Add EN-17:01-04, SA-17:02.

svn path=/head/; revision=50004

share/security/patches/EN-17:01/pcie.patch

@@ -0,0 +1,11 @@
+--- sys/dev/pci/pci_pci.c.orig
++++ sys/dev/pci/pci_pci.c
+@@ -935,6 +935,8 @@
+ 
+ 	if ((sc->pcie_slot_cap & PCIEM_SLOT_CAP_HPC) == 0)
+ 		return;
++	if ((sc->pcie_link_cap & PCIEM_LINK_CAP_DL_ACTIVE) == 0)
++		return;
+ 
+ 	/*
+ 	 * Some devices report that they have an MRL when they actually

share/security/patches/EN-17:01/pcie.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPUACgkQ7Wfs1l3P
+aucnkRAAlrRIt4XdzSyuVFcuK3vIhbO2MEhlVmsduYElQ+S/A/QOyhgAVN83TveN
+3JvQSozXA8OTw7cGDOD8SiL7Hyr79PsC+cWkbD/XhQGLwXtwcaywTTIOuc7ny0Cj
+4m7tl3DzO8FN0rKGoOCC0UCiaTamKfh3Wl+mMHHPBOtYyk+DKzSw7TnTLaRrI90q
+wWnQnF5Xr1pCbJBwyx3EvIQq9AL6d5nRm6af8cksWaChpH1w6elNl0Q0FbojKkdp
+6aweLHYORRu8cVqDsOjuWoNq6BMyEF/cooqufmBb5JkpgwaFgVntp7aI0ql8Ts/v
+mkvSqMTyzPiJGEBoDDqBosQdb66MeGIV9PZIjR8AQEIwagXo4KCNq3PwW8kPKlJ1
+8vrxRGQc8xSKRvv7h0Xvg5Ovhodu7UV1RtFVUqWMAdeLqTy6mtyRmjOKb4ouy7wC
+V9/ZgG87zYHHpLmg6EmQfAB3fa8ksR30/rJEBxehxdbJTAwaxCfK2RWpRu4MVTH1
+uJrbEbiFHpSHM46LJ9JbkLfOfNMLuDz0K688D3eecWvpzyO7Zk7NqPV1fWOlcQLk
+xtdOFzmSV8Cr1UBiUV7AaAap20nXWrqQ7Lp5Q9fj7y7l7xVznh95Tf6VlFergBMB
+hR2MHvbCHExx9vokyWSYyz/yq7mnCJWNcSMDdRCfAjqqpSD9lGI=
+=2ZA+
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:02/yp.patch

@@ -0,0 +1,13 @@
+--- libexec/ypxfr/ypxfr_getmap.c.orig
++++ libexec/ypxfr/ypxfr_getmap.c
+@@ -43,8 +43,8 @@
+ 
+ extern bool_t xdr_ypresp_all_seq(XDR *, unsigned long *);
+ 
+-static int (*ypresp_allfn)();
+-static void *ypresp_data;
++extern int (*ypresp_allfn)();
++extern void *ypresp_data;
+ extern DB *specdbp;
+ extern enum ypstat yp_errno;
+ 

share/security/patches/EN-17:02/yp.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujPkACgkQ7Wfs1l3P
+audR3A//Y0/IZ4iyUh3N0Twwc/ywoSV2ph+D2XF9PmI3HWTk4F+uEN+/02XNDhft
+V9T25LuyuaROBrvDDgpN+9d8V82zxo8K4YiSi8YaarQq71q7lAUAJ0YIg+an9ije
+4M6HNDRk0x99rueb2gmOSk/6EWyUzLSwlumzhG1SdKrgz0VN2ItoSdE9FDNfHqTG
+UfCeXa5bgoQUU/yNfzQu4QfuTQzx/Oq2Kfjr5wIOK+bZxLk6tlInDxBhg5oJq/KZ
+zXgL4mJmqF/glDNKxpa8yZxHmiXql9wwI/mnRmVODQ2CCHDcuSx6uOxpS8PNhect
+31PpPR9wFtFOBGbXsuBHGUkGVjjReADXcBU0SdaFY02WlonQXnvc7RhzFu4TOo5Z
+6LTOxyiCIc7ZJW1nW7HmXZl5VfzWL/wmK0QHlLSMJ24tPwrAizPlT0OEwsjOlhCq
+LYfWRKBRPlu8x7Ow8J0ecYCouhPGy4dYA4o68fBvpk27HUREw0VgfpTPNgrcZinK
+VEM+z5zx7fQXuNkwb3GYQzCGDKLbZTtxZ35APlIzhCYtUdJ1kA5Q/udvxNIbd1zD
+apmj7h4+xgx5T+ncmPsyROm805LdXFGsMT9CcMrqECadGzRMC0Cq0tyOINnFHryp
+hmSVl1mp7YQpafXKSMs/2CvxPcTrBjw9vgZBOdaJD1+j2/gLkSA=
+=8C44
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:03/hyperv.patch

@@ -0,0 +1,277 @@
+--- sys/cam/ata/ata_xpt.c.orig
++++ sys/cam/ata/ata_xpt.c
+@@ -40,6 +40,7 @@
+ #include <sys/interrupt.h>
+ #include <sys/sbuf.h>
+ 
++#include <sys/eventhandler.h>
+ #include <sys/lock.h>
+ #include <sys/mutex.h>
+ #include <sys/sysctl.h>
+@@ -824,6 +825,7 @@
+ 	{
+ 		struct ccb_pathinq cpi;
+ 		int16_t *ptr;
++		int veto = 0;
+ 
+ 		ident_buf = &softc->ident_data;
+ 		for (ptr = (int16_t *)ident_buf;
+@@ -830,6 +832,17 @@
+ 		     ptr < (int16_t *)ident_buf + sizeof(struct ata_params)/2; ptr++) {
+ 			*ptr = le16toh(*ptr);
+ 		}
++
++		/*
++		 * Allow others to veto this ATA disk attachment.  This
++		 * is mainly used by VMs, whose disk controllers may
++		 * share the disks with the simulated ATA controllers.
++		 */
++		EVENTHANDLER_INVOKE(ada_probe_veto, path, ident_buf, &veto);
++		if (veto) {
++			goto device_fail;
++		}
++
+ 		if (strncmp(ident_buf->model, "FX", 2) &&
+ 		    strncmp(ident_buf->model, "NEC", 3) &&
+ 		    strncmp(ident_buf->model, "Pioneer", 7) &&
+--- sys/conf/files.amd64.orig
++++ sys/conf/files.amd64
+@@ -268,7 +268,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c				optional	hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c			optional	hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c		optional	hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/utilities/hv_heartbeat.c			optional	hyperv
+ dev/hyperv/utilities/hv_kvp.c				optional	hyperv
+--- sys/conf/files.i386.orig
++++ sys/conf/files.i386
+@@ -239,7 +239,6 @@
+ dev/hyperv/netvsc/hv_net_vsc.c				optional	hyperv
+ dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/netvsc/hv_rndis_filter.c			optional	hyperv
+-dev/hyperv/stordisengage/hv_ata_pci_disengage.c		optional	hyperv
+ dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c		optional	hyperv
+ dev/hyperv/utilities/hv_heartbeat.c			optional	hyperv
+ dev/hyperv/utilities/hv_kvp.c				optional	hyperv
+--- sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
+@@ -58,6 +58,7 @@
+ #include <sys/lock.h>
+ #include <sys/sema.h>
+ #include <sys/sglist.h>
++#include <sys/eventhandler.h>
+ #include <machine/bus.h>
+ #include <sys/bus_dma.h>
+ 
+@@ -139,6 +140,15 @@
+ 	struct hv_storvsc_request	hs_reset_req;
+ };
+ 
++static eventhandler_tag storvsc_handler_tag;
++/*
++ * The size of the vmscsi_request has changed in win8. The
++ * additional size is for the newly added elements in the
++ * structure. These elements are valid only when we are talking
++ * to a win8 host.
++ * Track the correct size we need to apply.
++ */
++static int vmscsi_size_delta = sizeof(struct vmscsi_win8_extension);
+ 
+ /**
+  * HyperV storvsc timeout testing cases:
+@@ -954,21 +964,15 @@
+ static int
+ storvsc_probe(device_t dev)
+ {
+-	int ata_disk_enable = 0;
+ 	int ret	= ENXIO;
+ 	
+ 	switch (storvsc_get_storage_type(dev)) {
+ 	case DRIVER_BLKVSC:
+ 		if(bootverbose)
+-			device_printf(dev, "DRIVER_BLKVSC-Emulated ATA/IDE probe\n");
+-		if (!getenv_int("hw.ata.disk_enable", &ata_disk_enable)) {
+-			if(bootverbose)
+-				device_printf(dev,
+-					"Enlightened ATA/IDE detected\n");
+-			device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
+-			ret = BUS_PROBE_DEFAULT;
+-		} else if(bootverbose)
+-			device_printf(dev, "Emulated ATA/IDE set (hw.ata.disk_enable set)\n");
++			device_printf(dev,
++			    "Enlightened ATA/IDE detected\n");
++		device_set_desc(dev, g_drv_props_table[DRIVER_BLKVSC].drv_desc);
++		ret = BUS_PROBE_DEFAULT;
+ 		break;
+ 	case DRIVER_STORVSC:
+ 		if(bootverbose)
+@@ -2018,27 +2022,45 @@
+ 	ccb->ccb_h.status &= ~CAM_STATUS_MASK;
+ 	if (vm_srb->scsi_status == SCSI_STATUS_OK) {
+ 		const struct scsi_generic *cmd;
+-
++		cmd = (const struct scsi_generic *)
++		    ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
++		     csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
+ 		if (vm_srb->srb_status != SRB_STATUS_SUCCESS) {
+-			if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
+-				xpt_print(ccb->ccb_h.path, "invalid LUN %d\n",
+-				    vm_srb->lun);
+-			} else {
+-				xpt_print(ccb->ccb_h.path, "Unknown SRB flag: %d\n",
+-				    vm_srb->srb_status);
+-			}
+ 			/*
+ 			 * If there are errors, for example, invalid LUN,
+ 			 * host will inform VM through SRB status.
+ 			 */
+-			ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
++			if (bootverbose) {
++				if (vm_srb->srb_status == SRB_STATUS_INVALID_LUN) {
++					xpt_print(ccb->ccb_h.path,
++					    "invalid LUN %d for op: %s\n",
++					    vm_srb->lun,
++					    scsi_op_desc(cmd->opcode, NULL));
++				} else {
++					xpt_print(ccb->ccb_h.path,
++					    "Unknown SRB flag: %d for op: %s\n",
++					    vm_srb->srb_status,
++					    scsi_op_desc(cmd->opcode, NULL));
++				}
++			}
++
++			/*
++			 * XXX For a selection timeout, all of the LUNs
++			 * on the target will be gone.  It works for SCSI
++			 * disks, but does not work for IDE disks.
++			 *
++			 * For CAM_DEV_NOT_THERE, CAM will only get
++			 * rid of the device(s) specified by the path.
++			 */
++			if (storvsc_get_storage_type(sc->hs_dev->device) ==
++			    DRIVER_STORVSC)
++				ccb->ccb_h.status |= CAM_SEL_TIMEOUT;
++			else
++				ccb->ccb_h.status |= CAM_DEV_NOT_THERE;
+ 		} else {
+ 			ccb->ccb_h.status |= CAM_REQ_CMP;
+ 		}
+ 
+-		cmd = (const struct scsi_generic *)
+-		    ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
+-		     csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes);
+ 		if (cmd->opcode == INQUIRY) {
+ 			struct scsi_inquiry_data *inq_data =
+ 			    (struct scsi_inquiry_data *)csio->data_ptr;
+@@ -2059,7 +2081,7 @@
+ 				    resp_buf[3], resp_buf[4]);
+ 			}
+ 			if (vm_srb->srb_status == SRB_STATUS_SUCCESS &&
+-			    data_len > SHORT_INQUIRY_LENGTH) {
++			    data_len >= SHORT_INQUIRY_LENGTH) {
+ 				char vendor[16];
+ 
+ 				cam_strvis(vendor, inq_data->vendor,
+@@ -2152,3 +2174,57 @@
+ 	return (DRIVER_UNKNOWN);
+ }
+ 
++#define	PCI_VENDOR_INTEL	0x8086
++#define	PCI_PRODUCT_PIIX4	0x7111
++
++static void
++storvsc_ada_probe_veto(void *arg __unused, struct cam_path *path,
++    struct ata_params *ident_buf __unused, int *veto)
++{
++
++	/*
++	 * The ATA disks are shared with the controllers managed
++	 * by this driver, so veto the ATA disks' attachment; the
++	 * ATA disks will be attached as SCSI disks once this driver
++	 * attached.
++	 */
++	if (path->device->protocol == PROTO_ATA) {
++		struct ccb_pathinq cpi;
++
++		bzero(&cpi, sizeof(cpi));
++		xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
++		cpi.ccb_h.func_code = XPT_PATH_INQ;
++		xpt_action((union ccb *)&cpi);
++		if (cpi.ccb_h.status == CAM_REQ_CMP &&
++		    cpi.hba_vendor == PCI_VENDOR_INTEL &&
++		    cpi.hba_device == PCI_PRODUCT_PIIX4) {
++			(*veto)++;
++			if (bootverbose) {
++				xpt_print(path,
++				    "Disable ATA disks on "
++				    "simulated ATA controller (0x%04x%04x)\n",
++				    cpi.hba_device, cpi.hba_vendor);
++			}
++		}
++	}
++}
++
++static void
++storvsc_sysinit(void *arg __unused)
++{
++	if (vm_guest == VM_GUEST_HV) {
++		storvsc_handler_tag = EVENTHANDLER_REGISTER(ada_probe_veto,
++		    storvsc_ada_probe_veto, NULL, EVENTHANDLER_PRI_ANY);
++	}
++}
++SYSINIT(storvsc_sys_init, SI_SUB_DRIVERS, SI_ORDER_SECOND, storvsc_sysinit,
++    NULL);
++
++static void
++storvsc_sysuninit(void *arg __unused)
++{
++	if (storvsc_handler_tag != NULL)
++		EVENTHANDLER_DEREGISTER(ada_probe_veto, storvsc_handler_tag);
++}
++SYSUNINIT(storvsc_sys_uninit, SI_SUB_DRIVERS, SI_ORDER_SECOND,
++    storvsc_sysuninit, NULL);
+--- sys/modules/hyperv/Makefile.orig
++++ sys/modules/hyperv/Makefile
+@@ -1,5 +1,5 @@
+ # $FreeBSD$
+ 
+-SUBDIR = vmbus netvsc stordisengage storvsc utilities
++SUBDIR = vmbus netvsc storvsc utilities
+ 
+ .include <bsd.subdir.mk>
+--- sys/sys/eventhandler.h.orig
++++ sys/sys/eventhandler.h
+@@ -270,4 +270,11 @@
+ EVENTHANDLER_DECLARE(register_framebuffer, register_framebuffer_fn);
+ EVENTHANDLER_DECLARE(unregister_framebuffer, unregister_framebuffer_fn);
+ 
++/* Veto ada attachment */
++struct cam_path;
++struct ata_params;
++typedef void (*ada_probe_veto_fn)(void *, struct cam_path *,
++    struct ata_params *, int *);
++EVENTHANDLER_DECLARE(ada_probe_veto, ada_probe_veto_fn);
++
+ #endif /* _SYS_EVENTHANDLER_H_ */
+--- sys/x86/x86/io_apic.c.orig
++++ sys/x86/x86/io_apic.c
+@@ -412,6 +412,18 @@
+ 	u_int old_id;
+ 
+ 	/*
++	 * On Hyper-V:
++	 * - Stick to the first cpu for all I/O APIC pins.
++	 * - And don't allow destination cpu changes.
++	 */
++	if (vm_guest == VM_GUEST_HV) {
++		if (intpin->io_vector)
++			return (EINVAL);
++		else
++			apic_id = 0;
++	}
++
++	/*
+ 	 * keep 1st core as the destination for NMI
+ 	 */
+ 	if (intpin->io_irq == IRQ_NMI)

share/security/patches/EN-17:03/hyperv.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujP0ACgkQ7Wfs1l3P
+aueetw/5AQuf9NbvaF6EyBq/4yY7ltLbFLBCSNQDij4sK0wLEPwZaUj3OVWaAVe5
+kZfGbdWl9E/iXbrQQO8gr6qSK7tvzBoDoZidTbS+PaaSJMq96GOtjgcUX3JAMlNL
+iygmYFq48kgFVvaja6NUPNxw5qV7n/HumnjqjC4JAxoeJ8SBCvzn1dmI5G/i2MMF
+gheVPUo/c5Gv5waaL2YDNRjQs80bPlssI1q/Zk9fORdLY4KzhG4nVv7ZwNoQS+w4
+y5bi1tgLPorpXycQbRCrV/E1Ll521NsX0D7MA0zwoII9KoDXJi+1BkS7YPA+IJh/
+q5Y7S6/zB0fUhyrjt1+JHP8k+oXvA7m2dvhzAJGYEo0NokKY/mCTLUnGvnRMrzMF
+nRYFxbImqPW5FtieQZ6+ChaZoSkaAJ+VCweEQMx1KzREs4JUwRquxKFxkHwWEybD
+mJ8R/bI8j3w3D52OqKCUGV9Mj7ZkoAicggtP5vPvTBg7kCb7hnUybHRk/zxxfwXp
+6NPvMP4TEz2/4CncWZh0rUFI7HzfQSSEq3HTz6NxE6k5I8rt9h63R/AhJiqGegEy
+SaN+lMMGiZ7QtQ4yVMPwvCSr6URabASJVXI9PUuFMO19Gz+pPrq9Y+zFU/WHmJL8
+XL86LeCtdGRzRR/5t/EZ3/3cZQtevKjjy3PgsmA7Vizfp1dSnLE=
+=8o7n
+-----END PGP SIGNATURE-----

share/security/patches/EN-17:04/mandoc.patch

@@ -0,0 +1,119 @@
+--- contrib/mdocml/mandocdb.c.orig
++++ contrib/mdocml/mandocdb.c
+@@ -103,6 +103,7 @@
+ 	char		*arch;    /* architecture from file content */
+ 	char		*title;   /* title from file content */
+ 	char		*desc;    /* description from file content */
++	struct mpage	*next;    /* singly linked list */
+ 	struct mlink	*mlinks;  /* singly linked list */
+ 	int		 form;    /* format from file content */
+ 	int		 name_head_done;
+@@ -146,6 +147,7 @@
+ static	int	 dbopen(int);
+ static	void	 dbprune(void);
+ static	void	 filescan(const char *);
++static	int	 fts_compare(const FTSENT *const *, const FTSENT *const *);
+ static	void	 mlink_add(struct mlink *, const struct stat *);
+ static	void	 mlink_check(struct mpage *, struct mlink *);
+ static	void	 mlink_free(struct mlink *);
+@@ -204,6 +206,7 @@
+ static	sqlite3		*db = NULL; /* current database */
+ static	sqlite3_stmt	*stmts[STMT__MAX]; /* current statements */
+ static	uint64_t	 name_mask;
++static	struct mpage	*mpage_head;
+ 
+ static	const struct mdoc_handler mdocs[MDOC_MAX] = {
+ 	{ NULL, 0 },  /* Ap */
+@@ -571,6 +574,20 @@
+ 	return (int)MANDOCLEVEL_BADARG;
+ }
+ 
++static int
++fts_compare(const FTSENT *const *a, const FTSENT *const *b)
++{
++
++	/*
++	 * The mpage list is processed in the opposite order to which pages are
++	 * added, so traverse the hierarchy in reverse alpha order, resulting
++	 * in database inserts in alpha order. This is not required for correct
++	 * operation, but is helpful when inspecting the database during
++	 * development.
++	 */
++	return -strcmp((*a)->fts_name, (*b)->fts_name);
++}
++
+ /*
+  * Scan a directory tree rooted at "basedir" for manpages.
+  * We use fts(), scanning directory parts along the way for clues to our
+@@ -600,8 +617,8 @@
+ 	argv[0] = ".";
+ 	argv[1] = (char *)NULL;
+ 
+-	f = fts_open((char * const *)argv,
+-	    FTS_PHYSICAL | FTS_NOCHDIR, NULL);
++	f = fts_open((char * const *)argv, FTS_PHYSICAL | FTS_NOCHDIR,
++	    fts_compare);
+ 	if (f == NULL) {
+ 		exitcode = (int)MANDOCLEVEL_SYSERR;
+ 		say("", "&fts_open");
+@@ -966,6 +983,8 @@
+ 		mpage = mandoc_calloc(1, sizeof(struct mpage));
+ 		mpage->inodev.st_ino = inodev.st_ino;
+ 		mpage->inodev.st_dev = inodev.st_dev;
++		mpage->next = mpage_head;
++		mpage_head = mpage;
+ 		ohash_insert(&mpages, slot, mpage);
+ 	} else
+ 		mlink->next = mpage->mlinks;
+@@ -989,20 +1008,18 @@
+ {
+ 	struct mpage	*mpage;
+ 	struct mlink	*mlink;
+-	unsigned int	 slot;
+ 
+-	mpage = ohash_first(&mpages, &slot);
+-	while (NULL != mpage) {
++	while (NULL != (mpage = mpage_head)) {
+ 		while (NULL != (mlink = mpage->mlinks)) {
+ 			mpage->mlinks = mlink->next;
+ 			mlink_free(mlink);
+ 		}
++		mpage_head = mpage->next;
+ 		free(mpage->sec);
+ 		free(mpage->arch);
+ 		free(mpage->title);
+ 		free(mpage->desc);
+ 		free(mpage);
+-		mpage = ohash_next(&mpages, &slot);
+ 	}
+ }
+ 
+@@ -1123,18 +1140,14 @@
+ 	char			*sodest;
+ 	char			*cp;
+ 	int			 fd;
+-	unsigned int		 pslot;
+ 
+ 	if ( ! nodb)
+ 		SQL_EXEC("BEGIN TRANSACTION");
+ 
+-	mpage = ohash_first(&mpages, &pslot);
+-	while (mpage != NULL) {
++	for (mpage = mpage_head; mpage != NULL; mpage = mpage->next) {
+ 		mlinks_undupe(mpage);
+-		if ((mlink = mpage->mlinks) == NULL) {
+-			mpage = ohash_next(&mpages, &pslot);
++		if ((mlink = mpage->mlinks) == NULL)
+ 			continue;
+-		}
+ 
+ 		name_mask = NAME_MASK;
+ 		mandoc_ohash_init(&names, 4, offsetof(struct str, key));
+@@ -1256,7 +1269,6 @@
+ nextpage:
+ 		ohash_delete(&strings);
+ 		ohash_delete(&names);
+-		mpage = ohash_next(&mpages, &pslot);
+ 	}
+ 
+ 	if (0 == nodb)

share/security/patches/EN-17:04/mandoc.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQEACgkQ7Wfs1l3P
+aucgbA/6AsqHHLk+Cfjad7pRQ/gLP2AGbGvGKjHztRrmHPqlILF2ev5kMI0/Ulbx
+hz6hDgYZOwXTW38av2E/jlt1zhwFQ9gLjMLcNedeFY4xsujH/6L6PYJrJALqIXjI
+dCNFYfH3avXzviG70wXhcIcDmOgOtXhQ5huKkwtUDK+I4maup0d6YNq2uXEaLt/x
+M4HVRHkre8pjqRpOVLruhwdqv1/Wlr22MXGZ5XT9jP4Cc6/XK/giwfYDZIB3g4eD
+Yu9ZcuZPwXiMaY+ofKg/zocHtN7vHDZsKFghzh/gMo5prhBn1umYHQWx5trqLmo2
+dyCFkT/K/+brbG4sayUhzXGw3b2Mb/XzVM1Sez/n656vKcIfy0osuGG8PveTwbED
+bY4f6p01hGYb5pNIgVh3yehlW39iUnob1X1EcGjo2p4Saxi8LwjBQ0QmiJGj2SRX
+48TF2EmlJYFLkm52O1PE/z6KKP6Nw0kLk1Q/IcSFFjnv9zidfAhJKHuz8QTfVbI6
+z7TKsrcEXFso/L/Qg62xmSw0mg4gpdmegSfmLsgbNmcnGZOlUkGnqiI6gS8i95RL
+kh15sahWblxUmuXH88y1CP3YEBKo+4G5R99DfMC55jy8uDsX99veHrehp7y3nxA9
+ER1GW6d9kLnaoxY+L7ubLkmU+rozuyYkSBaqtNAx/3yt8NBnh3w=
+=TyPt
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:02/openssl-10.patch

@@ -0,0 +1,11 @@
+--- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c.orig
++++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+@@ -267,6 +267,8 @@
+             len = p[arg - 2] << 8 | p[arg - 1];
+ 
+             if (!ctx->encrypt) {
++                if (len < MD5_DIGEST_LENGTH)
++                    return -1;
+                 len -= MD5_DIGEST_LENGTH;
+                 p[arg - 2] = len >> 8;
+                 p[arg - 1] = len;

share/security/patches/SA-17:02/openssl-10.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQgACgkQ7Wfs1l3P
+auegMQ/6AwM1SkI936FCoj48Z9gVGTP68fbWYSiXpYb5JoDh/E9y/BlSAWSmxi2/
+70EmzRXahvgEQbgEu2WBpOq7AS20jQvF6TeRqjtKQQ7/RZwyxCG7cHy5VQoxlx0M
+6M8Ggpz22GmQN81p1wT6sCEt4PrFw07/x+aveP9XY85VoFQZ13x6CX/yLJhmqlHD
+FCaGwTDLYHKI/dVnflO/dyOcTfdKs/nJt3uomS0ThgB21nrrK6dEA19aMUxXq0/A
++sdiBGu6rhpJnL2iO8f1u1qVAQFbiBRyYmuk+bmo2HXbnyxyW4DItHjj+RsVfXGT
+jN9r9UBFlQt0q44OkHBQQ1QTP4qwZhWKWtMpHrRmZNv8NDvR5Q57Pu74XHJ3azcR
+JQ8lSnbBkDRMmbQHTEn8i5WGMcmnIBCDfZDOJdoMy6hppvd9t1nfVDJRzJobznvb
+HGXbbDIFekp0MbiunGz2iMKpCbvJLglDIzD6pSCEHdbIotvZqoHvyO8pw4yuBJFh
+wo2lu/Gxr4RcITWTo6Mo0C5JcF42QGOaX6ELMb5tXwfRXh9IFPiJlSmziN+lmqUx
+h/t1OUahR9GefDiZFI1aNcmv/M0Vg0nnA3FnS3c/Y2dSQ3NAjaLmWCnXJHiH/F5J
+63kJEn1q2jiGT75LMnPVumezIiYtKLJUIh8M/90ihKB8+8weTKk=
+=wnyq
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:02/openssl-11.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.18 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujQkACgkQ7Wfs1l3P
+auewhQ//VFWQScIUtXC6zAR9P70ua1ez1imvhi5iB2W0NJOz/47UaM9FpA0yBRbP
+99CHNo7PrtFP7plSVqDB+InzSHrmgne5VbquOdqJBoq3qkBFuR5VY5sHXGfq1fzG
+vRAWGaDfzN4JcRqIS/ocvcRno9+IV+zF9D16roIVj4o4/s16iGfBb2Kz8nCHukjB
+ACIQ3EMkd98KHBO70dMilaO+yyKdqu5UId6Lb6BorN79jyiNerhhCHniaO0Pur5u
+6oVyRy3Ext9NxXsSqodSOOd3d6SBO9SOX/z7SLT+oi4UM7Ci3wfGpb7R1e1hZJaV
+5+eq68DFqeJeRIyKvAS2T7mYqRQq/rKRL28LfkNpVNtYypsz7ZSWE92h6/HTLzpy
+8iI0bf1QNN9LiyZkiSSoxtkiVTp6JyK4L5O9kJs4BnTJ2FzGOtHYECuALGKD2y0n
+RvJlq1k4/X75zW14+Tbt0ptTLBlpRZKvbP4SttYqjVEgxVDCirbpyuheWu+n43ah
+xuSix6LbRBvMqr9bjQthfabzlPZzFQIpHmi0pgCasI+BRa6XKAR/UyYlIgy2rRFW
+fuN1WM3E5yvVtRfpIG4gPjZjoi1fwP18zia1i7zl9bQdpaUM/8WSjTSxTK0Dih2A
+3NSetWoFBbZDtCc2Dv2yIP6BclUulWNnmZdOnuiEVOGNEHvHoUs=
+=c9X0
+-----END PGP SIGNATURE-----