ� &man.mergemaster.8; ��������ɽ����������Ʊ���褦�ˡ�
@@ -2654,63 +2522,52 @@ Script done, …</screen>
<para>&man.mergemaster.8; �������ƥ�ե��������Ӥ������ȡ�
¾�Υ��ץ����ˤĤ��Ƥ�ץ���ץȤ�ɽ������ޤ���
&man.mergemaster.8;
- �����ѥ���ɥե������ƹ��ۤ��������ɤ����Ҥͤ뤳�Ȥ�����ޤ���
+ �����ѥ���ɥե������ƹ��ۤ��뤫�ɤ�����Ҥͤ뤳�Ȥ�����ޤ���
�Ǹ�˻Ĥä�����ե�����������뤫�ɤ�����Ҥͤƽ�λ���ޤ���</para>
</sect3>
<sect3>
<title>��ư�Ǥι���</title>
- <para>
- ��ư�ǹ������뤳�Ȥ��������硢
- ñ�˥ե������
- <filename>/usr/src/etc</filename> ���� <filename>/etc</filename> ��
- ���ԡ����������Ǥ������ư����뤳�ȤϤǤ��ޤ���
- �����Υե�����ˤϡ�<quote>���ȡ���Ȥ���
- ����Ƨ�ޤʤ���Фʤ�ʤ����</quote> ���ޤޤ�Ƥ��ޤ���
- <filename>/usr/src/etc</filename> �ǥ��쥯�ȥ��
- <filename>/etc</filename>
- �ǥ��쥯�ȥ�ˤ��Τޤ��֤���������褦��
- ���ԡ��Ǥ�<emphasis>�ʤ�</emphasis>����Ǥ���
+ <para>��ư�ǹ���������ˤϡ�ñ�˥ե������
+ <filename class="directory">/usr/src/etc</filename>
+ ���� <filename class="directory">/etc</filename> ��
+ ���ԡ����ʤ��Ǥ��������������ư��ʤ��Ǥ��礦��
+ �ե��������ˤϡ�
+ <quote>���ȡ���Ȥ�������Ƨ�ޤʤ���Фʤ�ʤ����</quote>
+ ���ޤޤ�Ƥ��ޤ���
+ <filename class="directory">/usr/src/etc</filename> ��
+ <filename class="directory">/etc</filename>
+ �ˤ��Τޤ��֤���������褦�ʥ��ԡ��Ǥ�
+ <emphasis>�ʤ�</emphasis>����Ǥ���
�ޤ���<filename>/etc</filename> �ˤ���٤��ե�����Τ�����
- <filename>/usr/src/etc</filename> �ˤʤ���Τ⤢��ޤ���
- </para>
+ <filename>/usr/src/etc</filename> �ˤʤ���Τ⤢��ޤ���</para>
<para>&man.mergemaster.8; �� (�����줿�̤�)
�ȤäƤ���ΤǤ���С�<link
linkend="updating-upgrading-rebooting">������</link>
�ޤ����Ф��Ƥ⤫�ޤ��ޤ���</para>
- <para>
- ��ư�ǹԤ��ݤ�
- ���ִ�ñ����ˡ�ϡ��ե���������ǥ��쥯�ȥ�˥��ȡ��뤷�Ƥ��顢
- �����Τ�ΤȰۤʤäƤ�����ʬ��Ĵ�٤ƹ�����Ȥ�Ԥʤ����ȤǤ���
- </para>
+ <para>��ư�ǹԤ��ݤΰ��ִ�ñ����ˡ�ϡ�
+ �ե���������ǥ��쥯�ȥ�˥��ȡ��뤷�Ƥ��顢
+ �����Τ�ΤȰۤʤäƤ�����ʬ��Ĵ�٤ƹ�����Ȥ�Ԥʤ����ȤǤ���</para>
<warning>
<title>��¸�� <filename>/etc</filename> ��Хå����åפ���</title>
- <para>
- ����Ū�˹ͤ��ơ����Υǥ��쥯�ȥ꤬��ưŪ��
- ��������뤳�ȤϤ���ޤ���ǰ�ˤ�ǰ������Ƥ�����
- »�Ϥ���ޤ����Ȥ��аʲ��Τ褦�ˤ��ơ�
- ��¸�� <filename>/etc</filename> �ǥ��쥯�ȥ��
- �ɤ��������ʾ��˥��ԡ����Ƥ����ޤ��礦��
- </para>
+ <para>���Ȥ��аʲ��Τ褦�ˤ��ơ�
+ ��¸�� <filename class="directory">/etc</filename>
+ ��ɤ��������ʾ��˥��ԡ����Ƥ����ޤ��礦��</para>
<screen>&prompt.root; <userinput>cp -Rp /etc /etc.old</userinput></screen>
- <para>
- <option>-R</option> �ϺƵ�Ū�ʥ��ԡ���Ԥʤ���
- <option>-p</option> �ϥե�����ι������֤��ͭ�Ԥʤɤ���¸���ޤ���
- </para>
+ <para>�����ǡ�<option>-R</option> �ϺƵ�Ū�ʥ��ԡ���Ԥʤ���
+ <option>-p</option> �ϥե�����ι������֤��ͭ�Ԥʤɤ���¸���ޤ���</para>
</warning>
- <para>
- �ޤ��������� <filename>/etc</filename> �䤽��¾�Υե������
- ���ȡ��뤹�뤿��Ρ����Υǥ��쥯�ȥ���äƤ���ɬ�פ�����ޤ���
- ���ǥ��쥯�ȥ�� <filename>/var/tmp/root</filename> ���֤��Τ��ɤ��Ǥ��礦��
- Ʊ�ͤˡ�ɬ�פʥ��֥ǥ��쥯�ȥ�⤳�β����֤��ޤ���</para>
+ <para>������ <filename class="directory">/etc</filename>
+ �䤽��¾�Υե�����ȡ��뤹�뤿��Ρ�
+ ���Υǥ��쥯�ȥ���äƤ���������</para>
<screen>&prompt.root; <userinput>mkdir /var/tmp/root</userinput>
&prompt.root; <userinput>cd /usr/src/etc</userinput>
@@ -2718,153 +2575,121 @@ Script done, …</screen>
<para>
�����ϡ�ɬ�פʥǥ��쥯�ȥ깽¤��Ĥ��ꡢ�ե�����ȡ��뤷�ޤ���
- <filename>/var/tmp/root</filename> �ʲ��˺���롢
- ��������ζ��Υǥ��쥯�ȥ�Ϻ������ɬ�פ�����ޤ���
+ <filename class="directory">/var/tmp/root</filename> �ʲ��˺���롢
+ ��������ζ��Υ��֥ǥ��쥯�ȥ�Ϻ������ɬ�פ�����ޤ���
���ִ�ñ�ʤ�����ϡ����ΤȤ���Ǥ���</para>
<screen>&prompt.root; <userinput>cd /var/tmp/root</userinput>
&prompt.root; <userinput>find -d . -type d | xargs rmdir 2>/dev/null</userinput></screen>
- <para>
- ����϶��ǥ��쥯�ȥ�٤ƺ�����ޤ���
- (���Ǥʤ��ǥ��쥯�ȥ�˴ؤ���ٹ���뤿��ˡ�
+ <para>����϶��ǥ��쥯�ȥ�٤ƺ�����ޤ���
+ ���Ǥʤ��ǥ��쥯�ȥ�˴ؤ���ٹ���뤿��ˡ�
ɸ�२�顼���Ϥ� <filename>/dev/null</filename> ��
- ������쥯�Ȥ���ޤ�)
- </para>
+ ������쥯�Ȥ���ޤ���</para>
- <para>
- �����ʳ��� <filename>/var/tmp/root</filename> �ˤϡ�
- ���� <filename>/</filename> �ʲ��ˤ���٤��ե����뤬
- ���٤ƴޤޤ�Ƥ��ޤ���
- �ƥե�������˸��ơ���¸�Υե�����Ȱۤʤ���ʬ��
- Ĵ�٤Ƥ���������
- </para>
+ <para>�����ʳ��� <filename class="directory">/var/tmp/root</filename> �ˤϡ�
+ ���� <filename class="directory">/</filename>
+ �ʲ��ˤ���٤��ե����뤬���٤ƴޤޤ�Ƥ��ޤ����ƥե�������˸��ơ�
+ ��¸�Υ����ƥ�ˤ���ե�����Ȱۤʤ���ʬ��Ĵ�٤Ƥ���������</para>
- <para>
- <filename>/var/tmp/root</filename> �ʲ���
- ���ȡ��뤵��Ƥ���ե��������ˤϡ�
- <quote>.</quote> ����ϤޤäƤ����Τ�����ޤ���
- �����Ƥ�������ǡ�����˳�������ե������
- <filename>/var/tmp/root/</filename> ��
- <filename>/var/tmp/root/root/</filename> ����ˤ���
- �����륹�����ȥ��åץե���������Ǥ�����
- ¾�ˤ⤢�뤫���Τ�ޤ���
- (����ϡ����ʤ��������ɤλ������ɤ�Ǥ��뤫�˰�¸���ޤ�)��
+ <para><filename class="directory">/var/tmp/root</filename>
+ �ʲ��˥��ȡ��뤵��Ƥ���ե��������ˤϡ�
+ <quote>.</quote> ����ϤޤäƤ����Τ�����ޤ���
<command>ls -a</command> ��ȤäƳΤ���Ƥ���������</para>
- <para>
- ��äȤ��ñ����ˡ�ϡ���ĤΥե��������Ӥ��륳�ޥ��
- &man.diff.1; ��Ȥ����ȤǤ���
- </para>
+ <para>��äȤ��ñ����ˡ�ϡ���ĤΥե��������Ӥ��륳�ޥ��
+ &man.diff.1; ��Ȥ����ȤǤ���</para>
<screen>&prompt.root; <userinput>diff /etc/shells /var/tmp/root/etc/shells</userinput></screen>
- <para>
- ����ϡ����ʤ���
- <filename>/etc/shells</filename> �ե������
- ������ <filename>/var/tmp/root/etc/shells</filename> �ե������
- �ۤʤ���ʬ��ɽ�����ޤ���
- �������ʤ�����������Τ��ѹ�����ޡ������뤫��
- ����Ȥ��¸�Υե����������ΤǾ���뤫��
- Ƚ�Ǥ�������ˤ��Ƥ���������
- </para>
+ <para>���Υ��ޥ�ɤϡ�<filename>/etc/shells</filename> �ե������
+ ������ <filename>/var/tmp/root/etc/shells</filename>
+ �ե�����ΰۤʤ���ʬ��ɽ�����ޤ���
+ ���Ƥ��ǧ���ơ���������Τ��ѹ�����ޡ������뤫��
+ ����Ȥ��¸�Υե����������ΤǾ���뤫��Ƚ�Ǥ��Ƥ���������</para>
<tip>
<title>������ root �ǥ��쥯�ȥ�
- (<filename>/var/tmp/root</filename>) ��̾����
+ (<filename class="directory">/var/tmp/root</filename>) ��̾����
�����ॹ����פ��դ��Ƥ����ȡ�
�ۤʤ�С������֤���Ӥ�ڤ˹Ԥʤ����Ȥ��Ǥ��ޤ���</title>
- <para>
- ���ˤ˥����ƥ�κƹ��ۤ�Ԥʤ��Ȥ������Ȥϡ�
- <filename>/etc</filename> �ι�����ޤ������ˤ˹Ԥ�ɬ�פ�����
- �Ȥ������ȤǤ�������Ϥ���äȼ�֤Τ������ȤǤ���
- </para>
+ <para>���ˤ˥����ƥ�κƹ��ۤ�Ԥʤ��Ȥ������Ȥϡ�
+ <filename class="directory">/etc</filename> �ι�����ޤ���
+ ���ˤ˹Ԥ�ɬ�פ�����Ȥ������ȤǤ���
+ ����Ϥ���äȼ�֤Τ������ȤǤ���</para>
- <para>
- ���κ�Ȥϡ����ʤ��� <filename>/etc</filename> �˥ޡ���������
+ <para>���κ�Ȥϡ����ʤ��� <filename class="directory">/etc</filename>
+ �˥ޡ���������
�������ѹ����줿�ե�����κǿ��Υ��åȤΥ��ԡ�����¸���Ƥ������Ȥ�
- ����Ԥʤ����Ȥ��Ǥ��ޤ���
- ���μ��ϡ������¸����뤿��ΰ�Ĥ���ˡ�Ǥ���</para>
+ ����Ԥʤ����Ȥ��Ǥ��ޤ���</para>
<procedure>
<step>
- <para>
- ���̤� make world ���ޤ���<filename>/etc</filename> ��
+ <para>���̤� make world ���ޤ���
+ <filename class="directory">/etc</filename> ��
¾�Υǥ��쥯�ȥ���������ʤä��Ȥ��ϡ��������å�
- �ǥ��쥯�ȥ�ˡ����ΤȤ������դ˴�Ť�̾����Ĥ��Ƥ���������
- ���Ȥ��� 1998 ǯ 2 �� 14 �� ���Ȥ���С��ʲ��Τ褦�ˤ��ޤ���
- </para>
+ �ǥ��쥯�ȥ�ˡ����ΤȤ������դ˴�Ť�̾����Ĥ��Ƥ���������</para>
- <screen>&prompt.root; <userinput>mkdir /var/tmp/root-19980214</userinput>
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/root-20130214</userinput>
&prompt.root; <userinput>cd /usr/src/etc</userinput>
-&prompt.root; <userinput>make DESTDIR=/var/tmp/root-19980214 \
+&prompt.root; <userinput>make DESTDIR=/var/tmp/root-20130214 \
distrib-dirs distribution</userinput></screen>
</step>
<step>
- <para>
- �����������Ƥ���褦�ˡ�
- ���Υǥ��쥯�ȥ꤫���ѹ�����ޡ������ޤ���
- </para>
-
- <para>
+ <para>�����������Ƥ���褦�ˡ�
+ ���Υǥ��쥯�ȥ꤫���ѹ�����ޡ������ޤ���
���κ�Ȥ���λ���Ƥ⡢
- <filename>/var/tmp/root-19980214</filename> ��
- ������Ƥ�<emphasis>�����ޤ���</emphasis>��</para>
+ <filename>/var/tmp/root-20130214</filename>
+ �������Ƥ�<emphasis>�����ޤ���</emphasis>��</para>
</step>
<step>
- <para>
- �ǿ��ǤΥ����������������ɤ��ƺƹ��ۤ����顢
- ���ƥå� 1 �ˤ������äƤ������������٤ϡ�
- <filename>/var/tmp/root-19980221</filename>
- (������Ȥ��콵�֤������ä����)
- �Τ褦��̾���Ρ��������ǥ��쥯�ȥ��Ĥ��뤳�Ȥˤʤ�Ǥ��礦��
- </para>
+ <para>�ǿ��ǤΥ����������������ɤ��ƺƹ��ۤ����顢
+ ���ƥå� 1 �ˤ������äƤ������������٤ϡ�
+ ���������դ�ȿ�Ǥ����ǥ��쥯�ȥ��������Ƥ���������
+ ������Ǥϡ�<filename>/var/tmp/root-20130221</filename>
+ �Ȥ����������ǥ��쥯�ȥ��Ĥ���ޤ���</para>
</step>
<step>
- <para>
- �����ʳ��� &man.diff.1; ����Ѥ���
+ <para>&man.diff.1; ����Ѥ���
��ĤΥǥ��쥯�ȥ����Ӥ���Ƶ�Ū diff ��������뤳�Ȥǡ�
�콵�֤δ֤˹Ԥʤ�줿�������ؤ��ѹ��ˤ���������Ĵ�٤ޤ���
</para>
<screen>&prompt.root; <userinput>cd /var/tmp</userinput>
-&prompt.root; <userinput>diff -r root-19980214 root-19980221</userinput></screen>
+&prompt.root; <userinput>diff -r root-20130214 root-20130221</userinput></screen>
- <para>
- ����ˤ�ä���𤵤��������ϡ�����ξ�硢
- <filename>/var/tmp/root-19980221/etc</filename> ��
- <filename>/etc</filename> �Ȥξ�����٤�
- ���˾��ʤ���Τˤʤ�ޤ���
- ����������ʤ����ᡢ�ѹ������¸�� <filename>/etc</filename>
- �ǥ��쥯�ȥ�˥ޡ������뤳�Ȥϡ����Ū�ưפˤʤ�ޤ���
- </para>
+ <para>����ˤ�ä���𤵤��������ϡ�����ξ�硢<filename
+ class="directory">/var/tmp/root-20130221/etc</filename>
+ ��
+ <filename class="directory">/etc</filename>
+ �Ȥ����������٤����˾��ʤ���Τˤʤ�ޤ���
+ ����������ʤ����ᡢ�ѹ������¸��
+ <filename class="directory">/etc</filename>
+ �˥ޡ������뤳�Ȥϡ����Ū�ưפˤʤ�ޤ���</para>
</step>
<step>
- <para>
- �����ޤǽ�λ�����顢<filename>/var/tmp/root-*</filename> ��
- ��ĤΤ������Ť����Υǥ��쥯�ȥ�Ϻ�����ƹ����ޤ���
+ <para>�����ޤǽ�λ�����顢
+ <filename class="directory">/var/tmp/root-*</filename>
+ ����ĤΤ������Ť����Υǥ��쥯�ȥ�Ϻ�����ƹ����ޤ���
</para>
- <screen>&prompt.root; <userinput>rm -rf /var/tmp/root-19980214</userinput></screen>
+ <screen>&prompt.root; <userinput>rm -rf /var/tmp/root-20130214</userinput></screen>
</step>
<step>
- <para>
- ���ι�����<filename>/etc</filename> ���ѹ�����ޡ�������
- ɬ�פ����뤿�ӡ�����֤��ޤ���
- </para>
+ <para>�������
+ <filename class="directory">/etc</filename>
+ ���ѹ�����ޡ�������ɬ�פ����뤿�ӡ������֤��Ƥ���������</para>
</step>
</procedure>
- <para>
- �ǥ��쥯�ȥ�̾��������ư������ˤϡ�&man.date.1;
- �����Ѥ��뤳�Ȥ��Ǥ��ޤ���
- </para>
+ <para>�ǥ��쥯�ȥ�̾��������ư������ˤϡ�&man.date.1;
+ �����Ѥ��Ƥ���������</para>
<screen>&prompt.root; <userinput>mkdir /var/tmp/root-`date "+%Y%m%d"`</userinput></screen>
</tip>
@@ -2874,32 +2699,21 @@ Script done, …</screen>
<sect2 id="updating-upgrading-rebooting">
<title>�Ƶ�ư</title>
- <para>
- ����ǡ���ȤϤ����ޤ��Ǥ���
- ���٤Ƥ�����٤�����������¸�ߤ��뤳�Ȥ�����å������顢
- �����ƥ��Ƶ�ư���ޤ�������ϡ�ñ��
- &man.shutdown.8; ��¹Ԥ�������Ǥ���
- </para>
+ <para>���٤Ƥ�����٤�����������¸�ߤ��뤳�Ȥ�����å������顢
+ &man.shutdown.8; ��¹Ԥ��ƥ����ƥ��Ƶ�ư���Ƥ���������</para>
<screen>&prompt.root; <userinput>shutdown -r now</userinput></screen>
- </sect2>
- <sect2>
- <title>��Ȥδ�λ</title>
-
- <para>
- �����ޤ����С�&os; �����ƥ�Υ��åץ��졼�ɤ������Ǥ���
- ����ǤȤ��������ޤ���
- </para>
+ <para>�����ޤ����С�&os; �����ƥ�Υ��åץ��졼�ɤ������Ǥ���
+ ����ǤȤ��������ޤ���</para>
<para>�⤷����äȤ������꤬���ä����Ǥ⡢
�����ƥ�ΰ�����ƹ��ۤ���Τϴ�ñ�Ǥ���
- ���Ȥ��С����åץ��졼�ɤ�����Ǹ��ä�
- <filename>/etc/magic</filename> ��������
- <filename>/etc</filename> �˥ޡ������Ƥ��ޤ���
- ���� <command>file</command>
- ���ޥ�ɤ�ư��ʤ��ʤäƤ��ޤä��褦�ʾ���ͤ��ƤߤƤ���������
- �����������ˤϡ����Υ��ޥ�ɤ�¹Ԥ���н������뤳�Ȥ��Ǥ��ޤ���</para>
+ ���Ȥ��С����åץ��졼�ɤ� <filename class="directory">/etc</filename>
+ �Υޡ���������Ǹ��ä�
+ <filename>/etc/magic</filename> �������Ƥ��ޤ���
+ ���η�� &man.file.1; ��ư��ʤ��ʤäƤ��ޤä��褦�ʾ��ˤϡ�
+ ���Υ��ޥ�ɤ�¹Ԥ��ƽ������Ƥ���������</para>
<screen>&prompt.root; <userinput>cd /usr/src/usr.bin/file</userinput>
&prompt.root; <userinput>make all install</userinput></screen>
@@ -2915,9 +2729,8 @@ Script done, …</screen>
</question>
<answer>
- <para>
- ������ѹ��������ˤ��Τǡ��ʤ�Ȥ�����ޤ���
- ���Ȥ��С�<application>Subversion</application> ��¹Ԥ����Ȥ����Ǹ�˼¹Ԥ����Ȥ�������٤�
+ <para>������ѹ��������ˤ��Τǡ��ʤ�Ȥ�����ޤ���
+ ���Ȥ��С�<application>svn</application> ��¹Ԥ����Ȥ���
���ˤ�����褦�ʥե����뤬��������Ƥ����Ȥ��ޤ���</para>
<screen><filename>src/games/cribbage/instr.c</filename>
@@ -2926,29 +2739,22 @@ Script done, …</screen>
<filename>src/release/sysinstall/media.c</filename>
<filename>src/share/mk/bsd.port.mk</filename></screen>
- <para>
- ���ΤȤ��ˤϡ�����ƥ����ƥ����Τ�ƹ��ۤ���ɬ�פϤʤ��Ǥ��礦��
- Ŭ�ڤʥ��֥ǥ��쥯�ȥ�˰ܤä�
- <command>make all install</command> ��Ԥ������ǹ������뤳�Ȥ��Ǥ��ޤ���
- ���������⤷���餫���礭���ѹ����Ԥʤ��Ƥ���Ȥ������Ȥ���
- <filename>src/lib/libc/stdlib</filename> ���ѹ�����Ƥ�����ˤϡ�
- �����ƥ����Τ�ƹ��ۤ��뤫���⤷���Ϥ��Τ�����
- ���ʤ��Ȥ���Ū�˥����Ƥ����� (�ȡ����ʤ����ɲä���
- ��Ū�˥���줿�ץ������) ����ľ��ɬ�פ�����ޤ���</para>
+ <para>���ΤȤ��ˤϡ�����ƥ����ƥ����Τ�ƹ��ۤ���ɬ�פϤʤ��Ǥ��礦��
+ ���Τ���ꡢŬ�ڤʥ��֥ǥ��쥯�ȥ�˰ܤä�
+ <command>make all install</command> ��ԤäƤ���������
+ �����������Ȥ��� <filename>src/lib/libc/stdlib</filename>
+ �Τ褦���礭���ѹ����Ԥʤ�줿���ˤϡ�
+ �����ƥ����Τ�ƹ��ۤ��뤫��
+ ���ʤ��Ȥ���Ū�˥����Ƥ����Τ���ľ��ɬ�פ�����ޤ���</para>
- <para>��ɤΤȤ������ɤλ����Ǹ��ߤΥ����ƥ�åץ��졼�ɤ��뤫��
- ���ʤ������뤳�ȤǤ���
- 2 ���֤��Ȥ˥����ƥ��ƹ��ۤ������� 2 ���֤��ѹ���������
- �������⤷��ޤ���
- �ѹ��Τ��ä���ʬ�����ƹ��ۤ�����¸�ط���Τ�����ȹͤ��뤫���Τ�ޤ���
- <!-- hrs:2000/02/15
- What's "every fortnight say"? s/say/day/? -->
- </para>
+ <para>��ɤΤȤ�����
+ �ɤλ����Ǹ��ߤΥ����ƥ�åץ��졼�ɤ��뤫�Ϥ��ʤ������뤳�ȤǤ���
+ 2 ���֤��Ȥ˥����ƥ��ƹ��ۤ������� 2 ���֤��ѹ��������桼���⤤�ޤ�����
+ �ѹ��Τ��ä���ʬ�����ƹ��ۤ���
+ ���٤Ƥΰ�¸�ط���Τ�����ȹͤ���桼���⤤�ޤ���</para>
- <para>
- ����������ϤɤΤ��餤�����٤ǥ��åץ��졼�ɤ���������
- ������ &os.stable; �� &os.current; �Τɤ�����ɤ������Ƥ���Τ��ˤ��ޤ���
- </para>
+ <para>�����ϤɤΤ��餤�����٤ǥ��åץ��졼�ɤ���������
+ ������ &os.stable; �� &os.current; �Τɤ�����ɤ������Ƥ���Τ��ˤ��ޤ���</para>
</answer>
</qandaentry>
@@ -2964,38 +2770,38 @@ Script done, …</screen>
<para>������̾�ϡ��ɥ����������꤬���뤳�Ȥ��Ƥ��ޤ���
�����ƥ�κƹ��ۤϡ��ϡ��ɥ��������Ф�������ѵ��Ԥʤ������
ͭ���ʼ��ʤΰ�Ĥǡ�����˴ط��������꤬�褯��𤵤�ޤ���
- ��������ʬ�ϡ�����ѥ��餬��̯�ʥ����ʥ�������ꡢ
+ ��������ʬ�ϡ�
�ԲIJ�ʰ۾ェλ�Ȥʤ뤳�Ȥ�ȯ������ޤ���</para>
- <para>�����ˤ�������ˤ���Τ��ɤ����ϡ��ƹ��ۤ�⤦���ټ¹Ԥ���
+ <para>�����ˤ�������ˤ���Τ��ɤ����ϡ�<application>make</application>
+ ��⤦���ټ¹Ԥ���
�ۤʤ��ʳ��ǰ۾ェλ��ȯ�����뤫���Ȥ������Ȥ����ǧ�Ǥ��ޤ���</para>
- <para>���ξ��ˤϡ��ޥ�������ʤ���ơ��ɤ���ʬ�������Τ���
- Ĵ�٤Ƥߤ뤳�Ȥ��餤�����Ǥ��뤳�ȤϤ���ޤ���</para>
+ <para>���Υ��顼���б�����ˤϡ��ޥ�������ʤ���ơ�
+ �ɤ���ʬ�������Τ���Ĵ�٤ƤߤƤ���������</para>
</answer>
</qandaentry>
<qandaentry>
<question>
- <para>��λ������ <filename>/usr/obj</filename> �������Ƥ�
- ���ޤ��ޤ���?</para>
+ <para>������� <filename class="directory">/usr/obj</filename>
+ �������Ƥ⤫�ޤ��ޤ���?</para>
</question>
<answer>
<para>�����������ʤ�ֺ�����Ƥ��ʤ��פǤ���</para>
- <para><filename>/usr/obj</filename> �ˤϡ�
+ <para><filename class="directory">/usr/obj</filename> �ˤϡ�
����ѥ�����ʳ����������줿
���٤ƤΥ��֥������ȥե����뤬�ޤޤ�Ƥ��ޤ���
�̾� <command>make buildworld</command> �κǽ���ʳ��Ǥϡ�
���Υǥ��쥯�ȥ�������ƿ������Ĥ���ľ���褦�ˤʤäƤ��ޤ���
- ���ξ��ˤϡ����۽�λ��� <filename>/usr/obj</filename>
+ ���۽�λ��� <filename class="directory">/usr/obj</filename>
����¸���Ƥ����Ƥ⡢���ޤ��̣�Ϥ���ޤ���
- �������С��礭�ʥǥ��������ڡ�����
- (���ߤϤ������� 2 GB ����ޤ�) �������뤳�Ȥ��Ǥ��ޤ���</para>
+ ���������������� 2 GB
+ �Υǥ��������ڡ�����������뤳�Ȥ��Ǥ��ޤ���</para>
- <para>
- ���������⤷���ʤ�������Ԥʤ����Ȥ��Ƥ���Τ����Ƥ���ʤ顢
+ <para>�ɤ�����Ƥ���桼���Ǥ���С�
�����ʳ����ά���� <command>make buildworld</command>
��Ԥʤ����Ȥ��Ǥ��ޤ���
��������ȡ��ۤȤ�ɤΥ������Ϻƥ���ѥ��뤵��ʤ����ᡢ
@@ -3014,23 +2820,20 @@ Script done, …</screen>
</question>
<answer>
- <para>����ϡ����ʤ�������˵��դ����ˡ�
+ <para>����ϡ����꤬������ޤǤˡ�
�ɤ�����κ�Ȥ��Ƥ��뤫�ˤ�ä��Ѥ��ޤ���</para>
- <para><emphasis>����Ū��</emphasis> (�����Ƥ���ϳμ¤Ǥ��ä��ꤷ��
- ��§�ǤϤ���ޤ���)��
- <command>make buildworld</command> �β����Ǥϡ�
- ����Ū�ʥġ��� ( &man.gcc.1; �� &man.make.1; �Τ褦�ʤ��)
- �䡢�����ƥ�饤�֥��ο��������ԡ�����������ޤ���
- ���θ�ޤ��������Υġ����饤�֥��ϥ��ȡ��뤵��Ƥ���
+ <para>����Ū�� <command>make buildworld</command> �ϡ�
+ &man.gcc.1; �� &man.make.1; �ޤɤδ���Ū�ʥġ���䡢
+ �����ƥ�饤�֥��ο��������ԡ���������ޤ���
+ ���θ塢�����Υġ����饤�֥�꤬���ȡ��뤵��Ƥ��顢
��ʬ���Ȥκƹ��ۤ˻Ȥ�졢�⤦���١����ȡ��뤵��ޤ���
- ���ΤΥ����ƥ� (�����Ǥ� &man.ls.1; �� &man.grep.1; �Ȥ��ä�
- ɸ��Ū�ʥ桼���ץ�������ޤߤޤ�) �ϡ�
- ���ο����������ƥ�ե�������Ѥ��ƺ��ľ����뤳�Ȥˤʤ�ޤ���</para>
+ &man.ls.1; �� &man.grep.1;
+ �Ȥ��ä�ɸ��Ū�ʥ桼���ץ�������ޤॷ���ƥ����Τ���
+ ���ο����������ƥ�ե�������Ѥ��ƺ��ľ����ޤ���</para>
- <para>�⤷���ƹ��ۤ��ǽ��ʳ������äƤ��뤳��
- �� (��Ͽ���Ƥ��������Ϥ��ꤹ�뤳�Ȥ�) �狼�äƤ����顢
- (�������ƶ���Ϳ���뤳�Ȥʤ�) ���Τ褦�ˤ��뤳�Ȥ��Ǥ��ޤ���</para>
+ <para>�ƹ��ۤκǽ��ʳ��Ǥϡ�
+ �ޤä��������˼��Τ褦�ˤ��뤳�Ȥ��Ǥ��ޤ���</para>
<screen><emphasis>… fix the problem …</emphasis>
&prompt.root; <userinput>cd /usr/src</userinput>
@@ -3048,11 +2851,9 @@ Building everything..
--------------------------------------------------------------</screen>
<para>�� <command>make buildworld</command> �ν��Ϥˤ�����ˤϡ�
- ��Τ褦�ˤ��Ƥ�ۤȤ�ɰ��ƶ�������뤳�ȤϤ���ޤ���
- </para>
+ ��Τ褦�ˤ��Ƥ�ۤȤ�ɰ��ƶ�������뤳�ȤϤ���ޤ���</para>
- <para>
- �⤷���Υ�å��������ʤ��Ȥ����褯ʬ����ʤ��Ȥ������ˤϡ�
+ <para>�⤷���Υ�å��������ʤ��Ȥ����褯ʬ����ʤ��Ȥ������ˤϡ�
��������ݤ����������褦�ʤ��Ȥ��ʤ��褦��
�����ƥ�κƹ��ۤ�ǽ餫����ľ���ޤ��礦��</para>
</answer>
@@ -3070,38 +2871,37 @@ Building everything..
</listitem>
<listitem>
- <para><filename>/usr/src</filename> ��
- <filename>/usr/obj</filename> �ǥ��쥯�ȥ��
- �ۤʤ�ǥ���������̤Υե����륷���ƥ���֤��Ƥ���������
- �ޤ���ǽ�ʤ�С��ۤʤ�ǥ���������ȥ��������³���줿
- �ǥ�������ȤäƤ���������</para>
+ <para><filename class="directory">/usr/src</filename> ��
+ <filename class="directory">/usr/obj</filename>
+ �ۤʤ�ǥ���������̤Υե����륷���ƥ���֤��Ƥ���������
+ �ޤ���ǽ�ʤ�С�
+ �ۤʤ�ǥ���������ȥ��������³���줿�ǥ�������ȤäƤ���������</para>
</listitem>
<listitem>
<para>����˹�®������ˤϡ������Υե����륷���ƥ��
- &man.ccd.4; (Ϣ��ǥ������ɥ饤��) �ǥХ�����
- �Ȥäơ�ʣ���Υǥ���������֤��Ƥ���������</para>
+ &man.ccd.4; ��Ȥäơ�
+ ʣ���Υǥ���������֤��Ƥ���������</para>
</listitem>
<listitem>
- <para>�ץ��ե������Ǥκ�����̵�������Ƥ���������
- (<filename>/etc/make.conf</filename> ��
- <quote>NO_PROFILE=true</quote> �åȤ��ޤ�)
- ���̡����줬ɬ�פˤʤ뤳�ȤϤ���ޤ���</para>
+ <para><filename>/etc/make.conf</filename> ��
+ <quote>NO_PROFILE=true</quote> �åȤ��ơ�
+ �ץ��ե������Ǥκ�����̵�������Ƥ���������</para>
</listitem>
<listitem>
<para>&man.make.1; ��
- <option>-j<replaceable>n</replaceable></option> ����
- ��������ꤷ�ơ�ʣ���Υץ�����������˼¹Ԥ����Ƥ�
- ��������
- ����ϥץ����å���ñ�줫ʣ�����ˤ�餺��
- �ɤ����Ʊ�ͤ˲��ä����뤳�Ȥ��Ǥ��ޤ���</para>
+ <option>-j<replaceable>n</replaceable></option>
+ ����ꤷ�ơ�ʣ���Υץ�����������˼¹Ԥ����Ƥ���������
+ ����ϡ�ñ��Υץ����å��Ǥ�ʣ���Υץ����å��Ǥ⡢
+ Ʊ�ͤ˲��ä����뤳�Ȥ��Ǥ��ޤ���</para>
</listitem>
- <listitem><para><filename>/usr/src</filename> ����
- �ե����륷���ƥ��<option>noatime</option>
- ���ץ������դ��ƥޥ���� (�⤷���Ϻƥޥ����) ���Ƥ���������
+ <listitem>
+ <para><filename class="directory">/usr/src</filename>
+ �Τ���ե����륷���ƥ��<option>noatime</option>
+ ���ץ������դ��ƥޥ���Ȥ⤷���Ϻƥޥ���Ȥ��Ƥ���������
����ϡ����Υե����륷���ƥ�ˤ����ơ�
�Ǹ�˥����������줿����ν��ߤ��������ޤ���
�����餯�����ξ���ɬ�פˤʤ뤳�ȤϤʤ��Ǥ��礦��</para>
@@ -3110,21 +2910,19 @@ Building everything..
<warning>
<para>�����ϡ�
- <filename>/usr/src</filename> ���Ȥ���Ω�����ե����륷���ƥ��
- ���뤳�Ȥ����ꤷ�Ƥ��ޤ���
- �⤷�����Ǥʤ��Ȥ��ˤ� (���Ȥ��� <filename>/usr</filename> ��
- �����Ǥ�����ˤ�)��
- <filename>/usr/src</filename> �ǤϤʤ�
- Ŭ�ڤʥޥ���ȥݥ���Ȥ���ꤹ��ɬ�פ�����ޤ���
- </para>
+ <filename class="directory">/usr/src</filename>
+ ���Ȥ���Ω�����ե����륷���ƥ�Ǥ��뤳�Ȥ����ꤷ�Ƥ��ޤ���
+ �⤷ <filename class="directory">/usr</filename>
+ �ΰ����Ǥ�����ˤϡ�
+ ������Ŭ�ڤʥޥ���ȥݥ���Ȥ���ꤹ���Ƥ���������</para>
</warning>
</listitem>
<listitem>
- <para><filename>/usr/obj</filename> �Τ���ե����륷���ƥ��
- <option>async</option> ���ץ�����Ĥ��ƥޥ���� (�⤷����
- �ƥޥ����) ���Ƥ�������������ˤ�äơ�
- �ǥ������ؤν��ߤ���Ʊ���ˤʤ�ޤ���
+ <para><filename class="directory">/usr/obj</filename>
+ �Τ���ե����륷���ƥ��<option>async</option>
+ ���ץ�����Ĥ��ƥޥ���Ȥ⤷���Ϻƥޥ���Ȥ��Ƥ���������
+ ����ˤ�äơ��ǥ������ؤν��ߤ���Ʊ���ˤʤ�ޤ���
�Ĥޤꡢ����̿��Ϥ����˴�λ����Τ��Ф���
�ºݤ˥ǡ������ǥ������˽��ޤ��Τϡ����ο��ø�ˤʤ�ޤ���
����ˤ�äơ����߽����ΰ�粽����ǽ�ˤʤ뤿�ᡢ
@@ -3141,18 +2939,20 @@ Building everything..
�Ƶ�ư��˥ե����륷���ƥब������ǽ�ˤʤ��ǽ����
���˹⤯�ʤ�ޤ���</para>
- <para>�⤷��<filename>/usr/obj</filename> ���Ȥ���Ω����
- �ե����륷���ƥ�Ǥ���ʤ�С����������ˤʤ�ޤ���
+ <para>�⤷��<filename class="directory">>/usr/obj</filename>
+ �����ե����륷���ƥ�ˤ���ͣ��Υǥ��쥯�ȥ�Ǥ���С�
+ ���������ˤʤ�ޤ���
��������Ʊ���ե����륷���ƥ�ˡ�¾�ε��Ťʥǡ������֤��Ƥ���Ȥ��ˤϡ�
���Υ��ץ�����ͭ���ˤ������ˡ�
- �Хå����åפ���ȼ�äƤ����ޤ��礦��</para>
+ �Хå����åפ���ȼ�äƤ����ޤ��礦��</para>
</warning>
<screen>&prompt.root; <userinput>mount -u -o async /usr/obj</userinput></screen>
<warning>
- <para>�⤷ <filename>/usr/obj</filename> ���Ȥ�
- �ե����륷���ƥ�Ǥʤ����ˤϡ�Ŭ�ڤʥޥ���ȥݥ���Ȥ�ؤ��褦�ˡ�
+ <para>�⤷ <filename class="directory">/usr/obj</filename>
+ ���Ȥ��ե����륷���ƥ�Ǥʤ����ˤϡ�
+ Ŭ�ڤʥޥ���ȥݥ���Ȥ�ؤ��褦�ˡ�
������̾�����֤������Ƥ���������</para>
</warning>
</listitem>
@@ -3166,8 +2966,7 @@ Building everything..
</question>
<answer>
- <para>��ʬ�δĶ������Υӥ�ɤ�;�פʥ��ߤ��ĤäƤ��ʤ����Ȥ�Ϥä���ȳ�ǧ���Ƥ���������
- �ȤƤ��ñ�Ǥ���</para>
+ <para>��ʬ�δĶ������Υӥ�ɤ�;�פʥ��ߤ��ĤäƤ��ʤ����Ȥ�Ϥä���ȳ�ǧ���Ƥ���������</para>
<screen>&prompt.root; <userinput>chflags -R noschg /usr/obj/usr</userinput>
&prompt.root; <userinput>rm -rf /usr/obj/usr</userinput>
@@ -3183,7 +2982,7 @@ Building everything..
<para>�ޤ����꤬����С����顼�� <command>uname -a</command>
�ν��Ϥ� &a.questions; �����äƤ���������
- ��ʬ������ˤĤ��Ƥ���˼��䤵��Ƥ���������褦�Ѱդ��Ƥ�������!</para>
+ ����ˤĤ��Ƥ���˼��䤵��Ƥ���������褦�Ѱդ��Ƥ�������!</para>
</answer>
</qandaentry>
</qandaset>
@@ -3212,21 +3011,21 @@ Building everything..
�����ƥफ�鴰���˺������뤳�Ȥ����뤿��Ǥ���
�����ƥ�Υ��åץǡ��Ȼ��˺����ɬ�פˤʤ�Τϡ�
�Ť��ե����롢�饤�֥�ꤽ���ƥǥ��쥯�ȥ�Ǥ���
- �����Υե������������ȡ��������� (����ӥХå����å�����)
- �ˤ�������ɬ�פ����̤����Ƥ���Ť��ե����뤬��
+ �����Υե�����������뤳�Ȥǡ�
+ �������Τ�Хå����å����Τˤ�������ɬ�פ����̤����Ƥ���Ť��ե����뤬��
�����ƥ��˻��𤹤뤳�Ȥ��ʤ��ʤ�ޤ���
�ޤ����Ť��饤�֥��Υ������ƥ�������������꤬����ȡ�
�饤�֥��������ƥ����ƥ�����ʾ��֤ˤ���
- �Ť��饤�֥��μ������饷���ƥब����å��夹�뤳�Ȥ��ɤ��ʤ���Фʤ�ޤ���
+ �Ť��饤�֥��ˤ�ꥷ���ƥब����å��夹�뤳�Ȥ��ɤ��ʤ���Фʤ�ޤ���
�Ȥ��ʤ��ʤä��ե����롢�ǥ��쥯�ȥꡢ�饤�֥���
<filename>/usr/src/ObsoleteFiles.inc</filename>
- �ˤޤȤ���Ƥ��ޤ���������Ǥϡ�
- ���åץ��졼�ɤβ����Ǥ����Υե��������������ˡ�ˤĤ����������ޤ���</para>
+ �ˤޤȤ���Ƥ��ޤ����ʲ��μ��ˤ�ꡢ
+ ���åץ��졼�ɤβ����Ǥ����Υե���������Ǥ��ޤ���</para>
- <para>�����ƥ�ϡ�<xref linkend="canonical-build"/>
- ������������ˡ�ǹ��ۤ���Ƥ���Ȳ��ꤷ�ޤ���
- <command>make <maketarget>installworld</maketarget></command> �ȡ�
- ���θ�� <command>mergemaster</command> ���ޥ�ɤ�̵���˽���ä��顢
+ <para><xref linkend="canonical-build"/>
+ ������������ˡ�ǥ����ƥ���ۤ��Ƥ���������
+ <command>make <maketarget>installworld</maketarget></command>
+ �ȡ����θ�� <command>mergemaster</command> ��̵���˽���ä��顢
�ʲ�����ˡ�ǻȤ��ʤ��ʤä��ե������饤�֥����ǧ���Ƥ���������</para>
<screen>&prompt.root; <userinput>cd /usr/src</userinput>
@@ -3242,9 +3041,9 @@ Building everything..
</tip>
<para>�Ȥ��ʤ��ʤä��ե������������ݡ��ե����뤴�Ȥ˳�ǧ�������ޤ���
- �ʲ��Τ褦�� make �� <makevar>BATCH_DELETE_OLD_FILES</makevar>
- �Ķ��ѿ������ꤹ��ȡ�
- ��ǧ����ά���졢��ưŪ�˥ե����뤬�������ޤ���</para>
+ ��ǧ���ά������ưŪ�˥ե������������ˤϡ�
+ �ʲ��Τ褦�� <makevar>BATCH_DELETE_OLD_FILES</makevar>
+ �����ꤷ�Ƥ���������</para>
<screen>&prompt.root; <userinput>make -DBATCH_DELETE_OLD_FILES delete-old</userinput></screen>
@@ -3255,6 +3054,7 @@ Building everything..
<warning>
<title>Warning</title>
+
<para>�Ȥ��ʤ��ʤä��ե������������ȡ�
��������ե�����˰�¸���Ƥ������ץꥱ�������ϲ���Ƥ��ޤ��ޤ���
�äˡ��Ť��饤�֥�����������˵��������ޤ���
@@ -3288,8 +3088,7 @@ Building everything..
<para>���Ĥ��ä� port �ȡ��뤷��
�ƹ��ۡ��ƥ��ȡ��뤷�Ƥ���������
������� <filename role="package">ports-mgmt/portmaster</filename>
- �� <filename role="package">ports-mgmt/portupgrade</filename>
- �桼�ƥ���ƥ��Ǽ�ư���Ǥ��ޤ���
+ �Ǽ�ư���Ǥ��ޤ���
���٤Ƥ� ports ���ƹ��ۤ��졢
�Ť��饤�֥�꤬�ɤ��ˤ�Ȥ��Ƥ��ʤ����Ȥ��ǧ�����顢
�ʲ��Υ��ޥ�ɤǸŤ��饤�֥��������Ƥ���������</para>
@@ -3313,10 +3112,10 @@ Building everything..
<secondary>ʣ���Υޥ���˥��ȡ���</secondary>
</indexterm>
- <para>Ʊ���������ĥ���ɤ����������ޥ����ʣ�����äƤ���ʤ顢
- �����Υޥ���˥����������������ɤ��������ƹ��ۤ���Τϻ�
- �Ĥޤ�ǥ��������ڡ������ͥåȥ���Ӱ衢������ CPU ���������̵�̻Ȥ��˻פ��ޤ���
- �ºݤ����̵�̤ǡ������� 1 �ĤΥޥ���˻Ż��ΤۤȤ�ɤ���
+ <para>ʣ���Υ���ԥ塼����Ʊ���������ĥ���ɤ������Ƥ��ơ�
+ �����Υޥ���˥����������������ɤ���������ƹ��ۤ���Τϡ�
+ �ǥ��������ڡ������ͥåȥ���Ӱ衢������ CPU ���������̵�̻Ȥ��Ǥ���
+ ������ 1 �ĤΥޥ���˻Ż��ΤۤȤ�ɤ���
�Ĥ�Υޥ���� NFS ��ͳ�Ǥ����ޥ���Ȥ��롢�Ȥ�����ΤǤ���
���Υ��������ǤϤ��Τ�����Ѥ��ޤ���</para>
@@ -3324,7 +3123,7 @@ Building everything..
<title>����</title>
<para>�ޤ����ˡ�Ʊ���Х��ʥ��ư�������Ȥ���ޥ�������ޤ���
- ���Υޥ����Τ��Ȥ�<emphasis>�ӥ�ɥ��å�</emphasis>�ȸƤӤޤ��礦��
+ ���Υޥ����Τ��Ȥ�<emphasis>�ӥ�ɥ��å�</emphasis>�ȸƤӤޤ���
���줾��Υޥ���ϥ������५���ͥ����äƤ��뤫�⤷��ޤ���
Ʊ���桼�����ɥХ��ʥ��ư�������Ȥ����ΤǤ���
���Υӥ�ɥ��åȤ��顢
@@ -3333,23 +3132,24 @@ Building everything..
����Ū�ˤϡ����Υޥ���� <command>make buildworld</command>
�� <command>make buildkernel</command>
��¹Ԥ���Τ˽�ʬ�� CPU ����ä�®���ޥ���Ǥ���٤��Ǥ���
- <emphasis>�ƥ��ȥޥ���</emphasis>�Ȥʤ�٤��ޥ�������Ӥ����Ǥ��礦��
+ <emphasis>�ƥ��ȥޥ���</emphasis>�Ȥʤ�٤��ޥ��������Ǥ���������
�������줿���եȥ�������Ȥ����ˤ��Υޥ���ǥƥ��Ȥ���ΤǤ���
�ƥ��ȥޥ���Ϥ��ʤ�Ĺ����������Ƥ��Ƥ�
�������礦�֤ʥޥ���<emphasis>�Ǥ��ä��ۤ��������Ǥ��礦</emphasis>��
�ӥ�ɥޥ���Ǥ⤫�ޤ��ޤ����ӥ�ɥޥ���Ǥ���ɬ�פϤ���ޤ���</para>
<para>���Υӥ�ɥ��åȤΥޥ���Ϥ��٤�
- <filename>/usr/obj</filename> ��
- <filename>/usr/src</filename>
+ <filename class="directory">/usr/obj</filename> ��
+ <filename class="directory">/usr/src</filename>
��Ʊ���ޥ����Ʊ����꤫��ޥ���Ȥ���ɬ�פ�����ޤ���
����Ū�ˤϥӥ�ɥޥ���� 2 �Ĥΰ㤦�ɥ饤�־�ˤ���Ȥ褤�ΤǤ�����
�ӥ�ɥޥ���� NFS �ޥ���Ȥ���Ƥ��Ƥ⤫�ޤ��ޤ���
�ӥ�ɥ��åȼ��Τ�ʣ��������ϡ�
- <filename>/usr/src</filename> �ϤҤȤĤΥӥ�ɥޥ����ˤ���٤��Ǥ���
+ <filename class="directory">/usr/src</filename>
+ �ϤҤȤĤΥӥ�ɥޥ����ˤ���٤��Ǥ���
¾�Υޥ���Ϥ���� NFS �ޥ���Ȥ���褦�ˤ��ޤ��礦��</para>
- <para>�Ǹ�˥ӥ�ɥ��åȤ����ƤΥޥ�����
+ <para>�Ǹ�˥ӥ�ɥ��åȤΤ��٤ƤΥޥ�����
<filename>/etc/make.conf</filename> ��
<filename>/etc/src.conf</filename>
���ӥ�ɥޥ���Ȱ��פ��Ƥ��뤳�Ȥ��ǧ���Ƥ���������
@@ -3361,30 +3161,32 @@ Building everything..
�ӥ�ɥޥ���ϼ�ʬ���ȤΥ����ͥ뤫���������Υ����ͥ�̾��
<makevar>KERNCONF</makevar> �˥ꥹ�ȥ��åפ��Ƥ���������
�ƥޥ���Υ����ͥ��ӥ�ɤ���ΤǤ���С�
- �ӥ�ɥޥ���ϳƥޥ���Υ����ͥ�����ե������
- <filename>/usr/src/sys/<replaceable>arch</replaceable>/conf</filename>
+ �ӥ�ɥޥ���ϳƥޥ���Υ����ͥ�����ե������ <filename
+ class="directory">/usr/src/sys/<replaceable>arch</replaceable>/conf</filename>
�˻��äƤ��ʤ���Фʤ�ޤ���</para>
</sect2>
<sect2 id="small-lan-base-system">
<title>�١��������ƥ�</title>
- <para>���ơ����������ä��Τǡ��ӥ�ɤ��ޤ��礦��
+ <para>�ӥ�ɥޥ���ˤơ�
<xref linkend="make-buildworld"/>
�˽Ƥ���褦�˥����ͥ�ȥ١��������ƥ���ۤ��Ƥ���������
�Ǥ⡢�ޤ����ȡ��뤷�ʤ��Ǥ���������
�ӥ�ɤ�����ä��顢�ƥ��ȥޥ���˰ܤꡢ
- �ӥ�ɤ����Ф���Υ����ͥ�ȡ��뤷�Ƥ���������
+ �ӥ�ɤ��������ͥ�ȡ��뤷�Ƥ���������
�ƥ��ȥޥ��� NFS ��ͳ��
- <filename>/usr/src</filename> ��
- <filename>/usr/obj</filename> ��ޥ���Ȥ��Ƥ���ʤ顢
- ����桼���ǺƵ�ư�����Ȥ��ͥåȥ����Ȥ���褦�ˤ��ƥޥ���Ȥ���ɬ�פ�����ޤ���
+ <filename class="directory">/usr/src</filename> ��
+ <filename class="directory">/usr/obj</filename>
+ ��ޥ���Ȥ��Ƥ���ʤ顢
+ ����桼���ǺƵ�ư�����Ȥ��˥ͥåȥ����Ȥ���褦�ˤ��ơ�
+ �����Υǥ��쥯�ȥ��ޥ���Ȥ���褦�ˤ��Ƥ���������
��äȤ��ñ����ˡ�ϡ�
�ޥ���桼���⡼�ɤǵ�ư���ơ�<command>shutdown now</command>
��¹Ԥ��ƥ���桼���⡼�ɤ˰ܹԤ��뤳�ȤǤ���
���������顢�����ͥ�ȥ١��������ƥ�ȡ��뤷��
���Ĥ⤹��褦��
- <command>mergemaster</command> ��¹ԤǤ��ޤ���
+ <command>mergemaster</command> ��¹Ԥ��Ƥ���������
����ä��顢
�ƥ��ȥޥ����Ƶ�ư�����̾�Υޥ���桼��ư����ᤷ�ޤ���</para>
@@ -3397,16 +3199,16 @@ Building everything..
<para>ports �ĥ�ˤ�Ʊ�������ǥ����Ȥ��ޤ���
�ǽ�˽��פ����ϡ�
- �ӥ�ɥ��åȤΤ��٤ƤΥޥ����Ʊ���ޥ����
- <filename>/usr/ports</filename> ��ޥ���Ȥ��뤳�ȤǤ���
- �����ơ�distfiles ��ͭ���뤿��ˡ�
+ �ӥ�ɥ��åȤΤ��٤ƤΥޥ����Ʊ���ޥ���� <filename
+ class="directory">/usr/ports</filename> ��ޥ���Ȥ��뤳�ȤǤ���
+ �����ơ�distfiles ��ͭ����褦��
<filename>/etc/make.conf</filename> ��Ŭ�ڤ����ꤷ�ޤ���
NFS �ޥ���Ȥˤ�äƥޥåפ���� <username>root</username>
�桼�������Ǥ��졢<makevar>DISTDIR</makevar>
�Ϥ��Υ桼��������붦�̤ζ�ͭ�ǥ��쥯�ȥ�����ꤹ��ɬ�פ�����ޤ���
�ƥޥ���� <makevar>WRKDIRPREFIX</makevar>
��ʬ�Υޥ���Υӥ�ɥǥ��쥯�ȥ�����ꤷ�ʤ���Фʤ�ޤ���
- �Ǹ�ˡ��ѥå�������ӥ�ɤ������ۤ��褦�Ȥ��Ƥ���ʤ顢
+ �Ǹ�ˡ�packages ��ӥ�ɤ������ۤ���ΤǤ���С�
<makevar>DISTDIR</makevar> ��Ʊ���褦��
<makevar>PACKAGES</makevar> �ǥ��쥯�ȥ�����ꤷ�Ƥ���������</para>
</sect2>
diff --git a/ja_JP.eucJP/books/handbook/desktop/chapter.xml b/ja_JP.eucJP/books/handbook/desktop/chapter.xml
index efb8258b30..e453dacc0f 100644
--- a/ja_JP.eucJP/books/handbook/desktop/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/desktop/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41113
+ Original revision: r41335
$FreeBSD$
-->
diff --git a/ja_JP.eucJP/books/handbook/install/chapter.xml b/ja_JP.eucJP/books/handbook/install/chapter.xml
index 8d6e6bbf79..4a788f70cc 100644
--- a/ja_JP.eucJP/books/handbook/install/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/install/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41166
+ Original revision: r41278
$FreeBSD$
-->
@@ -4615,7 +4615,7 @@ Please press any key to reboot.</screen>
<para>�̾���Υǥ��쥯�ȥ�ˤϰʲ��Υ�������֤��Ƥ���ޤ���</para>
<table frame="none">
- <title>&os; 8.<replaceable>X</replaceable>
+ <title>&os;
ISO �������̾��������</title>
<tgroup cols="2">
@@ -4670,7 +4670,7 @@ Please press any key to reboot.</screen>
<entry>���� CD ������ˤϡ��ǥ������˼��ޤ����̤Υ����ɥѡ��ƥ���
package ���ޤޤ�Ƥ��ޤ������Υ�����ϡ�
- &os; 8.<replaceable>X</replaceable>
+ &os; 9.<replaceable>X</replaceable>
�ʹߤǤ����ѤǤ��ޤ���</entry>
</row>
@@ -4679,15 +4679,7 @@ Please press any key to reboot.</screen>
<entry>�ǥ������˼��ޤ����̤Υ����ɥѡ��ƥ���
package ��ޤ�⤦ 1 �Ĥ� CD ������Ǥ������Υ�����ϡ�
- &os; 8.<replaceable>X</replaceable>
- �ʹߤǤ����ѤǤ��ޤ���</entry>
- </row>
-
- <row>
- <entry><filename>&os;-<replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-docs.iso</filename></entry>
-
- <entry>&os; �ɥ�����ȡ����Υ�����ϡ�
- &os; 8.<replaceable>X</replaceable>
+ &os; 9.<replaceable>X</replaceable>
�ʹߤǤ����ѤǤ��ޤ���</entry>
</row>
diff --git a/ja_JP.eucJP/books/handbook/mirrors/chapter.xml b/ja_JP.eucJP/books/handbook/mirrors/chapter.xml
index 15cd330bcb..513b07aba6 100644
--- a/ja_JP.eucJP/books/handbook/mirrors/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/mirrors/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41189
+ Original revision: r41337
$FreeBSD$
-->
@@ -1765,6 +1765,15 @@ usr.bin/</programlisting>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>RELENG_9_1</term>
+
+ <listitem>
+ <para>&os;-9.1 �ѤΥ����֥������������ƥ�����䡢
+ ����¾�ο���ʥ������ƥ���ν��������ä����ˤΤȤ��ޤ���</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_9_0</term>
@@ -1783,6 +1792,15 @@ usr.bin/</programlisting>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>RELENG_8_4</term>
+
+ <listitem>
+ <para>&os;-8.4 �ѤΥ����֥������������ƥ�����䡢
+ ����¾�ο���ʥ������ƥ���ν��������ä����ˤΤȤ��ޤ���</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_8_3</term>
@@ -2121,6 +2139,14 @@ usr.bin/</programlisting>
�����˺ݤ������̤ʥ�������Ϳ����뤳�ȤϤ���ޤ���</para>
<variablelist>
+ <varlistentry>
+ <term>RELENG_9_1_0_RELEASE</term>
+
+ <listitem>
+ <para>&os; 9.1</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>RELENG_9_0_0_RELEASE</term>
diff --git a/ja_JP.eucJP/books/handbook/ports/chapter.xml b/ja_JP.eucJP/books/handbook/ports/chapter.xml
index 57b707da6d..bbf08f8edf 100644
--- a/ja_JP.eucJP/books/handbook/ports/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/ports/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41119
+ Original revision: r41281
$FreeBSD$
-->
@@ -983,8 +983,7 @@ Deinstalling ca_root_nss-3.13.5... done</screen>
(���ʤ��������������ɲäΥѥå�����ƥʥ�����)
�ȹͤ��Ƥ���桼���ϡ�ľ�� Subversion ��Ȥ��Ȥ褤�Ǥ��礦��
<application>CVSup</application> �Υ����ӥ��ϡ�
- 2013 ǯ 2 �� 28 ���ޤǤ��ʳ�Ū���ѻߤ����Τǡ�
- ���� CVSup �����Ѥ�ʤ�뤳�Ȥϡ��侩����ޤ���</para>
+ 2013 ǯ 2 �� 28 �����ѻߤ���ޤ�����</para>
</warning>
<sect2 id="ports-tree">
@@ -1467,8 +1466,9 @@ Deinstalling ca_root_nss-3.13.5... done</screen>
�̤Υ��ƥ���� ports �� distfiles
�ϥ���������ɤ���<emphasis>�ʤ�</emphasis>���Ȥ����դ��Ƥ���������
port ����¸���Ƥ��뤹�٤Ƥ����������ɤ�������С�
- <command>make<maketarget>fetch-recursive</maketarget>
- <maketarget>fetch</maketarget></command> ��ȤäƤ���������</para>
+ <command>make
+ <maketarget>fetch-recursive</maketarget></command>
+ ��ȤäƤ���������</para>
<note>
<para>�ȥåץǥ��쥯�ȥ�� <command>make</command>
diff --git a/ja_JP.eucJP/books/handbook/x11/chapter.xml b/ja_JP.eucJP/books/handbook/x11/chapter.xml
index 9f77c4009b..a2c61c1c23 100644
--- a/ja_JP.eucJP/books/handbook/x11/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/x11/chapter.xml
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41025
+ Original revision: r41343
$FreeBSD$
-->
@@ -824,8 +824,7 @@ EndSection</programlisting>
<para>X11 ���դ��Ƥ���ǥե���ȤΥե���Ȥϡ�
�̾�Υǥ����ȥåץѥ֥�å����ץꥱ�������ˤȤäƤ�����Ū�Ȥϸ����ʤ����٤Τ�ΤǤ���
ʸ�����礭������ȥ��㥮���ˤʤ�ץ��ե��å���ʥ�Ȥϸ����ʤ��褦�ʤ�Τˤʤ�ޤ�����
- <application>&netscape;</application>
- �Ǥξ����ʥե���Ȥ�Ƭ���������˸����ޤ���
+ �����ʥե���Ȥ�Ƭ���������˸����ޤ���
��������������ˤϼ��ι⤤ Type1 (&postscript;)
�ե���Ȥ������Ĥ����ꡢ
X11 �ǤϤ������ñ�����Ѥ��뤳�Ȥ��Ǥ��ޤ���
@@ -928,9 +927,9 @@ EndSection</programlisting>
<para>�Ȥ��뤫���⤷���� <filename>xorg.conf</filename>
�ե������ <literal>FontPath</literal> �Ԥ��ɲä��ޤ���</para>
- <para>����ǽ����Ǥ���<application>&netscape;</application> ��
- <application>Gimp</application>,
- <application>&staroffice;</application>
+ <para>����ǽ����Ǥ���
+ <application>Gimp</application> ��
+ <application>Apache OpenOffice</application>
�Ȥ��ä����٤Ƥ� X ���ץꥱ�������
&truetype; �ե���Ȥ�Ȥ����Ȥ��Ǥ��ޤ���
(������٤ʥǥ����ץ쥤�Ǹ��륦���֥ڡ�����Υƥ����Ȥߤ�����)
diff --git a/ja_JP.eucJP/htdocs/ports/Makefile b/ja_JP.eucJP/htdocs/ports/Makefile
index b01e8f1b70..bd2efe4606 100644
--- a/ja_JP.eucJP/htdocs/ports/Makefile
+++ b/ja_JP.eucJP/htdocs/ports/Makefile
@@ -27,7 +27,7 @@ ${INDEX}:
.endif
HOSTNAME!= hostname
-.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org"
+.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org" || ${HOSTNAME} == "build-web.stream.FreeBSD.org"
CLUSTER_MACHINE= YES
.endif
diff --git a/ja_JP.eucJP/htdocs/projects/newbies.xml b/ja_JP.eucJP/htdocs/projects/newbies.xml
index 37f3579c73..49ae3bf1ba 100644
--- a/ja_JP.eucJP/htdocs/projects/newbies.xml
+++ b/ja_JP.eucJP/htdocs/projects/newbies.xml
@@ -6,7 +6,7 @@
<!ENTITY url.books "&enbase;/doc/ja_JP.eucJP/books">
]>
<!-- The FreeBSD Japanese Documentation Project -->
-<!-- Original revision: r40761 -->
+<!-- Original revision: r41092 -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -94,17 +94,6 @@
<a href="http://www.awfulhak.org/ppp.html">ppp �ڡ���</a>
�عԤ��Τ��褤�Ǥ��礦��</p></li>
- <li><p>Greg Lehey �ˤ��
- <a name="cfbsd" href="http://www.lemis.com/grog/Documentation/CFBSD/">
- The Complete &os;</a> �� O'Reilly
- ������Ǥ���Ƥ��ޤ���
- �����ܤϺǾ��¤� UNIX �˴ؤ���и�������Ȥ��ơ�
- &os; �Υ��ȡ��뤫�����ꡢ
- ���Ѥ��뤿��˽鿴�Ԥ��Τꤿ���Ȼפ����٤ƤΤ��Ȥ���ޤǤ�
- ���ʳ��ˤĤ��ơ����ʤ����������Ƥ��ޤ���
- �����ܤ��ɤ�С��ʤˤ�Ԥʤ��Τ����ʤ������Ԥʤ��Τ��Ȥ������Ȥ�
- ����Ǥ��ޤ���</p></li>
-
<li><p><a href="&url.books;/handbook/index.html">&os; �ϥ�ɥ֥å�</a>
�� <a href="&url.books;/faq/index.html">�褯������������ (FAQ)</a>
�� &os; �˴ؤ����濴Ū��ʸ��Ǥ���
@@ -126,9 +115,13 @@
<li><p>&os; �˴ؤ����ʥ˥塼�����롼�פ�
<a href="news:comp.unix.bsd.freebsd.misc">comp.unix.bsd.freebsd.misc</a>
�Ǥ���
- �ޤ���
- <a href="news:comp.unix.bsd.freebsd.announce">comp.unix.bsd.freebsd.announce</a>
- �ˤ��ܤ��̤��Ƥ����������褤���⤷��ޤ���</p></li>
+ UNIX �˴ؤ������ϥ˥塼�����롼��
+ <a href="news:comp.unix.questions">comp.unix.questions</a>
+ �ǵ�������Ƥ��ޤ���
+ ����ȴ�Ϣ����
+ <a href="ftp://rtfm.mit.edu/pub/usenet/news.answers/unix-faq/faq/">FAQ</a>
+ �Υ��ԡ��� RMIT �� FTP �����Ȥ������ꤹ�뤳�Ȥ��ǽ�Ǥ���
+ �鿴�ԤϤϤ������ 1 �Ϥ��� 2 �Ϥˤ�äȤⶽ̣����ĤǤ��礦��</p></li>
<li><p><a href="&cgibase;/man.cgi">����饤��ޥ˥奢��</a>
(<a href="http://www.jp.FreeBSD.org/man-jp/search.html">���ܸ���</a>)
@@ -183,14 +176,6 @@
��ʬ������Ǥ�����դǽƤ����Τ����֤Ȥ褤�Ǥ��礦��
�����ˤ�äȹ����ϰϤˤĤ��ƽƤ����ܤ��ɤ߿ʤߤ����ʤ뤫�⤷��ޤ���</p></li>
- <li><p>�鿴�Ԥ����Ф���̾������ܤΰ�Ĥˡ�Addison-Wesley
- ������Ǥ���Ƥ��롢Paul W. Abrahams �� Bruce R. Larson �ˤ��
- <a name="ufti"><em>UNIX for the Impatient</em></a>
- �Ȥ�����Τ�����ޤ���
- �����ܤ� UNIX �γؽ����ͽ�Ǥ��ꡢ
- UNIX �γ�ǰ�ˤĤ��Ƥ������⤢�ꡢ����� X Window System
- ��Ȥ��Τ������ʾϤ�ޤޤ�Ƥ��ޤ���</p></li>
-
<li><p>�⤦�ҤȤ�ͭ̾�ʤΤ� Jerry Peek��Tim O'Reilly ��
Mike Loukides �ˤ�� <em>UNIX Power Tools</em> �Ȥ����ܤǡ�
����� O'Reilly and Associates ������Ǥ���Ƥ��ޤ���
@@ -217,29 +202,11 @@
���٤Υߥ顼�����Ȥ��������줿�ꡢ
��ʬ�Υ����ƥ�˥��ȡ��뤷���ꤹ�뤳�Ȥ��Ǥ��ޤ���</p></li>
- <li><p>UNIX �˴ؤ������ϥ˥塼�����롼��
- <a href="news:comp.unix.questions">comp.unix.questions</a>
- �ǵ�������Ƥ��ޤ���
- ����ȴ�Ϣ����
- <a href="ftp://rtfm.mit.edu/pub/usenet/news.answers/unix-faq/faq/">FAQ</a>
- �Υ��ԡ��� RMIT �� FTP �����Ȥ������ꤹ�뤳�Ȥ��ǽ�Ǥ���
- �鿴�ԤϤϤ������ 1 �Ϥ��� 2 �Ϥˤ�äȤⶽ̣����ĤǤ��礦��</p></li>
-
- <li><p>�⤦�ҤȤĤζ�̣�����˥塼�����롼�פ�
- <a href="news:comp.unix.user-friendly">comp.unix.user-friendly</a>
- �Ǥ���
- ���Υ˥塼�����롼�פϥ桼���������ˤĤ��Ƶ������뤿��Τ�ΤǤ�����
- �鿴�ԤˤȤä����Ω�ľ�����Ƥ���뤳�Ȥ�����ޤ���
- ����
- <a href="ftp://rtfm.mit.edu/pub/usenet/news.answers/unix-faq/user-friendly">FAQ</a>
- �� FTP �Ǥ������ǽ�Ǥ���</p></li>
-
<li><p>¾�ˤ⤿������Υ����֥����Ȥ�
UNIX �ˤĤ��ƤΥ��塼�ȥꥢ��仲�ͤˤǤ���ʸ����ޤ���
- �����Ʋ��Τ˺�Ŭ�ʽ�ȯ���ΤҤȤĤ�
- <a href="http://www.yahoo.com/Computers_and_Internet/Software/Operating_Systems/Unix/">Yahoo!</a>
- �� UNIX �ڡ����Ǥ���</p></li>
-
+ �����Ʋ��Τ˺�Ŭ�ʽ�ȯ���ΤҤȤĤϡ������������ <a
+ href="https://google.com">Google</a> �Ǥ���</p>
+ </li>
</ul>
<h2><a name="xwin">X Window System �ˤĤ��Ƴؤ�</a></h2>
@@ -252,15 +219,6 @@
�鿴�Ԥ�����ˤϾ������Ȥ������Ȥ˵����դ��Ʋ�������</p>
<ul>
- <li><p>X Window System �Υ��ȡ�������ꡢ
- ���ѤˤĤ��Ƥδ���Ū�ʾ���ˤĤ��Ƥϡ�
- �ʲ��� 3 �����ܤ���˽鿴�ԥ�٥�ε��Ҥ�����ޤ���
- &os; �ϥ�ɥ֥å���
- <a href="&enbase;/doc/ja_JP.eucJP/books/handbook/x11.html">
- X Window System</a> �ξϡ�
- <a href="#cfbsd">The Complete &os;</a>,
- <a href="#ufti">UNIX for the Impatient</a>��</p></li>
-
<li><p>X ���ʤ褦��ư����뤳�Ȥ���ǽ�ˤʤ����ˡ�
������ɥ��ޥ͡����������ɬ�פ�����Ǥ��礦��
<a href="http://xwinman.org/">Window Managers for X</a>
diff --git a/ja_JP.eucJP/htdocs/releases/index.xml b/ja_JP.eucJP/htdocs/releases/index.xml
index 98c6fc3fc5..8da66d89fd 100644
--- a/ja_JP.eucJP/htdocs/releases/index.xml
+++ b/ja_JP.eucJP/htdocs/releases/index.xml
@@ -107,7 +107,7 @@
<a href="8.2R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/8.2R/relnotes.html">��������</a>:
<a href="&enbase;/releases/8.2R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/8.2R/readme.html">README</a>
+ <a href="&enbase;/releases/8.2R/readme.html">README</a>:
<a href="&enbase;/releases/8.2R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -117,7 +117,7 @@
<a href="&enbase;/releases/8.1R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/8.1R/relnotes.html">��������</a>:
<a href="&enbase;/releases/8.1R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/8.1R/readme.html">README</a>
+ <a href="&enbase;/releases/8.1R/readme.html">README</a>:
<a href="&enbase;/releases/8.1R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -129,7 +129,7 @@
<a href="&enbase;/releases/8.0R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/8.0R/relnotes.html">��������</a>:
<a href="&enbase;/releases/8.0R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/8.0R/readme.html">README</a>
+ <a href="&enbase;/releases/8.0R/readme.html">README</a>:
<a href="&enbase;/releases/8.0R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -139,7 +139,7 @@
<a href="&enbase;/releases/7.4R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/7.4R/relnotes.html">��������</a>:
<a href="&enbase;/releases/7.4R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/7.4R/readme.html">README</a>
+ <a href="&enbase;/releases/7.4R/readme.html">README</a>:
<a href="&enbase;/releases/7.4R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -149,7 +149,7 @@
<a href="&enbase;/releases/7.3R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/7.3R/relnotes.html">��������</a>:
<a href="&enbase;/releases/7.3R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/7.3R/readme.html">README</a>
+ <a href="&enbase;/releases/7.3R/readme.html">README</a>:
<a href="&enbase;/releases/7.3R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -159,7 +159,7 @@
<a href="&enbase;/releases/7.2R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/7.2R/relnotes.html">��������</a>:
<a href="&enbase;/releases/7.2R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/7.2R/readme.html">README</a>
+ <a href="&enbase;/releases/7.2R/readme.html">README</a>:
<a href="&enbase;/releases/7.2R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -169,7 +169,7 @@
<a href="&enbase;/releases/7.1R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/7.1R/relnotes.html">��������</a>:
<a href="&enbase;/releases/7.1R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/7.1R/readme.html">README</a>
+ <a href="&enbase;/releases/7.1R/readme.html">README</a>:
<a href="&enbase;/releases/7.1R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -179,7 +179,7 @@
<a href="&enbase;/releases/7.0R/announce.html">���ʥ���</a>:
<a href="&enbase;/releases/7.0R/relnotes.html">��������</a>:
<a href="&enbase;/releases/7.0R/hardware.html">�ϡ��ɥ������Ρ���</a>:
- <a href="&enbase;/releases/7.0R/readme.html">README</a>
+ <a href="&enbase;/releases/7.0R/readme.html">README</a>:
<a href="&enbase;/releases/7.0R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -190,7 +190,7 @@
<a href="&enbase;/releases/6.4R/relnotes.html">��������</a>:
<a href="&enbase;/releases/6.4R/hardware.html">�ϡ��ɥ������Ρ���</a>:
<a href="&enbase;/releases/6.4R/installation.html">���ȡ��륬����</a>:
- <a href="&enbase;/releases/6.4R/readme.html">README</a>
+ <a href="&enbase;/releases/6.4R/readme.html">README</a>:
<a href="&enbase;/releases/6.4R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -201,7 +201,7 @@
<a href="&enbase;/releases/6.3R/relnotes.html">��������</a>:
<a href="&enbase;/releases/6.3R/hardware.html">�ϡ��ɥ������Ρ���</a>:
<a href="&enbase;/releases/6.3R/installation.html">���ȡ��륬����</a>:
- <a href="&enbase;/releases/6.3R/readme.html">README</a>
+ <a href="&enbase;/releases/6.3R/readme.html">README</a>:
<a href="&enbase;/releases/6.3R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -212,7 +212,7 @@
<a href="&enbase;/releases/6.2R/relnotes.html">��������</a>:
<a href="&enbase;/releases/6.2R/hardware.html">�ϡ��ɥ������Ρ���</a>:
<a href="&enbase;/releases/6.2R/installation.html">���ȡ��륬����</a>:
- <a href="&enbase;/releases/6.2R/readme.html">README</a>
+ <a href="&enbase;/releases/6.2R/readme.html">README</a>:
<a href="&enbase;/releases/6.2R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -223,7 +223,7 @@
<a href="&enbase;/releases/6.1R/relnotes.html">��������</a>:
<a href="&enbase;/releases/6.1R/hardware.html">�ϡ��ɥ������Ρ���</a>:
<a href="&enbase;/releases/6.1R/installation.html">���ȡ��륬����</a>:
- <a href="&enbase;/releases/6.1R/readme.html">README</a>
+ <a href="&enbase;/releases/6.1R/readme.html">README</a>:
<a href="&enbase;/releases/6.1R/errata.html">Errata (����ɽ)</a>
</em>
</li>
@@ -234,7 +234,7 @@
<a href="&enbase;/releases/6.0R/relnotes.html">��������</a>:
<a href="&enbase;/releases/6.0R/hardware.html">�ϡ��ɥ������Ρ���</a>:
<a href="&enbase;/releases/6.0R/installation.html">���ȡ��륬����</a>:
- <a href="&enbase;/releases/6.0R/readme.html">README</a>
+ <a href="&enbase;/releases/6.0R/readme.html">README</a>:
<a href="&enbase;/releases/6.0R/errata.html">Errata (����ɽ)</a>
</em>
</li>
diff --git a/ja_JP.eucJP/htdocs/security/security.xml b/ja_JP.eucJP/htdocs/security/security.xml
index 86099685cc..5182804728 100644
--- a/ja_JP.eucJP/htdocs/security/security.xml
+++ b/ja_JP.eucJP/htdocs/security/security.xml
@@ -6,7 +6,7 @@
]>
<!-- $FreeBSD$ -->
<!-- The FreeBSD Japanese Documentation Project -->
-<!-- Original revision: r41257 -->
+<!-- Original revision: r41397 -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -90,10 +90,20 @@
������줿���ϡ����߰ʲ��Υ�륢�ɥ쥹���Ϥ��褦�ˤʤäƤ��ޤ���</p>
<table>
+ <tr valign="top">
+ <td>&a.des; <a
+ href="mailto:des@FreeBSD.org"><des@FreeBSD.org></a></td>
+ <td>�������ƥ����ե���</td>
+ </tr>
+ <tr valign="top">
+ <td>&a.delphij; <a
+ href="mailto:delphij@FreeBSD.org"><delphij@FreeBSD.org></a></td>
+ <td>�������ƥ����ե����亴</td>
+ </tr>
<tr valign="top">
<td>&a.simon; <a
href="mailto:simon@FreeBSD.org"><simon@FreeBSD.org></a></td>
- <td>�������ƥ����ե���</td>
+ <td>̾���������ƥ����ե���</td>
</tr>
<tr valign="top">
<td>&a.cperciva; <a
@@ -106,11 +116,6 @@
<td>�������˥���ij���<br/>
TrustedBSD �ץ��������Ⱦij��������ƥॻ�����ƥ��������ƥ�����������</td>
</tr>
- <tr valign="top">
- <td>&a.delphij; <a
- href="mailto:delphij@FreeBSD.org"><delphij@FreeBSD.org></a></td>
- <td>�������ƥ����ե����亴</td>
- </tr>
</table>
<p>�ޤ����������ƥ����ե��������Ф������ߥå������롼�פǤ���
@@ -272,13 +277,6 @@
<td>�ʤ�</td>
<td>�ǽ������� 2 ǯ</td>
</tr>
- <tr>
- <td>RELENG_9_0</td>
- <td>9.0-RELEASE</td>
- <td>Normal</td>
- <td>2012 ǯ 1 �� 10 ��</td>
- <td>2013 ǯ 3 �� 31 ��</td>
- </tr>
<tr>
<td>RELENG_9_1</td>
<td>9.1-RELEASE</td>
@@ -474,6 +472,13 @@
<td>2011 ǯ 2 �� 24 ��</td>
<td>2012 ǯ 7 �� 31 ��</td>
</tr>
+ <tr>
+ <td>RELENG_9_0</td>
+ <td>9.0-RELEASE</td>
+ <td>Normal</td>
+ <td>2012 ǯ 1 �� 10 ��</td>
+ <td>2013 ǯ 3 �� 31 ��</td>
+ </tr>
</table>
</body>
diff --git a/ja_JP.eucJP/htdocs/where.xml b/ja_JP.eucJP/htdocs/where.xml
index 7ddd956743..145d0c5f0e 100644
--- a/ja_JP.eucJP/htdocs/where.xml
+++ b/ja_JP.eucJP/htdocs/where.xml
@@ -5,7 +5,7 @@
<!ENTITY url.rel "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases">
]>
<!-- The FreeBSD Japanese Documentation Project -->
-<!-- Original revision: r41269 -->
+<!-- Original revision: r41400 -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -58,7 +58,7 @@
<tr style="text-align: center;">
<td colspan="2">�С������ȥץ�åȥե�����</td>
<td>���۸�</td>
- <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
+ <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
<td>����<br/>����</td>
<td>�ϡ��ɥ�����<br/>�Ρ���</td>
<td>���ȡ���<br/>������</td>
diff --git a/ja_JP.eucJP/share/xml/news.xml b/ja_JP.eucJP/share/xml/news.xml
index 720a402ca1..3477f5efc4 100644
--- a/ja_JP.eucJP/share/xml/news.xml
+++ b/ja_JP.eucJP/share/xml/news.xml
@@ -20,7 +20,7 @@
the contents of <title> will be preferred over <p>.
$FreeBSD$
- Original revision: r41225
+ Original revision: r41399
-->
<news>
<cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
@@ -30,9 +30,72 @@
<year>
<name>2013</name>
+ <month>
+ <name>4</name>
+
+ <day>
+ <name>10</name>
+
+ <event>
+ <title>&os; 8.4-RC1 ����</title>
+
+ <p>&os;-8.4 ������������κǽ�Υ������䤬��������ޤ�����
+ amd64, i386 ����� pc98 �������ƥ������ ISO ���������<a
+ href="&url.doc.base;/books/handbook/mirrors-ftp.html">&os;
+ �ߥ顼������</a> �� <a
+ href="&lists.stable;/2013-April/073070.html">����</a>
+ ����Ƥ��ޤ���</p>
+ </event>
+ </day>
+
+ <day>
+ <name>3</name>
+
+ <event>
+ <p>���ߥåȸ��¤γ���: <a
+ href="mailto:antoine@FreeBSD.org">Antoine Brodin</a>
+ (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>1</name>
+
+ <event>
+ <p>�����ߥå���Ǥ:
+ <a href="mailto:wg@FreeBSD.org">William Grzybowski</a> (ports)</p>
+ </event>
+ </day>
+ </month>
+
<month>
<name>3</name>
+ <day>
+ <name>27</name>
+
+ <event>
+ <p>���ߥåȸ����ϰϤγ���:
+ <a href="mailto:tijl@FreeBSD.org">Tijl Coosemans</a>
+ (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>22</name>
+
+ <event>
+ <title>&os; 8.4-BETA1 ����</title>
+
+ <p>&os;-8.4 ������������κǽ�Υƥ��ȥӥ�ɤ���������ޤ�����
+ amd64, i386 ����� pc98 �������ƥ������ ISO ���������<a
+ href="&url.doc.base;/books/handbook/mirrors-ftp.html">&os;
+ �ߥ顼������</a> �� <a
+ href="&lists.stable;/2013-March/072913.html">����</a>
+ ����Ƥ��ޤ���</p>
+ </event>
+ </day>
+
<day>
<name>14</name>
diff --git a/ja_JP.eucJP/share/xml/release.l10n.ent b/ja_JP.eucJP/share/xml/release.l10n.ent
index 5e44d49c9b..b43adee330 100644
--- a/ja_JP.eucJP/share/xml/release.l10n.ent
+++ b/ja_JP.eucJP/share/xml/release.l10n.ent
@@ -2,7 +2,7 @@
<!--
$FreeBSD$
- Original revision: r39919
+ Original revision: r41400
-->
<![%beta2.testing;[
@@ -12,7 +12,7 @@
<tr style="text-align: center;">
<td colspan="2">�С������ȥץ�åȥե�����</td>
<td>���۸�</td>
- <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
+ <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
<td>TODO List</td>
</tr>
</thead>
@@ -28,7 +28,7 @@
</tr>
<tr>
<td></td>
- <td>amd64</td>
+ <td>amd64<br/>(x86-64, x64)</td>
<td><a href="&url.rel;/amd64/amd64/&betarel2.current;-&betarel2.vers;">[���۸�]</a></td>
<td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&betarel2.current;/">[ISO]</a></td>
</tr>
@@ -85,40 +85,48 @@
<tr style="text-align: center;">
<td colspan="2">�С������ȥץ�åȥե�����</td>
<td>���۸�</td>
- <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#INSTALL-CDROM">ISO</a></td>
- <td>���ơ������ڡ���</td>
+ <td title="ISO9660 CD image"><a href="&enbase;/doc/ja_JP.eucJP/books/handbook/install-diff-media.html#install-cdrom">ISO</a></td>
+ <!--<td>���ơ������ڡ���</td>-->
</tr>
</thead>
<tbody>
<tr>
<td colspan="2">FreeBSD &betarel.current;-&betarel.vers;</td>
<td colspan="2"></td>
- <td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[View]</a></td>
+ <!--<td rowspan="7"><a href="http://wiki.freebsd.org/Releng/&betarel.current;TODO">[View]</a></td>-->
</tr>
<tr>
<td></td>
- <td>amd64</td>
- <td><a href="&url.rel;/amd64/amd64/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
- <td><a href="&url.rel;/amd64/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td>amd64<br/>(x86-64, x64)</td>
+ <td><a href="&url.rel;/amd64/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
+ <td><a href="&url.rel;/amd64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>i386</td>
- <td><a href="&url.rel;/i386/i386/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
- <td><a href="&url.rel;/i386/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/i386/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
+ <td><a href="&url.rel;/i386/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
+ <tr>
+ <td></td>
+ <td>pc98</td>
+ <td><a href="&url.rel;/pc98/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
+ <td><a href="&url.rel;/pc98/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ </tr>
+ <!--
<tr>
<td></td>
<td>sparc64</td>
- <td><a href="&url.rel;/sparc64/sparc64/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
- <td><a href="&url.rel;/sparc64/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/sparc64/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
+ <td><a href="&url.rel;/sparc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
<tr>
<td></td>
<td>powerpc64</td>
- <td><a href="&url.rel;/powerpc/powerpc64/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
- <td><a href="&url.rel;/powerpc/powerpc64/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
+ <td><a href="&url.rel;/powerpc/&betarel.current;-&betarel.vers;">[���۸�]</a></td>
+ <td><a href="&url.rel;/powerpc/ISO-IMAGES/&betarel.current;/">[ISO]</a></td>
</tr>
+ -->
</tbody>
</table>
@@ -126,4 +134,5 @@
</div>
'>
]]>
+
<!ENTITY beta.desc ''>
diff --git a/nl_NL.ISO8859-1/htdocs/about.xml b/nl_NL.ISO8859-1/htdocs/about.xml
index 4f17b84459..0906403c05 100644
--- a/nl_NL.ISO8859-1/htdocs/about.xml
+++ b/nl_NL.ISO8859-1/htdocs/about.xml
@@ -6,7 +6,7 @@
<!--
Vertaald door: Rene Ladan
%SOURCE% en_US.ISO8859-1/htdocs/about.xml
- %SRCID% 40760
+ %SRCID% 41251
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -19,8 +19,8 @@
<h2>Wat is &os;?</h2>
- <p>&os; is een geavanceerd besturingssysteem voor x86-compatibele
- (inclusief Pentium® en Athlon™), amd64-compatibele
+ <p>&os; is een geavanceerd besturingssysteem voor x86-compatibele (inclusief
+ Pentium® en Athlon™), amd64-, x86-64-, en x64-compatibele
(inclusief Opteron™, Athlon™64, en EM64T), ARM, IA-64,
PowerPC, PC-98 en UltraSPARC® architecturen. Het is afgeleid
van BSD, de versie van &unix; ontwikkeld op de University of California,
diff --git a/nl_NL.ISO8859-1/htdocs/administration.xml b/nl_NL.ISO8859-1/htdocs/administration.xml
index a12df9fe3b..39e11300b1 100644
--- a/nl_NL.ISO8859-1/htdocs/administration.xml
+++ b/nl_NL.ISO8859-1/htdocs/administration.xml
@@ -3,10 +3,13 @@
"http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
<!ENTITY title "&os; Project Regelgeving en Beheer">
]>
+<!-- NOOT: Als er een alias dat vermeld is op deze pagina wordt gewijzigd in
+ /etc/aliases op de mailserver van het FreeBSD Project, dan moet
+ deze pagina worden bijgewerkt. -->
<!--
Vertaald door: Rene Ladan
%SOURCE% en_US.ISO8859-1/htdocs/administration.xml
- %SRCID% 41185
+ %SRCID% 41260
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -232,10 +235,9 @@
<ul>
<li>&a.benl; <<a href="mailto:benl@FreeBSD.org">benl@FreeBSD.org</a>></li>
- <li>&a.bz; <<a href="mailto:bz@FreeBSD.org">bz@FreeBSD.org</a>></li>
- <li>&a.cperciva; <<a href="mailto:cperciva@FreeBSD.org">cperciva@FreeBSD.org</a>></li>
+ <li>&a.cperciva; <<a href="mailto:cperciva@FreeBSD.org">cperciva@FreeBSD.org</a>> (Emeritus Officier)</li>
<li>&a.csjp; <<a href="mailto:csjp@FreeBSD.org">csjp@FreeBSD.org</a>></li>
- <li>&a.delphij; <<a href="mailto:delphij@FreeBSD.org">delphij@FreeBSD.org</a>></li>
+ <li>&a.delphij; <<a href="mailto:delphij@FreeBSD.org">delphij@FreeBSD.org</a>> (Hulpofficier)</li>
<li>&a.des; <<a href="mailto:des@FreeBSD.org">des@FreeBSD.org</a>></li>
<li>&a.gavin; <<a href="mailto:gavin@FreeBSD.org">gavin@FreeBSD.org</a>></li>
<li>&a.jonathan; <<a href="mailto:jonathan@FreeBSD.org">jonathan@FreeBSD.org</a>></li>
@@ -245,6 +247,7 @@
<li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>>
(Officier)</li>
<li>&a.stas; <<a href="mailto:stas@FreeBSD.org">stas@FreeBSD.org</a>></li>
+ <li>&a.trasz; <<a href="mailto:trasz@FreeBSD.org">trasz@FreeBSD.org</a>></li>
</ul>
<h3><a name="t-vendor">Verkopersrelaties</a>
@@ -315,9 +318,7 @@
entiteit.</p>
<ul>
- <li>&a.markm; <<a href="mailto:markm@FreeBSD.org">markm@FreeBSD.org</a>></li>
<li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>></li>
- <li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
<li>&a.dhw; <<a href="mailto:dhw@FreeBSD.org">dhw@FreeBSD.org</a>></li>
</ul>
@@ -329,7 +330,6 @@
<ul>
<li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>></li>
- <li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
<li>&a.dhw; <<a href="mailto:dhw@FreeBSD.org">dhw@FreeBSD.org</a>></li>
</ul>
@@ -380,7 +380,6 @@
<ul>
<li>&a.kuriyama; <<a href="mailto:kuriyama@FreeBSD.org">kuriyama@FreeBSD.org</a>></li>
- <li>&a.jdp; <<a href="mailto:jdp@FreeBSD.org">jdp@FreeBSD.org</a>></li>
<li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
</ul>
@@ -392,10 +391,10 @@
aanverwante diensten.</p>
<ul>
- <li>&a.dg; <<a href="mailto:dg@FreeBSD.org">dg@FreeBSD.org</a>></li>
- <li>&a.ps; <<a href="mailto:ps@FreeBSD.org">ps@FreeBSD.org</a>></li>
- <li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
+ <li>&a.brd; <<a href="mailto:brd@FreeBSD.org">brd@FreeBSD.org</a>></li>
+ <li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>></li>
<li>&a.peter; <<a href="mailto:peter@FreeBSD.org">peter@FreeBSD.org</a>></li>
+ <li>&a.bz; <<a href="mailto:bz@FreeBSD.org">bz@FreeBSD.org</a>></li>
</ul>
<h3><a name="t-mirror-admin">FTP/WWW Mirror Site Co�rdinatoren</a>
@@ -409,8 +408,11 @@
vinden.</p>
<ul>
+ <li>&a.brd; <<a href="mailto:brd@FreeBSD.org">brd@FreeBSD.org</a>></li>
<li>&a.kuriyama; <<a href="mailto:kuriyama@FreeBSD.org">kuriyama@FreeBSD.org</a>></li>
+ <li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>></li>
<li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
+ <li>&a.bz; <<a href="mailto:bz@FreeBSD.org">bz@FreeBSD.org</a>></li>
</ul>
<h3><a name="t-perforce-admin">Perforce Reservoir Beheerders</a>
@@ -422,7 +424,7 @@
niet-committers dienen aan de perforce-beheerders gericht te worden.</p>
<ul>
- <li>&a.scottl; <<a href="mailto:scottl@FreeBSD.org">scottl@FreeBSD.org</a>></li>
+ <li>&a.gibbs; <<a href="mailto:gibbs@FreeBSD.org">gibbs@FreeBSD.org</a>></li>
<li>&a.kensmith; <<a href="mailto:kensmith@FreeBSD.org">kensmith@FreeBSD.org</a>></li>
<li>&a.gordon; <<a href="mailto:gordon@FreeBSD.org">gordon@FreeBSD.org</a>></li>
<li>&a.rwatson; <<a href="mailto:rwatson@FreeBSD.org">rwatson@FreeBSD.org</a>></li>
@@ -473,6 +475,7 @@
<li>&a.simon; <<a href="mailto:simon@FreeBSD.org">simon@FreeBSD.org</a>></li>
<li>&a.jesusr; <<a href="mailto:jesusr@FreeBSD.org">jesusr@FreeBSD.org</a>></li>
<li>&a.wosch; <<a href="mailto:wosch@FreeBSD.org">wosch@FreeBSD.org</a>></li>
+ <li>&a.don; <<a href="mailto:don@FreeBSD.org">don@FreeBSD.org</a>></li>
</ul>
</body>
diff --git a/pt_BR.ISO8859-1/articles/freebsd-update-server/article.xml b/pt_BR.ISO8859-1/articles/freebsd-update-server/article.xml
index 3874dfd920..a4c5c39a62 100644
--- a/pt_BR.ISO8859-1/articles/freebsd-update-server/article.xml
+++ b/pt_BR.ISO8859-1/articles/freebsd-update-server/article.xml
@@ -8,7 +8,7 @@
The FreeBSD Documentation Project
The FreeBSD Brazilian Portuguese Documentation Project
- Original revision: r39646
+ Original revision: r41162
-->
@@ -28,6 +28,7 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
+ <year>2013</year>
<holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder>
</copyright>
@@ -46,8 +47,8 @@
<abstract>
<para>Este artigo descreve como construir um &fbus.ap; para uso
interno na sua organiza��o. O software <ulink
- url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
- foi escrito pelo &a.cperciva;, atualmente Chefe de Seguran�a do
+ url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
+ foi escrito pelo &a.cperciva;, Chefe de Seguran�a em�rito do
&os;. Para usu�rios que acreditam que � conveniente atualizar
seus sistemas a partir de um servidor oficial de atualiza��o,
construir o seu pr�prio &fbus.ap; pode ajud�-lo a estender suas
@@ -129,13 +130,13 @@
<sect1 id="Configuration">
<title>Instala��o & Configura��o</title>
- <para>Fa�a o download do software <ulink
- url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
- como um <ulink
- url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/freebsd-update-server.tar.gz?tarball=1">arquivo tar</ulink>,
- ou use &man.csup.1; e o acervo
- <literal>projects-all</literal>.</para>
+ <para>Para efetuar o download do software <ulink
+ url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
+ instale o <filename role="package">devel/subversion</filename> e
+ execute:</para>
+ <screen>&prompt.user; <userinput>svn co http://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput></screen>
+
<para>Atualize o <filename>scripts/build.conf</filename> de forma
adequada. Ele � usado durante as opera��es de
compila��o.</para>
@@ -376,8 +377,8 @@ world|base|/usr/lib/libalias_ftp.a
<warning>
<para>Durante a segunda compila��o, o servi�o de network time
protocol, &man.ntpd.8; ser� desligado. De acordo com
- &a.cperciva;, atualmente Chefe de Seguran�a do &os;, "o <ulink
- url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
+ &a.cperciva;, Chefe de Seguran�a em�rito do &os;, "o <ulink
+ url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
compila c�digos necess�rios para identificar os
<literal>timestamps</literal>, os quais s�o armazenadas em
arquivos, de modo que estes �ltimos podem ser ignorados quando
@@ -794,24 +795,14 @@ make -j 2 obj &&
make ${COMPATFLAGS} release.1 release.2 2>&1</screen>
</listitem>
- <listitem>
-
- <para>Crie uma regra de <ulink
- url="&url.books.handbook;/firewalls.html">firewall</ulink>
- para bloquear os pacotes RST saintes. Devido a um problema
- observado <ulink
- url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">em uma discuss�o</ulink>
- na &a.stable; em Abril de 2009, podem ocorrer alguns
- problema de timeouts e falhas ao atualizar o sistema</para>
- </listitem>
-
<listitem>
<para>Crie uma entrada SRV apropriada no <ulink
url="&url.books.handbook;/network-dns.html">DNS</ulink>
para o servidor de atualiza��o, e coloque outros servidores
com pesos variados. Usar este recurso ir� permitir que voc�
distribua a carga do processo de atualiza��o entre v�rios
- servidores.</para>
+ servidores, entretanto esta dica n�o ser� necess�ria a menos
+ que voc� deseje prover um servi�o redundante.</para>
<screen>
_http._tcp.update.myserver.com. IN SRV 0 2 80 host1.myserver.com.
diff --git a/ru_RU.KOI8-R/htdocs/ports/Makefile b/ru_RU.KOI8-R/htdocs/ports/Makefile
index ec7c8c3186..35620dc89c 100644
--- a/ru_RU.KOI8-R/htdocs/ports/Makefile
+++ b/ru_RU.KOI8-R/htdocs/ports/Makefile
@@ -32,7 +32,7 @@ ${INDEX}:
.endif
HOSTNAME!= hostname
-.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org"
+.if ${HOSTNAME} == "hub.freebsd.org" || ${HOSTNAME} == "freefall.freebsd.org" || ${HOSTNAME} == "www.freebsd.org" || ${HOSTNAME} == "build-web.stream.FreeBSD.org"
CLUSTER_MACHINE= YES
.endif
diff --git a/ru_RU.KOI8-R/htdocs/releng/index.xml b/ru_RU.KOI8-R/htdocs/releng/index.xml
index d7ac407f87..ecbcc51c6a 100644
--- a/ru_RU.KOI8-R/htdocs/releng/index.xml
+++ b/ru_RU.KOI8-R/htdocs/releng/index.xml
@@ -16,7 +16,7 @@
$FreeBSDru: frdp/www/ru/releng/index.xml,v 1.15 2004/09/21 07:31:11 den Exp $
- Original revision: 38826
+ Original revision: 41155
-->
<html xmlns="http://www.w3.org/1999/xhtml">
@@ -58,9 +58,15 @@
</tr>
<tr>
- <td>2012</td>
- <td>&os; 9.1</td>
- <td>���������� ����������.</td>
+ <td>TBD</td>
+ <td>&os; 8.4</td>
+ <td><a href="&enbase;/releases/8.4R/schedule.html">���������� �������</a></td>
+ </tr>
+
+ <tr>
+ <td>TBD</td>
+ <td>&os; 9.2</td>
+ <td><!-- <a href="&enbase;/releases/9.2R/schedule.html">���������� �������</a> --></td>
</tr>
</table>
@@ -70,8 +76,8 @@
��������� <tt>src/</tt> CVS-��������� FreeBSD. ��� ��������� �
����� �� �����, ���������� ��� "����������", ������� ������ ����
����������� � ������������ ��������������� ���������� ��������. ���������
- ������ �����������, �����, ��� <tt>ports/</tt>, <tt>doc/</tt> �
- <tt>www/</tt> ����� ���� ����.</p>
+ ������ �����������, ����� ��� <tt>ports/</tt> � <tt>doc/</tt>,
+ ����� ���� ����.</p>
<table class="tblbasic">
<tr>
@@ -95,6 +101,13 @@
<td>����� ���������� 9-STABLE.</td>
</tr>
+ <tr>
+ <td><tt>releng/9.1</tt></td>
+ <td>����������</td>
+ <td>&contact.so;</td>
+ <td>�������������� ����� ��� ����������� ������ FreeBSD 9.1.</td>
+ </tr>
+
<tr>
<td><tt>releng/9.0</tt></td>
<td>����������</td>
@@ -120,14 +133,16 @@
<td><tt>RELENG_8_2</tt></td>
<td>����������</td>
<td>&contact.so;</td>
- <td>�������������� ����� ��� ����������� ������ FreeBSD 8.2.</td>
+ <td>����� ��� ����������� ������ FreeBSD 8.2 (���������� ��
+ ��������������).</td>
</tr>
<tr>
<td><tt>RELENG_8_1</tt></td>
<td>����������</td>
<td>&contact.so;</td>
- <td>�������������� ����� ��� ����������� ������ FreeBSD 8.1.</td>
+ <td>����� ��� ����������� ������ FreeBSD 8.1 (���������� ��
+ ��������������).</td>
</tr>
<tr>
@@ -142,14 +157,16 @@
<td><tt>RELENG_7</tt></td>
<td>�������</td>
<td>������������</td>
- <td>����� ���������� 7-STABLE.</td>
+ <td>����� ������������� 7-STABLE (���������� ��
+ ��������������).</td>
</tr>
<tr>
<td><tt>RELENG_7_4</tt></td>
<td>����������</td>
<td>&contact.so;</td>
- <td>�������������� ����� ��� ����������� ������ FreeBSD 7.4.</td>
+ <td>����� ��� ����������� ������ FreeBSD 7.4 (���������� ��
+ ��������������).</td>
</tr>
<tr>
@@ -188,7 +205,7 @@
<td><tt>RELENG_6</tt></td>
<td>�������</td>
<td>������������</td>
- <td>����� ������������� ��� 6-STABLE (���������� ��
+ <td>����� ������������� 6-STABLE (���������� ��
��������������).</td>
</tr>
@@ -400,13 +417,6 @@
<td>&contact.doc;</td>
<td>����� ������������ �� ������ SGML/XML.</td>
</tr>
-
- <tr>
- <td><tt>www/</tt></td>
- <td>�������</td>
- <td>&contact.www;</td>
- <td>�������� ������ ��� ����� FreeBSD.</td>
- </tr>
</table>
<h2><a name="docs" id="docs">������������ �� ���������� �������</a></h2>
@@ -472,13 +482,11 @@
FreeBSD?</p>
<p>������ FreeBSD �� ������������ ���������������� ������������ �����
- ������� ISO ������ �������, ������ ����� ���� ����� �������. ��-������,
- ������� ��������� ������ ������� (������ ��������� ������� �������)
- ��������� �����: <a
+ ������� ISO ������ �������, ������ ���� �ݣ ����� ���������.
+ ������� ��������� ������ ������� (������ ��������� ������� �������)
+ ��������� �� ����� ������: <a
href="ftp://ftp-archive.FreeBSD.org/pub/FreeBSD-Archive/old-releases/">
ftp://ftp-archive.FreeBSD.org/pub/FreeBSD-Archive/old-releases/</a>.
- ��-������, ���������� �������� �� ����� <a
- href="http://mirrorlist.FreeBSD.org">http://mirrorlist.FreeBSD.org</a>.
���� �� �� ������ ����� ������� FTP,
�� ������� �ӣ �ݣ �������� ������� �����, �� ������ �������� �����������
�������-������, ���� �� � ��� ������ ������. � �������� 2002 ���� ��� ���
diff --git a/ru_RU.KOI8-R/htdocs/security/security.xml b/ru_RU.KOI8-R/htdocs/security/security.xml
index d0ece879ed..ed093d99bf 100644
--- a/ru_RU.KOI8-R/htdocs/security/security.xml
+++ b/ru_RU.KOI8-R/htdocs/security/security.xml
@@ -10,7 +10,7 @@
$FreeBSD$
$FreeBSDru: frdp/www/ru/security/security.xml,v 1.33 2004/09/21 07:31:12 den Exp $
- Original revision: 40129
+ Original revision: 41351
-->
<html xmlns="http://www.w3.org/1999/xhtml">
@@ -120,6 +120,11 @@
������������� ������� TrustedBSD, ������� �� ����������� ���������
������������</td>
</tr>
+ <tr valign="top">
+ <td>&a.delphij; <a
+ href="mailto:delphij@FreeBSD.org"><delphij@FreeBSD.org></a></td>
+ <td>����������� ������� �������������� ������������</td>
+ </tr>
</table>
<p>������ �������������� ������������ �������������� <a
@@ -254,20 +259,6 @@
<th>���� ������</th>
<th>��������� ��������� ����� �����</th>
</tr>
- <tr>
- <td>RELENG_7</td>
- <td>n/a</td>
- <td>n/a</td>
- <td>n/a</td>
- <td>28 ������� 2013</td>
- </tr>
- <tr>
- <td>RELENG_7_4</td>
- <td>7.4-RELEASE</td>
- <td>�����������</td>
- <td>24 ������� 2011</td>
- <td>28 ������� 2013</td>
- </tr>
<tr>
<td>RELENG_8</td>
<td>n/a</td>
@@ -290,11 +281,11 @@
<td>��������� ����� + 2 ����</td>
</tr>
<tr>
- <td>RELENG_9_0</td>
- <td>9.0-RELEASE</td>
- <td>�������</td>
- <td>10 ������ 2012</td>
- <td>31 ����� 2013</td>
+ <td>RELENG_9_1</td>
+ <td>9.1-RELEASE</td>
+ <td>�����������</td>
+ <td>30 ������� 2012</td>
+ <td>31 ������� 2014</td>
</tr>
</table>
@@ -418,6 +409,13 @@
<td>28 ������ 2008</td>
<td>30 ������ 2010</td>
</tr>
+ <tr>
+ <td>RELENG_7</td>
+ <td>n/a</td>
+ <td>n/a</td>
+ <td>n/a</td>
+ <td>28 ������� 2013</td>
+ </tr>
<tr>
<td>RELENG_7_0</td>
<td>7.0-RELEASE</td>
@@ -446,6 +444,13 @@
<td>23 ����� 2010</td>
<td>31 ����� 2012</td>
</tr>
+ <tr>
+ <td>RELENG_7_4</td>
+ <td>7.4-RELEASE</td>
+ <td>�����������</td>
+ <td>24 ������� 2011</td>
+ <td>28 ������� 2013</td>
+ </tr>
<tr>
<td>RELENG_8_0</td>
<td>8.0-RELEASE</td>
@@ -467,6 +472,13 @@
<td>24 ������� 2011</td>
<td>31 ���� 2012</td>
</tr>
+ <tr>
+ <td>RELENG_9_0</td>
+ <td>9.0-RELEASE</td>
+ <td>�������</td>
+ <td>10 ������ 2012</td>
+ <td>31 ����� 2013</td>
+ </tr>
</table>
</body>
diff --git a/ru_RU.KOI8-R/share/xml/l10n.ent b/ru_RU.KOI8-R/share/xml/l10n.ent
index 3a7846bbb5..97391360b0 100644
--- a/ru_RU.KOI8-R/share/xml/l10n.ent
+++ b/ru_RU.KOI8-R/share/xml/l10n.ent
@@ -25,7 +25,7 @@
<!ENTITY url.doc.langcode 'ru_RU.KOI8-R'>
<!ENTITY xml.encoding 'koi8-r'>
-<!ENTITY rel.current.date '������ 2012'>
+<!ENTITY rel.current.date '������� 2012'>
<!-- URLs to information on the latest release -->
<!ENTITY u.rel.notes '&enbase;/releases/&rel.current;R/relnotes.html'>
diff --git a/share/pgpkeys/des.key b/share/pgpkeys/des.key
index 8137329ea9..aa66033bed 100644
--- a/share/pgpkeys/des.key
+++ b/share/pgpkeys/des.key
@@ -43,28 +43,31 @@ jw/z0DhdBaaf/59JiEYEEBECAAYFAlEiG7QACgkQ20zMSyow1yl9+gCfaBxoRVna
DjU86WOczePMRR4N+3wAn1jBe0v8M+fsu3FFgf3wTeVj1AwKiEYEEBECAAYFAlEj
PyMACgkQMb2z3Qo1ykh5tACfZG5thQCbK9G3Yc5+WoTDdkIGM/YAn3/VJfnL7UGe
19O+DycgxF5+GF4BiEYEExECAAYFAlEnxdwACgkQnEF2jC40NZ/p8gCfb/ux1BxT
-cxyKeIQRXpBoxrbh8+sAniSgOgRukbXaNzi264RfPzk0OST+tCZEYWctRXJsaW5n
-IFNtw7hyZ3JhdiA8ZGVzQGZyZWVic2Qub3JnPokCPgQTAQIAKAUCUR4FiwIbAwUJ
-A4aK3wYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQu5tHG/lOh7JD6w/+KSs9
-hAA1GQqq1V4viDGtqgnAXTjDezzfFdDa13VYK4DHPHUrcArNUUJ/M1pdPcAT60Bf
-rVNF6yFNClTZmVd81/K/Cxj4wT5PbPRtUgNY8dRgPJpy5iCbtnW+4Kr2/mFCzJOX
-9uNgsIhpFy6vw1Nx2HYhXjYcfNaxm+uUKZ53iSR0AW462EsJkdQzFrlT/nyhhtFZ
-pcrS4lCv40ms4SH2IQHfSWZqw6LeR7oklVCBSiXyKTXP9Dfs5VUcjhYQ1ZljTNPC
-Vmr6/nBXinzva75amHhoxPu0atHpcdqvSVcSbcp3t4Ce5rElIi/iVeVSrOcsAXAK
-vqp+17M3iiCCxZCQfk28S/FJqK/GS+RGMzEJQyELEUK/b5HMmLfzIya6sV4+wOzE
-hdyqAr+UFI/+ddHHCPZj0LsbVzcoQQJJNE3LPfaJ3IpBkFN7mE8iSthZnwvU6Fro
-BoA7BW2J+09a7CH3yZXL+AhF0wU7627cZF+yF3J/E6eRd0hXHwg62EGQ4hso9EOi
-gnKku8NTzzpilWyQxvrw+Yu+YcDVERsvTpkG1Br7yX0eIi/mU7L0S+8QD5nruLqz
-G5wprygWfmjHe61FEVYX4AeYoGnRAAMgHETVs43e7C1Kor6vAkEdABQvjEylkpzt
-mA+rNxcQzSfkOWHlFk02u9pk01kcQDY2lNx05C6IRgQQEQIABgUCUR4F/AAKCRAw
-1DpuZOviICm/AJ4/6OrGNhVnY//y4BF3EkYAcvef4QCfctk6IlzbKo/HmVLEda6f
-eIYzKDmIRgQQEQIABgUCUSDAKAAKCRCMKgqteNriyGNnAJ9EfvK/Mo80TSNzJJrM
-AEbcDpacZgCePJiKCrmyI3E2rSChz5pQ+LjrmUyIRgQQEQIABgUCUSIbtAAKCRDb
-TMxLKjDXKXoxAJ43qP0Lp4F9eA5KR/e5S/cSWZ/leQCeM+RVI8WDr92fRaE9skT/
-soc21p6IRgQQEQIABgUCUSM/IwAKCRAxvbPdCjXKSGJeAKDMVmTkBtg/cOYvTacH
-jekRD1TQOACdEyzYHGRSX0Lf8vj9a/+S+ZWKXGeIRgQTEQIABgUCUSfF3AAKCRCc
-QXaMLjQ1nwDqAJ0c4siPyNX1g73tOl0B6XiWAgY93wCggWnbGF9XUe8uXh5hhya0
-pDlCwAO0JkRhZy1FcmxpbmcgU23DuHJncmF2IDxkZXNAdXNpdC51aW8ubm8+iQI+
+cxyKeIQRXpBoxrbh8+sAniSgOgRukbXaNzi264RfPzk0OST+iEYEEBECAAYFAlFd
+kG0ACgkQFdaIBMps37Ic/QCgi3VlZ46hhbq3ax8gQpQOUnwjHXkAn1po/zqH3968
+3MQj6Wqv++rVzdSetCZEYWctRXJsaW5nIFNtw7hyZ3JhdiA8ZGVzQGZyZWVic2Qu
+b3JnPokCPgQTAQIAKAUCUR4FiwIbAwUJA4aK3wYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQu5tHG/lOh7JD6w/+KSs9hAA1GQqq1V4viDGtqgnAXTjDezzfFdDa
+13VYK4DHPHUrcArNUUJ/M1pdPcAT60BfrVNF6yFNClTZmVd81/K/Cxj4wT5PbPRt
+UgNY8dRgPJpy5iCbtnW+4Kr2/mFCzJOX9uNgsIhpFy6vw1Nx2HYhXjYcfNaxm+uU
+KZ53iSR0AW462EsJkdQzFrlT/nyhhtFZpcrS4lCv40ms4SH2IQHfSWZqw6LeR7ok
+lVCBSiXyKTXP9Dfs5VUcjhYQ1ZljTNPCVmr6/nBXinzva75amHhoxPu0atHpcdqv
+SVcSbcp3t4Ce5rElIi/iVeVSrOcsAXAKvqp+17M3iiCCxZCQfk28S/FJqK/GS+RG
+MzEJQyELEUK/b5HMmLfzIya6sV4+wOzEhdyqAr+UFI/+ddHHCPZj0LsbVzcoQQJJ
+NE3LPfaJ3IpBkFN7mE8iSthZnwvU6FroBoA7BW2J+09a7CH3yZXL+AhF0wU7627c
+ZF+yF3J/E6eRd0hXHwg62EGQ4hso9EOignKku8NTzzpilWyQxvrw+Yu+YcDVERsv
+TpkG1Br7yX0eIi/mU7L0S+8QD5nruLqzG5wprygWfmjHe61FEVYX4AeYoGnRAAMg
+HETVs43e7C1Kor6vAkEdABQvjEylkpztmA+rNxcQzSfkOWHlFk02u9pk01kcQDY2
+lNx05C6IRgQQEQIABgUCUR4F/AAKCRAw1DpuZOviICm/AJ4/6OrGNhVnY//y4BF3
+EkYAcvef4QCfctk6IlzbKo/HmVLEda6feIYzKDmIRgQQEQIABgUCUSDAKAAKCRCM
+KgqteNriyGNnAJ9EfvK/Mo80TSNzJJrMAEbcDpacZgCePJiKCrmyI3E2rSChz5pQ
++LjrmUyIRgQQEQIABgUCUSIbtAAKCRDbTMxLKjDXKXoxAJ43qP0Lp4F9eA5KR/e5
+S/cSWZ/leQCeM+RVI8WDr92fRaE9skT/soc21p6IRgQQEQIABgUCUSM/IwAKCRAx
+vbPdCjXKSGJeAKDMVmTkBtg/cOYvTacHjekRD1TQOACdEyzYHGRSX0Lf8vj9a/+S
++ZWKXGeIRgQTEQIABgUCUSfF3AAKCRCcQXaMLjQ1nwDqAJ0c4siPyNX1g73tOl0B
+6XiWAgY93wCggWnbGF9XUe8uXh5hhya0pDlCwAOIRgQQEQIABgUCUV2QbQAKCRAV
+1ogEymzfsvMdAJ9wLFOhC+Qdn5QVe84X7LRlvgTL/gCgnijoqTBxXY5brT+UaMzw
+6y3vg2i0JkRhZy1FcmxpbmcgU23DuHJncmF2IDxkZXNAdXNpdC51aW8ubm8+iQI+
BBMBAgAoBQJRHgXGAhsDBQkDhorfBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRC7m0cb+U6HspLJD/9QOrhIw9opMlbU/xcJgyumIO1SIYW/hiXBC7fYk8p8Yw66
ii8Sd3QuUbJ1dZI0q6jkL49shxD7q/DEo1WxnY2nj0j50mo0MVcp1qrPeA3eusAs
@@ -84,126 +87,129 @@ BBARAgAGBQJRIhu0AAoJENtMzEsqMNcp9z0AoL0WdPFK/WkcfMyPFTeRn0EzUBSM
AJ0QmJTVv8/resNcpr/6wxfk0XQEpohGBBARAgAGBQJRIz8jAAoJEDG9s90KNcpI
XroAnjZcF/pkawalXzZl11Bc08OgUG+LAKC0RjxrhZ1O/z0dlt6URb7/xljfFohG
BBMRAgAGBQJRJ8XcAAoJEJxBdowuNDWfg74AniggyvpQWt3D78yGKz32qmy8YaXL
-AJ98H+qfuKs7AyLMliIdTa5RLLN9nNHR/tH8ARAAAQEAAAAAAAAAAAAAAAD/2P/g
-ABBKRklGAAEBAQBIAEgAAP/bAEMADQkKCwoIDQsKCw4ODQ8TIBUTEhITJxweFyAu
-KTEwLiktLDM6Sj4zNkY3LC1AV0FGTE5SU1IyPlphWlBgSlFST//CAAsIASAA8AEB
-EQD/xAAaAAEAAwEBAQAAAAAAAAAAAAAAAQIDBAUG/9oACAEBAAAAAfpwAAAAAApx
-0trprYAAAjz+W9tb2nXWQAAR49a2vteZtfawAAeVz0nW99JWtptIABj49K6a3ve0
-Wm+uoAB5nLivrppomZa7SAA8XGjS+t9JtKNdbgAR4NIX000vNrGl9QAMPGrSb6a3
-s2mYtfcADj8utJ010mb6Ui2t95ABx+TFaynbXemN9NtemQAcvjRSiNsOzv4vO6Ov
-r3t0AA+bmMsdNduPq9DDm67ab6ayAHzdqr2vHF098Sva2usgB4fn9Nei0V49+6+b
-XWZ6ZADwvP6G+seT0aejbn5fR0tfokAPO8iWm/ncltPUpbk6e7XfaQAx+eytrjw1
-jbpi2Wnsa91gAOT5p2V5eX0ujXTyNp7+nvAAR8rzadjLn7LurlaevuAAfOeZG21r
-WtrPHbv9eQADwPIwno6Lr7Z46fQ6gAEeD5nLnfo6OnSMKex6YAAy8Hm8/OL9HWvT
-X6HUAAeV5+XNy0i28219T25BEgYeHWlac2VTXp6/W7gISHD83w29DotEY8jp6+70
-NQESZeH5FaVjs9Totfnxt1dFOzQAed4nJSERGntd1rUi17eR9BYB895mUIERHf7P
-SiZp896PsbgfEVggCtvS9bpZ+Jy9GvoeloHw8ICCUROt81tdLX9H07nwyAITKBNp
-tpaZ19X0Z+DWTAEhJM3tK09XvfEFxEhMSC02tKLej//EACcQAAICAQMDBQEBAQEA
-AAAAAAECAAMRBBASEyEwICIxQEEyFDNQ/9oACAEBAAEFAv8AyWZVh1GZzsMHKAtO
-ZgIP17NR34zOw9AP1bbja3ZRsIPSIDn6Wpsyf4X0j61rcK1hPeDYesQfPn1R7/A2
-EEH2LfdcfQNh4F8355hB8+W44q3Gw9IHoHn1P/P82Gw9AnKdRZzEDbfnl1P/ADEO
-2ZkzFhgDiBpnYzpKYKROOIs/PLqO9Qhh26oWf6GJL2Ac8yra1uMdnEqdzEtyRsjE
-+WxuTrGhh5ELWuBXWCcGEd6p8ixczjiLxhUGAQRPK4xqB8nbjmcJgQntK4PQNhE8
-uq7WoTygg3fCjOYsXbkMwb1eXWj3jso/mLsxCgvzf8SJ8S1chLIjb1+XVLHi/wAw
-GZxLn5TlOtK7u62DH+lc9ZY/uNNmZmflfx5LU51uOMVu0WWMckEzgZ0jEqOTU5bo
-NOliDsR/SfHzAMDy31h0mYhEtX3WVHCRagXWholbFekuba+pa1CotIimVd289ow7
-RTCcoDHQNOGDXyUe7BSIoUX/AAv8iVD2+fUr74Dic4pnKc4HWdQCC4Qv2PfaheR+
-hf3LbZiGZEwDOEVJjE/WxKxylacF+g8sHfZTMxTmDEEcQntNIn0bDhDH7g75imZ7
-BoXnLJrErGE+hqHyYY4h3zA85TOSqkylct57bVqU68luXLciFYRtiYmIixEzNOuP
-PbqUrl9zXNASprtDTExOE6UemFSIFJgECyteyfHkexaxfqWaMc+mu7ETDDExMRqg
-Z0otfcLta7VqjB18VupCx7ckn1o7IadQr+jExuRyXR29OAhh4LtSzxm8dWpZZXal
-nqd+CKe9VpQpar+A+UEg16tliX1vuzBZfd1CIDA2JXqCIrq31hY6zrWTJO4mdgxE
-r1UVgw+6rlTXqQYDnfP2syu5kiOHXYfb0tvGz//EACkQAAEDAwQBBAIDAQAAAAAA
-AAEAESECMUAQEiAwIjJBUWEDUBNxgZH/2gAIAQEABj8C/U+RZeFLq7L1K6kZG38U
-/aesuczZ+P0/KYdMYf8AHT/qb363wSU5zRTnHOfNq/VXx40up43OCeTCn7Q3UwVH
-Al18w6Y6z21fPCNHKs6gcJC9KtgV5x5zmuV9Y4q6LasNN1N8EjjtHCysrKSoKBGj
-d5gPw3J6CvIpty9afchKAosLqL4ZHGyvUD/aYVlNuKni/wA4B5W1gKcQ9n2mzGRq
-OCeluAwWHt2AYD1I+wUZbCSnJ0hMYPOynAeoqIHJqpCcdIrpsLhbqbdbUSVMnocJ
-jB6CD7rabJx0tYdjVeQXieROkL7xYXmNyir/ALrJTC3DyleJxoqIXrPNwmrT0nOc
-FNWozoW4ZzexX//EACoQAAICAQMEAgEFAAMAAAAAAAABESExEEFRMEBhcSCBoZGx
-wdHhUPDx/9oACAEBAAE/If8AiUsoQwHeTN0voNucS5+xf0BhH27HAluMpBrhQnqR
-kas2hNNSuzbhSzFrdyP3SyRaGESSJjb5fuISV2T5kJKNlkkViEIw1RMCewTlSuw5
-R2Flu5k3xCFqtHHiHPYT/fZIsXwC1QtFk88dg0vihx4FkWhaFojbRZENUcdZuGb2
-JlvkxjEIQhCeki+Cvv1pB4NtH8BIRJuMgx8GL46zY8sQY9CQgmuSb08iCRtOxPhi
-G4ENhY6v75hoYyn4D8ZGU0JTYsEXTHlSIqv1BSZGeGbhYXVWHurGWxkYCH53oUWk
-4yew1FQSmOUNKIoa1ZeDijsiuTUJtn6P5QyNYsP0Oo6pj0tI4yZGQnAkKi3ZQEZE
-2IiJJw8ClUS8FUJhBrIuR+hVVQ+jhhFpTL6r+AmOoeSzFAl2C8BcBFQyzzHoeSmK
-EW3IMGNldWHnWSjdqR4nRiOWQNJcWYeGYDGmDpky6Ea02Y09VrmswhnE1DLpo1Cc
-6KHLkULMScjcwCtF0PJRY3YsCX9dX6umXxkwk3pUTJzKFAaJbhHJC8m4JIjfk5mQ
-wq/khQ8oQm/WIpzsPo8kkDJkeNMjgbDwia2IkmLv7FNCIZUVvM7jDYm9CoF1m1VV
-MaadFWTkLmm461zglMMT3TIwbEjy8HBKG3YgkZ1aks1vPIwtoEalkDEhna+u1Kg9
-uDX4RFAtS3KRfchXEw3DII0tnAnRhxCGOIOYjOxhaQ2zI6vhwND/AAyDl7BI/wAj
-y5JUiaKKbMiMWMmMmVA4EjQsuduC8Iz2FnsVlTuNA2JjlEwRGrErcSLC3N+xA21Y
-10lbMUtft9g6Q0tkTDzKHnJYfZInQMi5LSWKGQQY1YggKcLsZ94gcUF0VCKVYkLE
-oP7Joj7H/kJWnsrYpJe+x4aDehGRCNEyIFBKT/yjjwQ17fjsJN+lyIxw3hEbNKHq
-RzAxZIMhBVKcf6OoQ2+vOfR4RtRYS2H5Jw0aihTPQg0MykVjRQJhErcRLy9kMyFj
-q/qIXInj01uN9NGiNHf7BDSFNaUXUtGOLpshC0Iuyb7kJ7Jbp/r8bIc5t5Bjyx/B
-rSVsfyQPp+dEQPQSEKw5IGztE4ZXRoXpJKl9GI9aRf8AIoUbvG+kEEaKY7IgluWR
-XAopxw6DN+tL6LR/2SQM55RGKBzuYvT4oyCBVKkh2EXA16TGyVlH5FMofZxwez8n
-7xw35/XHmNv2SIYQkeyNMcqZ8ojwa+Ep9eCPJD5IFomJiZJJVkbYPlCElpWkcC2P
-tU9J0nQ5tXDFPd/GjUjQ46MdNfGRMuvD9n//2gAIAQEAAAAQAAAAAAAgAAAFlAAA
-J2YAAFDcAAGl8AAByqAAMusAAYGwAA/OsAArC/AAVfGAALJdAAs74gAIPTgAPrYg
-Apm7gALFfgAAtbAAdDiAAeiIAAJQ+AAKAgAAZmwAAKcgAABCIEBJGQGBgtgCC+lI
-AWz1oABz/wCAGerI4FDae4CRqfZHfEPN4V6KxP/EACoQAQACAgEDAwQCAwEBAAAA
-AAEAESExQVFhcRAwgSBAkaGx4dHw8cFQ/9oACAEBAAE/EP8A5PmNDuGvwRPxHL7Q
-KqJbv+YFj4kM7Tq//J1G6OH7ZQFWg5Y6zmlMHjrEZ9bFuphog6EZdwFZgxZllLPm
-Y5P7v7l6LPswRAAtXiMUdJf7xCnX/JC7My+swZkixMM8Q9Ag3dw6jWzhHZ9kVqF5
-HL0mPaFqOGYdPzBoubQU3FUOoPxF8wsuOO15OpAJLHX2FfuBXk6l6lM28y4Vgx5I
-OO0Fc/mF8zhFxYfiAuWCXxK2pcccjzz9gpTQD5tEpQbSbRfmCdU2yxwDzcqtagKx
-BmJ0jSbaDtXBEE0++9nQw/H93N1PrWrZmYBcyqjHWLFkfOu0HLFu4dkdxYTWZvXr
-4949SFsH1ab8x3b3jalVizfBL3kxPOFApndg4vUMv3FKlVmKyKjoK97LlOBjriY0
-bKxHT2jm/WGiLG9SxKhxABfxC6YxeJlJVJ8Rj1Fw6w+9UKFCNzChomJ59HTCgG6x
-GcIVoS84jwU1+5umZ0gIzNGOY6gZsVh7e7rb0Zyr+pvcRTfEAaLvrKksYFgG75j4
-shKqGXCCsnMVQBso5nEj1GE29d5tF5F/mOMjXWXq4zP1vdABumpuriMZN5esxRFW
-6QF7zE63NgjUxdAuhcNIBoWdnUMG9O7lFnUcKUTBhXg/zLsSkdi3LkySUk89yQs0
-eFDz/mKUnA6pgA44Ne6NEGBUtVi3zEOkZFVxBmMJjEAKDfWWGrDdwRUChFHxG/aW
-k2G93OslRAoNM2RGlRe4m0hMuFwU4MiFJEFWocrMj4lb0MEPcZkyGutsNZ4ENk1D
-zCmvLvAHJO93Aph+JfVriJ+XmAGAx6zC17gbqKiAFuUeP0mBFV3BLT5D3b7pIvxE
-OU2OzFb6oKq49CUBYWa4J8UBLFih0TEHOJdGYMixz8xC8u6m61L/ADDHdGWle/ut
-xXCDmJLZlvcSpl03NSyHoOMRqwVOvk0TE6v+JiQQwuomAkzFwcS5JhiobUbhws2+
-GU3Cg91bVj/glTZsMVXRBvMxAosObl6ih4hoRqtSkW8GUwvYYACAvLLEIcsfqXZ2
-YqJVGwQdsmBOkZ73Cl2MS7d6B7qbFz5EIqQNI8MzrjBmXYpl7dWb2MVd5griYYJa
-7ManduCqZ28EBo0etIJay+WGwSGsTamfnLBe61Lokt/lcFcXvNNM14hg0HLDPdXR
-HXVBoWMWLAw/4mgIlikiIorQclx4lVBR0Zc7mwco5J6U2/qFcQoLhto8SoKm73KU
-NuCFausveLgKF+z75OtJUWpAFrzAqNGSWleTQbm8mKQMK8xLVjR1lqUAqro4lpKn
-Iz5S4cY5kF15lTSCbS9kvagMBoioWcsvHaBLH9CAJnP6DP8A5DFFBZ44+wUFRvnt
-CifAl2mM2JVagDa57zFFNwOnzJcDVA7VNflvzDTPjdRnUDghLljSktAzW3piEYLy
-+D/yBRRo+woKlN8y63lNE21vxDNK15nTZvFssFu7zXEdwNByyhpJl3bGSUAVw4gg
-ynG8/uJaou7gBtEHUZTyu+o/YKx6FwL/AC3LAcPxHXUR7bSnJPMuJTQiBYOtReto
-aC6uUYUus1xKce89JQkJdWl2dZpnDllfsga+xJ5paPLLrqZULTiIOBM5iGr+ZkjV
-n8R3LDjEUByn7lyJm7bh0q00YQO6eWrgKGRyczW4n7fYnaXi8sBPMwdYdyzt8S0s
-Gu0UKalfEYKdRrdNLzq4NZozeeCCBW8qkIngWfEXPBwnRAoA49/Gfera6ECMZAsT
-5gKqnIywt6iKZloiWRGhh4gtG+lwF5PzMbgfzM8JNjfHeEZbcQk5AYqBQl9T2T6r
-IBcL8jKoAw0B2lhrbqQ89dOGUVXd0+Ise0pRDvfZFMOdXxD7B1GZARI/yEfnJxjf
-9TRZzUXLmwj+obBr3cUV6MvgREy+LM+TFML2QbmaNdfiVizjjpK+3r/6XDi10gHj
-MIdQXQi1FvUIGBQLG4XgIaACfkNmefJBnlsenb2lAtaCXlOv/ZmMXbayRVbPRUck
-SW+espHOHr1lwa5NnlCqXVOPBjXSpriISF0hVuVQwyrSjyQAjbSciNXDoU5PZuV8
-7fmIUUc95rBGF+hH0o05GL0L6INZGz+JrWat/AywEjbwPiGSNzExYQFEZei7y8Ed
-bom3yssdi2tMJAdR7CtX2RutxR0ZfUlXH6R6wXOnqRKbfwhogaSkhwQ8Gv8AFg5Z
-eb+SUcmRlIrOjlgJVeHV6ssw0czCXL4Uggb1+H+Z3HU5Pj6nxPMuLf0p6mSmVHxM
-yafJBsxQhleCdQmlnS8Ytt5VyyZx45mNTv8AoFcjB41yOZSUPzf3PBwuPoCYY4m/
-QJXrzOZx6GYnohcmesvwp/oILqwVBmSaMzLOq4UzDiH2ZWifFfJA5E0jfo0bSPoH
-cm/pCJKhD0ZX0DUGDO5B5hSXxxBEKO4fb751MbzGxyuSDAGYlj/sepr6T036Kr6N
-enHoMH0DBuViDZXJ6tAfnduD/wCT/9mJAj4EEwECACgFAlEeBXECGwMFCQOGit8G
-CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELubRxv5ToeyePAP/ifxgj8cS619
-uTgEhXSTvjzwQGaND9RuxcGVqrv9FYDtbyBM8WTVrpZzBOrzZRlb8cVIYiiCcEtH
-7W1aDssBbyB3ML5dCgIcS6wh6OXaM9nV+rrCWfcmrWddNuqwqNtqUV6gv208RrOR
-iyjGXCT/UTEZaUZ4xZW6j/WTT2k0xfWh84Bq+le4oXBvDYEMW3CgawC0SfKwLzd5
-WF4UUG5R5H/wARben5jtw2aUX5kAa5A+peOZXWKiBc1QSJbPnoeAgJZ5IUrldDxg
-PPs8jeKnkI3A9sWHjg/tQWlcWGL9mcD45sztQo9vqtQwEG6Pe/2oJXdCYF2VMZHk
-Yvcrfr7ivXO/0ZkEKMjbrBMEuuUyWeggCidgeGooV8AiqMsA4mBFdbMUnC1Te0TI
-zi6Hy0EznLzv6XiOmV9jkYB9I5V3abGdVt13h5IU2u1/u81IgcGcn7N9GpEVH3uJ
-MRxJUX1+sX3pAgEt4q3tiG15ot5Jr+m98hoMoOUZXI9wb5tCoUpLEQ/UykIiwmiD
-uGoCQEOMTSXZx/Ajow3MuaEQ9A/bweJo25v8v5FXmI1RQTLtD9H/c0qNyNFibsHr
-gXJxi2jOslhHva5NM10jdT19Xsti52d1F7kpp4PHHYXenulrhW8QecicgSALwa43
-eUfArHPMoqc5fCBce2D+Giy8IRin4T/CiEYEEBECAAYFAlEeBfMACgkQMNQ6bmTr
-4iBzjQCfZtVcoO+5OXHtKZLp+4fLJ2r1dQIAn0JgvPdEroWRVpc4U8or8NZuIS6W
-iEYEEBECAAYFAlEgwCgACgkQjCoKrXja4siM1ACfZ+WVANsfv/rHLHChzwJp+MdZ
-l5oAn3pIogQvStk4une97IC5ASMGNjsBiEYEEBECAAYFAlEiG7QACgkQ20zMSyow
-1yl7LACeO0g1lrJoLf9DBNrnG7oV4GgpPb0AoNpq7h/iWhYZWD4YczKRJlHKwUbN
-iEYEEBECAAYFAlEjPyMACgkQMb2z3Qo1ykiXaACgiEPRev3hILDHrg8rw7R3AE5I
-GcQAn1sTiBpllnghiqvye5uSIHH/6U1viEYEExECAAYFAlEnxdwACgkQnEF2jC40
-NZ8WnwCeJJqzQ1eLfdxZne4icCjcM+tG1wsAn06wGYhBfQaldmQKt0TBMSTZMenl
+AJ98H+qfuKs7AyLMliIdTa5RLLN9nIhGBBARAgAGBQJRXZBqAAoJEBXWiATKbN+y
+EZYAn1DrXTFHh2ypruACHQUBWahzKNxKAJwLLTlaKs8MvUl7BSbDNECIqvTcP9HR
+/tH8ARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklGAAEBAQBIAEgAAP/bAEMADQkK
+CwoIDQsKCw4ODQ8TIBUTEhITJxweFyAuKTEwLiktLDM6Sj4zNkY3LC1AV0FGTE5S
+U1IyPlphWlBgSlFST//CAAsIASAA8AEBEQD/xAAaAAEAAwEBAQAAAAAAAAAAAAAA
+AQIDBAUG/9oACAEBAAAAAfpwAAAAAApx0trprYAAAjz+W9tb2nXWQAAR49a2vteZ
+tfawAAeVz0nW99JWtptIABj49K6a3ve0Wm+uoAB5nLivrppomZa7SAA8XGjS+t9J
+tKNdbgAR4NIX000vNrGl9QAMPGrSb6a3s2mYtfcADj8utJ010mb6Ui2t95ABx+TF
+aynbXemN9NtemQAcvjRSiNsOzv4vO6Ovr3t0AA+bmMsdNduPq9DDm67ab6ayAHzd
+qr2vHF098Sva2usgB4fn9Nei0V49+6+bXWZ6ZADwvP6G+seT0aejbn5fR0tfokAP
+O8iWm/ncltPUpbk6e7XfaQAx+eytrjw1jbpi2Wnsa91gAOT5p2V5eX0ujXTyNp7+
+nvAAR8rzadjLn7LurlaevuAAfOeZG21rWtrPHbv9eQADwPIwno6Lr7Z46fQ6gAEe
+D5nLnfo6OnSMKex6YAAy8Hm8/OL9HWvTX6HUAAeV5+XNy0i28219T25BEgYeHWla
+c2VTXp6/W7gISHD83w29DotEY8jp6+70NQESZeH5FaVjs9Totfnxt1dFOzQAed4n
+JSERGntd1rUi17eR9BYB895mUIERHf7PSiZp896PsbgfEVggCtvS9bpZ+Jy9Gvoe
+loHw8ICCUROt81tdLX9H07nwyAITKBNptpaZ19X0Z+DWTAEhJM3tK09XvfEFxEhM
+SC02tKLej//EACcQAAICAQMDBQEBAQEAAAAAAAECAAMRBBASEyEwICIxQEEyFDNQ
+/9oACAEBAAEFAv8AyWZVh1GZzsMHKAtOZgIP17NR34zOw9AP1bbja3ZRsIPSIDn6
+Wpsyf4X0j61rcK1hPeDYesQfPn1R7/A2EEH2LfdcfQNh4F8355hB8+W44q3Gw9IH
+oHn1P/P82Gw9AnKdRZzEDbfnl1P/ADEO2ZkzFhgDiBpnYzpKYKROOIs/PLqO9Qhh
+26oWf6GJL2Ac8yra1uMdnEqdzEtyRsjE+WxuTrGhh5ELWuBXWCcGEd6p8ixczjiL
+xhUGAQRPK4xqB8nbjmcJgQntK4PQNhE8uq7WoTygg3fCjOYsXbkMwb1eXWj3jso/
+mLsxCgvzf8SJ8S1chLIjb1+XVLHi/wAwGZxLn5TlOtK7u62DH+lc9ZY/uNNmZmfl
+fx5LU51uOMVu0WWMckEzgZ0jEqOTU5boNOliDsR/SfHzAMDy31h0mYhEtX3WVHCR
+agXWholbFekuba+pa1CotIimVd289ow7RTCcoDHQNOGDXyUe7BSIoUX/AAv8iVD2
++fUr74Dic4pnKc4HWdQCC4Qv2PfaheR+hf3LbZiGZEwDOEVJjE/WxKxylacF+g8s
+HfZTMxTmDEEcQntNIn0bDhDH7g75imZ7BoXnLJrErGE+hqHyYY4h3zA85TOSqkyl
+ct57bVqU68luXLciFYRtiYmIixEzNOuPPbqUrl9zXNASprtDTExOE6UemFSIFJgE
+CyteyfHkexaxfqWaMc+mu7ETDDExMRqgZ0otfcLta7VqjB18VupCx7ckn1o7IadQ
+r+jExuRyXR29OAhh4LtSzxm8dWpZZXalnqd+CKe9VpQpar+A+UEg16tliX1vuzBZ
+fd1CIDA2JXqCIrq31hY6zrWTJO4mdgxEr1UVgw+6rlTXqQYDnfP2syu5kiOHXYfb
+0tvGz//EACkQAAEDAwQBBAIDAQAAAAAAAAEAESECMUAQEiAwIjJBUWEDUBNxgZH/
+2gAIAQEABj8C/U+RZeFLq7L1K6kZG38U/aesuczZ+P0/KYdMYf8AHT/qb363wSU5
+zRTnHOfNq/VXx40up43OCeTCn7Q3UwVHAl18w6Y6z21fPCNHKs6gcJC9KtgV5x5z
+muV9Y4q6LasNN1N8EjjtHCysrKSoKBGjd5gPw3J6CvIpty9afchKAosLqL4ZHGyv
+UD/aYVlNuKni/wA4B5W1gKcQ9n2mzGRqOCeluAwWHt2AYD1I+wUZbCSnJ0hMYPOy
+nAeoqIHJqpCcdIrpsLhbqbdbUSVMnocJjB6CD7rabJx0tYdjVeQXieROkL7xYXmN
+yir/ALrJTC3DyleJxoqIXrPNwmrT0nOcFNWozoW4ZzexX//EACoQAAICAQMEAgEF
+AAMAAAAAAAABESExEEFRMEBhcSCBoZGxwdHhUPDx/9oACAEBAAE/If8AiUsoQwHe
+TN0voNucS5+xf0BhH27HAluMpBrhQnqRkas2hNNSuzbhSzFrdyP3SyRaGESSJjb5
+fuISV2T5kJKNlkkViEIw1RMCewTlSuw5R2Flu5k3xCFqtHHiHPYT/fZIsXwC1QtF
+k88dg0vihx4FkWhaFojbRZENUcdZuGb2JlvkxjEIQhCeki+Cvv1pB4NtH8BIRJuM
+gx8GL46zY8sQY9CQgmuSb08iCRtOxPhiG4ENhY6v75hoYyn4D8ZGU0JTYsEXTHlS
+Iqv1BSZGeGbhYXVWHurGWxkYCH53oUWk4yew1FQSmOUNKIoa1ZeDijsiuTUJtn6P
+5QyNYsP0Oo6pj0tI4yZGQnAkKi3ZQEZE2IiJJw8ClUS8FUJhBrIuR+hVVQ+jhhFp
+TL6r+AmOoeSzFAl2C8BcBFQyzzHoeSmKEW3IMGNldWHnWSjdqR4nRiOWQNJcWYeG
+YDGmDpky6Ea02Y09VrmswhnE1DLpo1Cc6KHLkULMScjcwCtF0PJRY3YsCX9dX6um
+Xxkwk3pUTJzKFAaJbhHJC8m4JIjfk5mQwq/khQ8oQm/WIpzsPo8kkDJkeNMjgbDw
+ia2IkmLv7FNCIZUVvM7jDYm9CoF1m1VVMaadFWTkLmm461zglMMT3TIwbEjy8HBK
+G3YgkZ1aks1vPIwtoEalkDEhna+u1Kg9uDX4RFAtS3KRfchXEw3DII0tnAnRhxCG
+OIOYjOxhaQ2zI6vhwND/AAyDl7BI/wAjy5JUiaKKbMiMWMmMmVA4EjQsuduC8Iz2
+FnsVlTuNA2JjlEwRGrErcSLC3N+xA21Y10lbMUtft9g6Q0tkTDzKHnJYfZInQMi5
+LSWKGQQY1YggKcLsZ94gcUF0VCKVYkLEoP7Joj7H/kJWnsrYpJe+x4aDehGRCNEy
+IFBKT/yjjwQ17fjsJN+lyIxw3hEbNKHqRzAxZIMhBVKcf6OoQ2+vOfR4RtRYS2H5
+Jw0aihTPQg0MykVjRQJhErcRLy9kMyFjq/qIXInj01uN9NGiNHf7BDSFNaUXUtGO
+LpshC0Iuyb7kJ7Jbp/r8bIc5t5Bjyx/BrSVsfyQPp+dEQPQSEKw5IGztE4ZXRoXp
+JKl9GI9aRf8AIoUbvG+kEEaKY7IgluWRXAopxw6DN+tL6LR/2SQM55RGKBzuYvT4
+oyCBVKkh2EXA16TGyVlH5FMofZxwez8n7xw35/XHmNv2SIYQkeyNMcqZ8ojwa+Ep
+9eCPJD5IFomJiZJJVkbYPlCElpWkcC2PtU9J0nQ5tXDFPd/GjUjQ46MdNfGRMuvD
+9n//2gAIAQEAAAAQAAAAAAAgAAAFlAAAJ2YAAFDcAAGl8AAByqAAMusAAYGwAA/O
+sAArC/AAVfGAALJdAAs74gAIPTgAPrYgApm7gALFfgAAtbAAdDiAAeiIAAJQ+AAK
+AgAAZmwAAKcgAABCIEBJGQGBgtgCC+lIAWz1oABz/wCAGerI4FDae4CRqfZHfEPN
+4V6KxP/EACoQAQACAgEDAwQCAwEBAAAAAAEAESExQVFhcRAwgSBAkaGx4dHw8cFQ
+/9oACAEBAAE/EP8A5PmNDuGvwRPxHL7QKqJbv+YFj4kM7Tq//J1G6OH7ZQFWg5Y6
+zmlMHjrEZ9bFuphog6EZdwFZgxZllLPmY5P7v7l6LPswRAAtXiMUdJf7xCnX/JC7
+My+swZkixMM8Q9Ag3dw6jWzhHZ9kVqF5HL0mPaFqOGYdPzBoubQU3FUOoPxF8wsu
+OO15OpAJLHX2FfuBXk6l6lM28y4Vgx5IOO0Fc/mF8zhFxYfiAuWCXxK2pcccjzz9
+gpTQD5tEpQbSbRfmCdU2yxwDzcqtagKxBmJ0jSbaDtXBEE0++9nQw/H93N1PrWrZ
+mYBcyqjHWLFkfOu0HLFu4dkdxYTWZvXr4949SFsH1ab8x3b3jalVizfBL3kxPOFA
+pndg4vUMv3FKlVmKyKjoK97LlOBjriY0bKxHT2jm/WGiLG9SxKhxABfxC6YxeJlJ
+VJ8Rj1Fw6w+9UKFCNzChomJ59HTCgG6xGcIVoS84jwU1+5umZ0gIzNGOY6gZsVh7
+e7rb0Zyr+pvcRTfEAaLvrKksYFgG75j4shKqGXCCsnMVQBso5nEj1GE29d5tF5F/
+mOMjXWXq4zP1vdABumpuriMZN5esxRFW6QF7zE63NgjUxdAuhcNIBoWdnUMG9O7l
+FnUcKUTBhXg/zLsSkdi3LkySUk89yQs0eFDz/mKUnA6pgA44Ne6NEGBUtVi3zEOk
+ZFVxBmMJjEAKDfWWGrDdwRUChFHxG/aWk2G93OslRAoNM2RGlRe4m0hMuFwU4MiF
+JEFWocrMj4lb0MEPcZkyGutsNZ4ENk1DzCmvLvAHJO93Aph+JfVriJ+XmAGAx6zC
+17gbqKiAFuUeP0mBFV3BLT5D3b7pIvxEOU2OzFb6oKq49CUBYWa4J8UBLFih0TEH
+OJdGYMixz8xC8u6m61L/ADDHdGWle/utxXCDmJLZlvcSpl03NSyHoOMRqwVOvk0T
+E6v+JiQQwuomAkzFwcS5JhiobUbhws2+GU3Cg91bVj/glTZsMVXRBvMxAosObl6i
+h4hoRqtSkW8GUwvYYACAvLLEIcsfqXZ2YqJVGwQdsmBOkZ73Cl2MS7d6B7qbFz5E
+IqQNI8MzrjBmXYpl7dWb2MVd5griYYJa7ManduCqZ28EBo0etIJay+WGwSGsTamf
+nLBe61Lokt/lcFcXvNNM14hg0HLDPdXRHXVBoWMWLAw/4mgIlikiIorQclx4lVBR
+0Zc7mwco5J6U2/qFcQoLhto8SoKm73KUNuCFausveLgKF+z75OtJUWpAFrzAqNGS
+WleTQbm8mKQMK8xLVjR1lqUAqro4lpKnIz5S4cY5kF15lTSCbS9kvagMBoioWcsv
+HaBLH9CAJnP6DP8A5DFFBZ44+wUFRvntCifAl2mM2JVagDa57zFFNwOnzJcDVA7V
+NflvzDTPjdRnUDghLljSktAzW3piEYLy+D/yBRRo+woKlN8y63lNE21vxDNK15nT
+ZvFssFu7zXEdwNByyhpJl3bGSUAVw4ggynG8/uJaou7gBtEHUZTyu+o/YKx6FwL/
+AC3LAcPxHXUR7bSnJPMuJTQiBYOtRetoaC6uUYUus1xKce89JQkJdWl2dZpnDllf
+sga+xJ5paPLLrqZULTiIOBM5iGr+ZkjVn8R3LDjEUByn7lyJm7bh0q00YQO6eWrg
+KGRyczW4n7fYnaXi8sBPMwdYdyzt8S0sGu0UKalfEYKdRrdNLzq4NZozeeCCBW8q
+kIngWfEXPBwnRAoA49/Gfera6ECMZAsT5gKqnIywt6iKZloiWRGhh4gtG+lwF5Pz
+MbgfzM8JNjfHeEZbcQk5AYqBQl9T2T6rIBcL8jKoAw0B2lhrbqQ89dOGUVXd0+Is
+e0pRDvfZFMOdXxD7B1GZARI/yEfnJxjf9TRZzUXLmwj+obBr3cUV6MvgREy+LM+T
+FML2QbmaNdfiVizjjpK+3r/6XDi10gHjMIdQXQi1FvUIGBQLG4XgIaACfkNmefJB
+nlsenb2lAtaCXlOv/ZmMXbayRVbPRUckSW+espHOHr1lwa5NnlCqXVOPBjXSpriI
+SF0hVuVQwyrSjyQAjbSciNXDoU5PZuV87fmIUUc95rBGF+hH0o05GL0L6INZGz+J
+rWat/AywEjbwPiGSNzExYQFEZei7y8Edbom3yssdi2tMJAdR7CtX2RutxR0ZfUlX
+H6R6wXOnqRKbfwhogaSkhwQ8Gv8AFg5Zeb+SUcmRlIrOjlgJVeHV6ssw0czCXL4U
+ggb1+H+Z3HU5Pj6nxPMuLf0p6mSmVHxMyafJBsxQhleCdQmlnS8Ytt5VyyZx45mN
+Tv8AoFcjB41yOZSUPzf3PBwuPoCYY4m/QJXrzOZx6GYnohcmesvwp/oILqwVBmSa
+MzLOq4UzDiH2ZWifFfJA5E0jfo0bSPoHcm/pCJKhD0ZX0DUGDO5B5hSXxxBEKO4f
+b751MbzGxyuSDAGYlj/sepr6T036Kr6NenHoMH0DBuViDZXJ6tAfnduD/wCT/9mJ
+Aj4EEwECACgFAlEeBXECGwMFCQOGit8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJELubRxv5ToeyePAP/ifxgj8cS619uTgEhXSTvjzwQGaND9RuxcGVqrv9FYDt
+byBM8WTVrpZzBOrzZRlb8cVIYiiCcEtH7W1aDssBbyB3ML5dCgIcS6wh6OXaM9nV
++rrCWfcmrWddNuqwqNtqUV6gv208RrORiyjGXCT/UTEZaUZ4xZW6j/WTT2k0xfWh
+84Bq+le4oXBvDYEMW3CgawC0SfKwLzd5WF4UUG5R5H/wARben5jtw2aUX5kAa5A+
+peOZXWKiBc1QSJbPnoeAgJZ5IUrldDxgPPs8jeKnkI3A9sWHjg/tQWlcWGL9mcD4
+5sztQo9vqtQwEG6Pe/2oJXdCYF2VMZHkYvcrfr7ivXO/0ZkEKMjbrBMEuuUyWegg
+CidgeGooV8AiqMsA4mBFdbMUnC1Te0TIzi6Hy0EznLzv6XiOmV9jkYB9I5V3abGd
+Vt13h5IU2u1/u81IgcGcn7N9GpEVH3uJMRxJUX1+sX3pAgEt4q3tiG15ot5Jr+m9
+8hoMoOUZXI9wb5tCoUpLEQ/UykIiwmiDuGoCQEOMTSXZx/Ajow3MuaEQ9A/bweJo
+25v8v5FXmI1RQTLtD9H/c0qNyNFibsHrgXJxi2jOslhHva5NM10jdT19Xsti52d1
+F7kpp4PHHYXenulrhW8QecicgSALwa43eUfArHPMoqc5fCBce2D+Giy8IRin4T/C
+iEYEEBECAAYFAlEeBfMACgkQMNQ6bmTr4iBzjQCfZtVcoO+5OXHtKZLp+4fLJ2r1
+dQIAn0JgvPdEroWRVpc4U8or8NZuIS6WiEYEEBECAAYFAlEgwCgACgkQjCoKrXja
+4siM1ACfZ+WVANsfv/rHLHChzwJp+MdZl5oAn3pIogQvStk4une97IC5ASMGNjsB
+iEYEEBECAAYFAlEiG7QACgkQ20zMSyow1yl7LACeO0g1lrJoLf9DBNrnG7oV4Ggp
+Pb0AoNpq7h/iWhYZWD4YczKRJlHKwUbNiEYEEBECAAYFAlEjPyMACgkQMb2z3Qo1
+ykiXaACgiEPRev3hILDHrg8rw7R3AE5IGcQAn1sTiBpllnghiqvye5uSIHH/6U1v
+iEYEExECAAYFAlEnxdwACgkQnEF2jC40NZ8WnwCeJJqzQ1eLfdxZne4icCjcM+tG
+1wsAn06wGYhBfQaldmQKt0TBMSTZMenliEYEEBECAAYFAlFdkG0ACgkQFdaIBMps
+37LCIwCcChmD+umTV1kF8clfIqig9TncJRwAn2d5r+hrG3Zu6L77E46oR2DCUf6C
uQINBFEeA+sBEAC+qZvq9DYNrjZowfhbAobXCDXZO4ObLLvWEP7oL5AGpBcMSQVZ
QcmhhQ0T+E32ZfGVAgW747DDPodEuGqc3n5Uc4q/jrBw/9+mJwAaZUQOkKqnEQT+
o7vFuj85BOpN7/rBr9P+atZpmvJGe7TsrXvJZytEqNJ8/1iv3M7EhqxWnT3uFYiW
@@ -227,6 +233,6 @@ cQ8t/7n2yovsdqyTTv2D/ZJMFJsqaM+foW08jyoK5+im6hhPfPOs7PYl3xEaVWy3
DeuRkZCyJDyt7WGuE6UfnKH1t24tBDvQEeC/FRT/KboKid7BpSGmGEwH7wyGOWcA
N5eF3/hjJXvULM8CpzZz5f0gyRWDI81P+G7KkNYrh69rHScP8AO3WP6jG8r3xIFC
maNTtSyMU9A54ib2sgN0GwxijcvwPyqT
-=ToCZ
+=2GhG
-----END PGP PUBLIC KEY BLOCK-----
]]></programlisting>
diff --git a/share/pgpkeys/girgen.key b/share/pgpkeys/girgen.key
new file mode 100644
index 0000000000..b12cf61995
--- /dev/null
+++ b/share/pgpkeys/girgen.key
@@ -0,0 +1,237 @@
+<!-- $FreeBSD$ -->
+<!--
+sh ./addkey.sh girgen 4A6BAAAD;
+-->
+<programlisting role="pgpfingerprint"><![CDATA[
+pub 2048R/4A6BAAAD 2012-02-23 [expires: 2016-02-23]
+ Key fingerprint = BD8C 332C E630 31D6 2FDB 80BD 5FF2 A161 4A6B AAAD
+uid Palle Girgensohn <girgen@pingpong.net>
+uid [jpeg image of size 8260]
+uid Palle Girgensohn <girgen@FreeBSD.org>
+sub 2048R/6BC41243 2012-02-23 [expires: 2016-02-23]
+]]></programlisting>
+<programlisting role="pgpkey"><![CDATA[
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - http://gpgtools.org
+
+mQENBE9GCt8BCADCoi55nNYodM/0UAyytLNzQlpV0SbqL/GLZKeBHEow5U1GfQo3
+6NLXG6mNHs5+HEiC31tRNJHkOeg2YXkU29ZtY+Ec829HJIjotWwHT3XwS8yxA6/b
+7L6+TtEUQ0FeWnFkggHerK7mDTfOULBV/K6gtd4DX+4THEIDbmtTVUOdtfDcnB3H
+yYqo4v16Wdc0GF1N+TM4unUc2gt4GNiFXNDaQO2NkA7lLOZ0rC1vBjHDYGU2rMQi
+kDQpYjk8LGHs0uZnMFhcdnWY1rqGzTckf01KFXEdt1TYS7nRRu9G0Jod9awIjyFG
+LdPJRtR9SLiYlAC3NYMB94aHMKq9ZOwi73mPABEBAAG0JlBhbGxlIEdpcmdlbnNv
+aG4gPGdpcmdlbkBwaW5ncG9uZy5uZXQ+iQFBBBMBAgArAhsvBQkHhh+ABgsJCAcD
+AgYVCAIJCgsEFgIDAQIeAQIXgAUCT0fOLQIZAQAKCRBf8qFhSmuqrQ9ACACD4ahY
+nsjOQ7Q8yA4dad9ZejHAnV+ehbBppobGq/mp/p0rHNWmc8+neYzIoEsiwGN3FuRw
+e2J3BmAsfauwO/KBZwmK4Y5C1ObGyYJE+eoajC3NaMkoR20T1KDFFf5GQgTWlWfY
+nYgv+sW/dUlb8xed2bGobGfaHJqG1ZXU77cjxC4ot5Gt7lIil02QoSdV/7p6qBqu
++47bytcosrSlBZNMBXD0hZWVcgiJx6UMKPoDBUK3EvRoml+0fudnRJgwdTWUy0Px
+frg/ITplzzgBQdchtv12r6UZbjnvM87kbdbyc66/t6RMKsjQP7e8ZWNMYwNtx2+3
+7HyMvLC5wmI3boQvtCVQYWxsZSBHaXJnZW5zb2huIDxnaXJnZW5ARnJlZUJTRC5v
+cmc+iQE+BBMBAgAoBQJPR84hAhsvBQkHhh+ABgsJCAcDAgYVCAIJCgsEFgIDAQIe
+AQIXgAAKCRBf8qFhSmuqrR9MB/44xJ55W5VYw4Kkt1bqwRi9ixk0k4huSDouOLbt
+xILrzYjMaxGJpVGB9SmYcxBJXskhsXgHzPNyz7UJYfU8GpqAjos+SVFS0xa5+kYG
+1Pex9ETOla3sKHy7nkl2zL7R0yx9GDSvqPvAY5/4QKQQsd1TA/p1TLRn96re1LF/
+9IIU7Rgpf99DTX/mpzH39I2R1dnxyp4L/chUWFyNRv/2KISrxqPCEUve97QOYXqQ
+B9XnC9SikEyWoFloZ4ZC8fMgjjfvPNd10Lb5nk8HJ7WWuhDQIlC1WlQG0uQ7YHE2
+nAwAhB0HhRaf8E+18XXv/MmJHLZ9CXrZmkEYbBmxWV2RZYFH0d+X35UBEAABAQAA
+AAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEBAEgASAAA/9sAQwACAgICAgECAgICAwIC
+AwMGBAMDAwMHBQUEBggHCQgIBwgICQoNCwkKDAoICAsPCwwNDg4PDgkLEBEQDhEN
+Dg4O/9sAQwECAwMDAwMHBAQHDgkICQ4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+Dg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O/8AAEQgAgACAAwEiAAIRAQMRAf/EAB4A
+AAEDBQEBAAAAAAAAAAAAAAgFBwkAAgMEBgoB/8QAOhAAAgEDAwIFAwIEBAUFAAAA
+AQIDBAURBhIhAAcIEyIxQRQyUSNhCRVCgRYzcZEXJENSsSWiweHw/8QAGgEAAgMB
+AQAAAAAAAAAAAAAABAUAAgMBBv/EACsRAAICAgEDAgUEAwAAAAAAAAECAAMREiEE
+MUEiURMycZHwBRSBoSNh0f/aAAwDAQACEQMRAD8AkQ8SndSWl0NZbLpQXyvN9Z4J
+H0za1qKrIYhiVZ1LIjDLADHILekkEduzmqu3/ZywUfb3t9p28097uVykrtQzS0wp
+paiTPrlqHO7Z6txK/AGcKoVTDxZfF3eJO/0curqe8VdkijmFiqrfdWorhbJ5tu6a
+nkAK+S7rl4XDK+1T94yS6unii1xR6Ms1Nq+nt1FPUUpnaSqoYILnLT/dH5r/APTJ
+bO2NgWGBJIQRgIXqt2y3men6f4RrIXx7w8O9/fZbRbwk8zJFdKiGBkNWZZKySIMU
+iyvJRdwcxoA27aTjPA56W7rV2j7hqGhsLrBqO40AqauoZl+rbD4MjSE4hT1MAfVt
+XIQO7kkOqjuWmpdSUF0Wnjv+oqaLy0qqenk+ltcUjlVpqWIkHfLJ7uf1pdrt6FG5
+VFqG9WDVlxpNP0n8x1nfK6ChpEZxPKZSPVUTYOGYbj5VOmOBudljGCZVQQMsYw9C
+jUCSe6K8XlDqTWlNYmestVnqIVirJ6H0ujqB6wx9TSvtJCqCdilm2oMmSXTV0S76
+Et1bTVsVYZIlbzhJvIyMqSQBk4wfbBz+Oos9AeEDVmrNBUtRT6goLStZHIlbd1DV
+MyljlwjYXzC7+qVxtDkKq+lV6M3QdVaewXb636T7j61W5XYzCC3NvYiVcYQIhAbc
+w5J5HBAwF6NUKvaJeqVLPSnzDwIU5V9oJbnGDj26Q7wtbRafuNbaY0lrkp2aCGVy
+sbuBxnAyP7dcNprvX231W9dDa9UUn1NFJ5dZBNIEeJsZIPPOAQSRnAZc4yMukjpP
+TBkIkjZf7EHrQ8jETFGQ+oRtrR3L09WduI9S3aZrJTCF3kWojcgbOGIwPVzwABkn
+gZPQK+LTXXbLvL2PotEab7g3WhaWaqNwkssU8dZUwxoY5KOMOU8xmcqPKYEMcDGR
+jpvb/wCI+9dg/wCLzrXtVrmS4nSdz8q7WFt4WgSGf7JXyGwFZDFwCfMX0hRjpkvF
+rpi29wdDVncSzXuft7d6Rh9Xd6WojlFbSuq7WjVIxhgcBXUgLktlcElabbAdHjD4
+KH1pyPziDnoii0pQ9htb2DTlgNpp5YZqCKlqqhKqqqYE9I832LSGTfCsIAAaNyTt
+XeIuNX2m127VDW2muEcs1MrGqMbboYfkQxsP8zBONw4Y5I9PPRjeHqCf+d9wBT21
+plehrkioZpg87zCMgTVTjAaNFlB2LgSMyqeGAIa3ezLT6jlpqi5xy1ss7/VzySZj
+UgkkZGfMK4O4rwW9K7sZ6aj5IDZ4nOUf0KJUPMrSyOpWnQDO0n5P5Ptj+5+ADozi
+QSHcQQDj0/aD+B/p1kWOnNfjz2ihLcOyc7c++B8/t/b9+slRJRyV8eyCSCnX7vUC
+7D8/gEj+3VZjFHTdjuGpNfWjT9BSvV1tdVRwx08bBS+TzyeBxk5Pt79beq4xbe4m
+qLZSUiW+nguc0JhjlLhESQqIwxALAY98DPuenK7OVotGrL7raOypdHsVrmlpqXlY
+qZmXBnlcc4UZAA5ZmAyBnplKyrqK+6VNZVN5lTPK0srY5ZmJYn/c9UBJbEuQAojo
+6VrrvJ3wptSUFXFI8dQEhutfTfowOFCiQJ7YjXkL8AD5IBdfUNzp753jpKazRVGp
+LzMBH9TeG9Jkwd9Q6++c+wb2x6VzjaxVvvRuOpS0zz09MkiilobdFtT7sjP4A9z8
+k49sZDw2W8aSpaeS41HnG6FWFHT09QoVEJALyTHje5wGcggABVBGFOZHOYx6dh2B
+nfWC533SklRb7fVHUWoqCBv+Yp6UGnt0kmV3KudhkORulfOAFijGdzK9Xbmpu1pm
+pJLbVvE8VPJPca2pDNUT+a+3aGOGVS3JPDSuSDiNNobXQl8ozSVMcNueipKOokqa
+2qMeV+oaMlQsZw0sqqCsYf2xJIQik7dqr1jSLqez3JrnPp3T06PM9IKpTWXKRxgz
+SMRgcDy43YBY0DMqBQNxyIjfNGq2hBtJMu2fjL7paUpI6C41ttrqWjjZKe3TxD9U
+4yZZ5QcqI41yVXaOQOT03muvElq/vFqih1HdYvoUpvPTScEkPCAt6qzkZXIHH9h+
+wYvQNhGsdOfzGwUVXWw3ScCjqBSMEMaMo3QRNuZkRsBZJc+YzbyGbBBWN23oajTl
+zrbjVtFJTUYinqaGX9aqmKhRTwO3pTj75xnABCZJUg9KaOCJTKk7gDMHLthW0miI
+L1rynrrjU3m21pmrqkStK0kkhP6CqD+rLnJdSdibstvkYGMptKfxGu7S60hs917e
+0EtPUsUooamcxSUkKYzJO0QO5to+1VUAnBIxgR5ax8Q2lNCaWuHbPSemZI9RzTrT
+yXAuogt8YJVhGCeXBySSMZ9TBsbCLV27n3nzK6h0zc6i7XS7QCkmkRZAZY8kbY/6
+mTAwSxGc/PrJpZVQzEk9vaB3X151IziTeeOGbT/im/hq6Y8Qfaxom1BoK6ebeaSU
+oamkoZx5MrsBywjJWWMn0lS7D9xd0PeNZa97P2iyW+jl1hfHs/8AJXslsoDURWpS
+VwkUfs42Mzq7YQFnckIhkK7/AAsLLBfO9/dl9eymqgvNHBSQwVVZM9VelkRxJAYf
+MEDwiOMsf0ywBA3bGAbn9N6M7teFn+KJVdkrHYLxqSwXOqD0pt6A1t1s8zgCojlb
+lVIASo4YAwbAuAp6891VeOfYzlDBToONhHJ7Zdi5O3sOvdKTWz6K2Xyakjt80H68
+ypSU8sdQxqCoJFRNLHCHCKH8t5AFXaeo07b4fU1d39oqvUPdDSlFoyfVVqtuqK2g
+uBWWyiulqy8O2aNI98EVDK7nd5YMkQyWYqJ5HtaT93o7nSabuWkK+rpKiiitmpLi
+fr0onZQ008e47WlZAUQHdFEoUhWcKsE3iT0tX3fxL9wKq2pazTWp3qrgY0aKSGkj
+8iKnXYVWNVkaVVihjJY7Sx9OHbnT3FwVY8wfqagp2XtBDvD0jXioFA0k9GJGEE0q
+7WMYJ2DA4Hpx7fIPSR89bVWZBXypJIHIbnawK5/bHH+3HSlpyz1uoNZW2x2+MPV1
+9SlOhb7V3Hkk/AAySfgA9H9ov7x79RiLRPgnsNhkm36l1lVi7XCKPCmmpEx5CSfJ
+LelwvsAQffpgK6lq6OtWGtpmpJzEkgjdNp2OgdGx+CrBh+QQenU7lVj3vvrV2mxM
+L3TWmmejhZYwsUggjYyyInuEG1mG4liFBP8A2hqayurLhVJPXVMtXMsMcKvK5YhI
+0CIuT8KqqoHwAOs0B1yfMu55x7TpbzHQ2SCay2+U1VUzYravjAI/6SYJGOfUcnnj
+29+l0pUV1vrhYI7bHU3upkRt02N1IqjcFyeEb5J/p/14HF3BqtZBVvF9IRKVp4uV
+dNpzu55Jz7sfn9+Br0stZJWSN5nkmKM73dsBFzhs/LZzgjknJGOriWV9HyIQ1Leb
+rqCzBoqkW/SH1P0lVUxxCOIHAZ8MxG92A/P2hNxJbAMmDt72steg6XU+pKqx2JEk
+jSiq9Ryipht6t6vMeMhfPncLuWPBU7QSFjUAiDbJLdN2wtz19LPd9PW2oV6aKJfJ
+ZpHw7CP3DTyN9z4ZY12jDNtC9y3aLUvdzX8S19znoEWdoKG2f5VLbAFV22tI/JwM
+tyWCruYg4QG0jXnGY0yxTgZJ+0I6fxAU6aMi1Hp86grO3NPWNS1N9nrIqP6ueNV8
+ulCqh4ZCZWi4AVlU7VJR1vW3iar71pTTVmtwiq7PNQ1FRHPb5JKeapy2wST7lEkN
+Ou4ZnA3zkARBMjAe657eaZ03qWCz1OrZtTT1daz/AFTuy09ZI4Ad1CEhUJUE7Msw
+VQX5O10O1dnu1i1VUUekqWO6Vnlie73+404ngpVQlRKUY7Dt9QjQnllycIjEtHbR
+cY7gfX6zJDbsAf6hJ9j/AAK2jxP6S17TPqv/AAjWWmSHy7gbasstxmYFlRl3Aw04
+APoj/qI+7bzHD3Y7Rd1fDt4nr/221lapbHqCeZqairBEWiraVnASeklYetHGFBBB
+HKtgggT8eAbvB2Zt+n+6MIvgpb/BeIoZp5gzCsjWMYkD/wDUZpS4JAC8ALwOCs7t
+d6fDXc7G1J3S03Q62o7YPrIaG7aWSuKOeEaGOZc735C7RkgE/aCekY33JTMt1Ndj
+3ZVTjj8zA6/hb9jNN6J7T3fvNq++W286+v8AiK0tPdUmmtlByjEpuxE8zxkcjeUj
+A4BI6K7xs+GSk8TXhlSHT9YKHuNpqY1+nqmmqzA1WVwz0Mkq+pUkKqQf6ZFRvyeo
+ze5ev/Cvp/vDoG7dk6D/AIfWrVMVRcL3YJqWKitdHIhVIriU3HymUKy+UnpY7Nqh
+i25sO5+vdS6S0Hddadn+6t/tTWaWJap2nkDyzVABhJhOc+YWGGX0qD925tzz4TOm
+2Zo1NTevbBHjH9d4jdk11DbfE9a7Nq+qpbHereFWoNbeZvrG9QVEQzHy8R4dWEZD
+bjsyMSORx8cHcLUtV4ttR2WrvUjkQxxVKUdfup60BcCeeJWKebjIBPqwATj0jpL7
+ndxdew9wdN6j1LXRm4MVvf8AJoIFMLzTANKwCgcu6vJLswoyE3M2Sgr6xrbjfdfX
+CvraYrU1lZJUSylld53duXyONpJAAHpHsOldNBV9jMepv3Gs5jC1M6RmXfsiCocB
+ET85/YZPPuT04PbXWVh0PqG83u52qS93E2mektMUZEccM7gBZ3Y8+nk4AyeRxnIb
+pZjTBlUI8pXAf32Z98fv+/xnj89Yoqd5aaeUFVjiUFizY9zgAfk/t/r0eQCMGKwS
+pyJuxXaqhWUo3raQyBsAYcggt/rgnHxz0l9V1XXZyL1b/MrrqGorY6aeQmRmiWNW
+cIqknAOPZQPfrDJZ7ukUFVNRyhahBMjSD7lOSHOfhsMQT7gEjI6k2rtC618Q1U94
+0Rpi29rezlvRqO0192OyOqo4PSFggUiScyOCpPEfBDP95Awdyeyt90zWy2qLXVJq
+Gqwhl2UskQZiAJCHyQV5RVJ9TZACheOqJs3iMH6YqMrz9hG80J3JazXinqbkgq4a
+GMPSwSLuVp+QJGHztzwMhR+CT0a2jLTR6k7Nz6w1LW1t9u9xZEo7ekBaGOPO8UyQ
+ggzPK3rMWQhCqZSYwAY2EoZ6KvkeVlekiqPKlnjw6Eg87fbfj34/8HqYLw3Vdiqu
+wdFUVex6iqpXgtVplcxzLRKT51bVSDJp4HbO4j1PtAXJIwUmc4EP6Bg4KP4jQ6C7
+L3fWGvWuF/oQ12u9dIsNVPU+a4CNgiJlICQoBs3KBvKsVKgJgsO6XYy41PYx9D6G
+aOC3y1lMtyWniPlilhHKPswXYk7tn7DPwvRP6etVmsui3elkhgrq5ctUfSLE1PAB
+6cJzsQADavx+Wbpq713Ei0XpWptViaV6quqJWhpVDGpmwMmVieY4zg8/GCfcY6YB
+AFI75jE6hsIMTg9H1/avtP3asdl03CNU64+mRWjoEH0drjUbS7sR5YkJ9JYgsW9C
+gKPVr98bRqruHJO41MtZq66xPFOLfVMyW+nUhWQS7QRwQHmC7mdhGgHpTrStWh9a
+1errperpTtZdMyMn0tjoZhHV3NjjLOzY+mjONoY4ZY9zDazrtZjX9P3SFyupsF3t
+1JW110pbX59r/wCVtNmY5jjknrmxDTYDbYk3F0BZ9vmMMELXqnEvayqpY+Jw187E
+dord/C011F3AutLovvjoa91H+E61K2EPfKeXypvoquPJ3sjeeUYcx7wCzL7pPbrV
+cPdPwMWDTo8mXWulaispKJ/JMr1sE0LMzSK/+a6HEgLHCMiHG4gOH/de8mvvkOlY
+K8akrrOZoKyupDupWdZCc0/GfLKjJZvUzcknA6WOyfdJ+1d9t17paIPWLXrG9VVD
+ctPG6lWaOP3d8MSCeATnGQuAa9a7yD2nmWerfKDjE4q9326VtktVJU1z1OpHilpJ
+1lyrU8fntIySO/3EuzljwBgg5IOOZuEtFDUirGJYUiMNGjyF3mCjb5rMQPTnOAAB
+gAfBPWpeaWqlvlXiHy3jV5qgOyq6guTmT8Mcj0+/sMdLt2t8iaamraihpYK6domF
+LBKNlMjR5XIJJBIxhCeMk4PwtOAYNktG/Zi8jMTkk5PVvW4tBVGjFRsAiIyrFwMj
+OMjn/wDYP4PX2roKu33MUtUgiqcKSgcErkZAODweRweR8467M5pdfQCTgDJ/brfr
+be9BN5c88LzZIKxSCTH75HHvx7/H4xnRBZHO1sHkEqepJJs+8OodQUffSxdq7JQ1
+VTd7xHFHpfT6QiCC6Ljakhm4SOmRUIEQ2napyApwzddwvCX3kuHeGr1Fr7VNqsdt
++kiD0elZGqPLBQIdskqqqs+SC4Usc8Ag5LsRauqE8ZVg7XahobjSa7sNRUVVbtpw
+QiOgQVKTnlxKr7VCbiNxXgqdx861l04nZepe5xyG1S26anrK9N0brIRt8uKTJ/U3
+HBkXJU+lctnBopZya0bAHtHzlT63GcyHC3+EXTmqNE32HSRepajHki+X2slUQy7g
+BHBEm0SlmPJwRz7Ac9NBYajuZ4WO5qW3UtAn8rukwkeomAkhkkiJVAxYFXEblZMH
+KEqPvAKnoNQeK3WlDqg2KGtscFr0xcdlJVR2t1a7rBPmIGNf09ykB2zhWdQW3faU
+rvB4m7V3goIVvFuqLncGpRFDDMqxQQzOAPNcjJk2ZO0H3bLH+kDQVVIMhsH65zBx
+ZWW2QhSPz+ZJ7pC+33W/Z28JQRz096kovqC9Rl6ubf698nyJXj3YTJZA3JV2O1xu
+6SXnSGktMX3th25tOtu4twhWRBdqnyIKFdm5S2B/mIihvLJVY8Avgqi9Nd4X/JqO
+y9n7hUGpYrTUabiFLDLUYaC4jIUwDdy8m4BRLySRxkKMGvp3U+idUXiquMdtl01e
+6sYutDWwbZ1RicNEjezyH7Bjc27e3xhk1JrOCYd8cvgyEXVeqfF9LreoqL7pR6a9
+32sWO0Cln8wUzo4YskSsUlUqFTbICuCTjLk9KF18N2uprFEO8feCognvN4e4T6Rp
+TI1NJVyH9SQwxYjUhsA7FG7G1CBkrNk2kbHU6lWttFthasSMw+aVVxbk922k43OB
+nJ4GRgkDcemW1raNMx2yuvMlBJXzVdMaShWWl8408DZHoUDdLNKBhRwvqLHggNVF
+TkMT/Jm6V02H/Jlj/uRHaw0F250r2zudHo2KQUjBXlvFTTq1TX4PJij+1EZiQqjI
+wBktlQea7JeErvT301tWUfa/RMnn0itU1+rNQMYbdQyf0wxzbSrz4ZTtUMVJyQMD
+EnXZjse/djxz2ui1TZXotF2qikulfFMobzTHhIkDr6VG9jwpP2uQTkEScaz729pu
+xXZ64xmeht1ostI6UNBbmRvNdBkxoifIJ9R+CeT0F1OoYLWPEF6wbsERe32xPI14
+h+3tv7W+PHuD21t08typLHdxRsY5WkaScRoZVVmBZv1WdQSCxGMjPXIalnelp4IU
+hEsMkjbolJ2bgMNEpyS7DjzHBPPp3ZyelvvP3RXub4vNedy/p54p77fJ6zbJMvmI
+jHaq7k4yVAyR7DgEn1HgqvUH1zz1NVSlsU6U9IkYCRQKv9AH/b7kgYJzycE5UjOO
+YiYjY47RLN1qJ68VEzkzgYRUwiLgDbwPgYHA/AHWlHMUeWZ1M1QTwzHO0n3Y/k9a
+pOWJPuf26uziEgEHJ9sc9WmczGnf6Xz2yIySFYj7sf8A389YAcLwBn89XmaT6cxB
+isZxuUHg49v/AD1jDFc4xyMcjqST0lVNPNeP4g0V2ell/kcVpElPLVwoi0KOwRhG
+2N4aXlVQZZcM2AeenV8WtFqi5eB+6Lp2WisFwjpZf5fJUt5K2yJIyN8SLwJgueTh
+YwTk7iSELQ2pqK++KDUz2u3SVn0E62mzyVRIp4/LQPLIpIy7AsN8pGOQo/pXo0h2
+4W96JSm1W8Woa6f0+WYwIKdfcBVPBK5/q4HJA3c9OUdWJc+Y4twuAZ4v7lE1JVT0
+VQjNXxVDedMZCQ3twAQPnJ3fOR/dKBIORwejR8a/ZWq7VeMHU1JbLTUxadep85at
+432vLLlyckfOCcZzjJwBgdBiY3EAkK4QnAP5PSp1KtgxSRgwg+1PfPVujbpZaI3F
+ZrZbpjJSfWsZI6AEYZokJ2h/w2CQfbHv0ftF4oNH1el7TepLxWiptg5eaYLW3apf
+1MQpbKptwA7cKqljyyIYfw7eWI84TOcY6dTS1BeHvNsp9O6dOpbzcP06KNYDO6YI
+LOMH7h+4wvuf2Y09RcwCdwIRVc1Zk9ejvEPRag7dR/Xn+WwLtSSCWNnepdvsgiUj
+MjEeptwODgH2x0Q9HPp6t+gp7tcqAVdw9dSZKwK9NEw5UOTkM3sWHJAbAwvMXnZz
+sp3Lm1HZ9T2e7U2naahhFORcZ5qmnoo/ud3IKxtIcklI2YgYB9TkjpK7tD/izvlL
+crxrW96w09bZStVW0lClElZVhsNGkoY7sD0uVwieiNSSNha/t2LHAjZuoGOBiSsa
+pr+3WntDy2Sluto01aTAZLrfJ69KVUpwvqEZJAChMDGcKuCcscGAnxaeJLROraqv
+0X2sqJ7jYFBppLiA8cLxqftjLHdIrHLFiF3Ej3AwW58TWorRQ6nuGlbXQ7bsJdtw
+laoknSjiB9FNC0hJ25ALye7uTtO0ZYOf36XdTc1TGpT9Yut6hzlRK6yOR5aIrllA
+yRjABPv1j6rpNAJcylCuSDkZwDn/AH6t6rqupJK6+gZYDIH7nr58dXEjYAFwfk59
++pJPRl2r7gpb++0s99iWm1BJc8NY4FLvTDAaJTt+/CENxwGLsSzKWSWnTeo6K6aa
+oZ6RfLrKmnzCOCIkA5I+M45x7/nA68+vbvUlfWwPJS22nXWN2togM1PUBquo3K7w
+QK+QqkxhlmkHojRdvqP3S29jdd1k3bvS9PdEjs8qU0dNWUsYAIYekxxBjv2gjO4j
+Lkg/6MVxYvaN7l3GwnU+IXstbe43Z6tb/DFBd7w1NLFTSVEHmrTRuPXKU95ZmwAM
++3/t68o3fXtPVdre+V10/FDUy0EHKTzMHL84Y7gAD6sjjIBBGTg9e2Bo5LhaZEh2
+mlKlWQjiTjGzIPt8H/bPv1Ed45fDXTXLtxedZ6f0/JVallYQxVMEILgOcE8+lEQE
+gewHLYwADumOorNbfMO0Vk+DPNEqlpVXIBJxknAHRA9iNW3q2d1EsFoikrJ70UoR
+SUIZZKz/ALY2YFcRZG5+VDD7vTnDYa70bWaH1obNWO8ziIOJWhaNZOSCVDc7cjGS
+ATj2Ht1zFvuFba7mlXQVUtHUKCBJC5VsH3GRzyOl9bNRaD5EinVsyR+19/LnpXvb
+Yu3mobzs0ZUO1PWVNNI5SI7sbYsEMYw2V38b2y3pA9Jw697mUui+wS3G0eTTPWRC
+n0oTEqiIeWQs4jxghV3MrsMKPWASyjqGrWncfTeou0lnpqO1CHVTOTcq2UEkIg2x
+xqRhQMc7VGBzzyetO+94dV6i0skmoLpLeqryUpKYVj7hFCnuoUcbWbDPkZchVOVU
+g+lH6hVXsp9Xkf8ADNWf1Tne4uoaa7a1uKUtdNdYWqWmnrZxiSsmIwZD7+key5J4
+/wBSS25CiJSGy5JyMe3V80stTWSTzO0s0jFndjksTySesXXlrHaxyzdzB5cNmxsg
+lv6cHjq3qulOmkt0VrnMlO1VWMmE3yFEjBBBIAILMDtI/p98g9ZyRM6+59OPjr51
+XUklyAEldpZjwuPz1TKUmZHBBU4YfI6+rtAYkkMB6cfnqzqSQmPD73QbSnd3SCXV
+3qbdb7lmOljBHnLKNp3sOSkZxLtORhTgZwRLr4f+4b038QCn0bQXGs1bbKuDFPqG
+cFqioM+WSo2LyiqML5h55jVB7FoFdKXr/DevrbfjTCsFFMJTTMSFnHsY2I5CsCQf
+2z1Jj4OteXas0Jq6saop7DbrYf8A1K7CP1xU2d8EfmZBz5hZVTJaRn5KqvBFTYOD
+GND5BQz0v6Hu0dXYxTbBDHSxhZcuGwR7jI4yMc4OAcqM7Set3WdmoL/oyamqofq6
+cqSlOVyrtg+4+f8A4+MHnpn+zeuLFd+1NorJ7lS22ongRZoKt0hfzggyhU4AKLjc
+BwCcfsHjl1BYXllha9W4qyFEWO4xGQnjI5b3PyfgdXPpt2EEcYYzzdfxBfDdS6Up
+rfqmy2ysrKyNneulRAxWIlmJkKjGSzJwMLFGgABLDMQjeX5QADeZk5z7Y+OvYr4p
+9D6Y1h4XdV0sj0LUrW2Qy/TFJWkbGEUJn9Q5IwDwSMkY468fF2o3t+p7hQOVZ6ep
+eJijhxlWIOGAAPt7gDrXqmWwiweZVhwCIn59OPjr51cuBu3KTxxj89UuA4LKSPkf
+npfM5b1XW7NSrDRxSvKnnSDd5K8lV+M/gn8fj39x1q7XkkO1MnkkKPYdSSWqQJFL
+ZxnnHv1tvN9TIondykcXlwe3pAPAP7cnPWu8bIVyrAFQwyMZB6vaoqGt0VI0rtTR
+yNJHGT6VZgAxH7kKuf8AQdSSY2YhPL4wpPt8/wB+vrsWCDIwqjGBjrHg/jqsH8dS
+SV1XVYP46rB/HUkn/9mJAUEEEwECACsCGy8FCQeGH4AGCwkIBwMCBhUIAgkKCwQW
+AgMBAh4BAheABQJPR85KAhkBAAoJEF/yoWFKa6qtum4H/2GTkfeVkGjJU4RA5eOl
+/rPWO6aUTy8ZKxl8sh9cLXBbclKDQ1SqU6JBbwk/VvuVUJkNtGzeT8VYE6aA3QNA
+cOP+rTCzIqD/3kZGKSgQE80BE1K2lL/n5Ud2LV7QCymiLAnoHooLXLEQGU+SPsD/
+Y3Z3Y3z8M8Nyasa6xVRfTD2coIvUA+G4ubch3AxHLzmuhqUuxvr8s180qmpLz5FO
+OoWX+hlhZzS2dQm46o3Qsau1+bx5dvZwrevAOU/ot2k4+cxc1FQMQgEVry49D0VI
+AoD7DAE9P1orU2WACd+0W47mWQIyhyIZ6C6r/EMzIX1wfmsFsj8RZOQiPusUXXQ7
+joO5AQ0ET0YK3wEIAMvNE42CufNUAzkijz7iruW1G2IJkvUw0MEiFAZpEoiEk7rU
+r6Wm/8m7oz9VwhLLsvFd9wyGOZC2NZPsotMcgF0GE4MYM5QrPdby/muQ2LahRk8q
+hVgNdP0fQ2EEEABnjf2Liuvkauoe9EYw37vT1QZLv+cWXd570R5pVSiIKYtY+ZnW
+uC3Ul8torSZ7yTMG1kKheVf5qDvyecco1VmXa3EpzyY170hQcQ8RIj5kgm2NnqSC
+TajdT6XLNw5Y1ZeHDsfdNlI/vAQRmTEp/q16jU/LmfU+jqmVPj0HHbwMKa+BioY9
+g48anrSFNgZtRJNZLuwbB1WedYEJY3qjNXGnqrEAEQEAAYkCRAQYAQIADwUCT0YK
+3wIbLgUJB4YfgAEpCRBf8qFhSmuqrcBdIAQZAQIABgUCT0YK3wAKCRCIVfuxa8QS
+Q2OYCACuS0W+pLNKBvL2EDVC1obss8rDB8DiZlT9qWAtYWam3/j3yrNWMiyGv4JI
+44ZhXrSFQxcSTEV9eP//vnmsRELoS7YwFurjxEIwExYEJF8uamFOa+3jlieT4Zvj
+91xIwbLxQ7Pjl4W27OVUKJKEu0dmHqQWu6KXmgIyKW+TNx9z7pYx3HA5Cn9h1vL7
+aM9Bc8xXEKGAA90BOpUOAM3hSdbzymlaExRwoUcKMMHnPi8a+bX4NFzXZhUkO2Ud
+PJk7Q01UMvcq6CEy2PRQCRauiE9sltNgx3N0i4yCqXyml6EY9h9v0eoPn4onDLLt
+EFqYTe7ZlhO+lLlwShgvfTYdyCDGNykIALw1PaLW1uG2S7kjftPAejab2UKquQTD
+l7IIUFvHy8tjnJ3gtpK8NIypEyjsm5MhbZPFlmdfRyG/Mr9jVdWTdsBxfrGzUic8
+ggFrR4BL/zwCOC8WntlatAICIdk8HyLAzf/iKi0soVG4QtOxb7aBR6K2PQWfE3SN
+FZ6/PmmT3aCovwTlCGN0epMnZeUQ0cN5La5ea93wgzR04YBC5SH9pB/mGcN4OF2g
+/skXkg6DbDaFUrv3/nKnIzFptjyC+qKKV5976/BhvTDUbKQjDLx0ELYKgzfcr+5t
+Yr1aTjn6KMAcsSmMcYdcrJKClIdqQnzQEKRbANJygs+a1XSAB21NKdQ=
+=RtWL
+-----END PGP PUBLIC KEY BLOCK-----
+]]></programlisting>
diff --git a/share/pgpkeys/pgpkeys-developers.xml b/share/pgpkeys/pgpkeys-developers.xml
index 87da907016..b956f79f0b 100644
--- a/share/pgpkeys/pgpkeys-developers.xml
+++ b/share/pgpkeys/pgpkeys-developers.xml
@@ -551,6 +551,11 @@
&pgpkey.pfg;
</sect2>
+ <sect2 id="pgpkey-girgen">
+ <title>&a.girgen;</title>
+ &pgpkey.girgen;
+ </sect2>
+
<sect2 id="pgpkey-pgollucci">
<title>&a.pgollucci;</title>
&pgpkey.pgollucci;
@@ -576,6 +581,11 @@
&pgpkey.jamie;
</sect2>
+ <sect2 id="pgpkey-wg">
+ <title>&a.wg;</title>
+ &pgpkey.wg;
+ </sect2>
+
<sect2 id="pgpkey-bar">
<title>&a.bar;</title>
&pgpkey.bar;
diff --git a/share/pgpkeys/pgpkeys.ent b/share/pgpkeys/pgpkeys.ent
index 07c08d9e09..1f99e06059 100644
--- a/share/pgpkeys/pgpkeys.ent
+++ b/share/pgpkeys/pgpkeys.ent
@@ -134,6 +134,7 @@
<!ENTITY pgpkey.gerald SYSTEM "gerald.key">
<!ENTITY pgpkey.ghelmer SYSTEM "ghelmer.key">
<!ENTITY pgpkey.gibbs SYSTEM "gibbs.key">
+<!ENTITY pgpkey.girgen SYSTEM "girgen.key">
<!ENTITY pgpkey.gjb SYSTEM "gjb.key">
<!ENTITY pgpkey.glarkin SYSTEM "glarkin.key">
<!ENTITY pgpkey.glebius SYSTEM "glebius.key">
@@ -398,6 +399,7 @@
<!ENTITY pgpkey.wen SYSTEM "wen.key">
<!ENTITY pgpkey.weongyo SYSTEM "weongyo.key">
<!ENTITY pgpkey.wes SYSTEM "wes.key">
+<!ENTITY pgpkey.wg SYSTEM "wg.key">
<!ENTITY pgpkey.wilko SYSTEM "wilko.key">
<!ENTITY pgpkey.will SYSTEM "will.key">
<!ENTITY pgpkey.wkoszek SYSTEM "wkoszek.key">
diff --git a/share/pgpkeys/wg.key b/share/pgpkeys/wg.key
new file mode 100644
index 0000000000..e2438b61f7
--- /dev/null
+++ b/share/pgpkeys/wg.key
@@ -0,0 +1,50 @@
+<!-- $FreeBSD$ -->
+<!--
+sh /usr/doc/share/pgpkeys/addkey.sh wg CFC460C5;
+-->
+<programlisting role="pgpfingerprint"><![CDATA[
+pub 2048R/CFC460C5 2012-09-28
+ Key fingerprint = FC40 5CD8 0879 7F50 0036 D924 D9F7 8B27 CFC4 60C5
+uid William Grzybowski (FreeBSD) <wg@freebsd.org>
+uid William Grzybowski <william88@gmail.com>
+sub 2048R/05577997 2012-09-28
+]]></programlisting>
+<programlisting role="pgpkey"><![CDATA[
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFBlilQBCAC3KOf/7RxT6pjifT4C8KtW785AUl4iNKMj4OH1SYL9XjCNiGA4
++XQhOybsHZw404W1egVHJWQVNgHgKcP1HYi4D7UTK+XSvKpyCSw6BGSgY0bCnDgR
+SPmGDdTlOe1HPqSt3T9cAaQKpGqyWLoP+U7aFIG+XV45N+ACIopdnA8ogCl4HQwo
+yRWyunCuUgzVYwIq6t7iza4qW1NUsE7JzCw71i/R9QPCWjRD0nNS5YyPmCQvWPgx
+rzOIjXfMoJZPPq6qbrotHg4GHau0dFBhDL/7faK9W69wILgLfmYqjNAKPqbRsmVl
+3FEOPw3/rXTgtOkuVW7CyIFLT3i6fGaezT0nABEBAAG0KFdpbGxpYW0gR3J6eWJv
+d3NraSA8d2lsbGlhbTg4QGdtYWlsLmNvbT6JATgEEwECACIFAlBlilQCGwMGCwkI
+BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENn3iyfPxGDFmDQH/0tnel9kLZOWFo4A
+DiByIM80CDHrHGmiKJR3xvvzlANMnbzMCJFTjvFLjY43hNJbZSr53MvDJjIF2rU3
+MPAQUiJX6no/5rRwhWR/vaaMSIha9vrBR6iPsRxVU06XpWSY4Are0dtT7Uhtl24d
+1hfc/2iHG+E5fnPOi3Bk3k0c00EeH5xeDKLStyi59nkoipy6SSPhS8DAMoAhmw0C
+Kv7dIs7aS6NXxOx6p/8/dQEcGhPr0eOCQQjDBn/NYxv+wjF7Wswl4hlnP00Pofjh
+zPqPebJgODAytcWrsSXM+6psETkSNHiW0qA5gOCYPa5eh/bACJyQZo7X4St81rUu
+BZDQ+tu0LVdpbGxpYW0gR3J6eWJvd3NraSAoRnJlZUJTRCkgPHdnQGZyZWVic2Qu
+b3JnPokBOAQTAQIAIgUCUVrk4AIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
+CgkQ2feLJ8/EYMUFhgf/aKiIXsxOrFNbFgrNN+RLhtUuqLIt2a3AQWdwx4m45Hw7
+dMDtZ65QuoT8ChJmXKDEM8R+hK0uiHqvcN8NlI2sUiE6NvJlwhtlonH/t5hbUmIM
+1KdA2n8dfqErdB1A+G3sBb2+ySZU+O9h/VXAlsmR6g00Et3l4wI67VNIFdo4T0GO
+EN6k6uzHqftlBrY86hC+5Sjxgd8pK9x2bKYAioJkDSdqjN8PuKImyRoU1MYmWdOJ
+Uq9Zle7RfKLZ7HKfiNEWIzSOzPf0AsLQ4XRiHsGQLtTLX4pVGuto8VsY7orgn9KR
+Z9/Q9t+5wtV9j7/2KvUncRHsrHyI685ucyjGhbc8o7kBDQRQZYpUAQgArPu98lfF
+9vQKLtOeM/y9Xm2FyqWqFhdL0IXD2hNDpEYtdkZoy58j+U6yJSQLwNge32SMgJ9l
+ZeQSR8hNUBRrRbeQc02/0oMmF1HKftuO8EE6T/e5IK+P6Ys9z/wAsLjgL98P7wVS
+omefIiBs6JkcvVsuEej1gCNB8ih6gX1+OUd1Yk2vdr3sfORCHVvu2RgJeq0o0ixy
++68iiUR0zhWIZ1FKkhsJhBe0/vrr8+BFUgnArWDMEzw6jViYF6IJ67+D5Zl2RxME
+4ExHGMzRmIHv23p2g+tb+5Pi+xzZgVHYW/lIQvQL5KS6YxJy5Y3ZZyUI9dWuY8oi
+gWQG2M8pzTyRhQARAQABiQEfBBgBAgAJBQJQZYpUAhsMAAoJENn3iyfPxGDFd7gH
+/0SqvDUIpQHY6sKq5+D3+ta2tiZCLsjebaD0QevQdnhmd+KasNlsi4tTBwUJ5flV
+F/FYFiiv9EeRRxsisvlr8t4IuB5fQrNcnsHSNXHYVyhiF0lLqzE0zzr+4Pii4/mC
+1e3/QlchruGqOucTg8a884TiWpbp11/ai3G93umyDDvtDy5xwvf4UJNZP3G3vhFK
+GTRlOJmFDgXlsJpBp6E5+R4K7atv20WrZ+ZqPeCnXaNi1OhVxhqG+D61uInye9rn
+zRZJQDc3vCGTuMx2cEWPUIoURs17+TS+sSPQ9YQFKUBERwjh0tFd7DH+AGcf5yYH
+oMxesc54A/7tC1WbOAgS8gM=
+=ZnO5
+-----END PGP PUBLIC KEY BLOCK-----
+]]></programlisting>
diff --git a/share/security/advisories/FreeBSD-SA-13:03.openssl.asc b/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
new file mode 100644
index 0000000000..65bb9cd51f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:03.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSL multiple vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2013-04-02
+Affects: All supported versions of FreeBSD.
+Corrected: 2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7)
+ 2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+ 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name: CVE-2013-0166, CVE-2013-0169
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II. Problem Description
+
+A flaw in the OpenSSL handling of OCSP response verification could be exploited
+to cause a denial of service attack. [CVE-2013-0166]
+
+OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and
+DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169]
+
+III. Impact
+
+The Denial of Service could be caused in the OpenSSL server application by
+using an invalid key. [CVE-2013-0166]
+
+A remote attacker could recover sensitive information by conducting
+an attack via statistical analysis of timing data with crafted packets.
+[CVE-2013-0169]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated dated after the correction
+date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 8.3 and 9.0]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+[FreeBSD 9.1]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc
+# gpg --verify openssl-9.1.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the all deamons using the library, or reboot your the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r248057
+releng/8.3/ r249029
+stable/9/ r248272
+releng/9.0/ r249029
+releng/9.1/ r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+CVE Name:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P
+4RMAn22ppeZnRVfje8up3cyOx/D8CCmI
+=rQqV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-13:04.bind.asc b/share/security/advisories/FreeBSD-SA-13:04.bind.asc
new file mode 100644
index 0000000000..b634f134e5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-13:04.bind.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:04.bind Security Advisory
+ The FreeBSD Project
+
+Topic: BIND remote denial of service
+
+Category: contrib
+Module: bind
+Announced: 2013-04-02
+Credits: Matthew Horsfall of Dyn, Inc.
+Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x
+Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)
+ 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+ 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name: CVE-2013-2266
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server. The libdns
+library is a library of DNS protocol support functions.
+
+II. Problem Description
+
+A flaw in a library used by BIND allows an attacker to deliberately
+cause excessive memory consumption by the named(8) process. This
+affects both recursive and authoritative servers.
+
+III. Impact
+
+A remote attacker can cause the named(8) daemon to consume all available
+memory and crash, resulting in a denial of service. Applications linked
+with the libdns library, for instance dig(1), may also be affected.
+
+IV. Workaround
+
+No workaround is available, but systems not running named(8) service
+and not using base system DNS utilities are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named daemon, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r248807
+stable/9/ r248808
+releng/9.0/ r249029
+releng/9.1/ r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://kb.isc.org/article/AA-00871
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu
+1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI
+=BX1M
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-13:03/openssl-9.1.patch b/share/security/patches/SA-13:03/openssl-9.1.patch
new file mode 100644
index 0000000000..a6cd30940f
--- /dev/null
+++ b/share/security/patches/SA-13:03/openssl-9.1.patch
@@ -0,0 +1,3891 @@
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES (revision 248771)
++++ crypto/openssl/CHANGES (working copy)
+@@ -2,6 +2,35 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
++
++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++ This addresses the flaw in CBC record processing discovered by
++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++ at: http://www.isg.rhul.ac.uk/tls/
++
++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++ Security Group at Royal Holloway, University of London
++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++ Emilia K�sper for the initial patch.
++ (CVE-2013-0169)
++ [Emilia K�sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++ *) Return an error when checking OCSP signatures when key is NULL.
++ This fixes a DoS attack. (CVE-2013-0166)
++ [Steve Henson]
++
++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++ the right response is stapled. Also change SSL_get_certificate()
++ so it returns the certificate actually sent.
++ See http://rt.openssl.org/Ticket/Display.html?id=2836.
++ (This is a backport)
++ [Rob Stradling <rob.stradling@comodo.com>]
++
++ *) Fix possible deadlock when decoding public keys.
++ [Steve Henson]
++
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+Index: crypto/openssl/Configure
+===================================================================
+--- crypto/openssl/Configure (revision 248771)
++++ crypto/openssl/Configure (working copy)
+@@ -162,6 +162,7 @@ my %table=(
+ "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
++"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+ "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+@@ -172,10 +173,10 @@ my %table=(
+ "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+ "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+ "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+@@ -428,8 +429,8 @@ my %table=(
+ "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+ # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+ # at build time. $OBJECT_MODE is respected at ./config stage!
+-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
++"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
++"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+ #
+ # Cray T90 and similar (SDSC)
+Index: crypto/openssl/FAQ
+===================================================================
+--- crypto/openssl/FAQ (revision 248771)
++++ crypto/openssl/FAQ (working copy)
+@@ -83,7 +83,7 @@ OpenSSL - Frequently Asked Questions
+ * Which is the current version of OpenSSL?
+
+ The current version is available from <URL: http://www.openssl.org>.
+-OpenSSL 1.0.1c was released on May 10th, 2012.
++OpenSSL 1.0.1d was released on Feb 5th, 2013.
+
+ In addition to the current stable release, you can also access daily
+ snapshots of the OpenSSL development version at <URL:
+Index: crypto/openssl/Makefile
+===================================================================
+--- crypto/openssl/Makefile (revision 248771)
++++ crypto/openssl/Makefile (working copy)
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+
+-VERSION=0.9.8x
++VERSION=0.9.8y
+ MAJOR=0
+ MINOR=9.8
+ SHLIB_VERSION_NUMBER=0.9.8
+Index: crypto/openssl/NEWS
+===================================================================
+--- crypto/openssl/NEWS (revision 248771)
++++ crypto/openssl/NEWS (working copy)
+@@ -5,6 +5,11 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
++ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
++
++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++ o Fix OCSP bad key DoS attack CVE-2013-0166
++
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+Index: crypto/openssl/README
+===================================================================
+--- crypto/openssl/README (revision 248771)
++++ crypto/openssl/README (working copy)
+@@ -1,5 +1,5 @@
+
+- OpenSSL 0.9.8x 10 May 2012
++ OpenSSL 0.9.8y 5 Feb 2013
+
+ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+Index: crypto/openssl/apps/Makefile
+===================================================================
+--- crypto/openssl/apps/Makefile (revision 248771)
++++ crypto/openssl/apps/Makefile (working copy)
+@@ -176,703 +176,720 @@ progs.h: progs.pl
+ app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-app_rand.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-app_rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+-app_rand.o: app_rand.c apps.h
++app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
++app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
++app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
+ apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-apps.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+-apps.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+-apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
++apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++apps.o: ../include/openssl/engine.h ../include/openssl/err.h
++apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
++apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
++apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++apps.o: ../include/openssl/x509v3.h apps.c apps.h
+ asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
+-asn1pars.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-asn1pars.o: asn1pars.c
++asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
++asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
++asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
+ ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ca.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ca.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ca.o: ../include/openssl/x509v3.h apps.h ca.c
++ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ca.o: ../include/openssl/engine.h ../include/openssl/err.h
++ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ciphers.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-ciphers.o: ciphers.c
++ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
++ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+ cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-cms.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-cms.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-cms.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-cms.o: ../include/openssl/x509v3.h apps.h cms.c
++cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
++cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
+ crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-crl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
+-crl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
++crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++crl.o: ../include/openssl/err.h ../include/openssl/evp.h
++crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++crl.o: ../include/openssl/x509v3.h apps.h crl.c
+ crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
+-crl2p7.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-crl2p7.o: crl2p7.c
++crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
++crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
+ dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-dgst.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dgst.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
++dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
++dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
+ dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
+-dh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dh.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
++dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dh.o: ../include/openssl/err.h ../include/openssl/evp.h
++dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++dh.o: ../include/openssl/x509v3.h apps.h dh.c
+ dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-dsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
++dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
++dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
+ dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsaparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
++dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
++dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
++dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
++dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
++dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++dsaparam.o: dsaparam.c
+ ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-ec.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-ec.o: ../include/openssl/engine.h ../include/openssl/err.h
+-ec.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
++ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++ec.o: ../include/openssl/err.h ../include/openssl/evp.h
++ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
++ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ec.o: ../include/openssl/x509v3.h apps.h ec.c
+ ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ecparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ecparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ecparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
++ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
++ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++ecparam.o: ecparam.c
+ enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-enc.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+-enc.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-enc.o: ../include/openssl/x509v3.h apps.h enc.c
++enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++enc.o: ../include/openssl/err.h ../include/openssl/evp.h
++enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
+ engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+-engine.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-engine.o: engine.c
++engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++engine.o: ../include/openssl/engine.h ../include/openssl/err.h
++engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
++engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++engine.o: ../include/openssl/x509v3.h apps.h engine.c
+ errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+-errstr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-errstr.o: errstr.c
++errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
++errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
++errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
+ gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
++gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
++gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
++gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
++gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
++gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++gendh.o: gendh.c
+ gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+-gendsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-gendsa.o: gendsa.c
++gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
++gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
+ genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-genrsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-genrsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
++genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
++genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
++genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
++genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
++genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++genrsa.o: genrsa.c
+ nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-nseq.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
+-nseq.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
++nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
++nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
++nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
+ ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ocsp.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
++ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
++ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+ openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+-openssl.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-openssl.o: openssl.c progs.h s_apps.h
++openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
++openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
++openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+ passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+-passwd.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+-passwd.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+-passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-passwd.o: passwd.c
++passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
++passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
++passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
++passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
+ pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs12.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
++pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
++pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++pkcs12.o: pkcs12.c
+ pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs7.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-pkcs7.o: pkcs7.c
++pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
+ pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs8.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
++pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
++pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++pkcs8.o: pkcs8.c
+ prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-prime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-prime.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-prime.o: prime.c
++prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
++prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
++prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++prime.o: ../include/openssl/x509v3.h apps.h prime.c
+ rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+-rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-rand.o: ../include/openssl/x509v3.h apps.h rand.c
++rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++rand.o: ../include/openssl/err.h ../include/openssl/evp.h
++rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
+ req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-req.o: ../include/openssl/err.h ../include/openssl/evp.h
+-req.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-req.o: ../include/openssl/x509v3.h apps.h req.c
++req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++req.o: ../include/openssl/engine.h ../include/openssl/err.h
++req.o: ../include/openssl/evp.h ../include/openssl/fips.h
++req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++req.o: ../include/openssl/stack.h ../include/openssl/store.h
++req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++req.o: ../include/openssl/ui.h ../include/openssl/x509.h
++req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+ rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-rsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+-rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
++rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
++rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
++rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
+ rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+-rsautl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
++rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
++rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++rsautl.o: rsautl.c
+ s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_cb.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
++s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++s_cb.o: s_apps.h s_cb.c
+ s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_client.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h
++s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++s_client.o: s_apps.h s_client.c timeouts.h
+ s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_server.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+-s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_server.o: s_apps.h s_server.c timeouts.h
++s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
++s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+ s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
+ s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+-s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_socket.o: s_apps.h s_socket.c
++s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++s_socket.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
+ s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_time.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_time.o: s_apps.h s_time.c
++s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+ sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+-sess_id.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-sess_id.o: sess_id.c
++sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
++sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
++sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+ smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-smime.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+-smime.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-smime.o: smime.c
++smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++smime.o: ../include/openssl/err.h ../include/openssl/evp.h
++smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
++smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++smime.o: ../include/openssl/x509v3.h apps.h smime.c
+ speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+@@ -880,88 +897,89 @@ speed.o: ../include/openssl/cast.h ../include/open
+ speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
+ speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+-speed.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+-speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
+-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
++speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++speed.o: ../include/openssl/engine.h ../include/openssl/err.h
++speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
++speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
++speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
++speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
++speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++speed.o: speed.c testdsa.h testrsa.h
+ spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-spkac.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+-spkac.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-spkac.o: spkac.c
++spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
++spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
++spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
+ verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-verify.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+-verify.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-verify.o: verify.c
++verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++verify.o: ../include/openssl/err.h ../include/openssl/evp.h
++verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
++verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++verify.o: ../include/openssl/x509v3.h apps.h verify.c
+ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+-version.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-version.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-version.o: ../include/openssl/fips.h ../include/openssl/idea.h
+-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
+-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+-version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-version.o: version.c
++version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++version.o: ../include/openssl/evp.h ../include/openssl/fips.h
++version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
++version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
++version.o: ../include/openssl/sha.h ../include/openssl/stack.h
++version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
++version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++version.o: ../include/openssl/x509v3.h apps.h version.c
+ x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-x509.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+-x509.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-x509.o: ../include/openssl/x509v3.h apps.h x509.c
++x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++x509.o: ../include/openssl/err.h ../include/openssl/evp.h
++x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+Index: crypto/openssl/apps/apps.c
+===================================================================
+--- crypto/openssl/apps/apps.c (revision 248771)
++++ crypto/openssl/apps/apps.c (working copy)
+@@ -2052,7 +2052,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ X509_NAME *n = NULL;
+ int nid;
+
+- if (!buf || !ne_types || !ne_values)
++ if (!buf || !ne_types || !ne_values || !mval)
+ {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+@@ -2156,6 +2156,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
++ OPENSSL_free(mval);
+ return n;
+
+ error:
+@@ -2164,6 +2165,8 @@ error:
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
++ if (mval)
++ OPENSSL_free(mval);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
+Index: crypto/openssl/apps/dhparam.c
+===================================================================
+--- crypto/openssl/apps/dhparam.c (revision 248771)
++++ crypto/openssl/apps/dhparam.c (working copy)
+@@ -332,7 +332,6 @@ bad:
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+ {
+- if(dh) DH_free(dh);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+Index: crypto/openssl/apps/s_server.c
+===================================================================
+--- crypto/openssl/apps/s_server.c (revision 248771)
++++ crypto/openssl/apps/s_server.c (working copy)
+@@ -1550,6 +1550,12 @@ end:
+ if (dpass)
+ OPENSSL_free(dpass);
+ #ifndef OPENSSL_NO_TLSEXT
++ if (tlscstatp.host)
++ OPENSSL_free(tlscstatp.host);
++ if (tlscstatp.port)
++ OPENSSL_free(tlscstatp.port);
++ if (tlscstatp.path)
++ OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ if (s_cert2)
+ X509_free(s_cert2);
+Index: crypto/openssl/crypto/asn1/a_strex.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strex.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_strex.c (working copy)
+@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_
+ if(mbflag == -1) return -1;
+ mbflag |= MBSTRING_FLAG;
+ stmp.data = NULL;
++ stmp.length = 0;
+ ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ if(ret < 0) return ret;
+ *out = stmp.data;
+Index: crypto/openssl/crypto/asn1/a_verify.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_verify.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_verify.c (working copy)
+@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALG
+ unsigned char *buf_in=NULL;
+ int ret= -1,i,inl;
+
++ if (!pkey)
++ {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ return -1;
++ }
++
+ EVP_MD_CTX_init(&ctx);
+ i=OBJ_obj2nid(a->algorithm);
+ type=EVP_get_digestbyname(OBJ_nid2sn(i));
+Index: crypto/openssl/crypto/asn1/x_pubkey.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_pubkey.c (revision 248771)
++++ crypto/openssl/crypto/asn1/x_pubkey.c (working copy)
+@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ if (key->pkey)
+ {
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_free(ret);
+ ret = key->pkey;
+ }
+ else
++ {
+ key->pkey = ret;
+- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ }
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return(ret);
+ err:
+Index: crypto/openssl/crypto/bn/bn_word.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_word.c (revision 248771)
++++ crypto/openssl/crypto/bn/bn_word.c (working copy)
+@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
+ a->neg=!(a->neg);
+ return(i);
+ }
+- /* Only expand (and risk failing) if it's possibly necessary */
+- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+- (bn_wexpand(a,a->top+1) == NULL))
+- return(0);
+- i=0;
+- for (;;)
++ for (i=0;w!=0 && i<a->top;i++)
+ {
+- if (i >= a->top)
+- l=w;
+- else
+- l=(a->d[i]+w)&BN_MASK2;
+- a->d[i]=l;
+- if (w > l)
+- w=1;
+- else
+- break;
+- i++;
++ a->d[i] = l = (a->d[i]+w)&BN_MASK2;
++ w = (w>l)?1:0;
+ }
+- if (i >= a->top)
++ if (w && i==a->top)
++ {
++ if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ a->top++;
++ a->d[i]=w;
++ }
+ bn_check_top(a);
+ return(1);
+ }
+Index: crypto/openssl/crypto/cryptlib.c
+===================================================================
+--- crypto/openssl/crypto/cryptlib.c (revision 248771)
++++ crypto/openssl/crypto/cryptlib.c (working copy)
+@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const ch
+ }
+
+ void *OPENSSL_stderr(void) { return stderr; }
++
++#ifndef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
++
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+Index: crypto/openssl/crypto/crypto.h
+===================================================================
+--- crypto/openssl/crypto/crypto.h (revision 248771)
++++ crypto/openssl/crypto/crypto.h (working copy)
+@@ -591,6 +591,13 @@ int OPENSSL_isservice(void);
+ #define OPENSSL_HAVE_INIT 1
+ void OPENSSL_init(void);
+
++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
++ * takes an amount of time dependent on |len|, but independent of the contents
++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
++ * defined order as the return value when a != b is undefined, other than to be
++ * non-zero. */
++int CRYPTO_memcmp(const void *a, const void *b, size_t len);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+Index: crypto/openssl/crypto/o_init.c
+===================================================================
+--- crypto/openssl/crypto/o_init.c (revision 248771)
++++ crypto/openssl/crypto/o_init.c (working copy)
+@@ -93,4 +93,18 @@ void OPENSSL_init(void)
+ #endif
+ }
+
++#ifdef OPENSSL_FIPS
+
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
++
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+Index: crypto/openssl/crypto/ocsp/ocsp_vfy.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_vfy.c (revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_vfy.c (working copy)
+@@ -91,10 +91,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ {
+ EVP_PKEY *skey;
+ skey = X509_get_pubkey(signer);
+- ret = OCSP_BASICRESP_verify(bs, skey, 0);
+- EVP_PKEY_free(skey);
+- if(ret <= 0)
++ if (skey)
+ {
++ ret = OCSP_BASICRESP_verify(bs, skey, 0);
++ EVP_PKEY_free(skey);
++ }
++ if(!skey || ret <= 0)
++ {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ goto end;
+ }
+@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if(!init_res)
+ {
++ ret = -1;
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ goto end;
+ }
+Index: crypto/openssl/crypto/opensslv.h
+===================================================================
+--- crypto/openssl/crypto/opensslv.h (revision 248771)
++++ crypto/openssl/crypto/opensslv.h (working copy)
+@@ -25,11 +25,11 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-#define OPENSSL_VERSION_NUMBER 0x0090818fL
++#define OPENSSL_VERSION_NUMBER 0x0090819fL
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8x-fips 10 May 2012"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y-fips 5 Feb 2013"
+ #else
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8x 10 May 2012"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y 5 Feb 2013"
+ #endif
+ #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+Index: crypto/openssl/crypto/rsa/rsa_oaep.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy)
+@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
+
+ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ goto decoding_err;
+ else
+ {
+Index: crypto/openssl/crypto/symhacks.h
+===================================================================
+--- crypto/openssl/crypto/symhacks.h (revision 248771)
++++ crypto/openssl/crypto/symhacks.h (working copy)
+@@ -252,15 +252,15 @@
+ #define EC_POINT_set_compressed_coordinates_GF2m \
+ EC_POINT_set_compr_coords_GF2m
+ #undef ec_GF2m_simple_group_clear_finish
+-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
++#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
+ #undef ec_GF2m_simple_group_check_discriminant
+ #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
+ #undef ec_GF2m_simple_point_clear_finish
+-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
++#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
+ #undef ec_GF2m_simple_point_set_to_infinity
+-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
++#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
+ #undef ec_GF2m_simple_points_make_affine
+-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
++#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
+ #undef ec_GF2m_simple_point_set_affine_coordinates
+ #define ec_GF2m_simple_point_set_affine_coordinates \
+ ec_GF2m_smp_pt_set_af_coords
+@@ -288,8 +288,6 @@
+ #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
+ #undef ec_GFp_simple_points_make_affine
+ #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
+-#undef ec_GFp_simple_group_get_curve_GFp
+-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
+ #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+ #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+ ec_GFp_smp_set_Jproj_coords_GFp
+Index: crypto/openssl/doc/apps/CA.pl.pod
+===================================================================
+--- crypto/openssl/doc/apps/CA.pl.pod (revision 248771)
++++ crypto/openssl/doc/apps/CA.pl.pod (working copy)
+@@ -39,13 +39,13 @@ prints a usage message.
+
+ =item B<-newcert>
+
+-creates a new self signed certificate. The private key and certificate are
+-written to the file "newreq.pem".
++creates a new self signed certificate. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+
+ =item B<-newreq>
+
+-creates a new certificate request. The private key and request are
+-written to the file "newreq.pem".
++creates a new certificate request. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+
+ =item B<-newreq-nodes>
+
+Index: crypto/openssl/engines/e_capi.c
+===================================================================
+--- crypto/openssl/engines/e_capi.c (revision 248771)
++++ crypto/openssl/engines/e_capi.c (working copy)
+@@ -1409,10 +1409,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx
+ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+ {
+ CAPI_KEY *key;
++ DWORD dwFlags = 0;
+ key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+- if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
++ if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
++ dwFlags = CRYPT_MACHINE_KEYSET;
++ if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+Index: crypto/openssl/openssl.spec
+===================================================================
+--- crypto/openssl/openssl.spec (revision 248771)
++++ crypto/openssl/openssl.spec (working copy)
+@@ -2,7 +2,7 @@
+ %define libmaj 0
+ %define libmin 9
+ %define librel 8
+-%define librev x
++%define librev y
+ Release: 1
+
+ %define openssldir /var/ssl
+Index: crypto/openssl/ssl/Makefile
+===================================================================
+--- crypto/openssl/ssl/Makefile (revision 248771)
++++ crypto/openssl/ssl/Makefile (working copy)
+@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a
+ SHARED_LIB= libssl$(SHLIB_EXT)
+ LIBSRC= \
+ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
+- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
++ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
+ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
+ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+@@ -33,7 +33,7 @@ LIBSRC= \
+ bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
++ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
+ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
+ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
+@@ -545,6 +545,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o
+ s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
++s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
++s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
++s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
++s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
++s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
++s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
++s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
++s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
++s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
+ s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+Index: crypto/openssl/ssl/d1_enc.c
+===================================================================
+--- crypto/openssl/ssl/d1_enc.c (revision 248771)
++++ crypto/openssl/ssl/d1_enc.c (working copy)
+@@ -126,16 +126,30 @@
+ #include <openssl/des.h>
+ #endif
+
++/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ * an internal error occured. */
+ int dtls1_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i,ii,j,k;
++ int bs,i,j,k,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+ {
++ if (s->write_hash)
++ {
++ mac_size=EVP_MD_size(s->write_hash);
++ if (mac_size < 0)
++ return -1;
++ }
+ ds=s->enc_write_ctx;
+ rec= &(s->s3->wrec);
+ if (s->enc_write_ctx == NULL)
+@@ -156,6 +170,11 @@ int dtls1_enc(SSL *s, int send)
+ }
+ else
+ {
++ if (s->read_hash)
++ {
++ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size >= 0);
++ }
+ ds=s->enc_read_ctx;
+ rec= &(s->s3->rrec);
+ if (s->enc_read_ctx == NULL)
+@@ -220,7 +239,7 @@ int dtls1_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- return -1;
++ return 0;
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -235,43 +254,7 @@ int dtls1_enc(SSL *s, int send)
+ #endif /* KSSL_DEBUG */
+
+ if ((bs != 1) && !send)
+- {
+- ii=i=rec->data[l-1]; /* padding_length */
+- i++;
+- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+- {
+- /* First packet is even in size, so check */
+- if ((memcmp(s->s3->read_sequence,
+- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+- i--;
+- }
+- /* TLS 1.0 does not bound the number of padding bytes by the block size.
+- * All of them must have value 'padding_length'. */
+- if (i + bs > (int)rec->length)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
+- */
+- return -1;
+- }
+- for (j=(int)(l-i); j<(int)l; j++)
+- {
+- if (rec->data[j] != ii)
+- {
+- /* Incorrect padding */
+- return -1;
+- }
+- }
+- rec->length-=i;
+-
+- rec->data += bs; /* skip the implicit IV */
+- rec->input += bs;
+- rec->length -= bs;
+- }
++ return tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return(1);
+ }
+Index: crypto/openssl/ssl/d1_pkt.c
+===================================================================
+--- crypto/openssl/ssl/d1_pkt.c (revision 248771)
++++ crypto/openssl/ssl/d1_pkt.c (working copy)
+@@ -327,17 +327,13 @@ dtls1_get_buffered_record(SSL *s)
+ static int
+ dtls1_process_record(SSL *s)
+ {
+- int al;
+- int clear=0;
+- int enc_err;
++ int i,al;
++ int enc_err;
+ SSL_SESSION *sess;
+- SSL3_RECORD *rr;
+- unsigned int mac_size;
++ SSL3_RECORD *rr;
++ unsigned int mac_size, orig_len;
+ unsigned char md[EVP_MAX_MD_SIZE];
+- int decryption_failed_or_bad_record_mac = 0;
+- unsigned char *mac = NULL;
+
+-
+ rr= &(s->s3->rrec);
+ sess = s->session;
+
+@@ -366,14 +362,19 @@ dtls1_process_record(SSL *s)
+
+ /* decrypt in place in 'rr->input' */
+ rr->data=rr->input;
++ orig_len=rr->length;
+
+ enc_err = s->method->ssl3_enc->enc(s,0);
+- if (enc_err <= 0)
++ /* enc_err is:
++ * 0: (in non-constant time) if the record is publically invalid.
++ * 1: if the padding is valid
++ * -1: if the padding is invalid */
++ if (enc_err == 0)
+ {
+- /* To minimize information leaked via timing, we will always
+- * perform all computations before discarding the message.
+- */
+- decryption_failed_or_bad_record_mac = 1;
++ /* For DTLS we simply ignore bad packets. */
++ rr->length = 0;
++ s->packet_length = 0;
++ goto err;
+ }
+
+ #ifdef TLS_DEBUG
+@@ -383,41 +384,59 @@ printf("\n");
+ #endif
+
+ /* r->length is now the compressed data plus mac */
+-if ( (sess == NULL) ||
+- (s->enc_read_ctx == NULL) ||
+- (s->read_hash == NULL))
+- clear=1;
+-
+- if (!clear)
++ if ((sess != NULL) &&
++ (s->enc_read_ctx != NULL) &&
++ (s->read_hash != NULL))
+ {
++ /* s->read_hash != NULL => mac_size != -1 */
++ unsigned char *mac = NULL;
++ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++ /* orig_len is the length of the record before any padding was
++ * removed. This is public information, as is the MAC in use,
++ * therefore we can safely process the record in a different
++ * amount of time if it's too short to possibly contain a MAC.
++ */
++ if (orig_len < mac_size ||
++ /* CBC records must have a padding length byte too. */
++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ orig_len < mac_size+1))
+ {
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+- al=SSL_AD_RECORD_OVERFLOW;
+- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++ al=SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+-#endif
+ }
+- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length >= mac_size)
++
++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ {
++ /* We update the length so that the TLS header bytes
++ * can be constructed correctly but we need to extract
++ * the MAC in constant time from within the record,
++ * without leaking the contents of the padding bytes.
++ * */
++ mac = mac_tmp;
++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ rr->length -= mac_size;
+- mac = &rr->data[rr->length];
+ }
+ else
+- rr->length = 0;
+- s->method->ssl3_enc->mac(s,md,0);
+- if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+ {
+- decryption_failed_or_bad_record_mac = 1;
++ /* In this case there's no padding, so |orig_len|
++ * equals |rec->length| and we checked that there's
++ * enough bytes for |mac_size| above. */
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
+ }
++
++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++ enc_err = -1;
++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++ enc_err = -1;
+ }
+
+- if (decryption_failed_or_bad_record_mac)
++ if (enc_err < 0)
+ {
+ /* decryption failed, silently discard message */
+ rr->length = 0;
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c (revision 248771)
++++ crypto/openssl/ssl/s2_clnt.c (working copy)
+@@ -935,7 +935,7 @@ static int get_server_verify(SSL *s)
+ s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
+ p += 1;
+
+- if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
++ if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+Index: crypto/openssl/ssl/s2_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s2_pkt.c (revision 248771)
++++ crypto/openssl/ssl/s2_pkt.c (working copy)
+@@ -267,8 +267,7 @@ static int ssl2_read_internal(SSL *s, void *buf, i
+ s->s2->ract_data_length-=mac_size;
+ ssl2_mac(s,mac,0);
+ s->s2->ract_data_length-=s->s2->padding;
+- if ( (memcmp(mac,s->s2->mac_data,
+- (unsigned int)mac_size) != 0) ||
++ if ( (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
+ (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 248771)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -242,7 +242,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
+ goto f_err;
+ }
+
+- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
++ if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+ {
+ al=SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+Index: crypto/openssl/ssl/s3_cbc.c
+===================================================================
+--- crypto/openssl/ssl/s3_cbc.c (revision 0)
++++ crypto/openssl/ssl/s3_cbc.c (working copy)
+@@ -0,0 +1,762 @@
++/* ssl/s3_cbc.c */
++/* ====================================================================
++ * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include "ssl_locl.h"
++
++#include <openssl/md5.h>
++#include <openssl/sha.h>
++
++/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
++ * field. (SHA-384/512 have 128-bit length.) */
++#define MAX_HASH_BIT_COUNT_BYTES 16
++
++/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
++ * Currently SHA-384/512 has a 128-byte block size and that's the largest
++ * supported by TLS.) */
++#define MAX_HASH_BLOCK_SIZE 128
++
++/* Some utility functions are needed:
++ *
++ * These macros return the given value with the MSB copied to all the other
++ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
++ * However, this is not ensured by the C standard so you may need to replace
++ * them with something else on odd CPUs. */
++#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
++#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
++
++/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
++static unsigned constant_time_ge(unsigned a, unsigned b)
++ {
++ a -= b;
++ return DUPLICATE_MSB_TO_ALL(~a);
++ }
++
++/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
++static unsigned char constant_time_eq_8(unsigned char a, unsigned char b)
++ {
++ unsigned c = a ^ b;
++ c--;
++ return DUPLICATE_MSB_TO_ALL_8(c);
++ }
++
++/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
++ * record in |rec| by updating |rec->length| in constant time.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ * 0: (in non-constant time) if the record is publicly invalid.
++ * 1: if the padding was valid
++ * -1: otherwise. */
++int ssl3_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size)
++ {
++ unsigned padding_length, good;
++ const unsigned overhead = 1 /* padding length byte */ + mac_size;
++
++ /* These lengths are all public so we can test them in non-constant
++ * time. */
++ if (overhead > rec->length)
++ return 0;
++
++ padding_length = rec->data[rec->length-1];
++ good = constant_time_ge(rec->length, padding_length+overhead);
++ /* SSLv3 requires that the padding is minimal. */
++ good &= constant_time_ge(block_size, padding_length+1);
++ padding_length = good & (padding_length+1);
++ rec->length -= padding_length;
++ rec->type |= padding_length<<8; /* kludge: pass padding length */
++ return (int)((good & 1) | (~good & -1));
++}
++
++/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
++ * record in |rec| in constant time and returns 1 if the padding is valid and
++ * -1 otherwise. It also removes any explicit IV from the start of the record
++ * without leaking any timing about whether there was enough space after the
++ * padding was removed.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ * 0: (in non-constant time) if the record is publicly invalid.
++ * 1: if the padding was valid
++ * -1: otherwise. */
++int tls1_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size)
++ {
++ unsigned padding_length, good, to_check, i;
++ const char has_explicit_iv = s->version == DTLS1_VERSION;
++ const unsigned overhead = 1 /* padding length byte */ +
++ mac_size +
++ (has_explicit_iv ? block_size : 0);
++
++ /* These lengths are all public so we can test them in non-constant
++ * time. */
++ if (overhead > rec->length)
++ return 0;
++
++ padding_length = rec->data[rec->length-1];
++
++ /* NB: if compression is in operation the first packet may not be of
++ * even length so the padding bug check cannot be performed. This bug
++ * workaround has been around since SSLeay so hopefully it is either
++ * fixed now or no buggy implementation supports compression [steve]
++ */
++ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
++ {
++ /* First packet is even in size, so check */
++ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
++ !(padding_length & 1))
++ {
++ s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
++ }
++ if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
++ padding_length > 0)
++ {
++ padding_length--;
++ }
++ }
++
++ good = constant_time_ge(rec->length, overhead+padding_length);
++ /* The padding consists of a length byte at the end of the record and
++ * then that many bytes of padding, all with the same value as the
++ * length byte. Thus, with the length byte included, there are i+1
++ * bytes of padding.
++ *
++ * We can't check just |padding_length+1| bytes because that leaks
++ * decrypted information. Therefore we always have to check the maximum
++ * amount of padding possible. (Again, the length of the record is
++ * public information so we can use it.) */
++ to_check = 255; /* maximum amount of padding. */
++ if (to_check > rec->length-1)
++ to_check = rec->length-1;
++
++ for (i = 0; i < to_check; i++)
++ {
++ unsigned char mask = constant_time_ge(padding_length, i);
++ unsigned char b = rec->data[rec->length-1-i];
++ /* The final |padding_length+1| bytes should all have the value
++ * |padding_length|. Therefore the XOR should be zero. */
++ good &= ~(mask&(padding_length ^ b));
++ }
++
++ /* If any of the final |padding_length+1| bytes had the wrong value,
++ * one or more of the lower eight bits of |good| will be cleared. We
++ * AND the bottom 8 bits together and duplicate the result to all the
++ * bits. */
++ good &= good >> 4;
++ good &= good >> 2;
++ good &= good >> 1;
++ good <<= sizeof(good)*8-1;
++ good = DUPLICATE_MSB_TO_ALL(good);
++
++ padding_length = good & (padding_length+1);
++ rec->length -= padding_length;
++ rec->type |= padding_length<<8; /* kludge: pass padding length */
++
++ /* We can always safely skip the explicit IV. We check at the beginning
++ * of this function that the record has at least enough space for the
++ * IV, MAC and padding length byte. (These can be checked in
++ * non-constant time because it's all public information.) So, if the
++ * padding was invalid, then we didn't change |rec->length| and this is
++ * safe. If the padding was valid then we know that we have at least
++ * overhead+padding_length bytes of space and so this is still safe
++ * because overhead accounts for the explicit IV. */
++ if (has_explicit_iv)
++ {
++ rec->data += block_size;
++ rec->input += block_size;
++ rec->length -= block_size;
++ }
++
++ return (int)((good & 1) | (~good & -1));
++ }
++
++#if defined(_M_AMD64) || defined(__x86_64__)
++#define CBC_MAC_ROTATE_IN_PLACE
++#endif
++
++/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
++ * constant time (independent of the concrete value of rec->length, which may
++ * vary within a 256-byte window).
++ *
++ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
++ * this function.
++ *
++ * On entry:
++ * rec->orig_len >= md_size
++ * md_size <= EVP_MAX_MD_SIZE
++ *
++ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
++ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
++ * a single cache-line, then the variable memory accesses don't actually affect
++ * the timing. This has been tested to be true on Intel amd64 chips.
++ */
++void ssl3_cbc_copy_mac(unsigned char* out,
++ const SSL3_RECORD *rec,
++ unsigned md_size,unsigned orig_len)
++ {
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2];
++ unsigned char *rotated_mac;
++#else
++ unsigned char rotated_mac[EVP_MAX_MD_SIZE];
++#endif
++
++ /* mac_end is the index of |rec->data| just after the end of the MAC. */
++ unsigned mac_end = rec->length;
++ unsigned mac_start = mac_end - md_size;
++ /* scan_start contains the number of bytes that we can ignore because
++ * the MAC's position can only vary by 255 bytes. */
++ unsigned scan_start = 0;
++ unsigned i, j;
++ unsigned div_spoiler;
++ unsigned rotate_offset;
++
++ OPENSSL_assert(orig_len >= md_size);
++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63);
++#endif
++
++ /* This information is public so it's safe to branch based on it. */
++ if (orig_len > md_size + 255 + 1)
++ scan_start = orig_len - (md_size + 255 + 1);
++ /* div_spoiler contains a multiple of md_size that is used to cause the
++ * modulo operation to be constant time. Without this, the time varies
++ * based on the amount of padding when running on Intel chips at least.
++ *
++ * The aim of right-shifting md_size is so that the compiler doesn't
++ * figure out that it can remove div_spoiler as that would require it
++ * to prove that md_size is always even, which I hope is beyond it. */
++ div_spoiler = md_size >> 1;
++ div_spoiler <<= (sizeof(div_spoiler)-1)*8;
++ rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
++
++ memset(rotated_mac, 0, md_size);
++ for (i = scan_start; i < orig_len;)
++ {
++ for (j = 0; j < md_size && i < orig_len; i++, j++)
++ {
++ unsigned char mac_started = constant_time_ge(i, mac_start);
++ unsigned char mac_ended = constant_time_ge(i, mac_end);
++ unsigned char b = 0;
++ b = rec->data[i];
++ rotated_mac[j] |= b & mac_started & ~mac_ended;
++ }
++ }
++
++ /* Now rotate the MAC */
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ j = 0;
++ for (i = 0; i < md_size; i++)
++ {
++ unsigned char offset = (div_spoiler + rotate_offset + i) % md_size;
++ out[j++] = rotated_mac[offset];
++ }
++#else
++ memset(out, 0, md_size);
++ for (i = 0; i < md_size; i++)
++ {
++ unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
++ for (j = 0; j < md_size; j++)
++ out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset);
++ }
++#endif
++ }
++
++/* These functions serialize the state of a hash and thus perform the standard
++ * "final" operation without adding the padding and length that such a function
++ * typically does. */
++static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
++ {
++ MD5_CTX *md5 = ctx;
++ l2n(md5->A, md_out);
++ l2n(md5->B, md_out);
++ l2n(md5->C, md_out);
++ l2n(md5->D, md_out);
++ }
++
++static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA_CTX *sha1 = ctx;
++ l2n(sha1->h0, md_out);
++ l2n(sha1->h1, md_out);
++ l2n(sha1->h2, md_out);
++ l2n(sha1->h3, md_out);
++ l2n(sha1->h4, md_out);
++ }
++#define LARGEST_DIGEST_CTX SHA_CTX
++
++#ifndef OPENSSL_NO_SHA256
++static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA256_CTX *sha256 = ctx;
++ unsigned i;
++
++ for (i = 0; i < 8; i++)
++ {
++ l2n(sha256->h[i], md_out);
++ }
++ }
++#undef LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA256_CTX
++#endif
++
++#ifndef OPENSSL_NO_SHA512
++static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA512_CTX *sha512 = ctx;
++ unsigned i;
++
++ for (i = 0; i < 8; i++)
++ {
++ l2n8(sha512->h[i], md_out);
++ }
++ }
++#undef LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA512_CTX
++#endif
++
++/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
++ * which ssl3_cbc_digest_record supports. */
++char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
++ {
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode())
++ return 0;
++#endif
++ switch (EVP_MD_type(digest))
++ {
++ case NID_md5:
++ case NID_sha1:
++#ifndef OPENSSL_NO_SHA256
++ case NID_sha224:
++ case NID_sha256:
++#endif
++#ifndef OPENSSL_NO_SHA512
++ case NID_sha384:
++ case NID_sha512:
++#endif
++ return 1;
++ default:
++ return 0;
++ }
++ }
++
++/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
++ * record.
++ *
++ * ctx: the EVP_MD_CTX from which we take the hash function.
++ * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
++ * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
++ * md_out_size: if non-NULL, the number of output bytes is written here.
++ * header: the 13-byte, TLS record header.
++ * data: the record data itself, less any preceeding explicit IV.
++ * data_plus_mac_size: the secret, reported length of the data and MAC
++ * once the padding has been removed.
++ * data_plus_mac_plus_padding_size: the public length of the whole
++ * record, including padding.
++ * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
++ *
++ * On entry: by virtue of having been through one of the remove_padding
++ * functions, above, we know that data_plus_mac_size is large enough to contain
++ * a padding byte and MAC. (If the padding was invalid, it might contain the
++ * padding too. ) */
++void ssl3_cbc_digest_record(
++ const EVP_MD *digest,
++ unsigned char* md_out,
++ size_t* md_out_size,
++ const unsigned char header[13],
++ const unsigned char *data,
++ size_t data_plus_mac_size,
++ size_t data_plus_mac_plus_padding_size,
++ const unsigned char *mac_secret,
++ unsigned mac_secret_length,
++ char is_sslv3)
++ {
++ union { double align;
++ unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
++ void (*md_final_raw)(void *ctx, unsigned char *md_out);
++ void (*md_transform)(void *ctx, const unsigned char *block);
++ unsigned md_size, md_block_size = 64;
++ unsigned sslv3_pad_length = 40, header_length, variance_blocks,
++ len, max_mac_bytes, num_blocks,
++ num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
++ unsigned int bits; /* at most 18 bits */
++ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
++ /* hmac_pad is the masked HMAC key. */
++ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
++ unsigned char first_block[MAX_HASH_BLOCK_SIZE];
++ unsigned char mac_out[EVP_MAX_MD_SIZE];
++ unsigned i, j, md_out_size_u;
++ EVP_MD_CTX md_ctx;
++ /* mdLengthSize is the number of bytes in the length field that terminates
++ * the hash. */
++ unsigned md_length_size = 8;
++
++ /* This is a, hopefully redundant, check that allows us to forget about
++ * many possible overflows later in this function. */
++ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
++
++ switch (EVP_MD_type(digest))
++ {
++ case NID_md5:
++ MD5_Init((MD5_CTX*)md_state.c);
++ md_final_raw = tls1_md5_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
++ md_size = 16;
++ sslv3_pad_length = 48;
++ break;
++ case NID_sha1:
++ SHA1_Init((SHA_CTX*)md_state.c);
++ md_final_raw = tls1_sha1_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
++ md_size = 20;
++ break;
++#ifndef OPENSSL_NO_SHA256
++ case NID_sha224:
++ SHA224_Init((SHA256_CTX*)md_state.c);
++ md_final_raw = tls1_sha256_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++ md_size = 224/8;
++ break;
++ case NID_sha256:
++ SHA256_Init((SHA256_CTX*)md_state.c);
++ md_final_raw = tls1_sha256_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++ md_size = 32;
++ break;
++#endif
++#ifndef OPENSSL_NO_SHA512
++ case NID_sha384:
++ SHA384_Init((SHA512_CTX*)md_state.c);
++ md_final_raw = tls1_sha512_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++ md_size = 384/8;
++ md_block_size = 128;
++ md_length_size = 16;
++ break;
++ case NID_sha512:
++ SHA512_Init((SHA512_CTX*)md_state.c);
++ md_final_raw = tls1_sha512_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++ md_size = 64;
++ md_block_size = 128;
++ md_length_size = 16;
++ break;
++#endif
++ default:
++ /* ssl3_cbc_record_digest_supported should have been
++ * called first to check that the hash function is
++ * supported. */
++ OPENSSL_assert(0);
++ if (md_out_size)
++ *md_out_size = -1;
++ return;
++ }
++
++ OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
++ OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++ header_length = 13;
++ if (is_sslv3)
++ {
++ header_length =
++ mac_secret_length +
++ sslv3_pad_length +
++ 8 /* sequence number */ +
++ 1 /* record type */ +
++ 2 /* record length */;
++ }
++
++ /* variance_blocks is the number of blocks of the hash that we have to
++ * calculate in constant time because they could be altered by the
++ * padding value.
++ *
++ * In SSLv3, the padding must be minimal so the end of the plaintext
++ * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
++ * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
++ * termination (0x80 + 64-bit length) don't fit in the final block, we
++ * say that the final two blocks can vary based on the padding.
++ *
++ * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
++ * required to be minimal. Therefore we say that the final six blocks
++ * can vary based on the padding.
++ *
++ * Later in the function, if the message is short and there obviously
++ * cannot be this many blocks then variance_blocks can be reduced. */
++ variance_blocks = is_sslv3 ? 2 : 6;
++ /* From now on we're dealing with the MAC, which conceptually has 13
++ * bytes of `header' before the start of the data (TLS) or 71/75 bytes
++ * (SSLv3) */
++ len = data_plus_mac_plus_padding_size + header_length;
++ /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
++ * |header|, assuming that there's no padding. */
++ max_mac_bytes = len - md_size - 1;
++ /* num_blocks is the maximum number of hash blocks. */
++ num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
++ /* In order to calculate the MAC in constant time we have to handle
++ * the final blocks specially because the padding value could cause the
++ * end to appear somewhere in the final |variance_blocks| blocks and we
++ * can't leak where. However, |num_starting_blocks| worth of data can
++ * be hashed right away because no padding value can affect whether
++ * they are plaintext. */
++ num_starting_blocks = 0;
++ /* k is the starting byte offset into the conceptual header||data where
++ * we start processing. */
++ k = 0;
++ /* mac_end_offset is the index just past the end of the data to be
++ * MACed. */
++ mac_end_offset = data_plus_mac_size + header_length - md_size;
++ /* c is the index of the 0x80 byte in the final hash block that
++ * contains application data. */
++ c = mac_end_offset % md_block_size;
++ /* index_a is the hash block number that contains the 0x80 terminating
++ * value. */
++ index_a = mac_end_offset / md_block_size;
++ /* index_b is the hash block number that contains the 64-bit hash
++ * length, in bits. */
++ index_b = (mac_end_offset + md_length_size) / md_block_size;
++ /* bits is the hash-length in bits. It includes the additional hash
++ * block for the masked HMAC key, or whole of |header| in the case of
++ * SSLv3. */
++
++ /* For SSLv3, if we're going to have any starting blocks then we need
++ * at least two because the header is larger than a single block. */
++ if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
++ {
++ num_starting_blocks = num_blocks - variance_blocks;
++ k = md_block_size*num_starting_blocks;
++ }
++
++ bits = 8*mac_end_offset;
++ if (!is_sslv3)
++ {
++ /* Compute the initial HMAC block. For SSLv3, the padding and
++ * secret bytes are included in |header| because they take more
++ * than a single block. */
++ bits += 8*md_block_size;
++ memset(hmac_pad, 0, md_block_size);
++ OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
++ memcpy(hmac_pad, mac_secret, mac_secret_length);
++ for (i = 0; i < md_block_size; i++)
++ hmac_pad[i] ^= 0x36;
++
++ md_transform(md_state.c, hmac_pad);
++ }
++
++ memset(length_bytes,0,md_length_size-4);
++ length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
++ length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
++ length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
++ length_bytes[md_length_size-1] = (unsigned char)bits;
++
++ if (k > 0)
++ {
++ if (is_sslv3)
++ {
++ /* The SSLv3 header is larger than a single block.
++ * overhang is the number of bytes beyond a single
++ * block that the header consumes: either 7 bytes
++ * (SHA1) or 11 bytes (MD5). */
++ unsigned overhang = header_length-md_block_size;
++ md_transform(md_state.c, header);
++ memcpy(first_block, header + md_block_size, overhang);
++ memcpy(first_block + overhang, data, md_block_size-overhang);
++ md_transform(md_state.c, first_block);
++ for (i = 1; i < k/md_block_size - 1; i++)
++ md_transform(md_state.c, data + md_block_size*i - overhang);
++ }
++ else
++ {
++ /* k is a multiple of md_block_size. */
++ memcpy(first_block, header, 13);
++ memcpy(first_block+13, data, md_block_size-13);
++ md_transform(md_state.c, first_block);
++ for (i = 1; i < k/md_block_size; i++)
++ md_transform(md_state.c, data + md_block_size*i - 13);
++ }
++ }
++
++ memset(mac_out, 0, sizeof(mac_out));
++
++ /* We now process the final hash blocks. For each block, we construct
++ * it in constant time. If the |i==index_a| then we'll include the 0x80
++ * bytes and zero pad etc. For each block we selectively copy it, in
++ * constant time, to |mac_out|. */
++ for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
++ {
++ unsigned char block[MAX_HASH_BLOCK_SIZE];
++ unsigned char is_block_a = constant_time_eq_8(i, index_a);
++ unsigned char is_block_b = constant_time_eq_8(i, index_b);
++ for (j = 0; j < md_block_size; j++)
++ {
++ unsigned char b = 0, is_past_c, is_past_cp1;
++ if (k < header_length)
++ b = header[k];
++ else if (k < data_plus_mac_plus_padding_size + header_length)
++ b = data[k-header_length];
++ k++;
++
++ is_past_c = is_block_a & constant_time_ge(j, c);
++ is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
++ /* If this is the block containing the end of the
++ * application data, and we are at the offset for the
++ * 0x80 value, then overwrite b with 0x80. */
++ b = (b&~is_past_c) | (0x80&is_past_c);
++ /* If this the the block containing the end of the
++ * application data and we're past the 0x80 value then
++ * just write zero. */
++ b = b&~is_past_cp1;
++ /* If this is index_b (the final block), but not
++ * index_a (the end of the data), then the 64-bit
++ * length didn't fit into index_a and we're having to
++ * add an extra block of zeros. */
++ b &= ~is_block_b | is_block_a;
++
++ /* The final bytes of one of the blocks contains the
++ * length. */
++ if (j >= md_block_size - md_length_size)
++ {
++ /* If this is index_b, write a length byte. */
++ b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
++ }
++ block[j] = b;
++ }
++
++ md_transform(md_state.c, block);
++ md_final_raw(md_state.c, block);
++ /* If this is index_b, copy the hash value to |mac_out|. */
++ for (j = 0; j < md_size; j++)
++ mac_out[j] |= block[j]&is_block_b;
++ }
++
++ EVP_MD_CTX_init(&md_ctx);
++ EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
++ if (is_sslv3)
++ {
++ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
++ memset(hmac_pad, 0x5c, sslv3_pad_length);
++
++ EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
++ EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
++ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++ }
++ else
++ {
++ /* Complete the HMAC in the standard manner. */
++ for (i = 0; i < md_block_size; i++)
++ hmac_pad[i] ^= 0x6a;
++
++ EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
++ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++ }
++ EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
++ if (md_out_size)
++ *md_out_size = md_out_size_u;
++ EVP_MD_CTX_cleanup(&md_ctx);
++ }
++
++#ifdef OPENSSL_FIPS
++
++/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
++ * we can ensure the number of blocks processed is equal for all cases
++ * by digesting additional data.
++ */
++
++void tls_fips_digest_extra(
++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++ const unsigned char *data, size_t data_len, size_t orig_len)
++ {
++ size_t block_size, digest_pad, blocks_data, blocks_orig;
++ if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
++ return;
++ block_size = EVP_MD_block_size(hash);
++ /* We are in FIPS mode if we get this far so we know we have only SHA*
++ * digests and TLS to deal with.
++ * Minimum digest padding length is 17 for SHA384/SHA512 and 9
++ * otherwise.
++ * Additional header is 13 bytes. To get the number of digest blocks
++ * processed round up the amount of data plus padding to the nearest
++ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
++ * So we have:
++ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
++ * equivalently:
++ * blocks = (payload_len + digest_pad + 12)/block_size + 1
++ * HMAC adds a constant overhead.
++ * We're ultimately only interested in differences so this becomes
++ * blocks = (payload_len + 29)/128
++ * for SHA384/SHA512 and
++ * blocks = (payload_len + 21)/64
++ * otherwise.
++ */
++ digest_pad = block_size == 64 ? 21 : 29;
++ blocks_orig = (orig_len + digest_pad)/block_size;
++ blocks_data = (data_len + digest_pad)/block_size;
++ /* MAC enough blocks to make up the difference between the original
++ * and actual lengths plus one extra block to ensure this is never a
++ * no op. The "data" pointer should always have enough space to
++ * perform this operation as it is large enough for a maximum
++ * length TLS buffer.
++ */
++ HMAC_Update(hctx, data,
++ (blocks_orig - blocks_data + 1) * block_size);
++ }
++#endif
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c (revision 248771)
++++ crypto/openssl/ssl/s3_clnt.c (working copy)
+@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
+ ret=ssl3_get_server_hello(s);
+ if (ret <= 0) goto end;
+ if (s->hit)
++ {
+ s->state=SSL3_ST_CR_FINISHED_A;
++#ifndef OPENSSL_NO_TLSEXT
++ if (s->tlsext_ticket_expected)
++ {
++ /* receive renewed session ticket */
++ s->state=SSL3_ST_CR_SESSION_TICKET_A;
++ }
++#endif
++ }
+ else
+ s->state=SSL3_ST_CR_CERT_A;
+ s->init_num=0;
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c (revision 248771)
++++ crypto/openssl/ssl/s3_enc.c (working copy)
+@@ -433,12 +433,21 @@ void ssl3_cleanup_key_block(SSL *s)
+ s->s3->tmp.key_block_length=0;
+ }
+
++/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding is invalid or, if sending, an internal error
++ * occured.
++ */
+ int ssl3_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i;
++ int bs,i,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+@@ -489,32 +498,17 @@ int ssl3_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- {
+- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+- }
+ /* otherwise, rec->length >= bs */
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+
++ if (s->read_hash != NULL)
++ mac_size = EVP_MD_size(s->read_hash);
++
+ if ((bs != 1) && !send)
+- {
+- i=rec->data[l-1]+1;
+- /* SSL 3.0 bounds the number of padding bytes by the block size;
+- * padding bytes (except the last one) are arbitrary */
+- if (i > bs)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+- return -1;
+- }
+- /* now i <= bs <= rec->length */
+- rec->length-=i;
+- }
++ return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return(1);
+ }
+@@ -591,7 +585,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ EVP_MD_CTX md_ctx;
+ const EVP_MD *hash;
+ unsigned char *p,rec_char;
+- unsigned int md_size;
++ size_t md_size, orig_len;
+ int npad;
+
+ if (send)
+@@ -612,29 +606,73 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ md_size=EVP_MD_size(hash);
+ npad=(48/md_size)*md_size;
+
+- /* Chop the digest off the end :-) */
+- EVP_MD_CTX_init(&md_ctx);
++ /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++ rec->type &= 0xff;
+
+- EVP_DigestInit_ex( &md_ctx,hash, NULL);
+- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+- EVP_DigestUpdate(&md_ctx,seq,8);
+- rec_char=rec->type;
+- EVP_DigestUpdate(&md_ctx,&rec_char,1);
+- p=md;
+- s2n(rec->length,p);
+- EVP_DigestUpdate(&md_ctx,md,2);
+- EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+- EVP_DigestFinal_ex( &md_ctx,md,NULL);
++ if (!send &&
++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ ssl3_cbc_record_digest_supported(hash))
++ {
++ /* This is a CBC-encrypted record. We must avoid leaking any
++ * timing-side channel information about how many blocks of
++ * data we are hashing because that gives an attacker a
++ * timing-oracle. */
+
+- EVP_DigestInit_ex( &md_ctx,hash, NULL);
+- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+- EVP_DigestUpdate(&md_ctx,md,md_size);
+- EVP_DigestFinal_ex( &md_ctx,md,&md_size);
++ /* npad is, at most, 48 bytes and that's with MD5:
++ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
++ *
++ * With SHA-1 (the largest hash speced for SSLv3) the hash size
++ * goes up 4, but npad goes down by 8, resulting in a smaller
++ * total size. */
++ unsigned char header[75];
++ unsigned j = 0;
++ memcpy(header+j, mac_sec, md_size);
++ j += md_size;
++ memcpy(header+j, ssl3_pad_1, npad);
++ j += npad;
++ memcpy(header+j, seq, 8);
++ j += 8;
++ header[j++] = rec->type;
++ header[j++] = rec->length >> 8;
++ header[j++] = rec->length & 0xff;
+
+- EVP_MD_CTX_cleanup(&md_ctx);
++ ssl3_cbc_digest_record(
++ hash,
++ md, &md_size,
++ header, rec->input,
++ rec->length + md_size, orig_len,
++ mac_sec, md_size,
++ 1 /* is SSLv3 */);
++ }
++ else
++ {
++ unsigned int md_size_u;
++ /* Chop the digest off the end :-) */
++ EVP_MD_CTX_init(&md_ctx);
+
++ EVP_DigestInit_ex( &md_ctx,hash, NULL);
++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++ EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
++ EVP_DigestUpdate(&md_ctx,seq,8);
++ rec_char=rec->type;
++ EVP_DigestUpdate(&md_ctx,&rec_char,1);
++ p=md;
++ s2n(rec->length,p);
++ EVP_DigestUpdate(&md_ctx,md,2);
++ EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
++ EVP_DigestFinal_ex( &md_ctx,md,NULL);
++
++ EVP_DigestInit_ex( &md_ctx,hash, NULL);
++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++ EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
++ EVP_DigestUpdate(&md_ctx,md,md_size);
++ EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
++ md_size = md_size_u;
++
++ EVP_MD_CTX_cleanup(&md_ctx);
++ }
++
+ ssl3_record_sequence_update(seq);
+ return(md_size);
+ }
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s3_pkt.c (revision 248771)
++++ crypto/openssl/ssl/s3_pkt.c (working copy)
+@@ -246,11 +246,8 @@ static int ssl3_get_record(SSL *s)
+ unsigned char *p;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ short version;
+- unsigned int mac_size;
+- int clear=0;
++ unsigned mac_size, orig_len;
+ size_t extra;
+- int decryption_failed_or_bad_record_mac = 0;
+- unsigned char *mac = NULL;
+
+ rr= &(s->s3->rrec);
+ sess=s->session;
+@@ -354,19 +351,18 @@ again:
+
+ /* decrypt in place in 'rr->input' */
+ rr->data=rr->input;
++ orig_len=rr->length;
+
+ enc_err = s->method->ssl3_enc->enc(s,0);
+- if (enc_err <= 0)
++ /* enc_err is:
++ * 0: (in non-constant time) if the record is publically invalid.
++ * 1: if the padding is valid
++ * -1: if the padding is invalid */
++ if (enc_err == 0)
+ {
+- if (enc_err == 0)
+- /* SSLerr() and ssl3_send_alert() have been called */
+- goto err;
+-
+- /* Otherwise enc_err == -1, which indicates bad padding
+- * (rec->length has not been changed in this case).
+- * To minimize information leaked via timing, we will perform
+- * the MAC computation anyway. */
+- decryption_failed_or_bad_record_mac = 1;
++ al=SSL_AD_DECRYPTION_FAILED;
++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++ goto f_err;
+ }
+
+ #ifdef TLS_DEBUG
+@@ -376,51 +372,59 @@ printf("\n");
+ #endif
+
+ /* r->length is now the compressed data plus mac */
+- if ( (sess == NULL) ||
+- (s->enc_read_ctx == NULL) ||
+- (s->read_hash == NULL))
+- clear=1;
+-
+- if (!clear)
++ if ((sess != NULL) &&
++ (s->enc_read_ctx != NULL) &&
++ (s->read_hash != NULL))
+ {
++ /* s->read_hash != NULL => mac_size != -1 */
++ unsigned char *mac = NULL;
++ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++ /* orig_len is the length of the record before any padding was
++ * removed. This is public information, as is the MAC in use,
++ * therefore we can safely process the record in a different
++ * amount of time if it's too short to possibly contain a MAC.
++ */
++ if (orig_len < mac_size ||
++ /* CBC records must have a padding length byte too. */
++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ orig_len < mac_size+1))
+ {
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+- al=SSL_AD_RECORD_OVERFLOW;
+- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++ al=SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+-#endif
+ }
+- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length >= mac_size)
++
++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ {
++ /* We update the length so that the TLS header bytes
++ * can be constructed correctly but we need to extract
++ * the MAC in constant time from within the record,
++ * without leaking the contents of the padding bytes.
++ * */
++ mac = mac_tmp;
++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ rr->length -= mac_size;
+- mac = &rr->data[rr->length];
+ }
+ else
+ {
+- /* record (minus padding) is too short to contain a MAC */
+-#if 0 /* OK only for stream ciphers */
+- al=SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+- goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+- rr->length = 0;
+-#endif
++ /* In this case there's no padding, so |orig_len|
++ * equals |rec->length| and we checked that there's
++ * enough bytes for |mac_size| above. */
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
+ }
+- i=s->method->ssl3_enc->mac(s,md,0);
+- if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+- {
+- decryption_failed_or_bad_record_mac = 1;
+- }
++
++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++ enc_err = -1;
++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++ enc_err = -1;
+ }
+
+- if (decryption_failed_or_bad_record_mac)
++ if (enc_err < 0)
+ {
+ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c (revision 248771)
++++ crypto/openssl/ssl/s3_srvr.c (working copy)
+@@ -1005,7 +1005,7 @@ int ssl3_get_client_hello(SSL *s)
+ goto f_err;
+ }
+ }
+- if (ssl_check_clienthello_tlsext(s) <= 0) {
++ if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+@@ -1131,6 +1131,16 @@ int ssl3_get_client_hello(SSL *s)
+ * s->tmp.new_cipher - the new cipher to use.
+ */
+
++ /* Handles TLS extensions that we couldn't check earlier */
++ if (s->version >= SSL3_VERSION)
++ {
++ if (ssl_check_clienthello_tlsext_late(s) <= 0)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
++ goto err;
++ }
++ }
++
+ if (ret < 0) ret=1;
+ if (0)
+ {
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h (revision 248771)
++++ crypto/openssl/ssl/ssl.h (working copy)
+@@ -1820,6 +1820,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_GET_NEW_SESSION 181
+ #define SSL_F_SSL_GET_PREV_SESSION 217
+ #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
+ #define SSL_F_SSL_GET_SIGN_PKEY 183
+ #define SSL_F_SSL_INIT_WBIO_BUFFER 184
+ #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c (revision 248771)
++++ crypto/openssl/ssl/ssl_err.c (working copy)
+@@ -218,6 +218,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
++{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
+ {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+--- crypto/openssl/ssl/ssl_lib.c (revision 248771)
++++ crypto/openssl/ssl/ssl_lib.c (working copy)
+@@ -1943,7 +1943,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ }
+
+ /* THIS NEEDS CLEANING UP */
+-X509 *ssl_get_server_send_cert(SSL *s)
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+ {
+ unsigned long alg,kalg;
+ CERT *c;
+@@ -1993,14 +1993,22 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ }
+ else /* if (kalg & SSL_aNULL) */
+ {
+- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
++ SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
+ return(NULL);
+ }
+- if (c->pkeys[i].x509 == NULL) return(NULL);
+
+- return(c->pkeys[i].x509);
++ return c->pkeys + i;
+ }
+
++X509 *ssl_get_server_send_cert(const SSL *s)
++ {
++ CERT_PKEY *cpk;
++ cpk = ssl_get_server_send_pkey(s);
++ if (!cpk)
++ return NULL;
++ return cpk->x509;
++ }
++
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+ {
+ unsigned long alg;
+@@ -2420,7 +2428,9 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ {
+- if (s->cert != NULL)
++ if (s->server)
++ return(ssl_get_server_send_cert(s));
++ else if (s->cert != NULL)
+ return(s->cert->key->x509);
+ else
+ return(NULL);
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 248771)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -189,6 +189,15 @@
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
++#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>48)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>40)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
++ *((c)++)=(unsigned char)(((l) )&0xff))
++
+ #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
+ l|=((BN_ULLONG)(*((c)++)))<<32, \
+ l|=((BN_ULLONG)(*((c)++)))<<24, \
+@@ -740,7 +749,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *s
+ int ssl_undefined_function(SSL *s);
+ int ssl_undefined_void_function(void);
+ int ssl_undefined_const_function(const SSL *s);
+-X509 *ssl_get_server_send_cert(SSL *);
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
++X509 *ssl_get_server_send_cert(const SSL *);
+ EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+@@ -979,7 +989,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_prepare_clienthello_tlsext(SSL *s);
+ int ssl_prepare_serverhello_tlsext(SSL *s);
+-int ssl_check_clienthello_tlsext(SSL *s);
++int ssl_check_clienthello_tlsext_early(SSL *s);
++int ssl_check_clienthello_tlsext_late(SSL *s);
+ int ssl_check_serverhello_tlsext(SSL *s);
+
+ #ifdef OPENSSL_NO_SHA256
+@@ -1001,5 +1012,33 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, un
+ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al);
+ #endif
++/* s3_cbc.c */
++void ssl3_cbc_copy_mac(unsigned char* out,
++ const SSL3_RECORD *rec,
++ unsigned md_size,unsigned orig_len);
++int ssl3_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size);
++int tls1_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size);
++char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
++void ssl3_cbc_digest_record(
++ const EVP_MD *hash,
++ unsigned char* md_out,
++ size_t* md_out_size,
++ const unsigned char header[13],
++ const unsigned char *data,
++ size_t data_plus_mac_size,
++ size_t data_plus_mac_plus_padding_size,
++ const unsigned char *mac_secret,
++ unsigned mac_secret_length,
++ char is_sslv3);
+
++void tls_fips_digest_extra(
++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++ const unsigned char *data, size_t data_len, size_t orig_len);
++
+ #endif
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 248771)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -264,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which)
+ {
+ int ki;
+ for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+- printf("%02x", key_block[ki]); printf("\n");
++ printf("%02x", s->s3->tmp.key_block[ki]); printf("\n");
+ }
+ #endif /* KSSL_DEBUG */
+
+@@ -528,12 +528,21 @@ err:
+ return(0);
+ }
+
++/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ * an internal error occured.
++ */
+ int tls1_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i,ii,j,k;
++ int bs,i,j,k,pad=0,ret,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+@@ -559,11 +568,11 @@ int tls1_enc(SSL *s, int send)
+ printf("tls1_enc(%d)\n", send);
+ #endif /* KSSL_DEBUG */
+
+- if ((s->session == NULL) || (ds == NULL) ||
+- (enc == NULL))
++ if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
+ {
+ memmove(rec->data,rec->input,rec->length);
+ rec->input=rec->data;
++ ret = 1;
+ }
+ else
+ {
+@@ -591,14 +600,13 @@ int tls1_enc(SSL *s, int send)
+
+ #ifdef KSSL_DEBUG
+ {
+- unsigned long ui;
++ unsigned long ui;
+ printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+- (void *)ds,rec->data,rec->input,l);
+- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+- ds->buf_len, ds->cipher->key_len,
+- (unsigned long)DES_KEY_SZ,
+- (unsigned long)DES_SCHEDULE_SZ,
+- ds->cipher->iv_len);
++ ds,rec->data,rec->input,l);
++ printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
++ ds->buf_len, ds->cipher->key_len,
++ DES_KEY_SZ, DES_SCHEDULE_SZ,
++ ds->cipher->iv_len);
+ printf("\t\tIV: ");
+ for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+ printf("\n");
+@@ -611,11 +619,7 @@ int tls1_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- {
+- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+- }
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -629,49 +633,15 @@ int tls1_enc(SSL *s, int send)
+ }
+ #endif /* KSSL_DEBUG */
+
++ ret = 1;
++ if (s->read_hash != NULL)
++ mac_size = EVP_MD_size(s->read_hash);
+ if ((bs != 1) && !send)
+- {
+- ii=i=rec->data[l-1]; /* padding_length */
+- i++;
+- /* NB: if compression is in operation the first packet
+- * may not be of even length so the padding bug check
+- * cannot be performed. This bug workaround has been
+- * around since SSLeay so hopefully it is either fixed
+- * now or no buggy implementation supports compression
+- * [steve]
+- */
+- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+- && !s->expand)
+- {
+- /* First packet is even in size, so check */
+- if ((memcmp(s->s3->read_sequence,
+- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+- i--;
+- }
+- /* TLS 1.0 does not bound the number of padding bytes by the block size.
+- * All of them must have value 'padding_length'. */
+- if (i > (int)rec->length)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+- return -1;
+- }
+- for (j=(int)(l-i); j<(int)l; j++)
+- {
+- if (rec->data[j] != ii)
+- {
+- /* Incorrect padding */
+- return -1;
+- }
+- }
+- rec->length-=i;
+- }
++ ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
++ if (pad && !send)
++ rec->length -= pad;
+ }
+- return(1);
++ return ret;
+ }
+
+ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+@@ -719,10 +689,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ SSL3_RECORD *rec;
+ unsigned char *mac_sec,*seq;
+ const EVP_MD *hash;
+- unsigned int md_size;
++ size_t md_size, orig_len;
+ int i;
+ HMAC_CTX hmac;
+- unsigned char buf[5];
++ unsigned char header[13];
+
+ if (send)
+ {
+@@ -741,20 +711,6 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+
+ md_size=EVP_MD_size(hash);
+
+- buf[0]=rec->type;
+- if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+- {
+- buf[1]=TLS1_VERSION_MAJOR;
+- buf[2]=TLS1_VERSION_MINOR;
+- }
+- else {
+- buf[1]=(unsigned char)(ssl->version>>8);
+- buf[2]=(unsigned char)(ssl->version);
+- }
+-
+- buf[3]=rec->length>>8;
+- buf[4]=rec->length&0xff;
+-
+ /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ HMAC_CTX_init(&hmac);
+ HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+@@ -766,16 +722,57 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ memcpy (p,&seq[2],6);
+
+- HMAC_Update(&hmac,dtlsseq,8);
++ memcpy(header, dtlsseq, 8);
+ }
+ else
+- HMAC_Update(&hmac,seq,8);
++ memcpy(header, seq, 8);
+
+- HMAC_Update(&hmac,buf,5);
+- HMAC_Update(&hmac,rec->input,rec->length);
+- HMAC_Final(&hmac,md,&md_size);
++ /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++ rec->type &= 0xff;
++
++ header[8]=rec->type;
++ header[9]=(unsigned char)(ssl->version>>8);
++ header[10]=(unsigned char)(ssl->version);
++ header[11]=(rec->length)>>8;
++ header[12]=(rec->length)&0xff;
++
++ if (!send &&
++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ ssl3_cbc_record_digest_supported(hash))
++ {
++ /* This is a CBC-encrypted record. We must avoid leaking any
++ * timing-side channel information about how many blocks of
++ * data we are hashing because that gives an attacker a
++ * timing-oracle. */
++ ssl3_cbc_digest_record(
++ hash,
++ md, &md_size,
++ header, rec->input,
++ rec->length + md_size, orig_len,
++ ssl->s3->read_mac_secret,
++ EVP_MD_size(ssl->read_hash),
++ 0 /* not SSLv3 */);
++ }
++ else
++ {
++ unsigned mds;
++
++ HMAC_Update(&hmac,header,sizeof(header));
++ HMAC_Update(&hmac,rec->input,rec->length);
++ HMAC_Final(&hmac,md,&mds);
++ md_size = mds;
++#ifdef OPENSSL_FIPS
++ if (!send && FIPS_mode())
++ tls_fips_digest_extra(
++ ssl->enc_read_ctx,
++ hash,
++ &hmac, rec->input,
++ rec->length, orig_len);
++#endif
++ }
++
+ HMAC_CTX_cleanup(&hmac);
+-
+ #ifdef TLS_DEBUG
+ printf("sec=");
+ {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c (revision 248771)
++++ crypto/openssl/ssl/t1_lib.c (working copy)
+@@ -745,7 +745,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ return 1;
+ }
+
+-int ssl_check_clienthello_tlsext(SSL *s)
++int ssl_check_clienthello_tlsext_early(SSL *s)
+ {
+ int ret=SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+@@ -755,13 +755,49 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
+ ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
++ switch (ret)
++ {
++ case SSL_TLSEXT_ERR_ALERT_FATAL:
++ ssl3_send_alert(s, SSL3_AL_FATAL, al);
++ return -1;
++
++ case SSL_TLSEXT_ERR_ALERT_WARNING:
++ ssl3_send_alert(s, SSL3_AL_WARNING, al);
++ return 1;
++
++ case SSL_TLSEXT_ERR_NOACK:
++ s->servername_done = 0;
++
++ default:
++ return 1;
++ }
++ }
++
++int ssl_check_clienthello_tlsext_late(SSL *s)
++ {
++ int ret = SSL_TLSEXT_ERR_OK;
++ int al;
++
+ /* If status request then ask callback what to do.
+ * Note: this must be called after servername callbacks in case
+- * the certificate has changed.
++ * the certificate has changed, and must be called after the cipher
++ * has been chosen because this may influence which certificate is sent
+ */
+- if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
++ if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
+ {
+ int r;
++ CERT_PKEY *certpkey;
++ certpkey = ssl_get_server_send_pkey(s);
++ /* If no certificate can't return certificate status */
++ if (certpkey == NULL)
++ {
++ s->tlsext_status_expected = 0;
++ return 1;
++ }
++ /* Set current certificate to one we will use so
++ * SSL_get_certificate et al can pick it up.
++ */
++ s->cert->key = certpkey;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ switch (r)
+ {
+@@ -785,7 +821,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ }
+ else
+ s->tlsext_status_expected = 0;
+- err:
++
++ err:
+ switch (ret)
+ {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+@@ -795,11 +832,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ return 1;
+-
+- case SSL_TLSEXT_ERR_NOACK:
+- s->servername_done=0;
+- default:
+- return 1;
++
++ default:
++ return 1;
+ }
+ }
+
+@@ -977,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsign
+ HMAC_Update(&hctx, etick, eticklen);
+ HMAC_Final(&hctx, tick_hmac, NULL);
+ HMAC_CTX_cleanup(&hctx);
+- if (memcmp(tick_hmac, etick + eticklen, mlen))
++ if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ goto tickerr;
+ /* Attempt to decrypt session data */
+ /* Move p after IV to start of encrypted ticket, update length */
+Index: crypto/openssl/util/libeay.num
+===================================================================
+--- crypto/openssl/util/libeay.num (revision 248771)
++++ crypto/openssl/util/libeay.num (working copy)
+@@ -3510,6 +3510,7 @@ BIO_get_callback_arg 3902 EXIST
+ BIO_set_callback 3903 EXIST::FUNCTION:
+ d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
+ i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
++CRYPTO_memcmp 3906 EXIST::FUNCTION:
+ SEED_decrypt 3908 EXIST::FUNCTION:SEED
+ SEED_encrypt 3909 EXIST::FUNCTION:SEED
+ SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
+Index: secure/lib/libcrypto/Makefile.inc
+===================================================================
+--- secure/lib/libcrypto/Makefile.inc (revision 248771)
++++ secure/lib/libcrypto/Makefile.inc (working copy)
+@@ -3,8 +3,8 @@
+ .include <bsd.own.mk>
+
+ # OpenSSL version used for manual page generation
+-OPENSSL_VER= 0.9.8x
+-OPENSSL_DATE= 2012-05-10
++OPENSSL_VER= 0.9.8y
++OPENSSL_DATE= 2013-02-05
+
+ LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
+ LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
+Index: secure/lib/libssl/Makefile
+===================================================================
+--- secure/lib/libssl/Makefile (revision 248771)
++++ secure/lib/libssl/Makefile (working copy)
+@@ -14,7 +14,8 @@ SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_l
+ d1_both.c d1_enc.c \
+ s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
+- s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
++ s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \
++ s3_pkt.c \
+ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+ ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
diff --git a/share/security/patches/SA-13:03/openssl-9.1.patch.asc b/share/security/patches/SA-13:03/openssl-9.1.patch.asc
new file mode 100644
index 0000000000..175de49c59
--- /dev/null
+++ b/share/security/patches/SA-13:03/openssl-9.1.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmEACgkQFdaIBMps37K6AQCeKkxtcMShX1BrRZYpH1VX7pXP
+mK0An1Ia/64Y8AWRUrz2UrxRHzU0qZut
+=sjGM
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-13:03/openssl.patch b/share/security/patches/SA-13:03/openssl.patch
new file mode 100644
index 0000000000..896ddd195a
--- /dev/null
+++ b/share/security/patches/SA-13:03/openssl.patch
@@ -0,0 +1,5576 @@
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES (revision 248771)
++++ crypto/openssl/CHANGES (working copy)
+@@ -2,6 +2,171 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
++
++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++ This addresses the flaw in CBC record processing discovered by
++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++ at: http://www.isg.rhul.ac.uk/tls/
++
++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++ Security Group at Royal Holloway, University of London
++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++ Emilia K�sper for the initial patch.
++ (CVE-2013-0169)
++ [Emilia K�sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++ *) Return an error when checking OCSP signatures when key is NULL.
++ This fixes a DoS attack. (CVE-2013-0166)
++ [Steve Henson]
++
++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++ the right response is stapled. Also change SSL_get_certificate()
++ so it returns the certificate actually sent.
++ See http://rt.openssl.org/Ticket/Display.html?id=2836.
++ (This is a backport)
++ [Rob Stradling <rob.stradling@comodo.com>]
++
++ *) Fix possible deadlock when decoding public keys.
++ [Steve Henson]
++
++ Changes between 0.9.8w and 0.9.8x [10 May 2012]
++
++ *) Sanity check record length before skipping explicit IV in DTLS
++ to fix DoS attack.
++
++ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
++ fuzzing as a service testing platform.
++ (CVE-2012-2333)
++ [Steve Henson]
++
++ *) Initialise tkeylen properly when encrypting CMS messages.
++ Thanks to Solar Designer of Openwall for reporting this issue.
++ [Steve Henson]
++
++ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
++
++ *) The fix for CVE-2012-2110 did not take into account that the
++ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
++ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
++ rejecting negative len parameter. (CVE-2012-2131)
++ [Tomas Hoger <thoger@redhat.com>]
++
++ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
++
++ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
++ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
++ in CRYPTO_realloc_clean.
++
++ Thanks to Tavis Ormandy, Google Security Team, for discovering this
++ issue and to Adam Langley <agl@chromium.org> for fixing it.
++ (CVE-2012-2110)
++ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
++
++ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
++
++ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
++ in CMS and PKCS7 code. When RSA decryption fails use a random key for
++ content decryption and always return the same error. Note: this attack
++ needs on average 2^20 messages so it only affects automated senders. The
++ old behaviour can be reenabled in the CMS code by setting the
++ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
++ an MMA defence is not necessary.
++ Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
++ this issue. (CVE-2012-0884)
++ [Steve Henson]
++
++ *) Fix CVE-2011-4619: make sure we really are receiving a
++ client hello before rejecting multiple SGC restarts. Thanks to
++ Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
++ [Steve Henson]
++
++ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
++
++ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
++ Thanks to Antonio Martin, Enterprise Secure Access Research and
++ Development, Cisco Systems, Inc. for discovering this bug and
++ preparing a fix. (CVE-2012-0050)
++ [Antonio Martin]
++
++ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
++
++ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
++ of the Vaudenay padding oracle attack on CBC mode encryption
++ which enables an efficient plaintext recovery attack against
++ the OpenSSL implementation of DTLS. Their attack exploits timing
++ differences arising during decryption processing. A research
++ paper describing this attack can be found at:
++ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++ Security Group at Royal Holloway, University of London
++ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
++ <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
++ for preparing the fix. (CVE-2011-4108)
++ [Robin Seggelmann, Michael Tuexen]
++
++ *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
++ [Ben Laurie, Kasper <ekasper@google.com>]
++
++ *) Clear bytes used for block padding of SSL 3.0 records.
++ (CVE-2011-4576)
++ [Adam Langley (Google)]
++
++ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
++ Kadianakis <desnacked@gmail.com> for discovering this issue and
++ Adam Langley for preparing the fix. (CVE-2011-4619)
++ [Adam Langley (Google)]
++
++ *) Prevent malformed RFC3779 data triggering an assertion failure.
++ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
++ and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
++ [Rob Austein <sra@hactrn.net>]
++
++ *) Fix ssl_ciph.c set-up race.
++ [Adam Langley (Google)]
++
++ *) Fix spurious failures in ecdsatest.c.
++ [Emilia K�sper (Google)]
++
++ *) Fix the BIO_f_buffer() implementation (which was mixing different
++ interpretations of the '..._len' fields).
++ [Adam Langley (Google)]
++
++ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
++ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
++ threads won't reuse the same blinding coefficients.
++
++ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
++ lock to call BN_BLINDING_invert_ex, and avoids one use of
++ BN_BLINDING_update for each BN_BLINDING structure (previously,
++ the last update always remained unused).
++ [Emilia K�sper (Google)]
++
++ *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
++ for multi-threaded use of ECDH.
++ [Adam Langley (Google)]
++
++ *) Fix x509_name_ex_d2i memory leak on bad inputs.
++ [Bodo Moeller]
++
++ *) Add protection against ECDSA timing attacks as mentioned in the paper
++ by Billy Bob Brumley and Nicola Tuveri, see:
++
++ http://eprint.iacr.org/2011/232.pdf
++
++ [Billy Bob Brumley and Nicola Tuveri]
++
++ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
++
++ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
++ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
++
++ *) Fix bug in string printing code: if *any* escaping is enabled we must
++ escape the escape character (backslash) or the resulting string is
++ ambiguous.
++ [Steve Henson]
++
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+Index: crypto/openssl/Configure
+===================================================================
+--- crypto/openssl/Configure (revision 248771)
++++ crypto/openssl/Configure (working copy)
+@@ -162,6 +162,7 @@ my %table=(
+ "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
++"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+ "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+@@ -172,10 +173,10 @@ my %table=(
+ "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+ "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+ "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+@@ -371,6 +372,9 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+
++# Android: Linux but without -DTERMIO and pointers to headers and libs.
++"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ #### *BSD [do see comment about ${BSDthreads} above!]
+ "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -425,8 +429,8 @@ my %table=(
+ "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+ # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+ # at build time. $OBJECT_MODE is respected at ./config stage!
+-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
++"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
++"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+ #
+ # Cray T90 and similar (SDSC)
+Index: crypto/openssl/FAQ
+===================================================================
+--- crypto/openssl/FAQ (revision 248771)
++++ crypto/openssl/FAQ (working copy)
+@@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions
+ * Why aren't tools like 'autoconf' and 'libtool' used?
+ * What is an 'engine' version?
+ * How do I check the authenticity of the OpenSSL distribution?
++* How does the versioning scheme work?
+
+ [LEGAL] Legal questions
+
+@@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions
+ * Which is the current version of OpenSSL?
+
+ The current version is available from <URL: http://www.openssl.org>.
+-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
++OpenSSL 1.0.1d was released on Feb 5th, 2013.
+
+ In addition to the current stable release, you can also access daily
+ snapshots of the OpenSSL development version at <URL:
+@@ -108,7 +109,9 @@ In addition, you can read the most current version
+ <URL: http://www.openssl.org/docs/>. Note that the online documents refer
+ to the very latest development versions of OpenSSL and may include features
+ not present in released versions. If in doubt refer to the documentation
+-that came with the version of OpenSSL you are using.
++that came with the version of OpenSSL you are using. The pod format
++documentation is included in each OpenSSL distribution under the docs
++directory.
+
+ For information on parts of libcrypto that are not yet documented, you
+ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+@@ -173,6 +176,19 @@ just do:
+
+ pgp TARBALL.asc
+
++* How does the versioning scheme work?
++
++After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
++releases (e.g. 1.0.1a) can only contain bug and security fixes and no
++new features. Minor releases change the last number (e.g. 1.0.2) and
++can contain new features that retain binary compatibility. Changes to
++the middle number are considered major releases and neither source nor
++binary compatibility is guaranteed.
++
++Therefore the answer to the common question "when will feature X be
++backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
++in the next minor release.
++
+ [LEGAL] =======================================================================
+
+ * Do I need patent licenses to use OpenSSL?
+@@ -284,7 +300,7 @@ current directory in this case, but this has chang
+ Check out the CA.pl(1) manual page. This provides a simple wrapper round
+ the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+ out the manual pages for the individual utilities and the certificate
+-extensions documentation (currently in doc/openssl.txt).
++extensions documentation (in ca(1), req(1), x509v3_config(5) )
+
+
+ * Why can't I create certificate requests?
+Index: crypto/openssl/LICENSE
+===================================================================
+--- crypto/openssl/LICENSE (revision 248771)
++++ crypto/openssl/LICENSE (working copy)
+@@ -12,7 +12,7 @@
+ ---------------
+
+ /* ====================================================================
+- * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+Index: crypto/openssl/Makefile
+===================================================================
+--- crypto/openssl/Makefile (revision 248771)
++++ crypto/openssl/Makefile (working copy)
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+
+-VERSION=0.9.8q
++VERSION=0.9.8y
+ MAJOR=0
+ MINOR=9.8
+ SHLIB_VERSION_NUMBER=0.9.8
+Index: crypto/openssl/NEWS
+===================================================================
+--- crypto/openssl/NEWS (revision 248771)
++++ crypto/openssl/NEWS (working copy)
+@@ -5,6 +5,45 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
++ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
++
++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++ o Fix OCSP bad key DoS attack CVE-2013-0166
++
++ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
++
++ o Fix DTLS record length checking bug CVE-2012-2333
++
++ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
++
++ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
++
++ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
++
++ o Fix for ASN1 overflow bug CVE-2012-2110
++
++ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u:
++
++ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
++ o Corrected fix for CVE-2011-4619
++ o Various DTLS fixes.
++
++ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t:
++
++ o Fix for DTLS DoS issue CVE-2012-0050
++
++ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s:
++
++ o Fix for DTLS plaintext recovery attack CVE-2011-4108
++ o Fix policy check double free error CVE-2011-4109
++ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
++ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
++ o Check for malformed RFC3779 data CVE-2011-4577
++
++ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
++
++ o Fix for security issue CVE-2011-0014
++
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+
+ o Fix for security issue CVE-2010-4180
+@@ -181,6 +220,11 @@
+ o Added initial support for Win64.
+ o Added alternate pkg-config files.
+
++ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
++
++ o FIPS 1.1.1 module linking.
++ o Various ciphersuite selection fixes.
++
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+Index: crypto/openssl/README
+===================================================================
+--- crypto/openssl/README (revision 248771)
++++ crypto/openssl/README (working copy)
+@@ -1,7 +1,7 @@
+
+- OpenSSL 0.9.8q 2 Dec 2010
++ OpenSSL 0.9.8y 5 Feb 2013
+
+- Copyright (c) 1998-2009 The OpenSSL Project
++ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+Index: crypto/openssl/apps/apps.c
+===================================================================
+--- crypto/openssl/apps/apps.c (revision 248771)
++++ crypto/openssl/apps/apps.c (working copy)
+@@ -2052,7 +2052,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ X509_NAME *n = NULL;
+ int nid;
+
+- if (!buf || !ne_types || !ne_values)
++ if (!buf || !ne_types || !ne_values || !mval)
+ {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+@@ -2156,6 +2156,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
++ OPENSSL_free(mval);
+ return n;
+
+ error:
+@@ -2164,6 +2165,8 @@ error:
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
++ if (mval)
++ OPENSSL_free(mval);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
+Index: crypto/openssl/apps/asn1pars.c
+===================================================================
+--- crypto/openssl/apps/asn1pars.c (revision 248771)
++++ crypto/openssl/apps/asn1pars.c (working copy)
+@@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, cha
+
+ atyp = ASN1_generate_nconf(genstr, cnf);
+ NCONF_free(cnf);
++ cnf = NULL;
+
+ if (!atyp)
+ return -1;
+Index: crypto/openssl/apps/cms.c
+===================================================================
+--- crypto/openssl/apps/cms.c (revision 248771)
++++ crypto/openssl/apps/cms.c (working copy)
+@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+ #endif
++ else if (!strcmp (*args, "-debug_decrypt"))
++ flags |= CMS_DEBUG_DECRYPT;
+ else if (!strcmp (*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+@@ -611,7 +613,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-certsout file certificate output file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+- BIO_printf (bio_err, "-skeyid use subject key identifier\n");
++ BIO_printf (bio_err, "-keyid use subject key identifier\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+@@ -1013,6 +1015,8 @@ int MAIN(int argc, char **argv)
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
++ if (flags & CMS_DEBUG_DECRYPT)
++ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+ if (secret_key)
+ {
+Index: crypto/openssl/apps/dhparam.c
+===================================================================
+--- crypto/openssl/apps/dhparam.c (revision 248771)
++++ crypto/openssl/apps/dhparam.c (working copy)
+@@ -332,7 +332,6 @@ bad:
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+ {
+- if(dh) DH_free(dh);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+Index: crypto/openssl/apps/openssl.cnf
+===================================================================
+--- crypto/openssl/apps/openssl.cnf (revision 248771)
++++ crypto/openssl/apps/openssl.cnf (working copy)
+@@ -142,7 +142,7 @@ localityName = Locality Name (eg, city)
+ organizationalUnitName = Organizational Unit Name (eg, section)
+ #organizationalUnitName_default =
+
+-commonName = Common Name (eg, YOUR name)
++commonName = Common Name (e.g. server FQDN or YOUR name)
+ commonName_max = 64
+
+ emailAddress = Email Address
+Index: crypto/openssl/apps/pkcs12.c
+===================================================================
+--- crypto/openssl/apps/pkcs12.c (revision 248771)
++++ crypto/openssl/apps/pkcs12.c (working copy)
+@@ -659,7 +659,7 @@ int MAIN(int argc, char **argv)
+
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+
+- if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
++ if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+ if(macver) {
+ #ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("verify MAC");
+Index: crypto/openssl/apps/s_client.c
+===================================================================
+--- crypto/openssl/apps/s_client.c (revision 248771)
++++ crypto/openssl/apps/s_client.c (working copy)
+@@ -345,13 +345,7 @@ int MAIN(int argc, char **argv)
+ char *jpake_secret = NULL;
+ #endif
+
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_client_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_client_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_client_method();
+-#endif
+
+ apps_startup();
+ c_Pause=0;
+Index: crypto/openssl/apps/s_server.c
+===================================================================
+--- crypto/openssl/apps/s_server.c (revision 248771)
++++ crypto/openssl/apps/s_server.c (working copy)
+@@ -781,13 +781,7 @@ int MAIN(int argc, char *argv[])
+ tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
+ #endif
+
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_server_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_server_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_server_method();
+-#endif
+
+ local_argc=argc;
+ local_argv=argv;
+@@ -1556,6 +1550,12 @@ end:
+ if (dpass)
+ OPENSSL_free(dpass);
+ #ifndef OPENSSL_NO_TLSEXT
++ if (tlscstatp.host)
++ OPENSSL_free(tlscstatp.host);
++ if (tlscstatp.port)
++ OPENSSL_free(tlscstatp.port);
++ if (tlscstatp.path)
++ OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ if (s_cert2)
+ X509_free(s_cert2);
+Index: crypto/openssl/apps/x509.c
+===================================================================
+--- crypto/openssl/apps/x509.c (revision 248771)
++++ crypto/openssl/apps/x509.c (working copy)
+@@ -969,7 +969,7 @@ bad:
+ else
+ {
+ pk=load_key(bio_err,
+- keyfile, FORMAT_PEM, 0,
++ keyfile, keyformat, 0,
+ passin, e, "request key");
+ if (pk == NULL) goto end;
+ }
+Index: crypto/openssl/config
+===================================================================
+--- crypto/openssl/config (revision 248771)
++++ crypto/openssl/config (working copy)
+@@ -790,6 +790,10 @@ esac
+ # options="$options -DATALLA"
+ #fi
+
++($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
++ grep \\--noexecstack) 2>&1 > /dev/null && \
++ options="$options -Wa,--noexecstack"
++
+ # gcc < 2.8 does not support -march=ultrasparc
+ if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+ then
+Index: crypto/openssl/crypto/asn1/a_object.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_object.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_object.c (working copy)
+@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen,
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+ goto err;
+ }
+- if (!use_bn && l > (ULONG_MAX / 10L))
++ if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
+ {
+ use_bn = 1;
+ if (!bl)
+@@ -294,7 +294,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, cons
+ /* Sanity check OID encoding: can't have leading 0x80 in
+ * subidentifiers, see: X.690 8.19.2
+ */
+- for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
++ for (i = 0, p = *pp; i < len; i++, p++)
+ {
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+ {
+Index: crypto/openssl/crypto/asn1/a_strex.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strex.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_strex.c (working copy)
+@@ -74,7 +74,12 @@
+
+ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
++#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
++ ASN1_STRFLGS_ESC_QUOTE | \
++ ASN1_STRFLGS_ESC_CTRL | \
++ ASN1_STRFLGS_ESC_MSB)
+
++
+ /* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+@@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned c
+ if(!io_ch(arg, tmphex, 3)) return -1;
+ return 3;
+ }
++ /* If we get this far and do any escaping at all must escape
++ * the escape character itself: backslash.
++ */
++ if (chtmp == '\\' && flags & ESC_FLAGS) {
++ if(!io_ch(arg, "\\\\", 2)) return -1;
++ return 2;
++ }
+ if(!io_ch(arg, &chtmp, 1)) return -1;
+ return 1;
+ }
+@@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
+ 4, -1, 2 /* 28-30 */
+ };
+
+-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+- ASN1_STRFLGS_ESC_QUOTE | \
+- ASN1_STRFLGS_ESC_CTRL | \
+- ASN1_STRFLGS_ESC_MSB)
+-
+ /* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+@@ -560,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_
+ if(mbflag == -1) return -1;
+ mbflag |= MBSTRING_FLAG;
+ stmp.data = NULL;
++ stmp.length = 0;
+ ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ if(ret < 0) return ret;
+ *out = stmp.data;
+Index: crypto/openssl/crypto/asn1/a_strnid.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strnid.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_strnid.c (working copy)
+@@ -96,7 +96,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
+ * default: the default value, Printable, T61, BMP.
+ */
+
+-int ASN1_STRING_set_default_mask_asc(char *p)
++int ASN1_STRING_set_default_mask_asc(const char *p)
+ {
+ unsigned long mask;
+ char *end;
+Index: crypto/openssl/crypto/asn1/a_verify.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_verify.c (revision 248771)
++++ crypto/openssl/crypto/asn1/a_verify.c (working copy)
+@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALG
+ unsigned char *buf_in=NULL;
+ int ret= -1,i,inl;
+
++ if (!pkey)
++ {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ return -1;
++ }
++
+ EVP_MD_CTX_init(&ctx);
+ i=OBJ_obj2nid(a->algorithm);
+ type=EVP_get_digestbyname(OBJ_nid2sn(i));
+Index: crypto/openssl/crypto/asn1/asn1.h
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1.h (revision 248771)
++++ crypto/openssl/crypto/asn1/asn1.h (working copy)
+@@ -1051,7 +1051,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_vo
+ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+
+ void ASN1_STRING_set_default_mask(unsigned long mask);
+-int ASN1_STRING_set_default_mask_asc(char *p);
++int ASN1_STRING_set_default_mask_asc(const char *p);
+ unsigned long ASN1_STRING_get_default_mask(void);
+ int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask);
+Index: crypto/openssl/crypto/asn1/asn_mime.c
+===================================================================
+--- crypto/openssl/crypto/asn1/asn_mime.c (revision 248771)
++++ crypto/openssl/crypto/asn1/asn_mime.c (working copy)
+@@ -418,9 +418,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont,
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+@@ -790,12 +790,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, ch
+ static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b)
+ {
++ if (!(*a)->name || !(*b)->name)
++ return !!(*a)->name - !!(*b)->name;
++
+ return(strcmp((*a)->name, (*b)->name));
+ }
+
+ static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b)
+ {
++ if (!(*a)->param_name || !(*b)->param_name)
++ return !!(*a)->param_name - !!(*b)->param_name;
+ return(strcmp((*a)->param_name, (*b)->param_name));
+ }
+
+Index: crypto/openssl/crypto/asn1/x_name.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_name.c (revision 248771)
++++ crypto/openssl/crypto/asn1/x_name.c (working copy)
+@@ -196,7 +196,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, cons
+ *val = nm.a;
+ *in = p;
+ return ret;
+- err:
++err:
++ if (nm.x != NULL)
++ X509_NAME_free(nm.x);
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+Index: crypto/openssl/crypto/asn1/x_pubkey.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_pubkey.c (revision 248771)
++++ crypto/openssl/crypto/asn1/x_pubkey.c (working copy)
+@@ -367,7 +367,19 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ goto err;
+ }
+
+- key->pkey = ret;
++ /* Check to see if another thread set key->pkey first */
++ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
++ if (key->pkey)
++ {
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ EVP_PKEY_free(ret);
++ ret = key->pkey;
++ }
++ else
++ {
++ key->pkey = ret;
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ }
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return(ret);
+ err:
+Index: crypto/openssl/crypto/bio/bf_buff.c
+===================================================================
+--- crypto/openssl/crypto/bio/bf_buff.c (revision 248771)
++++ crypto/openssl/crypto/bio/bf_buff.c (working copy)
+@@ -209,7 +209,7 @@ start:
+ /* add to buffer and return */
+ if (i >= inl)
+ {
+- memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
++ memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
+ ctx->obuf_len+=inl;
+ return(num+inl);
+ }
+@@ -219,7 +219,7 @@ start:
+ {
+ if (i > 0) /* lets fill it up if we can */
+ {
+- memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
++ memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
+ in+=i;
+ inl-=i;
+ num+=i;
+@@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num,
+ case BIO_C_GET_BUFF_NUM_LINES:
+ ret=0;
+ p1=ctx->ibuf;
+- for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
++ for (i=0; i<ctx->ibuf_len; i++)
+ {
+- if (p1[i] == '\n') ret++;
++ if (p1[ctx->ibuf_off + i] == '\n') ret++;
+ }
+ break;
+ case BIO_CTRL_WPENDING:
+@@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, long num,
+ for (;;)
+ {
+ BIO_clear_retry_flags(b);
+- if (ctx->obuf_len > ctx->obuf_off)
++ if (ctx->obuf_len > 0)
+ {
+ r=BIO_write(b->next_bio,
+ &(ctx->obuf[ctx->obuf_off]),
+- ctx->obuf_len-ctx->obuf_off);
++ ctx->obuf_len);
+ #if 0
+-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
++fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
+ #endif
+ BIO_copy_next_retry(b);
+ if (r <= 0) return((long)r);
+ ctx->obuf_off+=r;
++ ctx->obuf_len-=r;
+ }
+ else
+ {
+Index: crypto/openssl/crypto/bio/bio.h
+===================================================================
+--- crypto/openssl/crypto/bio/bio.h (revision 248771)
++++ crypto/openssl/crypto/bio/bio.h (working copy)
+@@ -145,6 +145,7 @@ extern "C" {
+ /* #endif */
+
+ #define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
++#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
+ #define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
+ #define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
+ * MTU. want to use this
+@@ -321,6 +322,15 @@ DECLARE_STACK_OF(BIO)
+
+ typedef struct bio_f_buffer_ctx_struct
+ {
++ /* Buffers are setup like this:
++ *
++ * <---------------------- size ----------------------->
++ * +---------------------------------------------------+
++ * | consumed | remaining | free space |
++ * +---------------------------------------------------+
++ * <-- off --><------- len ------->
++ */
++
+ /* BIO *bio; */ /* this is now in the BIO struct */
+ int ibuf_size; /* how big is the input buffer */
+ int obuf_size; /* how big is the output buffer */
+Index: crypto/openssl/crypto/bio/bss_dgram.c
+===================================================================
+--- crypto/openssl/crypto/bio/bss_dgram.c (revision 248771)
++++ crypto/openssl/crypto/bio/bss_dgram.c (working copy)
+@@ -57,7 +57,6 @@
+ *
+ */
+
+-#ifndef OPENSSL_NO_DGRAM
+
+ #include <stdio.h>
+ #include <errno.h>
+@@ -65,6 +64,7 @@
+ #include "cryptlib.h"
+
+ #include <openssl/bio.h>
++#ifndef OPENSSL_NO_DGRAM
+
+ #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+ #include <sys/timeb.h>
+@@ -288,7 +288,6 @@ static int dgram_read(BIO *b, char *out, int outl)
+ */
+ dgram_adjust_rcv_timeout(b);
+ ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+- dgram_reset_rcv_timeout(b);
+
+ if ( ! data->connected && ret >= 0)
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+@@ -302,6 +301,8 @@ static int dgram_read(BIO *b, char *out, int outl)
+ data->_errno = get_last_socket_error();
+ }
+ }
++
++ dgram_reset_rcv_timeout(b);
+ }
+ return(ret);
+ }
+@@ -493,6 +494,9 @@ static long dgram_ctrl(BIO *b, int cmd, long num,
+ ret = 0;
+ #endif
+ break;
++ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
++ ret = 576 - 20 - 8;
++ break;
+ case BIO_CTRL_DGRAM_GET_MTU:
+ return data->mtu;
+ break;
+@@ -654,9 +658,13 @@ static int BIO_dgram_should_retry(int i)
+ {
+ err=get_last_socket_error();
+
+-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+- if ((i == -1) && (err == 0))
+- return(1);
++#if defined(OPENSSL_SYS_WINDOWS)
++ /* If the socket return value (i) is -1
++ * and err is unexpectedly 0 at this point,
++ * the error code was overwritten by
++ * another system call before this error
++ * handling is called.
++ */
+ #endif
+
+ return(BIO_dgram_non_fatal_error(err));
+@@ -719,7 +727,6 @@ int BIO_dgram_non_fatal_error(int err)
+ }
+ return(0);
+ }
+-#endif
+
+ static void get_current_time(struct timeval *t)
+ {
+@@ -737,3 +744,5 @@ static void get_current_time(struct timeval *t)
+ gettimeofday(t, NULL);
+ #endif
+ }
++
++#endif
+Index: crypto/openssl/crypto/bn/asm/mo-586.pl
+===================================================================
+--- crypto/openssl/crypto/bn/asm/mo-586.pl (revision 248771)
++++ crypto/openssl/crypto/bn/asm/mo-586.pl (working copy)
+@@ -539,8 +539,10 @@ $sbit=$num;
+ &jle (&label("sqradd"));
+
+ &mov ($carry,"edx");
+- &lea ("edx",&DWP(0,$sbit,"edx",2));
++ &add ("edx","edx");
+ &shr ($carry,31);
++ &add ("edx",$sbit);
++ &adc ($carry,0);
+ &set_label("sqrlast");
+ &mov ($word,$_n0);
+ &mov ($inp,$_np);
+Index: crypto/openssl/crypto/bn/asm/ppc.pl
+===================================================================
+--- crypto/openssl/crypto/bn/asm/ppc.pl (revision 248771)
++++ crypto/openssl/crypto/bn/asm/ppc.pl (working copy)
+@@ -1039,7 +1039,7 @@ sub data {
+ addze r11,r0
+ #mul_add_c(a[3],b[2],c3,c1,c2);
+ $LD r6,`3*$BNSZ`(r4)
+- $LD r7,`2*$BNSZ`(r4)
++ $LD r7,`2*$BNSZ`(r5)
+ $UMULL r8,r6,r7
+ $UMULH r9,r6,r7
+ addc r12,r8,r12
+Index: crypto/openssl/crypto/bn/bn_blind.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_blind.c (revision 248771)
++++ crypto/openssl/crypto/bn/bn_blind.c (working copy)
+@@ -123,7 +123,7 @@ struct bn_blinding_st
+ BIGNUM *mod; /* just a reference */
+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+ * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+- unsigned int counter;
++ int counter;
+ unsigned long flags;
+ BN_MONT_CTX *m_ctx;
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+@@ -157,7 +157,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, cons
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+- ret->counter = BN_BLINDING_COUNTER;
++ /* Set the counter to the special value -1
++ * to indicate that this is never-used fresh blinding
++ * that does not need updating before first use. */
++ ret->counter = -1;
+ return(ret);
+ err:
+ if (ret != NULL) BN_BLINDING_free(ret);
+@@ -186,7 +189,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx
+ goto err;
+ }
+
+- if (--(b->counter) == 0 && b->e != NULL &&
++ if (b->counter == -1)
++ b->counter = 0;
++
++ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+ !(b->flags & BN_BLINDING_NO_RECREATE))
+ {
+ /* re-create blinding parameters */
+@@ -201,8 +207,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx
+
+ ret=1;
+ err:
+- if (b->counter == 0)
+- b->counter = BN_BLINDING_COUNTER;
++ if (b->counter == BN_BLINDING_COUNTER)
++ b->counter = 0;
+ return(ret);
+ }
+
+@@ -223,6 +229,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, B
+ return(0);
+ }
+
++ if (b->counter == -1)
++ /* Fresh blinding, doesn't need updating. */
++ b->counter = 0;
++ else if (!BN_BLINDING_update(b,ctx))
++ return(0);
++
+ if (r != NULL)
+ {
+ if (!BN_copy(r, b->Ai)) ret=0;
+@@ -243,22 +255,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM
+ int ret;
+
+ bn_check_top(n);
+- if ((b->A == NULL) || (b->Ai == NULL))
+- {
+- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+- return(0);
+- }
+
+ if (r != NULL)
+ ret = BN_mod_mul(n, n, r, b->mod, ctx);
+ else
+- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+-
+- if (ret >= 0)
+ {
+- if (!BN_BLINDING_update(b,ctx))
++ if (b->Ai == NULL)
++ {
++ BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+ return(0);
++ }
++ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
++
+ bn_check_top(n);
+ return(ret);
+ }
+Index: crypto/openssl/crypto/bn/bn_gf2m.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_gf2m.c (revision 248771)
++++ crypto/openssl/crypto/bn/bn_gf2m.c (working copy)
+@@ -607,6 +607,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, co
+ {
+ while (!BN_is_odd(u))
+ {
++ if (BN_is_zero(u)) goto err;
+ if (!BN_rshift1(u, u)) goto err;
+ if (BN_is_odd(b))
+ {
+Index: crypto/openssl/crypto/bn/bn_word.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_word.c (revision 248771)
++++ crypto/openssl/crypto/bn/bn_word.c (working copy)
+@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
+ a->neg=!(a->neg);
+ return(i);
+ }
+- /* Only expand (and risk failing) if it's possibly necessary */
+- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+- (bn_wexpand(a,a->top+1) == NULL))
+- return(0);
+- i=0;
+- for (;;)
++ for (i=0;w!=0 && i<a->top;i++)
+ {
+- if (i >= a->top)
+- l=w;
+- else
+- l=(a->d[i]+w)&BN_MASK2;
+- a->d[i]=l;
+- if (w > l)
+- w=1;
+- else
+- break;
+- i++;
++ a->d[i] = l = (a->d[i]+w)&BN_MASK2;
++ w = (w>l)?1:0;
+ }
+- if (i >= a->top)
++ if (w && i==a->top)
++ {
++ if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ a->top++;
++ a->d[i]=w;
++ }
+ bn_check_top(a);
+ return(1);
+ }
+Index: crypto/openssl/crypto/cms/cms.h
+===================================================================
+--- crypto/openssl/crypto/cms/cms.h (revision 248771)
++++ crypto/openssl/crypto/cms/cms.h (working copy)
+@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+ #define CMS_PARTIAL 0x4000
+ #define CMS_REUSE_DIGEST 0x8000
+ #define CMS_USE_KEYID 0x10000
++#define CMS_DEBUG_DECRYPT 0x20000
+
+ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+
+Index: crypto/openssl/crypto/cms/cms_enc.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_enc.c (revision 248771)
++++ crypto/openssl/crypto/cms/cms_enc.c (working copy)
+@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ const EVP_CIPHER *ciph;
+ X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+ unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
++ unsigned char *tkey = NULL;
++ size_t tkeylen;
+
+ int ok = 0;
+
+@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+-
+-
+- if (enc && !ec->key)
++ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
++ /* Generate random session key */
++ if (!enc || !ec->key)
+ {
+- /* Generate random key */
+- if (!ec->keylen)
+- ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+- ec->key = OPENSSL_malloc(ec->keylen);
+- if (!ec->key)
++ tkey = OPENSSL_malloc(tkeylen);
++ if (!tkey)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+- if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
++ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+ goto err;
+- keep_key = 1;
+ }
+- else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
++
++ if (!ec->key)
+ {
++ ec->key = tkey;
++ ec->keylen = tkeylen;
++ tkey = NULL;
++ if (enc)
++ keep_key = 1;
++ else
++ ERR_clear_error();
++
++ }
++
++ if (ec->keylen != tkeylen)
++ {
+ /* If necessary set key length */
+ if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+ {
+- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+- CMS_R_INVALID_KEY_LENGTH);
+- goto err;
++ /* Only reveal failure if debugging so we don't
++ * leak information which may be useful in MMA.
++ */
++ if (enc || ec->debug)
++ {
++ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
++ CMS_R_INVALID_KEY_LENGTH);
++ goto err;
++ }
++ else
++ {
++ /* Use random key */
++ OPENSSL_cleanse(ec->key, ec->keylen);
++ OPENSSL_free(ec->key);
++ ec->key = tkey;
++ ec->keylen = tkeylen;
++ tkey = NULL;
++ ERR_clear_error();
++ }
+ }
+ }
+
+@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ }
++ if (tkey)
++ {
++ OPENSSL_cleanse(tkey, tkeylen);
++ OPENSSL_free(tkey);
++ }
+ if (ok)
+ return b;
+ BIO_free(b);
+Index: crypto/openssl/crypto/cms/cms_env.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_env.c (revision 248771)
++++ crypto/openssl/crypto/cms/cms_env.c (working copy)
+@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_Cont
+ unsigned char *ek = NULL;
+ int eklen;
+ int ret = 0;
++ CMS_EncryptedContentInfo *ec;
++ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ if (ktri->pkey == NULL)
+ {
+@@ -382,9 +384,15 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_Cont
+
+ ret = 1;
+
+- cms->d.envelopedData->encryptedContentInfo->key = ek;
+- cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
++ if (ec->key)
++ {
++ OPENSSL_cleanse(ec->key, ec->keylen);
++ OPENSSL_free(ec->key);
++ }
+
++ ec->key = ek;
++ ec->keylen = eklen;
++
+ err:
+ if (!ret && ek)
+ OPENSSL_free(ek);
+Index: crypto/openssl/crypto/cms/cms_io.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_io.c (revision 248771)
++++ crypto/openssl/crypto/cms/cms_io.c (working copy)
+@@ -112,7 +112,7 @@ static int cms_output_data(BIO *out, BIO *data, AS
+ cmsbio = tmpbio;
+ }
+
+- return 1;
++ return r;
+
+ }
+
+Index: crypto/openssl/crypto/cms/cms_lcl.h
+===================================================================
+--- crypto/openssl/crypto/cms/cms_lcl.h (revision 248771)
++++ crypto/openssl/crypto/cms/cms_lcl.h (working copy)
+@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
+ const EVP_CIPHER *cipher;
+ unsigned char *key;
+ size_t keylen;
++ /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
++ int debug;
+ };
+
+ struct CMS_RecipientInfo_st
+Index: crypto/openssl/crypto/cms/cms_smime.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_smime.c (revision 248771)
++++ crypto/openssl/crypto/cms/cms_smime.c (working copy)
+@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EV
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
++ int debug = 0;
+ ris = CMS_get0_RecipientInfos(cms);
++ if (ris)
++ debug = cms->d.envelopedData->encryptedContentInfo->debug;
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+@@ -636,17 +639,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EV
+ CMS_RecipientInfo_set0_pkey(ri, pk);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_pkey(ri, NULL);
+- if (r > 0)
+- return 1;
+ if (cert)
+ {
++ /* If not debugging clear any error and
++ * return success to avoid leaking of
++ * information useful to MMA
++ */
++ if (!debug)
++ {
++ ERR_clear_error();
++ return 1;
++ }
++ if (r > 0)
++ return 1;
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+ CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+- ERR_clear_error();
++ /* If no cert and not debugging don't leave loop
++ * after first successful decrypt. Always attempt
++ * to decrypt all recipients to avoid leaking timing
++ * of a successful decrypt.
++ */
++ else if (r > 0 && debug)
++ return 1;
+ }
+ }
++ /* If no cert and not debugging always return success */
++ if (!cert && !debug)
++ {
++ ERR_clear_error();
++ return 1;
++ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+@@ -705,9 +729,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk
+ }
+ if (!dcont && !check_content(cms))
+ return 0;
++ if (flags & CMS_DEBUG_DECRYPT)
++ cms->d.envelopedData->encryptedContentInfo->debug = 1;
++ else
++ cms->d.envelopedData->encryptedContentInfo->debug = 0;
++ if (!pk && !cert && !dcont && !out)
++ return 1;
+ if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+ return 0;
+-
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+Index: crypto/openssl/crypto/comp/c_rle.c
+===================================================================
+--- crypto/openssl/crypto/comp/c_rle.c (revision 248771)
++++ crypto/openssl/crypto/comp/c_rle.c (working copy)
+@@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigne
+ {
+ int i;
+
+- if (olen < (ilen-1))
++ if (ilen == 0 || olen < (ilen-1))
+ {
+ /* ZZZZZZZZZZZZZZZZZZZZZZ */
+ return(-1);
+@@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigne
+ }
+ return(ilen-1);
+ }
+-
+Index: crypto/openssl/crypto/conf/conf_api.c
+===================================================================
+--- crypto/openssl/crypto/conf/conf_api.c (revision 248771)
++++ crypto/openssl/crypto/conf/conf_api.c (working copy)
+@@ -64,6 +64,7 @@
+ #endif
+
+ #include <assert.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <openssl/conf.h>
+ #include <openssl/conf_api.h>
+Index: crypto/openssl/crypto/cryptlib.c
+===================================================================
+--- crypto/openssl/crypto/cryptlib.c (revision 248771)
++++ crypto/openssl/crypto/cryptlib.c (working copy)
+@@ -396,7 +396,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwR
+ case DLL_THREAD_ATTACH:
+ break;
+ case DLL_THREAD_DETACH:
+- ERR_remove_state(0);
+ break;
+ case DLL_PROCESS_DETACH:
+ break;
+@@ -543,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const ch
+ }
+
+ void *OPENSSL_stderr(void) { return stderr; }
++
++#ifndef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
++
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+Index: crypto/openssl/crypto/crypto.h
+===================================================================
+--- crypto/openssl/crypto/crypto.h (revision 248771)
++++ crypto/openssl/crypto/crypto.h (working copy)
+@@ -588,15 +588,22 @@ int OPENSSL_isservice(void);
+
+ #endif /* def OPENSSL_FIPS */
+
++#define OPENSSL_HAVE_INIT 1
++void OPENSSL_init(void);
++
++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
++ * takes an amount of time dependent on |len|, but independent of the contents
++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
++ * defined order as the return value when a != b is undefined, other than to be
++ * non-zero. */
++int CRYPTO_memcmp(const void *a, const void *b, size_t len);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+ void ERR_load_CRYPTO_strings(void);
+
+-#define OPENSSL_HAVE_INIT 1
+-void OPENSSL_init(void);
+-
+ /* Error codes for the CRYPTO functions. */
+
+ /* Function codes. */
+Index: crypto/openssl/crypto/ec/ec2_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_smpl.c (revision 248771)
++++ crypto/openssl/crypto/ec/ec2_smpl.c (working copy)
+@@ -821,7 +821,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *gro
+ field_sqr = group->meth->field_sqr;
+
+ /* only support affine coordinates */
+- if (!point->Z_is_one) goto err;
++ if (!point->Z_is_one) return -1;
+
+ if (ctx == NULL)
+ {
+@@ -871,6 +871,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, cons
+ {
+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ }
++
++ if (EC_POINT_is_at_infinity(group, b))
++ return 1;
+
+ if (a->Z_is_one && b->Z_is_one)
+ {
+Index: crypto/openssl/crypto/ec/ec_key.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_key.c (revision 248771)
++++ crypto/openssl/crypto/ec/ec_key.c (working copy)
+@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+-
++
++ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
++ {
++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
++ goto err;
++ }
++
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if ((point = EC_POINT_new(eckey->group)) == NULL)
+Index: crypto/openssl/crypto/ec/ecp_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ecp_smpl.c (revision 248771)
++++ crypto/openssl/crypto/ec/ecp_smpl.c (working copy)
+@@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const
+ {
+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ }
++
++ if (EC_POINT_is_at_infinity(group, b))
++ return 1;
+
+ if (a->Z_is_one && b->Z_is_one)
+ {
+Index: crypto/openssl/crypto/ecdsa/ecdsatest.c
+===================================================================
+--- crypto/openssl/crypto/ecdsa/ecdsatest.c (revision 248771)
++++ crypto/openssl/crypto/ecdsa/ecdsatest.c (working copy)
+@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
+ return 0;
+ }
+ fbytes_counter ++;
+- ret = BN_bn2bin(tmp, buf);
+- if (ret == 0 || ret != num)
++ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+ ret = 0;
+- else
++ else
+ ret = 1;
+ if (tmp)
+ BN_free(tmp);
+@@ -287,9 +286,13 @@ int test_builtin(BIO *out)
+ size_t crv_len = 0, n = 0;
+ EC_KEY *eckey = NULL, *wrong_eckey = NULL;
+ EC_GROUP *group;
++ ECDSA_SIG *ecdsa_sig = NULL;
+ unsigned char digest[20], wrong_digest[20];
+- unsigned char *signature = NULL;
+- unsigned int sig_len;
++ unsigned char *signature = NULL;
++ const unsigned char *sig_ptr;
++ unsigned char *sig_ptr2;
++ unsigned char *raw_buf = NULL;
++ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+ int nid, ret = 0;
+
+ /* fill digest values with some random data */
+@@ -339,7 +342,8 @@ int test_builtin(BIO *out)
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+- if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
++ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
++ if (degree < 160)
+ /* drop the curve */
+ {
+ EC_KEY_free(eckey);
+@@ -415,26 +419,89 @@ int test_builtin(BIO *out)
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+- /* modify a single byte of the signature */
+- offset = signature[10] % sig_len;
+- dirt = signature[11];
+- signature[offset] ^= dirt ? dirt : 1;
++ /* wrong length */
++ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
++ eckey) == 1)
++ {
++ BIO_printf(out, " failed\n");
++ goto builtin_err;
++ }
++ BIO_printf(out, ".");
++ (void)BIO_flush(out);
++
++ /* Modify a single byte of the signature: to ensure we don't
++ * garble the ASN1 structure, we read the raw signature and
++ * modify a byte in one of the bignums directly. */
++ sig_ptr = signature;
++ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
++ {
++ BIO_printf(out, " failed\n");
++ goto builtin_err;
++ }
++
++ /* Store the two BIGNUMs in raw_buf. */
++ r_len = BN_num_bytes(ecdsa_sig->r);
++ s_len = BN_num_bytes(ecdsa_sig->s);
++ bn_len = (degree + 7) / 8;
++ if ((r_len > bn_len) || (s_len > bn_len))
++ {
++ BIO_printf(out, " failed\n");
++ goto builtin_err;
++ }
++ buf_len = 2 * bn_len;
++ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
++ goto builtin_err;
++ /* Pad the bignums with leading zeroes. */
++ memset(raw_buf, 0, buf_len);
++ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
++ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
++
++ /* Modify a single byte in the buffer. */
++ offset = raw_buf[10] % buf_len;
++ dirt = raw_buf[11] ? raw_buf[11] : 1;
++ raw_buf[offset] ^= dirt;
++ /* Now read the BIGNUMs back in from raw_buf. */
++ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
++ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
++ goto builtin_err;
++
++ sig_ptr2 = signature;
++ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
++ /* Sanity check: undo the modification and verify signature. */
++ raw_buf[offset] ^= dirt;
++ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
++ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
++ goto builtin_err;
++
++ sig_ptr2 = signature;
++ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
++ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
++ {
++ BIO_printf(out, " failed\n");
++ goto builtin_err;
++ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ /* cleanup */
++ /* clean bogus errors */
++ ERR_clear_error();
+ OPENSSL_free(signature);
+ signature = NULL;
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ EC_KEY_free(wrong_eckey);
+ wrong_eckey = NULL;
++ ECDSA_SIG_free(ecdsa_sig);
++ ecdsa_sig = NULL;
++ OPENSSL_free(raw_buf);
++ raw_buf = NULL;
+ }
+
+ ret = 1;
+@@ -443,8 +510,12 @@ builtin_err:
+ EC_KEY_free(eckey);
+ if (wrong_eckey)
+ EC_KEY_free(wrong_eckey);
++ if (ecdsa_sig)
++ ECDSA_SIG_free(ecdsa_sig);
+ if (signature)
+ OPENSSL_free(signature);
++ if (raw_buf)
++ OPENSSL_free(raw_buf);
+ if (curves)
+ OPENSSL_free(curves);
+
+Index: crypto/openssl/crypto/ecdsa/ecs_ossl.c
+===================================================================
+--- crypto/openssl/crypto/ecdsa/ecs_ossl.c (revision 248771)
++++ crypto/openssl/crypto/ecdsa/ecs_ossl.c (working copy)
+@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX
+ }
+ while (BN_is_zero(k));
+
++ /* We do not want timing information to leak the length of k,
++ * so we compute G*k using an equivalent scalar of fixed
++ * bit-length. */
++
++ if (!BN_add(k, k, order)) goto err;
++ if (BN_num_bits(k) <= BN_num_bits(order))
++ if (!BN_add(k, k, order)) goto err;
++
+ /* compute r the x-coordinate of generator * k */
+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ {
+Index: crypto/openssl/crypto/evp/evp_test.c
+===================================================================
+--- crypto/openssl/crypto/evp/evp_test.c (revision 248771)
++++ crypto/openssl/crypto/evp/evp_test.c (working copy)
+@@ -435,6 +435,7 @@ int main(int argc,char **argv)
+ EXIT(3);
+ }
+ }
++ fclose(f);
+
+ #ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+Index: crypto/openssl/crypto/o_init.c
+===================================================================
+--- crypto/openssl/crypto/o_init.c (revision 248771)
++++ crypto/openssl/crypto/o_init.c (working copy)
+@@ -93,4 +93,18 @@ void OPENSSL_init(void)
+ #endif
+ }
+
++#ifdef OPENSSL_FIPS
+
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
++
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+Index: crypto/openssl/crypto/ocsp/ocsp_lib.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_lib.c (revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_lib.c (working copy)
+@@ -169,14 +169,14 @@ int OCSP_parse_url(char *url, char **phost, char *
+
+ char *host, *port;
+
++ *phost = NULL;
++ *pport = NULL;
++ *ppath = NULL;
++
+ /* dup the buffer since we are going to mess with it */
+ buf = BUF_strdup(url);
+ if (!buf) goto mem_err;
+
+- *phost = NULL;
+- *pport = NULL;
+- *ppath = NULL;
+-
+ /* Check for initial colon */
+ p = strchr(buf, ':');
+
+Index: crypto/openssl/crypto/ocsp/ocsp_vfy.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_vfy.c (revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_vfy.c (working copy)
+@@ -91,10 +91,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ {
+ EVP_PKEY *skey;
+ skey = X509_get_pubkey(signer);
+- ret = OCSP_BASICRESP_verify(bs, skey, 0);
+- EVP_PKEY_free(skey);
+- if(ret <= 0)
++ if (skey)
+ {
++ ret = OCSP_BASICRESP_verify(bs, skey, 0);
++ EVP_PKEY_free(skey);
++ }
++ if(!skey || ret <= 0)
++ {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ goto end;
+ }
+@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if(!init_res)
+ {
++ ret = -1;
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ goto end;
+ }
+Index: crypto/openssl/crypto/opensslv.h
+===================================================================
+--- crypto/openssl/crypto/opensslv.h (revision 248771)
++++ crypto/openssl/crypto/opensslv.h (working copy)
+@@ -25,11 +25,11 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-#define OPENSSL_VERSION_NUMBER 0x0090811f
++#define OPENSSL_VERSION_NUMBER 0x0090819fL
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q-fips 2 Dec 2010"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y-fips 5 Feb 2013"
+ #else
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q 2 Dec 2010"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8y 5 Feb 2013"
+ #endif
+ #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+@@ -83,7 +83,7 @@
+ * should only keep the versions that are binary compatible with the current.
+ */
+ #define SHLIB_VERSION_HISTORY ""
+-#define SHLIB_VERSION_NUMBER "0.9.8"
++#define SHLIB_VERSION_NUMBER "6"
+
+
+ #endif /* HEADER_OPENSSLV_H */
+Index: crypto/openssl/crypto/perlasm/cbc.pl
+===================================================================
+--- crypto/openssl/crypto/perlasm/cbc.pl (revision 248771)
++++ crypto/openssl/crypto/perlasm/cbc.pl (working copy)
+@@ -158,7 +158,6 @@ sub cbc
+ &jmp_ptr($count);
+
+ &set_label("ej7");
+- &xor("edx", "edx") if $ppro; # ppro friendly
+ &movb(&HB("edx"), &BP(6,$in,"",0));
+ &shl("edx",8);
+ &set_label("ej6");
+@@ -170,7 +169,6 @@ sub cbc
+ &jmp(&label("ejend"));
+ &set_label("ej3");
+ &movb(&HB("ecx"), &BP(2,$in,"",0));
+- &xor("ecx", "ecx") if $ppro; # ppro friendly
+ &shl("ecx",8);
+ &set_label("ej2");
+ &movb(&HB("ecx"), &BP(1,$in,"",0));
+Index: crypto/openssl/crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_smime.c (revision 248771)
++++ crypto/openssl/crypto/pkcs7/pk7_smime.c (working copy)
+@@ -486,15 +486,34 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509
+ return 0;
+ }
+ ret = SMIME_text(bread, data);
++ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++ {
++ if (!BIO_get_cipher_status(tmpmem))
++ ret = 0;
++ }
+ BIO_free_all(bread);
+ return ret;
+ } else {
+ for(;;) {
+ i = BIO_read(tmpmem, buf, sizeof(buf));
+- if(i <= 0) break;
+- BIO_write(data, buf, i);
++ if(i <= 0)
++ {
++ ret = 1;
++ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++ {
++ if (!BIO_get_cipher_status(tmpmem))
++ ret = 0;
++ }
++
++ break;
++ }
++ if (BIO_write(data, buf, i) != i)
++ {
++ ret = 0;
++ break;
++ }
+ }
+ BIO_free_all(tmpmem);
+- return 1;
++ return ret;
+ }
+ }
+Index: crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
+===================================================================
+--- crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl (revision 248771)
++++ crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl (working copy)
+@@ -167,7 +167,7 @@ $code.=<<___;
+ movzb ($dat,$XX[0]),$TX[0]#d
+ test \$-8,$len
+ jz .Lcloop1
+- cmp \$0,260($dat)
++ cmpl \$0,260($dat)
+ jnz .Lcloop1
+ push %rbx
+ jmp .Lcloop8
+Index: crypto/openssl/crypto/rc4/rc4_skey.c
+===================================================================
+--- crypto/openssl/crypto/rc4/rc4_skey.c (revision 248771)
++++ crypto/openssl/crypto/rc4/rc4_skey.c (working copy)
+@@ -138,9 +138,9 @@ void RC4_set_key(RC4_KEY *key, int len, const unsi
+ */
+ #ifdef OPENSSL_FIPS
+ unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+- if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
++ if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) {
+ #else
+- if (OPENSSL_ia32cap_P & (1<<28)) {
++ if (OPENSSL_ia32cap_P & (1<<20)) {
+ #endif
+ unsigned char *cp=(unsigned char *)d;
+
+Index: crypto/openssl/crypto/rsa/rsa_eay.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_eay.c (revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_eay.c (working copy)
+@@ -312,51 +312,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int
+ return ret;
+ }
+
+-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
+- BIGNUM *r, BN_CTX *ctx)
+-{
+- if (local)
++static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
++ BN_CTX *ctx)
++ {
++ if (unblind == NULL)
++ /* Local blinding: store the unblinding factor
++ * in BN_BLINDING. */
+ return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+ else
+ {
++ /* Shared blinding: store the unblinding factor
++ * outside BN_BLINDING. */
+ int ret;
+- CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+- ret = BN_BLINDING_convert_ex(f, r, b, ctx);
+- CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
+- return ret;
+- }
+-}
+-
+-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
+- BIGNUM *r, BN_CTX *ctx)
+-{
+- if (local)
+- return BN_BLINDING_invert_ex(f, NULL, b, ctx);
+- else
+- {
+- int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+- ret = BN_BLINDING_invert_ex(f, r, b, ctx);
++ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+ return ret;
+ }
+-}
++ }
+
++static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
++ BN_CTX *ctx)
++ {
++ /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
++ * will use the unblinding factor stored in BN_BLINDING.
++ * If BN_BLINDING is shared between threads, unblind must be non-null:
++ * BN_BLINDING_invert_ex will then use the local unblinding factor,
++ * and will only read the modulus from BN_BLINDING.
++ * In both cases it's safe to access the blinding without a lock.
++ */
++ return BN_BLINDING_invert_ex(f, unblind, b, ctx);
++ }
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+- BIGNUM *f, *ret, *br, *res;
++ BIGNUM *f, *ret, *res;
+ int i,j,k,num=0,r= -1;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+ int local_blinding = 0;
++ /* Used only if the blinding structure is shared. A non-NULL unblind
++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
++ * the unblinding factor outside the blinding structure. */
++ BIGNUM *unblind = NULL;
+ BN_BLINDING *blinding = NULL;
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+- br = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+@@ -404,8 +409,15 @@ static int RSA_eay_private_encrypt(int flen, const
+ }
+
+ if (blinding != NULL)
+- if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
++ {
++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
++ {
++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
++ }
++ if (!rsa_blinding_convert(blinding, f, unblind, ctx))
++ goto err;
++ }
+
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+@@ -439,7 +451,7 @@ static int RSA_eay_private_encrypt(int flen, const
+ }
+
+ if (blinding)
+- if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
+
+ if (padding == RSA_X931_PADDING)
+@@ -478,18 +490,21 @@ err:
+ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+- BIGNUM *f, *ret, *br;
++ BIGNUM *f, *ret;
+ int j,num=0,r= -1;
+ unsigned char *p;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+ int local_blinding = 0;
++ /* Used only if the blinding structure is shared. A non-NULL unblind
++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
++ * the unblinding factor outside the blinding structure. */
++ BIGNUM *unblind = NULL;
+ BN_BLINDING *blinding = NULL;
+
+ if((ctx = BN_CTX_new()) == NULL) goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+- br = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+@@ -527,8 +542,15 @@ static int RSA_eay_private_decrypt(int flen, const
+ }
+
+ if (blinding != NULL)
+- if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
++ {
++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
++ {
++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
++ }
++ if (!rsa_blinding_convert(blinding, f, unblind, ctx))
++ goto err;
++ }
+
+ /* do the decrypt */
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+@@ -562,7 +584,7 @@ static int RSA_eay_private_decrypt(int flen, const
+ }
+
+ if (blinding)
+- if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
+
+ p=buf;
+Index: crypto/openssl/crypto/rsa/rsa_oaep.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy)
+@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
+
+ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ goto decoding_err;
+ else
+ {
+Index: crypto/openssl/crypto/symhacks.h
+===================================================================
+--- crypto/openssl/crypto/symhacks.h (revision 248771)
++++ crypto/openssl/crypto/symhacks.h (working copy)
+@@ -252,15 +252,15 @@
+ #define EC_POINT_set_compressed_coordinates_GF2m \
+ EC_POINT_set_compr_coords_GF2m
+ #undef ec_GF2m_simple_group_clear_finish
+-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
++#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
+ #undef ec_GF2m_simple_group_check_discriminant
+ #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
+ #undef ec_GF2m_simple_point_clear_finish
+-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
++#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
+ #undef ec_GF2m_simple_point_set_to_infinity
+-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
++#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
+ #undef ec_GF2m_simple_points_make_affine
+-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
++#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
+ #undef ec_GF2m_simple_point_set_affine_coordinates
+ #define ec_GF2m_simple_point_set_affine_coordinates \
+ ec_GF2m_smp_pt_set_af_coords
+@@ -288,8 +288,6 @@
+ #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
+ #undef ec_GFp_simple_points_make_affine
+ #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
+-#undef ec_GFp_simple_group_get_curve_GFp
+-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
+ #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+ #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+ ec_GFp_smp_set_Jproj_coords_GFp
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_vfy.c (revision 248771)
++++ crypto/openssl/crypto/x509/x509_vfy.c (working copy)
+@@ -1097,7 +1097,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time
+ atm.length=sizeof(buff2);
+ atm.data=(unsigned char *)buff2;
+
+- if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
++ if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
+ return 0;
+
+ if (ctm->type == V_ASN1_UTCTIME)
+Index: crypto/openssl/crypto/x509v3/v3_addr.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/v3_addr.c (revision 248771)
++++ crypto/openssl/crypto/x509v3/v3_addr.c (working copy)
+@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+-static void addr_expand(unsigned char *addr,
++static int addr_expand(unsigned char *addr,
+ const ASN1_BIT_STRING *bs,
+ const int length,
+ const unsigned char fill)
+ {
+- OPENSSL_assert(bs->length >= 0 && bs->length <= length);
++ if (bs->length < 0 || bs->length > length)
++ return 0;
+ if (bs->length > 0) {
+ memcpy(addr, bs->data, bs->length);
+ if ((bs->flags & 7) != 0) {
+@@ -159,6 +160,7 @@ unsigned int v3_addr_get_afi(const IPAddressFamily
+ }
+ }
+ memset(addr + bs->length, fill, length - bs->length);
++ return 1;
+ }
+
+ /*
+@@ -177,13 +179,17 @@ static int i2r_address(BIO *out,
+ unsigned char addr[ADDR_RAW_BUF_LEN];
+ int i, n;
+
++ if (bs->length < 0)
++ return 0;
+ switch (afi) {
+ case IANA_AFI_IPV4:
+- addr_expand(addr, bs, 4, fill);
++ if (!addr_expand(addr, bs, 4, fill))
++ return 0;
+ BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+ break;
+ case IANA_AFI_IPV6:
+- addr_expand(addr, bs, 16, fill);
++ if (!addr_expand(addr, bs, 16, fill))
++ return 0;
+ for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
+ ;
+ for (i = 0; i < n; i += 2)
+@@ -309,6 +315,12 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *met
+ /*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
++ *
++ * There's no sane answer we can give if addr_expand() fails, and an
++ * assertion failure on externally supplied data is seriously uncool,
++ * so we just arbitrarily declare that if given invalid inputs this
++ * function returns -1. If this messes up your preferred sort order
++ * for garbage input, tough noogies.
+ */
+ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+ const IPAddressOrRange *b,
+@@ -321,22 +333,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrR
+
+ switch (a->type) {
+ case IPAddressOrRange_addressPrefix:
+- addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
++ if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
++ return -1;
+ prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+ break;
+ case IPAddressOrRange_addressRange:
+- addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
++ if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
++ return -1;
+ prefixlen_a = length * 8;
+ break;
+ }
+
+ switch (b->type) {
+ case IPAddressOrRange_addressPrefix:
+- addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
++ if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
++ return -1;
+ prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+ break;
+ case IPAddressOrRange_addressRange:
+- addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
++ if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
++ return -1;
+ prefixlen_b = length * 8;
+ break;
+ }
+@@ -378,6 +394,7 @@ static int range_should_be_prefix(const unsigned c
+ unsigned char mask;
+ int i, j;
+
++ OPENSSL_assert(memcmp(min, max, length) <= 0);
+ for (i = 0; i < length && min[i] == max[i]; i++)
+ ;
+ for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
+@@ -651,22 +668,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
+ /*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+-static void extract_min_max(IPAddressOrRange *aor,
++static int extract_min_max(IPAddressOrRange *aor,
+ unsigned char *min,
+ unsigned char *max,
+ int length)
+ {
+- OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
++ if (aor == NULL || min == NULL || max == NULL)
++ return 0;
+ switch (aor->type) {
+ case IPAddressOrRange_addressPrefix:
+- addr_expand(min, aor->u.addressPrefix, length, 0x00);
+- addr_expand(max, aor->u.addressPrefix, length, 0xFF);
+- return;
++ return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
++ addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+ case IPAddressOrRange_addressRange:
+- addr_expand(min, aor->u.addressRange->min, length, 0x00);
+- addr_expand(max, aor->u.addressRange->max, length, 0xFF);
+- return;
++ return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
++ addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+ }
++ return 0;
+ }
+
+ /*
+@@ -682,9 +699,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
+ if (aor == NULL || min == NULL || max == NULL ||
+ afi_length == 0 || length < afi_length ||
+ (aor->type != IPAddressOrRange_addressPrefix &&
+- aor->type != IPAddressOrRange_addressRange))
++ aor->type != IPAddressOrRange_addressRange) ||
++ !extract_min_max(aor, min, max, afi_length))
+ return 0;
+- extract_min_max(aor, min, max, afi_length);
++
+ return afi_length;
+ }
+
+@@ -766,8 +784,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+- extract_min_max(a, a_min, a_max, length);
+- extract_min_max(b, b_min, b_max, length);
++ if (!extract_min_max(a, a_min, a_max, length) ||
++ !extract_min_max(b, b_min, b_max, length))
++ return 0;
+
+ /*
+ * Punt misordered list, overlapping start, or inverted range.
+@@ -795,15 +814,18 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
+ }
+
+ /*
+- * Check final range to see if it should be a prefix.
++ * Check range to see if it's inverted or should be a
++ * prefix.
+ */
+ j = sk_IPAddressOrRange_num(aors) - 1;
+ {
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+- if (a->type == IPAddressOrRange_addressRange) {
+- extract_min_max(a, a_min, a_max, length);
+- if (range_should_be_prefix(a_min, a_max, length) >= 0)
++ if (a != NULL && a->type == IPAddressOrRange_addressRange) {
++ if (!extract_min_max(a, a_min, a_max, length))
+ return 0;
++ if (memcmp(a_min, a_max, length) > 0 ||
++ range_should_be_prefix(a_min, a_max, length) >= 0)
++ return 0;
+ }
+ }
+ }
+@@ -836,10 +858,18 @@ static int IPAddressOrRanges_canonize(IPAddressOrR
+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+- extract_min_max(a, a_min, a_max, length);
+- extract_min_max(b, b_min, b_max, length);
++ if (!extract_min_max(a, a_min, a_max, length) ||
++ !extract_min_max(b, b_min, b_max, length))
++ return 0;
+
+ /*
++ * Punt inverted ranges.
++ */
++ if (memcmp(a_min, a_max, length) > 0 ||
++ memcmp(b_min, b_max, length) > 0)
++ return 0;
++
++ /*
+ * Punt overlaps.
+ */
+ if (memcmp(a_max, b_min, length) >= 0)
+@@ -864,6 +894,20 @@ static int IPAddressOrRanges_canonize(IPAddressOrR
+ }
+ }
+
++ /*
++ * Check for inverted final range.
++ */
++ j = sk_IPAddressOrRange_num(aors) - 1;
++ {
++ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
++ if (a != NULL && a->type == IPAddressOrRange_addressRange) {
++ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
++ extract_min_max(a, a_min, a_max, length);
++ if (memcmp(a_min, a_max, length) > 0)
++ return 0;
++ }
++ }
++
+ return 1;
+ }
+
+@@ -1012,6 +1056,11 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method
+ X509V3_conf_err(val);
+ goto err;
+ }
++ if (memcmp(min, max, length_from_afi(afi)) > 0) {
++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
++ X509V3_conf_err(val);
++ goto err;
++ }
+ if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ goto err;
+@@ -1097,13 +1146,15 @@ static int addr_contains(IPAddressOrRanges *parent
+
+ p = 0;
+ for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+- extract_min_max(sk_IPAddressOrRange_value(child, c),
+- c_min, c_max, length);
++ if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
++ c_min, c_max, length))
++ return -1;
+ for (;; p++) {
+ if (p >= sk_IPAddressOrRange_num(parent))
+ return 0;
+- extract_min_max(sk_IPAddressOrRange_value(parent, p),
+- p_min, p_max, length);
++ if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
++ p_min, p_max, length))
++ return 0;
+ if (memcmp(p_max, c_max, length) < 0)
+ continue;
+ if (memcmp(p_min, c_min, length) > 0)
+Index: crypto/openssl/crypto/x509v3/v3_asid.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/v3_asid.c (revision 248771)
++++ crypto/openssl/crypto/x509v3/v3_asid.c (working copy)
+@@ -61,7 +61,6 @@
+
+ #include <stdio.h>
+ #include <string.h>
+-#include <assert.h>
+ #include "cryptlib.h"
+ #include <openssl/conf.h>
+ #include <openssl/asn1.h>
+@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * con
+ {
+ const ASIdOrRange *a = *a_, *b = *b_;
+
+- assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
++ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+ (a->type == ASIdOrRange_range && a->u.range != NULL &&
+ a->u.range->min != NULL && a->u.range->max != NULL));
+
+- assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
++ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+ (b->type == ASIdOrRange_range && b->u.range != NULL &&
+ b->u.range->min != NULL && b->u.range->max != NULL));
+
+@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int w
+ if (*choice == NULL) {
+ if ((*choice = ASIdentifierChoice_new()) == NULL)
+ return 0;
+- assert((*choice)->u.inherit == NULL);
++ OPENSSL_assert((*choice)->u.inherit == NULL);
+ if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+ return 0;
+ (*choice)->type = ASIdentifierChoice_inherit;
+@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
+ if (*choice == NULL) {
+ if ((*choice = ASIdentifierChoice_new()) == NULL)
+ return 0;
+- assert((*choice)->u.asIdsOrRanges == NULL);
++ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+ (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+ if ((*choice)->u.asIdsOrRanges == NULL)
+ return 0;
+@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
+ ASN1_INTEGER **min,
+ ASN1_INTEGER **max)
+ {
+- assert(aor != NULL && min != NULL && max != NULL);
++ OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+ switch (aor->type) {
+ case ASIdOrRange_id:
+ *min = aor->u.id;
+@@ -359,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdent
+ goto done;
+ }
+
++ /*
++ * Check for inverted range.
++ */
++ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
++ {
++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
++ ASN1_INTEGER *a_min, *a_max;
++ if (a != NULL && a->type == ASIdOrRange_range) {
++ extract_min_max(a, &a_min, &a_max);
++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
++ goto done;
++ }
++ }
++
+ ret = 1;
+
+ done:
+@@ -373,7 +386,7 @@ static int ASIdentifierChoice_is_canonical(ASIdent
+ int v3_asid_is_canonical(ASIdentifiers *asid)
+ {
+ return (asid == NULL ||
+- (ASIdentifierChoice_is_canonical(asid->asnum) ||
++ (ASIdentifierChoice_is_canonical(asid->asnum) &&
+ ASIdentifierChoice_is_canonical(asid->rdi)));
+ }
+
+@@ -393,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+ return 1;
+
+ /*
+- * We have a list. Sort it.
++ * If not a list, or if empty list, it's broken.
+ */
+- assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
++ if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
++ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
++ X509V3_R_EXTENSION_VALUE_ERROR);
++ return 0;
++ }
++
++ /*
++ * We have a non-empty list. Sort it.
++ */
+ sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+ /*
+@@ -413,9 +435,16 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+ /*
+ * Make sure we're properly sorted (paranoia).
+ */
+- assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
++ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+ /*
++ * Punt inverted ranges.
++ */
++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
++ ASN1_INTEGER_cmp(b_min, b_max) > 0)
++ goto done;
++
++ /*
+ * Check for overlaps.
+ */
+ if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+@@ -466,14 +495,28 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+ break;
+ }
+ ASIdOrRange_free(b);
+- (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
++ (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+ i--;
+ continue;
+ }
+ }
+
+- assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
++ /*
++ * Check for final inverted range.
++ */
++ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
++ {
++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
++ ASN1_INTEGER *a_min, *a_max;
++ if (a != NULL && a->type == ASIdOrRange_range) {
++ extract_min_max(a, &a_min, &a_max);
++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
++ goto done;
++ }
++ }
+
++ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
++
+ ret = 1;
+
+ done:
+@@ -499,6 +542,7 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+ struct v3_ext_ctx *ctx,
+ STACK_OF(CONF_VALUE) *values)
+ {
++ ASN1_INTEGER *min = NULL, *max = NULL;
+ ASIdentifiers *asid = NULL;
+ int i;
+
+@@ -509,7 +553,6 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+- ASN1_INTEGER *min = NULL, *max = NULL;
+ int i1, i2, i3, is_range, which;
+
+ /*
+@@ -579,18 +622,19 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+ max = s2i_ASN1_INTEGER(NULL, s + i2);
+ OPENSSL_free(s);
+ if (min == NULL || max == NULL) {
+- ASN1_INTEGER_free(min);
+- ASN1_INTEGER_free(max);
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
++ if (ASN1_INTEGER_cmp(min, max) > 0) {
++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
++ goto err;
++ }
+ }
+ if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+- ASN1_INTEGER_free(min);
+- ASN1_INTEGER_free(max);
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
++ min = max = NULL;
+ }
+
+ /*
+@@ -602,6 +646,8 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+
+ err:
+ ASIdentifiers_free(asid);
++ ASN1_INTEGER_free(min);
++ ASN1_INTEGER_free(max);
+ return NULL;
+ }
+
+@@ -709,9 +755,9 @@ static int v3_asid_validate_path_internal(X509_STO
+ int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+ X509 *x = NULL;
+
+- assert(chain != NULL && sk_X509_num(chain) > 0);
+- assert(ctx != NULL || ext != NULL);
+- assert(ctx == NULL || ctx->verify_cb != NULL);
++ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
++ OPENSSL_assert(ctx != NULL || ext != NULL);
++ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+ /*
+ * Figure out where to start. If we don't have an extension to
+@@ -723,7 +769,7 @@ static int v3_asid_validate_path_internal(X509_STO
+ } else {
+ i = 0;
+ x = sk_X509_value(chain, i);
+- assert(x != NULL);
++ OPENSSL_assert(x != NULL);
+ if ((ext = x->rfc3779_asid) == NULL)
+ goto done;
+ }
+@@ -756,7 +802,7 @@ static int v3_asid_validate_path_internal(X509_STO
+ */
+ for (i++; i < sk_X509_num(chain); i++) {
+ x = sk_X509_value(chain, i);
+- assert(x != NULL);
++ OPENSSL_assert(x != NULL);
+ if (x->rfc3779_asid == NULL) {
+ if (child_as != NULL || child_rdi != NULL)
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+Index: crypto/openssl/doc/HOWTO/proxy_certificates.txt
+===================================================================
+--- crypto/openssl/doc/HOWTO/proxy_certificates.txt (revision 248771)
++++ crypto/openssl/doc/HOWTO/proxy_certificates.txt (working copy)
+@@ -57,7 +57,7 @@ following methods:
+
+ - in all other cases, proxy certificate validation can be enabled
+ before starting the application by setting the envirnoment variable
+- OPENSSL_ALLOW_PROXY with some non-empty value.
++ OPENSSL_ALLOW_PROXY_CERTS with some non-empty value.
+
+ There are thoughts to allow proxy certificates with a line in the
+ default openssl.cnf, but that's still in the future.
+Index: crypto/openssl/doc/apps/CA.pl.pod
+===================================================================
+--- crypto/openssl/doc/apps/CA.pl.pod (revision 248771)
++++ crypto/openssl/doc/apps/CA.pl.pod (working copy)
+@@ -39,13 +39,13 @@ prints a usage message.
+
+ =item B<-newcert>
+
+-creates a new self signed certificate. The private key and certificate are
+-written to the file "newreq.pem".
++creates a new self signed certificate. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+
+ =item B<-newreq>
+
+-creates a new certificate request. The private key and request are
+-written to the file "newreq.pem".
++creates a new certificate request. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+
+ =item B<-newreq-nodes>
+
+Index: crypto/openssl/doc/apps/ca.pod
+===================================================================
+--- crypto/openssl/doc/apps/ca.pod (revision 248771)
++++ crypto/openssl/doc/apps/ca.pod (working copy)
+@@ -88,7 +88,7 @@ section for information on the required format.
+ =item B<-infiles>
+
+ if present this should be the last option, all subsequent arguments
+-are assumed to the the names of files containing certificate requests.
++are assumed to be the names of files containing certificate requests.
+
+ =item B<-out filename>
+
+Index: crypto/openssl/doc/apps/dgst.pod
+===================================================================
+--- crypto/openssl/doc/apps/dgst.pod (revision 248771)
++++ crypto/openssl/doc/apps/dgst.pod (working copy)
+@@ -68,7 +68,7 @@ see the B<PASS PHRASE ARGUMENTS> section in L<open
+
+ =item B<-verify filename>
+
+-verify the signature using the the public key in "filename".
++verify the signature using the public key in "filename".
+ The output is either "Verification OK" or "Verification Failure".
+
+ =item B<-prverify filename>
+Index: crypto/openssl/doc/crypto/engine.pod
+===================================================================
+--- crypto/openssl/doc/crypto/engine.pod (revision 248771)
++++ crypto/openssl/doc/crypto/engine.pod (working copy)
+@@ -517,7 +517,7 @@ implemented by ENGINEs should be numbered from. An
+ this symbol is considered a "generic" command is handled directly by the
+ OpenSSL core routines.
+
+-It is using these "core" control commands that one can discover the the control
++It is using these "core" control commands that one can discover the control
+ commands implemented by a given ENGINE, specifically the commands;
+
+ #define ENGINE_HAS_CTRL_FUNCTION 10
+Index: crypto/openssl/doc/ssl/SSL_clear.pod
+===================================================================
+--- crypto/openssl/doc/ssl/SSL_clear.pod (revision 248771)
++++ crypto/openssl/doc/ssl/SSL_clear.pod (working copy)
+@@ -39,10 +39,16 @@ for a description of the method's properties.
+ SSL_clear() resets the SSL object to allow for another connection. The
+ reset operation however keeps several settings of the last sessions
+ (some of these settings were made automatically during the last
+-handshake). It only makes sense when opening a new session (or reusing
+-an old one) with the same peer that shares these settings.
+-SSL_clear() is not a short form for the sequence
+-L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
++handshake). It only makes sense for a new connection with the exact
++same peer that shares these settings, and may fail if that peer
++changes its settings between connections. Use the sequence
++L<SSL_get_session(3)|SSL_get_session(3)>;
++L<SSL_new(3)|SSL_new(3)>;
++L<SSL_set_session(3)|SSL_set_session(3)>;
++L<SSL_free(3)|SSL_free(3)>
++instead to avoid such failures
++(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>
++if session reuse is not desired).
+
+ =head1 RETURN VALUES
+
+Index: crypto/openssl/engines/e_capi.c
+===================================================================
+--- crypto/openssl/engines/e_capi.c (revision 248771)
++++ crypto/openssl/engines/e_capi.c (working copy)
+@@ -420,29 +420,37 @@ static int capi_init(ENGINE *e)
+ CAPI_CTX *ctx;
+ const RSA_METHOD *ossl_rsa_meth;
+ const DSA_METHOD *ossl_dsa_meth;
+- capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+- cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
++ if (capi_idx < 0)
++ {
++ capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
++ if (capi_idx < 0)
++ goto memerr;
++
++ cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
++
++ /* Setup RSA_METHOD */
++ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
++ ossl_rsa_meth = RSA_PKCS1_SSLeay();
++ capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
++ capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
++ capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
++ capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
++
++ /* Setup DSA Method */
++ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
++ ossl_dsa_meth = DSA_OpenSSL();
++ capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
++ capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
++ capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
++ }
++
+ ctx = capi_ctx_new();
+- if (!ctx || (capi_idx < 0))
++ if (!ctx)
+ goto memerr;
+
+ ENGINE_set_ex_data(e, capi_idx, ctx);
+- /* Setup RSA_METHOD */
+- rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+- ossl_rsa_meth = RSA_PKCS1_SSLeay();
+- capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+- capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+- capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+- capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+- /* Setup DSA Method */
+- dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+- ossl_dsa_meth = DSA_OpenSSL();
+- capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+- capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+- capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+-
+ #ifdef OPENSSL_CAPIENG_DIALOG
+ {
+ HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+@@ -1133,6 +1141,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO
+ {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_addlasterror();
++ CryptReleaseContext(hprov, 0);
+ return 0;
+ }
+ CAPI_trace(ctx, "Got max container len %d\n", buflen);
+@@ -1400,10 +1409,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx
+ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+ {
+ CAPI_KEY *key;
++ DWORD dwFlags = 0;
+ key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+- if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
++ if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
++ dwFlags = CRYPT_MACHINE_KEYSET;
++ if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+@@ -1550,6 +1562,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LP
+ }
+ CryptReleaseContext(hprov, 0);
+ }
++ if (ctx->cspname)
++ OPENSSL_free(ctx->cspname);
+ ctx->cspname = BUF_strdup(pname);
+ ctx->csptype = type;
+ return 1;
+@@ -1559,9 +1573,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx
+ {
+ LPSTR pname;
+ DWORD type;
++ int res;
+ if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+ return 0;
+- return capi_ctx_set_provname(ctx, pname, type, 0);
++ res = capi_ctx_set_provname(ctx, pname, type, 0);
++ OPENSSL_free(pname);
++ return res;
+ }
+
+ static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+Index: crypto/openssl/engines/e_capi_err.h
+===================================================================
+--- crypto/openssl/engines/e_capi_err.h (revision 248771)
++++ crypto/openssl/engines/e_capi_err.h (working copy)
+@@ -55,6 +55,10 @@
+ #ifndef HEADER_CAPI_ERR_H
+ #define HEADER_CAPI_ERR_H
+
++#ifdef __cplusplus
++extern "C" {
++#endif
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+Index: crypto/openssl/fips/fips_canister.c
+===================================================================
+--- crypto/openssl/fips/fips_canister.c (revision 248771)
++++ crypto/openssl/fips/fips_canister.c (working copy)
+@@ -19,6 +19,7 @@
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
++ defined(__ANDROID__) || \
+ (defined(vax) || defined(__vax__))
+ # define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+ # endif
+Index: crypto/openssl/openssl.spec
+===================================================================
+--- crypto/openssl/openssl.spec (revision 248771)
++++ crypto/openssl/openssl.spec (working copy)
+@@ -2,7 +2,7 @@
+ %define libmaj 0
+ %define libmin 9
+ %define librel 8
+-%define librev q
++%define librev y
+ Release: 1
+
+ %define openssldir /var/ssl
+Index: crypto/openssl/ssl/Makefile
+===================================================================
+--- crypto/openssl/ssl/Makefile (revision 248771)
++++ crypto/openssl/ssl/Makefile (working copy)
+@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a
+ SHARED_LIB= libssl$(SHLIB_EXT)
+ LIBSRC= \
+ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
+- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
++ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
+ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
+ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
+ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+@@ -33,7 +33,7 @@ LIBSRC= \
+ bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
++ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
+ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
+ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
+ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
+@@ -545,6 +545,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o
+ s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
++s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
++s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
++s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
++s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
++s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
++s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
++s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
++s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
++s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
+ s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+Index: crypto/openssl/ssl/bio_ssl.c
+===================================================================
+--- crypto/openssl/ssl/bio_ssl.c (revision 248771)
++++ crypto/openssl/ssl/bio_ssl.c (working copy)
+@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, vo
+ break;
+ case BIO_C_SET_SSL:
+ if (ssl != NULL)
++ {
+ ssl_free(b);
++ if (!ssl_new(b))
++ return 0;
++ }
+ b->shutdown=(int)num;
+ ssl=(SSL *)ptr;
+ ((BIO_SSL *)b->ptr)->ssl=ssl;
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c (revision 248771)
++++ crypto/openssl/ssl/d1_both.c (working copy)
+@@ -153,12 +153,11 @@
+ #endif
+
+ static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+-static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
++static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+
+ /* XDTLS: figure out the right values */
+ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+
+-static unsigned int dtls1_min_mtu(void);
+ static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
+ static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+ unsigned long frag_len);
+@@ -228,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
+ unsigned int len, frag_off, mac_size, blocksize;
+
+ /* AHA! Figure out the MTU, and stick to the right size */
+- if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
++ if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ {
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+ /* I've seen the kernel return bogus numbers when it doesn't know
+ * (initial write), so just make sure we have a reasonable number */
+- if ( s->d1->mtu < dtls1_min_mtu())
++ if (s->d1->mtu < dtls1_min_mtu())
+ {
+ s->d1->mtu = 0;
+ s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
+@@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type)
+ return ret;
+ mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+ }
++#endif
+
+- OPENSSL_assert(mtu > 0); /* should have something reasonable now */
++ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
+
+-#endif
+-
+ if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
+ OPENSSL_assert(s->init_num ==
+ (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+@@ -464,20 +462,9 @@ again:
+
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+- s->d1->handshake_read_seq++;
+- /* we just read a handshake message from the other side:
+- * this means that we don't need to retransmit of the
+- * buffered messages.
+- * XDTLS: may be able clear out this
+- * buffer a little sooner (i.e if an out-of-order
+- * handshake message/record is received at the record
+- * layer.
+- * XDTLS: exception is that the server needs to
+- * know that change cipher spec and finished messages
+- * have been received by the client before clearing this
+- * buffer. this can simply be done by waiting for the
+- * first data segment, but is there a better way? */
+- dtls1_clear_record_buffer(s);
++ /* Don't change sequence numbers while listening */
++ if (!s->d1->listen)
++ s->d1->handshake_read_seq++;
+
+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ return s->init_num;
+@@ -806,16 +793,24 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ *ok = 0;
+ return i;
+ }
+- OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
++ /* Handshake fails if message header is incomplete */
++ if (i != DTLS1_HM_HEADER_LENGTH)
++ {
++ al=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
++ goto f_err;
++ }
+
+ /* parse the message fragment header */
+ dtls1_get_message_header(wire, &msg_hdr);
+
+ /*
+ * if this is a future (or stale) message it gets buffered
+- * (or dropped)--no further processing at this time
++ * (or dropped)--no further processing at this time
++ * While listening, we accept seq 1 (ClientHello with cookie)
++ * although we're still expecting seq 0 (ClientHello)
+ */
+- if ( msg_hdr.seq != s->d1->handshake_read_seq)
++ if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
+ return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+
+ len = msg_hdr.msg_len;
+@@ -876,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+
+ /* XDTLS: an incorrectly formatted fragment should cause the
+ * handshake to fail */
+- OPENSSL_assert(i == (int)frag_len);
++ if (i != (int)frag_len)
++ {
++ al=SSL3_AD_ILLEGAL_PARAMETER;
++ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
++ goto f_err;
++ }
+
+ *ok = 1;
+
+@@ -1326,7 +1326,8 @@ unsigned char *
+ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
+ unsigned long len, unsigned long frag_off, unsigned long frag_len)
+ {
+- if ( frag_off == 0)
++ /* Don't change sequence numbers while listening */
++ if (frag_off == 0 && !s->d1->listen)
+ {
+ s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+ s->d1->next_handshake_write_seq++;
+@@ -1379,7 +1380,7 @@ dtls1_write_message_header(SSL *s, unsigned char *
+ return p;
+ }
+
+-static unsigned int
++unsigned int
+ dtls1_min_mtu(void)
+ {
+ return (g_probable_mtu[(sizeof(g_probable_mtu) /
+Index: crypto/openssl/ssl/d1_clnt.c
+===================================================================
+--- crypto/openssl/ssl/d1_clnt.c (revision 248771)
++++ crypto/openssl/ssl/d1_clnt.c (working copy)
+@@ -257,7 +257,6 @@ int dtls1_connect(SSL *s)
+ if (ret <= 0) goto end;
+ else
+ {
+- dtls1_stop_timer(s);
+ if (s->hit)
+ s->state=SSL3_ST_CR_FINISHED_A;
+ else
+@@ -350,6 +349,7 @@ int dtls1_connect(SSL *s)
+ case SSL3_ST_CR_SRVR_DONE_B:
+ ret=ssl3_get_server_done(s);
+ if (ret <= 0) goto end;
++ dtls1_stop_timer(s);
+ if (s->s3->tmp.cert_req)
+ s->state=SSL3_ST_CW_CERT_A;
+ else
+@@ -403,7 +403,8 @@ int dtls1_connect(SSL *s)
+
+ case SSL3_ST_CW_CHANGE_A:
+ case SSL3_ST_CW_CHANGE_B:
+- dtls1_start_timer(s);
++ if (!s->hit)
++ dtls1_start_timer(s);
+ ret=dtls1_send_change_cipher_spec(s,
+ SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+ if (ret <= 0) goto end;
+@@ -438,7 +439,8 @@ int dtls1_connect(SSL *s)
+
+ case SSL3_ST_CW_FINISHED_A:
+ case SSL3_ST_CW_FINISHED_B:
+- dtls1_start_timer(s);
++ if (!s->hit)
++ dtls1_start_timer(s);
+ ret=dtls1_send_finished(s,
+ SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+ s->method->ssl3_enc->client_finished_label,
+Index: crypto/openssl/ssl/d1_enc.c
+===================================================================
+--- crypto/openssl/ssl/d1_enc.c (revision 248771)
++++ crypto/openssl/ssl/d1_enc.c (working copy)
+@@ -126,16 +126,30 @@
+ #include <openssl/des.h>
+ #endif
+
++/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ * an internal error occured. */
+ int dtls1_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i,ii,j,k;
++ int bs,i,j,k,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+ {
++ if (s->write_hash)
++ {
++ mac_size=EVP_MD_size(s->write_hash);
++ if (mac_size < 0)
++ return -1;
++ }
+ ds=s->enc_write_ctx;
+ rec= &(s->s3->wrec);
+ if (s->enc_write_ctx == NULL)
+@@ -156,6 +170,11 @@ int dtls1_enc(SSL *s, int send)
+ }
+ else
+ {
++ if (s->read_hash)
++ {
++ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size >= 0);
++ }
+ ds=s->enc_read_ctx;
+ rec= &(s->s3->rrec);
+ if (s->enc_read_ctx == NULL)
+@@ -220,11 +239,7 @@ int dtls1_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- {
+- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+- }
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -239,43 +254,7 @@ int dtls1_enc(SSL *s, int send)
+ #endif /* KSSL_DEBUG */
+
+ if ((bs != 1) && !send)
+- {
+- ii=i=rec->data[l-1]; /* padding_length */
+- i++;
+- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+- {
+- /* First packet is even in size, so check */
+- if ((memcmp(s->s3->read_sequence,
+- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+- i--;
+- }
+- /* TLS 1.0 does not bound the number of padding bytes by the block size.
+- * All of them must have value 'padding_length'. */
+- if (i > (int)rec->length)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
+- */
+- return -1;
+- }
+- for (j=(int)(l-i); j<(int)l; j++)
+- {
+- if (rec->data[j] != ii)
+- {
+- /* Incorrect padding */
+- return -1;
+- }
+- }
+- rec->length-=i;
+-
+- rec->data += bs; /* skip the implicit IV */
+- rec->input += bs;
+- rec->length -= bs;
+- }
++ return tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return(1);
+ }
+Index: crypto/openssl/ssl/d1_lib.c
+===================================================================
+--- crypto/openssl/ssl/d1_lib.c (revision 248771)
++++ crypto/openssl/ssl/d1_lib.c (working copy)
+@@ -145,26 +145,33 @@ int dtls1_new(SSL *s)
+ return(1);
+ }
+
+-void dtls1_free(SSL *s)
++static void dtls1_clear_queues(SSL *s)
+ {
+ pitem *item = NULL;
+ hm_fragment *frag = NULL;
++ DTLS1_RECORD_DATA *rdata;
+
+- ssl3_free(s);
+-
+ while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
+ {
++ rdata = (DTLS1_RECORD_DATA *) item->data;
++ if (rdata->rbuf.buf)
++ {
++ OPENSSL_free(rdata->rbuf.buf);
++ }
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+- pqueue_free(s->d1->unprocessed_rcds.q);
+
+ while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
+ {
++ rdata = (DTLS1_RECORD_DATA *) item->data;
++ if (rdata->rbuf.buf)
++ {
++ OPENSSL_free(rdata->rbuf.buf);
++ }
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+- pqueue_free(s->d1->processed_rcds.q);
+
+ while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
+ {
+@@ -173,7 +180,6 @@ int dtls1_new(SSL *s)
+ OPENSSL_free(frag);
+ pitem_free(item);
+ }
+- pqueue_free(s->d1->buffered_messages);
+
+ while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
+ {
+@@ -182,15 +188,26 @@ int dtls1_new(SSL *s)
+ OPENSSL_free(frag);
+ pitem_free(item);
+ }
+- pqueue_free(s->d1->sent_messages);
+
+ while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
+- {
++ {
+ frag = (hm_fragment *)item->data;
+ OPENSSL_free(frag->fragment);
+ OPENSSL_free(frag);
+ pitem_free(item);
++ }
+ }
++
++void dtls1_free(SSL *s)
++ {
++ ssl3_free(s);
++
++ dtls1_clear_queues(s);
++
++ pqueue_free(s->d1->unprocessed_rcds.q);
++ pqueue_free(s->d1->processed_rcds.q);
++ pqueue_free(s->d1->buffered_messages);
++ pqueue_free(s->d1->sent_messages);
+ pqueue_free(s->d1->buffered_app_data.q);
+
+ pq_64bit_free(&(s->d1->bitmap.map));
+@@ -204,6 +221,61 @@ int dtls1_new(SSL *s)
+
+ void dtls1_clear(SSL *s)
+ {
++ pqueue unprocessed_rcds;
++ pqueue processed_rcds;
++ pqueue buffered_messages;
++ pqueue sent_messages;
++ pqueue buffered_app_data;
++ unsigned int mtu;
++
++ if (s->d1)
++ {
++ unprocessed_rcds = s->d1->unprocessed_rcds.q;
++ processed_rcds = s->d1->processed_rcds.q;
++ buffered_messages = s->d1->buffered_messages;
++ sent_messages = s->d1->sent_messages;
++ buffered_app_data = s->d1->buffered_app_data.q;
++ mtu = s->d1->mtu;
++
++ dtls1_clear_queues(s);
++
++ pq_64bit_free(&(s->d1->bitmap.map));
++ pq_64bit_free(&(s->d1->bitmap.max_seq_num));
++
++ pq_64bit_free(&(s->d1->next_bitmap.map));
++ pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
++
++ memset(s->d1, 0, sizeof(*(s->d1)));
++
++ if (s->server)
++ {
++ s->d1->cookie_len = sizeof(s->d1->cookie);
++ }
++
++ if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
++ {
++ s->d1->mtu = mtu;
++ }
++
++ s->d1->unprocessed_rcds.q = unprocessed_rcds;
++ s->d1->processed_rcds.q = processed_rcds;
++ s->d1->buffered_messages = buffered_messages;
++ s->d1->sent_messages = sent_messages;
++ s->d1->buffered_app_data.q = buffered_app_data;
++
++#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
++ s->d1->bitmap.length=64;
++#else
++ s->d1->bitmap.length=sizeof(s->d1->bitmap.map) * 8;
++#endif
++ pq_64bit_init(&(s->d1->bitmap.map));
++ pq_64bit_init(&(s->d1->bitmap.max_seq_num));
++
++ s->d1->next_bitmap.length = s->d1->bitmap.length;
++ pq_64bit_init(&(s->d1->next_bitmap.map));
++ pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
++ }
++
+ ssl3_clear(s);
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+@@ -349,35 +421,51 @@ void dtls1_double_timeout(SSL *s)
+ void dtls1_stop_timer(SSL *s)
+ {
+ /* Reset everything */
++ memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
+ memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+ s->d1->timeout_duration = 1;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
++ /* Clear retransmission buffer */
++ dtls1_clear_record_buffer(s);
+ }
+
+-int dtls1_handle_timeout(SSL *s)
++int dtls1_check_timeout_num(SSL *s)
+ {
+- DTLS1_STATE *state;
++ s->d1->timeout.num_alerts++;
+
+- /* if no timer is expired, don't do anything */
+- if (!dtls1_is_timer_expired(s))
++ /* Reduce MTU after 2 unsuccessful retransmissions */
++ if (s->d1->timeout.num_alerts > 2)
+ {
+- return 0;
++ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ }
+
+- dtls1_double_timeout(s);
+- state = s->d1;
+- state->timeout.num_alerts++;
+- if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
++ if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+ {
+ /* fail the connection, enough alerts have been sent */
+- SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
++ SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
++ return -1;
++ }
++
++ return 0;
++ }
++
++int dtls1_handle_timeout(SSL *s)
++ {
++ /* if no timer is expired, don't do anything */
++ if (!dtls1_is_timer_expired(s))
++ {
+ return 0;
+ }
+
+- state->timeout.read_timeouts++;
+- if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
++ dtls1_double_timeout(s);
++
++ if (dtls1_check_timeout_num(s) < 0)
++ return -1;
++
++ s->d1->timeout.read_timeouts++;
++ if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+ {
+- state->timeout.read_timeouts = 1;
++ s->d1->timeout.read_timeouts = 1;
+ }
+
+ dtls1_start_timer(s);
+Index: crypto/openssl/ssl/d1_pkt.c
+===================================================================
+--- crypto/openssl/ssl/d1_pkt.c (revision 248771)
++++ crypto/openssl/ssl/d1_pkt.c (working copy)
+@@ -139,7 +139,6 @@ static int dtls1_process_record(SSL *s);
+ #if PQ_64BIT_IS_INTEGER
+ static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
+ #endif
+-static void dtls1_clear_timeouts(SSL *s);
+
+ /* copy buffered record into SSL structure */
+ static int
+@@ -328,15 +327,13 @@ dtls1_get_buffered_record(SSL *s)
+ static int
+ dtls1_process_record(SSL *s)
+ {
+- int al;
+- int clear=0;
+- int enc_err;
++ int i,al;
++ int enc_err;
+ SSL_SESSION *sess;
+- SSL3_RECORD *rr;
+- unsigned int mac_size;
++ SSL3_RECORD *rr;
++ unsigned int mac_size, orig_len;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+-
+ rr= &(s->s3->rrec);
+ sess = s->session;
+
+@@ -365,15 +362,18 @@ dtls1_process_record(SSL *s)
+
+ /* decrypt in place in 'rr->input' */
+ rr->data=rr->input;
++ orig_len=rr->length;
+
+ enc_err = s->method->ssl3_enc->enc(s,0);
+- if (enc_err <= 0)
++ /* enc_err is:
++ * 0: (in non-constant time) if the record is publically invalid.
++ * 1: if the padding is valid
++ * -1: if the padding is invalid */
++ if (enc_err == 0)
+ {
+- if (enc_err == 0)
+- /* SSLerr() and ssl3_send_alert() have been called */
+- goto err;
+-
+- /* otherwise enc_err == -1 */
++ /* For DTLS we simply ignore bad packets. */
++ rr->length = 0;
++ s->packet_length = 0;
+ goto err;
+ }
+
+@@ -384,44 +384,66 @@ printf("\n");
+ #endif
+
+ /* r->length is now the compressed data plus mac */
+-if ( (sess == NULL) ||
+- (s->enc_read_ctx == NULL) ||
+- (s->read_hash == NULL))
+- clear=1;
+-
+- if (!clear)
++ if ((sess != NULL) &&
++ (s->enc_read_ctx != NULL) &&
++ (s->read_hash != NULL))
+ {
++ /* s->read_hash != NULL => mac_size != -1 */
++ unsigned char *mac = NULL;
++ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++ /* orig_len is the length of the record before any padding was
++ * removed. This is public information, as is the MAC in use,
++ * therefore we can safely process the record in a different
++ * amount of time if it's too short to possibly contain a MAC.
++ */
++ if (orig_len < mac_size ||
++ /* CBC records must have a padding length byte too. */
++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ orig_len < mac_size+1))
+ {
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+- al=SSL_AD_RECORD_OVERFLOW;
+- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+- goto f_err;
+-#else
+- goto err;
+-#endif
+- }
+- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length < mac_size)
+- {
+-#if 0 /* OK only for stream ciphers */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+-#else
+- goto err;
+-#endif
+ }
+- rr->length-=mac_size;
+- s->method->ssl3_enc->mac(s,md,0);
+- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
++
++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ {
+- goto err;
++ /* We update the length so that the TLS header bytes
++ * can be constructed correctly but we need to extract
++ * the MAC in constant time from within the record,
++ * without leaking the contents of the padding bytes.
++ * */
++ mac = mac_tmp;
++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
++ rr->length -= mac_size;
+ }
++ else
++ {
++ /* In this case there's no padding, so |orig_len|
++ * equals |rec->length| and we checked that there's
++ * enough bytes for |mac_size| above. */
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
++ }
++
++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++ enc_err = -1;
++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++ enc_err = -1;
+ }
+
++ if (enc_err < 0)
++ {
++ /* decryption failed, silently discard message */
++ rr->length = 0;
++ s->packet_length = 0;
++ goto err;
++ }
++
+ /* r->length is now just compressed */
+ if (s->expand != NULL)
+ {
+@@ -615,10 +637,12 @@ again:
+
+ /* If this record is from the next epoch (either HM or ALERT),
+ * and a handshake is currently in progress, buffer it since it
+- * cannot be processed at this time. */
++ * cannot be processed at this time. However, do not buffer
++ * anything while listening.
++ */
+ if (is_next_epoch)
+ {
+- if (SSL_in_init(s) || s->in_handshake)
++ if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
+ {
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
+ }
+@@ -634,7 +658,6 @@ again:
+ goto again; /* get another record */
+ }
+
+- dtls1_clear_timeouts(s); /* done waiting */
+ return(1);
+
+ }
+@@ -1103,6 +1126,9 @@ start:
+ */
+ if (msg_hdr.type == SSL3_MT_FINISHED)
+ {
++ if (dtls1_check_timeout_num(s) < 0)
++ return -1;
++
+ dtls1_retransmit_buffered_messages(s);
+ rr->length = 0;
+ goto start;
+@@ -1806,10 +1832,3 @@ bytes_to_long_long(unsigned char *bytes, PQ_64BIT
+ return _num;
+ }
+ #endif
+-
+-
+-static void
+-dtls1_clear_timeouts(SSL *s)
+- {
+- memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
+- }
+Index: crypto/openssl/ssl/d1_srvr.c
+===================================================================
+--- crypto/openssl/ssl/d1_srvr.c (revision 248771)
++++ crypto/openssl/ssl/d1_srvr.c (working copy)
+@@ -148,6 +148,7 @@ int dtls1_accept(SSL *s)
+ void (*cb)(const SSL *ssl,int type,int val)=NULL;
+ int ret= -1;
+ int new_state,state,skip=0;
++ int listen;
+
+ RAND_add(&Time,sizeof(Time),0);
+ ERR_clear_error();
+@@ -157,11 +158,15 @@ int dtls1_accept(SSL *s)
+ cb=s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb=s->ctx->info_callback;
++
++ listen = s->d1->listen;
+
+ /* init things to blank */
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+
++ s->d1->listen = listen;
++
+ if (s->cert == NULL)
+ {
+ SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+@@ -271,11 +276,23 @@ int dtls1_accept(SSL *s)
+
+ s->init_num=0;
+
++ /* Reflect ClientHello sequence to remain stateless while listening */
++ if (listen)
++ {
++ memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
++ }
++
+ /* If we're just listening, stop here */
+- if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
++ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+ {
+ ret = 2;
+ s->d1->listen = 0;
++ /* Set expected sequence numbers
++ * to continue the handshake.
++ */
++ s->d1->handshake_read_seq = 2;
++ s->d1->handshake_write_seq = 1;
++ s->d1->next_handshake_write_seq = 1;
+ goto end;
+ }
+
+@@ -284,7 +301,6 @@ int dtls1_accept(SSL *s)
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+
+- dtls1_start_timer(s);
+ ret = dtls1_send_hello_verify_request(s);
+ if ( ret <= 0) goto end;
+ s->state=SSL3_ST_SW_FLUSH;
+@@ -457,15 +473,16 @@ int dtls1_accept(SSL *s)
+ ret = ssl3_check_client_hello(s);
+ if (ret <= 0)
+ goto end;
+- dtls1_stop_timer(s);
+ if (ret == 2)
++ {
++ dtls1_stop_timer(s);
+ s->state = SSL3_ST_SR_CLNT_HELLO_C;
++ }
+ else {
+ /* could be sent for a DH cert, even if we
+ * have not asked for it :-) */
+ ret=ssl3_get_client_certificate(s);
+ if (ret <= 0) goto end;
+- dtls1_stop_timer(s);
+ s->init_num=0;
+ s->state=SSL3_ST_SR_KEY_EXCH_A;
+ }
+@@ -475,7 +492,6 @@ int dtls1_accept(SSL *s)
+ case SSL3_ST_SR_KEY_EXCH_B:
+ ret=ssl3_get_client_key_exchange(s);
+ if (ret <= 0) goto end;
+- dtls1_stop_timer(s);
+ s->state=SSL3_ST_SR_CERT_VRFY_A;
+ s->init_num=0;
+
+@@ -497,7 +513,6 @@ int dtls1_accept(SSL *s)
+ /* we should decide if we expected this one */
+ ret=ssl3_get_cert_verify(s);
+ if (ret <= 0) goto end;
+- dtls1_stop_timer(s);
+
+ s->state=SSL3_ST_SR_FINISHED_A;
+ s->init_num=0;
+@@ -713,9 +728,6 @@ int dtls1_send_hello_verify_request(SSL *s)
+ /* number of bytes to write */
+ s->init_num=p-buf;
+ s->init_off=0;
+-
+- /* buffer the message to handle re-xmits */
+- dtls1_buffer_message(s, 0);
+ }
+
+ /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+@@ -736,7 +748,7 @@ int dtls1_send_server_hello(SSL *s)
+ p=s->s3->server_random;
+ Time=(unsigned long)time(NULL); /* Time */
+ l2n(Time,p);
+- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
++ RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+ /* Do the message type and length last */
+ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c (revision 248771)
++++ crypto/openssl/ssl/s2_clnt.c (working copy)
+@@ -935,7 +935,7 @@ static int get_server_verify(SSL *s)
+ s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
+ p += 1;
+
+- if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
++ if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+Index: crypto/openssl/ssl/s2_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s2_pkt.c (revision 248771)
++++ crypto/openssl/ssl/s2_pkt.c (working copy)
+@@ -267,8 +267,7 @@ static int ssl2_read_internal(SSL *s, void *buf, i
+ s->s2->ract_data_length-=mac_size;
+ ssl2_mac(s,mac,0);
+ s->s2->ract_data_length-=s->s2->padding;
+- if ( (memcmp(mac,s->s2->mac_data,
+- (unsigned int)mac_size) != 0) ||
++ if ( (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
+ (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c (revision 248771)
++++ crypto/openssl/ssl/s2_srvr.c (working copy)
+@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
+ p+=3;
+ n2s(p,i); s->s2->tmp.clear=i;
+ n2s(p,i); s->s2->tmp.enc=i;
+- n2s(p,i); s->session->key_arg_length=i;
+- if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
++ n2s(p,i);
++ if(i > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
++ s->session->key_arg_length=i;
+ s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+ }
+
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c (revision 248771)
++++ crypto/openssl/ssl/s3_both.c (working copy)
+@@ -242,7 +242,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
+ goto f_err;
+ }
+
+- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
++ if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+ {
+ al=SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+Index: crypto/openssl/ssl/s3_cbc.c
+===================================================================
+--- crypto/openssl/ssl/s3_cbc.c (revision 0)
++++ crypto/openssl/ssl/s3_cbc.c (working copy)
+@@ -0,0 +1,762 @@
++/* ssl/s3_cbc.c */
++/* ====================================================================
++ * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include "ssl_locl.h"
++
++#include <openssl/md5.h>
++#include <openssl/sha.h>
++
++/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
++ * field. (SHA-384/512 have 128-bit length.) */
++#define MAX_HASH_BIT_COUNT_BYTES 16
++
++/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
++ * Currently SHA-384/512 has a 128-byte block size and that's the largest
++ * supported by TLS.) */
++#define MAX_HASH_BLOCK_SIZE 128
++
++/* Some utility functions are needed:
++ *
++ * These macros return the given value with the MSB copied to all the other
++ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
++ * However, this is not ensured by the C standard so you may need to replace
++ * them with something else on odd CPUs. */
++#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
++#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
++
++/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
++static unsigned constant_time_ge(unsigned a, unsigned b)
++ {
++ a -= b;
++ return DUPLICATE_MSB_TO_ALL(~a);
++ }
++
++/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
++static unsigned char constant_time_eq_8(unsigned char a, unsigned char b)
++ {
++ unsigned c = a ^ b;
++ c--;
++ return DUPLICATE_MSB_TO_ALL_8(c);
++ }
++
++/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
++ * record in |rec| by updating |rec->length| in constant time.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ * 0: (in non-constant time) if the record is publicly invalid.
++ * 1: if the padding was valid
++ * -1: otherwise. */
++int ssl3_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size)
++ {
++ unsigned padding_length, good;
++ const unsigned overhead = 1 /* padding length byte */ + mac_size;
++
++ /* These lengths are all public so we can test them in non-constant
++ * time. */
++ if (overhead > rec->length)
++ return 0;
++
++ padding_length = rec->data[rec->length-1];
++ good = constant_time_ge(rec->length, padding_length+overhead);
++ /* SSLv3 requires that the padding is minimal. */
++ good &= constant_time_ge(block_size, padding_length+1);
++ padding_length = good & (padding_length+1);
++ rec->length -= padding_length;
++ rec->type |= padding_length<<8; /* kludge: pass padding length */
++ return (int)((good & 1) | (~good & -1));
++}
++
++/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
++ * record in |rec| in constant time and returns 1 if the padding is valid and
++ * -1 otherwise. It also removes any explicit IV from the start of the record
++ * without leaking any timing about whether there was enough space after the
++ * padding was removed.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ * 0: (in non-constant time) if the record is publicly invalid.
++ * 1: if the padding was valid
++ * -1: otherwise. */
++int tls1_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size)
++ {
++ unsigned padding_length, good, to_check, i;
++ const char has_explicit_iv = s->version == DTLS1_VERSION;
++ const unsigned overhead = 1 /* padding length byte */ +
++ mac_size +
++ (has_explicit_iv ? block_size : 0);
++
++ /* These lengths are all public so we can test them in non-constant
++ * time. */
++ if (overhead > rec->length)
++ return 0;
++
++ padding_length = rec->data[rec->length-1];
++
++ /* NB: if compression is in operation the first packet may not be of
++ * even length so the padding bug check cannot be performed. This bug
++ * workaround has been around since SSLeay so hopefully it is either
++ * fixed now or no buggy implementation supports compression [steve]
++ */
++ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
++ {
++ /* First packet is even in size, so check */
++ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
++ !(padding_length & 1))
++ {
++ s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
++ }
++ if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
++ padding_length > 0)
++ {
++ padding_length--;
++ }
++ }
++
++ good = constant_time_ge(rec->length, overhead+padding_length);
++ /* The padding consists of a length byte at the end of the record and
++ * then that many bytes of padding, all with the same value as the
++ * length byte. Thus, with the length byte included, there are i+1
++ * bytes of padding.
++ *
++ * We can't check just |padding_length+1| bytes because that leaks
++ * decrypted information. Therefore we always have to check the maximum
++ * amount of padding possible. (Again, the length of the record is
++ * public information so we can use it.) */
++ to_check = 255; /* maximum amount of padding. */
++ if (to_check > rec->length-1)
++ to_check = rec->length-1;
++
++ for (i = 0; i < to_check; i++)
++ {
++ unsigned char mask = constant_time_ge(padding_length, i);
++ unsigned char b = rec->data[rec->length-1-i];
++ /* The final |padding_length+1| bytes should all have the value
++ * |padding_length|. Therefore the XOR should be zero. */
++ good &= ~(mask&(padding_length ^ b));
++ }
++
++ /* If any of the final |padding_length+1| bytes had the wrong value,
++ * one or more of the lower eight bits of |good| will be cleared. We
++ * AND the bottom 8 bits together and duplicate the result to all the
++ * bits. */
++ good &= good >> 4;
++ good &= good >> 2;
++ good &= good >> 1;
++ good <<= sizeof(good)*8-1;
++ good = DUPLICATE_MSB_TO_ALL(good);
++
++ padding_length = good & (padding_length+1);
++ rec->length -= padding_length;
++ rec->type |= padding_length<<8; /* kludge: pass padding length */
++
++ /* We can always safely skip the explicit IV. We check at the beginning
++ * of this function that the record has at least enough space for the
++ * IV, MAC and padding length byte. (These can be checked in
++ * non-constant time because it's all public information.) So, if the
++ * padding was invalid, then we didn't change |rec->length| and this is
++ * safe. If the padding was valid then we know that we have at least
++ * overhead+padding_length bytes of space and so this is still safe
++ * because overhead accounts for the explicit IV. */
++ if (has_explicit_iv)
++ {
++ rec->data += block_size;
++ rec->input += block_size;
++ rec->length -= block_size;
++ }
++
++ return (int)((good & 1) | (~good & -1));
++ }
++
++#if defined(_M_AMD64) || defined(__x86_64__)
++#define CBC_MAC_ROTATE_IN_PLACE
++#endif
++
++/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
++ * constant time (independent of the concrete value of rec->length, which may
++ * vary within a 256-byte window).
++ *
++ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
++ * this function.
++ *
++ * On entry:
++ * rec->orig_len >= md_size
++ * md_size <= EVP_MAX_MD_SIZE
++ *
++ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
++ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
++ * a single cache-line, then the variable memory accesses don't actually affect
++ * the timing. This has been tested to be true on Intel amd64 chips.
++ */
++void ssl3_cbc_copy_mac(unsigned char* out,
++ const SSL3_RECORD *rec,
++ unsigned md_size,unsigned orig_len)
++ {
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2];
++ unsigned char *rotated_mac;
++#else
++ unsigned char rotated_mac[EVP_MAX_MD_SIZE];
++#endif
++
++ /* mac_end is the index of |rec->data| just after the end of the MAC. */
++ unsigned mac_end = rec->length;
++ unsigned mac_start = mac_end - md_size;
++ /* scan_start contains the number of bytes that we can ignore because
++ * the MAC's position can only vary by 255 bytes. */
++ unsigned scan_start = 0;
++ unsigned i, j;
++ unsigned div_spoiler;
++ unsigned rotate_offset;
++
++ OPENSSL_assert(orig_len >= md_size);
++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63);
++#endif
++
++ /* This information is public so it's safe to branch based on it. */
++ if (orig_len > md_size + 255 + 1)
++ scan_start = orig_len - (md_size + 255 + 1);
++ /* div_spoiler contains a multiple of md_size that is used to cause the
++ * modulo operation to be constant time. Without this, the time varies
++ * based on the amount of padding when running on Intel chips at least.
++ *
++ * The aim of right-shifting md_size is so that the compiler doesn't
++ * figure out that it can remove div_spoiler as that would require it
++ * to prove that md_size is always even, which I hope is beyond it. */
++ div_spoiler = md_size >> 1;
++ div_spoiler <<= (sizeof(div_spoiler)-1)*8;
++ rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
++
++ memset(rotated_mac, 0, md_size);
++ for (i = scan_start; i < orig_len;)
++ {
++ for (j = 0; j < md_size && i < orig_len; i++, j++)
++ {
++ unsigned char mac_started = constant_time_ge(i, mac_start);
++ unsigned char mac_ended = constant_time_ge(i, mac_end);
++ unsigned char b = 0;
++ b = rec->data[i];
++ rotated_mac[j] |= b & mac_started & ~mac_ended;
++ }
++ }
++
++ /* Now rotate the MAC */
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++ j = 0;
++ for (i = 0; i < md_size; i++)
++ {
++ unsigned char offset = (div_spoiler + rotate_offset + i) % md_size;
++ out[j++] = rotated_mac[offset];
++ }
++#else
++ memset(out, 0, md_size);
++ for (i = 0; i < md_size; i++)
++ {
++ unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
++ for (j = 0; j < md_size; j++)
++ out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset);
++ }
++#endif
++ }
++
++/* These functions serialize the state of a hash and thus perform the standard
++ * "final" operation without adding the padding and length that such a function
++ * typically does. */
++static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
++ {
++ MD5_CTX *md5 = ctx;
++ l2n(md5->A, md_out);
++ l2n(md5->B, md_out);
++ l2n(md5->C, md_out);
++ l2n(md5->D, md_out);
++ }
++
++static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA_CTX *sha1 = ctx;
++ l2n(sha1->h0, md_out);
++ l2n(sha1->h1, md_out);
++ l2n(sha1->h2, md_out);
++ l2n(sha1->h3, md_out);
++ l2n(sha1->h4, md_out);
++ }
++#define LARGEST_DIGEST_CTX SHA_CTX
++
++#ifndef OPENSSL_NO_SHA256
++static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA256_CTX *sha256 = ctx;
++ unsigned i;
++
++ for (i = 0; i < 8; i++)
++ {
++ l2n(sha256->h[i], md_out);
++ }
++ }
++#undef LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA256_CTX
++#endif
++
++#ifndef OPENSSL_NO_SHA512
++static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
++ {
++ SHA512_CTX *sha512 = ctx;
++ unsigned i;
++
++ for (i = 0; i < 8; i++)
++ {
++ l2n8(sha512->h[i], md_out);
++ }
++ }
++#undef LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA512_CTX
++#endif
++
++/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
++ * which ssl3_cbc_digest_record supports. */
++char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
++ {
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode())
++ return 0;
++#endif
++ switch (EVP_MD_type(digest))
++ {
++ case NID_md5:
++ case NID_sha1:
++#ifndef OPENSSL_NO_SHA256
++ case NID_sha224:
++ case NID_sha256:
++#endif
++#ifndef OPENSSL_NO_SHA512
++ case NID_sha384:
++ case NID_sha512:
++#endif
++ return 1;
++ default:
++ return 0;
++ }
++ }
++
++/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
++ * record.
++ *
++ * ctx: the EVP_MD_CTX from which we take the hash function.
++ * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
++ * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
++ * md_out_size: if non-NULL, the number of output bytes is written here.
++ * header: the 13-byte, TLS record header.
++ * data: the record data itself, less any preceeding explicit IV.
++ * data_plus_mac_size: the secret, reported length of the data and MAC
++ * once the padding has been removed.
++ * data_plus_mac_plus_padding_size: the public length of the whole
++ * record, including padding.
++ * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
++ *
++ * On entry: by virtue of having been through one of the remove_padding
++ * functions, above, we know that data_plus_mac_size is large enough to contain
++ * a padding byte and MAC. (If the padding was invalid, it might contain the
++ * padding too. ) */
++void ssl3_cbc_digest_record(
++ const EVP_MD *digest,
++ unsigned char* md_out,
++ size_t* md_out_size,
++ const unsigned char header[13],
++ const unsigned char *data,
++ size_t data_plus_mac_size,
++ size_t data_plus_mac_plus_padding_size,
++ const unsigned char *mac_secret,
++ unsigned mac_secret_length,
++ char is_sslv3)
++ {
++ union { double align;
++ unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
++ void (*md_final_raw)(void *ctx, unsigned char *md_out);
++ void (*md_transform)(void *ctx, const unsigned char *block);
++ unsigned md_size, md_block_size = 64;
++ unsigned sslv3_pad_length = 40, header_length, variance_blocks,
++ len, max_mac_bytes, num_blocks,
++ num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
++ unsigned int bits; /* at most 18 bits */
++ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
++ /* hmac_pad is the masked HMAC key. */
++ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
++ unsigned char first_block[MAX_HASH_BLOCK_SIZE];
++ unsigned char mac_out[EVP_MAX_MD_SIZE];
++ unsigned i, j, md_out_size_u;
++ EVP_MD_CTX md_ctx;
++ /* mdLengthSize is the number of bytes in the length field that terminates
++ * the hash. */
++ unsigned md_length_size = 8;
++
++ /* This is a, hopefully redundant, check that allows us to forget about
++ * many possible overflows later in this function. */
++ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
++
++ switch (EVP_MD_type(digest))
++ {
++ case NID_md5:
++ MD5_Init((MD5_CTX*)md_state.c);
++ md_final_raw = tls1_md5_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
++ md_size = 16;
++ sslv3_pad_length = 48;
++ break;
++ case NID_sha1:
++ SHA1_Init((SHA_CTX*)md_state.c);
++ md_final_raw = tls1_sha1_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
++ md_size = 20;
++ break;
++#ifndef OPENSSL_NO_SHA256
++ case NID_sha224:
++ SHA224_Init((SHA256_CTX*)md_state.c);
++ md_final_raw = tls1_sha256_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++ md_size = 224/8;
++ break;
++ case NID_sha256:
++ SHA256_Init((SHA256_CTX*)md_state.c);
++ md_final_raw = tls1_sha256_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++ md_size = 32;
++ break;
++#endif
++#ifndef OPENSSL_NO_SHA512
++ case NID_sha384:
++ SHA384_Init((SHA512_CTX*)md_state.c);
++ md_final_raw = tls1_sha512_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++ md_size = 384/8;
++ md_block_size = 128;
++ md_length_size = 16;
++ break;
++ case NID_sha512:
++ SHA512_Init((SHA512_CTX*)md_state.c);
++ md_final_raw = tls1_sha512_final_raw;
++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++ md_size = 64;
++ md_block_size = 128;
++ md_length_size = 16;
++ break;
++#endif
++ default:
++ /* ssl3_cbc_record_digest_supported should have been
++ * called first to check that the hash function is
++ * supported. */
++ OPENSSL_assert(0);
++ if (md_out_size)
++ *md_out_size = -1;
++ return;
++ }
++
++ OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
++ OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++ header_length = 13;
++ if (is_sslv3)
++ {
++ header_length =
++ mac_secret_length +
++ sslv3_pad_length +
++ 8 /* sequence number */ +
++ 1 /* record type */ +
++ 2 /* record length */;
++ }
++
++ /* variance_blocks is the number of blocks of the hash that we have to
++ * calculate in constant time because they could be altered by the
++ * padding value.
++ *
++ * In SSLv3, the padding must be minimal so the end of the plaintext
++ * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
++ * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
++ * termination (0x80 + 64-bit length) don't fit in the final block, we
++ * say that the final two blocks can vary based on the padding.
++ *
++ * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
++ * required to be minimal. Therefore we say that the final six blocks
++ * can vary based on the padding.
++ *
++ * Later in the function, if the message is short and there obviously
++ * cannot be this many blocks then variance_blocks can be reduced. */
++ variance_blocks = is_sslv3 ? 2 : 6;
++ /* From now on we're dealing with the MAC, which conceptually has 13
++ * bytes of `header' before the start of the data (TLS) or 71/75 bytes
++ * (SSLv3) */
++ len = data_plus_mac_plus_padding_size + header_length;
++ /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
++ * |header|, assuming that there's no padding. */
++ max_mac_bytes = len - md_size - 1;
++ /* num_blocks is the maximum number of hash blocks. */
++ num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
++ /* In order to calculate the MAC in constant time we have to handle
++ * the final blocks specially because the padding value could cause the
++ * end to appear somewhere in the final |variance_blocks| blocks and we
++ * can't leak where. However, |num_starting_blocks| worth of data can
++ * be hashed right away because no padding value can affect whether
++ * they are plaintext. */
++ num_starting_blocks = 0;
++ /* k is the starting byte offset into the conceptual header||data where
++ * we start processing. */
++ k = 0;
++ /* mac_end_offset is the index just past the end of the data to be
++ * MACed. */
++ mac_end_offset = data_plus_mac_size + header_length - md_size;
++ /* c is the index of the 0x80 byte in the final hash block that
++ * contains application data. */
++ c = mac_end_offset % md_block_size;
++ /* index_a is the hash block number that contains the 0x80 terminating
++ * value. */
++ index_a = mac_end_offset / md_block_size;
++ /* index_b is the hash block number that contains the 64-bit hash
++ * length, in bits. */
++ index_b = (mac_end_offset + md_length_size) / md_block_size;
++ /* bits is the hash-length in bits. It includes the additional hash
++ * block for the masked HMAC key, or whole of |header| in the case of
++ * SSLv3. */
++
++ /* For SSLv3, if we're going to have any starting blocks then we need
++ * at least two because the header is larger than a single block. */
++ if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
++ {
++ num_starting_blocks = num_blocks - variance_blocks;
++ k = md_block_size*num_starting_blocks;
++ }
++
++ bits = 8*mac_end_offset;
++ if (!is_sslv3)
++ {
++ /* Compute the initial HMAC block. For SSLv3, the padding and
++ * secret bytes are included in |header| because they take more
++ * than a single block. */
++ bits += 8*md_block_size;
++ memset(hmac_pad, 0, md_block_size);
++ OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
++ memcpy(hmac_pad, mac_secret, mac_secret_length);
++ for (i = 0; i < md_block_size; i++)
++ hmac_pad[i] ^= 0x36;
++
++ md_transform(md_state.c, hmac_pad);
++ }
++
++ memset(length_bytes,0,md_length_size-4);
++ length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
++ length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
++ length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
++ length_bytes[md_length_size-1] = (unsigned char)bits;
++
++ if (k > 0)
++ {
++ if (is_sslv3)
++ {
++ /* The SSLv3 header is larger than a single block.
++ * overhang is the number of bytes beyond a single
++ * block that the header consumes: either 7 bytes
++ * (SHA1) or 11 bytes (MD5). */
++ unsigned overhang = header_length-md_block_size;
++ md_transform(md_state.c, header);
++ memcpy(first_block, header + md_block_size, overhang);
++ memcpy(first_block + overhang, data, md_block_size-overhang);
++ md_transform(md_state.c, first_block);
++ for (i = 1; i < k/md_block_size - 1; i++)
++ md_transform(md_state.c, data + md_block_size*i - overhang);
++ }
++ else
++ {
++ /* k is a multiple of md_block_size. */
++ memcpy(first_block, header, 13);
++ memcpy(first_block+13, data, md_block_size-13);
++ md_transform(md_state.c, first_block);
++ for (i = 1; i < k/md_block_size; i++)
++ md_transform(md_state.c, data + md_block_size*i - 13);
++ }
++ }
++
++ memset(mac_out, 0, sizeof(mac_out));
++
++ /* We now process the final hash blocks. For each block, we construct
++ * it in constant time. If the |i==index_a| then we'll include the 0x80
++ * bytes and zero pad etc. For each block we selectively copy it, in
++ * constant time, to |mac_out|. */
++ for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
++ {
++ unsigned char block[MAX_HASH_BLOCK_SIZE];
++ unsigned char is_block_a = constant_time_eq_8(i, index_a);
++ unsigned char is_block_b = constant_time_eq_8(i, index_b);
++ for (j = 0; j < md_block_size; j++)
++ {
++ unsigned char b = 0, is_past_c, is_past_cp1;
++ if (k < header_length)
++ b = header[k];
++ else if (k < data_plus_mac_plus_padding_size + header_length)
++ b = data[k-header_length];
++ k++;
++
++ is_past_c = is_block_a & constant_time_ge(j, c);
++ is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
++ /* If this is the block containing the end of the
++ * application data, and we are at the offset for the
++ * 0x80 value, then overwrite b with 0x80. */
++ b = (b&~is_past_c) | (0x80&is_past_c);
++ /* If this the the block containing the end of the
++ * application data and we're past the 0x80 value then
++ * just write zero. */
++ b = b&~is_past_cp1;
++ /* If this is index_b (the final block), but not
++ * index_a (the end of the data), then the 64-bit
++ * length didn't fit into index_a and we're having to
++ * add an extra block of zeros. */
++ b &= ~is_block_b | is_block_a;
++
++ /* The final bytes of one of the blocks contains the
++ * length. */
++ if (j >= md_block_size - md_length_size)
++ {
++ /* If this is index_b, write a length byte. */
++ b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
++ }
++ block[j] = b;
++ }
++
++ md_transform(md_state.c, block);
++ md_final_raw(md_state.c, block);
++ /* If this is index_b, copy the hash value to |mac_out|. */
++ for (j = 0; j < md_size; j++)
++ mac_out[j] |= block[j]&is_block_b;
++ }
++
++ EVP_MD_CTX_init(&md_ctx);
++ EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
++ if (is_sslv3)
++ {
++ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
++ memset(hmac_pad, 0x5c, sslv3_pad_length);
++
++ EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
++ EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
++ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++ }
++ else
++ {
++ /* Complete the HMAC in the standard manner. */
++ for (i = 0; i < md_block_size; i++)
++ hmac_pad[i] ^= 0x6a;
++
++ EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
++ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++ }
++ EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
++ if (md_out_size)
++ *md_out_size = md_out_size_u;
++ EVP_MD_CTX_cleanup(&md_ctx);
++ }
++
++#ifdef OPENSSL_FIPS
++
++/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
++ * we can ensure the number of blocks processed is equal for all cases
++ * by digesting additional data.
++ */
++
++void tls_fips_digest_extra(
++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++ const unsigned char *data, size_t data_len, size_t orig_len)
++ {
++ size_t block_size, digest_pad, blocks_data, blocks_orig;
++ if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
++ return;
++ block_size = EVP_MD_block_size(hash);
++ /* We are in FIPS mode if we get this far so we know we have only SHA*
++ * digests and TLS to deal with.
++ * Minimum digest padding length is 17 for SHA384/SHA512 and 9
++ * otherwise.
++ * Additional header is 13 bytes. To get the number of digest blocks
++ * processed round up the amount of data plus padding to the nearest
++ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
++ * So we have:
++ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
++ * equivalently:
++ * blocks = (payload_len + digest_pad + 12)/block_size + 1
++ * HMAC adds a constant overhead.
++ * We're ultimately only interested in differences so this becomes
++ * blocks = (payload_len + 29)/128
++ * for SHA384/SHA512 and
++ * blocks = (payload_len + 21)/64
++ * otherwise.
++ */
++ digest_pad = block_size == 64 ? 21 : 29;
++ blocks_orig = (orig_len + digest_pad)/block_size;
++ blocks_data = (data_len + digest_pad)/block_size;
++ /* MAC enough blocks to make up the difference between the original
++ * and actual lengths plus one extra block to ensure this is never a
++ * no op. The "data" pointer should always have enough space to
++ * perform this operation as it is large enough for a maximum
++ * length TLS buffer.
++ */
++ HMAC_Update(hctx, data,
++ (blocks_orig - blocks_data + 1) * block_size);
++ }
++#endif
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c (revision 248771)
++++ crypto/openssl/ssl/s3_clnt.c (working copy)
+@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
+ ret=ssl3_get_server_hello(s);
+ if (ret <= 0) goto end;
+ if (s->hit)
++ {
+ s->state=SSL3_ST_CR_FINISHED_A;
++#ifndef OPENSSL_NO_TLSEXT
++ if (s->tlsext_ticket_expected)
++ {
++ /* receive renewed session ticket */
++ s->state=SSL3_ST_CR_SESSION_TICKET_A;
++ }
++#endif
++ }
+ else
+ s->state=SSL3_ST_CR_CERT_A;
+ s->init_num=0;
+@@ -878,7 +887,7 @@ int ssl3_get_server_hello(SSL *s)
+ /* wrong packet length */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
+- goto err;
++ goto f_err;
+ }
+
+ return(1);
+@@ -1713,7 +1722,7 @@ int ssl3_get_new_session_ticket(SSL *s)
+ if (n < 6)
+ {
+ /* need at least ticket_lifetime_hint + ticket length */
+- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+@@ -1724,7 +1733,7 @@ int ssl3_get_new_session_ticket(SSL *s)
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n)
+ {
+- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c (revision 248771)
++++ crypto/openssl/ssl/s3_enc.c (working copy)
+@@ -433,12 +433,21 @@ void ssl3_cleanup_key_block(SSL *s)
+ s->s3->tmp.key_block_length=0;
+ }
+
++/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding is invalid or, if sending, an internal error
++ * occured.
++ */
+ int ssl3_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i;
++ int bs,i,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+@@ -489,32 +498,17 @@ int ssl3_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- {
+- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+- }
+ /* otherwise, rec->length >= bs */
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+
++ if (s->read_hash != NULL)
++ mac_size = EVP_MD_size(s->read_hash);
++
+ if ((bs != 1) && !send)
+- {
+- i=rec->data[l-1]+1;
+- /* SSL 3.0 bounds the number of padding bytes by the block size;
+- * padding bytes (except the last one) are arbitrary */
+- if (i > bs)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+- return -1;
+- }
+- /* now i <= bs <= rec->length */
+- rec->length-=i;
+- }
++ return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return(1);
+ }
+@@ -591,7 +585,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ EVP_MD_CTX md_ctx;
+ const EVP_MD *hash;
+ unsigned char *p,rec_char;
+- unsigned int md_size;
++ size_t md_size, orig_len;
+ int npad;
+
+ if (send)
+@@ -612,29 +606,73 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ md_size=EVP_MD_size(hash);
+ npad=(48/md_size)*md_size;
+
+- /* Chop the digest off the end :-) */
+- EVP_MD_CTX_init(&md_ctx);
++ /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++ rec->type &= 0xff;
+
+- EVP_DigestInit_ex( &md_ctx,hash, NULL);
+- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+- EVP_DigestUpdate(&md_ctx,seq,8);
+- rec_char=rec->type;
+- EVP_DigestUpdate(&md_ctx,&rec_char,1);
+- p=md;
+- s2n(rec->length,p);
+- EVP_DigestUpdate(&md_ctx,md,2);
+- EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+- EVP_DigestFinal_ex( &md_ctx,md,NULL);
++ if (!send &&
++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ ssl3_cbc_record_digest_supported(hash))
++ {
++ /* This is a CBC-encrypted record. We must avoid leaking any
++ * timing-side channel information about how many blocks of
++ * data we are hashing because that gives an attacker a
++ * timing-oracle. */
+
+- EVP_DigestInit_ex( &md_ctx,hash, NULL);
+- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+- EVP_DigestUpdate(&md_ctx,md,md_size);
+- EVP_DigestFinal_ex( &md_ctx,md,&md_size);
++ /* npad is, at most, 48 bytes and that's with MD5:
++ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
++ *
++ * With SHA-1 (the largest hash speced for SSLv3) the hash size
++ * goes up 4, but npad goes down by 8, resulting in a smaller
++ * total size. */
++ unsigned char header[75];
++ unsigned j = 0;
++ memcpy(header+j, mac_sec, md_size);
++ j += md_size;
++ memcpy(header+j, ssl3_pad_1, npad);
++ j += npad;
++ memcpy(header+j, seq, 8);
++ j += 8;
++ header[j++] = rec->type;
++ header[j++] = rec->length >> 8;
++ header[j++] = rec->length & 0xff;
+
+- EVP_MD_CTX_cleanup(&md_ctx);
++ ssl3_cbc_digest_record(
++ hash,
++ md, &md_size,
++ header, rec->input,
++ rec->length + md_size, orig_len,
++ mac_sec, md_size,
++ 1 /* is SSLv3 */);
++ }
++ else
++ {
++ unsigned int md_size_u;
++ /* Chop the digest off the end :-) */
++ EVP_MD_CTX_init(&md_ctx);
+
++ EVP_DigestInit_ex( &md_ctx,hash, NULL);
++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++ EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
++ EVP_DigestUpdate(&md_ctx,seq,8);
++ rec_char=rec->type;
++ EVP_DigestUpdate(&md_ctx,&rec_char,1);
++ p=md;
++ s2n(rec->length,p);
++ EVP_DigestUpdate(&md_ctx,md,2);
++ EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
++ EVP_DigestFinal_ex( &md_ctx,md,NULL);
++
++ EVP_DigestInit_ex( &md_ctx,hash, NULL);
++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++ EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
++ EVP_DigestUpdate(&md_ctx,md,md_size);
++ EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
++ md_size = md_size_u;
++
++ EVP_MD_CTX_cleanup(&md_ctx);
++ }
++
+ ssl3_record_sequence_update(seq);
+ return(md_size);
+ }
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c (revision 248771)
++++ crypto/openssl/ssl/s3_lib.c (working copy)
+@@ -2641,4 +2641,3 @@ need to go to SSL_ST_ACCEPT.
+ }
+ return(ret);
+ }
+-
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s3_pkt.c (revision 248771)
++++ crypto/openssl/ssl/s3_pkt.c (working copy)
+@@ -246,11 +246,8 @@ static int ssl3_get_record(SSL *s)
+ unsigned char *p;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ short version;
+- unsigned int mac_size;
+- int clear=0;
++ unsigned mac_size, orig_len;
+ size_t extra;
+- int decryption_failed_or_bad_record_mac = 0;
+- unsigned char *mac = NULL;
+
+ rr= &(s->s3->rrec);
+ sess=s->session;
+@@ -354,19 +351,18 @@ again:
+
+ /* decrypt in place in 'rr->input' */
+ rr->data=rr->input;
++ orig_len=rr->length;
+
+ enc_err = s->method->ssl3_enc->enc(s,0);
+- if (enc_err <= 0)
++ /* enc_err is:
++ * 0: (in non-constant time) if the record is publically invalid.
++ * 1: if the padding is valid
++ * -1: if the padding is invalid */
++ if (enc_err == 0)
+ {
+- if (enc_err == 0)
+- /* SSLerr() and ssl3_send_alert() have been called */
+- goto err;
+-
+- /* Otherwise enc_err == -1, which indicates bad padding
+- * (rec->length has not been changed in this case).
+- * To minimize information leaked via timing, we will perform
+- * the MAC computation anyway. */
+- decryption_failed_or_bad_record_mac = 1;
++ al=SSL_AD_DECRYPTION_FAILED;
++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++ goto f_err;
+ }
+
+ #ifdef TLS_DEBUG
+@@ -376,51 +372,59 @@ printf("\n");
+ #endif
+
+ /* r->length is now the compressed data plus mac */
+- if ( (sess == NULL) ||
+- (s->enc_read_ctx == NULL) ||
+- (s->read_hash == NULL))
+- clear=1;
+-
+- if (!clear)
++ if ((sess != NULL) &&
++ (s->enc_read_ctx != NULL) &&
++ (s->read_hash != NULL))
+ {
++ /* s->read_hash != NULL => mac_size != -1 */
++ unsigned char *mac = NULL;
++ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size=EVP_MD_size(s->read_hash);
++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++ /* orig_len is the length of the record before any padding was
++ * removed. This is public information, as is the MAC in use,
++ * therefore we can safely process the record in a different
++ * amount of time if it's too short to possibly contain a MAC.
++ */
++ if (orig_len < mac_size ||
++ /* CBC records must have a padding length byte too. */
++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ orig_len < mac_size+1))
+ {
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+- al=SSL_AD_RECORD_OVERFLOW;
+- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++ al=SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+-#endif
+ }
+- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length >= mac_size)
++
++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ {
++ /* We update the length so that the TLS header bytes
++ * can be constructed correctly but we need to extract
++ * the MAC in constant time from within the record,
++ * without leaking the contents of the padding bytes.
++ * */
++ mac = mac_tmp;
++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ rr->length -= mac_size;
+- mac = &rr->data[rr->length];
+ }
+ else
+ {
+- /* record (minus padding) is too short to contain a MAC */
+-#if 0 /* OK only for stream ciphers */
+- al=SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+- goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+- rr->length = 0;
+-#endif
++ /* In this case there's no padding, so |orig_len|
++ * equals |rec->length| and we checked that there's
++ * enough bytes for |mac_size| above. */
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
+ }
+- i=s->method->ssl3_enc->mac(s,md,0);
+- if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+- {
+- decryption_failed_or_bad_record_mac = 1;
+- }
++
++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++ enc_err = -1;
++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++ enc_err = -1;
+ }
+
+- if (decryption_failed_or_bad_record_mac)
++ if (enc_err < 0)
+ {
+ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c (revision 248771)
++++ crypto/openssl/ssl/s3_srvr.c (working copy)
+@@ -1005,7 +1005,7 @@ int ssl3_get_client_hello(SSL *s)
+ goto f_err;
+ }
+ }
+- if (ssl_check_clienthello_tlsext(s) <= 0) {
++ if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+@@ -1131,6 +1131,16 @@ int ssl3_get_client_hello(SSL *s)
+ * s->tmp.new_cipher - the new cipher to use.
+ */
+
++ /* Handles TLS extensions that we couldn't check earlier */
++ if (s->version >= SSL3_VERSION)
++ {
++ if (ssl_check_clienthello_tlsext_late(s) <= 0)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
++ goto err;
++ }
++ }
++
+ if (ret < 0) ret=1;
+ if (0)
+ {
+@@ -1571,6 +1581,7 @@ int ssl3_send_server_key_exchange(SSL *s)
+ (unsigned char *)encodedPoint,
+ encodedlen);
+ OPENSSL_free(encodedPoint);
++ encodedPoint = NULL;
+ p += encodedlen;
+ }
+ #endif
+@@ -1960,6 +1971,7 @@ int ssl3_get_client_key_exchange(SSL *s)
+ if (i <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
++ BN_clear_free(pub);
+ goto err;
+ }
+
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h (revision 248771)
++++ crypto/openssl/ssl/ssl.h (working copy)
+@@ -1682,6 +1682,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_DTLS1_ACCEPT 246
+ #define SSL_F_DTLS1_ADD_CERT_TO_BUF 280
+ #define SSL_F_DTLS1_BUFFER_RECORD 247
++#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293
+ #define SSL_F_DTLS1_CLIENT_HELLO 248
+ #define SSL_F_DTLS1_CONNECT 249
+ #define SSL_F_DTLS1_ENC 250
+@@ -1819,6 +1820,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_GET_NEW_SESSION 181
+ #define SSL_F_SSL_GET_PREV_SESSION 217
+ #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
+ #define SSL_F_SSL_GET_SIGN_PKEY 183
+ #define SSL_F_SSL_INIT_WBIO_BUFFER 184
+ #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+Index: crypto/openssl/ssl/ssl_ciph.c
+===================================================================
+--- crypto/openssl/ssl/ssl_ciph.c (revision 248771)
++++ crypto/openssl/ssl/ssl_ciph.c (working copy)
+@@ -303,6 +303,7 @@ static void load_builtin_compressions(void)
+ sk_SSL_COMP_push(ssl_comp_methods,comp);
+ }
+ }
++ sk_SSL_COMP_sort(ssl_comp_methods);
+ }
+ MemCheck_on();
+ }
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c (revision 248771)
++++ crypto/openssl/ssl/ssl_err.c (working copy)
+@@ -1,6 +1,6 @@
+ /* ssl/ssl_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -80,6 +80,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+ {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
+ {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
++{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
+ {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
+ {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
+@@ -217,6 +218,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
++{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
+ {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+--- crypto/openssl/ssl/ssl_lib.c (revision 248771)
++++ crypto/openssl/ssl/ssl_lib.c (working copy)
+@@ -1000,6 +1000,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
+ s->max_cert_list=larg;
+ return(l);
+ case SSL_CTRL_SET_MTU:
++#ifndef OPENSSL_NO_DTLS1
++ if (larg < (long)dtls1_min_mtu())
++ return 0;
++#endif
++
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
+ {
+@@ -1938,7 +1943,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ }
+
+ /* THIS NEEDS CLEANING UP */
+-X509 *ssl_get_server_send_cert(SSL *s)
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+ {
+ unsigned long alg,kalg;
+ CERT *c;
+@@ -1988,14 +1993,22 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ }
+ else /* if (kalg & SSL_aNULL) */
+ {
+- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
++ SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
+ return(NULL);
+ }
+- if (c->pkeys[i].x509 == NULL) return(NULL);
+
+- return(c->pkeys[i].x509);
++ return c->pkeys + i;
+ }
+
++X509 *ssl_get_server_send_cert(const SSL *s)
++ {
++ CERT_PKEY *cpk;
++ cpk = ssl_get_server_send_pkey(s);
++ if (!cpk)
++ return NULL;
++ return cpk->x509;
++ }
++
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+ {
+ unsigned long alg;
+@@ -2415,7 +2428,9 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ {
+- if (s->cert != NULL)
++ if (s->server)
++ return(ssl_get_server_send_cert(s));
++ else if (s->cert != NULL)
+ return(s->cert->key->x509);
+ else
+ return(NULL);
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h (revision 248771)
++++ crypto/openssl/ssl/ssl_locl.h (working copy)
+@@ -189,6 +189,15 @@
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
++#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>48)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>40)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
++ *((c)++)=(unsigned char)(((l) )&0xff))
++
+ #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
+ l|=((BN_ULLONG)(*((c)++)))<<32, \
+ l|=((BN_ULLONG)(*((c)++)))<<24, \
+@@ -740,7 +749,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *s
+ int ssl_undefined_function(SSL *s);
+ int ssl_undefined_void_function(void);
+ int ssl_undefined_const_function(const SSL *s);
+-X509 *ssl_get_server_send_cert(SSL *);
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
++X509 *ssl_get_server_send_cert(const SSL *);
+ EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+@@ -870,6 +880,7 @@ void dtls1_get_ccs_header(unsigned char *data, str
+ void dtls1_reset_seq_numbers(SSL *s, int rw);
+ long dtls1_default_timeout(void);
+ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
++int dtls1_check_timeout_num(SSL *s);
+ int dtls1_handle_timeout(SSL *s);
+ SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+ void dtls1_start_timer(SSL *s);
+@@ -877,6 +888,7 @@ void dtls1_stop_timer(SSL *s);
+ int dtls1_is_timer_expired(SSL *s);
+ void dtls1_double_timeout(SSL *s);
+ int dtls1_send_newsession_ticket(SSL *s);
++unsigned int dtls1_min_mtu(void);
+
+
+ /* some client-only functions */
+@@ -977,7 +989,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_prepare_clienthello_tlsext(SSL *s);
+ int ssl_prepare_serverhello_tlsext(SSL *s);
+-int ssl_check_clienthello_tlsext(SSL *s);
++int ssl_check_clienthello_tlsext_early(SSL *s);
++int ssl_check_clienthello_tlsext_late(SSL *s);
+ int ssl_check_serverhello_tlsext(SSL *s);
+
+ #ifdef OPENSSL_NO_SHA256
+@@ -999,5 +1012,33 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, un
+ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al);
+ #endif
++/* s3_cbc.c */
++void ssl3_cbc_copy_mac(unsigned char* out,
++ const SSL3_RECORD *rec,
++ unsigned md_size,unsigned orig_len);
++int ssl3_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size);
++int tls1_cbc_remove_padding(const SSL* s,
++ SSL3_RECORD *rec,
++ unsigned block_size,
++ unsigned mac_size);
++char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
++void ssl3_cbc_digest_record(
++ const EVP_MD *hash,
++ unsigned char* md_out,
++ size_t* md_out_size,
++ const unsigned char header[13],
++ const unsigned char *data,
++ size_t data_plus_mac_size,
++ size_t data_plus_mac_plus_padding_size,
++ const unsigned char *mac_secret,
++ unsigned mac_secret_length,
++ char is_sslv3);
+
++void tls_fips_digest_extra(
++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++ const unsigned char *data, size_t data_len, size_t orig_len);
++
+ #endif
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c (revision 248771)
++++ crypto/openssl/ssl/t1_enc.c (working copy)
+@@ -264,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which)
+ {
+ int ki;
+ for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+- printf("%02x", key_block[ki]); printf("\n");
++ printf("%02x", s->s3->tmp.key_block[ki]); printf("\n");
+ }
+ #endif /* KSSL_DEBUG */
+
+@@ -528,12 +528,21 @@ err:
+ return(0);
+ }
+
++/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ * 0: (in non-constant time) if the record is publically invalid (i.e. too
++ * short etc).
++ * 1: if the record's padding is valid / the encryption was successful.
++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ * an internal error occured.
++ */
+ int tls1_enc(SSL *s, int send)
+ {
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+- int bs,i,ii,j,k;
++ int bs,i,j,k,pad=0,ret,mac_size=0;
+ const EVP_CIPHER *enc;
+
+ if (send)
+@@ -559,11 +568,11 @@ int tls1_enc(SSL *s, int send)
+ printf("tls1_enc(%d)\n", send);
+ #endif /* KSSL_DEBUG */
+
+- if ((s->session == NULL) || (ds == NULL) ||
+- (enc == NULL))
++ if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
+ {
+ memmove(rec->data,rec->input,rec->length);
+ rec->input=rec->data;
++ ret = 1;
+ }
+ else
+ {
+@@ -591,14 +600,13 @@ int tls1_enc(SSL *s, int send)
+
+ #ifdef KSSL_DEBUG
+ {
+- unsigned long ui;
++ unsigned long ui;
+ printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+- (void *)ds,rec->data,rec->input,l);
+- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+- ds->buf_len, ds->cipher->key_len,
+- (unsigned long)DES_KEY_SZ,
+- (unsigned long)DES_SCHEDULE_SZ,
+- ds->cipher->iv_len);
++ ds,rec->data,rec->input,l);
++ printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
++ ds->buf_len, ds->cipher->key_len,
++ DES_KEY_SZ, DES_SCHEDULE_SZ,
++ ds->cipher->iv_len);
+ printf("\t\tIV: ");
+ for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+ printf("\n");
+@@ -611,11 +619,7 @@ int tls1_enc(SSL *s, int send)
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+- {
+- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+- }
+ }
+
+ EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -629,49 +633,15 @@ int tls1_enc(SSL *s, int send)
+ }
+ #endif /* KSSL_DEBUG */
+
++ ret = 1;
++ if (s->read_hash != NULL)
++ mac_size = EVP_MD_size(s->read_hash);
+ if ((bs != 1) && !send)
+- {
+- ii=i=rec->data[l-1]; /* padding_length */
+- i++;
+- /* NB: if compression is in operation the first packet
+- * may not be of even length so the padding bug check
+- * cannot be performed. This bug workaround has been
+- * around since SSLeay so hopefully it is either fixed
+- * now or no buggy implementation supports compression
+- * [steve]
+- */
+- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+- && !s->expand)
+- {
+- /* First packet is even in size, so check */
+- if ((memcmp(s->s3->read_sequence,
+- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+- i--;
+- }
+- /* TLS 1.0 does not bound the number of padding bytes by the block size.
+- * All of them must have value 'padding_length'. */
+- if (i > (int)rec->length)
+- {
+- /* Incorrect padding. SSLerr() and ssl3_alert are done
+- * by caller: we don't want to reveal whether this is
+- * a decryption error or a MAC verification failure
+- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+- return -1;
+- }
+- for (j=(int)(l-i); j<(int)l; j++)
+- {
+- if (rec->data[j] != ii)
+- {
+- /* Incorrect padding */
+- return -1;
+- }
+- }
+- rec->length-=i;
+- }
++ ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
++ if (pad && !send)
++ rec->length -= pad;
+ }
+- return(1);
++ return ret;
+ }
+
+ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+@@ -719,10 +689,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ SSL3_RECORD *rec;
+ unsigned char *mac_sec,*seq;
+ const EVP_MD *hash;
+- unsigned int md_size;
++ size_t md_size, orig_len;
+ int i;
+ HMAC_CTX hmac;
+- unsigned char buf[5];
++ unsigned char header[13];
+
+ if (send)
+ {
+@@ -741,20 +711,6 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+
+ md_size=EVP_MD_size(hash);
+
+- buf[0]=rec->type;
+- if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+- {
+- buf[1]=TLS1_VERSION_MAJOR;
+- buf[2]=TLS1_VERSION_MINOR;
+- }
+- else {
+- buf[1]=(unsigned char)(ssl->version>>8);
+- buf[2]=(unsigned char)(ssl->version);
+- }
+-
+- buf[3]=rec->length>>8;
+- buf[4]=rec->length&0xff;
+-
+ /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ HMAC_CTX_init(&hmac);
+ HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+@@ -766,16 +722,57 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ memcpy (p,&seq[2],6);
+
+- HMAC_Update(&hmac,dtlsseq,8);
++ memcpy(header, dtlsseq, 8);
+ }
+ else
+- HMAC_Update(&hmac,seq,8);
++ memcpy(header, seq, 8);
+
+- HMAC_Update(&hmac,buf,5);
+- HMAC_Update(&hmac,rec->input,rec->length);
+- HMAC_Final(&hmac,md,&md_size);
++ /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++ rec->type &= 0xff;
++
++ header[8]=rec->type;
++ header[9]=(unsigned char)(ssl->version>>8);
++ header[10]=(unsigned char)(ssl->version);
++ header[11]=(rec->length)>>8;
++ header[12]=(rec->length)&0xff;
++
++ if (!send &&
++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++ ssl3_cbc_record_digest_supported(hash))
++ {
++ /* This is a CBC-encrypted record. We must avoid leaking any
++ * timing-side channel information about how many blocks of
++ * data we are hashing because that gives an attacker a
++ * timing-oracle. */
++ ssl3_cbc_digest_record(
++ hash,
++ md, &md_size,
++ header, rec->input,
++ rec->length + md_size, orig_len,
++ ssl->s3->read_mac_secret,
++ EVP_MD_size(ssl->read_hash),
++ 0 /* not SSLv3 */);
++ }
++ else
++ {
++ unsigned mds;
++
++ HMAC_Update(&hmac,header,sizeof(header));
++ HMAC_Update(&hmac,rec->input,rec->length);
++ HMAC_Final(&hmac,md,&mds);
++ md_size = mds;
++#ifdef OPENSSL_FIPS
++ if (!send && FIPS_mode())
++ tls_fips_digest_extra(
++ ssl->enc_read_ctx,
++ hash,
++ &hmac, rec->input,
++ rec->length, orig_len);
++#endif
++ }
++
+ HMAC_CTX_cleanup(&hmac);
+-
+ #ifdef TLS_DEBUG
+ printf("sec=");
+ {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c (revision 248771)
++++ crypto/openssl/ssl/t1_lib.c (working copy)
+@@ -575,6 +575,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ sdata = data;
+ if (dsize > 0)
+ {
++ if (s->tlsext_ocsp_exts)
++ {
++ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
++ X509_EXTENSION_free);
++ }
++
+ s->tlsext_ocsp_exts =
+ d2i_X509_EXTENSIONS(NULL,
+ &sdata, dsize);
+@@ -739,7 +745,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ return 1;
+ }
+
+-int ssl_check_clienthello_tlsext(SSL *s)
++int ssl_check_clienthello_tlsext_early(SSL *s)
+ {
+ int ret=SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+@@ -749,13 +755,49 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
+ ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+
++ switch (ret)
++ {
++ case SSL_TLSEXT_ERR_ALERT_FATAL:
++ ssl3_send_alert(s, SSL3_AL_FATAL, al);
++ return -1;
++
++ case SSL_TLSEXT_ERR_ALERT_WARNING:
++ ssl3_send_alert(s, SSL3_AL_WARNING, al);
++ return 1;
++
++ case SSL_TLSEXT_ERR_NOACK:
++ s->servername_done = 0;
++
++ default:
++ return 1;
++ }
++ }
++
++int ssl_check_clienthello_tlsext_late(SSL *s)
++ {
++ int ret = SSL_TLSEXT_ERR_OK;
++ int al;
++
+ /* If status request then ask callback what to do.
+ * Note: this must be called after servername callbacks in case
+- * the certificate has changed.
++ * the certificate has changed, and must be called after the cipher
++ * has been chosen because this may influence which certificate is sent
+ */
+- if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
++ if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
+ {
+ int r;
++ CERT_PKEY *certpkey;
++ certpkey = ssl_get_server_send_pkey(s);
++ /* If no certificate can't return certificate status */
++ if (certpkey == NULL)
++ {
++ s->tlsext_status_expected = 0;
++ return 1;
++ }
++ /* Set current certificate to one we will use so
++ * SSL_get_certificate et al can pick it up.
++ */
++ s->cert->key = certpkey;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ switch (r)
+ {
+@@ -779,7 +821,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ }
+ else
+ s->tlsext_status_expected = 0;
+- err:
++
++ err:
+ switch (ret)
+ {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+@@ -789,11 +832,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ return 1;
+-
+- case SSL_TLSEXT_ERR_NOACK:
+- s->servername_done=0;
+- default:
+- return 1;
++
++ default:
++ return 1;
+ }
+ }
+
+@@ -971,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsign
+ HMAC_Update(&hctx, etick, eticklen);
+ HMAC_Final(&hctx, tick_hmac, NULL);
+ HMAC_CTX_cleanup(&hctx);
+- if (memcmp(tick_hmac, etick + eticklen, mlen))
++ if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ goto tickerr;
+ /* Attempt to decrypt session data */
+ /* Move p after IV to start of encrypted ticket, update length */
+Index: crypto/openssl/util/fipslink.pl
+===================================================================
+--- crypto/openssl/util/fipslink.pl (revision 248771)
++++ crypto/openssl/util/fipslink.pl (working copy)
+@@ -43,7 +43,12 @@ die "First stage Link failure" if $? != 0;
+
+
+ print "$fips_premain_dso $fips_target\n";
+-$fips_hash=`$fips_premain_dso $fips_target`;
++system("$fips_premain_dso $fips_target >$fips_target.sha1");
++die "Get hash failure" if $? != 0;
++open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
++$fips_hash=<$sha1_res>;
++close $sha1_res;
++unlink $fips_target.".sha1";
+ chomp $fips_hash;
+ die "Get hash failure" if $? != 0;
+
+Index: crypto/openssl/util/libeay.num
+===================================================================
+--- crypto/openssl/util/libeay.num (revision 248771)
++++ crypto/openssl/util/libeay.num (working copy)
+@@ -3510,6 +3510,7 @@ BIO_get_callback_arg 3902 EXIST
+ BIO_set_callback 3903 EXIST::FUNCTION:
+ d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
+ i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
++CRYPTO_memcmp 3906 EXIST::FUNCTION:
+ SEED_decrypt 3908 EXIST::FUNCTION:SEED
+ SEED_encrypt 3909 EXIST::FUNCTION:SEED
+ SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
+Index: crypto/openssl/util/mkerr.pl
+===================================================================
+--- crypto/openssl/util/mkerr.pl (revision 248771)
++++ crypto/openssl/util/mkerr.pl (working copy)
+@@ -313,7 +313,7 @@ foreach $lib (keys %csrc)
+ } else {
+ push @out,
+ "/* ====================================================================\n",
+-" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n",
++" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
+ " *\n",
+ " * Redistribution and use in source and binary forms, with or without\n",
+ " * modification, are permitted provided that the following conditions\n",
+@@ -487,7 +487,7 @@ EOF
+ print OUT <<"EOF";
+ /* $cfile */
+ /* ====================================================================
+- * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -680,7 +680,7 @@ EOF
+ undef %err_reason_strings;
+ }
+
+-if($debug && defined(%notrans)) {
++if($debug && %notrans) {
+ print STDERR "The following function codes were not translated:\n";
+ foreach(sort keys %notrans)
+ {
+Index: crypto/openssl/util/pl/VC-32.pl
+===================================================================
+--- crypto/openssl/util/pl/VC-32.pl (revision 248771)
++++ crypto/openssl/util/pl/VC-32.pl (working copy)
+@@ -391,7 +391,7 @@ sub do_lib_rule
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+- $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
++ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /fixed /map $base_arg $efile$target ";
+ $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ }
+@@ -434,7 +434,7 @@ sub do_link_rule
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+- $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
++ $ret.="\t\$(FIPSLINK) \$(LFLAGS) /fixed /map $efile$target @<<\n";
+ $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+ }
+ else
+Index: secure/lib/libcrypto/Makefile.inc
+===================================================================
+--- secure/lib/libcrypto/Makefile.inc (revision 248771)
++++ secure/lib/libcrypto/Makefile.inc (working copy)
+@@ -3,8 +3,8 @@
+ .include <bsd.own.mk>
+
+ # OpenSSL version used for manual page generation
+-OPENSSL_VER= 0.9.8q
+-OPENSSL_DATE= 2010-12-02
++OPENSSL_VER= 0.9.8y
++OPENSSL_DATE= 2013-02-05
+
+ LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
+ LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
+Index: secure/lib/libssl/Makefile
+===================================================================
+--- secure/lib/libssl/Makefile (revision 248771)
++++ secure/lib/libssl/Makefile (working copy)
+@@ -14,7 +14,8 @@ SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_l
+ d1_both.c d1_enc.c \
+ s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
+- s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
++ s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \
++ s3_pkt.c \
+ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+ ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
diff --git a/share/security/patches/SA-13:03/openssl.patch.asc b/share/security/patches/SA-13:03/openssl.patch.asc
new file mode 100644
index 0000000000..6e6e5d63a4
--- /dev/null
+++ b/share/security/patches/SA-13:03/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmQACgkQFdaIBMps37JsJwCfeL+FsfSkcpsQPd9wM1kiy3F6
+z94AnAoi2KiaTj7AnQVom035rVoeZnzb
+=P3VV
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-13:04/bind.patch b/share/security/patches/SA-13:04/bind.patch
new file mode 100644
index 0000000000..902448c197
--- /dev/null
+++ b/share/security/patches/SA-13:04/bind.patch
@@ -0,0 +1,13 @@
+Index: lib/bind/config.h
+===================================================================
+--- lib/bind/config.h (revision 248771)
++++ lib/bind/config.h (working copy)
+@@ -281,7 +281,7 @@ int sigwait(const unsigned int *set, int *sig);
+ /* #undef HAVE_OPENSSL_GOST */
+
+ /* Define to 1 if you have the <regex.h> header file. */
+-#define HAVE_REGEX_H 1
++/* #undef HAVE_REGEX_H */
+
+ /* Define to 1 if you have the `setegid' function. */
+ #define HAVE_SETEGID 1
diff --git a/share/security/patches/SA-13:04/bind.patch.asc b/share/security/patches/SA-13:04/bind.patch.asc
new file mode 100644
index 0000000000..53deec80fa
--- /dev/null
+++ b/share/security/patches/SA-13:04/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmkACgkQFdaIBMps37LS6wCgixwNY2sp5liNZzUANdl3YS5H
+r6wAnjT32rIJw1ThkvddBSGhBUncJzt4
+=qO5f
+-----END PGP SIGNATURE-----
diff --git a/share/xml/advisories.xml b/share/xml/advisories.xml
index 432c60cd24..468096175b 100644
--- a/share/xml/advisories.xml
+++ b/share/xml/advisories.xml
@@ -7,6 +7,22 @@
<year>
<name>2013</name>
+ <month>
+ <name>4</name>
+
+ <day>
+ <name>2</name>
+
+ <advisory>
+ <name>FreeBSD-SA-13:04.bind</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-13:03.openssl</name>
+ </advisory>
+ </day>
+ </month>
+
<month>
<name>2</name>
diff --git a/share/xml/authors.ent b/share/xml/authors.ent
index 2244cad0f1..88bad37706 100644
--- a/share/xml/authors.ent
+++ b/share/xml/authors.ent
@@ -1396,6 +1396,8 @@
<!ENTITY a.wes "Wes Peters <email>wes@FreeBSD.org</email>">
+<!ENTITY a.wg "William Grzybowski <email>wg@FreeBSD.org</email>">
+
<!ENTITY a.whiteside "Don Whiteside <email>whiteside@acm.org</email>">
<!ENTITY a.wilko "Wilko Bulte <email>wilko@FreeBSD.org</email>">
diff --git a/share/xml/commercial.consult.xml b/share/xml/commercial.consult.xml
index e3341a026b..a8e04eb026 100644
--- a/share/xml/commercial.consult.xml
+++ b/share/xml/commercial.consult.xml
@@ -223,6 +223,17 @@
</description>
</entry>
+ <entry id="CloneConsulting" category="nzealand">
+ <name>Clone Consulting</name>
+ <url>http://www.clone.co.nz/</url>
+ <description>
+ Clone provides consultancy services for software development, system
+ architecture and FreeBSD infrastructure support. For additional
+ information please visit the <a
+ href="http://www.clone.co.nz">Clone website</a>.
+ </description>
+ </entry>
+
<entry id="CloudBT" category="australia">
<name>Cloud BT IT Support</name>
<url>http://www.it-support.com.au/</url>
diff --git a/share/xml/developers.ent b/share/xml/developers.ent
index 1e1b9a45bd..eac6838159 100644
--- a/share/xml/developers.ent
+++ b/share/xml/developers.ent
@@ -678,6 +678,7 @@ $FreeBSD$
<!ENTITY a.wen "Wen Heping">
<!ENTITY a.weongyo "Weongyo Jeong">
<!ENTITY a.wes "Wes Peters">
+<!ENTITY a.wg "William Grzybowski">
<!ENTITY a.whiteside "Don Whiteside">
<!ENTITY a.wilko "Wilko Bulte">
<!ENTITY a.will "Will Andrews">
diff --git a/share/xml/man-refs.ent b/share/xml/man-refs.ent
index 87145662b2..2bc64382e6 100644
--- a/share/xml/man-refs.ent
+++ b/share/xml/man-refs.ent
@@ -4217,6 +4217,7 @@
<!ENTITY man.symlink.7 "<citerefentry><refentrytitle>symlink</refentrytitle><manvolnum>7</manvolnum></citerefentry>">
<!ENTITY man.term.7 "<citerefentry><refentrytitle>term</refentrytitle><manvolnum>7</manvolnum></citerefentry>">
<!ENTITY man.tuning.7 "<citerefentry><refentrytitle>tuning</refentrytitle><manvolnum>7</manvolnum></citerefentry>">
+<!ENTITY man.zpool-features.7 "<citerefentry><refentrytitle>zpool-features</refentrytitle><manvolnum>7</manvolnum></citerefentry>">
<!ENTITY man.IPXrouted.8 "<citerefentry><refentrytitle>IPXrouted</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.MAKEDEV.8 "<citerefentry><refentrytitle>MAKEDEV</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
diff --git a/share/xml/news.xml b/share/xml/news.xml
index 0949914800..529570b38b 100644
--- a/share/xml/news.xml
+++ b/share/xml/news.xml
@@ -30,9 +30,74 @@
<year>
<name>2013</name>
+ <month>
+ <name>4</name>
+
+ <day>
+ <name>10</name>
+
+ <event>
+ <title>&os; 8.4-RC1 Available</title>
+
+ <p>The first RC build for the &os;-8.4 release cycle is
+ now available. ISO images for the amd64, i386 and pc98
+ architectures are <a
+ href="&lists.stable;/2013-April/073070.html">available</a>
+ on most of our <a
+ href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
+ mirror sites</a>.</p>
+ </event>
+ </day>
+
+ <day>
+ <name>3</name>
+
+ <event>
+ <p>Enhanced commit privileges: <a
+ href="mailto:antoine@FreeBSD.org">Antoine Brodin</a>
+ (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>1</name>
+
+ <event>
+ <p>New committer:
+ <a href="mailto:wg@FreeBSD.org">William Grzybowski</a> (ports)</p>
+ </event>
+ </day>
+ </month>
+
<month>
<name>3</name>
+ <day>
+ <name>27</name>
+
+ <event>
+ <p>Enhanced commit privileges:
+ <a href="mailto:tijl@FreeBSD.org">Tijl Coosemans</a>
+ (src, ports)</p>
+ </event>
+ </day>
+
+ <day>
+ <name>22</name>
+
+ <event>
+ <title>&os; 8.4-BETA1 Available</title>
+
+ <p>The first BETA build for the &os;-8.4 release cycle is
+ now available. ISO images for the amd64, i386 and pc98
+ architectures are <a
+ href="&lists.stable;/2013-March/072913.html">available</a>
+ on most of our <a
+ href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
+ mirror sites</a>.</p>
+ </event>
+ </day>
+
<day>
<name>14</name>
diff --git a/share/xml/release.ent b/share/xml/release.ent
index 1beaf4a005..738f7b9769 100644
--- a/share/xml/release.ent
+++ b/share/xml/release.ent
@@ -29,10 +29,10 @@
don't have something in BETAn or RCn), then change %beta.testing
below to "IGNORE". If we do, use "INCLUDE". -->
-<!ENTITY beta.testing "IGNORE">
-<!ENTITY % beta.testing "IGNORE">
-<!ENTITY betarel.current '9.1'>
-<!ENTITY betarel.vers 'RC3'>
+<!ENTITY beta.testing "INCLUDE">
+<!ENTITY % beta.testing "INCLUDE">
+<!ENTITY betarel.current '8.4'>
+<!ENTITY betarel.vers 'RC1'>
<!ENTITY u.betarel.schedule '&base;/releases/&betarel.current;R/schedule.html'>
<!-- If we have a second release in the release cycle (e.g. 5.x and 6.y