Index: projects/entities/share/pgpkeys/beech.key
===================================================================
--- projects/entities/share/pgpkeys/beech.key	(revision 41353)
+++ projects/entities/share/pgpkeys/beech.key	(revision 41354)
@@ -1,35 +1,50 @@
 <!-- $FreeBSD$ -->
 <!--
-sh addkey.sh beech ECBFDC44;
+sh addkey.sh beech 68DFAE1F;
 -->
 <programlisting role="pgpfingerprint"><![CDATA[
-pub   1024D/ECBFDC44 2011-08-29
-      Key fingerprint = 6921 47CC 8B61 7C02 70EF  4D00 16B4 EAB7 ECBF DC44
+pub   2048D/68DFAE1F 2013-02-26
+      Key fingerprint = D58B 3E9D B0E3 E081 EC6F  69D9 CDA3 51DD 68DF AE1F
 uid                  Beech Rintoul <beech@freebsd.org>
-sub   1024g/F1FD1C3D 2011-08-29
+sub   2048g/960F45D9 2013-02-26
 ]]></programlisting>
 <programlisting role="pgpkey"><![CDATA[
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQGiBE5b5cQRBADUMThWYK/+cy0IO39D+w5sREzc5rvsCh8Ia0n7EIh7BqL0LrO2
-AGRjImOC2GCDdXNTS84RD+/TwonAOWK6tLn4wDTuYJQqi/0Z3IrPob7jKKwhK4o8
-zVwb4XLLWKTV+nfKbeUfcrp7eeD0mDRX3YJ1b0piT8AFkLjqQGiF4L7VrwCgkO8C
-uIffCwAV6oAFo+taWxeNQNcD/3luZVyWCffbWXHAYuXIBCwX3/9ehSqS1u7RL88b
-2xD0D9ZAaXC3kiv/ccu1ZSUx+olq2uHTHfFRdeoH26OOS1yMD9x0oyyY/hfpiWHU
-MOG4ZMkV0M+vdIGKOyCoQj13bUYgEYxoOT2FR8rjMWtdy7kgyJrVk0k5b3px9Jd2
-qGlMA/9eqgeEQuZsXoX1mT/0ZgDp4PRxnQ6RJ174HPM4zgG3bhEiAhUAz56NSCR5
-mKq5Lj2FqWq8jlb7mVD+hL/taKIBBAGBjaXhotkTY0Lhpp0SzgVtkDGsmgKxlqfh
-ZQqLC4cgTLsqAYQOt0IqlK54cLkwwm21VeO6q4Mo0HSiuLVdUrQhQmVlY2ggUmlu
-dG91bCA8YmVlY2hAZnJlZWJzZC5vcmc+iGIEExECACIFAk5b5cQCGwMGCwkIBwMC
-BhUIAgkKCwQWAgMBAh4BAheAAAoJEBa06rfsv9xEs0oAnRCR2Md2jKcIx8F2WPDM
-sQAaSqlzAJ4h+qVgOzfFULS50q+1kvB/PJ3C6bkBDQROW+XEEAQAp1lE3HT9kFTH
-XeaNi+IMfaorNcaYkHmGwqHuTiKXTWDmhbUEIqT8jsPcRVF1etw7gK7l5eNilQsE
-qHd9IgBx4SfP/j3rl6wH9tYx53013NZTrDcR8C37+9HhFO2xwHMCXEk+4rSkyBZ4
-D62qtZeiYouL6Y2vfhEsYJcy1tgRWocAAwUD/3RQo+7vgIMIGbQVcGcQNFKHLj6/
-WMSVDIuRj5fm22TYnqTVBbOUOEEXXPnops5+K0X9sv6QXFb2mqkPQR2Hed1RNIdo
-vp834XCFS6frYNdc1ulPSAevsFwBR9ub9fQS7Ca7m98n16M7xIl2QTktQQl/RuGb
-fIIHpH2i7AuB+RcKiEkEGBECAAkFAk5b5cQCGwwACgkQFrTqt+y/3ETvMwCfQk/G
-2zlUtzB5mYNsSNNHflFIGSoAniU7mn15Z82cwMAE75DMhQKaBHYD
-=Fb+t
+mQMuBFEsS9ARCACeJJ0k7CU+53G9GGNcDfJil1iS3QZlgIgCRXnH6zkyWrwCOL0V
+JeGa3EzIvYGyQy+nunwmSmfVSpn5bZYu9S0feACLPVOXs5bHIm8TwEhq2xZkTdtb
+uZXe8+TSqRYqo9rE0szZ1+8zMTvuv8VWlSV5bfSsZad3BexdVvVSY7VXT3ew9KuZ
+PsKikkjNFkEuNYjx1rbNwoAG2hN78oeyZVRF+M4oascxT54Rk3QohS3NgFhI/GFZ
+eJsplVUyQhBjfjs7TETCQ3rdNnJSz/7YYXQVmlh+m+XL8z3Vwh8PDPUeqy3rNwTd
+KFaCU/yFLXCE+WP55FRxb8fHoYvUrTW5MGunAQD29x/4HoFP2ulTV4VLN2bnRK5R
+yS++Ijwt35E8DBdcNwgAhN+AyGnql+bA4BvbJQ6LUejNyAXM/3mmGIgho/58cDrJ
+oYbonXk10FTrNMUurSuCS7VaVl9lPux/Rvhy8XhzGtqTe7B6BmM3i4C9VQr98u9U
+LxkdA6nCZoe0oNZcaNRQWusCiSkb2w7h9IbUVPfgrQrmd80U+uFhTNg0aCGDfhfV
+Ihpp1Y8WQa1zNSElBBAwVO2+g2rXFnzUrFIrwV3dYA498t6lHB75ByF9YXhzkuv3
+TzZgj8mnZiFhXUx7mlaKeEbP1Me+QzvWFRW0nXizwzNwf8Bho+fgLCO/SG83WNml
+XiTFUMHP6nzicwwc0S+YuzxM+6/8FkCJqzubPzETAwf/fIdH/cC2blP8jQJxXrPf
+3raotWPqk2F8EbdpLBIpz4YJ1nwTDbboPDFdDK6/8rvvLA2VLZ8dSOyHZYy80gni
+gzA6uPMbFW7q9xftBRW2kaNaUAkRyaBG2S/CvX+7IYD/OmU7YN7gpEP4mAZ7BWeE
+A+RAEvUByrUqhsGeeX6oMT0JMq/8C+mz1o6Coza9QqPznJdTv8tHW9avgnFu3nHT
+TeWbn/RHkhDvbV4X0hu9CoHrVdOFqvnPqSBKaVQsTM15ZynKoMELK+Uk4jey/DyJ
+HdTwzQgch8yCC6GbMHrowgpf04CJN9Ov3/uKBFXU3/DMuFc0oiXpIfE/DC1WzYMY
+rrQhQmVlY2ggUmludG91bCA8YmVlY2hAZnJlZWJzZC5vcmc+iHoEExEIACIFAlEs
+S9ACGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEM2jUd1o364faYEA/Am4
+DBaFHTlgOdZGzqYqMqIsdGhOHH+d2EpnsC1mDW/NAQCjwSwHZYMf0cv00Y1rbjvk
++Iageuyp6rIOdiQ0Pksc1rkCDQRRLEvQEAgAp8Q394Hz77rS0OB/sc8klQcOfEAi
+HsEnYjYBm1VIP5GMhShC9mzzw9Je0kCMdWLHWBXc1VsyMcH15luy+rwJBr2YgVwV
+mK5gml/jOSc9dm58YoUXikKO3dJ44kM5JSxfLDfLMDH4TTTmEyGf7RyFlxWO7VVa
+qAz6bsmklHbGxXRC4lGTYF8+4vGJYlc7Y/GaV+mC39hfDaXho1w1O1SpcvKBZWsb
+k0oHgGzlNl5gn1S00ZOjusXHtkUtGsHj8tPGXurBW7aac5iRwMbLbcOy7aD368oV
+kSGUGjHcx1Z9u4O/g3uPUdnsXsI/N7HYLb6dMpumAl/IwEjFXwju/Jxr0wADBgf/
+SNK1Nsg0a97MAci9O1Qp57awCrWB73hNwGw+qC3xSduWmlS4MLZH+DGocv9JOHhW
+d180tTf081svVnWYURaubWsI5N6vgywcXkYt+yvqUcLvttQXYeJS2jTL+1vRErkp
+oEueYzJhZ+sVk+0gG+R6dtsWSwWWXYQ1LdlVeXhbbVWqs3kvGq5IQP0ZngvC8OsC
+tCat6hzTEIlbhSVErdKsrVBYMELZWleJX5RcbX9rPykTJqyH/2bANBAT8uLROHAk
+pQ4rnQD3TeCSmP0pDYT4TWAcpxe69aU/a6p591kW0CI7dSZVHrao6q+hmHLWDk4K
+ELGLyiM/IaOrKyDBPi8C/IhhBBgRCAAJBQJRLEvQAhsMAAoJEM2jUd1o364fA+cB
+ALaWj7vG0OqUqGgLxCdSZw6bCME/vU/TNRmn0IgAYOQTAQDe/sdsNUs/MzFJi0re
+0roDMXVUSkNFP4PN4u5jyuzVBQ==
+=EWeR
 -----END PGP PUBLIC KEY BLOCK-----
 ]]></programlisting>

Property changes on: projects/entities/share/pgpkeys/beech.key
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/pgpkeys/des.key
===================================================================
--- projects/entities/share/pgpkeys/des.key	(revision 41353)
+++ projects/entities/share/pgpkeys/des.key	(revision 41354)
@@ -1,288 +1,232 @@
 <!-- $FreeBSD$ -->
 <!--
-sh addkey.sh des 64EBE220;
+sh addkey.sh des F94E87B2;
 -->
 <programlisting role="pgpfingerprint"><![CDATA[
-pub   1024D/64EBE220 2006-11-11 [expires: 2012-12-31]
-      Key fingerprint = 3A1C 8E68 952C 3305 6984  6486 30D4 3A6E 64EB E220
+pub   4096R/F94E87B2 2013-02-15 [expires: 2015-01-01]
+      Key fingerprint = 578A 3F4F 9E04 9FCF 3576  BF82 BB9B 471B F94E 87B2
+uid                  Dag-Erling Smørgrav <des@usit.uio.no>
 uid                  Dag-Erling Smørgrav <des@des.no>
 uid                  Dag-Erling Smørgrav <des@freebsd.org>
-uid                  Dag-Erling Smørgrav <des@usit.uio.no>
-uid                  [jpeg image of size 3315]
-sub   2048g/920C3313 2006-11-11 [expires: 2012-12-31]
+uid                  [jpeg image of size 4779]
+sub   4096R/F4DE87F5 2013-02-15 [expires: 2015-01-01]
 ]]></programlisting>
 <programlisting role="pgpkey"><![CDATA[
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQGiBEVVy+cRBACQ937Evm9hWTrWo4PSxJEs7Ce7g1iMAAa1aZwAG0iUBupM0vcd
-eag4BxPWZNcWE86IB08tM9vdrXAS/+lKFPuKQDhBfCSPrvVHRdFokTaPZ8lekMCc
-vedIojkHs2v5hdXwud5PmLiBXIrTzIkIwKeSO5uZDE8fxvpCsD+XgBXnvwCgjTJS
-oaFH9GnwFvPZi+3chQ2T6fUD/AoFlEbJw0pqEopbYbIun3CBTl8G8sCrn9X6IpKX
-Lh4CwzlJOV2+3hKUnK2Pv00R7kJmGI+0TrGjF6O0zeRkl6eNXQxgbhxrY3QJpTlC
-PBq6bMcstlqRn7V4YCndXLRUxUNApg/BAiex3Jk78YUR02Fm8Yn5moKa8aYI+Kg3
-q5HbBACF/bIV/T85Jzds6ShS+OpzRXeL/v0640bdoJxjlcCvuF/zldp4ynB7mz5t
-+JDY4jBi+051uOMNGPsUbeSoc7/SXAoh3KnzO1GpX3hGzgXPg651TiJYSUx5AKvS
-h1YsRbkew6JzEdcjSRgEROYNfk1n4Vqy0t8sxxkogaEpT0dVJ7QhRGFnLUVybGlu
-ZyBTbcO4cmdyYXYgPGRlc0BkZXMubm8+iGkEExECACkCGwMGCwkIBwMCBBUCCAME
-FgIDAQIeAQIXgAIZAQUCT6JYOwUJC4xNCQAKCRAw1DpuZOviINawAJ9+mnZqYDAZ
-iM17+Ti/oCXIoOaPmACdFe9Q6Xx3c0Ad3VMqvP1TRD2W4NyIRgQQEQIABgUCRVXO
-fwAKCRAV1ogEymzfsq/rAKCVT39ClkO7YeP1Q8eM3/S4UsfKoACeKxlvYw2+xL0o
-B6BU3vNSmcmXeK2IRgQQEQIABgUCRVXREQAKCRCgT/sbfcrp00DlAKDxpOcBApBW
-9rNc5Tp91aTEhS6bNwCgvKIYGlVCtjCdZcxxwVW1XBbWwPGIRgQQEQIABgUCRVXS
-1QAKCRAUZZfc3MOZxy3mAKDDeQzsPr2stsx+rbkv9PP416WYaQCg1nbcjSDuSuOP
-gvk4pUJdm7ya1wiInAQQAQIABgUCRVXU6wAKCRBNVigheQUMEURsA/9KiOfvLcSg
-BnFr/ljqSJdSTqXH1aRnFX/xDul/4cqcysvqyRA9RKNepg1wzzxYDMtHpUYAeEzR
-gobSrZwcXfE3M5fKCB3rSFoVgP6If/zcxBzT3+ufahha0+vNeWac+lzJ2ZB8ofB3
-p734UhzfbXcohyHMTV2dw2KFSaPA86xfqIhGBBARAgAGBQJFVdo2AAoJEDMRJG1R
-R9z0qBQAniPp5o1Cwp5ovrFIFa6/TGWLXQ+PAJ9gp2KHf5AQ8qi33Nhr4x/Owffy
-l4icBBABAgAGBQJFVdGHAAoJEB9/qQgDWPy9YKMD/2TONRgoAiTVlSje/QhdLSq8
-UsevjTI2TQKck8RT8OowhquDrlj3jqkT4ZknWBMO2fNmBrjgATXBwxNA+VfzWxaR
-MEHWiw1FTro26tMd/l887uB6G/8S7OIERHkWyCedSTge4IJs07GyxykGORSJhJdW
-hlBr5eADkEA2Zb4hoVTviQJIBBABAgAyBQJFVxrYKxpodHRwOi8vd3d3LnBhZXBz
-LmN4L2dwZy9zaWduaW5nLXBvbGljeS5hc2MACgkQJknmKMXTTQVjSRAAp+JK7kcz
-FAygdwI/zxi+C7HVuR4VOf3Zbl3u0tyMfLaAjaRTImxuxoA+qQ7luikONLuFIwLr
-urSLkjbawlgYpdkaoS+d6gk6hRfvkejpgrC6Uve+vuUnO3XNhlgbEZlEKThxt6x2
-mS/bjJ98q72nDXM0jf7YSpKPvWPugndy6Z3puOdh6pqLJLR62SVp6OQixj3vohsF
-49ubMO7F0kbc6GueM3IWIUUHl93rStf8Zeyz6LB4nSIA0xycLynQIt60UerXkvFb
-wReN/rPW/C41MzdBKled/aus1B9gcNpv4MnO3+RU9SYpLQkJthvHfsmjMnoBvTWZ
-LrEfeGiqlg0pP/TpWE2sdf1wXrrvMgPd/oVRjSUgiEUB8LRojLNHJ9KrxMMm8kjd
-g+DhmB/EZny3IUdXYU01xd6MrXgAy+Yw0BH6639fh38/BldJU/bHWimIEQWY3vd2
-r4Uii513sThN6Usf2wBlfO3sQsUFiLHqPMvrgfDWk14xZzVbA3Nq6YqkLa//4AO6
-UdpB+jBbTrh5QOuoOt9OzyDNN/4LcnaI6DzS63XalT7VPBQaX7jva7QjPDcCN76N
-yrsj0+qAT6LVfHB+NAaci6C0Wvpi0VzkzVaajmyipa+V+W6Wid1PVI+shgq37Q4W
-OCBVUG3Eq1MjlnfLmpBCVOgNQ08V2oyqAQ+IZgQTEQIAJgIbAwYLCQgHAwIEFQII
-AwQWAgMBAh4BAheABQJFVcxRBQkDwmdqAAoJEDDUOm5k6+Igi28An35E6L3+noNL
-WMHw82RtSuB3XjWAAJ9kjstEtXAF45OHIt8dNKYrBBN1PIhmBBMRAgAmAhsDBgsJ
-CAcDAgQVAggDBBYCAwECHgECF4AFAki7s04FCQWjY98ACgkQMNQ6bmTr4iB7ZwCd
-EMsQfdWojVhBQZRVPQjTlltr/k0AmQEWEwIZbJfGYf5xKebJH6Ekr24ZiGkEExEC
-ACkCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAIZAQUCS1sGhwUJB+ZuFQAKCRAw
-1DpuZOviIDslAJ0f75LCOHcSAzAny1hTig3JWcfpggCdF/PWif83qminbI7q874X
-uUo711+IaQQTEQIAKQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQkFo2PfBQJI
-u7RwAhkBAAoJEDDUOm5k6+IgvwQAnjkbpl9fCyIoN269eH6jtLwU0Nf6AJ9MDjMj
-mwUMkkziA5o6GhFZj6nqIokBHAQQAQIABgUCSswFbQAKCRCQV4eJidhUfhERB/0T
-Qtz7ShUjy/xLc8Z3Yqt/izJrq2em+5AiU+NFOKf2nzwGRCl+aVmGXRiOYYTHktP8
-zUcyM22CoMbqYhIvHtwGqC1GR4n+/enA5+AS8eKOB/walTnOd2rrtFpc1CPNQAKt
-dGh8MgIoyXv1jYwapyXC2Pf8dC9tK70Iz7GRFwl6/9oAAmAnGg8hUlRL6IKgaKLw
-FjfZO4zPKwRU4IAMIflDEvDDBlF0ibrPtXPfRKirH5iEtgyAM7c92tlcYKgcg3In
-smJHJIwkluFmEJhk9DRUF23BLUHeD7Xi8PY75MGAM79pecz7aTTxokrcu3mrOTDb
-OqUxYSqnxAHq6it1NfYKiGkEExECACkCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX
-gAIZAQUCTAQVDAUJCI98fQAKCRAw1DpuZOviIENjAJ99txU+la581MnSNjUtmx5k
-7hstrQCeOABrr2XuqOq6DryKPpe6oMpSv/eIRgQQEQIABgUCT6JoiAAKCRDYT/Z3
-Eu8v9SRfAJwIwxLZQuSBJhR/97hoI22XjEqgLQCcCyqN7hn7ai8m60kWDt/uL7i7
-xzGIRgQQEQIABgUCT6JongAKCRBnORBojY77WK9FAKCc0JBLustX40UggcvnpAA9
-g4X3PwCgnhN9DdgLIjsyI9tKQ55EptgRNuGIRgQQEQIABgUCT6Jv3AAKCRAxvbPd
-CjXKSIFxAKC8LuKdOB6N53vwJibDb1G6u05D+wCbBAeg18YHefQyh4Txo5BwhUnL
-5/K0JkRhZy1FcmxpbmcgU23DuHJncmF2IDxkZXNAZnJlZWJzZC5vcmc+iGYEExEC
-ACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCT6JYQgUJC4xNCQAKCRAw1Dpu
-ZOviIBeSAJ9rAgIuzd9g4u54lFp45EJTTwd24ACeJfyVjoelptB0lbw68qxLATNW
-D/+IRgQQEQIABgUCRVXOegAKCRAV1ogEymzfsnDiAKCDqDbgYcFBAkPICwm2dFDN
-9imE7gCbBBXvn08H5pHt89RMqi8OoSPZEU+IRgQQEQIABgUCRVXRBwAKCRCgT/sb
-fcrp05iMAJ9mWLEhDSbl3P0bZIsn7B3fVd6/uQCg45Ok+OAPMrdayU8QGnyEpFp3
-6s+IRgQQEQIABgUCRVXSxQAKCRAUZZfc3MOZxyzEAJ9qMIsIysvSh0D1K8XTy5bv
-vMM5IwCg00cSjveY3auHIkR9zsrQ0JzQFl+InAQQAQIABgUCRVXU4QAKCRBNVigh
-eQUMEZY4BACIRKgFqgDXfU0W2mbrCgm3m8Y+CsK8mrb0RZwAnX9vkHUD5TFlyxU/
-6NJjli3zv2V6eT0fKsoeUi0uScwb7X6kPAqV5bu3fYEP4bgxGCG3zh3kJlEY4dMc
-+3jXjqaPWiPO96PfPGVmOcXq8wS6SNijDluA/BRN/twQUYpjCfT6rohGBBARAgAG
-BQJFVdolAAoJEDMRJG1RR9z0OqgAnjHJpoaBHclFqiQ+lxUbaFpxkAKoAJsEZYMf
-+SvRMBp5FX51K+a32bhBM4icBBABAgAGBQJFVdGDAAoJEB9/qQgDWPy9y3ID+gKp
-RqNw2HggMgKDTNq2fX6CPfuP+tNY6xJokzGfXwnNSkNG7Nb4N0N4mZc9TWhNPMzD
-erm9eLZwnlks0zGis++NZZuGcbh1p8kHRI1BqnJwkspB7MsmcZeLq5FiTTv92fqO
-jE/vAoNUPE7M9IkidpKKSCQvtT2LiFd+TEeAhYUliQJIBBABAgAyBQJFVxrJKxpo
-dHRwOi8vd3d3LnBhZXBzLmN4L2dwZy9zaWduaW5nLXBvbGljeS5hc2MACgkQJknm
-KMXTTQWQhg/+Iw/okbVJbs4m+BXShV9uO/wbhTUtYSdSYYsd40CW2w+UhbZ4XVVd
-XDPRTrMSM6XGFTF+QOdvCSrvcETVTWp3ZSjjxbruh8DGLNVeV7f2mWmGQHKWr+sk
-dMumxJxdcGVqbjIf5k43jlXo0CGW9IcM8i1aUX6bgsGe0BatMRxP7FgKNSA7BRN5
-rCHzYg88/CJQk+pm1LON0Kfuy0Vp7n5mvB91Z9qDBPlT3+MEvfj6n6oC2mbXPECo
-/k34sJIj/lZCvVWjgpqGG0dG7XY+ArdjeGlBP5pbypS0ibPwDXhVxx7DjPJVlxPs
-RVYvdWkYIYATAsddwlGo54dHfWGojXZwJ/8CWgI9sMclQr10dOc4SurVxV7QaWh/
-HTZeXLfJ/0NiWg5HKW7PgZjS8swlUz9m5qbHpsDXr/P3iAfHcJa2EGnU2nqBMJvT
-wv2XQSdgc7gxmlKaa/n+Y15z7a2AOMz/qMIoHmxI7VFtJSXd0ynSmDwXN8UIszup
-8Wf9kO8tEhNTAtDjGg+BxzCHmtD2f0V4b6XV4Oco/4ACykU/T1MUEgXDcGaSyY2h
-yKqhUmljlHfjPMkZRXCEIft72LNlLfaJQlDQfVUCg2yH8nTwUkcGnPU9aQApnf6r
-PvEmOZuvs2+nzwTF9YLGVOsX/3DjK/e2WSm68wul2KaJVVODyOnbAS+IZgQTEQIA
-JgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJFVcxYBQkDwmdqAAoJEDDUOm5k
-6+IginkAnAhVjjz8rtrJGvX072L8g5sR3dCUAJ0QjELqG42pdZuk2vAqxGUfnLth
-iohpBBMRAgApAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4ACGQEFAki7s0kFCQWj
-Y98ACgkQMNQ6bmTr4iCVMwCfVQykft7g/uKBGcwMrMhu8H+nuHoAniuB8EonWEgK
-MtOFXQQCayFinbtiiGYEExECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUC
-S1sGjAUJB+ZuFQAKCRAw1DpuZOviIKLkAJ96uY8i0U6ZCB0uNwqWo0SBjEQxDACf
-eNq1w3ArvY7UyKII59EPlqczTpGIZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMB
-Ah4BAheABQkFo2PfBQJIu7RtAAoJEDDUOm5k6+Ig1t8An2DkvcnL1sjUvE8Gh/mH
-laSTHttcAJ9WgMXsRHqUiliOmXiQ0kMsc7Vu7okBHAQQAQIABgUCSswFbQAKCRCQ
-V4eJidhUft1tCACZDaYoZpRjm+vpyIYmRoY7Dhy5qmuzJYUPNIL6Ed/OffOw524m
-92oXix9mC0zPrXKR0IedFrHf3QttsF3ewhGn3ubkzponi8FaVsNUvUvGL+0f11cR
-HjHqEu35vTVBTt+Vee/47P9rcGzrMAkb5yr4IdLTYyiTYXJAGONCZ9trNYrO36TO
-i9vGYs0ivmI47wwR5qkn1SE9LdcLWNQpzPCFU16P+6goXv7Ssy5feVjsKW2F1thc
-t66tq/pEEwRiGlO/xDNP+1u38u1U9VP8I2D99V1CtNP0j5SQtwlEGCZY5upfkDL9
-yv1vMph5Ix+sqXAXhYumJAX7ZE17EN5e4LTkiGYEExECACYCGwMGCwkIBwMCBBUC
-CAMEFgIDAQIeAQIXgAUCTAQVFwUJCI98fQAKCRAw1DpuZOviINnVAJwMNxcwS6Q3
-IbTB++X7IoLKUXVwTACdGPPHtyFCISiCDDukOUzqwDq/1J6IRgQQEQIABgUCT6Jo
-iAAKCRDYT/Z3Eu8v9X2WAKCR/VCtsU2WVb0ifDhU+q+reNNNtgCffMZpOseJrOel
-bKUyHPhsQ12ZagKIRgQQEQIABgUCT6JongAKCRBnORBojY77WGbHAJ96EOphGi6g
-ymvitQw5FJLhBm4TTgCfVSVdwr/ebY3dd6p6tsrRT8TdAzeIRgQQEQIABgUCT6Jv
-4wAKCRAxvbPdCjXKSGd8AJ4sBDZBohtTPOZaWXkZ5WrMZ1i4ZgCeJhWs/T61Mez4
-/UgRDR/38xGMG/+0JERhZy1FcmxpbmcgU23DuHJncmF2IDxkZXNAbGlucHJvLm5v
-PohJBDARAgAJBQJKLiVVAh0gAAoJEDDUOm5k6+IgutsAnRLoNDR3aDY0B1Mfidok
-JX3cA0JmAJ9+ViWurtybnnqYaCEEAqzkpR1HoohmBBMRAgAmAhsDBgsJCAcDAgQV
-AggDBBYCAwECHgECF4AFAki7s04FCQWjY98ACgkQMNQ6bmTr4iDXmQCaAtXIiyZm
-amwNqPGQGfHNJpnlujQAnjuHMK65yLLmU5pGdk5wOTlWWcWYiEYEEBECAAYFAkVV
-zn8ACgkQFdaIBMps37LuAACfSjbDs0oiGyxycob3mzg0YD4jnvQAn0lR2yVleRr+
-o9hHu7jAahg5pulQiEYEEBECAAYFAkVV0REACgkQoE/7G33K6dMuxQCdF1gf64JH
-IxuXWVBmjRb3LwWV4HgAoJfBSUt4CT91gkuJsIkNmBNtyEMkiEYEEBECAAYFAkVV
-0tUACgkQFGWX3NzDmcfCDgCglJthoRCyhTCkH/ydADyLt2I85kMAoNGu1J0HMIeU
-8qoebbAT9nSCr1bpiJwEEAECAAYFAkVV1OsACgkQTVYoIXkFDBHW3AQAk+Y8GVjE
-2QKVlF5LG/ga/+ACULspf4qEjP0CjfiElKC/M9ebt7DMgHkbcUT83cszO9Khf6Yp
-dhCfe9yBjjUW7IA0pMV3hJ0OeDWiUoGW+N1ibvz4AETeT1dAb+ZaLxmFtIWzMTL5
-RPJ1bn166yZxy4ae2TA0b3y1z39WnTQaMSSIRgQQEQIABgUCRVXaNgAKCRAzESRt
-UUfc9DBWAJwJqDv/aE7dajUH5hLx4jKQsAuzDACeP5YTSisf+T2XiMNgBpBtlYor
-vdiJAkgEEAECADIFAkVXGtkrGmh0dHA6Ly93d3cucGFlcHMuY3gvZ3BnL3NpZ25p
-bmctcG9saWN5LmFzYwAKCRAmSeYoxdNNBbz/D/9+lMr3MrpcBzZSTHUHeoWua3h/
-wt5By3mOFBkcUwJYQERa08t95WfAmnZTRR8mGRXaE9Atazkf1wjcdt5AlCe41BaT
-3mNJd6TO92+BAHaR72PkFr18W4ZPGQDAKfGToQ9QDyy3CFrPRzlooqhzLMonuDe0
-/QXe5YD4OQT9jMTeBfq7i0ryRjjdZ3J4wQ0xcYhOc9pWmJuUIoTEjZkq7rKtU2ob
-ddudPTOKz8V6isG5CiPWpjn4rhEf8/RD9EMfqcANm+FOzMqLQ/xu5hxMiKervjyk
-ixhsI40ixDM1FqeVR4K0T/CIEzXQJXn5ZWH0LLw8CY17Wo1MIz+TugSmLQjFkGhg
-ddk16LQgaa4laUdTGHp1skN11EBq4eQLA3126eWi8xCpnMKGt0Vk2/sRatgjalWj
-FyI0S9ZODrZyicT5v6+mCMCa/y4b7NYl1ZX8h3MhbvvLAsAxK/DKNIf9ML2Oa4uf
-YA+fyNaiaeRw1N+98/OfbAEw/IS0q+ITzum7ksbCkRHa/i8d8E/VtdQPTPK02pj6
-38N7T11Mik2fZK6y2q4Tz9zwqBxsUogZCq6cb6H9iFK6ggQhCl5jLBIv4EcbHjgk
-X9aWERjUgR9DtxBoZPGW7PFkSy0geLjQHDOZdOF2xdP5Uoc90CcMq3pXMmjAHSLq
-bFevAWZLTVS5d2jfSYhmBBMRAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AF
-AkVVzFgFCQPCZ2oACgkQMNQ6bmTr4iDVzwCcDTlnxyfkFCPqERL0Mw/+19Mf1gIA
-n1TvbjdW52t7tO0EQfdSdkEqqEVetCZEYWctRXJsaW5nIFNtw7hyZ3JhdiA8ZGVz
-QHVzaXQudWlvLm5vPohoBBMRAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
-gAUCT6JYQgUJC4xNCQAKCRAw1DpuZOviILHuAKCGC8ljAe0bVdGV6NezciOidZ/H
-AQCeMUoDvOWVgY5/NgxQujRfGmHynKeIRgQQEQIABgUCT6JoiAAKCRDYT/Z3Eu8v
-9dj1AJ9Zhse3HSQeWf4N1QveoF2W7lnIOACgm0OyCjfzWPDvKInqw7izgMCI+G2I
-RgQQEQIABgUCT6JongAKCRBnORBojY77WPJ4AJwIC0PkL3Gnl2ON5/VxAzKmHufb
-BwCgqbAHPry7fCAiOGMTlHZO6Z0BwXGIaAQTEQIAKAUCT6JYGwIbAwUJC4xNCQYL
-CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQMNQ6bmTr4iCPCACfRcaktb01YrIC
-XGZ+XVaSTCYjSKAAn3TtOppmguYfQmYL3fHObepxUL8niEYEEBECAAYFAk+ib+MA
-CgkQMb2z3Qo1ykho5ACeNZfYGrAktdmEf8CW2U/Xy5gtPewAoNTwlZGcQZsF6F9/
-EFZPQfaK7yH80cxGzEQBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEBAEgA
-SAAA/+EB/kV4aWYAAE1NACoAAAAIAAcBDwACAAAABQAAAGIBEAACAAAABwAAAGgB
-GgAFAAAAAQAAAHABGwAFAAAAAQAAAHgBKAADAAAAAQACAAABMgACAAAAFAAAAICH
-aQAEAAAAAQAAAJQAAAAAU09OWQAARFNDLVYxAAAAAAEsAAAAAQAAASwAAAABMjAw
-NjowODowOSAxMjo1MjowNwAAFYKaAAUAAAABAAABloKdAAUAAAABAAABnogiAAMA
-AAABAAIAAIgnAAMAAAABAGQAAJAAAAcAAAAEMDIyMJADAAIAAAAUAAABppAEAAIA
-AAAUAAABupIBAAoAAAABAAABzpICAAUAAAABAAAB1pIEAAoAAAABAAAB3pIFAAUA
-AAABAAAB5pIHAAMAAAABAAUAAJIIAAMAAAABAAAAAJIJAAMAAAABAAAAAJIKAAUA
-AAABAAAB7qMAAAcAAAABAwAAAKMBAAcAAAABAQAAAKQBAAMAAAABAAAAAKQCAAMA
-AAABAAAAAKQDAAMAAAABAAAAAKQGAAMAAAABAAAAAAAAAAAAAAABAAAAHgAAABwA
-AAAKMjAwNjowODowOCAxMDoyMDoyMgAyMDA2OjA4OjA4IDEwOjIwOjIyAABK34sA
-D0JAAC1U5gAPQkAAAAAAAAAACgAAADAAAAAQAAAARgAAAAr/2wBDAAgGBgcGBQgH
-BwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5
-PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIy
-MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACWAHEDASIAAhEBAxEB
-/8QAHAAAAQUBAQEAAAAAAAAAAAAAAAECAwQGBQcI/8QAPxAAAQMDAgQCBgUKBwEA
-AAAAAQACAwQFERIhBjFBYRNRFCJxgZHBBzKhsdEVIyRCUmJyouHwF0NUgpKTsvH/
-xAAZAQACAwEAAAAAAAAAAAAAAAABAwAEBQL/xAAmEQACAgEEAQQCAwAAAAAAAAAA
-AQIRAwQSITFRExQyQSIjYXGR/9oADAMBAAIRAxEAPwD0xCEIHQJEJMqEBCZLMyGM
-vkcGtHUrj1N3keC2AeGPM7u/ouJzjFcjIY5TdI7SMgrHyOkmdqlle/2lMaXRHLHv
-b/C4hV/dLwWVo5eTZoWZgulbAPVkbUNH6smx/wCX4rr0N1p64ljSWTtGXRP2cO/c
-d06GWMuhE8M4dl9KmgpwTRIIwlQoQTCEuUKEHJEqaV0ATKjkkbGxz3HDWjJKcSuN
-dqkmZtM07Aa3/IfP3Jc5bVZ3CG6VFOrqn1MxkfkD9RnRo/FU3Ekp31soAGc9Fmzm
-5Pk2cWNRVIRrd+fuTHjB3Vge7PkhzRjbz3yltDbKWojdI9viOY9rzHMw5jlbzafm
-OytSNGcAZVRwwRjbdcqTTI4qSNNabn6bEWSgNqYsCRo5HuOxXTBWF9KNDcaasBww
-EMl/hK2zXZAwtPBk3rkx8+LZLgnBTkxpTwrBWBCVCJAKYU4pjlCDHFZQzionnnBB
-D3nHsGw+wLR18vg0NRLnGiNzs+wLKUQ/RG4BwVU1EukXNLHlslbk5wla0+1RPqIo
-863gAcyeiSnu1JI7SwucP2g04Wfx9s1E/BcLSNu3VJgkJ+oPAJTnPDWE4z2CZt/k
-FlZwwd1E9o0knomSV7y/T6FP5BwGfuURqXOOHRuaO4SpHSIK6PxqSRoPMYWqsFaa
-6y00rjmQN0P/AIm7H7lnHtEsTmg8xsrvBcuYa6DOQyYPB9o/orOldSryU9ZFOF+D
-WtKkCiapQtJGWxyEIXQBCmOTyo3LlhKN0aZLZVsAzqheP5Ssvb3F9shdyLm5PxWo
-uRIoJtLiDp3PkOqz1PD4NJFBnIawNyqepfJf0sXtbKFZcaOhcWOidPMBq0NGfj0C
-p03EUs7ifyVJHHjOTt8Nt/cu2ykjizpAGTkk9T5psscJGSS89B5KtGUVHlclza21
-XQtNMJSHFpaCM6XDBTKmoMbnEN1Y3AATWaW5c7qo5ntyMbKu51yPULOZV3i6w6JI
-KZsjTuYwxxI7HA5q1Bd3z6G1dM6Bz2gg74BPTPmujEyPAwC09cHCkfFHIMHDvarE
-5xcPx7EqDUm30VQ0jBHIqxwhGIprjkjJlDR3xn8QmyMDQGjbCLRStFeySM4c+Vzn
-H2E7KYJNSTo5zQUoNN0a5qmaoWFTNWqjFY5CMoXQBpUblIVG5csJVrADSy5G2krO
-xyBzA4HO5A+JWkqRqgkb5tP3LJ00kYa9jMYbI4AA5/WKpantGjo/i/7LZbrzknZU
-5ajL/Ah2B2c5JXVvo9MS36x+xZx92qpcspqUvxuSqEpK6NSEbVmmjZkgOO3dRVEW
-HhoOQeoWUo6m9MrHumZNoB3BBI9yfdKy8GdraWObSHYLg0hRpNUdK0aaKofFIWSH
-XGOp6LotY3GppOCsRDXXSCMunhIBODkcwtBariZ6fSOnTyQi1e1gmn2joOOT70yw
-TaahkYyfXcc+WSQoaiYRRukc7Ybq5w0wzMilc3Ghmr3n/wCp2H5pIrZmljk34NU3
-mp2qBinathGEx6EIRAMKiepSo3LloJC5YW7xutt5qHMGmN4bIwdCTsR8RlbpyznF
-tFJPazUQNzNBk482kYP4+5V9Rj3wZZ02TZNX0zPXKobU25zurDnAVJtvqo44aqml
-cWYzJA12M9wVy57g11GWEjBI1ebvJde03ImAAMwBsCSshSSlbRupfjwXKaspn5El
-PXwuGdw9rs77dT0RNVUrIh+arpX6ckFzW7/EJs9wkYT+jRP32LeqibcJH6X+hxjP
-7YIwmPKqGLGu7f8ApA22zVU8lW58sVPv4cOvJPcqxaJmUlCZXAF0jtuwyVWut2eK
-bQxwDjsQ3psuLDcD6EItWGhxe7H9+a4c7doXKLqmaOrqH1pZTRY/OODMeZJwvQKS
-njpqdkUTQ1rQBgLE8I0vp1wdVyAGOn+p3cfw+a3jVp6LHUd7+zH12S57F9E0fJTt
-UUYUzVdooC4QlQiAjKYU8pjlKCRSclWnAMLwRkEHKsPOyqVTwynkJ8kuXHJ1FW6P
-GeI6B1vr5THkQu3HbsoKaqw1oADj1B7LZ8QWsXKmBAy9pzjPNeeVDJ6Go0OYRvtk
-brInDdwb8JOHJvaWaNtIHudk9MDOEle9rIWuDzr25HkFkqS8z6CxsOvTzOpLWXar
-MTXOhLQDuXHG6Tsl8aH+rHux1wqiWEeJgA7eR7qlb4JJ5MuLtDjzAyq4dNVTAuBA
-zyWqslvlNUGlrRGBkkjr2XaW1V9ir9SV/R6BwtTCltOgNDSXEkD2Bd9i5Vo2pXDy
-d8guoxbOBfrRhah/tkWmKUKFimCcIHISZQiQgc5QueuBfeMrNYWubV1QdOP8iLDn
-+8dPfheT8S/SRc70X09ITRUZ2LWO9d4/ed8h9q57CegcRfSPabPJPSwE1dbHtpZ9
-Rp8i7t2z5bLicJ8YVXE89WK6WNkzGtMcEQLWhu+SMkkncfYvIZHnXnKmt9wqLVXx
-VlK/RLGctPQ9j2S8kN8WkMxZFCakz33S2RpDgCPIrN3yw+JmSIAf7eS6HDfEVHxB
-SCSFwZUNH52Endp8x5juu6+IFucLNeN9M2o5E1a6PNqe1aXjOob50tPNJNbpZHet
-G1rW/V23W6fboi8kDSTzwkjtcYPrFzh3XHpsZvRj7dZNc4Ehk1A5wAMZWvpaQQNG
-2HclcipmRD1GgJzmgHJwAOaix0BzRSr7+eHaZtXJH4lKJAJgPrAHbLfPfGy0dpvF
-DeKT0mgnbNFnSSAQQfIg7heK8ecVRXOZttoJNdPE7Mkg5Pd27BZ603uvtNUZqGqk
-gk2yWnY9iOR9608ClGCTMXUuMsjaPqGN2ymaQvI+H/pZaSyC+U4b09JgH/pvzHwX
-ptBcaS40zaiiqI54XcnRuyPYfI9k5MRR0tkKHxP7yhGwHyZJK57tzlMzsmpCgQDu
-mctinhGMqEHUtVU0NSyopZnxSsOWvYcEL0OyfSkWNbDeaYv6ePCBk+1p+XwXnJGO
-SacdRhcSgpdjIZZQ+LPeaTizh2uAdFdadpPSV3hn+bC6QultLc/lGkx5+O3H3r5y
-wPNOwf2kr0F5LHu5faPeLlxpw9bIiX3CKaQco6c+IT222HvIXmXEnHlffA+mpwaW
-jOxY05c8fvH5fesnj2pQPcu44ox5FT1E5cdANvapGnATAMJcpgklDyOq6VrvdfaK
-kVFBVyQSdSw7HsRyI7FcnonAqAN5/ipxL/qIf+lv4IWEyhSg2xiEIRAGEuEIUICT
-CEKEDAHQJ23QIQoEad0BCECAUnNCEQCoQhQgZQhCBD//2YhGBBARAgAGBQJFVc5/
-AAoJEBXWiATKbN+y0swAnioDHaWcqqjBIBSN96Sj2Fc9MdKjAKCI/DI2x/9US+oL
-QqbmWuIM+f/WbIhGBBARAgAGBQJFVdERAAoJEKBP+xt9yunThOcAoM0tU4B5nYu/
-BEThw303mx15tQHXAKCxEiYipngcXVCL2SqmEL5yQq4vT4hGBBARAgAGBQJFVdLV
-AAoJEBRll9zcw5nHxQ8AoMk8FXQ8FRPZmUmSMrgH/rn1W01dAJ9JoGO73MIJqKFy
-HBU5UYYeomGmOYhGBBARAgAGBQJFVdo2AAoJEDMRJG1RR9z0SH0AnihvCeccj2SR
-d3um9x6L1vHogFcwAJ0QnC5IYK6zQNAWCllCQClr93XhIYhmBBMRAgAmAhsDBgsJ
-CAcDAgQVAggDBBYCAwECHgECF4AFAki7s04FCQWjY98ACgkQMNQ6bmTr4iAwoQCf
-UbSry1tIxyiFV0WWn5QW8Iw+HrwAnjVwdwPp9BOnT3uyqFpjwNDO6yHOiGYEExEC
-ACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS1sGjAUJB+ZuFQAKCRAw1Dpu
-ZOviIJhsAJ9HJnl9gW8jHplI1qna15ANpI4vBACffKiIZ5K8QrQn9yHHT8nhMLKT
-gsGIZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJMBBUXBQkIj3x9
-AAoJEDDUOm5k6+IgkBwAnifOXp+8uPgtQ2hDxlWSyWUbeqHzAKCEIFQbupbDsFEU
-wiqSQe8Owu0fDIhmBBMRAgAmBQJFVc2LAhsDBQkDwmdqBgsJCAcDAgQVAggDBBYC
-AwECHgECF4AACgkQMNQ6bmTr4iBewACgiAozbz/tARqP92eJjrQPHTkeYYEAn3DN
-VTzV9k6zLXOFBeOqRdHzpJ+uiJwEEAECAAYFAkVV1OsACgkQTVYoIXkFDBFKowQA
-tG2/NgG2Pr3taGmnFapnnNVXWcCBt1snnMdaCEyhiKh3r05n/dnG2JwCYsQX7J6e
-ng54i2TdmM8IFAAjuxPtg8cSTDOny8JSupanleQDg69KAjqnZqO5mFER0K+KVE+2
-4h/SNNWw4r96SXFTVJ3opQ/MEjmjRpz3NCytjmgWp6KJARwEEAECAAYFAkrMBW0A
-CgkQkFeHiYnYVH79wgf9Fvvw87vT3noYML9lX6VfHx+8EIdl3h7gLJFH9xMAtSaz
-y5TLOfdbr3OSfwO9ahFgxD0+soXSXVV9TsxKKqUXdhYwQBoGg1d9gZtOqfS4PU77
-oZRdWb9PvQGWbFo0V8zI7WQewn3dDdd5AfJoXSZOOZHY0PsjY/d34OFiK88JWA8t
-9tFcmszDxPzLikwN0PyvmPF/oqIKAtAUcfeZfltDBkW+uJvAHMhnU/Rxu7P1XGIR
-dpqZA0fBUC+IL/m5cde1R1ftmb7jxWjrBcIY0Bur1Iezfg8/INsYeNBz3SlYUNPs
-vr4tbm5SuPGkmYPtyI6G5jEN7zg8bURxTDdHHQk9zokCSAQQAQIAMgUCRVca2Ssa
-aHR0cDovL3d3dy5wYWVwcy5jeC9ncGcvc2lnbmluZy1wb2xpY3kuYXNjAAoJECZJ
-5ijF000FIqEP/0/3k2aaWWQvNcUQwx3/gEO89mXNxG9kTJdh0Fwg3QhuYkI8UEo2
-I/k8X6ylgnJEQTusab6bjaLTLZiabUGammXxqiJEsS0CcZ/KQE1CHBaBsyk0LHul
-QLIYL1O3oT2FbKYCRMmilqX8Gr/AYU3lhEnK8DiGObJpK/9sT4zEZZ9+Nv0WqBNn
-dp3ld5qb+8D9jViern7oXtWN8Y1+1160riCWlUqmATzyAr4x/8pAS90ZTTeHyG3U
-kP5TUAVwHtVgzVf4TxIqQTufu6Zd2j7vWAtcvdpZCmJi5s169RZhwfgcP+SdsKUw
-9xhvOrXXNeiHQJLjBSaEZT6I8auMHIRYtNQ0z7GpJd2wKSS+0ULLw5lCnPLOVwXJ
-nd3ya2+aJpMNT7equcqzlFTh/+3qmnDcUOLd4Wc7sC8Mb7f+uRTXp1+lkqsTNxMx
-hSjba/Hg2I/57NLRr8XEyUQlbNZZU1b/YNDtdk3K7eBR8ax5iNNjzbPTLY0r0qYp
-Rf4zKamDU81TraafD8Uqsy696Fz0zvCSMEBkix3DhNYIVAJucEs5RCIQTSIofR1L
-vyitONSG3an4cwm4Q8lnOIKp1u12cTQir1zHoAsLQ6QGUwZWgF2bTSskYbO1FyZT
-lV+mL9vQUJi7B3Cyyk7I7ifgnOpvhC8k/oIRk29Dn5szYP4vM24HOW8giEYEEBEC
-AAYFAk+iaIgACgkQ2E/2dxLvL/V5JgCfUGtPZZ72+9qK4K8URukJzPoNP0gAoJmg
-jS1PDo+GTqT1O1rlhGIFB46qiEYEEBECAAYFAk+iaJ4ACgkQZzkQaI2O+1gK3gCf
-YPbacaltPTLjjaKCLugy3X69sz4AnRSfzzVwNj+yG68upeaf+gdVVAu8iEYEEBEC
-AAYFAk+ib+MACgkQMb2z3Qo1ykiRsQCgqV/2a/H5C68e6qdzjURyROSgUt0AnR7i
-Na/a/loVD38psfZCPc+EaZhUuQINBEVVy+wQCACAJNIBtl1krYP2kKBpS7VRAaXU
-H7kf2FmxKmH51lYBbBwSJYFHJorMSAWNYZBqY5vrDwy1K6hAxz/B/shQEYWYY9aV
-EEffmUUxcKF4OZpqUP/jCcgJOqUcXL9uir9uYHc+tSnGEiAtJZ9HjQ4gwfXQ0qNm
-rdPTI8PbDR8ELoRYuQLm4c4HYBO+/C6PRcwHiXSg6uO/NyUthZWz4ODnwPV7dJll
-PxwJTTgay6sKJ3UhgdFHpGb5U5OW+fEA2tEsv5sbszDvSgSugWAUCQxb7Js7REY1
-fcwGFXP9lAzwkUicMJZoosuqvIrusK9tL4DJWbkIz/5LAsPeRKJNXQ/j6yH7AAMF
-B/9v1FJtBebXV9PiahIPW0/fiB5Bcmp2lj7M74a0rPT6fwG+p/NULicBBAPU3p3v
-PzAsm3BJauOPBDH9XFrMiaQ64L0ijQoHhZhoD3tVkGihT8L2SHanhGXoFJTHb8CI
-A8yh1Sq18U2twPZjCK300lD0ba/qrfm3902miKMXYSlCszosjpfqoX3f/WDQXrOg
-ERMdPkZ34Q8bNk5VD+95j3f171Lmn08/c8IoUWGvwMhsONJHDQYmxf+dJi8M6zU9
-HqyTy4KJ7dSufRuOLcpOzEfBrn/Ii0sxgeONSwUgeYLtjXC00e/XrVGZtJwUVSMw
-inuwxY7KF/pyaWrEePRrgp7jiE8EGBECAA8CGwwFAk+iWLUFCQuMTQQACgkQMNQ6
-bmTr4iDpbwCfcEzorYxn1j+umx6DF8Jv1nYKQW8An0NIECpZ10OHsFUi3bEJ2Zb6
-BAOo
-=h4i6
+mQINBFEeA+sBEACk14bRItB0YRdMc/Ke8DddbCWTiJ9CJMVn9Zu/FGgsNA7qFHOV
+rpxxqCvitsyNB1gzPgP6tG0TIkTPpL66ZpK8MLSBTNAmQd8QXUEwSR9d5A8WS1/s
+vBSfF9ZnSqA8wUMGZc5T8RocStkzSIxgJ+7ZmIjmAmnId/tjFy41/ym0brxmpmSD
+IJT+GskMW2iUbGvk0PPrgGxTPcAdhuuz8QnodBYGo/igkYNHZnU0/R66lH5teKlF
+h2i2lcWEgTVa0GIFGHMPOyEA947FUpb+GpLBa8RyhSnh2OSw1dMdjP1yZlmRxaRg
+cwLRUYy04vqRSlCv2E9W52EjpeZijQvPg997wQcEVgtVe2T1A2m4WVh62jrnkOuN
+jKNFlnEZJvBGDzj3NglJYHmQenIG8NIEn34Q+GZ38dR/Trn5sx1z9TP1RVKjFbIu
+X7A6BLXWF4SrO/vwIXieLzgQZCre04T16K21/w8j/iQUfafxXYStu5mZOw5RmQFr
+1QvSq/j7BTqhC5ZUTg9IItW+hYnJ2XPEcb8LLA4T2brzjnRZ0KwxyPianDcKPiqb
+3W4jBXp0ftLOl50QPGTGon2vksQVY3st3JnyN/Sb8EzZMKrvdvNiUrJ/PrntQgTC
+M24Df1SzoDlbnfgmcKhwizV96xBOTcGxoxMsCV2vb1GP9wmEisuxAZDUJwARAQAB
+tCFEYWctRXJsaW5nIFNtw7hyZ3JhdiA8ZGVzQGRlcy5ubz6JAj4EEwECACgFAlEe
+A+sCGwMFCQOGit8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELubRxv5Toey
+O0AP/il5Z2RGIXYiqmT7nXPl8x+ee7C3r4H0XYxv76gLuTu4lU6ZvfRyyxvtIl3v
+YG6/pn+454I+G09FfcfUsv0inF7fs2QVUig11UyWfq50FDZ0JuiiiZtmvw8FwilA
+GG3VxOOhxrCW6OVlN4Pq1guU2jX67X/tb7TCTph4+N0O6HTHWNPXFl7ZB0popXbc
+gCT5OHtFMbmc8Gim9MgizWBDtwX1yE98kjudznCxuWPZpN4zwE+xqx8i3VQoSY5f
+ViotSPDIx8paenJMxtNyVwGN0Ya/8lt1ZnLzHKbJ+6WufvrJPBCsIIRqf3t1s7bA
+tamtSvz4krOQLKg4ze471qEq/IPN7KiZ9P4yBZGTpkNnButkCez7FwwQ1ExaMF7k
+B7Kz3uMiap4cQejNnq4QAmubVYqtrgzOY2pwGFvMDquX9iP4S+av63s/RCby9f+N
+uikdYQWU/nb1yJs5oQ3lhYUu7LpX27e7TjleB37amW4UMphqHz9lXyRqHX5hVpDP
+7sYWSVU9JsTP5+fOeZroUmCBf55oZ5o6CLJ7MpsJUk2lIq9ML+I7Q/xpiNys46iu
+uLJ7jefs02VCbuO8tIUlLOid7StE3ykleeC2aM65nnpFqIK4xZokk+7Cp+XyOA8d
+W8xl1PJhkPdH0tvNJf2p0J5YZ+D9UIf5Tvn2Rr6ESXo0cj3CiEYEEBECAAYFAlEg
+wCgACgkQjCoKrXja4si7EwCeNIbYJqIgQ7rjgX7UICpNCVno1pQAn1NRQib0FL8U
+jw/z0DhdBaaf/59JiEYEEBECAAYFAlEiG7QACgkQ20zMSyow1yl9+gCfaBxoRVna
+DjU86WOczePMRR4N+3wAn1jBe0v8M+fsu3FFgf3wTeVj1AwKiEYEEBECAAYFAlEj
+PyMACgkQMb2z3Qo1ykh5tACfZG5thQCbK9G3Yc5+WoTDdkIGM/YAn3/VJfnL7UGe
+19O+DycgxF5+GF4BiEYEExECAAYFAlEnxdwACgkQnEF2jC40NZ/p8gCfb/ux1BxT
+cxyKeIQRXpBoxrbh8+sAniSgOgRukbXaNzi264RfPzk0OST+tCZEYWctRXJsaW5n
+IFNtw7hyZ3JhdiA8ZGVzQGZyZWVic2Qub3JnPokCPgQTAQIAKAUCUR4FiwIbAwUJ
+A4aK3wYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQu5tHG/lOh7JD6w/+KSs9
+hAA1GQqq1V4viDGtqgnAXTjDezzfFdDa13VYK4DHPHUrcArNUUJ/M1pdPcAT60Bf
+rVNF6yFNClTZmVd81/K/Cxj4wT5PbPRtUgNY8dRgPJpy5iCbtnW+4Kr2/mFCzJOX
+9uNgsIhpFy6vw1Nx2HYhXjYcfNaxm+uUKZ53iSR0AW462EsJkdQzFrlT/nyhhtFZ
+pcrS4lCv40ms4SH2IQHfSWZqw6LeR7oklVCBSiXyKTXP9Dfs5VUcjhYQ1ZljTNPC
+Vmr6/nBXinzva75amHhoxPu0atHpcdqvSVcSbcp3t4Ce5rElIi/iVeVSrOcsAXAK
+vqp+17M3iiCCxZCQfk28S/FJqK/GS+RGMzEJQyELEUK/b5HMmLfzIya6sV4+wOzE
+hdyqAr+UFI/+ddHHCPZj0LsbVzcoQQJJNE3LPfaJ3IpBkFN7mE8iSthZnwvU6Fro
+BoA7BW2J+09a7CH3yZXL+AhF0wU7627cZF+yF3J/E6eRd0hXHwg62EGQ4hso9EOi
+gnKku8NTzzpilWyQxvrw+Yu+YcDVERsvTpkG1Br7yX0eIi/mU7L0S+8QD5nruLqz
+G5wprygWfmjHe61FEVYX4AeYoGnRAAMgHETVs43e7C1Kor6vAkEdABQvjEylkpzt
+mA+rNxcQzSfkOWHlFk02u9pk01kcQDY2lNx05C6IRgQQEQIABgUCUR4F/AAKCRAw
+1DpuZOviICm/AJ4/6OrGNhVnY//y4BF3EkYAcvef4QCfctk6IlzbKo/HmVLEda6f
+eIYzKDmIRgQQEQIABgUCUSDAKAAKCRCMKgqteNriyGNnAJ9EfvK/Mo80TSNzJJrM
+AEbcDpacZgCePJiKCrmyI3E2rSChz5pQ+LjrmUyIRgQQEQIABgUCUSIbtAAKCRDb
+TMxLKjDXKXoxAJ43qP0Lp4F9eA5KR/e5S/cSWZ/leQCeM+RVI8WDr92fRaE9skT/
+soc21p6IRgQQEQIABgUCUSM/IwAKCRAxvbPdCjXKSGJeAKDMVmTkBtg/cOYvTacH
+jekRD1TQOACdEyzYHGRSX0Lf8vj9a/+S+ZWKXGeIRgQTEQIABgUCUSfF3AAKCRCc
+QXaMLjQ1nwDqAJ0c4siPyNX1g73tOl0B6XiWAgY93wCggWnbGF9XUe8uXh5hhya0
+pDlCwAO0JkRhZy1FcmxpbmcgU23DuHJncmF2IDxkZXNAdXNpdC51aW8ubm8+iQI+
+BBMBAgAoBQJRHgXGAhsDBQkDhorfBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRC7m0cb+U6HspLJD/9QOrhIw9opMlbU/xcJgyumIO1SIYW/hiXBC7fYk8p8Yw66
+ii8Sd3QuUbJ1dZI0q6jkL49shxD7q/DEo1WxnY2nj0j50mo0MVcp1qrPeA3eusAs
+Cg+f8wSQ97ES3rR2Vc2/wr7hRw7Trlics2pkkIzW76OWx3EZkUMvTGaF45OtQWp1
+WmsOSOhVzcrG+CyPGjeMajsnmatN63kwxrZZdtOlYdXG9PlwEoKkyxE2deM5htlh
+mhWMIa9eaNlr+OPvm2uj9N6/VJOjDV1dya3iIRx5itBaRqwTP7qYyg7s4C/E9/Gf
+W+7lzjGdAJ/bAsZI9RJmAFO8CY1lrOKbOuPCYxN0lwUvcDaHvY+JwZ1OnqzEOicS
+BdvTw05thQwkkO4WZuMqWj5pk+5AaYONIdFpbGxyJB4g8L117Q/4aDif2XrosJBn
+8zwZZb9iphkeAxCqqDiUDQEnTUu8G7B6umfnhyXPr6N8XPwrNorNLzfc1yhDZNOD
+qZll3/tuTWzx6dJnJgdbBFBEP9w+vjPVRPFuGEgdSIWBcZFu6cVxdnkumG5JHHZ3
+j19AhtqDdXucK2tljXxGAi2QAPoEPx9XPn46AFhwfSVgikCrZ78ydVtUp1r9qL9+
+VtlL6w1VZXSf40v4M/TpHPM6bRxN69N0pSWNER+JHUs37e+gKnbDA6CBiN9Fn4hG
+BBARAgAGBQJRHgX8AAoJEDDUOm5k6+Ig/SMAmQHLNhqQ0wIJFgymUa7/CBybe2MH
+AJwOiNYRWq20Nn22EWCOZKCvNC+NL4hGBBARAgAGBQJRIMAiAAoJEIwqCq142uLI
+Zk8AnjGk+fbPvxcXeIXcGVpzgYRrFA9SAKCP/Ds0yJE82zEp8sNQdCb7V1Q3i4hG
+BBARAgAGBQJRIhu0AAoJENtMzEsqMNcp9z0AoL0WdPFK/WkcfMyPFTeRn0EzUBSM
+AJ0QmJTVv8/resNcpr/6wxfk0XQEpohGBBARAgAGBQJRIz8jAAoJEDG9s90KNcpI
+XroAnjZcF/pkawalXzZl11Bc08OgUG+LAKC0RjxrhZ1O/z0dlt6URb7/xljfFohG
+BBMRAgAGBQJRJ8XcAAoJEJxBdowuNDWfg74AniggyvpQWt3D78yGKz32qmy8YaXL
+AJ98H+qfuKs7AyLMliIdTa5RLLN9nNHR/tH8ARAAAQEAAAAAAAAAAAAAAAD/2P/g
+ABBKRklGAAEBAQBIAEgAAP/bAEMADQkKCwoIDQsKCw4ODQ8TIBUTEhITJxweFyAu
+KTEwLiktLDM6Sj4zNkY3LC1AV0FGTE5SU1IyPlphWlBgSlFST//CAAsIASAA8AEB
+EQD/xAAaAAEAAwEBAQAAAAAAAAAAAAAAAQIDBAUG/9oACAEBAAAAAfpwAAAAAApx
+0trprYAAAjz+W9tb2nXWQAAR49a2vteZtfawAAeVz0nW99JWtptIABj49K6a3ve0
+Wm+uoAB5nLivrppomZa7SAA8XGjS+t9JtKNdbgAR4NIX000vNrGl9QAMPGrSb6a3
+s2mYtfcADj8utJ010mb6Ui2t95ABx+TFaynbXemN9NtemQAcvjRSiNsOzv4vO6Ov
+r3t0AA+bmMsdNduPq9DDm67ab6ayAHzdqr2vHF098Sva2usgB4fn9Nei0V49+6+b
+XWZ6ZADwvP6G+seT0aejbn5fR0tfokAPO8iWm/ncltPUpbk6e7XfaQAx+eytrjw1
+jbpi2Wnsa91gAOT5p2V5eX0ujXTyNp7+nvAAR8rzadjLn7LurlaevuAAfOeZG21r
+WtrPHbv9eQADwPIwno6Lr7Z46fQ6gAEeD5nLnfo6OnSMKex6YAAy8Hm8/OL9HWvT
+X6HUAAeV5+XNy0i28219T25BEgYeHWlac2VTXp6/W7gISHD83w29DotEY8jp6+70
+NQESZeH5FaVjs9Totfnxt1dFOzQAed4nJSERGntd1rUi17eR9BYB895mUIERHf7P
+SiZp896PsbgfEVggCtvS9bpZ+Jy9GvoeloHw8ICCUROt81tdLX9H07nwyAITKBNp
+tpaZ19X0Z+DWTAEhJM3tK09XvfEFxEhMSC02tKLej//EACcQAAICAQMDBQEBAQEA
+AAAAAAECAAMRBBASEyEwICIxQEEyFDNQ/9oACAEBAAEFAv8AyWZVh1GZzsMHKAtO
+ZgIP17NR34zOw9AP1bbja3ZRsIPSIDn6Wpsyf4X0j61rcK1hPeDYesQfPn1R7/A2
+EEH2LfdcfQNh4F8355hB8+W44q3Gw9IHoHn1P/P82Gw9AnKdRZzEDbfnl1P/ADEO
+2ZkzFhgDiBpnYzpKYKROOIs/PLqO9Qhh26oWf6GJL2Ac8yra1uMdnEqdzEtyRsjE
++WxuTrGhh5ELWuBXWCcGEd6p8ixczjiLxhUGAQRPK4xqB8nbjmcJgQntK4PQNhE8
+uq7WoTygg3fCjOYsXbkMwb1eXWj3jso/mLsxCgvzf8SJ8S1chLIjb1+XVLHi/wAw
+GZxLn5TlOtK7u62DH+lc9ZY/uNNmZmflfx5LU51uOMVu0WWMckEzgZ0jEqOTU5bo
+NOliDsR/SfHzAMDy31h0mYhEtX3WVHCRagXWholbFekuba+pa1CotIimVd289ow7
+RTCcoDHQNOGDXyUe7BSIoUX/AAv8iVD2+fUr74Dic4pnKc4HWdQCC4Qv2PfaheR+
+hf3LbZiGZEwDOEVJjE/WxKxylacF+g8sHfZTMxTmDEEcQntNIn0bDhDH7g75imZ7
+BoXnLJrErGE+hqHyYY4h3zA85TOSqkylct57bVqU68luXLciFYRtiYmIixEzNOuP
+PbqUrl9zXNASprtDTExOE6UemFSIFJgECyteyfHkexaxfqWaMc+mu7ETDDExMRqg
+Z0otfcLta7VqjB18VupCx7ckn1o7IadQr+jExuRyXR29OAhh4LtSzxm8dWpZZXal
+nqd+CKe9VpQpar+A+UEg16tliX1vuzBZfd1CIDA2JXqCIrq31hY6zrWTJO4mdgxE
+r1UVgw+6rlTXqQYDnfP2syu5kiOHXYfb0tvGz//EACkQAAEDAwQBBAIDAQAAAAAA
+AAEAESECMUAQEiAwIjJBUWEDUBNxgZH/2gAIAQEABj8C/U+RZeFLq7L1K6kZG38U
+/aesuczZ+P0/KYdMYf8AHT/qb363wSU5zRTnHOfNq/VXx40up43OCeTCn7Q3UwVH
+Al18w6Y6z21fPCNHKs6gcJC9KtgV5x5zmuV9Y4q6LasNN1N8EjjtHCysrKSoKBGj
+d5gPw3J6CvIpty9afchKAosLqL4ZHGyvUD/aYVlNuKni/wA4B5W1gKcQ9n2mzGRq
+OCeluAwWHt2AYD1I+wUZbCSnJ0hMYPOynAeoqIHJqpCcdIrpsLhbqbdbUSVMnocJ
+jB6CD7rabJx0tYdjVeQXieROkL7xYXmNyir/ALrJTC3DyleJxoqIXrPNwmrT0nOc
+FNWozoW4ZzexX//EACoQAAICAQMEAgEFAAMAAAAAAAABESExEEFRMEBhcSCBoZGx
+wdHhUPDx/9oACAEBAAE/If8AiUsoQwHeTN0voNucS5+xf0BhH27HAluMpBrhQnqR
+kas2hNNSuzbhSzFrdyP3SyRaGESSJjb5fuISV2T5kJKNlkkViEIw1RMCewTlSuw5
+R2Flu5k3xCFqtHHiHPYT/fZIsXwC1QtFk88dg0vihx4FkWhaFojbRZENUcdZuGb2
+JlvkxjEIQhCeki+Cvv1pB4NtH8BIRJuMgx8GL46zY8sQY9CQgmuSb08iCRtOxPhi
+G4ENhY6v75hoYyn4D8ZGU0JTYsEXTHlSIqv1BSZGeGbhYXVWHurGWxkYCH53oUWk
+4yew1FQSmOUNKIoa1ZeDijsiuTUJtn6P5QyNYsP0Oo6pj0tI4yZGQnAkKi3ZQEZE
+2IiJJw8ClUS8FUJhBrIuR+hVVQ+jhhFpTL6r+AmOoeSzFAl2C8BcBFQyzzHoeSmK
+EW3IMGNldWHnWSjdqR4nRiOWQNJcWYeGYDGmDpky6Ea02Y09VrmswhnE1DLpo1Cc
+6KHLkULMScjcwCtF0PJRY3YsCX9dX6umXxkwk3pUTJzKFAaJbhHJC8m4JIjfk5mQ
+wq/khQ8oQm/WIpzsPo8kkDJkeNMjgbDwia2IkmLv7FNCIZUVvM7jDYm9CoF1m1VV
+MaadFWTkLmm461zglMMT3TIwbEjy8HBKG3YgkZ1aks1vPIwtoEalkDEhna+u1Kg9
+uDX4RFAtS3KRfchXEw3DII0tnAnRhxCGOIOYjOxhaQ2zI6vhwND/AAyDl7BI/wAj
+y5JUiaKKbMiMWMmMmVA4EjQsuduC8Iz2FnsVlTuNA2JjlEwRGrErcSLC3N+xA21Y
+10lbMUtft9g6Q0tkTDzKHnJYfZInQMi5LSWKGQQY1YggKcLsZ94gcUF0VCKVYkLE
+oP7Joj7H/kJWnsrYpJe+x4aDehGRCNEyIFBKT/yjjwQ17fjsJN+lyIxw3hEbNKHq
+RzAxZIMhBVKcf6OoQ2+vOfR4RtRYS2H5Jw0aihTPQg0MykVjRQJhErcRLy9kMyFj
+q/qIXInj01uN9NGiNHf7BDSFNaUXUtGOLpshC0Iuyb7kJ7Jbp/r8bIc5t5Bjyx/B
+rSVsfyQPp+dEQPQSEKw5IGztE4ZXRoXpJKl9GI9aRf8AIoUbvG+kEEaKY7IgluWR
+XAopxw6DN+tL6LR/2SQM55RGKBzuYvT4oyCBVKkh2EXA16TGyVlH5FMofZxwez8n
+7xw35/XHmNv2SIYQkeyNMcqZ8ojwa+Ep9eCPJD5IFomJiZJJVkbYPlCElpWkcC2P
+tU9J0nQ5tXDFPd/GjUjQ46MdNfGRMuvD9n//2gAIAQEAAAAQAAAAAAAgAAAFlAAA
+J2YAAFDcAAGl8AAByqAAMusAAYGwAA/OsAArC/AAVfGAALJdAAs74gAIPTgAPrYg
+Apm7gALFfgAAtbAAdDiAAeiIAAJQ+AAKAgAAZmwAAKcgAABCIEBJGQGBgtgCC+lI
+AWz1oABz/wCAGerI4FDae4CRqfZHfEPN4V6KxP/EACoQAQACAgEDAwQCAwEBAAAA
+AAEAESExQVFhcRAwgSBAkaGx4dHw8cFQ/9oACAEBAAE/EP8A5PmNDuGvwRPxHL7Q
+KqJbv+YFj4kM7Tq//J1G6OH7ZQFWg5Y6zmlMHjrEZ9bFuphog6EZdwFZgxZllLPm
+Y5P7v7l6LPswRAAtXiMUdJf7xCnX/JC7My+swZkixMM8Q9Ag3dw6jWzhHZ9kVqF5
+HL0mPaFqOGYdPzBoubQU3FUOoPxF8wsuOO15OpAJLHX2FfuBXk6l6lM28y4Vgx5I
+OO0Fc/mF8zhFxYfiAuWCXxK2pcccjzz9gpTQD5tEpQbSbRfmCdU2yxwDzcqtagKx
+BmJ0jSbaDtXBEE0++9nQw/H93N1PrWrZmYBcyqjHWLFkfOu0HLFu4dkdxYTWZvXr
+4949SFsH1ab8x3b3jalVizfBL3kxPOFApndg4vUMv3FKlVmKyKjoK97LlOBjriY0
+bKxHT2jm/WGiLG9SxKhxABfxC6YxeJlJVJ8Rj1Fw6w+9UKFCNzChomJ59HTCgG6x
+GcIVoS84jwU1+5umZ0gIzNGOY6gZsVh7e7rb0Zyr+pvcRTfEAaLvrKksYFgG75j4
+shKqGXCCsnMVQBso5nEj1GE29d5tF5F/mOMjXWXq4zP1vdABumpuriMZN5esxRFW
+6QF7zE63NgjUxdAuhcNIBoWdnUMG9O7lFnUcKUTBhXg/zLsSkdi3LkySUk89yQs0
+eFDz/mKUnA6pgA44Ne6NEGBUtVi3zEOkZFVxBmMJjEAKDfWWGrDdwRUChFHxG/aW
+k2G93OslRAoNM2RGlRe4m0hMuFwU4MiFJEFWocrMj4lb0MEPcZkyGutsNZ4ENk1D
+zCmvLvAHJO93Aph+JfVriJ+XmAGAx6zC17gbqKiAFuUeP0mBFV3BLT5D3b7pIvxE
+OU2OzFb6oKq49CUBYWa4J8UBLFih0TEHOJdGYMixz8xC8u6m61L/ADDHdGWle/ut
+xXCDmJLZlvcSpl03NSyHoOMRqwVOvk0TE6v+JiQQwuomAkzFwcS5JhiobUbhws2+
+GU3Cg91bVj/glTZsMVXRBvMxAosObl6ih4hoRqtSkW8GUwvYYACAvLLEIcsfqXZ2
+YqJVGwQdsmBOkZ73Cl2MS7d6B7qbFz5EIqQNI8MzrjBmXYpl7dWb2MVd5griYYJa
+7ManduCqZ28EBo0etIJay+WGwSGsTamfnLBe61Lokt/lcFcXvNNM14hg0HLDPdXR
+HXVBoWMWLAw/4mgIlikiIorQclx4lVBR0Zc7mwco5J6U2/qFcQoLhto8SoKm73KU
+NuCFausveLgKF+z75OtJUWpAFrzAqNGSWleTQbm8mKQMK8xLVjR1lqUAqro4lpKn
+Iz5S4cY5kF15lTSCbS9kvagMBoioWcsvHaBLH9CAJnP6DP8A5DFFBZ44+wUFRvnt
+CifAl2mM2JVagDa57zFFNwOnzJcDVA7VNflvzDTPjdRnUDghLljSktAzW3piEYLy
++D/yBRRo+woKlN8y63lNE21vxDNK15nTZvFssFu7zXEdwNByyhpJl3bGSUAVw4gg
+ynG8/uJaou7gBtEHUZTyu+o/YKx6FwL/AC3LAcPxHXUR7bSnJPMuJTQiBYOtReto
+aC6uUYUus1xKce89JQkJdWl2dZpnDllfsga+xJ5paPLLrqZULTiIOBM5iGr+ZkjV
+n8R3LDjEUByn7lyJm7bh0q00YQO6eWrgKGRyczW4n7fYnaXi8sBPMwdYdyzt8S0s
+Gu0UKalfEYKdRrdNLzq4NZozeeCCBW8qkIngWfEXPBwnRAoA49/Gfera6ECMZAsT
+5gKqnIywt6iKZloiWRGhh4gtG+lwF5PzMbgfzM8JNjfHeEZbcQk5AYqBQl9T2T6r
+IBcL8jKoAw0B2lhrbqQ89dOGUVXd0+Ise0pRDvfZFMOdXxD7B1GZARI/yEfnJxjf
+9TRZzUXLmwj+obBr3cUV6MvgREy+LM+TFML2QbmaNdfiVizjjpK+3r/6XDi10gHj
+MIdQXQi1FvUIGBQLG4XgIaACfkNmefJBnlsenb2lAtaCXlOv/ZmMXbayRVbPRUck
+SW+espHOHr1lwa5NnlCqXVOPBjXSpriISF0hVuVQwyrSjyQAjbSciNXDoU5PZuV8
+7fmIUUc95rBGF+hH0o05GL0L6INZGz+JrWat/AywEjbwPiGSNzExYQFEZei7y8Ed
+bom3yssdi2tMJAdR7CtX2RutxR0ZfUlXH6R6wXOnqRKbfwhogaSkhwQ8Gv8AFg5Z
+eb+SUcmRlIrOjlgJVeHV6ssw0czCXL4Uggb1+H+Z3HU5Pj6nxPMuLf0p6mSmVHxM
+yafJBsxQhleCdQmlnS8Ytt5VyyZx45mNTv8AoFcjB41yOZSUPzf3PBwuPoCYY4m/
+QJXrzOZx6GYnohcmesvwp/oILqwVBmSaMzLOq4UzDiH2ZWifFfJA5E0jfo0bSPoH
+cm/pCJKhD0ZX0DUGDO5B5hSXxxBEKO4fb751MbzGxyuSDAGYlj/sepr6T036Kr6N
+enHoMH0DBuViDZXJ6tAfnduD/wCT/9mJAj4EEwECACgFAlEeBXECGwMFCQOGit8G
+CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELubRxv5ToeyePAP/ifxgj8cS619
+uTgEhXSTvjzwQGaND9RuxcGVqrv9FYDtbyBM8WTVrpZzBOrzZRlb8cVIYiiCcEtH
+7W1aDssBbyB3ML5dCgIcS6wh6OXaM9nV+rrCWfcmrWddNuqwqNtqUV6gv208RrOR
+iyjGXCT/UTEZaUZ4xZW6j/WTT2k0xfWh84Bq+le4oXBvDYEMW3CgawC0SfKwLzd5
+WF4UUG5R5H/wARben5jtw2aUX5kAa5A+peOZXWKiBc1QSJbPnoeAgJZ5IUrldDxg
+PPs8jeKnkI3A9sWHjg/tQWlcWGL9mcD45sztQo9vqtQwEG6Pe/2oJXdCYF2VMZHk
+Yvcrfr7ivXO/0ZkEKMjbrBMEuuUyWeggCidgeGooV8AiqMsA4mBFdbMUnC1Te0TI
+zi6Hy0EznLzv6XiOmV9jkYB9I5V3abGdVt13h5IU2u1/u81IgcGcn7N9GpEVH3uJ
+MRxJUX1+sX3pAgEt4q3tiG15ot5Jr+m98hoMoOUZXI9wb5tCoUpLEQ/UykIiwmiD
+uGoCQEOMTSXZx/Ajow3MuaEQ9A/bweJo25v8v5FXmI1RQTLtD9H/c0qNyNFibsHr
+gXJxi2jOslhHva5NM10jdT19Xsti52d1F7kpp4PHHYXenulrhW8QecicgSALwa43
+eUfArHPMoqc5fCBce2D+Giy8IRin4T/CiEYEEBECAAYFAlEeBfMACgkQMNQ6bmTr
+4iBzjQCfZtVcoO+5OXHtKZLp+4fLJ2r1dQIAn0JgvPdEroWRVpc4U8or8NZuIS6W
+iEYEEBECAAYFAlEgwCgACgkQjCoKrXja4siM1ACfZ+WVANsfv/rHLHChzwJp+MdZ
+l5oAn3pIogQvStk4une97IC5ASMGNjsBiEYEEBECAAYFAlEiG7QACgkQ20zMSyow
+1yl7LACeO0g1lrJoLf9DBNrnG7oV4GgpPb0AoNpq7h/iWhYZWD4YczKRJlHKwUbN
+iEYEEBECAAYFAlEjPyMACgkQMb2z3Qo1ykiXaACgiEPRev3hILDHrg8rw7R3AE5I
+GcQAn1sTiBpllnghiqvye5uSIHH/6U1viEYEExECAAYFAlEnxdwACgkQnEF2jC40
+NZ8WnwCeJJqzQ1eLfdxZne4icCjcM+tG1wsAn06wGYhBfQaldmQKt0TBMSTZMenl
+uQINBFEeA+sBEAC+qZvq9DYNrjZowfhbAobXCDXZO4ObLLvWEP7oL5AGpBcMSQVZ
+QcmhhQ0T+E32ZfGVAgW747DDPodEuGqc3n5Uc4q/jrBw/9+mJwAaZUQOkKqnEQT+
+o7vFuj85BOpN7/rBr9P+atZpmvJGe7TsrXvJZytEqNJ8/1iv3M7EhqxWnT3uFYiW
+bVvCHDFVzqqgMlSjndv+DCBQTC4qIqGdcsnCP9rVDjs7mkFRzgG5WldfcB6mssm+
+aCnIUVXsUZJxaY0kJYRK47dhChME9H/4rg1wieQSy1D3YEvOukK1MWVKwCJI3E5Q
+/hEkOF8eHAnwotwolYnMum7dmPqBr9roq0t+7E57ozD6NO18c00AJ+dANsV06FPz
+EYesPLtDz8dUcOIHd79DeERkjT04+mK1RL0GH0p5+/gaRuHscvGs01Ic3C3bQHvw
+WcNj4HTx7zlpwOgMAZ6hv36le0T6HYOssOUYHGYlpK6ukEOVL0AS+McWk4e15CIQ
+9a5HaG1Hl82ZbO1Zx+nRGtx6XkuvX0z8wFJPb1XJNWgfElE3IRPJjfr7nThWwViC
+OJfrXSuwKLV8BUgVPVeLMWzO/tcCwHC+L39HqF3FFeZm/bJk7gUop54+Ev2IwgDu
+YQDp75wE8bXYcayqllJwySn9h/SAURy6dh4LgMFH64jOmR5w3uYKOSpRQQARAQAB
+iQIlBBgBAgAPBQJRHgPrAhsMBQkDhorfAAoJELubRxv5Toey/1gP/00HDJs37ewt
+sBRBlQE6F1Wb14Jok6hdteYX4kUKttIhPx8UrDKDIYJ4rxl6k+t2wPAP6CuMRz4i
+1Azv4t4XwK9p0RC2y5kS55rOioSnfXvYYsSHkvntg0We1uQkg3EHchjswuxD5X1b
+w3cyeWyetmOiig7PW+4HlnXAE5YX0SOffGnRvR+ST+cj/KgdhYa2iNdMYK2unn4j
+mNtpMGfJQA1giPEJdGu1n/GCdpVwKViI5nxZDGnUgqTixHQJtLj8tp2+8t6klurc
+HhWQEliWn+Z3WEGORY7p6nRXjD2H/oUlZoYNfEoMndCmz1EcKlQkYcNMi/kw8+ej
+cQ8t/7n2yovsdqyTTv2D/ZJMFJsqaM+foW08jyoK5+im6hhPfPOs7PYl3xEaVWy3
++RFYL3H7+dyCdsEtEpAOhp2m6hAlYyAZpQoCvb9LROuIznLqemD/v1RHDeVJX9xk
+05rdSnC5Norn3eAh0zOkhAQ94uLc6M2qO16OdoI1ALsOH4MYFFt43cDP2SzYS4O6
+DeuRkZCyJDyt7WGuE6UfnKH1t24tBDvQEeC/FRT/KboKid7BpSGmGEwH7wyGOWcA
+N5eF3/hjJXvULM8CpzZz5f0gyRWDI81P+G7KkNYrh69rHScP8AO3WP6jG8r3xIFC
+maNTtSyMU9A54ib2sgN0GwxijcvwPyqT
+=ToCZ
 -----END PGP PUBLIC KEY BLOCK-----
 ]]></programlisting>
Index: projects/entities/share/pgpkeys/girgen.key
===================================================================
--- projects/entities/share/pgpkeys/girgen.key	(nonexistent)
+++ projects/entities/share/pgpkeys/girgen.key	(revision 41354)
@@ -0,0 +1,237 @@
+<!-- $FreeBSD$ -->
+<!--
+sh ./addkey.sh girgen 4A6BAAAD;
+-->
+<programlisting role="pgpfingerprint"><![CDATA[
+pub   2048R/4A6BAAAD 2012-02-23 [expires: 2016-02-23]
+      Key fingerprint = BD8C 332C E630 31D6 2FDB  80BD 5FF2 A161 4A6B AAAD
+uid                  Palle Girgensohn <girgen@pingpong.net>
+uid                  [jpeg image of size 8260]
+uid                  Palle Girgensohn <girgen@FreeBSD.org>
+sub   2048R/6BC41243 2012-02-23 [expires: 2016-02-23]
+]]></programlisting>
+<programlisting role="pgpkey"><![CDATA[
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - http://gpgtools.org
+
+mQENBE9GCt8BCADCoi55nNYodM/0UAyytLNzQlpV0SbqL/GLZKeBHEow5U1GfQo3
+6NLXG6mNHs5+HEiC31tRNJHkOeg2YXkU29ZtY+Ec829HJIjotWwHT3XwS8yxA6/b
+7L6+TtEUQ0FeWnFkggHerK7mDTfOULBV/K6gtd4DX+4THEIDbmtTVUOdtfDcnB3H
+yYqo4v16Wdc0GF1N+TM4unUc2gt4GNiFXNDaQO2NkA7lLOZ0rC1vBjHDYGU2rMQi
+kDQpYjk8LGHs0uZnMFhcdnWY1rqGzTckf01KFXEdt1TYS7nRRu9G0Jod9awIjyFG
+LdPJRtR9SLiYlAC3NYMB94aHMKq9ZOwi73mPABEBAAG0JlBhbGxlIEdpcmdlbnNv
+aG4gPGdpcmdlbkBwaW5ncG9uZy5uZXQ+iQFBBBMBAgArAhsvBQkHhh+ABgsJCAcD
+AgYVCAIJCgsEFgIDAQIeAQIXgAUCT0fOLQIZAQAKCRBf8qFhSmuqrQ9ACACD4ahY
+nsjOQ7Q8yA4dad9ZejHAnV+ehbBppobGq/mp/p0rHNWmc8+neYzIoEsiwGN3FuRw
+e2J3BmAsfauwO/KBZwmK4Y5C1ObGyYJE+eoajC3NaMkoR20T1KDFFf5GQgTWlWfY
+nYgv+sW/dUlb8xed2bGobGfaHJqG1ZXU77cjxC4ot5Gt7lIil02QoSdV/7p6qBqu
++47bytcosrSlBZNMBXD0hZWVcgiJx6UMKPoDBUK3EvRoml+0fudnRJgwdTWUy0Px
+frg/ITplzzgBQdchtv12r6UZbjnvM87kbdbyc66/t6RMKsjQP7e8ZWNMYwNtx2+3
+7HyMvLC5wmI3boQvtCVQYWxsZSBHaXJnZW5zb2huIDxnaXJnZW5ARnJlZUJTRC5v
+cmc+iQE+BBMBAgAoBQJPR84hAhsvBQkHhh+ABgsJCAcDAgYVCAIJCgsEFgIDAQIe
+AQIXgAAKCRBf8qFhSmuqrR9MB/44xJ55W5VYw4Kkt1bqwRi9ixk0k4huSDouOLbt
+xILrzYjMaxGJpVGB9SmYcxBJXskhsXgHzPNyz7UJYfU8GpqAjos+SVFS0xa5+kYG
+1Pex9ETOla3sKHy7nkl2zL7R0yx9GDSvqPvAY5/4QKQQsd1TA/p1TLRn96re1LF/
+9IIU7Rgpf99DTX/mpzH39I2R1dnxyp4L/chUWFyNRv/2KISrxqPCEUve97QOYXqQ
+B9XnC9SikEyWoFloZ4ZC8fMgjjfvPNd10Lb5nk8HJ7WWuhDQIlC1WlQG0uQ7YHE2
+nAwAhB0HhRaf8E+18XXv/MmJHLZ9CXrZmkEYbBmxWV2RZYFH0d+X35UBEAABAQAA
+AAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEBAEgASAAA/9sAQwACAgICAgECAgICAwIC
+AwMGBAMDAwMHBQUEBggHCQgIBwgICQoNCwkKDAoICAsPCwwNDg4PDgkLEBEQDhEN
+Dg4O/9sAQwECAwMDAwMHBAQHDgkICQ4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+Dg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O/8AAEQgAgACAAwEiAAIRAQMRAf/EAB4A
+AAEDBQEBAAAAAAAAAAAAAAgFBwkAAgMEBgoB/8QAOhAAAgEDAwIFAwIEBAUFAAAA
+AQIDBAURBhIhAAcIEyIxQRQyUSNhCRVCgRYzcZEXJENSsSWiweHw/8QAGgEAAgMB
+AQAAAAAAAAAAAAAABAUAAgMBBv/EACsRAAICAgEDAgUEAwAAAAAAAAECAAMREiEE
+MUEiURMycZHwBRSBoSNh0f/aAAwDAQACEQMRAD8AkQ8SndSWl0NZbLpQXyvN9Z4J
+H0za1qKrIYhiVZ1LIjDLADHILekkEduzmqu3/ZywUfb3t9p28097uVykrtQzS0wp
+paiTPrlqHO7Z6txK/AGcKoVTDxZfF3eJO/0curqe8VdkijmFiqrfdWorhbJ5tu6a
+nkAK+S7rl4XDK+1T94yS6unii1xR6Ms1Nq+nt1FPUUpnaSqoYILnLT/dH5r/APTJ
+bO2NgWGBJIQRgIXqt2y3men6f4RrIXx7w8O9/fZbRbwk8zJFdKiGBkNWZZKySIMU
+iyvJRdwcxoA27aTjPA56W7rV2j7hqGhsLrBqO40AqauoZl+rbD4MjSE4hT1MAfVt
+XIQO7kkOqjuWmpdSUF0Wnjv+oqaLy0qqenk+ltcUjlVpqWIkHfLJ7uf1pdrt6FG5
+VFqG9WDVlxpNP0n8x1nfK6ChpEZxPKZSPVUTYOGYbj5VOmOBudljGCZVQQMsYw9C
+jUCSe6K8XlDqTWlNYmestVnqIVirJ6H0ujqB6wx9TSvtJCqCdilm2oMmSXTV0S76
+Et1bTVsVYZIlbzhJvIyMqSQBk4wfbBz+Oos9AeEDVmrNBUtRT6goLStZHIlbd1DV
+MyljlwjYXzC7+qVxtDkKq+lV6M3QdVaewXb636T7j61W5XYzCC3NvYiVcYQIhAbc
+w5J5HBAwF6NUKvaJeqVLPSnzDwIU5V9oJbnGDj26Q7wtbRafuNbaY0lrkp2aCGVy
+sbuBxnAyP7dcNprvX231W9dDa9UUn1NFJ5dZBNIEeJsZIPPOAQSRnAZc4yMukjpP
+TBkIkjZf7EHrQ8jETFGQ+oRtrR3L09WduI9S3aZrJTCF3kWojcgbOGIwPVzwABkn
+gZPQK+LTXXbLvL2PotEab7g3WhaWaqNwkssU8dZUwxoY5KOMOU8xmcqPKYEMcDGR
+jpvb/wCI+9dg/wCLzrXtVrmS4nSdz8q7WFt4WgSGf7JXyGwFZDFwCfMX0hRjpkvF
+rpi29wdDVncSzXuft7d6Rh9Xd6WojlFbSuq7WjVIxhgcBXUgLktlcElabbAdHjD4
+KH1pyPziDnoii0pQ9htb2DTlgNpp5YZqCKlqqhKqqqYE9I832LSGTfCsIAAaNyTt
+XeIuNX2m127VDW2muEcs1MrGqMbboYfkQxsP8zBONw4Y5I9PPRjeHqCf+d9wBT21
+plehrkioZpg87zCMgTVTjAaNFlB2LgSMyqeGAIa3ezLT6jlpqi5xy1ss7/VzySZj
+UgkkZGfMK4O4rwW9K7sZ6aj5IDZ4nOUf0KJUPMrSyOpWnQDO0n5P5Ptj+5+ADozi
+QSHcQQDj0/aD+B/p1kWOnNfjz2ihLcOyc7c++B8/t/b9+slRJRyV8eyCSCnX7vUC
+7D8/gEj+3VZjFHTdjuGpNfWjT9BSvV1tdVRwx08bBS+TzyeBxk5Pt79beq4xbe4m
+qLZSUiW+nguc0JhjlLhESQqIwxALAY98DPuenK7OVotGrL7raOypdHsVrmlpqXlY
+qZmXBnlcc4UZAA5ZmAyBnplKyrqK+6VNZVN5lTPK0srY5ZmJYn/c9UBJbEuQAojo
+6VrrvJ3wptSUFXFI8dQEhutfTfowOFCiQJ7YjXkL8AD5IBdfUNzp753jpKazRVGp
+LzMBH9TeG9Jkwd9Q6++c+wb2x6VzjaxVvvRuOpS0zz09MkiilobdFtT7sjP4A9z8
+k49sZDw2W8aSpaeS41HnG6FWFHT09QoVEJALyTHje5wGcggABVBGFOZHOYx6dh2B
+nfWC533SklRb7fVHUWoqCBv+Yp6UGnt0kmV3KudhkORulfOAFijGdzK9Xbmpu1pm
+pJLbVvE8VPJPca2pDNUT+a+3aGOGVS3JPDSuSDiNNobXQl8ozSVMcNueipKOokqa
+2qMeV+oaMlQsZw0sqqCsYf2xJIQik7dqr1jSLqez3JrnPp3T06PM9IKpTWXKRxgz
+SMRgcDy43YBY0DMqBQNxyIjfNGq2hBtJMu2fjL7paUpI6C41ttrqWjjZKe3TxD9U
+4yZZ5QcqI41yVXaOQOT03muvElq/vFqih1HdYvoUpvPTScEkPCAt6qzkZXIHH9h+
+wYvQNhGsdOfzGwUVXWw3ScCjqBSMEMaMo3QRNuZkRsBZJc+YzbyGbBBWN23oajTl
+zrbjVtFJTUYinqaGX9aqmKhRTwO3pTj75xnABCZJUg9KaOCJTKk7gDMHLthW0miI
+L1rynrrjU3m21pmrqkStK0kkhP6CqD+rLnJdSdibstvkYGMptKfxGu7S60hs917e
+0EtPUsUooamcxSUkKYzJO0QO5to+1VUAnBIxgR5ax8Q2lNCaWuHbPSemZI9RzTrT
+yXAuogt8YJVhGCeXBySSMZ9TBsbCLV27n3nzK6h0zc6i7XS7QCkmkRZAZY8kbY/6
+mTAwSxGc/PrJpZVQzEk9vaB3X151IziTeeOGbT/im/hq6Y8Qfaxom1BoK6ebeaSU
+oamkoZx5MrsBywjJWWMn0lS7D9xd0PeNZa97P2iyW+jl1hfHs/8AJXslsoDURWpS
+VwkUfs42Mzq7YQFnckIhkK7/AAsLLBfO9/dl9eymqgvNHBSQwVVZM9VelkRxJAYf
+MEDwiOMsf0ywBA3bGAbn9N6M7teFn+KJVdkrHYLxqSwXOqD0pt6A1t1s8zgCojlb
+lVIASo4YAwbAuAp6891VeOfYzlDBToONhHJ7Zdi5O3sOvdKTWz6K2Xyakjt80H68
+ypSU8sdQxqCoJFRNLHCHCKH8t5AFXaeo07b4fU1d39oqvUPdDSlFoyfVVqtuqK2g
+uBWWyiulqy8O2aNI98EVDK7nd5YMkQyWYqJ5HtaT93o7nSabuWkK+rpKiiitmpLi
+fr0onZQ008e47WlZAUQHdFEoUhWcKsE3iT0tX3fxL9wKq2pazTWp3qrgY0aKSGkj
+8iKnXYVWNVkaVVihjJY7Sx9OHbnT3FwVY8wfqagp2XtBDvD0jXioFA0k9GJGEE0q
+7WMYJ2DA4Hpx7fIPSR89bVWZBXypJIHIbnawK5/bHH+3HSlpyz1uoNZW2x2+MPV1
+9SlOhb7V3Hkk/AAySfgA9H9ov7x79RiLRPgnsNhkm36l1lVi7XCKPCmmpEx5CSfJ
+LelwvsAQffpgK6lq6OtWGtpmpJzEkgjdNp2OgdGx+CrBh+QQenU7lVj3vvrV2mxM
+L3TWmmejhZYwsUggjYyyInuEG1mG4liFBP8A2hqayurLhVJPXVMtXMsMcKvK5YhI
+0CIuT8KqqoHwAOs0B1yfMu55x7TpbzHQ2SCay2+U1VUzYravjAI/6SYJGOfUcnnj
+29+l0pUV1vrhYI7bHU3upkRt02N1IqjcFyeEb5J/p/14HF3BqtZBVvF9IRKVp4uV
+dNpzu55Jz7sfn9+Br0stZJWSN5nkmKM73dsBFzhs/LZzgjknJGOriWV9HyIQ1Leb
+rqCzBoqkW/SH1P0lVUxxCOIHAZ8MxG92A/P2hNxJbAMmDt72steg6XU+pKqx2JEk
+jSiq9Ryipht6t6vMeMhfPncLuWPBU7QSFjUAiDbJLdN2wtz19LPd9PW2oV6aKJfJ
+ZpHw7CP3DTyN9z4ZY12jDNtC9y3aLUvdzX8S19znoEWdoKG2f5VLbAFV22tI/JwM
+tyWCruYg4QG0jXnGY0yxTgZJ+0I6fxAU6aMi1Hp86grO3NPWNS1N9nrIqP6ueNV8
+ulCqh4ZCZWi4AVlU7VJR1vW3iar71pTTVmtwiq7PNQ1FRHPb5JKeapy2wST7lEkN
+Ou4ZnA3zkARBMjAe657eaZ03qWCz1OrZtTT1daz/AFTuy09ZI4Ad1CEhUJUE7Msw
+VQX5O10O1dnu1i1VUUekqWO6Vnlie73+404ngpVQlRKUY7Dt9QjQnllycIjEtHbR
+cY7gfX6zJDbsAf6hJ9j/AAK2jxP6S17TPqv/AAjWWmSHy7gbasstxmYFlRl3Aw04
+APoj/qI+7bzHD3Y7Rd1fDt4nr/221lapbHqCeZqairBEWiraVnASeklYetHGFBBB
+HKtgggT8eAbvB2Zt+n+6MIvgpb/BeIoZp5gzCsjWMYkD/wDUZpS4JAC8ALwOCs7t
+d6fDXc7G1J3S03Q62o7YPrIaG7aWSuKOeEaGOZc735C7RkgE/aCekY33JTMt1Ndj
+3ZVTjj8zA6/hb9jNN6J7T3fvNq++W286+v8AiK0tPdUmmtlByjEpuxE8zxkcjeUj
+A4BI6K7xs+GSk8TXhlSHT9YKHuNpqY1+nqmmqzA1WVwz0Mkq+pUkKqQf6ZFRvyeo
+ze5ev/Cvp/vDoG7dk6D/AIfWrVMVRcL3YJqWKitdHIhVIriU3HymUKy+UnpY7Nqh
+i25sO5+vdS6S0Hddadn+6t/tTWaWJap2nkDyzVABhJhOc+YWGGX0qD925tzz4TOm
+2Zo1NTevbBHjH9d4jdk11DbfE9a7Nq+qpbHereFWoNbeZvrG9QVEQzHy8R4dWEZD
+bjsyMSORx8cHcLUtV4ttR2WrvUjkQxxVKUdfup60BcCeeJWKebjIBPqwATj0jpL7
+ndxdew9wdN6j1LXRm4MVvf8AJoIFMLzTANKwCgcu6vJLswoyE3M2Sgr6xrbjfdfX
+CvraYrU1lZJUSylld53duXyONpJAAHpHsOldNBV9jMepv3Gs5jC1M6RmXfsiCocB
+ET85/YZPPuT04PbXWVh0PqG83u52qS93E2mektMUZEccM7gBZ3Y8+nk4AyeRxnIb
+pZjTBlUI8pXAf32Z98fv+/xnj89Yoqd5aaeUFVjiUFizY9zgAfk/t/r0eQCMGKwS
+pyJuxXaqhWUo3raQyBsAYcggt/rgnHxz0l9V1XXZyL1b/MrrqGorY6aeQmRmiWNW
+cIqknAOPZQPfrDJZ7ukUFVNRyhahBMjSD7lOSHOfhsMQT7gEjI6k2rtC618Q1U94
+0Rpi29rezlvRqO0192OyOqo4PSFggUiScyOCpPEfBDP95Awdyeyt90zWy2qLXVJq
+Gqwhl2UskQZiAJCHyQV5RVJ9TZACheOqJs3iMH6YqMrz9hG80J3JazXinqbkgq4a
+GMPSwSLuVp+QJGHztzwMhR+CT0a2jLTR6k7Nz6w1LW1t9u9xZEo7ekBaGOPO8UyQ
+ggzPK3rMWQhCqZSYwAY2EoZ6KvkeVlekiqPKlnjw6Eg87fbfj34/8HqYLw3Vdiqu
+wdFUVex6iqpXgtVplcxzLRKT51bVSDJp4HbO4j1PtAXJIwUmc4EP6Bg4KP4jQ6C7
+L3fWGvWuF/oQ12u9dIsNVPU+a4CNgiJlICQoBs3KBvKsVKgJgsO6XYy41PYx9D6G
+aOC3y1lMtyWniPlilhHKPswXYk7tn7DPwvRP6etVmsui3elkhgrq5ctUfSLE1PAB
+6cJzsQADavx+Wbpq713Ei0XpWptViaV6quqJWhpVDGpmwMmVieY4zg8/GCfcY6YB
+AFI75jE6hsIMTg9H1/avtP3asdl03CNU64+mRWjoEH0drjUbS7sR5YkJ9JYgsW9C
+gKPVr98bRqruHJO41MtZq66xPFOLfVMyW+nUhWQS7QRwQHmC7mdhGgHpTrStWh9a
+1errperpTtZdMyMn0tjoZhHV3NjjLOzY+mjONoY4ZY9zDazrtZjX9P3SFyupsF3t
+1JW110pbX59r/wCVtNmY5jjknrmxDTYDbYk3F0BZ9vmMMELXqnEvayqpY+Jw187E
+dord/C011F3AutLovvjoa91H+E61K2EPfKeXypvoquPJ3sjeeUYcx7wCzL7pPbrV
+cPdPwMWDTo8mXWulaispKJ/JMr1sE0LMzSK/+a6HEgLHCMiHG4gOH/de8mvvkOlY
+K8akrrOZoKyupDupWdZCc0/GfLKjJZvUzcknA6WOyfdJ+1d9t17paIPWLXrG9VVD
+ctPG6lWaOP3d8MSCeATnGQuAa9a7yD2nmWerfKDjE4q9326VtktVJU1z1OpHilpJ
+1lyrU8fntIySO/3EuzljwBgg5IOOZuEtFDUirGJYUiMNGjyF3mCjb5rMQPTnOAAB
+gAfBPWpeaWqlvlXiHy3jV5qgOyq6guTmT8Mcj0+/sMdLt2t8iaamraihpYK6domF
+LBKNlMjR5XIJJBIxhCeMk4PwtOAYNktG/Zi8jMTkk5PVvW4tBVGjFRsAiIyrFwMj
+OMjn/wDYP4PX2roKu33MUtUgiqcKSgcErkZAODweRweR8467M5pdfQCTgDJ/brfr
+be9BN5c88LzZIKxSCTH75HHvx7/H4xnRBZHO1sHkEqepJJs+8OodQUffSxdq7JQ1
+VTd7xHFHpfT6QiCC6Ljakhm4SOmRUIEQ2napyApwzddwvCX3kuHeGr1Fr7VNqsdt
++kiD0elZGqPLBQIdskqqqs+SC4Usc8Ag5LsRauqE8ZVg7XahobjSa7sNRUVVbtpw
+QiOgQVKTnlxKr7VCbiNxXgqdx861l04nZepe5xyG1S26anrK9N0brIRt8uKTJ/U3
+HBkXJU+lctnBopZya0bAHtHzlT63GcyHC3+EXTmqNE32HSRepajHki+X2slUQy7g
+BHBEm0SlmPJwRz7Ac9NBYajuZ4WO5qW3UtAn8rukwkeomAkhkkiJVAxYFXEblZMH
+KEqPvAKnoNQeK3WlDqg2KGtscFr0xcdlJVR2t1a7rBPmIGNf09ykB2zhWdQW3faU
+rvB4m7V3goIVvFuqLncGpRFDDMqxQQzOAPNcjJk2ZO0H3bLH+kDQVVIMhsH65zBx
+ZWW2QhSPz+ZJ7pC+33W/Z28JQRz096kovqC9Rl6ubf698nyJXj3YTJZA3JV2O1xu
+6SXnSGktMX3th25tOtu4twhWRBdqnyIKFdm5S2B/mIihvLJVY8Avgqi9Nd4X/JqO
+y9n7hUGpYrTUabiFLDLUYaC4jIUwDdy8m4BRLySRxkKMGvp3U+idUXiquMdtl01e
+6sYutDWwbZ1RicNEjezyH7Bjc27e3xhk1JrOCYd8cvgyEXVeqfF9LreoqL7pR6a9
+32sWO0Cln8wUzo4YskSsUlUqFTbICuCTjLk9KF18N2uprFEO8feCognvN4e4T6Rp
+TI1NJVyH9SQwxYjUhsA7FG7G1CBkrNk2kbHU6lWttFthasSMw+aVVxbk922k43OB
+nJ4GRgkDcemW1raNMx2yuvMlBJXzVdMaShWWl8408DZHoUDdLNKBhRwvqLHggNVF
+TkMT/Jm6V02H/Jlj/uRHaw0F250r2zudHo2KQUjBXlvFTTq1TX4PJij+1EZiQqjI
+wBktlQea7JeErvT301tWUfa/RMnn0itU1+rNQMYbdQyf0wxzbSrz4ZTtUMVJyQMD
+EnXZjse/djxz2ui1TZXotF2qikulfFMobzTHhIkDr6VG9jwpP2uQTkEScaz729pu
+xXZ64xmeht1ostI6UNBbmRvNdBkxoifIJ9R+CeT0F1OoYLWPEF6wbsERe32xPI14
+h+3tv7W+PHuD21t08typLHdxRsY5WkaScRoZVVmBZv1WdQSCxGMjPXIalnelp4IU
+hEsMkjbolJ2bgMNEpyS7DjzHBPPp3ZyelvvP3RXub4vNedy/p54p77fJ6zbJMvmI
+jHaq7k4yVAyR7DgEn1HgqvUH1zz1NVSlsU6U9IkYCRQKv9AH/b7kgYJzycE5UjOO
+YiYjY47RLN1qJ68VEzkzgYRUwiLgDbwPgYHA/AHWlHMUeWZ1M1QTwzHO0n3Y/k9a
+pOWJPuf26uziEgEHJ9sc9WmczGnf6Xz2yIySFYj7sf8A389YAcLwBn89XmaT6cxB
+isZxuUHg49v/AD1jDFc4xyMcjqST0lVNPNeP4g0V2ell/kcVpElPLVwoi0KOwRhG
+2N4aXlVQZZcM2AeenV8WtFqi5eB+6Lp2WisFwjpZf5fJUt5K2yJIyN8SLwJgueTh
+YwTk7iSELQ2pqK++KDUz2u3SVn0E62mzyVRIp4/LQPLIpIy7AsN8pGOQo/pXo0h2
+4W96JSm1W8Woa6f0+WYwIKdfcBVPBK5/q4HJA3c9OUdWJc+Y4twuAZ4v7lE1JVT0
+VQjNXxVDedMZCQ3twAQPnJ3fOR/dKBIORwejR8a/ZWq7VeMHU1JbLTUxadep85at
+432vLLlyckfOCcZzjJwBgdBiY3EAkK4QnAP5PSp1KtgxSRgwg+1PfPVujbpZaI3F
+ZrZbpjJSfWsZI6AEYZokJ2h/w2CQfbHv0ftF4oNH1el7TepLxWiptg5eaYLW3apf
+1MQpbKptwA7cKqljyyIYfw7eWI84TOcY6dTS1BeHvNsp9O6dOpbzcP06KNYDO6YI
+LOMH7h+4wvuf2Y09RcwCdwIRVc1Zk9ejvEPRag7dR/Xn+WwLtSSCWNnepdvsgiUj
+MjEeptwODgH2x0Q9HPp6t+gp7tcqAVdw9dSZKwK9NEw5UOTkM3sWHJAbAwvMXnZz
+sp3Lm1HZ9T2e7U2naahhFORcZ5qmnoo/ud3IKxtIcklI2YgYB9TkjpK7tD/izvlL
+crxrW96w09bZStVW0lClElZVhsNGkoY7sD0uVwieiNSSNha/t2LHAjZuoGOBiSsa
+pr+3WntDy2Sluto01aTAZLrfJ69KVUpwvqEZJAChMDGcKuCcscGAnxaeJLROraqv
+0X2sqJ7jYFBppLiA8cLxqftjLHdIrHLFiF3Ej3AwW58TWorRQ6nuGlbXQ7bsJdtw
+laoknSjiB9FNC0hJ25ALye7uTtO0ZYOf36XdTc1TGpT9Yut6hzlRK6yOR5aIrllA
+yRjABPv1j6rpNAJcylCuSDkZwDn/AH6t6rqupJK6+gZYDIH7nr58dXEjYAFwfk59
++pJPRl2r7gpb++0s99iWm1BJc8NY4FLvTDAaJTt+/CENxwGLsSzKWSWnTeo6K6aa
+oZ6RfLrKmnzCOCIkA5I+M45x7/nA68+vbvUlfWwPJS22nXWN2togM1PUBquo3K7w
+QK+QqkxhlmkHojRdvqP3S29jdd1k3bvS9PdEjs8qU0dNWUsYAIYekxxBjv2gjO4j
+Lkg/6MVxYvaN7l3GwnU+IXstbe43Z6tb/DFBd7w1NLFTSVEHmrTRuPXKU95ZmwAM
++3/t68o3fXtPVdre+V10/FDUy0EHKTzMHL84Y7gAD6sjjIBBGTg9e2Bo5LhaZEh2
+mlKlWQjiTjGzIPt8H/bPv1Ed45fDXTXLtxedZ6f0/JVallYQxVMEILgOcE8+lEQE
+gewHLYwADumOorNbfMO0Vk+DPNEqlpVXIBJxknAHRA9iNW3q2d1EsFoikrJ70UoR
+SUIZZKz/ALY2YFcRZG5+VDD7vTnDYa70bWaH1obNWO8ziIOJWhaNZOSCVDc7cjGS
+ATj2Ht1zFvuFba7mlXQVUtHUKCBJC5VsH3GRzyOl9bNRaD5EinVsyR+19/LnpXvb
+Yu3mobzs0ZUO1PWVNNI5SI7sbYsEMYw2V38b2y3pA9Jw697mUui+wS3G0eTTPWRC
+n0oTEqiIeWQs4jxghV3MrsMKPWASyjqGrWncfTeou0lnpqO1CHVTOTcq2UEkIg2x
+xqRhQMc7VGBzzyetO+94dV6i0skmoLpLeqryUpKYVj7hFCnuoUcbWbDPkZchVOVU
+g+lH6hVXsp9Xkf8ADNWf1Tne4uoaa7a1uKUtdNdYWqWmnrZxiSsmIwZD7+key5J4
+/wBSS25CiJSGy5JyMe3V80stTWSTzO0s0jFndjksTySesXXlrHaxyzdzB5cNmxsg
+lv6cHjq3qulOmkt0VrnMlO1VWMmE3yFEjBBBIAILMDtI/p98g9ZyRM6+59OPjr51
+XUklyAEldpZjwuPz1TKUmZHBBU4YfI6+rtAYkkMB6cfnqzqSQmPD73QbSnd3SCXV
+3qbdb7lmOljBHnLKNp3sOSkZxLtORhTgZwRLr4f+4b038QCn0bQXGs1bbKuDFPqG
+cFqioM+WSo2LyiqML5h55jVB7FoFdKXr/DevrbfjTCsFFMJTTMSFnHsY2I5CsCQf
+2z1Jj4OteXas0Jq6saop7DbrYf8A1K7CP1xU2d8EfmZBz5hZVTJaRn5KqvBFTYOD
+GND5BQz0v6Hu0dXYxTbBDHSxhZcuGwR7jI4yMc4OAcqM7Set3WdmoL/oyamqofq6
+cqSlOVyrtg+4+f8A4+MHnpn+zeuLFd+1NorJ7lS22ongRZoKt0hfzggyhU4AKLjc
+BwCcfsHjl1BYXllha9W4qyFEWO4xGQnjI5b3PyfgdXPpt2EEcYYzzdfxBfDdS6Up
+rfqmy2ysrKyNneulRAxWIlmJkKjGSzJwMLFGgABLDMQjeX5QADeZk5z7Y+OvYr4p
+9D6Y1h4XdV0sj0LUrW2Qy/TFJWkbGEUJn9Q5IwDwSMkY468fF2o3t+p7hQOVZ6ep
+eJijhxlWIOGAAPt7gDrXqmWwiweZVhwCIn59OPjr51cuBu3KTxxj89UuA4LKSPkf
+npfM5b1XW7NSrDRxSvKnnSDd5K8lV+M/gn8fj39x1q7XkkO1MnkkKPYdSSWqQJFL
+ZxnnHv1tvN9TIondykcXlwe3pAPAP7cnPWu8bIVyrAFQwyMZB6vaoqGt0VI0rtTR
+yNJHGT6VZgAxH7kKuf8AQdSSY2YhPL4wpPt8/wB+vrsWCDIwqjGBjrHg/jqsH8dS
+SV1XVYP46rB/HUkn/9mJAUEEEwECACsCGy8FCQeGH4AGCwkIBwMCBhUIAgkKCwQW
+AgMBAh4BAheABQJPR85KAhkBAAoJEF/yoWFKa6qtum4H/2GTkfeVkGjJU4RA5eOl
+/rPWO6aUTy8ZKxl8sh9cLXBbclKDQ1SqU6JBbwk/VvuVUJkNtGzeT8VYE6aA3QNA
+cOP+rTCzIqD/3kZGKSgQE80BE1K2lL/n5Ud2LV7QCymiLAnoHooLXLEQGU+SPsD/
+Y3Z3Y3z8M8Nyasa6xVRfTD2coIvUA+G4ubch3AxHLzmuhqUuxvr8s180qmpLz5FO
+OoWX+hlhZzS2dQm46o3Qsau1+bx5dvZwrevAOU/ot2k4+cxc1FQMQgEVry49D0VI
+AoD7DAE9P1orU2WACd+0W47mWQIyhyIZ6C6r/EMzIX1wfmsFsj8RZOQiPusUXXQ7
+joO5AQ0ET0YK3wEIAMvNE42CufNUAzkijz7iruW1G2IJkvUw0MEiFAZpEoiEk7rU
+r6Wm/8m7oz9VwhLLsvFd9wyGOZC2NZPsotMcgF0GE4MYM5QrPdby/muQ2LahRk8q
+hVgNdP0fQ2EEEABnjf2Liuvkauoe9EYw37vT1QZLv+cWXd570R5pVSiIKYtY+ZnW
+uC3Ul8torSZ7yTMG1kKheVf5qDvyecco1VmXa3EpzyY170hQcQ8RIj5kgm2NnqSC
+TajdT6XLNw5Y1ZeHDsfdNlI/vAQRmTEp/q16jU/LmfU+jqmVPj0HHbwMKa+BioY9
+g48anrSFNgZtRJNZLuwbB1WedYEJY3qjNXGnqrEAEQEAAYkCRAQYAQIADwUCT0YK
+3wIbLgUJB4YfgAEpCRBf8qFhSmuqrcBdIAQZAQIABgUCT0YK3wAKCRCIVfuxa8QS
+Q2OYCACuS0W+pLNKBvL2EDVC1obss8rDB8DiZlT9qWAtYWam3/j3yrNWMiyGv4JI
+44ZhXrSFQxcSTEV9eP//vnmsRELoS7YwFurjxEIwExYEJF8uamFOa+3jlieT4Zvj
+91xIwbLxQ7Pjl4W27OVUKJKEu0dmHqQWu6KXmgIyKW+TNx9z7pYx3HA5Cn9h1vL7
+aM9Bc8xXEKGAA90BOpUOAM3hSdbzymlaExRwoUcKMMHnPi8a+bX4NFzXZhUkO2Ud
+PJk7Q01UMvcq6CEy2PRQCRauiE9sltNgx3N0i4yCqXyml6EY9h9v0eoPn4onDLLt
+EFqYTe7ZlhO+lLlwShgvfTYdyCDGNykIALw1PaLW1uG2S7kjftPAejab2UKquQTD
+l7IIUFvHy8tjnJ3gtpK8NIypEyjsm5MhbZPFlmdfRyG/Mr9jVdWTdsBxfrGzUic8
+ggFrR4BL/zwCOC8WntlatAICIdk8HyLAzf/iKi0soVG4QtOxb7aBR6K2PQWfE3SN
+FZ6/PmmT3aCovwTlCGN0epMnZeUQ0cN5La5ea93wgzR04YBC5SH9pB/mGcN4OF2g
+/skXkg6DbDaFUrv3/nKnIzFptjyC+qKKV5976/BhvTDUbKQjDLx0ELYKgzfcr+5t
+Yr1aTjn6KMAcsSmMcYdcrJKClIdqQnzQEKRbANJygs+a1XSAB21NKdQ=
+=RtWL
+-----END PGP PUBLIC KEY BLOCK-----
+]]></programlisting>

Property changes on: projects/entities/share/pgpkeys/girgen.key
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/entities/share/pgpkeys/pgpkeys-developers.xml
===================================================================
--- projects/entities/share/pgpkeys/pgpkeys-developers.xml	(revision 41353)
+++ projects/entities/share/pgpkeys/pgpkeys-developers.xml	(revision 41354)
@@ -1,1948 +1,1958 @@
 <!--
      The FreeBSD Documentation Project
 
      $FreeBSD$
 -->
 
     <sect2 id="pgpkey-ariff">
       <title>&a.ariff.email;</title>
       &pgpkey.ariff;
     </sect2>
 
     <sect2 id="pgpkey-tabthorpe">
       <title>&a.tabthorpe.email;</title>
       &pgpkey.tabthorpe;
     </sect2>
 
     <sect2 id="pgpkey-eadler">
       <title>&a.eadler.email;</title>
       &pgpkey.eadler;
     </sect2>
 
     <sect2 id="pgpkey-shaun">
       <title>&a.shaun.email;</title>
       &pgpkey.shaun;
     </sect2>
 
     <sect2 id="pgpkey-brix">
       <title>&a.brix.email;</title>
       &pgpkey.brix;
     </sect2>
 
     <sect2 id="pgpkey-mandree">
       <title>&a.mandree.email;</title>
       &pgpkey.mandree;
     </sect2>
 
     <sect2 id="pgpkey-will">
       <title>&a.will.email;</title>
       &pgpkey.will;
     </sect2>
 
     <sect2 id="pgpkey-dim">
       <title>&a.dim.email;</title>
       &pgpkey.dim;
     </sect2>
 
     <sect2 id="pgpkey-anholt">
       <title>&a.anholt.email;</title>
       &pgpkey.anholt;
     </sect2>
 
     <sect2 id="pgpkey-mva">
       <title>&a.mva.email;</title>
       &pgpkey.mva;
     </sect2>
 
     <sect2 id="pgpkey-araujo">
       <title>&a.araujo.email;</title>
       &pgpkey.araujo;
     </sect2>
 
     <sect2 id="pgpkey-mat">
       <title>&a.mat.email;</title>
       &pgpkey.mat;
     </sect2>
 
     <sect2 id="pgpkey-asami">
       <title>&a.asami.email;</title>
       &pgpkey.asami;
     </sect2>
 
     <sect2 id="pgpkey-gavin">
       <title>&a.gavin.email;</title>
       &pgpkey.gavin;
     </sect2>
 
     <sect2 id="pgpkey-jsa">
       <title>&a.jsa.email;</title>
       &pgpkey.jsa;
     </sect2>
 
     <sect2 id="pgpkey-jadawin">
       <title>&a.jadawin.email;</title>
       &pgpkey.jadawin;
     </sect2>
 
     <sect2 id="pgpkey-timur">
       <title>&a.timur.email;</title>
       &pgpkey.timur;
     </sect2>
 
     <sect2 id="pgpkey-gjb">
       <title>&a.gjb.email;</title>
       &pgpkey.gjb;
     </sect2>
 
     <sect2 id="pgpkey-snb">
       <title>&a.snb.email;</title>
       &pgpkey.snb;
     </sect2>
 
     <sect2 id="pgpkey-barner">
       <title>&a.barner.email;</title>
       &pgpkey.barner;
     </sect2>
 
     <sect2 id="pgpkey-art">
       <title>&a.art.email;</title>
       &pgpkey.art;
     </sect2>
 
     <sect2 id="pgpkey-tobez">
       <title>&a.tobez.email;</title>
       &pgpkey.tobez;
     </sect2>
 
     <sect2 id="pgpkey-damien">
       <title>&a.damien.email;</title>
       &pgpkey.damien;
     </sect2>
 
     <sect2 id="pgpkey-tdb">
       <title>&a.tdb.email;</title>
       &pgpkey.tdb;
     </sect2>
 
     <sect2 id="pgpkey-gblach">
       <title>&a.gblach.email;</title>
       &pgpkey.gblach;
     </sect2>
 
     <sect2 id="pgpkey-mbr">
       <title>&a.mbr.email;</title>
       &pgpkey.mbr;
     </sect2>
 
     <sect2 id="pgpkey-wblock">
       <title>&a.wblock.email;</title>
       &pgpkey.wblock;
     </sect2>
 
     <sect2 id="pgpkey-bvs">
       <title>&a.bvs.email;</title>
       &pgpkey.bvs;
     </sect2>
 
     <sect2 id="pgpkey-novel">
       <title>&a.novel.email;</title>
       &pgpkey.novel;
     </sect2>
 
     <sect2 id="pgpkey-garga">
       <title>&a.garga.email;</title>
       &pgpkey.garga;
     </sect2>
 
     <sect2 id="pgpkey-alexbl">
       <title>&a.alexbl.email;</title>
       &pgpkey.alexbl;
     </sect2>
 
     <sect2 id="pgpkey-sbz">
       <title>&a.sbz.email;</title>
       &pgpkey.sbz;
     </sect2>
 
     <sect2 id="pgpkey-ebrandi">
       <title>&a.ebrandi.email;</title>
       &pgpkey.ebrandi;
     </sect2>
 
     <sect2 id="pgpkey-harti">
       <title>&a.harti.email;</title>
       &pgpkey.harti;
     </sect2>
 
     <sect2 id="pgpkey-obraun">
       <title>&a.obraun.email;</title>
       &pgpkey.obraun;
     </sect2>
 
     <sect2 id="pgpkey-makc">
       <title>&a.makc.email;</title>
       &pgpkey.makc;
     </sect2>
 
     <sect2 id="pgpkey-jmb">
       <title>&a.jmb.email;</title>
       &pgpkey.jmb;
     </sect2>
 
     <sect2 id="pgpkey-antoine">
       <title>&a.antoine.email;</title>
       &pgpkey.antoine;
     </sect2>
 
     <sect2 id="pgpkey-db">
       <title>&a.db.email;</title>
       &pgpkey.db;
     </sect2>
 
     <sect2 id="pgpkey-brueffer">
       <title>&a.brueffer.email;</title>
       &pgpkey.brueffer;
     </sect2>
 
     <sect2 id="pgpkey-markus">
       <title>&a.markus.email;</title>
       &pgpkey.markus;
     </sect2>
 
     <sect2 id="pgpkey-sbruno">
       <title>&a.sbruno.email;</title>
       &pgpkey.sbruno;
     </sect2>
 
     <sect2 id="pgpkey-oleg">
       <title>&a.oleg.email;</title>
       &pgpkey.oleg;
     </sect2>
 
     <sect2 id="pgpkey-bushman">
       <title>&a.bushman.email;</title>
       &pgpkey.bushman;
     </sect2>
 
     <sect2 id="pgpkey-jchandra">
       <title>&a.jchandra.email;</title>
       &pgpkey.jchandra;
     </sect2>
 
     <sect2 id="pgpkey-jcamou">
       <title>&a.jcamou.email;</title>
       &pgpkey.jcamou;
     </sect2>
 
     <sect2 id="pgpkey-acm">
       <title>&a.acm.email;</title>
       &pgpkey.acm;
     </sect2>
 
     <sect2 id="pgpkey-gahr">
       <title>&a.gahr.email;</title>
       &pgpkey.gahr;
     </sect2>
 
 <!--
     <sect2 id="pgpkey-koitsu">
       <title>&a.koitsu.email;</title>
       &pgpkey.koitsu;
     </sect2>
 -->
 
     <sect2 id="pgpkey-dchagin">
       <title>&a.dchagin.email;</title>
       &pgpkey.dchagin;
     </sect2>
 
     <sect2 id="pgpkey-perky">
       <title>&a.perky.email;</title>
       &pgpkey.perky;
     </sect2>
 
     <sect2 id="pgpkey-jon">
       <title>&a.jon.email;</title>
       &pgpkey.jon;
     </sect2>
 
     <sect2 id="pgpkey-jonathan">
       <title>&a.jonathan.email;</title>
       &pgpkey.jonathan;
     </sect2>
 
     <sect2 id="pgpkey-loader">
       <title>&a.loader.email;</title>
       &pgpkey.loader;
     </sect2>
 
     <sect2 id="pgpkey-luoqi">
       <title>&a.luoqi.email;</title>
       &pgpkey.luoqi;
     </sect2>
 
     <sect2 id="pgpkey-ache">
       <title>&a.ache.email;</title>
       &pgpkey.ache;
     </sect2>
 
     <sect2 id="pgpkey-melifaro">
       <title>&a.melifaro.email;</title>
       &pgpkey.melifaro;
     </sect2>
 
     <sect2 id="pgpkey-seanc">
       <title>&a.seanc.email;</title>
       &pgpkey.seanc;
     </sect2>
 
     <sect2 id="pgpkey-cjh">
       <title>&a.cjh.email;</title>
       &pgpkey.cjh;
     </sect2>
 
     <sect2 id="pgpkey-cjc">
       <title>&a.cjc.email;</title>
       &pgpkey.cjc;
     </sect2>
 
     <sect2 id="pgpkey-marcus">
       <title>&a.marcus.email;</title>
       &pgpkey.marcus;
     </sect2>
 
     <sect2 id="pgpkey-nik">
       <title>&a.nik.email;</title>
       &pgpkey.nik;
     </sect2>
 
     <sect2 id="pgpkey-benjsc">
       <title>&a.benjsc.email;</title>
       &pgpkey.benjsc;
     </sect2>
 
     <sect2 id="pgpkey-tijl">
       <title>&a.tijl.email;</title>
       &pgpkey.tijl;
     </sect2>
 
     <sect2 id="pgpkey-rakuco">
       <title>&a.rakuco.email;</title>
       &pgpkey.rakuco;
     </sect2>
 
     <sect2 id="pgpkey-brucec">
       <title>&a.brucec.email;</title>
       &pgpkey.brucec;
     </sect2>
 
     <sect2 id="pgpkey-culot">
       <title>&a.culot.email;</title>
       &pgpkey.culot;
     </sect2>
 
     <sect2 id="pgpkey-aaron">
       <title>&a.aaron.email;</title>
       &pgpkey.aaron;
     </sect2>
 
     <sect2 id="pgpkey-bapt">
       <title>&a.bapt.email;</title>
       &pgpkey.bapt;
     </sect2>
 
     <sect2 id="pgpkey-ceri">
       <title>&a.ceri.email;</title>
       &pgpkey.ceri;
     </sect2>
 
     <sect2 id="pgpkey-brd">
       <title>&a.brd.email;</title>
       &pgpkey.brd;
     </sect2>
 
     <sect2 id="pgpkey-pjd">
       <title>&a.pjd.email;</title>
       &pgpkey.pjd;
     </sect2>
 
     <sect2 id="pgpkey-bsd">
       <title>&a.bsd.email;</title>
       &pgpkey.bsd;
     </sect2>
 
     <sect2 id="pgpkey-carl">
       <title>&a.carl;</title>
       &pgpkey.carl;
     </sect2>
 
     <sect2 id="pgpkey-vd">
       <title>&a.vd.email;</title>
       &pgpkey.vd;
     </sect2>
 
     <sect2 id="pgpkey-rdivacky">
       <title>&a.rdivacky.email;</title>
       &pgpkey.rdivacky;
     </sect2>
 
     <sect2 id="pgpkey-danfe">
       <title>&a.danfe.email;</title>
       &pgpkey.danfe;
     </sect2>
 
     <sect2 id="pgpkey-dd">
       <title>&a.dd.email;</title>
       &pgpkey.dd;
     </sect2>
 
     <sect2 id="pgpkey-bdrewery">
       <title>&a.bdrewery.email;</title>
       &pgpkey.bdrewery;
     </sect2>
 
     <sect2 id="pgpkey-olivierd">
       <title>&a.olivierd.email;</title>
       &pgpkey.olivierd;
     </sect2>
 
     <sect2 id="pgpkey-bruno">
       <title>&a.bruno.email;</title>
       &pgpkey.bruno;
     </sect2>
 
     <sect2 id="pgpkey-ale">
       <title>&a.ale.email;</title>
       &pgpkey.ale;
     </sect2>
 
     <sect2 id="pgpkey-peadar">
       <title>&a.peadar.email;</title>
       &pgpkey.peadar;
     </sect2>
 
     <sect2 id="pgpkey-deischen">
       <title>&a.deischen.email;</title>
       &pgpkey.deischen;
     </sect2>
 
     <sect2 id="pgpkey-josef">
       <title>&a.josef.email;</title>
       &pgpkey.josef;
     </sect2>
 
     <sect2 id="pgpkey-lme">
       <title>&a.lme.email;</title>
       &pgpkey.lme;
     </sect2>
 
     <sect2 id="pgpkey-ue">
       <title>&a.ue.email;</title>
       &pgpkey.ue;
     </sect2>
 
     <sect2 id="pgpkey-ru">
       <title>&a.ru.email;</title>
       &pgpkey.ru;
     </sect2>
 
     <sect2 id="pgpkey-le">
       <title>&a.le.email;</title>
       &pgpkey.le;
     </sect2>
 
     <sect2 id="pgpkey-bf">
       <title>&a.bf.email;</title>
       &pgpkey.bf;
     </sect2>
 
     <sect2 id="pgpkey-madpilot">
       <title>&a.madpilot.email;</title>
       &pgpkey.madpilot;
     </sect2>
 
     <sect2 id="pgpkey-rafan">
       <title>&a.rafan.email;</title>
       &pgpkey.rafan;
     </sect2>
 
     <sect2 id="pgpkey-stefanf">
       <title>&a.stefanf.email;</title>
       &pgpkey.stefanf;
     </sect2>
 
     <sect2 id="pgpkey-farrokhi">
       <title>&a.farrokhi.email;</title>
       &pgpkey.farrokhi;
     </sect2>
 
     <sect2 id="pgpkey-jedgar">
       <title>&a.jedgar.email;</title>
       &pgpkey.jedgar;
     </sect2>
 
     <sect2 id="pgpkey-green">
       <title>&a.green.email;</title>
       &pgpkey.green;
     </sect2>
 
     <sect2 id="pgpkey-lioux">
       <title>&a.lioux.email;</title>
       &pgpkey.lioux;
     </sect2>
 
     <sect2 id="pgpkey-mdf">
       <title>&a.mdf.email;</title>
       &pgpkey.mdf;
     </sect2>
 
     <sect2 id="pgpkey-fanf">
       <title>&a.fanf.email;</title>
       &pgpkey.fanf;
     </sect2>
 
     <sect2 id="pgpkey-blackend">
       <title>&a.blackend.email;</title>
       &pgpkey.blackend;
     </sect2>
 
     <sect2 id="pgpkey-petef">
       <title>&a.petef.email;</title>
       &pgpkey.petef;
     </sect2>
 
     <sect2 id="pgpkey-decke">
       <title>&a.decke.email;</title>
       &pgpkey.decke;
     </sect2>
 
     <sect2 id="pgpkey-billf">
       <title>&a.billf.email;</title>
       &pgpkey.billf;
     </sect2>
 
     <sect2 id="pgpkey-avg">
       <title>&a.avg.email;</title>
       &pgpkey.avg;
     </sect2>
 
     <sect2 id="pgpkey-beat">
       <title>&a.beat.email;</title>
       &pgpkey.beat;
     </sect2>
 
     <sect2 id="pgpkey-danger">
       <title>&a.danger.email;</title>
       &pgpkey.danger;
     </sect2>
 
     <sect2 id="pgpkey-sjg">
       <title>&a.sjg.email;</title>
       &pgpkey.sjg;
     </sect2>
 
     <sect2 id="pgpkey-gibbs">
       <title>&a.gibbs.email;</title>
       &pgpkey.gibbs;
     </sect2>
 
     <sect2 id="pgpkey-pfg">
       <title>&a.pfg.email;</title>
       &pgpkey.pfg;
     </sect2>
 
+    <sect2 id="pgpkey-girgen">
+      <title>&a.girgen;</title>
+      &pgpkey.girgen;
+    </sect2>
+
     <sect2 id="pgpkey-pgollucci">
       <title>&a.pgollucci.email;</title>
       &pgpkey.pgollucci;
     </sect2>
 
     <sect2 id="pgpkey-daichi">
       <title>&a.daichi.email;</title>
       &pgpkey.daichi;
     </sect2>
 
     <sect2 id="pgpkey-mnag">
       <title>&a.mnag.email;</title>
       &pgpkey.mnag;
     </sect2>
 
     <sect2 id="pgpkey-grehan">
       <title>&a.grehan.email;</title>
       &pgpkey.grehan;
     </sect2>
 
     <sect2 id="pgpkey-jamie">
       <title>&a.jamie.email;</title>
       &pgpkey.jamie;
     </sect2>
 
     <sect2 id="pgpkey-bar">
       <title>&a.bar.email;</title>
       &pgpkey.bar;
     </sect2>
 
     <sect2 id="pgpkey-jmg">
       <title>&a.jmg.email;</title>
       &pgpkey.jmg;
     </sect2>
 
     <sect2 id="pgpkey-mjg">
       <title>&a.mjg.email;</title>
       &pgpkey.mjg;
     </sect2>
 
     <sect2 id="pgpkey-jhale">
       <title>&a.jhale.email;</title>
       &pgpkey.jhale;
     </sect2>
 
     <sect2 id="pgpkey-dannyboy">
       <title>&a.dannyboy.email;</title>
       &pgpkey.dannyboy;
     </sect2>
 
     <sect2 id="pgpkey-dhartmei">
       <title>&a.dhartmei.email;</title>
       &pgpkey.dhartmei;
     </sect2>
 
     <sect2 id="pgpkey-ohauer">
       <title>&a.ohauer.email;</title>
       &pgpkey.ohauer;
     </sect2>
 
     <sect2 id="pgpkey-ehaupt">
       <title>&a.ehaupt.email;</title>
       &pgpkey.ehaupt;
     </sect2>
 
     <sect2 id="pgpkey-jhay">
       <title>&a.jhay.email;</title>
       &pgpkey.jhay;
     </sect2>
 
     <sect2 id="pgpkey-sheldonh">
       <title>&a.sheldonh.email;</title>
       &pgpkey.sheldonh;
     </sect2>
 
     <sect2 id="pgpkey-mikeh">
       <title>&a.mikeh.email;</title>
       &pgpkey.mikeh;
     </sect2>
 
     <sect2 id="pgpkey-mheinen">
       <title>&a.mheinen.email;</title>
       &pgpkey.mheinen;
     </sect2>
 
     <sect2 id="pgpkey-niels">
       <title>&a.niels.email;</title>
       &pgpkey.niels;
     </sect2>
 
     <sect2 id="pgpkey-jh">
       <title>&a.jh.email;</title>
       &pgpkey.jh;
     </sect2>
 
     <sect2 id="pgpkey-jgh">
       <title>&a.jgh.email;</title>
       &pgpkey.jgh;
     </sect2>
 
     <sect2 id="pgpkey-ghelmer">
       <title>&a.ghelmer.email;</title>
       &pgpkey.ghelmer;
     </sect2>
 
     <sect2 id="pgpkey-mux">
       <title>&a.mux.email;</title>
       &pgpkey.mux;
     </sect2>
 
     <sect2 id="pgpkey-wen">
       <title>&a.wen.email;</title>
       &pgpkey.wen;
     </sect2>
 
     <sect2 id="pgpkey-dhn">
       <title>&a.dhn.email;</title>
       &pgpkey.dhn;
     </sect2>
 
     <sect2 id="pgpkey-jhibbits">
       <title>&a.jhibbits.email;</title>
       &pgpkey.jhibbits;
     </sect2>
 
     <sect2 id="pgpkey-pho">
       <title>&a.pho.email;</title>
       &pgpkey.pho;
     </sect2>
 
     <sect2 id="pgpkey-mich">
       <title>&a.mich.email;</title>
       &pgpkey.mich;
     </sect2>
 
     <sect2 id="pgpkey-sunpoet">
       <title>&a.sunpoet.email;</title>
       &pgpkey.sunpoet;
     </sect2>
 
     <sect2 id="pgpkey-lwhsu">
       <title>&a.lwhsu.email;</title>
       &pgpkey.lwhsu;
     </sect2>
 
     <sect2 id="pgpkey-foxfair">
       <title>&a.foxfair.email;</title>
       &pgpkey.foxfair;
     </sect2>
 
     <sect2 id="pgpkey-chinsan">
       <title>&a.chinsan.email;</title>
       &pgpkey.chinsan;
     </sect2>
 
     <sect2 id="pgpkey-davide">
       <title>&a.davide.email;</title>
       &pgpkey.davide;
     </sect2>
 
     <sect2 id="pgpkey-jkh">
       <title>&a.jkh.email;</title>
       &pgpkey.jkh;
     </sect2>
 
     <sect2 id="pgpkey-versus">
       <title>&a.versus.email;</title>
       &pgpkey.versus;
     </sect2>
 
     <sect2 id="pgpkey-weongyo">
       <title>&a.weongyo.email;</title>
       &pgpkey.weongyo;
     </sect2>
 
     <sect2 id="pgpkey-peterj">
       <title>&a.peterj.email;</title>
       &pgpkey.peterj;
     </sect2>
 
     <sect2 id="pgpkey-jinmei">
       <title>&a.jinmei.email;</title>
       &pgpkey.jinmei;
     </sect2>
 
     <sect2 id="pgpkey-ahze">
       <title>&a.ahze.email;</title>
       &pgpkey.ahze;
     </sect2>
 
     <sect2 id="pgpkey-markj">
       <title>&a.markj.email;</title>
       &pgpkey.markj;
     </sect2>
 
     <sect2 id="pgpkey-trevor">
       <title>&a.trevor.email;</title>
       &pgpkey.trevor;
     </sect2>
 
     <sect2 id="pgpkey-tj">
       <title>&a.tj.email;</title>
       &pgpkey.tj;
     </sect2>
 
     <sect2 id="pgpkey-kan">
       <title>&a.kan.email;</title>
       &pgpkey.kan;
     </sect2>
 
     <sect2 id="pgpkey-bjk">
       <title>&a.bjk.email;</title>
       &pgpkey.bjk;
     </sect2>
 
     <sect2 id="pgpkey-phk">
       <title>&a.phk.email;</title>
       &pgpkey.phk;
     </sect2>
 
     <sect2 id="pgpkey-pluknet">
       <title>&a.pluknet.email;</title>
       &pgpkey.pluknet;
     </sect2>
 
     <sect2 id="pgpkey-cokane">
       <title>&a.cokane.email;</title>
       &pgpkey.cokane;
     </sect2>
 
     <sect2 id="pgpkey-kato">
       <title>&a.kato.email;</title>
       &pgpkey.kato;
     </sect2>
 
     <sect2 id="pgpkey-joe">
       <title>&a.joe.email;</title>
       &pgpkey.joe;
     </sect2>
 
     <sect2 id="pgpkey-vkashyap">
       <title>&a.vkashyap.email;</title>
       &pgpkey.vkashyap;
     </sect2>
 
     <sect2 id="pgpkey-kris">
       <title>&a.kris.email;</title>
       &pgpkey.kris;
     </sect2>
 
     <sect2 id="pgpkey-keramida">
       <title>&a.keramida.email;</title>
       &pgpkey.keramida;
     </sect2>
 
     <sect2 id="pgpkey-fjoe">
       <title>&a.fjoe.email;</title>
       &pgpkey.fjoe;
     </sect2>
 
     <sect2 id="pgpkey-manolis">
       <title>&a.manolis.email;</title>
       &pgpkey.manolis;
     </sect2>
 
     <sect2 id="pgpkey-jkim">
       <title>&a.jkim.email;</title>
       &pgpkey.jkim;
     </sect2>
 
     <sect2 id="pgpkey-zack">
       <title>&a.zack.email;</title>
       &pgpkey.zack;
     </sect2>
 
     <sect2 id="pgpkey-jceel">
       <title>&a.jceel.email;</title>
       &pgpkey.jceel;
     </sect2>
 
     <sect2 id="pgpkey-andreas">
       <title>&a.andreas.email;</title>
       &pgpkey.andreas;
     </sect2>
 
     <sect2 id="pgpkey-jkois">
       <title>&a.jkois.email;</title>
       &pgpkey.jkois;
     </sect2>
 
     <sect2 id="pgpkey-sergei">
       <title>&a.sergei.email;</title>
       &pgpkey.sergei;
     </sect2>
 
     <sect2 id="pgpkey-maxim">
       <title>&a.maxim.email;</title>
       &pgpkey.maxim;
     </sect2>
 
     <sect2 id="pgpkey-taras">
       <title>&a.taras.email;</title>
       &pgpkey.taras;
     </sect2>
 
     <sect2 id="pgpkey-jkoshy">
       <title>&a.jkoshy.email;</title>
       &pgpkey.jkoshy;
     </sect2>
 
     <sect2 id="pgpkey-wkoszek">
       <title>&a.wkoszek.email;</title>
       &pgpkey.wkoszek;
     </sect2>
 
     <sect2 id="pgpkey-ak">
       <title>&a.ak.email;</title>
       &pgpkey.ak;
     </sect2>
 
     <sect2 id="pgpkey-skreuzer">
       <title>&a.skreuzer.email;</title>
       &pgpkey.skreuzer;
     </sect2>
 
     <sect2 id="pgpkey-gabor">
       <title>&a.gabor.email;</title>
       &pgpkey.gabor;
     </sect2>
 
     <sect2 id="pgpkey-anchie">
       <title>&a.anchie.email;</title>
       &pgpkey.anchie;
     </sect2>
 
     <sect2 id="pgpkey-rik">
       <title>&a.rik.email;</title>
       &pgpkey.rik;
     </sect2>
 
     <sect2 id="pgpkey-rushani">
       <title>&a.rushani.email;</title>
       &pgpkey.rushani;
     </sect2>
 
     <sect2 id="pgpkey-kuriyama">
       <title>&a.kuriyama.email;</title>
       &pgpkey.kuriyama;
     </sect2>
 
     <sect2 id="pgpkey-rene">
       <title>&a.rene.email;</title>
       &pgpkey.rene;
     </sect2>
 
     <sect2 id="pgpkey-jlaffaye">
       <title>&a.jlaffaye.email;</title>
       &pgpkey.jlaffaye;
     </sect2>
 
     <sect2 id="pgpkey-clement">
       <title>&a.clement.email;</title>
       &pgpkey.clement;
     </sect2>
 
     <sect2 id="pgpkey-mlaier">
       <title>&a.mlaier.email;</title>
       &pgpkey.mlaier;
     </sect2>
 
     <sect2 id="pgpkey-erwin">
       <title>&a.erwin.email;</title>
       &pgpkey.erwin;
     </sect2>
 
     <sect2 id="pgpkey-martymac">
       <title>&a.martymac.email;</title>
       &pgpkey.martymac;
     </sect2>
 
     <sect2 id="pgpkey-glarkin">
       <title>&a.glarkin.email;</title>
       &pgpkey.glarkin;
     </sect2>
 
     <sect2 id="pgpkey-laszlof">
       <title>&a.laszlof.email;</title>
       &pgpkey.laszlof;
     </sect2>
 
     <sect2 id="pgpkey-dru">
       <title>&a.dru;</title>
       &pgpkey.dru;
     </sect2>
 
     <sect2 id="pgpkey-lawrance">
       <title>&a.lawrance.email;</title>
       &pgpkey.lawrance;
     </sect2>
 
     <sect2 id="pgpkey-njl">
       <title>&a.njl.email;</title>
       &pgpkey.njl;
     </sect2>
 
     <sect2 id="pgpkey-jlh">
       <title>&a.jlh.email;</title>
       &pgpkey.jlh;
     </sect2>
 
     <sect2 id="pgpkey-leeym">
       <title>&a.leeym.email;</title>
       &pgpkey.leeym;
     </sect2>
 
     <sect2 id="pgpkey-sam">
       <title>&a.sam.email;</title>
       &pgpkey.sam;
     </sect2>
 
     <sect2 id="pgpkey-jylefort">
       <title>&a.jylefort.email;</title>
       &pgpkey.jylefort;
     </sect2>
 
     <sect2 id="pgpkey-netchild">
       <title>&a.netchild.email;</title>
       &pgpkey.netchild;
     </sect2>
 
     <sect2 id="pgpkey-ae">
       <title>&a.ae.email;</title>
       &pgpkey.ae;
     </sect2>
 
     <sect2 id="pgpkey-lesi">
       <title>&a.lesi.email;</title>
       &pgpkey.lesi;
     </sect2>
 
     <sect2 id="pgpkey-achim">
       <title>&a.achim;</title>
       &pgpkey.achim;
     </sect2>
 
     <sect2 id="pgpkey-cel">
       <title>&a.cel.email;</title>
       &pgpkey.cel;
     </sect2>
 
     <sect2 id="pgpkey-glewis">
       <title>&a.glewis.email;</title>
       &pgpkey.glewis;
     </sect2>
 
     <sect2 id="pgpkey-delphij">
       <title>&a.delphij.email;</title>
       &pgpkey.delphij;
     </sect2>
 
     <sect2 id="pgpkey-avatar">
       <title>&a.avatar.email;</title>
       &pgpkey.avatar;
     </sect2>
 
     <sect2 id="pgpkey-ijliao">
       <title>&a.ijliao.email;</title>
       &pgpkey.ijliao;
     </sect2>
 
     <sect2 id="pgpkey-lulf">
       <title>&a.lulf.email;</title>
       &pgpkey.lulf;
     </sect2>
 
     <sect2 id="pgpkey-clive">
       <title>&a.clive.email;</title>
       &pgpkey.clive;
     </sect2>
 
     <sect2 id="pgpkey-pclin"> 
       <title>&a.pclin;</title>
       &pgpkey.pclin;
     </sect2>
 
     <sect2 id="pgpkey-yzlin">
       <title>&a.yzlin.email;</title>
       &pgpkey.yzlin;
     </sect2>
 
     <sect2 id="pgpkey-linimon">
       <title>&a.linimon.email;</title>
       &pgpkey.linimon;
     </sect2>
 
     <sect2 id="pgpkey-arved">
       <title>&a.arved.email;</title>
       &pgpkey.arved;
     </sect2>
 
     <sect2 id="pgpkey-dryice">
       <title>&a.dryice.email;</title>
       &pgpkey.dryice;
     </sect2>
 
     <sect2 id="pgpkey-nemoliu">
       <title>&a.nemoliu.email;</title>
       &pgpkey.nemoliu;
     </sect2>
 
     <sect2 id="pgpkey-zml">
       <title>&a.zml.email;</title>
       &pgpkey.zml;
     </sect2>
 
     <sect2 id="pgpkey-nox">
       <title>&a.nox.email;</title>
       &pgpkey.nox;
     </sect2>
 
     <sect2 id="pgpkey-remko">
       <title>&a.remko.email;</title>
       &pgpkey.remko;
     </sect2>
 
     <sect2 id="pgpkey-avl">
       <title>&a.avl.email;</title>
       &pgpkey.avl;
     </sect2>
 
     <sect2 id="pgpkey-issyl0">
       <title>&a.issyl0.email;</title>
       &pgpkey.issyl0;
     </sect2>
 
     <sect2 id="pgpkey-scottl">
       <title>&a.scottl.email;</title>
       &pgpkey.scottl;
     </sect2>
 
     <sect2 id="pgpkey-rmacklem">
       <title>&a.rmacklem.email;</title>
       &pgpkey.rmacklem;
     </sect2>
 
     <sect2 id="pgpkey-bmah">
       <title>&a.bmah.email;</title>
       &pgpkey.bmah;
     </sect2>
 
     <sect2 id="pgpkey-rm">
       <title>&a.rm.email;</title>
       &pgpkey.rm;
     </sect2>
 
     <sect2 id="pgpkey-mtm">
       <title>&a.mtm.email;</title>
       &pgpkey.mtm;
     </sect2>
 
     <sect2 id="pgpkey-dwmalone">
       <title>&a.dwmalone.email;</title>
       &pgpkey.dwmalone;
     </sect2>
 
     <sect2 id="pgpkey-amdmi3">
       <title>&a.amdmi3.email;</title>
       &pgpkey.amdmi3;
     </sect2>
 
     <sect2 id="pgpkey-kwm">
       <title>&a.kwm.email;</title>
       &pgpkey.kwm;
     </sect2>
 
     <sect2 id="pgpkey-emaste">
       <title>&a.emaste.email;</title>
       &pgpkey.emaste;
     </sect2>
 
     <sect2 id="pgpkey-cherry">
       <title>&a.cherry.email;</title>
       &pgpkey.cherry;
     </sect2>
 
     <sect2 id="pgpkey-matusita">
       <title>&a.matusita.email;</title>
       &pgpkey.matusita;
     </sect2>
 
     <sect2 id="pgpkey-mm">
       <title>&a.mm.email;</title>
       &pgpkey.mm;
     </sect2>
 
     <sect2 id="pgpkey-sem">
       <title>&a.sem.email;</title>
       &pgpkey.sem;
     </sect2>
 
     <sect2 id="pgpkey-tmclaugh">
       <title>&a.tmclaugh.email;</title>
       &pgpkey.tmclaugh;
     </sect2>
 
     <sect2 id="pgpkey-jmelo">
       <title>&a.jmelo.email;</title>
       &pgpkey.jmelo;
     </sect2>
 
     <sect2 id="pgpkey-ken">
       <title>&a.ken.email;</title>
       &pgpkey.ken;
     </sect2>
 
     <sect2 id="pgpkey-dinoex">
       <title>&a.dinoex.email;</title>
       &pgpkey.dinoex;
     </sect2>
 
     <sect2 id="pgpkey-sanpei">
       <title>&a.sanpei.email;</title>
       &pgpkey.sanpei;
     </sect2>
 
     <sect2 id="pgpkey-rmh">
       <title>&a.rmh.email;</title>
       &pgpkey.rmh;
     </sect2>
 
     <sect2 id="pgpkey-stephen">
       <title>&a.stephen.email;</title>
       &pgpkey.stephen;
     </sect2>
 
     <sect2 id="pgpkey-marcel">
       <title>&a.marcel.email;</title>
       &pgpkey.marcel;
     </sect2>
 
     <sect2 id="pgpkey-kmoore">
       <title>&a.kmoore.email;</title>
       &pgpkey.kmoore;
     </sect2>
 
     <sect2 id="pgpkey-marck">
       <title>&a.marck.email;</title>
       &pgpkey.marck;
     </sect2>
 
     <sect2 id="pgpkey-mav">
       <title>&a.mav.email;</title>
       &pgpkey.mav;
     </sect2>
 
     <sect2 id="pgpkey-lippe">
       <title>&a.lippe.email;</title>
       &pgpkey.lippe;
     </sect2>
 
     <sect2 id="pgpkey-rich">
       <title>&a.rich.email;</title>
       &pgpkey.rich;
     </sect2>
 
     <sect2 id="pgpkey-knu">
       <title>&a.knu.email;</title>
       &pgpkey.knu;
     </sect2>
 
     <sect2 id="pgpkey-tmm">
       <title>&a.tmm.email;</title>
       &pgpkey.tmm;
     </sect2>
 
     <sect2 id="pgpkey-max">
       <title>&a.max.email;</title>
       &pgpkey.max;
     </sect2>
 
     <sect2 id="pgpkey-maho">
       <title>&a.maho.email;</title>
       &pgpkey.maho;
     </sect2>
 
     <sect2 id="pgpkey-yoichi">
       <title>&a.yoichi.email;</title>
       &pgpkey.yoichi;
     </sect2>
 
     <sect2 id="pgpkey-trasz">
       <title>&a.trasz.email;</title>
       &pgpkey.trasz;
     </sect2>
 
     <sect2 id="pgpkey-dbn">
       <title>&a.dbn;</title>
       &pgpkey.dbn;
     </sect2>
 
     <sect2 id="pgpkey-bland">
       <title>&a.bland.email;</title>
       &pgpkey.bland;
     </sect2>
 
     <sect2 id="pgpkey-gnn">
       <title>&a.gnn.email;</title>
       &pgpkey.gnn;
     </sect2>
 
     <sect2 id="pgpkey-simon">
       <title>&a.simon.email;</title>
       &pgpkey.simon;
     </sect2>
 
     <sect2 id="pgpkey-rnoland">
       <title>&a.rnoland.email;</title>
       &pgpkey.rnoland;
     </sect2>
 
     <sect2 id="pgpkey-anders">
       <title>&a.anders.email;</title>
       &pgpkey.anders;
     </sect2>
 
     <sect2 id="pgpkey-lofi">
       <title>&a.lofi.email;</title>
       &pgpkey.lofi;
     </sect2>
 
     <sect2 id="pgpkey-obrien">
       <title>&a.obrien.email;</title>
       &pgpkey.obrien;
     </sect2>
 
     <sect2 id="pgpkey-olgeni">
       <title>&a.olgeni.email;</title>
       &pgpkey.olgeni;
     </sect2>
 
     <sect2 id="pgpkey-philip">
       <title>&a.philip.email;</title>
       &pgpkey.philip;
     </sect2>
 
     <sect2 id="pgpkey-jpaetzel">
       <title>&a.jpaetzel.email;</title>
       &pgpkey.jpaetzel;
     </sect2>
 
     <sect2 id="pgpkey-pgj">
       <title>&a.pgj.email;</title>
       &pgpkey.pgj;
     </sect2>
 
     <sect2 id="pgpkey-hmp">
       <title>&a.hmp.email;</title>
       &pgpkey.hmp;
     </sect2>
 
     <sect2 id="pgpkey-fluffy">
       <title>&a.fluffy.email;</title>
       &pgpkey.fluffy;
     </sect2>
 
     <sect2 id="pgpkey-sat">
       <title>&a.sat.email;</title>
       &pgpkey.sat;
     </sect2>
 
     <sect2 id="pgpkey-np">
       <title>&a.np.email;</title>
       &pgpkey.np;
     </sect2>
 
     <sect2 id="pgpkey-rpaulo">
       <title>&a.rpaulo.email;</title>
       &pgpkey.rpaulo;
     </sect2>
 
     <sect2 id="pgpkey-mp">
       <title>&a.mp.email;</title>
       &pgpkey.mp;
     </sect2>
 
     <sect2 id="pgpkey-roam">
       <title>&a.roam.email;</title>
       &pgpkey.roam;
     </sect2>
 
     <sect2 id="pgpkey-den">
       <title>&a.den.email;</title>
       &pgpkey.den;
     </sect2>
 
     <sect2 id="pgpkey-csjp">
       <title>&a.csjp.email;</title>
       &pgpkey.csjp;
     </sect2>
 
     <sect2 id="pgpkey-gerald">
       <title>&a.gerald.email;</title>
       &pgpkey.gerald;
     </sect2>
 
     <sect2 id="pgpkey-jacula">
       <title>&a.jacula.email;</title>
       &pgpkey.jacula;
     </sect2>
 
     <sect2 id="pgpkey-jdp">
       <title>&a.jdp.email;</title>
       &pgpkey.jdp;
     </sect2>
 
     <sect2 id="pgpkey-krion">
       <title>&a.krion.email;</title>
       &pgpkey.krion;
     </sect2>
 
     <sect2 id="pgpkey-sepotvin">
       <title>&a.sepotvin.email;</title>
       &pgpkey.sepotvin;
     </sect2>
 
     <sect2 id="pgpkey-markp">
       <title>&a.markp.email;</title>
       &pgpkey.markp;
     </sect2>
 
     <sect2 id="pgpkey-alepulver">
       <title>&a.alepulver.email;</title>
       &pgpkey.alepulver;
     </sect2>
 
     <sect2 id="pgpkey-thomas">
       <title>&a.thomas.email;</title>
       &pgpkey.thomas;
     </sect2>
 
     <sect2 id="pgpkey-hq">
       <title>&a.hq.email;</title>
       &pgpkey.hq;
     </sect2>
 
     <sect2 id="pgpkey-dfr">
       <title>&a.dfr.email;</title>
       &pgpkey.dfr;
     </sect2>
 
     <sect2 id="pgpkey-lbr">
       <title>&a.lbr.email;</title>
       &pgpkey.lbr;
     </sect2>
 
     <sect2 id="pgpkey-crees">
       <title>&a.crees.email;</title>
       &pgpkey.crees;
     </sect2>
 
     <sect2 id="pgpkey-rees">
       <title>&a.rees.email;</title>
       &pgpkey.rees;
     </sect2>
 
     <sect2 id="pgpkey-bcr">
       <title>&a.bcr.email;</title>
       &pgpkey.bcr;
     </sect2>
 
     <sect2 id="pgpkey-trhodes">
       <title>&a.trhodes.email;</title>
       &pgpkey.trhodes;
     </sect2>
 
     <sect2 id="pgpkey-benno">
       <title>&a.benno.email;</title>
       &pgpkey.benno;
     </sect2>
 
     <sect2 id="pgpkey-beech">
       <title>&a.beech.email;</title>
       &pgpkey.beech;
     </sect2>
 
     <sect2 id="pgpkey-matteo">
       <title>&a.matteo.email;</title>
       &pgpkey.matteo;
     </sect2>
 
     <sect2 id="pgpkey-roberto">
       <title>&a.roberto.email;</title>
       &pgpkey.roberto;
     </sect2>
 
     <sect2 id="pgpkey-rodrigc">
       <title>&a.rodrigc.email;</title>
       &pgpkey.rodrigc;
     </sect2>
 
     <sect2 id="pgpkey-guido">
       <title>&a.guido.email;</title>
       &pgpkey.guido;
     </sect2>
 
     <sect2 id="pgpkey-rea">
       <title>&a.rea.email;</title>
       &pgpkey.rea;
     </sect2>
 
     <sect2 id="pgpkey-ray">
       <title>&a.ray.email;</title>
       &pgpkey.ray;
     </sect2>
 
     <sect2 id="pgpkey-niklas">
       <title>&a.niklas.email;</title>
       &pgpkey.niklas;
     </sect2>
 
     <sect2 id="pgpkey-bsam">
       <title>&a.bsam.email;</title>
       &pgpkey.bsam;
     </sect2>
 
     <sect2 id="pgpkey-marks">
       <title>&a.marks.email;</title>
       &pgpkey.marks;
     </sect2>
 
     <sect2 id="pgpkey-bschmidt">
       <title>&a.bschmidt.email;</title>
       &pgpkey.bschmidt;
     </sect2>
 
     <sect2 id="pgpkey-wosch">
       <title>&a.wosch.email;</title>
       &pgpkey.wosch;
     </sect2>
 
     <sect2 id="pgpkey-ed">
       <title>&a.ed.email;</title>
       &pgpkey.ed;
     </sect2>
 
     <sect2 id="pgpkey-das">
       <title>&a.das.email;</title>
       &pgpkey.das;
     </sect2>
 
     <sect2 id="pgpkey-scheidell">
       <title>&a.scheidell.email;</title>
       &pgpkey.scheidell;
     </sect2>
 
     <sect2 id="pgpkey-schweikh">
       <title>&a.schweikh.email;</title>
       &pgpkey.schweikh;
     </sect2>
 
     <sect2 id="pgpkey-matthew">
       <title>&a.matthew.email;</title>
       &pgpkey.matthew;
+    </sect2>
+
+    <sect2 id="pgpkey-tmseck">
+      <title>&a.tmseck;</title>
+      &pgpkey.tmseck;
     </sect2>
 
     <sect2 id="pgpkey-stas">
       <title>&a.stas.email;</title>
       &pgpkey.stas;
     </sect2>
 
     <sect2 id="pgpkey-johans">
       <title>&a.johans.email;</title>
       &pgpkey.johans;
     </sect2>
 
     <sect2 id="pgpkey-bakul">
       <title>&a.bakul.email;</title>
       &pgpkey.bakul;
     </sect2>
 
     <sect2 id="pgpkey-gshapiro">
       <title>&a.gshapiro.email;</title>
       &pgpkey.gshapiro;
     </sect2>
 
     <sect2 id="pgpkey-arun">
       <title>&a.arun.email;</title>
       &pgpkey.arun;
     </sect2>
 
     <sect2 id="pgpkey-wxs">
       <title>&a.wxs.email;</title>
       &pgpkey.wxs;
     </sect2>
 
     <sect2 id="pgpkey-nork">
       <title>&a.nork.email;</title>
       &pgpkey.nork;
     </sect2>
 
     <sect2 id="pgpkey-syrinx">
       <title>&a.syrinx.email;</title>
       &pgpkey.syrinx;
     </sect2>
 
     <sect2 id="pgpkey-vanilla">
       <title>&a.vanilla.email;</title>
       &pgpkey.vanilla;
     </sect2>
 
     <sect2 id="pgpkey-ashish">
       <title>&a.ashish.email;</title>
       &pgpkey.ashish;
     </sect2>
 
     <sect2 id="pgpkey-bms">
       <title>&a.bms.email;</title>
       &pgpkey.bms;
     </sect2>
 
     <sect2 id="pgpkey-demon">
       <title>&a.demon.email;</title>
       &pgpkey.demon;
     </sect2>
 
     <sect2 id="pgpkey-jesper">
       <title>&a.jesper.email;</title>
       &pgpkey.jesper;
     </sect2>
 
     <sect2 id="pgpkey-scop">
       <title>&a.scop.email;</title>
       &pgpkey.scop;
     </sect2>
 
     <sect2 id="pgpkey-anray">
       <title>&a.anray.email;</title>
       &pgpkey.anray;
     </sect2>
 
     <sect2 id="pgpkey-flo">
       <title>&a.flo.email;</title>
       &pgpkey.flo;
     </sect2>
 
     <sect2 id="pgpkey-glebius">
       <title>&a.glebius.email;</title>
       &pgpkey.glebius;
     </sect2>
 
     <sect2 id="pgpkey-kensmith">
       <title>&a.kensmith.email;</title>
       &pgpkey.kensmith;
     </sect2>
 
     <sect2 id="pgpkey-ben">
       <title>&a.ben.email;</title>
       &pgpkey.ben;
     </sect2>
 
     <sect2 id="pgpkey-des">
       <title>&a.des.email;</title>
       &pgpkey.des;
     </sect2>
 
     <sect2 id="pgpkey-sobomax">
       <title>&a.sobomax.email;</title>
       &pgpkey.sobomax;
     </sect2>
 
     <sect2 id="pgpkey-brian">
       <title>&a.brian.email;</title>
       &pgpkey.brian;
     </sect2>
 
     <sect2 id="pgpkey-sson">
       <title>&a.sson.email;</title>
       &pgpkey.sson;
     </sect2>
 
     <sect2 id="pgpkey-nsouch">
       <title>&a.nsouch.email;</title>
       &pgpkey.nsouch;
     </sect2>
 
     <sect2 id="pgpkey-ssouhlal">
       <title>&a.ssouhlal.email;</title>
       &pgpkey.ssouhlal;
     </sect2>
 
     <sect2 id="pgpkey-uqs">
       <title>&a.uqs.email;</title>
       &pgpkey.uqs;
     </sect2>
 
     <sect2 id="pgpkey-rink">
       <title>&a.rink.email;</title>
       &pgpkey.rink;
     </sect2>
 
     <sect2 id="pgpkey-vsevolod">
       <title>&a.vsevolod.email;</title>
       &pgpkey.vsevolod;
     </sect2>
 
     <sect2 id="pgpkey-zi">
       <title>&a.zi.email;</title>
       &pgpkey.zi;
     </sect2>
 
     <sect2 id="pgpkey-rrs">
       <title>&a.rrs.email;</title>
       &pgpkey.rrs;
     </sect2>
 
     <sect2 id="pgpkey-murray">
       <title>&a.murray.email;</title>
       &pgpkey.murray;
     </sect2>
 
     <sect2 id="pgpkey-vs">
       <title>&a.vs.email;</title>
       &pgpkey.vs;
     </sect2>
 
     <sect2 id="pgpkey-rstone">
       <title>&a.rstone.email;</title>
       &pgpkey.rstone;
     </sect2>
 
     <sect2 id="pgpkey-xride">
       <title>&a.xride.email;</title>
       &pgpkey.xride;
     </sect2>
 
     <sect2 id="pgpkey-marius">
       <title>&a.marius.email;</title>
       &pgpkey.marius;
     </sect2>
 
     <sect2 id="pgpkey-cs">
       <title>&a.cs.email;</title>
       &pgpkey.cs;
     </sect2>
 
     <sect2 id="pgpkey-clsung">
       <title>&a.clsung.email;</title>
       &pgpkey.clsung;
     </sect2>
 
     <sect2 id="pgpkey-gsutter">
       <title>&a.gsutter.email;</title>
       &pgpkey.gsutter;
     </sect2>
 
     <sect2 id="pgpkey-metal">
       <title>&a.metal.email;</title>
       &pgpkey.metal;
     </sect2>
 
     <sect2 id="pgpkey-ryusuke">
       <title>&a.ryusuke.email;</title>
       &pgpkey.ryusuke;
     </sect2>
 
     <sect2 id="pgpkey-garys">
       <title>&a.garys.email;</title>
       &pgpkey.garys;
     </sect2>
 
     <sect2 id="pgpkey-nyan">
       <title>&a.nyan.email;</title>
       &pgpkey.nyan;
     </sect2>
 
     <sect2 id="pgpkey-sahil">
       <title>&a.sahil.email;</title>
       &pgpkey.sahil;
     </sect2>
 
     <sect2 id="pgpkey-tota">
       <title>&a.tota.email;</title>
       &pgpkey.tota;
     </sect2>
 
     <sect2 id="pgpkey-romain">
       <title>&a.romain.email;</title>
       &pgpkey.romain;
     </sect2>
 
     <sect2 id="pgpkey-sylvio">
       <title>&a.sylvio.email;</title>
       &pgpkey.sylvio;
     </sect2>
 
     <sect2 id="pgpkey-itetcu">
       <title>&a.itetcu.email;</title>
       &pgpkey.itetcu;
     </sect2>
 
     <sect2 id="pgpkey-mi">
       <title>&a.mi.email;</title>
       &pgpkey.mi;
     </sect2>
 
     <sect2 id="pgpkey-gordon">
       <title>&a.gordon.email;</title>
       &pgpkey.gordon;
     </sect2>
 
     <sect2 id="pgpkey-lth">
       <title>&a.lth.email;</title>
       &pgpkey.lth;
     </sect2>
 
     <sect2 id="pgpkey-jase">
       <title>&a.jase.email;</title>
       &pgpkey.jase;
     </sect2>
 
     <sect2 id="pgpkey-lx">
       <title>&a.lx.email;</title>
       &pgpkey.lx;
     </sect2>
 
     <sect2 id="pgpkey-fabient">
       <title>&a.fabient.email;</title>
       &pgpkey.fabient;
     </sect2>
 
     <sect2 id="pgpkey-thierry">
       <title>&a.thierry.email;</title>
       &pgpkey.thierry;
     </sect2>
 
     <sect2 id="pgpkey-thompsa">
       <title>&a.thompsa.email;</title>
       &pgpkey.thompsa;
     </sect2>
 
     <sect2 id="pgpkey-flz">
       <title>&a.flz.email;</title>
       &pgpkey.flz;
     </sect2>
 
     <sect2 id="pgpkey-jilles">
       <title>&a.jilles.email;</title>
       &pgpkey.jilles;
     </sect2>
 
     <sect2 id="pgpkey-ganbold">
       <title>&a.ganbold.email;</title>
       &pgpkey.ganbold;
     </sect2>
 
     <sect2 id="pgpkey-tuexen">
       <title>&a.tuexen.email;</title>
       &pgpkey.tuexen;
     </sect2>
 
     <sect2 id="pgpkey-andrew">
       <title>&a.andrew.email;</title>
       &pgpkey.andrew;
     </sect2>
 
     <sect2 id="pgpkey-ume">
       <title>&a.ume.email;</title>
       &pgpkey.ume;
     </sect2>
 
     <sect2 id="pgpkey-ups">
       <title>&a.ups.email;</title>
       &pgpkey.ups;
     </sect2>
 
     <sect2 id="pgpkey-bryanv">
       <title>&a.bryanv.email;</title>
       &pgpkey.bryanv;
     </sect2>
 
     <sect2 id="pgpkey-nectar">
       <title>&a.nectar.email;</title>
       &pgpkey.nectar;
     </sect2>
 
     <sect2 id="pgpkey-avilla">
       <title>&a.avilla.email;</title>
       &pgpkey.avilla;
     </sect2>
 
     <sect2 id="pgpkey-nivit">
       <title>&a.nivit.email;</title>
       &pgpkey.nivit;
     </sect2>
 
     <sect2 id="pgpkey-ivoras">
       <title>&a.ivoras.email;</title>
       &pgpkey.ivoras;
     </sect2>
 
     <sect2 id="pgpkey-stefan">
       <title>&a.stefan.email;</title>
       &pgpkey.stefan;
     </sect2>
 
     <sect2 id="pgpkey-kaiw">
       <title>&a.kaiw.email;</title>
       &pgpkey.kaiw;
     </sect2>
 
     <sect2 id="pgpkey-adamw">
       <title>&a.adamw.email;</title>
       &pgpkey.adamw;
     </sect2>
 
     <sect2 id="pgpkey-peter">
       <title>&a.peter.email;</title>
       &pgpkey.peter;
     </sect2>
 
     <sect2 id="pgpkey-nwhitehorn">
       <title>&a.nwhitehorn.email;</title>
       &pgpkey.nwhitehorn;
     </sect2>
 
     <sect2 id="pgpkey-miwi">
       <title>&a.miwi.email;</title>
       &pgpkey.miwi;
     </sect2>
 
     <sect2 id="pgpkey-nate">
       <title>&a.nate.email;</title>
       &pgpkey.nate;
     </sect2>
 
     <sect2 id="pgpkey-swills">
       <title>&a.swills.email;</title>
       &pgpkey.swills;
     </sect2>
 
     <sect2 id="pgpkey-twinterg">
       <title>&a.twinterg.email;</title>
       &pgpkey.twinterg;
     </sect2>
 
     <sect2 id="pgpkey-wollman">
       <title>&a.wollman.email;</title>
       &pgpkey.wollman;
     </sect2>
 
     <sect2 id="pgpkey-joerg">
       <title>&a.joerg.email;</title>
       &pgpkey.joerg;
     </sect2>
 
     <sect2 id="pgpkey-davidxu">
       <title>&a.davidxu.email;</title>
       &pgpkey.davidxu;
     </sect2>
 
     <sect2 id="pgpkey-emax">
       <title>&a.emax.email;</title>
       &pgpkey.emax;
     </sect2>
 
     <sect2 id="pgpkey-bz">
       <title>&a.bz.email;</title>
       &pgpkey.bz;
     </sect2>
 
     <sect2 id="pgpkey-zeising">
       <title>&a.zeising.email;</title>
       &pgpkey.zeising;
     </sect2>
 
     <sect2 id="pgpkey-phantom">
       <title>&a.phantom.email;</title>
       &pgpkey.phantom;
     </sect2>
 
     <sect2 id="pgpkey-sephe">
       <title>&a.sephe.email;</title>
       &pgpkey.sephe;
     </sect2>
 
     <sect2 id="pgpkey-zont">
       <title>&a.zont.email;</title>
       &pgpkey.zont;
     </sect2>
 
     <sect2 id="pgpkey-syuu">
       <title>&a.syuu.email;</title>
       &pgpkey.syuu;
     </sect2>
 
Index: projects/entities/share/pgpkeys/pgpkeys.ent
===================================================================
--- projects/entities/share/pgpkeys/pgpkeys.ent	(revision 41353)
+++ projects/entities/share/pgpkeys/pgpkeys.ent	(revision 41354)
@@ -1,416 +1,418 @@
 
 <!-- $FreeBSD$ -->
 <!-- PGP keyblocks -->
 <!ENTITY pgpkey.aaron SYSTEM "aaron.key">
 <!ENTITY pgpkey.ache SYSTEM "ache.key">
 <!ENTITY pgpkey.achim SYSTEM "achim.key">
 <!ENTITY pgpkey.acm SYSTEM "acm.key">
 <!ENTITY pgpkey.adamw SYSTEM "adamw.key">
 <!ENTITY pgpkey.ae SYSTEM "ae.key">
 <!ENTITY pgpkey.ahze SYSTEM "ahze.key">
 <!ENTITY pgpkey.ak SYSTEM "ak.key">
 <!ENTITY pgpkey.ale SYSTEM "ale.key">
 <!ENTITY pgpkey.alepulver SYSTEM "alepulver.key">
 <!ENTITY pgpkey.alex SYSTEM "alex.key">
 <!ENTITY pgpkey.alexbl SYSTEM "alexbl.key">
 <!ENTITY pgpkey.amdmi3 SYSTEM "amdmi3.key">
 <!ENTITY pgpkey.anchie SYSTEM "anchie.key">
 <!ENTITY pgpkey.anders SYSTEM "anders.key">
 <!ENTITY pgpkey.andreas SYSTEM "andreas.key">
 <!ENTITY pgpkey.andrew SYSTEM "andrew.key">
 <!ENTITY pgpkey.anholt SYSTEM "anholt.key">
 <!ENTITY pgpkey.anray SYSTEM "anray.key">
 <!ENTITY pgpkey.antoine SYSTEM "antoine.key">
 <!ENTITY pgpkey.araujo SYSTEM "araujo.key">
 <!ENTITY pgpkey.ariff SYSTEM "ariff.key">
 <!ENTITY pgpkey.art SYSTEM "art.key">
 <!ENTITY pgpkey.arun SYSTEM "arun.key">
 <!ENTITY pgpkey.arved SYSTEM "arved.key">
 <!ENTITY pgpkey.asami SYSTEM "asami.key">
 <!ENTITY pgpkey.ashish SYSTEM "ashish.key">
 <!ENTITY pgpkey.avatar SYSTEM "avatar.key">
 <!ENTITY pgpkey.avg SYSTEM "avg.key">
 <!ENTITY pgpkey.avilla SYSTEM "avilla.key">
 <!ENTITY pgpkey.avl SYSTEM "avl.key">
 <!ENTITY pgpkey.bakul SYSTEM "bakul.key">
 <!ENTITY pgpkey.bapt SYSTEM "bapt.key">
 <!ENTITY pgpkey.bar SYSTEM "bar.key">
 <!ENTITY pgpkey.barner SYSTEM "barner.key">
 <!ENTITY pgpkey.bcr SYSTEM "bcr.key">
 <!ENTITY pgpkey.bdrewery SYSTEM "bdrewery.key">
 <!ENTITY pgpkey.beat SYSTEM "beat.key">
 <!ENTITY pgpkey.beech SYSTEM "beech.key">
 <!ENTITY pgpkey.ben SYSTEM "ben.key">
 <!ENTITY pgpkey.benjsc SYSTEM "benjsc.key">
 <!ENTITY pgpkey.benno SYSTEM "benno.key">
 <!ENTITY pgpkey.bf SYSTEM "bf.key">
 <!ENTITY pgpkey.billf SYSTEM "billf.key">
 <!ENTITY pgpkey.bjk SYSTEM "bjk.key">
 <!ENTITY pgpkey.blackend SYSTEM "blackend.key">
 <!ENTITY pgpkey.bland SYSTEM "bland.key">
 <!ENTITY pgpkey.bmah SYSTEM "bmah.key">
 <!ENTITY pgpkey.bms SYSTEM "bms.key">
 <!ENTITY pgpkey.brd SYSTEM "brd.key">
 <!ENTITY pgpkey.brian SYSTEM "brian.key">
 <!ENTITY pgpkey.brix SYSTEM "brix.key">
 <!ENTITY pgpkey.brooks SYSTEM "brooks.key">
 <!ENTITY pgpkey.brucec SYSTEM "brucec.key">
 <!ENTITY pgpkey.brueffer SYSTEM "brueffer.key">
 <!ENTITY pgpkey.bruno SYSTEM "bruno.key">
 <!ENTITY pgpkey.bryanv SYSTEM "bryanv.key">
 <!ENTITY pgpkey.bsam SYSTEM "bsam.key">
 <!ENTITY pgpkey.bschmidt SYSTEM "bschmidt.key">
 <!ENTITY pgpkey.bsd SYSTEM "bsd.key">
 <!ENTITY pgpkey.bushman SYSTEM "bushman.key">
 <!ENTITY pgpkey.bvs SYSTEM "bvs.key">
 <!ENTITY pgpkey.bz SYSTEM "bz.key">
 <!ENTITY pgpkey.carl SYSTEM "carl.key">
 <!ENTITY pgpkey.cel SYSTEM "cel.key">
 <!ENTITY pgpkey.ceri SYSTEM "ceri.key">
 <!ENTITY pgpkey.cherry SYSTEM "cherry.key">
 <!ENTITY pgpkey.chinsan SYSTEM "chinsan.key">
 <!ENTITY pgpkey.cjc SYSTEM "cjc.key">
 <!ENTITY pgpkey.cjh SYSTEM "cjh.key">
 <!ENTITY pgpkey.clement SYSTEM "clement.key">
 <!ENTITY pgpkey.clive SYSTEM "clive.key">
 <!ENTITY pgpkey.clsung SYSTEM "clsung.key">
 <!ENTITY pgpkey.cokane SYSTEM "cokane.key">
 <!ENTITY pgpkey.core-secretary SYSTEM "core-secretary.key">
 <!ENTITY pgpkey.cperciva SYSTEM "cperciva.key">
 <!ENTITY pgpkey.crees SYSTEM "crees.key">
 <!ENTITY pgpkey.cs SYSTEM "cs.key">
 <!ENTITY pgpkey.cshumway SYSTEM "cshumway.key">
 <!ENTITY pgpkey.csjp SYSTEM "csjp.key">
 <!ENTITY pgpkey.culot SYSTEM "culot.key">
 <!ENTITY pgpkey.daichi SYSTEM "daichi.key">
 <!ENTITY pgpkey.damien SYSTEM "damien.key">
 <!ENTITY pgpkey.danfe SYSTEM "danfe.key">
 <!ENTITY pgpkey.danger SYSTEM "danger.key">
 <!ENTITY pgpkey.dannyboy SYSTEM "dannyboy.key">
 <!ENTITY pgpkey.das SYSTEM "das.key">
 <!ENTITY pgpkey.davide SYSTEM "davide.key">
 <!ENTITY pgpkey.davidxu SYSTEM "davidxu.key">
 <!ENTITY pgpkey.db SYSTEM "db.key">
 <!ENTITY pgpkey.dbn SYSTEM "dbn.key">
 <!ENTITY pgpkey.dchagin SYSTEM "dchagin.key">
 <!ENTITY pgpkey.dcs SYSTEM "dcs.key">
 <!ENTITY pgpkey.dd SYSTEM "dd.key">
 <!ENTITY pgpkey.decke SYSTEM "decke.key">
 <!ENTITY pgpkey.deischen SYSTEM "deischen.key">
 <!ENTITY pgpkey.delphij SYSTEM "delphij.key">
 <!ENTITY pgpkey.demon SYSTEM "demon.key">
 <!ENTITY pgpkey.den SYSTEM "den.key">
 <!ENTITY pgpkey.des SYSTEM "des.key">
 <!ENTITY pgpkey.dfr SYSTEM "dfr.key">
 <!ENTITY pgpkey.dhartmei SYSTEM "dhartmei.key">
 <!ENTITY pgpkey.dhn SYSTEM "dhn.key">
 <!ENTITY pgpkey.dim SYSTEM "dim.key">
 <!ENTITY pgpkey.dinoex SYSTEM "dinoex.key">
 <!ENTITY pgpkey.dru SYSTEM "dru.key">
 <!ENTITY pgpkey.dryice SYSTEM "dryice.key">
 <!ENTITY pgpkey.dwmalone SYSTEM "dwmalone.key">
 <!ENTITY pgpkey.eadler SYSTEM "eadler.key">
 <!ENTITY pgpkey.ebrandi SYSTEM "ebrandi.key">
 <!ENTITY pgpkey.ed SYSTEM "ed.key">
 <!ENTITY pgpkey.ehaupt SYSTEM "ehaupt.key">
 <!ENTITY pgpkey.emaste SYSTEM "emaste.key">
 <!ENTITY pgpkey.emax SYSTEM "emax.key">
 <!ENTITY pgpkey.erwin SYSTEM "erwin.key">
 <!ENTITY pgpkey.fabient SYSTEM "fabient.key">
 <!ENTITY pgpkey.fanf SYSTEM "fanf.key">
 <!ENTITY pgpkey.farrokhi SYSTEM "farrokhi.key">
 <!ENTITY pgpkey.fjoe SYSTEM "fjoe.key">
 <!ENTITY pgpkey.flo SYSTEM "flo.key">
 <!ENTITY pgpkey.fluffy SYSTEM "fluffy.key">
 <!ENTITY pgpkey.flz SYSTEM "flz.key">
 <!ENTITY pgpkey.foxfair SYSTEM "foxfair.key">
 <!ENTITY pgpkey.gabor SYSTEM "gabor.key">
 <!ENTITY pgpkey.gahr SYSTEM "gahr.key">
 <!ENTITY pgpkey.ganbold SYSTEM "ganbold.key">
 <!ENTITY pgpkey.garga SYSTEM "garga.key">
 <!ENTITY pgpkey.garys SYSTEM "garys.key">
 <!ENTITY pgpkey.gavin SYSTEM "gavin.key">
 <!ENTITY pgpkey.gblach SYSTEM "gblach.key">
 <!ENTITY pgpkey.gerald SYSTEM "gerald.key">
 <!ENTITY pgpkey.ghelmer SYSTEM "ghelmer.key">
 <!ENTITY pgpkey.gibbs SYSTEM "gibbs.key">
+<!ENTITY pgpkey.girgen SYSTEM "girgen.key">
 <!ENTITY pgpkey.gjb SYSTEM "gjb.key">
 <!ENTITY pgpkey.glarkin SYSTEM "glarkin.key">
 <!ENTITY pgpkey.glebius SYSTEM "glebius.key">
 <!ENTITY pgpkey.glewis SYSTEM "glewis.key">
 <!ENTITY pgpkey.gnn SYSTEM "gnn.key">
 <!ENTITY pgpkey.gordon SYSTEM "gordon.key">
 <!ENTITY pgpkey.green SYSTEM "green.key">
 <!ENTITY pgpkey.grehan SYSTEM "grehan.key">
 <!ENTITY pgpkey.gshapiro SYSTEM "gshapiro.key">
 <!ENTITY pgpkey.gsutter SYSTEM "gsutter.key">
 <!ENTITY pgpkey.guido SYSTEM "guido.key">
 <!ENTITY pgpkey.harti SYSTEM "harti.key">
 <!ENTITY pgpkey.hmp SYSTEM "hmp.key">
 <!ENTITY pgpkey.hq SYSTEM "hq.key">
 <!ENTITY pgpkey.hrs SYSTEM "hrs.key">
 <!ENTITY pgpkey.ijliao SYSTEM "ijliao.key">
 <!ENTITY pgpkey.imp SYSTEM "imp.key">
 <!ENTITY pgpkey.issyl0 SYSTEM "issyl0.key">
 <!ENTITY pgpkey.itetcu SYSTEM "itetcu.key">
 <!ENTITY pgpkey.ivoras SYSTEM "ivoras.key">
 <!ENTITY pgpkey.jacula SYSTEM "jacula.key">
 <!ENTITY pgpkey.jadawin SYSTEM "jadawin.key">
 <!ENTITY pgpkey.jamie SYSTEM "jamie.key">
 <!ENTITY pgpkey.jase SYSTEM "jase.key">
 <!ENTITY pgpkey.jcamou SYSTEM "jcamou.key">
 <!ENTITY pgpkey.jceel SYSTEM "jceel.key">
 <!ENTITY pgpkey.jchandra SYSTEM "jchandra.key">
 <!ENTITY pgpkey.jdp SYSTEM "jdp.key">
 <!ENTITY pgpkey.jedgar SYSTEM "jedgar.key">
 <!ENTITY pgpkey.jesper SYSTEM "jesper.key">
 <!ENTITY pgpkey.jgh SYSTEM "jgh.key">
 <!ENTITY pgpkey.jh SYSTEM "jh.key">
 <!ENTITY pgpkey.jhale SYSTEM "jhale.key">
 <!ENTITY pgpkey.jhay SYSTEM "jhay.key">
 <!ENTITY pgpkey.jhb SYSTEM "jhb.key">
 <!ENTITY pgpkey.jhibbits SYSTEM "jhibbits.key">
 <!ENTITY pgpkey.jilles SYSTEM "jilles.key">
 <!ENTITY pgpkey.jim SYSTEM "jim.key">
 <!ENTITY pgpkey.jinmei SYSTEM "jinmei.key">
 <!ENTITY pgpkey.jkh SYSTEM "jkh.key">
 <!ENTITY pgpkey.jkim SYSTEM "jkim.key">
 <!ENTITY pgpkey.jkois SYSTEM "jkois.key">
 <!ENTITY pgpkey.jkoshy SYSTEM "jkoshy.key">
 <!ENTITY pgpkey.jlaffaye SYSTEM "jlaffaye.key">
 <!ENTITY pgpkey.jlh SYSTEM "jlh.key">
 <!ENTITY pgpkey.jmb SYSTEM "jmb.key">
 <!ENTITY pgpkey.jmelo SYSTEM "jmelo.key">
 <!ENTITY pgpkey.jmg SYSTEM "jmg.key">
 <!ENTITY pgpkey.joe SYSTEM "joe.key">
 <!ENTITY pgpkey.joerg SYSTEM "joerg.key">
 <!ENTITY pgpkey.johans SYSTEM "johans.key">
 <!ENTITY pgpkey.jon SYSTEM "jon.key">
 <!ENTITY pgpkey.jonathan SYSTEM "jonathan.key">
 <!ENTITY pgpkey.josef SYSTEM "josef.key">
 <!ENTITY pgpkey.jpaetzel SYSTEM "jpaetzel.key">
 <!ENTITY pgpkey.jsa SYSTEM "jsa.key">
 <!ENTITY pgpkey.jylefort SYSTEM "jylefort.key">
 <!ENTITY pgpkey.kaiw SYSTEM "kaiw.key">
 <!ENTITY pgpkey.kan SYSTEM "kan.key">
 <!ENTITY pgpkey.kato SYSTEM "kato.key">
 <!ENTITY pgpkey.ken SYSTEM "ken.key">
 <!ENTITY pgpkey.kensmith SYSTEM "kensmith.key">
 <!ENTITY pgpkey.keramida SYSTEM "keramida.key">
 <!ENTITY pgpkey.kib SYSTEM "kib.key">
 <!ENTITY pgpkey.kmoore SYSTEM "kmoore.key">
 <!ENTITY pgpkey.knu SYSTEM "knu.key">
 <!ENTITY pgpkey.koitsu SYSTEM "koitsu.key">
 <!ENTITY pgpkey.krion SYSTEM "krion.key">
 <!ENTITY pgpkey.kris SYSTEM "kris.key">
 <!ENTITY pgpkey.kuriyama SYSTEM "kuriyama.key">
 <!ENTITY pgpkey.kwm SYSTEM "kwm.key">
 <!ENTITY pgpkey.laszlof SYSTEM "laszlof.key">
 <!ENTITY pgpkey.lawrance SYSTEM "lawrance.key">
 <!ENTITY pgpkey.lbr SYSTEM "lbr.key">
 <!ENTITY pgpkey.le SYSTEM "le.key">
 <!ENTITY pgpkey.leeym SYSTEM "leeym.key">
 <!ENTITY pgpkey.lesi SYSTEM "lesi.key">
 <!ENTITY pgpkey.linimon SYSTEM "linimon.key">
 <!ENTITY pgpkey.lioux SYSTEM "lioux.key">
 <!ENTITY pgpkey.lippe SYSTEM "lippe.key">
 <!ENTITY pgpkey.lme SYSTEM "lme.key">
 <!ENTITY pgpkey.loader SYSTEM "loader.key">
 <!ENTITY pgpkey.lofi SYSTEM "lofi.key">
 <!ENTITY pgpkey.lth SYSTEM "lth.key">
 <!ENTITY pgpkey.lulf SYSTEM "lulf.key">
 <!ENTITY pgpkey.luoqi SYSTEM "luoqi.key">
 <!ENTITY pgpkey.lwhsu SYSTEM "lwhsu.key">
 <!ENTITY pgpkey.lx SYSTEM "lx.key">
 <!ENTITY pgpkey.madpilot SYSTEM "madpilot.key">
 <!ENTITY pgpkey.maho SYSTEM "maho.key">
 <!ENTITY pgpkey.makc SYSTEM "makc.key">
 <!ENTITY pgpkey.mandree SYSTEM "mandree.key">
 <!ENTITY pgpkey.manolis SYSTEM "manolis.key">
 <!ENTITY pgpkey.marcel SYSTEM "marcel.key">
 <!ENTITY pgpkey.marck SYSTEM "marck.key">
 <!ENTITY pgpkey.marcus SYSTEM "marcus.key">
 <!ENTITY pgpkey.marius SYSTEM "marius.key">
 <!ENTITY pgpkey.markj SYSTEM "markj.key">
 <!ENTITY pgpkey.markp SYSTEM "markp.key">
 <!ENTITY pgpkey.marks SYSTEM "marks.key">
 <!ENTITY pgpkey.markus SYSTEM "markus.key">
 <!ENTITY pgpkey.martymac SYSTEM "martymac.key">
 <!ENTITY pgpkey.mat SYSTEM "mat.key">
 <!ENTITY pgpkey.matteo SYSTEM "matteo.key">
 <!ENTITY pgpkey.matthew SYSTEM "matthew.key">
 <!ENTITY pgpkey.matusita SYSTEM "matusita.key">
 <!ENTITY pgpkey.mav SYSTEM "mav.key">
 <!ENTITY pgpkey.max SYSTEM "max.key">
 <!ENTITY pgpkey.maxim SYSTEM "maxim.key">
 <!ENTITY pgpkey.mbr SYSTEM "mbr.key">
 <!ENTITY pgpkey.mdf SYSTEM "mdf.key">
 <!ENTITY pgpkey.melifaro SYSTEM "melifaro.key">
 <!ENTITY pgpkey.metal SYSTEM "metal.key">
 <!ENTITY pgpkey.mheinen SYSTEM "mheinen.key">
 <!ENTITY pgpkey.mi SYSTEM "mi.key">
 <!ENTITY pgpkey.mich SYSTEM "mich.key">
 <!ENTITY pgpkey.mikeh SYSTEM "mikeh.key">
 <!ENTITY pgpkey.miwi SYSTEM "miwi.key">
 <!ENTITY pgpkey.mjg SYSTEM "mjg.key">
 <!ENTITY pgpkey.mlaier SYSTEM "mlaier.key">
 <!ENTITY pgpkey.mm SYSTEM "mm.key">
 <!ENTITY pgpkey.mnag SYSTEM "mnag.key">
 <!ENTITY pgpkey.mp SYSTEM "mp.key">
 <!ENTITY pgpkey.mtm SYSTEM "mtm.key">
 <!ENTITY pgpkey.murray SYSTEM "murray.key">
 <!ENTITY pgpkey.mux SYSTEM "mux.key">
 <!ENTITY pgpkey.mva SYSTEM "mva.key">
 <!ENTITY pgpkey.nate SYSTEM "nate.key">
 <!ENTITY pgpkey.nectar SYSTEM "nectar.key">
 <!ENTITY pgpkey.nemoliu SYSTEM "nemoliu.key">
 <!ENTITY pgpkey.netchild SYSTEM "netchild.key">
 <!ENTITY pgpkey.niels SYSTEM "niels.key">
 <!ENTITY pgpkey.nik SYSTEM "nik.key">
 <!ENTITY pgpkey.niklas SYSTEM "niklas.key">
 <!ENTITY pgpkey.nivit SYSTEM "nivit.key">
 <!ENTITY pgpkey.njl SYSTEM "njl.key">
 <!ENTITY pgpkey.nork SYSTEM "nork.key">
 <!ENTITY pgpkey.novel SYSTEM "novel.key">
 <!ENTITY pgpkey.nox SYSTEM "nox.key">
 <!ENTITY pgpkey.np SYSTEM "np.key">
 <!ENTITY pgpkey.nsouch SYSTEM "nsouch.key">
 <!ENTITY pgpkey.nwhitehorn SYSTEM "nwhitehorn.key">
 <!ENTITY pgpkey.nyan SYSTEM "nyan.key">
 <!ENTITY pgpkey.obraun SYSTEM "obraun.key">
 <!ENTITY pgpkey.obrien SYSTEM "obrien.key">
 <!ENTITY pgpkey.ohauer SYSTEM "ohauer.key">
 <!ENTITY pgpkey.oleg SYSTEM "oleg.key">
 <!ENTITY pgpkey.olgeni SYSTEM "olgeni.key">
 <!ENTITY pgpkey.olivierd SYSTEM "olivierd.key">
 <!ENTITY pgpkey.patrick SYSTEM "patrick.key">
 <!ENTITY pgpkey.paul SYSTEM "paul.key">
 <!ENTITY pgpkey.pav SYSTEM "pav.key">
 <!ENTITY pgpkey.pclin SYSTEM "pclin.key">
 <!ENTITY pgpkey.peadar SYSTEM "peadar.key">
 <!ENTITY pgpkey.perky SYSTEM "perky.key">
 <!ENTITY pgpkey.petef SYSTEM "petef.key">
 <!ENTITY pgpkey.peter SYSTEM "peter.key">
 <!ENTITY pgpkey.peterj SYSTEM "peterj.key">
 <!ENTITY pgpkey.pfg SYSTEM "pfg.key">
 <!ENTITY pgpkey.pgj SYSTEM "pgj.key">
 <!ENTITY pgpkey.pgollucci SYSTEM "pgollucci.key">
 <!ENTITY pgpkey.phantom SYSTEM "phantom.key">
 <!ENTITY pgpkey.philip SYSTEM "philip.key">
 <!ENTITY pgpkey.phk SYSTEM "phk.key">
 <!ENTITY pgpkey.pho SYSTEM "pho.key">
 <!ENTITY pgpkey.pirzyk SYSTEM "pirzyk.key">
 <!ENTITY pgpkey.pjd SYSTEM "pjd.key">
 <!ENTITY pgpkey.pluknet SYSTEM "pluknet.key">
 <!ENTITY pgpkey.portmgr-secretary SYSTEM "portmgr-secretary.key">
 <!ENTITY pgpkey.rafan SYSTEM "rafan.key">
 <!ENTITY pgpkey.rakuco SYSTEM "rakuco.key">
 <!ENTITY pgpkey.ray SYSTEM "ray.key">
 <!ENTITY pgpkey.rdivacky SYSTEM "rdivacky.key">
 <!ENTITY pgpkey.rea SYSTEM "rea.key">
 <!ENTITY pgpkey.rees SYSTEM "rees.key">
 <!ENTITY pgpkey.remko SYSTEM "remko.key">
 <!ENTITY pgpkey.rene SYSTEM "rene.key">
 <!ENTITY pgpkey.rich SYSTEM "rich.key">
 <!ENTITY pgpkey.rik SYSTEM "rik.key">
 <!ENTITY pgpkey.rink SYSTEM "rink.key">
 <!ENTITY pgpkey.rm SYSTEM "rm.key">
 <!ENTITY pgpkey.rmacklem SYSTEM "rmacklem.key">
 <!ENTITY pgpkey.rmh SYSTEM "rmh.key">
 <!ENTITY pgpkey.rnoland SYSTEM "rnoland.key">
 <!ENTITY pgpkey.roam SYSTEM "roam.key">
 <!ENTITY pgpkey.roberto SYSTEM "roberto.key">
 <!ENTITY pgpkey.rodrigc SYSTEM "rodrigc.key">
 <!ENTITY pgpkey.romain SYSTEM "romain.key">
 <!ENTITY pgpkey.rpaulo SYSTEM "rpaulo.key">
 <!ENTITY pgpkey.rrs SYSTEM "rrs.key">
 <!ENTITY pgpkey.rstone SYSTEM "rstone.key">
 <!ENTITY pgpkey.ru SYSTEM "ru.key">
 <!ENTITY pgpkey.rushani SYSTEM "rushani.key">
 <!ENTITY pgpkey.ryusuke SYSTEM "ryusuke.key">
 <!ENTITY pgpkey.sahil SYSTEM "sahil.key">
 <!ENTITY pgpkey.sam SYSTEM "sam.key">
 <!ENTITY pgpkey.sanpei SYSTEM "sanpei.key">
 <!ENTITY pgpkey.sat SYSTEM "sat.key">
 <!ENTITY pgpkey.sbruno SYSTEM "sbruno.key">
 <!ENTITY pgpkey.sbz SYSTEM "sbz.key">
 <!ENTITY pgpkey.scheidell SYSTEM "scheidell.key">
 <!ENTITY pgpkey.schweikh SYSTEM "schweikh.key">
 <!ENTITY pgpkey.scop SYSTEM "scop.key">
 <!ENTITY pgpkey.scottl SYSTEM "scottl.key">
 <!ENTITY pgpkey.seanc SYSTEM "seanc.key">
 <!ENTITY pgpkey.security-officer SYSTEM "security-officer.key">
 <!ENTITY pgpkey.sem SYSTEM "sem.key">
 <!ENTITY pgpkey.sephe SYSTEM "sephe.key">
 <!ENTITY pgpkey.sepotvin SYSTEM "sepotvin.key">
 <!ENTITY pgpkey.sergei SYSTEM "sergei.key">
 <!ENTITY pgpkey.shaun SYSTEM "shaun.key">
 <!ENTITY pgpkey.sheldonh SYSTEM "sheldonh.key">
 <!ENTITY pgpkey.simon SYSTEM "simon.key">
 <!ENTITY pgpkey.sjg SYSTEM "sjg.key">
 <!ENTITY pgpkey.skreuzer SYSTEM "skreuzer.key">
 <!ENTITY pgpkey.snb SYSTEM "snb.key">
 <!ENTITY pgpkey.sobomax SYSTEM "sobomax.key">
 <!ENTITY pgpkey.sson SYSTEM "sson.key">
 <!ENTITY pgpkey.ssouhlal SYSTEM "ssouhlal.key">
 <!ENTITY pgpkey.stas SYSTEM "stas.key">
 <!ENTITY pgpkey.stefan SYSTEM "stefan.key">
 <!ENTITY pgpkey.stefanf SYSTEM "stefanf.key">
 <!ENTITY pgpkey.stephane SYSTEM "stephane.key">
 <!ENTITY pgpkey.stephen SYSTEM "stephen.key">
 <!ENTITY pgpkey.sunpoet SYSTEM "sunpoet.key">
 <!ENTITY pgpkey.swills SYSTEM "swills.key">
 <!ENTITY pgpkey.sylvio SYSTEM "sylvio.key">
 <!ENTITY pgpkey.syrinx SYSTEM "syrinx.key">
 <!ENTITY pgpkey.syuu SYSTEM "syuu.key">
 <!ENTITY pgpkey.tabthorpe SYSTEM "tabthorpe.key">
 <!ENTITY pgpkey.taras SYSTEM "taras.key">
 <!ENTITY pgpkey.tdb SYSTEM "tdb.key">
 <!ENTITY pgpkey.theraven SYSTEM "theraven.key">
 <!ENTITY pgpkey.thierry SYSTEM "thierry.key">
 <!ENTITY pgpkey.thomas SYSTEM "thomas.key">
 <!ENTITY pgpkey.thompsa SYSTEM "thompsa.key">
 <!ENTITY pgpkey.tijl SYSTEM "tijl.key">
 <!ENTITY pgpkey.timur SYSTEM "timur.key">
 <!ENTITY pgpkey.tj SYSTEM "tj.key">
 <!ENTITY pgpkey.tmclaugh SYSTEM "tmclaugh.key">
 <!ENTITY pgpkey.tmm SYSTEM "tmm.key">
+<!ENTITY pgpkey.tmseck SYSTEM "tmseck.key">
 <!ENTITY pgpkey.tobez SYSTEM "tobez.key">
 <!ENTITY pgpkey.tota SYSTEM "tota.key">
 <!ENTITY pgpkey.trasz SYSTEM "trasz.key">
 <!ENTITY pgpkey.trevor SYSTEM "trevor.key">
 <!ENTITY pgpkey.trhodes SYSTEM "trhodes.key">
 <!ENTITY pgpkey.tuexen SYSTEM "tuexen.key">
 <!ENTITY pgpkey.twinterg SYSTEM "twinterg.key">
 <!ENTITY pgpkey.ue SYSTEM "ue.key">
 <!ENTITY pgpkey.ume SYSTEM "ume.key">
 <!ENTITY pgpkey.ups SYSTEM "ups.key">
 <!ENTITY pgpkey.uqs SYSTEM "uqs.key">
 <!ENTITY pgpkey.vanilla SYSTEM "vanilla.key">
 <!ENTITY pgpkey.vd SYSTEM "vd.key">
 <!ENTITY pgpkey.versus SYSTEM "versus.key">
 <!ENTITY pgpkey.viny SYSTEM "viny.key">
 <!ENTITY pgpkey.vkashyap SYSTEM "vkashyap.key">
 <!ENTITY pgpkey.vs SYSTEM "vs.key">
 <!ENTITY pgpkey.vsevolod SYSTEM "vsevolod.key">
 <!ENTITY pgpkey.wblock SYSTEM "wblock.key">
 <!ENTITY pgpkey.wen SYSTEM "wen.key">
 <!ENTITY pgpkey.weongyo SYSTEM "weongyo.key">
 <!ENTITY pgpkey.wes SYSTEM "wes.key">
 <!ENTITY pgpkey.wilko SYSTEM "wilko.key">
 <!ENTITY pgpkey.will SYSTEM "will.key">
 <!ENTITY pgpkey.wkoszek SYSTEM "wkoszek.key">
 <!ENTITY pgpkey.wollman SYSTEM "wollman.key">
 <!ENTITY pgpkey.wosch SYSTEM "wosch.key">
 <!ENTITY pgpkey.wxs SYSTEM "wxs.key">
 <!ENTITY pgpkey.xride SYSTEM "xride.key">
 <!ENTITY pgpkey.yoichi SYSTEM "yoichi.key">
 <!ENTITY pgpkey.yzlin SYSTEM "yzlin.key">
 <!ENTITY pgpkey.zack SYSTEM "zack.key">
 <!ENTITY pgpkey.zeising SYSTEM "zeising.key">
 <!ENTITY pgpkey.zi SYSTEM "zi.key">
 <!ENTITY pgpkey.zml SYSTEM "zml.key">
 <!ENTITY pgpkey.zont SYSTEM "zont.key">
 <!ENTITY section.pgpkeys-core		SYSTEM "pgpkeys-core.xml">
 <!ENTITY section.pgpkeys-developers	SYSTEM "pgpkeys-developers.xml">
 <!ENTITY section.pgpkeys-officers	SYSTEM "pgpkeys-officers.xml">
Index: projects/entities/share/pgpkeys/tmseck.key
===================================================================
--- projects/entities/share/pgpkeys/tmseck.key	(nonexistent)
+++ projects/entities/share/pgpkeys/tmseck.key	(revision 41354)
@@ -0,0 +1,49 @@
+<!-- $FreeBSD$ -->
+<!--
+sh addkey.sh tmseck DF46EE05;
+-->
+<programlisting role="pgpfingerprint"><![CDATA[
+pub   1024D/DF46EE05 2000-11-22
+      Key fingerprint = A38F AE66 6B11 6EB9 5D1A  B67D 2444 2FE1 DF46 EE05
+uid                  Thomas-Martin Seck (Privat 2) <tmseck@netcologne.de>
+uid                  Thomas-Martin Seck (Privat) <tmseck@web.de>
+uid                  Thomas-Martin Seck (FreeBSD) <tmseck@FreeBSD.org>
+sub   2048g/3DC33B0F 2000-11-22
+]]></programlisting>
+<programlisting role="pgpkey"><![CDATA[
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGhBDocG/ERBAC6QZ2lUZYVTAqov7yLfcDY6CFKncdQH1k0aV65fME1va1nelTy
+qIE9+1unTXyFCTY8ZWhlrgblwH7oSHkVgk+WOOcBVEYvjY9n3Y5reNqKV3Qj3gYH
+GzSheBeRvgDgKKF0kaG01sQby7zneJMDepy4JkuMiXqc+S9nM75Gf7naawCg+viP
+cLaa0z0UzbO341zHTgerHacD901GiZS6SgHrjmGKorhmul/CPyIN5OIdbt9YJANh
+/R+w8c1XCgbmuHS0gCHiyYG1Sy1rRhbptlqWxEhJjZSud3Ne2Hxh16IUFhTrFqr3
+xgkH6FiGw+a0tD6Jk44UBsbdgNcU7Qr424phgga4yDYjn+lDW0RkO89ElhHZsrLj
+uGkD/1Ela0htkQoWgZW0I0XO+LNBsnuxPwqqG3vM1VLhSzrFH0CHKeQqYt9iHV/M
+eD1KIdIXzoPBfRbFLM1ktE/3AlomrgXp9WtxfXhzWNcWFzYLUajAxlGYD2wT+3H7
+Tpm1/hKQcJJG2xMRCyeZcOf+pTWaqCbLLTsy0G+MY/j5Rug1tDRUaG9tYXMtTWFy
+dGluIFNlY2sgKFByaXZhdCAyKSA8dG1zZWNrQG5ldGNvbG9nbmUuZGU+iGIEExEC
+ABoFCwcKAwQDFQMCAxYCAQIXgAUCQR+T+AIZAQASB2VHUEcAAQEJECREL+HfRu4F
+hQsAoIYCMipK3ugbNfOUW+1BMpPiNnm8AJ9kyX6rm8M8Doj/qCKJF36gxrTo/7Qr
+VGhvbWFzLU1hcnRpbiBTZWNrIChQcml2YXQpIDx0bXNlY2tAd2ViLmRlPohfBBMR
+AgAXBQI6HBvxBQsHCgMEAxUDAgMWAgECF4AAEgkQJEQv4d9G7gUHZUdQRwABAbOv
+AJ4y63dcgJXV9Vcw0SUMdJ66IK7d6ACgzX0WCMIVWiNBey1/ZHOgHaE5Kku0MVRo
+b21hcy1NYXJ0aW4gU2VjayAoRnJlZUJTRCkgPHRtc2Vja0BGcmVlQlNELm9yZz6I
+YgQTEQIAIgUCUTZfLgIbIwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJEQv
+4d9G7gUH7wCfUxSv8PJY/gF8wYEY9xC2YJdK9yQAnjOz54d/B3GGMsBiAKzM8qZT
+zTXruQINBDocHF0QCACoDJirnOAYUdRKgOpFrDupOuSPexu6Dz6WRxV1hNwaAajD
+lmgHK+7W8Yb0wd+8bKASi7aonkbZOhRfkJ5DbrjgqNGyJjCRHgqGboyGyR9Mezyc
+W5kNLNWhwtBiBU/5zExgSQaQKHOvQeFXIfa9gJQy9hn4qMAXs80jvns1siNwbQHn
+TKRP35G7FI69FS5tBfEFata3qyhv2KP2yxlRyTv532yq2k1di07vXKEiS/UrbFJ7
+tRpO+cfXy0iXADtRMPt4EMeBffmDI7B2DS75Hn3RArKjk9/8AvuFLbkgbdEzvsB4
+l706H+ziB7X9YmDDkKFpMW/SONbCWETrjK7KP0wnAAQLB/94xzi6sqLcJhVp4QBH
+ekzCYoxrUmlb+wH8DerIftT4S2BpV6cF2vVD2KfmDpwmZ3MaF83OvaT7dcZ8fZ1r
+1afkqIpXdwjI70c3cKOAnrZkVZAma6E9EYvi1Ww8mxLJ+ClvWh7fVpQmppqJMfdM
+ZgU5egCYliv/QQGp+SyNXNOkfttIsA8EWruJo/33nAvG0bqzwh7X+SQsK4MVidD1
+7/5srXHMlBN5zBqRaRq0lakpT8xDlB2NqlQTMb6wnHscV3ZqUzaszEXvhXnUwSPr
+a820urDh6o/hnsF/VH7gCJmkkVV7Ei1MjIp8H6Zs0A8se/XlYlf5OlZB8chqJ+mP
+r2tuiE0EGBECAAYFAjocHF0AEgkQJEQv4d9G7gUHZUdQRwABAZtlAJdyRMT4dZ2D
+wiimJm8jZ2BOhV/UAKCBrBb3jVIe9FUC3JpwMajuZ1gbSg==
+=p6Le
+-----END PGP PUBLIC KEY BLOCK-----
+]]></programlisting>

Property changes on: projects/entities/share/pgpkeys/tmseck.key
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/entities/share/security/advisories/FreeBSD-SA-13:01.bind.asc
===================================================================
--- projects/entities/share/security/advisories/FreeBSD-SA-13:01.bind.asc	(nonexistent)
+++ projects/entities/share/security/advisories/FreeBSD-SA-13:01.bind.asc	(revision 41354)
@@ -0,0 +1,122 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:01.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND remote DoS with deliberately crafted DNS64 query
+
+Category:       contrib
+Module:         bind
+Announced:      2013-02-19
+Affects:        FreeBSD 9.x and later
+Corrected:      2013-01-08 09:05:09 UTC (stable/9, 9.1-STABLE)
+                2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
+                2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
+CVE Name:       CVE-2012-5688
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+DNS64 is an IPv6 transition mechanism that will return a synthesized
+AAAA response even if there is only an A record available.
+
+II.  Problem Description
+
+Due to a software defect a crafted query can cause named(8) to crash
+with an assertion failure.
+
+III. Impact
+
+If named(8) is configured to use DNS64, an attacker who can send it a
+query can cause named(8) to crash, resulting in a denial of service.
+
+IV.  Workaround
+
+No workaround is available, but systems not configured to use DNS64
+using the "dns64" configuration statement are not vulnerable.  DNS64
+is not enabled in the default configuration on FreeBSD.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart the named(8) daemon, or reboot your system.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:01/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:01/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named(8) daemon, or reboot your system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart the named(8) daemon, or reboot your system.
+
+4) Alternatively, install and run BIND from the Ports Collection after
+the correction date.  The following versions and newer versions of
+BIND installed from the Ports Collection are not affected by this
+vulnerability:
+
+        bind98-9.8.4.1
+        bind99-9.9.2.1
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r245163
+releng/9.0/                                                       r246989
+releng/9.1/                                                       r246989
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://kb.isc.org/article/AA-00828
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:01.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAlEjf8MACgkQFdaIBMps37JUigCeIvjGL59H2froSeFqfPvlzM7L
+XpAAni7nW5GZt4AE3eSDQwE4ivCne6SK
+=Rxq4
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/advisories/FreeBSD-SA-13:01.bind.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/advisories/FreeBSD-SA-13:02.libc.asc
===================================================================
--- projects/entities/share/security/advisories/FreeBSD-SA-13:02.libc.asc	(nonexistent)
+++ projects/entities/share/security/advisories/FreeBSD-SA-13:02.libc.asc	(revision 41354)
@@ -0,0 +1,114 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:02.libc                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          glob(3) related resource exhaustion
+
+Category:       core
+Module:         libc
+Announced:      2013-02-19
+Affects:        All supported versions of FreeBSD.
+Corrected:      2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
+                2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
+                2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
+                2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
+                2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
+                2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
+                2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
+CVE Name:       CVE-2010-2632
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The glob(3) function is a pathname generator that implements the rules for
+file name pattern matching used by the shell.
+
+II.  Problem Description
+
+GLOB_LIMIT is supposed to limit the number of paths to prevent against
+memory or CPU attacks.  The implementation however is insufficient.
+
+III. Impact
+
+An attacker that is able to exploit this vulnerability could cause excessive
+memory or CPU usage, resulting in a Denial of Service.  A common target for
+a remote attacker could be ftpd(8).
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc
+# gpg --verify libc.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r246357
+releng/7.4/                                                       r246989
+stable/8/                                                         r246357
+releng/8.3/                                                       r246989
+stable/9/                                                         r246357
+releng/9.0/                                                       r246989
+releng/9.1/                                                       r246989
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv
+z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4
+=mCPv
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/advisories/FreeBSD-SA-13:02.libc.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
===================================================================
--- projects/entities/share/security/advisories/FreeBSD-SA-13:03.openssl.asc	(nonexistent)
+++ projects/entities/share/security/advisories/FreeBSD-SA-13:03.openssl.asc	(revision 41354)
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:03.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL multiple vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2013-04-02
+Affects:        All supported versions of FreeBSD.
+Corrected:      2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE)
+                2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7)
+                2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE)
+                2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+                2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name:       CVE-2013-0166, CVE-2013-0169
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+A flaw in the OpenSSL handling of OCSP response verification could be exploited
+to cause a denial of service attack.  [CVE-2013-0166]
+
+OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and
+DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169]
+
+III. Impact
+
+The Denial of Service could be caused in the OpenSSL server application by
+using an invalid key. [CVE-2013-0166]
+
+A remote attacker could recover sensitive information by conducting
+an attack via statistical analysis of timing data with crafted packets.
+[CVE-2013-0169]
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated dated after the correction
+date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 8.3 and 9.0]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+[FreeBSD 9.1]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc
+# gpg --verify openssl-9.1.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the all deamons using the library, or reboot your the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r248057
+releng/8.3/                                                       r249029
+stable/9/                                                         r248272
+releng/9.0/                                                       r249029
+releng/9.1/                                                       r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+CVE Name:       
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P
+4RMAn22ppeZnRVfje8up3cyOx/D8CCmI
+=rQqV
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/advisories/FreeBSD-SA-13:04.bind.asc
===================================================================
--- projects/entities/share/security/advisories/FreeBSD-SA-13:04.bind.asc	(nonexistent)
+++ projects/entities/share/security/advisories/FreeBSD-SA-13:04.bind.asc	(revision 41354)
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:04.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND remote denial of service
+
+Category:       contrib
+Module:         bind
+Announced:      2013-04-02
+Credits:        Matthew Horsfall of Dyn, Inc.
+Affects:        FreeBSD 8.4-BETA1 and FreeBSD 9.x
+Corrected:      2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)
+                2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)
+                2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+                2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name:       CVE-2013-2266
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.  The libdns
+library is a library of DNS protocol support functions.
+
+II.  Problem Description
+
+A flaw in a library used by BIND allows an attacker to deliberately
+cause excessive memory consumption by the named(8) process.  This
+affects both recursive and authoritative servers.
+
+III. Impact
+
+A remote attacker can cause the named(8) daemon to consume all available
+memory and crash, resulting in a denial of service.  Applications linked
+with the libdns library, for instance dig(1), may also be affected.
+
+IV.  Workaround
+
+No workaround is available, but systems not running named(8) service
+and not using base system DNS utilities are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named daemon, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r248807
+stable/9/                                                         r248808
+releng/9.0/                                                       r249029
+releng/9.1/                                                       r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://kb.isc.org/article/AA-00871
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu
+1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI
+=BX1M
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/advisories/FreeBSD-SA-13:04.bind.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:01/bind.patch
===================================================================
--- projects/entities/share/security/patches/SA-13:01/bind.patch	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:01/bind.patch	(revision 41354)
@@ -0,0 +1,18 @@
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c
++++ contrib/bind9/bin/named/query.c
+@@ -5183,10 +5183,12 @@
+ 	isc_result_t result;
+ 	isc_uint32_t ttl = ISC_UINT32_MAX;
+ 
++	dns_rdataset_init(&rdataset);
++
+ 	result = dns_db_getoriginnode(db, &node);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+-	dns_rdataset_init(&rdataset);
++
+ 	result = dns_db_findrdataset(db, node, version, dns_rdatatype_soa,
+ 				     0, 0, &rdataset, NULL);
+ 	if (result != ISC_R_SUCCESS)

Property changes on: projects/entities/share/security/patches/SA-13:01/bind.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:01/bind.patch.asc
===================================================================
--- projects/entities/share/security/patches/SA-13:01/bind.patch.asc	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:01/bind.patch.asc	(revision 41354)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAlEjf/cACgkQFdaIBMps37LjHwCfQ0g0m9lvCY/AZmzYq6NfupNU
+cjQAn1ovam14yAE0+WT3FAhOM0lr7INw
+=gwXh
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/patches/SA-13:01/bind.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:02/libc.patch
===================================================================
--- projects/entities/share/security/patches/SA-13:02/libc.patch	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:02/libc.patch	(revision 41354)
@@ -0,0 +1,215 @@
+Index: lib/libc/gen/glob.c
+===================================================================
+--- lib/libc/gen/glob.c	(revision 246357)
++++ lib/libc/gen/glob.c	(working copy)
+@@ -94,6 +94,25 @@ __FBSDID("$FreeBSD$");
+ 
+ #include "collate.h"
+ 
++/*
++ * glob(3) expansion limits. Stop the expansion if any of these limits
++ * is reached. This caps the runtime in the face of DoS attacks. See
++ * also CVE-2010-2632
++ */
++#define	GLOB_LIMIT_BRACE	128	/* number of brace calls */
++#define	GLOB_LIMIT_PATH		65536	/* number of path elements */
++#define	GLOB_LIMIT_READDIR	16384	/* number of readdirs */
++#define	GLOB_LIMIT_STAT		1024	/* number of stat system calls */
++#define	GLOB_LIMIT_STRING	ARG_MAX	/* maximum total size for paths */
++
++struct glob_limit {
++	size_t	l_brace_cnt;
++	size_t	l_path_lim;
++	size_t	l_readdir_cnt;	
++	size_t	l_stat_cnt;	
++	size_t	l_string_cnt;
++};
++
+ #define	DOLLAR		'$'
+ #define	DOT		'.'
+ #define	EOS		'\0'
+@@ -153,15 +172,18 @@ static const Char *g_strchr(const Char *, wchar_t)
+ static Char	*g_strcat(Char *, const Char *);
+ #endif
+ static int	 g_stat(Char *, struct stat *, glob_t *);
+-static int	 glob0(const Char *, glob_t *, size_t *);
+-static int	 glob1(Char *, glob_t *, size_t *);
+-static int	 glob2(Char *, Char *, Char *, Char *, glob_t *, size_t *);
+-static int	 glob3(Char *, Char *, Char *, Char *, Char *, glob_t *, size_t *);
+-static int	 globextend(const Char *, glob_t *, size_t *);
+-static const Char *	
++static int	 glob0(const Char *, glob_t *, struct glob_limit *);
++static int	 glob1(Char *, glob_t *, struct glob_limit *);
++static int	 glob2(Char *, Char *, Char *, Char *, glob_t *,
++    struct glob_limit *);
++static int	 glob3(Char *, Char *, Char *, Char *, Char *, glob_t *,
++    struct glob_limit *);
++static int	 globextend(const Char *, glob_t *, struct glob_limit *);
++static const Char *
+ 		 globtilde(const Char *, Char *, size_t, glob_t *);
+-static int	 globexp1(const Char *, glob_t *, size_t *);
+-static int	 globexp2(const Char *, const Char *, glob_t *, int *, size_t *);
++static int	 globexp1(const Char *, glob_t *, struct glob_limit *);
++static int	 globexp2(const Char *, const Char *, glob_t *, int *,
++    struct glob_limit *);
+ static int	 match(Char *, Char *, Char *);
+ #ifdef DEBUG
+ static void	 qprintf(const char *, Char *);
+@@ -171,8 +193,8 @@ int
+ glob(const char * __restrict pattern, int flags,
+ 	 int (*errfunc)(const char *, int), glob_t * __restrict pglob)
+ {
++	struct glob_limit limit = { 0, 0, 0, 0, 0 };
+ 	const char *patnext;
+-	size_t limit;
+ 	Char *bufnext, *bufend, patbuf[MAXPATHLEN], prot;
+ 	mbstate_t mbs;
+ 	wchar_t wc;
+@@ -186,11 +208,10 @@ glob(const char * __restrict pattern, int flags,
+ 			pglob->gl_offs = 0;
+ 	}
+ 	if (flags & GLOB_LIMIT) {
+-		limit = pglob->gl_matchc;
+-		if (limit == 0)
+-			limit = ARG_MAX;
+-	} else
+-		limit = 0;
++		limit.l_path_lim = pglob->gl_matchc;
++		if (limit.l_path_lim == 0)
++			limit.l_path_lim = GLOB_LIMIT_PATH;
++	}
+ 	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ 	pglob->gl_errfunc = errfunc;
+ 	pglob->gl_matchc = 0;
+@@ -243,11 +264,17 @@ glob(const char * __restrict pattern, int flags,
+  * characters
+  */
+ static int
+-globexp1(const Char *pattern, glob_t *pglob, size_t *limit)
++globexp1(const Char *pattern, glob_t *pglob, struct glob_limit *limit)
+ {
+ 	const Char* ptr = pattern;
+ 	int rv;
+ 
++	if ((pglob->gl_flags & GLOB_LIMIT) &&
++	    limit->l_brace_cnt++ >= GLOB_LIMIT_BRACE) {
++		errno = 0;
++		return (GLOB_NOSPACE);
++	}
++
+ 	/* Protect a single {}, for find(1), like csh */
+ 	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+ 		return glob0(pattern, pglob, limit);
+@@ -266,7 +293,8 @@ static int
+  * If it fails then it tries to glob the rest of the pattern and returns.
+  */
+ static int
+-globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv, size_t *limit)
++globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv,
++    struct glob_limit *limit)
+ {
+ 	int     i;
+ 	Char   *lm, *ls;
+@@ -436,7 +464,7 @@ globtilde(const Char *pattern, Char *patbuf, size_
+  * if things went well, nonzero if errors occurred.
+  */
+ static int
+-glob0(const Char *pattern, glob_t *pglob, size_t *limit)
++glob0(const Char *pattern, glob_t *pglob, struct glob_limit *limit)
+ {
+ 	const Char *qpatnext;
+ 	int err;
+@@ -529,7 +557,7 @@ compare(const void *p, const void *q)
+ }
+ 
+ static int
+-glob1(Char *pattern, glob_t *pglob, size_t *limit)
++glob1(Char *pattern, glob_t *pglob, struct glob_limit *limit)
+ {
+ 	Char pathbuf[MAXPATHLEN];
+ 
+@@ -547,7 +575,7 @@ static int
+  */
+ static int
+ glob2(Char *pathbuf, Char *pathend, Char *pathend_last, Char *pattern,
+-      glob_t *pglob, size_t *limit)
++      glob_t *pglob, struct glob_limit *limit)
+ {
+ 	struct stat sb;
+ 	Char *p, *q;
+@@ -563,6 +591,15 @@ glob2(Char *pathbuf, Char *pathend, Char *pathend_
+ 			if (g_lstat(pathbuf, &sb, pglob))
+ 				return(0);
+ 
++			if ((pglob->gl_flags & GLOB_LIMIT) &&
++			    limit->l_stat_cnt++ >= GLOB_LIMIT_STAT) {
++				errno = 0;
++				if (pathend + 1 > pathend_last)
++					return (GLOB_ABORTED);
++				*pathend++ = SEP;
++				*pathend = EOS;
++				return (GLOB_NOSPACE);
++			}
+ 			if (((pglob->gl_flags & GLOB_MARK) &&
+ 			    pathend[-1] != SEP) && (S_ISDIR(sb.st_mode)
+ 			    || (S_ISLNK(sb.st_mode) &&
+@@ -606,7 +643,7 @@ glob2(Char *pathbuf, Char *pathend, Char *pathend_
+ static int
+ glob3(Char *pathbuf, Char *pathend, Char *pathend_last,
+       Char *pattern, Char *restpattern,
+-      glob_t *pglob, size_t *limit)
++      glob_t *pglob, struct glob_limit *limit)
+ {
+ 	struct dirent *dp;
+ 	DIR *dirp;
+@@ -652,6 +689,19 @@ glob3(Char *pathbuf, Char *pathend, Char *pathend_
+ 		size_t clen;
+ 		mbstate_t mbs;
+ 
++		if ((pglob->gl_flags & GLOB_LIMIT) &&
++		    limit->l_readdir_cnt++ >= GLOB_LIMIT_READDIR) {
++			errno = 0;
++			if (pathend + 1 > pathend_last)
++				err = GLOB_ABORTED;
++			else {
++				*pathend++ = SEP;
++				*pathend = EOS;
++				err = GLOB_NOSPACE;
++			}
++			break;
++		}
++
+ 		/* Initial DOT must be matched literally. */
+ 		if (dp->d_name[0] == DOT && *pattern != DOT)
+ 			continue;
+@@ -702,14 +752,15 @@ glob3(Char *pathbuf, Char *pathend, Char *pathend_
+  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+  */
+ static int
+-globextend(const Char *path, glob_t *pglob, size_t *limit)
++globextend(const Char *path, glob_t *pglob, struct glob_limit *limit)
+ {
+ 	char **pathv;
+ 	size_t i, newsize, len;
+ 	char *copy;
+ 	const Char *p;
+ 
+-	if (*limit && pglob->gl_pathc > *limit) {
++	if ((pglob->gl_flags & GLOB_LIMIT) &&
++	    pglob->gl_matchc > limit->l_path_lim) {
+ 		errno = 0;
+ 		return (GLOB_NOSPACE);
+ 	}
+@@ -737,6 +788,12 @@ static int
+ 	for (p = path; *p++;)
+ 		continue;
+ 	len = MB_CUR_MAX * (size_t)(p - path);	/* XXX overallocation */
++	limit->l_string_cnt += len;
++	if ((pglob->gl_flags & GLOB_LIMIT) &&
++	    limit->l_string_cnt >= GLOB_LIMIT_STRING) {
++		errno = 0;
++		return (GLOB_NOSPACE);
++	}
+ 	if ((copy = malloc(len)) != NULL) {
+ 		if (g_Ctoc(path, copy, len)) {
+ 			free(copy);

Property changes on: projects/entities/share/security/patches/SA-13:02/libc.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:02/libc.patch.asc
===================================================================
--- projects/entities/share/security/patches/SA-13:02/libc.patch.asc	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:02/libc.patch.asc	(revision 41354)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAlEjf/0ACgkQFdaIBMps37Kw1ACfX+M73KQtFkdrAhFWVyVm2G44
+DLYAn2SoJT4c98Frj75ttappPsvFDgVk
+=H9Gv
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/patches/SA-13:02/libc.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+True
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch
===================================================================
--- projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch	(revision 41354)
@@ -0,0 +1,3891 @@
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES	(revision 248771)
++++ crypto/openssl/CHANGES	(working copy)
+@@ -2,6 +2,35 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
++
++  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++     This addresses the flaw in CBC record processing discovered by 
++     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++     at: http://www.isg.rhul.ac.uk/tls/     
++
++     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++     Security Group at Royal Holloway, University of London
++     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++     Emilia Käsper for the initial patch.
++     (CVE-2013-0169)
++     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++  *) Return an error when checking OCSP signatures when key is NULL.
++     This fixes a DoS attack. (CVE-2013-0166)
++     [Steve Henson]
++
++  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++     the right response is stapled. Also change SSL_get_certificate()
++     so it returns the certificate actually sent.
++     See http://rt.openssl.org/Ticket/Display.html?id=2836.
++     (This is a backport)
++     [Rob Stradling <rob.stradling@comodo.com>]
++
++  *) Fix possible deadlock when decoding public keys.
++     [Steve Henson]
++
+  Changes between 0.9.8w and 0.9.8x [10 May 2012]
+ 
+   *) Sanity check record length before skipping explicit IV in DTLS
+Index: crypto/openssl/Configure
+===================================================================
+--- crypto/openssl/Configure	(revision 248771)
++++ crypto/openssl/Configure	(working copy)
+@@ -162,6 +162,7 @@ my %table=(
+ "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
++"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-ben-debug-noopt",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+ "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+@@ -172,10 +173,10 @@ my %table=(
+ "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+ "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+ "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+@@ -428,8 +429,8 @@ my %table=(
+ "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+ # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+ # at build time. $OBJECT_MODE is respected at ./config stage!
+-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
++"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
++"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+ 
+ #
+ # Cray T90 and similar (SDSC)
+Index: crypto/openssl/FAQ
+===================================================================
+--- crypto/openssl/FAQ	(revision 248771)
++++ crypto/openssl/FAQ	(working copy)
+@@ -83,7 +83,7 @@ OpenSSL  -  Frequently Asked Questions
+ * Which is the current version of OpenSSL?
+ 
+ The current version is available from <URL: http://www.openssl.org>.
+-OpenSSL 1.0.1c was released on May 10th, 2012.
++OpenSSL 1.0.1d was released on Feb 5th, 2013.
+ 
+ In addition to the current stable release, you can also access daily
+ snapshots of the OpenSSL development version at <URL:
+Index: crypto/openssl/Makefile
+===================================================================
+--- crypto/openssl/Makefile	(revision 248771)
++++ crypto/openssl/Makefile	(working copy)
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+ 
+-VERSION=0.9.8x
++VERSION=0.9.8y
+ MAJOR=0
+ MINOR=9.8
+ SHLIB_VERSION_NUMBER=0.9.8
+Index: crypto/openssl/NEWS
+===================================================================
+--- crypto/openssl/NEWS	(revision 248771)
++++ crypto/openssl/NEWS	(working copy)
+@@ -5,6 +5,11 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
++
++      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++      o Fix OCSP bad key DoS attack CVE-2013-0166
++
+   Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
+ 
+       o Fix DTLS record length checking bug CVE-2012-2333
+Index: crypto/openssl/README
+===================================================================
+--- crypto/openssl/README	(revision 248771)
++++ crypto/openssl/README	(working copy)
+@@ -1,5 +1,5 @@
+ 
+- OpenSSL 0.9.8x 10 May 2012
++ OpenSSL 0.9.8y 5 Feb 2013
+ 
+  Copyright (c) 1998-2011 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+Index: crypto/openssl/apps/Makefile
+===================================================================
+--- crypto/openssl/apps/Makefile	(revision 248771)
++++ crypto/openssl/apps/Makefile	(working copy)
+@@ -176,703 +176,720 @@ progs.h: progs.pl
+ app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-app_rand.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-app_rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+-app_rand.o: app_rand.c apps.h
++app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
++app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
++app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
+ apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-apps.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+-apps.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+-apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
++apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++apps.o: ../include/openssl/engine.h ../include/openssl/err.h
++apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
++apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
++apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++apps.o: ../include/openssl/x509v3.h apps.c apps.h
+ asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
+-asn1pars.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-asn1pars.o: asn1pars.c
++asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
++asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
++asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
+ ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ca.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ca.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ca.o: ../include/openssl/x509v3.h apps.h ca.c
++ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ca.o: ../include/openssl/engine.h ../include/openssl/err.h
++ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ciphers.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-ciphers.o: ciphers.c
++ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
++ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+ cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-cms.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-cms.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-cms.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-cms.o: ../include/openssl/x509v3.h apps.h cms.c
++cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
++cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
+ crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-crl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
+-crl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
++crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++crl.o: ../include/openssl/err.h ../include/openssl/evp.h
++crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++crl.o: ../include/openssl/x509v3.h apps.h crl.c
+ crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
+-crl2p7.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-crl2p7.o: crl2p7.c
++crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
++crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
+ dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-dgst.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dgst.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
++dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
++dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
+ dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
+-dh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dh.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
++dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dh.o: ../include/openssl/err.h ../include/openssl/evp.h
++dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++dh.o: ../include/openssl/x509v3.h apps.h dh.c
+ dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-dsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+-dsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
++dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
++dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
+ dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsaparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
++dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
++dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
++dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
++dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
++dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++dsaparam.o: dsaparam.c
+ ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-ec.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-ec.o: ../include/openssl/engine.h ../include/openssl/err.h
+-ec.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
++ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++ec.o: ../include/openssl/err.h ../include/openssl/evp.h
++ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
++ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ec.o: ../include/openssl/x509v3.h apps.h ec.c
+ ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ecparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ecparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ecparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
++ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
++ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++ecparam.o: ecparam.c
+ enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-enc.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+-enc.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-enc.o: ../include/openssl/x509v3.h apps.h enc.c
++enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++enc.o: ../include/openssl/err.h ../include/openssl/evp.h
++enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
+ engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+-engine.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-engine.o: engine.c
++engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++engine.o: ../include/openssl/engine.h ../include/openssl/err.h
++engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
++engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++engine.o: ../include/openssl/x509v3.h apps.h engine.c
+ errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+-errstr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-errstr.o: errstr.c
++errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
++errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
++errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
+ gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
++gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
++gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
++gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
++gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
++gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++gendh.o: gendh.c
+ gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+-gendsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-gendsa.o: gendsa.c
++gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
++gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
+ genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-genrsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-genrsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
++genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
++genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
++genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
++genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
++genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++genrsa.o: genrsa.c
+ nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-nseq.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
+-nseq.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
++nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
++nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
++nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
+ ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ocsp.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
++ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
++ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
++ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+ openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+-openssl.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-openssl.o: openssl.c progs.h s_apps.h
++openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
++openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
++openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+ passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+-passwd.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+-passwd.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+-passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-passwd.o: passwd.c
++passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
++passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
++passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
++passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
+ pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs12.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
++pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
++pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++pkcs12.o: pkcs12.c
+ pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs7.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-pkcs7.o: pkcs7.c
++pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
+ pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+-pkcs8.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+-pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
++pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
++pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
++pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++pkcs8.o: pkcs8.c
+ prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-prime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-prime.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-prime.o: prime.c
++prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
++prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
++prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++prime.o: ../include/openssl/x509v3.h apps.h prime.c
+ rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+-rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-rand.o: ../include/openssl/x509v3.h apps.h rand.c
++rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++rand.o: ../include/openssl/err.h ../include/openssl/evp.h
++rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
+ req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-req.o: ../include/openssl/err.h ../include/openssl/evp.h
+-req.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-req.o: ../include/openssl/x509v3.h apps.h req.c
++req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++req.o: ../include/openssl/engine.h ../include/openssl/err.h
++req.o: ../include/openssl/evp.h ../include/openssl/fips.h
++req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++req.o: ../include/openssl/stack.h ../include/openssl/store.h
++req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++req.o: ../include/openssl/ui.h ../include/openssl/x509.h
++req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+ rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-rsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+-rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
++rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
++rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
++rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
+ rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+-rsautl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
++rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
++rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++rsautl.o: rsautl.c
+ s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_cb.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
++s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++s_cb.o: s_apps.h s_cb.c
+ s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_client.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h
++s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
++s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++s_client.o: s_apps.h s_client.c timeouts.h
+ s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_server.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+-s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+-s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+-s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_server.o: s_apps.h s_server.c timeouts.h
++s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
++s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
++s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+ s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
+ s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+-s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_socket.o: s_apps.h s_socket.c
++s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++s_socket.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
+ s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_time.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-s_time.o: s_apps.h s_time.c
++s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
++s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
++s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+ sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+-sess_id.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+-sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-sess_id.o: sess_id.c
++sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
++sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
++sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
++sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
++sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
++sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
++sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
++sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+ smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-smime.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+-smime.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-smime.o: smime.c
++smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++smime.o: ../include/openssl/err.h ../include/openssl/evp.h
++smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
++smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++smime.o: ../include/openssl/x509v3.h apps.h smime.c
+ speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+@@ -880,88 +897,89 @@ speed.o: ../include/openssl/cast.h ../include/open
+ speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
+ speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+-speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+-speed.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+-speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
+-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
++speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++speed.o: ../include/openssl/engine.h ../include/openssl/err.h
++speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
++speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
++speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
++speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
++speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
++speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
++speed.o: speed.c testdsa.h testrsa.h
+ spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-spkac.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+-spkac.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-spkac.o: spkac.c
++spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
++spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
++spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
+ verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+-verify.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+-verify.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-verify.o: verify.c
++verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++verify.o: ../include/openssl/err.h ../include/openssl/evp.h
++verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
++verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
++verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++verify.o: ../include/openssl/x509v3.h apps.h verify.c
+ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+-version.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-version.o: ../include/openssl/engine.h ../include/openssl/evp.h
+-version.o: ../include/openssl/fips.h ../include/openssl/idea.h
+-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+-version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
+-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+-version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+-version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+-version.o: version.c
++version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++version.o: ../include/openssl/evp.h ../include/openssl/fips.h
++version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
++version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
++version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
++version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
++version.o: ../include/openssl/sha.h ../include/openssl/stack.h
++version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
++version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
++version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++version.o: ../include/openssl/x509v3.h apps.h version.c
+ x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-x509.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+-x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+-x509.o: ../include/openssl/evp.h ../include/openssl/fips.h
+-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+-x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-x509.o: ../include/openssl/x509v3.h apps.h x509.c
++x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
++x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
++x509.o: ../include/openssl/err.h ../include/openssl/evp.h
++x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
++x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
++x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
++x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+Index: crypto/openssl/apps/apps.c
+===================================================================
+--- crypto/openssl/apps/apps.c	(revision 248771)
++++ crypto/openssl/apps/apps.c	(working copy)
+@@ -2052,7 +2052,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ 	X509_NAME *n = NULL;
+ 	int nid;
+ 
+-	if (!buf || !ne_types || !ne_values)
++	if (!buf || !ne_types || !ne_values || !mval)
+ 		{
+ 		BIO_printf(bio_err, "malloc error\n");
+ 		goto error;
+@@ -2156,6 +2156,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ 	OPENSSL_free(ne_values);
+ 	OPENSSL_free(ne_types);
+ 	OPENSSL_free(buf);
++	OPENSSL_free(mval);
+ 	return n;
+ 
+ error:
+@@ -2164,6 +2165,8 @@ error:
+ 		OPENSSL_free(ne_values);
+ 	if (ne_types)
+ 		OPENSSL_free(ne_types);
++	if (mval)
++		OPENSSL_free(mval);
+ 	if (buf)
+ 		OPENSSL_free(buf);
+ 	return NULL;
+Index: crypto/openssl/apps/dhparam.c
+===================================================================
+--- crypto/openssl/apps/dhparam.c	(revision 248771)
++++ crypto/openssl/apps/dhparam.c	(working copy)
+@@ -332,7 +332,6 @@ bad:
+ 			BIO_printf(bio_err,"This is going to take a long time\n");
+ 			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+ 				{
+-				if(dh) DH_free(dh);
+ 				ERR_print_errors(bio_err);
+ 				goto end;
+ 				}
+Index: crypto/openssl/apps/s_server.c
+===================================================================
+--- crypto/openssl/apps/s_server.c	(revision 248771)
++++ crypto/openssl/apps/s_server.c	(working copy)
+@@ -1550,6 +1550,12 @@ end:
+ 	if (dpass)
+ 		OPENSSL_free(dpass);
+ #ifndef OPENSSL_NO_TLSEXT
++	if (tlscstatp.host)
++		OPENSSL_free(tlscstatp.host);
++	if (tlscstatp.port)
++		OPENSSL_free(tlscstatp.port);
++	if (tlscstatp.path)
++		OPENSSL_free(tlscstatp.path);
+ 	if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ 	if (s_cert2)
+ 		X509_free(s_cert2);
+Index: crypto/openssl/crypto/asn1/a_strex.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strex.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_strex.c	(working copy)
+@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_
+ 	if(mbflag == -1) return -1;
+ 	mbflag |= MBSTRING_FLAG;
+ 	stmp.data = NULL;
++	stmp.length = 0;
+ 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ 	if(ret < 0) return ret;
+ 	*out = stmp.data;
+Index: crypto/openssl/crypto/asn1/a_verify.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_verify.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_verify.c	(working copy)
+@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALG
+ 	unsigned char *buf_in=NULL;
+ 	int ret= -1,i,inl;
+ 
++	if (!pkey)
++		{
++		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++		return -1;
++		}
++
+ 	EVP_MD_CTX_init(&ctx);
+ 	i=OBJ_obj2nid(a->algorithm);
+ 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+Index: crypto/openssl/crypto/asn1/x_pubkey.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_pubkey.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/x_pubkey.c	(working copy)
+@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ 	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ 	if (key->pkey)
+ 		{
++		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ 		EVP_PKEY_free(ret);
+ 		ret = key->pkey;
+ 		}
+ 	else
++		{
+ 		key->pkey = ret;
+-	CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++		}
+ 	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ 	return(ret);
+ err:
+Index: crypto/openssl/crypto/bn/bn_word.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_word.c	(revision 248771)
++++ crypto/openssl/crypto/bn/bn_word.c	(working copy)
+@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
+ 			a->neg=!(a->neg);
+ 		return(i);
+ 		}
+-	/* Only expand (and risk failing) if it's possibly necessary */
+-	if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+-			(bn_wexpand(a,a->top+1) == NULL))
+-		return(0);
+-	i=0;
+-	for (;;)
++	for (i=0;w!=0 && i<a->top;i++)
+ 		{
+-		if (i >= a->top)
+-			l=w;
+-		else
+-			l=(a->d[i]+w)&BN_MASK2;
+-		a->d[i]=l;
+-		if (w > l)
+-			w=1;
+-		else
+-			break;
+-		i++;
++		a->d[i] = l = (a->d[i]+w)&BN_MASK2;
++		w = (w>l)?1:0;
+ 		}
+-	if (i >= a->top)
++	if (w && i==a->top)
++		{
++		if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ 		a->top++;
++		a->d[i]=w;
++		}
+ 	bn_check_top(a);
+ 	return(1);
+ 	}
+Index: crypto/openssl/crypto/cryptlib.c
+===================================================================
+--- crypto/openssl/crypto/cryptlib.c	(revision 248771)
++++ crypto/openssl/crypto/cryptlib.c	(working copy)
+@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const ch
+ 	}
+ 
+ void *OPENSSL_stderr(void)	{ return stderr; }
++
++#ifndef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++	{
++	size_t i;
++	const unsigned char *a = in_a;
++	const unsigned char *b = in_b;
++	unsigned char x = 0;
++
++	for (i = 0; i < len; i++)
++		x |= a[i] ^ b[i];
++
++	return x;
++	}
++#endif
+Index: crypto/openssl/crypto/crypto.h
+===================================================================
+--- crypto/openssl/crypto/crypto.h	(revision 248771)
++++ crypto/openssl/crypto/crypto.h	(working copy)
+@@ -591,6 +591,13 @@ int OPENSSL_isservice(void);
+ #define OPENSSL_HAVE_INIT	1
+ void OPENSSL_init(void);
+ 
++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
++ * takes an amount of time dependent on |len|, but independent of the contents
++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
++ * defined order as the return value when a != b is undefined, other than to be
++ * non-zero. */
++int CRYPTO_memcmp(const void *a, const void *b, size_t len);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+Index: crypto/openssl/crypto/o_init.c
+===================================================================
+--- crypto/openssl/crypto/o_init.c	(revision 248771)
++++ crypto/openssl/crypto/o_init.c	(working copy)
+@@ -93,4 +93,18 @@ void OPENSSL_init(void)
+ #endif
+ 	}
+ 		
++#ifdef OPENSSL_FIPS
+ 
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++	{
++	size_t i;
++	const unsigned char *a = in_a;
++	const unsigned char *b = in_b;
++	unsigned char x = 0;
++
++	for (i = 0; i < len; i++)
++		x |= a[i] ^ b[i];
++
++	return x;
++	}
++#endif
+Index: crypto/openssl/crypto/ocsp/ocsp_vfy.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_vfy.c	(revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_vfy.c	(working copy)
+@@ -91,10 +91,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ 		{
+ 		EVP_PKEY *skey;
+ 		skey = X509_get_pubkey(signer);
+-		ret = OCSP_BASICRESP_verify(bs, skey, 0);
+-		EVP_PKEY_free(skey);
+-		if(ret <= 0)
++		if (skey)
+ 			{
++			ret = OCSP_BASICRESP_verify(bs, skey, 0);
++			EVP_PKEY_free(skey);
++			}
++		if(!skey || ret <= 0)
++			{
+ 			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ 			goto end;
+ 			}
+@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ 			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ 		if(!init_res)
+ 			{
++			ret = -1;
+ 			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ 			goto end;
+ 			}
+Index: crypto/openssl/crypto/opensslv.h
+===================================================================
+--- crypto/openssl/crypto/opensslv.h	(revision 248771)
++++ crypto/openssl/crypto/opensslv.h	(working copy)
+@@ -25,11 +25,11 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-#define OPENSSL_VERSION_NUMBER	0x0090818fL
++#define OPENSSL_VERSION_NUMBER	0x0090819fL
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8x-fips 10 May 2012"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8y-fips 5 Feb 2013"
+ #else
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8x 10 May 2012"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8y 5 Feb 2013"
+ #endif
+ #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+ 
+Index: crypto/openssl/crypto/rsa/rsa_oaep.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_oaep.c	(revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_oaep.c	(working copy)
+@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
+ 
+ 	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+ 
+-	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ 		goto decoding_err;
+ 	else
+ 		{
+Index: crypto/openssl/crypto/symhacks.h
+===================================================================
+--- crypto/openssl/crypto/symhacks.h	(revision 248771)
++++ crypto/openssl/crypto/symhacks.h	(working copy)
+@@ -252,15 +252,15 @@
+ #define EC_POINT_set_compressed_coordinates_GF2m \
+                                                 EC_POINT_set_compr_coords_GF2m
+ #undef ec_GF2m_simple_group_clear_finish
+-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish
++#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
+ #undef ec_GF2m_simple_group_check_discriminant
+ #define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim
+ #undef ec_GF2m_simple_point_clear_finish
+-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish
++#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
+ #undef ec_GF2m_simple_point_set_to_infinity
+-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf
++#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
+ #undef ec_GF2m_simple_points_make_affine
+-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine
++#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
+ #undef ec_GF2m_simple_point_set_affine_coordinates
+ #define ec_GF2m_simple_point_set_affine_coordinates \
+                                                 ec_GF2m_smp_pt_set_af_coords
+@@ -288,8 +288,6 @@
+ #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+ #undef ec_GFp_simple_points_make_affine
+ #define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+-#undef ec_GFp_simple_group_get_curve_GFp
+-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+ #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+ #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                 ec_GFp_smp_set_Jproj_coords_GFp
+Index: crypto/openssl/doc/apps/CA.pl.pod
+===================================================================
+--- crypto/openssl/doc/apps/CA.pl.pod	(revision 248771)
++++ crypto/openssl/doc/apps/CA.pl.pod	(working copy)
+@@ -39,13 +39,13 @@ prints a usage message.
+ 
+ =item B<-newcert>
+ 
+-creates a new self signed certificate. The private key and certificate are
+-written to the file "newreq.pem".
++creates a new self signed certificate. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+ 
+ =item B<-newreq>
+ 
+-creates a new certificate request. The private key and request are
+-written to the file "newreq.pem".
++creates a new certificate request. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+ 
+ =item B<-newreq-nodes>
+ 
+Index: crypto/openssl/engines/e_capi.c
+===================================================================
+--- crypto/openssl/engines/e_capi.c	(revision 248771)
++++ crypto/openssl/engines/e_capi.c	(working copy)
+@@ -1409,10 +1409,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx
+ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+ 	{
+ 	CAPI_KEY *key;
++    DWORD dwFlags = 0; 
+ 	key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ 	CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
+ 						contname, provname, ptype);
+-	if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
++    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
++        dwFlags = CRYPT_MACHINE_KEYSET;
++    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
+ 		{
+ 		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ 		capi_addlasterror();
+Index: crypto/openssl/openssl.spec
+===================================================================
+--- crypto/openssl/openssl.spec	(revision 248771)
++++ crypto/openssl/openssl.spec	(working copy)
+@@ -2,7 +2,7 @@
+ %define libmaj 0
+ %define libmin 9
+ %define librel 8
+-%define librev x
++%define librev y
+ Release: 1
+ 
+ %define openssldir /var/ssl
+Index: crypto/openssl/ssl/Makefile
+===================================================================
+--- crypto/openssl/ssl/Makefile	(revision 248771)
++++ crypto/openssl/ssl/Makefile	(working copy)
+@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a
+ SHARED_LIB= libssl$(SHLIB_EXT)
+ LIBSRC=	\
+ 	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+-	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
++	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
+ 	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+ 	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+ 	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
+@@ -33,7 +33,7 @@ LIBSRC=	\
+ 	bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+ LIBOBJ= \
+ 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+-	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
++	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
+ 	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+ 	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+ 	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
+@@ -545,6 +545,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o
+ s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
++s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
++s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
++s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
++s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
++s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
++s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
++s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
++s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
++s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
+ s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+Index: crypto/openssl/ssl/d1_enc.c
+===================================================================
+--- crypto/openssl/ssl/d1_enc.c	(revision 248771)
++++ crypto/openssl/ssl/d1_enc.c	(working copy)
+@@ -126,16 +126,30 @@
+ #include <openssl/des.h>
+ #endif
+ 
++/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ *       an internal error occured. */
+ int dtls1_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i,ii,j,k;
++	int bs,i,j,k,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+ 		{
++		if (s->write_hash)
++			{
++			mac_size=EVP_MD_size(s->write_hash);
++			if (mac_size < 0)
++				return -1;
++			}
+ 		ds=s->enc_write_ctx;
+ 		rec= &(s->s3->wrec);
+ 		if (s->enc_write_ctx == NULL)
+@@ -156,6 +170,11 @@ int dtls1_enc(SSL *s, int send)
+ 		}
+ 	else
+ 		{
++		if (s->read_hash)
++			{
++			mac_size=EVP_MD_size(s->read_hash);
++			OPENSSL_assert(mac_size >= 0);
++			}
+ 		ds=s->enc_read_ctx;
+ 		rec= &(s->s3->rrec);
+ 		if (s->enc_read_ctx == NULL)
+@@ -220,7 +239,7 @@ int dtls1_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				return -1;
++				return 0;
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -235,43 +254,7 @@ int dtls1_enc(SSL *s, int send)
+ #endif	/* KSSL_DEBUG */
+ 
+ 		if ((bs != 1) && !send)
+-			{
+-			ii=i=rec->data[l-1]; /* padding_length */
+-			i++;
+-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+-				{
+-				/* First packet is even in size, so check */
+-				if ((memcmp(s->s3->read_sequence,
+-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+-					i--;
+-				}
+-			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+-			 * All of them must have value 'padding_length'. */
+-			if (i + bs > (int)rec->length)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
+-				 */
+-				return -1;
+-				}
+-			for (j=(int)(l-i); j<(int)l; j++)
+-				{
+-				if (rec->data[j] != ii)
+-					{
+-					/* Incorrect padding */
+-					return -1;
+-					}
+-				}
+-			rec->length-=i;
+-
+-			rec->data += bs;    /* skip the implicit IV */
+-			rec->input += bs;
+-			rec->length -= bs;
+-			}
++			return tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ 		}
+ 	return(1);
+ 	}
+Index: crypto/openssl/ssl/d1_pkt.c
+===================================================================
+--- crypto/openssl/ssl/d1_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/d1_pkt.c	(working copy)
+@@ -327,17 +327,13 @@ dtls1_get_buffered_record(SSL *s)
+ static int
+ dtls1_process_record(SSL *s)
+ {
+-    int al;
+-	int clear=0;
+-    int enc_err;
++	int i,al;
++	int enc_err;
+ 	SSL_SESSION *sess;
+-    SSL3_RECORD *rr;
+-	unsigned int mac_size;
++	SSL3_RECORD *rr;
++	unsigned int mac_size, orig_len;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+-	int decryption_failed_or_bad_record_mac = 0;
+-	unsigned char *mac = NULL;
+ 
+-
+ 	rr= &(s->s3->rrec);
+     sess = s->session;
+ 
+@@ -366,14 +362,19 @@ dtls1_process_record(SSL *s)
+ 
+ 	/* decrypt in place in 'rr->input' */
+ 	rr->data=rr->input;
++	orig_len=rr->length;
+ 
+ 	enc_err = s->method->ssl3_enc->enc(s,0);
+-	if (enc_err <= 0)
++	/* enc_err is:
++	 *    0: (in non-constant time) if the record is publically invalid.
++	 *    1: if the padding is valid
++	 *    -1: if the padding is invalid */
++	if (enc_err == 0)
+ 		{
+-		/* To minimize information leaked via timing, we will always
+-		 * perform all computations before discarding the message.
+-		 */
+-		decryption_failed_or_bad_record_mac = 1;
++		/* For DTLS we simply ignore bad packets. */
++		rr->length = 0;
++		s->packet_length = 0;
++		goto err;
+ 		}
+ 
+ #ifdef TLS_DEBUG
+@@ -383,41 +384,59 @@ printf("\n");
+ #endif
+ 
+ 	/* r->length is now the compressed data plus mac */
+-if (	(sess == NULL) ||
+-		(s->enc_read_ctx == NULL) ||
+-		(s->read_hash == NULL))
+-    clear=1;
+-
+-	if (!clear)
++	if ((sess != NULL) &&
++	    (s->enc_read_ctx != NULL) &&
++	    (s->read_hash != NULL))
+ 		{
++		/* s->read_hash != NULL => mac_size != -1 */
++		unsigned char *mac = NULL;
++		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ 		mac_size=EVP_MD_size(s->read_hash);
++		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ 
+-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++		/* orig_len is the length of the record before any padding was
++		 * removed. This is public information, as is the MAC in use,
++		 * therefore we can safely process the record in a different
++		 * amount of time if it's too short to possibly contain a MAC.
++		 */
++		if (orig_len < mac_size ||
++		    /* CBC records must have a padding length byte too. */
++		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++		     orig_len < mac_size+1))
+ 			{
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+-			al=SSL_AD_RECORD_OVERFLOW;
+-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++			al=SSL_AD_DECODE_ERROR;
++			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ 			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-#endif			
+ 			}
+-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+-		if (rr->length >= mac_size)
++
++		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ 			{
++			/* We update the length so that the TLS header bytes
++			 * can be constructed correctly but we need to extract
++			 * the MAC in constant time from within the record,
++			 * without leaking the contents of the padding bytes.
++			 * */
++			mac = mac_tmp;
++			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ 			rr->length -= mac_size;
+-			mac = &rr->data[rr->length];
+ 			}
+ 		else
+-			rr->length = 0;
+-		s->method->ssl3_enc->mac(s,md,0);
+-		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+ 			{
+-			decryption_failed_or_bad_record_mac = 1;
++			/* In this case there's no padding, so |orig_len|
++			 * equals |rec->length| and we checked that there's
++			 * enough bytes for |mac_size| above. */
++			rr->length -= mac_size;
++			mac = &rr->data[rr->length];
+ 			}
++
++		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++			enc_err = -1;
++		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++			enc_err = -1;
+ 		}
+ 
+-	if (decryption_failed_or_bad_record_mac)
++	if (enc_err < 0)
+ 		{
+ 		/* decryption failed, silently discard message */
+ 		rr->length = 0;
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c	(revision 248771)
++++ crypto/openssl/ssl/s2_clnt.c	(working copy)
+@@ -935,7 +935,7 @@ static int get_server_verify(SSL *s)
+ 		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
+ 	p += 1;
+ 
+-	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
++	if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+ 		{
+ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+Index: crypto/openssl/ssl/s2_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s2_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/s2_pkt.c	(working copy)
+@@ -267,8 +267,7 @@ static int ssl2_read_internal(SSL *s, void *buf, i
+ 			s->s2->ract_data_length-=mac_size;
+ 			ssl2_mac(s,mac,0);
+ 			s->s2->ract_data_length-=s->s2->padding;
+-			if (	(memcmp(mac,s->s2->mac_data,
+-				(unsigned int)mac_size) != 0) ||
++			if (	(CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
+ 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+ 				{
+ 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c	(revision 248771)
++++ crypto/openssl/ssl/s3_both.c	(working copy)
+@@ -242,7 +242,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
+ 		goto f_err;
+ 		}
+ 
+-	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
++	if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+ 		{
+ 		al=SSL_AD_DECRYPT_ERROR;
+ 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+Index: crypto/openssl/ssl/s3_cbc.c
+===================================================================
+--- crypto/openssl/ssl/s3_cbc.c	(revision 0)
++++ crypto/openssl/ssl/s3_cbc.c	(working copy)
+@@ -0,0 +1,762 @@
++/* ssl/s3_cbc.c */
++/* ====================================================================
++ * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include "ssl_locl.h"
++
++#include <openssl/md5.h>
++#include <openssl/sha.h>
++
++/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
++ * field. (SHA-384/512 have 128-bit length.) */
++#define MAX_HASH_BIT_COUNT_BYTES 16
++
++/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
++ * Currently SHA-384/512 has a 128-byte block size and that's the largest
++ * supported by TLS.) */
++#define MAX_HASH_BLOCK_SIZE 128
++
++/* Some utility functions are needed:
++ *
++ * These macros return the given value with the MSB copied to all the other
++ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
++ * However, this is not ensured by the C standard so you may need to replace
++ * them with something else on odd CPUs. */
++#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
++#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
++
++/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
++static unsigned constant_time_ge(unsigned a, unsigned b)
++	{
++	a -= b;
++	return DUPLICATE_MSB_TO_ALL(~a);
++	}
++
++/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
++static unsigned char constant_time_eq_8(unsigned char a, unsigned char b)
++	{
++	unsigned c = a ^ b;
++	c--;
++	return DUPLICATE_MSB_TO_ALL_8(c);
++	}
++
++/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
++ * record in |rec| by updating |rec->length| in constant time.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ *   0: (in non-constant time) if the record is publicly invalid.
++ *   1: if the padding was valid
++ *  -1: otherwise. */
++int ssl3_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size)
++	{
++	unsigned padding_length, good;
++	const unsigned overhead = 1 /* padding length byte */ + mac_size;
++
++	/* These lengths are all public so we can test them in non-constant
++	 * time. */
++	if (overhead > rec->length)
++		return 0;
++
++	padding_length = rec->data[rec->length-1];
++	good = constant_time_ge(rec->length, padding_length+overhead);
++	/* SSLv3 requires that the padding is minimal. */
++	good &= constant_time_ge(block_size, padding_length+1);
++	padding_length = good & (padding_length+1);
++	rec->length -= padding_length;
++	rec->type |= padding_length<<8;	/* kludge: pass padding length */
++	return (int)((good & 1) | (~good & -1));
++}
++
++/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
++ * record in |rec| in constant time and returns 1 if the padding is valid and
++ * -1 otherwise. It also removes any explicit IV from the start of the record
++ * without leaking any timing about whether there was enough space after the
++ * padding was removed.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ *   0: (in non-constant time) if the record is publicly invalid.
++ *   1: if the padding was valid
++ *  -1: otherwise. */
++int tls1_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size)
++	{
++	unsigned padding_length, good, to_check, i;
++	const char has_explicit_iv = s->version == DTLS1_VERSION;
++	const unsigned overhead = 1 /* padding length byte */ +
++				  mac_size +
++				  (has_explicit_iv ? block_size : 0);
++
++	/* These lengths are all public so we can test them in non-constant
++	 * time. */
++	if (overhead > rec->length)
++		return 0;
++
++	padding_length = rec->data[rec->length-1];
++
++	/* NB: if compression is in operation the first packet may not be of
++	 * even length so the padding bug check cannot be performed. This bug
++	 * workaround has been around since SSLeay so hopefully it is either
++	 * fixed now or no buggy implementation supports compression [steve]
++	 */
++	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
++		{
++		/* First packet is even in size, so check */
++		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
++		    !(padding_length & 1))
++			{
++			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
++			}
++		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
++		    padding_length > 0)
++			{
++			padding_length--;
++			}
++		}
++
++	good = constant_time_ge(rec->length, overhead+padding_length);
++	/* The padding consists of a length byte at the end of the record and
++	 * then that many bytes of padding, all with the same value as the
++	 * length byte. Thus, with the length byte included, there are i+1
++	 * bytes of padding.
++	 *
++	 * We can't check just |padding_length+1| bytes because that leaks
++	 * decrypted information. Therefore we always have to check the maximum
++	 * amount of padding possible. (Again, the length of the record is
++	 * public information so we can use it.) */
++	to_check = 255; /* maximum amount of padding. */
++	if (to_check > rec->length-1)
++		to_check = rec->length-1;
++
++	for (i = 0; i < to_check; i++)
++		{
++		unsigned char mask = constant_time_ge(padding_length, i);
++		unsigned char b = rec->data[rec->length-1-i];
++		/* The final |padding_length+1| bytes should all have the value
++		 * |padding_length|. Therefore the XOR should be zero. */
++		good &= ~(mask&(padding_length ^ b));
++		}
++
++	/* If any of the final |padding_length+1| bytes had the wrong value,
++	 * one or more of the lower eight bits of |good| will be cleared. We
++	 * AND the bottom 8 bits together and duplicate the result to all the
++	 * bits. */
++	good &= good >> 4;
++	good &= good >> 2;
++	good &= good >> 1;
++	good <<= sizeof(good)*8-1;
++	good = DUPLICATE_MSB_TO_ALL(good);
++
++	padding_length = good & (padding_length+1);
++	rec->length -= padding_length;
++	rec->type |= padding_length<<8;	/* kludge: pass padding length */
++
++	/* We can always safely skip the explicit IV. We check at the beginning
++	 * of this function that the record has at least enough space for the
++	 * IV, MAC and padding length byte. (These can be checked in
++	 * non-constant time because it's all public information.) So, if the
++	 * padding was invalid, then we didn't change |rec->length| and this is
++	 * safe. If the padding was valid then we know that we have at least
++	 * overhead+padding_length bytes of space and so this is still safe
++	 * because overhead accounts for the explicit IV. */
++	if (has_explicit_iv)
++		{
++		rec->data += block_size;
++		rec->input += block_size;
++		rec->length -= block_size;
++		}
++
++	return (int)((good & 1) | (~good & -1));
++	}
++
++#if defined(_M_AMD64) || defined(__x86_64__)
++#define CBC_MAC_ROTATE_IN_PLACE
++#endif
++
++/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
++ * constant time (independent of the concrete value of rec->length, which may
++ * vary within a 256-byte window).
++ *
++ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
++ * this function.
++ *
++ * On entry:
++ *   rec->orig_len >= md_size
++ *   md_size <= EVP_MAX_MD_SIZE
++ *
++ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
++ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
++ * a single cache-line, then the variable memory accesses don't actually affect
++ * the timing. This has been tested to be true on Intel amd64 chips.
++ */
++void ssl3_cbc_copy_mac(unsigned char* out,
++		       const SSL3_RECORD *rec,
++		       unsigned md_size,unsigned orig_len)
++	{
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2];
++	unsigned char *rotated_mac;
++#else
++	unsigned char rotated_mac[EVP_MAX_MD_SIZE];
++#endif
++
++	/* mac_end is the index of |rec->data| just after the end of the MAC. */
++	unsigned mac_end = rec->length;
++	unsigned mac_start = mac_end - md_size;
++	/* scan_start contains the number of bytes that we can ignore because
++	 * the MAC's position can only vary by 255 bytes. */
++	unsigned scan_start = 0;
++	unsigned i, j;
++	unsigned div_spoiler;
++	unsigned rotate_offset;
++
++	OPENSSL_assert(orig_len >= md_size);
++	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63);
++#endif
++
++	/* This information is public so it's safe to branch based on it. */
++	if (orig_len > md_size + 255 + 1)
++		scan_start = orig_len - (md_size + 255 + 1);
++	/* div_spoiler contains a multiple of md_size that is used to cause the
++	 * modulo operation to be constant time. Without this, the time varies
++	 * based on the amount of padding when running on Intel chips at least.
++	 *
++	 * The aim of right-shifting md_size is so that the compiler doesn't
++	 * figure out that it can remove div_spoiler as that would require it
++	 * to prove that md_size is always even, which I hope is beyond it. */
++	div_spoiler = md_size >> 1;
++	div_spoiler <<= (sizeof(div_spoiler)-1)*8;
++	rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
++
++	memset(rotated_mac, 0, md_size);
++	for (i = scan_start; i < orig_len;)
++		{
++		for (j = 0; j < md_size && i < orig_len; i++, j++)
++			{
++			unsigned char mac_started = constant_time_ge(i, mac_start);
++			unsigned char mac_ended = constant_time_ge(i, mac_end);
++			unsigned char b = 0;
++			b = rec->data[i];
++			rotated_mac[j] |= b & mac_started & ~mac_ended;
++			}
++		}
++
++	/* Now rotate the MAC */
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	j = 0;
++	for (i = 0; i < md_size; i++)
++		{
++		unsigned char offset = (div_spoiler + rotate_offset + i) % md_size;
++		out[j++] = rotated_mac[offset];
++		}
++#else
++	memset(out, 0, md_size);
++	for (i = 0; i < md_size; i++)
++		{
++		unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
++		for (j = 0; j < md_size; j++)
++			out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset);
++		}
++#endif
++	}
++
++/* These functions serialize the state of a hash and thus perform the standard
++ * "final" operation without adding the padding and length that such a function
++ * typically does. */
++static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
++	{
++	MD5_CTX *md5 = ctx;
++	l2n(md5->A, md_out);
++	l2n(md5->B, md_out);
++	l2n(md5->C, md_out);
++	l2n(md5->D, md_out);
++	}
++
++static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA_CTX *sha1 = ctx;
++	l2n(sha1->h0, md_out);
++	l2n(sha1->h1, md_out);
++	l2n(sha1->h2, md_out);
++	l2n(sha1->h3, md_out);
++	l2n(sha1->h4, md_out);
++	}
++#define LARGEST_DIGEST_CTX SHA_CTX
++
++#ifndef OPENSSL_NO_SHA256
++static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA256_CTX *sha256 = ctx;
++	unsigned i;
++
++	for (i = 0; i < 8; i++)
++		{
++		l2n(sha256->h[i], md_out);
++		}
++	}
++#undef  LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA256_CTX
++#endif
++
++#ifndef OPENSSL_NO_SHA512
++static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA512_CTX *sha512 = ctx;
++	unsigned i;
++
++	for (i = 0; i < 8; i++)
++		{
++		l2n8(sha512->h[i], md_out);
++		}
++	}
++#undef  LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA512_CTX
++#endif
++
++/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
++ * which ssl3_cbc_digest_record supports. */
++char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
++	{
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode())
++		return 0;
++#endif
++	switch (EVP_MD_type(digest))
++		{
++		case NID_md5:
++		case NID_sha1:
++#ifndef OPENSSL_NO_SHA256
++		case NID_sha224:
++		case NID_sha256:
++#endif
++#ifndef OPENSSL_NO_SHA512
++		case NID_sha384:
++		case NID_sha512:
++#endif
++			return 1;
++		default:
++			return 0;
++		}
++	}
++
++/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
++ * record.
++ *
++ *   ctx: the EVP_MD_CTX from which we take the hash function.
++ *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
++ *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
++ *   md_out_size: if non-NULL, the number of output bytes is written here.
++ *   header: the 13-byte, TLS record header.
++ *   data: the record data itself, less any preceeding explicit IV.
++ *   data_plus_mac_size: the secret, reported length of the data and MAC
++ *     once the padding has been removed.
++ *   data_plus_mac_plus_padding_size: the public length of the whole
++ *     record, including padding.
++ *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
++ *
++ * On entry: by virtue of having been through one of the remove_padding
++ * functions, above, we know that data_plus_mac_size is large enough to contain
++ * a padding byte and MAC. (If the padding was invalid, it might contain the
++ * padding too. ) */
++void ssl3_cbc_digest_record(
++	const EVP_MD *digest,
++	unsigned char* md_out,
++	size_t* md_out_size,
++	const unsigned char header[13],
++	const unsigned char *data,
++	size_t data_plus_mac_size,
++	size_t data_plus_mac_plus_padding_size,
++	const unsigned char *mac_secret,
++	unsigned mac_secret_length,
++	char is_sslv3)
++	{
++	union {	double align;
++		unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
++	void (*md_final_raw)(void *ctx, unsigned char *md_out);
++	void (*md_transform)(void *ctx, const unsigned char *block);
++	unsigned md_size, md_block_size = 64;
++	unsigned sslv3_pad_length = 40, header_length, variance_blocks,
++		 len, max_mac_bytes, num_blocks,
++		 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
++	unsigned int bits;	/* at most 18 bits */
++	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
++	/* hmac_pad is the masked HMAC key. */
++	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
++	unsigned char first_block[MAX_HASH_BLOCK_SIZE];
++	unsigned char mac_out[EVP_MAX_MD_SIZE];
++	unsigned i, j, md_out_size_u;
++	EVP_MD_CTX md_ctx;
++	/* mdLengthSize is the number of bytes in the length field that terminates
++	* the hash. */
++	unsigned md_length_size = 8;
++
++	/* This is a, hopefully redundant, check that allows us to forget about
++	 * many possible overflows later in this function. */
++	OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
++
++	switch (EVP_MD_type(digest))
++		{
++		case NID_md5:
++			MD5_Init((MD5_CTX*)md_state.c);
++			md_final_raw = tls1_md5_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
++			md_size = 16;
++			sslv3_pad_length = 48;
++			break;
++		case NID_sha1:
++			SHA1_Init((SHA_CTX*)md_state.c);
++			md_final_raw = tls1_sha1_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
++			md_size = 20;
++			break;
++#ifndef OPENSSL_NO_SHA256
++		case NID_sha224:
++			SHA224_Init((SHA256_CTX*)md_state.c);
++			md_final_raw = tls1_sha256_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++			md_size = 224/8;
++			break;
++		case NID_sha256:
++			SHA256_Init((SHA256_CTX*)md_state.c);
++			md_final_raw = tls1_sha256_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++			md_size = 32;
++			break;
++#endif
++#ifndef OPENSSL_NO_SHA512
++		case NID_sha384:
++			SHA384_Init((SHA512_CTX*)md_state.c);
++			md_final_raw = tls1_sha512_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++			md_size = 384/8;
++			md_block_size = 128;
++			md_length_size = 16;
++			break;
++		case NID_sha512:
++			SHA512_Init((SHA512_CTX*)md_state.c);
++			md_final_raw = tls1_sha512_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++			md_size = 64;
++			md_block_size = 128;
++			md_length_size = 16;
++			break;
++#endif
++		default:
++			/* ssl3_cbc_record_digest_supported should have been
++			 * called first to check that the hash function is
++			 * supported. */
++			OPENSSL_assert(0);
++			if (md_out_size)
++				*md_out_size = -1;
++			return;
++		}
++
++	OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
++	OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
++	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++	header_length = 13;
++	if (is_sslv3)
++		{
++		header_length =
++			mac_secret_length +
++			sslv3_pad_length +
++			8 /* sequence number */ +
++			1 /* record type */ +
++			2 /* record length */;
++		}
++
++	/* variance_blocks is the number of blocks of the hash that we have to
++	 * calculate in constant time because they could be altered by the
++	 * padding value.
++	 *
++	 * In SSLv3, the padding must be minimal so the end of the plaintext
++	 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
++	 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
++	 * termination (0x80 + 64-bit length) don't fit in the final block, we
++	 * say that the final two blocks can vary based on the padding.
++	 *
++	 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
++	 * required to be minimal. Therefore we say that the final six blocks
++	 * can vary based on the padding.
++	 *
++	 * Later in the function, if the message is short and there obviously
++	 * cannot be this many blocks then variance_blocks can be reduced. */
++	variance_blocks = is_sslv3 ? 2 : 6;
++	/* From now on we're dealing with the MAC, which conceptually has 13
++	 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
++	 * (SSLv3) */
++	len = data_plus_mac_plus_padding_size + header_length;
++	/* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
++	* |header|, assuming that there's no padding. */
++	max_mac_bytes = len - md_size - 1;
++	/* num_blocks is the maximum number of hash blocks. */
++	num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
++	/* In order to calculate the MAC in constant time we have to handle
++	 * the final blocks specially because the padding value could cause the
++	 * end to appear somewhere in the final |variance_blocks| blocks and we
++	 * can't leak where. However, |num_starting_blocks| worth of data can
++	 * be hashed right away because no padding value can affect whether
++	 * they are plaintext. */
++	num_starting_blocks = 0;
++	/* k is the starting byte offset into the conceptual header||data where
++	 * we start processing. */
++	k = 0;
++	/* mac_end_offset is the index just past the end of the data to be
++	 * MACed. */
++	mac_end_offset = data_plus_mac_size + header_length - md_size;
++	/* c is the index of the 0x80 byte in the final hash block that
++	 * contains application data. */
++	c = mac_end_offset % md_block_size;
++	/* index_a is the hash block number that contains the 0x80 terminating
++	 * value. */
++	index_a = mac_end_offset / md_block_size;
++	/* index_b is the hash block number that contains the 64-bit hash
++	 * length, in bits. */
++	index_b = (mac_end_offset + md_length_size) / md_block_size;
++	/* bits is the hash-length in bits. It includes the additional hash
++	 * block for the masked HMAC key, or whole of |header| in the case of
++	 * SSLv3. */
++
++	/* For SSLv3, if we're going to have any starting blocks then we need
++	 * at least two because the header is larger than a single block. */
++	if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
++		{
++		num_starting_blocks = num_blocks - variance_blocks;
++		k = md_block_size*num_starting_blocks;
++		}
++
++	bits = 8*mac_end_offset;
++	if (!is_sslv3)
++		{
++		/* Compute the initial HMAC block. For SSLv3, the padding and
++		 * secret bytes are included in |header| because they take more
++		 * than a single block. */
++		bits += 8*md_block_size;
++		memset(hmac_pad, 0, md_block_size);
++		OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
++		memcpy(hmac_pad, mac_secret, mac_secret_length);
++		for (i = 0; i < md_block_size; i++)
++			hmac_pad[i] ^= 0x36;
++
++		md_transform(md_state.c, hmac_pad);
++		}
++
++	memset(length_bytes,0,md_length_size-4);
++	length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
++	length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
++	length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
++	length_bytes[md_length_size-1] = (unsigned char)bits;
++
++	if (k > 0)
++		{
++		if (is_sslv3)
++			{
++			/* The SSLv3 header is larger than a single block.
++			 * overhang is the number of bytes beyond a single
++			 * block that the header consumes: either 7 bytes
++			 * (SHA1) or 11 bytes (MD5). */
++			unsigned overhang = header_length-md_block_size;
++			md_transform(md_state.c, header);
++			memcpy(first_block, header + md_block_size, overhang);
++			memcpy(first_block + overhang, data, md_block_size-overhang);
++			md_transform(md_state.c, first_block);
++			for (i = 1; i < k/md_block_size - 1; i++)
++				md_transform(md_state.c, data + md_block_size*i - overhang);
++			}
++		else
++			{
++			/* k is a multiple of md_block_size. */
++			memcpy(first_block, header, 13);
++			memcpy(first_block+13, data, md_block_size-13);
++			md_transform(md_state.c, first_block);
++			for (i = 1; i < k/md_block_size; i++)
++				md_transform(md_state.c, data + md_block_size*i - 13);
++			}
++		}
++
++	memset(mac_out, 0, sizeof(mac_out));
++
++	/* We now process the final hash blocks. For each block, we construct
++	 * it in constant time. If the |i==index_a| then we'll include the 0x80
++	 * bytes and zero pad etc. For each block we selectively copy it, in
++	 * constant time, to |mac_out|. */
++	for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
++		{
++		unsigned char block[MAX_HASH_BLOCK_SIZE];
++		unsigned char is_block_a = constant_time_eq_8(i, index_a);
++		unsigned char is_block_b = constant_time_eq_8(i, index_b);
++		for (j = 0; j < md_block_size; j++)
++			{
++			unsigned char b = 0, is_past_c, is_past_cp1;
++			if (k < header_length)
++				b = header[k];
++			else if (k < data_plus_mac_plus_padding_size + header_length)
++				b = data[k-header_length];
++			k++;
++
++			is_past_c = is_block_a & constant_time_ge(j, c);
++			is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
++			/* If this is the block containing the end of the
++			 * application data, and we are at the offset for the
++			 * 0x80 value, then overwrite b with 0x80. */
++			b = (b&~is_past_c) | (0x80&is_past_c);
++			/* If this the the block containing the end of the
++			 * application data and we're past the 0x80 value then
++			 * just write zero. */
++			b = b&~is_past_cp1;
++			/* If this is index_b (the final block), but not
++			 * index_a (the end of the data), then the 64-bit
++			 * length didn't fit into index_a and we're having to
++			 * add an extra block of zeros. */
++			b &= ~is_block_b | is_block_a;
++
++			/* The final bytes of one of the blocks contains the
++			 * length. */
++			if (j >= md_block_size - md_length_size)
++				{
++				/* If this is index_b, write a length byte. */
++				b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
++				}
++			block[j] = b;
++			}
++
++		md_transform(md_state.c, block);
++		md_final_raw(md_state.c, block);
++		/* If this is index_b, copy the hash value to |mac_out|. */
++		for (j = 0; j < md_size; j++)
++			mac_out[j] |= block[j]&is_block_b;
++		}
++
++	EVP_MD_CTX_init(&md_ctx);
++	EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
++	if (is_sslv3)
++		{
++		/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
++		memset(hmac_pad, 0x5c, sslv3_pad_length);
++
++		EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
++		EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
++		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++		}
++	else
++		{
++		/* Complete the HMAC in the standard manner. */
++		for (i = 0; i < md_block_size; i++)
++			hmac_pad[i] ^= 0x6a;
++
++		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
++		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++		}
++	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
++	if (md_out_size)
++		*md_out_size = md_out_size_u;
++	EVP_MD_CTX_cleanup(&md_ctx);
++	}
++
++#ifdef OPENSSL_FIPS
++
++/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
++ * we can ensure the number of blocks processed is equal for all cases
++ * by digesting additional data.
++ */
++
++void tls_fips_digest_extra(
++	const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++	const unsigned char *data, size_t data_len, size_t orig_len)
++	{
++	size_t block_size, digest_pad, blocks_data, blocks_orig;
++	if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
++		return;
++	block_size = EVP_MD_block_size(hash);
++	/* We are in FIPS mode if we get this far so we know we have only SHA*
++	 * digests and TLS to deal with.
++	 * Minimum digest padding length is 17 for SHA384/SHA512 and 9
++	 * otherwise.
++	 * Additional header is 13 bytes. To get the number of digest blocks
++	 * processed round up the amount of data plus padding to the nearest
++	 * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
++	 * So we have:
++	 * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
++	 * equivalently:
++	 * blocks = (payload_len + digest_pad + 12)/block_size + 1
++	 * HMAC adds a constant overhead.
++	 * We're ultimately only interested in differences so this becomes
++	 * blocks = (payload_len + 29)/128
++	 * for SHA384/SHA512 and
++	 * blocks = (payload_len + 21)/64
++	 * otherwise.
++	 */
++	digest_pad = block_size == 64 ? 21 : 29;
++	blocks_orig = (orig_len + digest_pad)/block_size;
++	blocks_data = (data_len + digest_pad)/block_size;
++	/* MAC enough blocks to make up the difference between the original
++	 * and actual lengths plus one extra block to ensure this is never a
++	 * no op. The "data" pointer should always have enough space to
++	 * perform this operation as it is large enough for a maximum
++	 * length TLS buffer. 
++	 */
++	HMAC_Update(hctx, data,
++				(blocks_orig - blocks_data + 1) * block_size);
++	}
++#endif
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 248771)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
+ 			ret=ssl3_get_server_hello(s);
+ 			if (ret <= 0) goto end;
+ 			if (s->hit)
++				{
+ 				s->state=SSL3_ST_CR_FINISHED_A;
++#ifndef OPENSSL_NO_TLSEXT
++				if (s->tlsext_ticket_expected)
++					{
++					/* receive renewed session ticket */
++					s->state=SSL3_ST_CR_SESSION_TICKET_A;
++					}
++#endif
++				}
+ 			else
+ 				s->state=SSL3_ST_CR_CERT_A;
+ 			s->init_num=0;
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c	(revision 248771)
++++ crypto/openssl/ssl/s3_enc.c	(working copy)
+@@ -433,12 +433,21 @@ void ssl3_cleanup_key_block(SSL *s)
+ 	s->s3->tmp.key_block_length=0;
+ 	}
+ 
++/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding is invalid or, if sending, an internal error
++ *       occured.
++ */
+ int ssl3_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i;
++	int bs,i,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+@@ -489,32 +498,17 @@ int ssl3_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				{
+-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ 				return 0;
+-				}
+ 			/* otherwise, rec->length >= bs */
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+ 
++		if (s->read_hash != NULL)
++			mac_size = EVP_MD_size(s->read_hash);
++
+ 		if ((bs != 1) && !send)
+-			{
+-			i=rec->data[l-1]+1;
+-			/* SSL 3.0 bounds the number of padding bytes by the block size;
+-			 * padding bytes (except the last one) are arbitrary */
+-			if (i > bs)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+-				return -1;
+-				}
+-			/* now i <= bs <= rec->length */
+-			rec->length-=i;
+-			}
++			return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ 		}
+ 	return(1);
+ 	}
+@@ -591,7 +585,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ 	EVP_MD_CTX md_ctx;
+ 	const EVP_MD *hash;
+ 	unsigned char *p,rec_char;
+-	unsigned int md_size;
++	size_t md_size, orig_len;
+ 	int npad;
+ 
+ 	if (send)
+@@ -612,29 +606,73 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ 	md_size=EVP_MD_size(hash);
+ 	npad=(48/md_size)*md_size;
+ 
+-	/* Chop the digest off the end :-) */
+-	EVP_MD_CTX_init(&md_ctx);
++	/* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
++	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++	rec->type &= 0xff;
+ 
+-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+-	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+-	EVP_DigestUpdate(&md_ctx,seq,8);
+-	rec_char=rec->type;
+-	EVP_DigestUpdate(&md_ctx,&rec_char,1);
+-	p=md;
+-	s2n(rec->length,p);
+-	EVP_DigestUpdate(&md_ctx,md,2);
+-	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+-	EVP_DigestFinal_ex( &md_ctx,md,NULL);
++	if (!send &&
++	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++	    ssl3_cbc_record_digest_supported(hash))
++		{
++		/* This is a CBC-encrypted record. We must avoid leaking any
++		 * timing-side channel information about how many blocks of
++		 * data we are hashing because that gives an attacker a
++		 * timing-oracle. */
+ 
+-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+-	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+-	EVP_DigestUpdate(&md_ctx,md,md_size);
+-	EVP_DigestFinal_ex( &md_ctx,md,&md_size);
++		/* npad is, at most, 48 bytes and that's with MD5:
++		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
++		 *
++		 * With SHA-1 (the largest hash speced for SSLv3) the hash size
++		 * goes up 4, but npad goes down by 8, resulting in a smaller
++		 * total size. */
++		unsigned char header[75];
++		unsigned j = 0;
++		memcpy(header+j, mac_sec, md_size);
++		j += md_size;
++		memcpy(header+j, ssl3_pad_1, npad);
++		j += npad;
++		memcpy(header+j, seq, 8);
++		j += 8;
++		header[j++] = rec->type;
++		header[j++] = rec->length >> 8;
++		header[j++] = rec->length & 0xff;
+ 
+-	EVP_MD_CTX_cleanup(&md_ctx);
++		ssl3_cbc_digest_record(
++			hash,
++			md, &md_size,
++			header, rec->input,
++			rec->length + md_size, orig_len,
++			mac_sec, md_size,
++			1 /* is SSLv3 */);
++		}
++	else
++		{
++		unsigned int md_size_u;
++		/* Chop the digest off the end :-) */
++		EVP_MD_CTX_init(&md_ctx);
+ 
++		EVP_DigestInit_ex( &md_ctx,hash, NULL);
++		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++		EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
++		EVP_DigestUpdate(&md_ctx,seq,8);
++		rec_char=rec->type;
++		EVP_DigestUpdate(&md_ctx,&rec_char,1);
++		p=md;
++		s2n(rec->length,p);
++		EVP_DigestUpdate(&md_ctx,md,2);
++		EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
++		EVP_DigestFinal_ex( &md_ctx,md,NULL);
++
++		EVP_DigestInit_ex( &md_ctx,hash, NULL);
++		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++		EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
++		EVP_DigestUpdate(&md_ctx,md,md_size);
++		EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
++		md_size = md_size_u;
++
++		EVP_MD_CTX_cleanup(&md_ctx);
++	}
++
+ 	ssl3_record_sequence_update(seq);
+ 	return(md_size);
+ 	}
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s3_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/s3_pkt.c	(working copy)
+@@ -246,11 +246,8 @@ static int ssl3_get_record(SSL *s)
+ 	unsigned char *p;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+ 	short version;
+-	unsigned int mac_size;
+-	int clear=0;
++	unsigned mac_size, orig_len;
+ 	size_t extra;
+-	int decryption_failed_or_bad_record_mac = 0;
+-	unsigned char *mac = NULL;
+ 
+ 	rr= &(s->s3->rrec);
+ 	sess=s->session;
+@@ -354,19 +351,18 @@ again:
+ 
+ 	/* decrypt in place in 'rr->input' */
+ 	rr->data=rr->input;
++	orig_len=rr->length;
+ 
+ 	enc_err = s->method->ssl3_enc->enc(s,0);
+-	if (enc_err <= 0)
++	/* enc_err is:
++	 *    0: (in non-constant time) if the record is publically invalid.
++	 *    1: if the padding is valid
++	 *    -1: if the padding is invalid */
++	if (enc_err == 0)
+ 		{
+-		if (enc_err == 0)
+-			/* SSLerr() and ssl3_send_alert() have been called */
+-			goto err;
+-
+-		/* Otherwise enc_err == -1, which indicates bad padding
+-		 * (rec->length has not been changed in this case).
+-		 * To minimize information leaked via timing, we will perform
+-		 * the MAC computation anyway. */
+-		decryption_failed_or_bad_record_mac = 1;
++		al=SSL_AD_DECRYPTION_FAILED;
++		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++		goto f_err;
+ 		}
+ 
+ #ifdef TLS_DEBUG
+@@ -376,51 +372,59 @@ printf("\n");
+ #endif
+ 
+ 	/* r->length is now the compressed data plus mac */
+-	if (	(sess == NULL) ||
+-		(s->enc_read_ctx == NULL) ||
+-		(s->read_hash == NULL))
+-		clear=1;
+-
+-	if (!clear)
++	if ((sess != NULL) &&
++	    (s->enc_read_ctx != NULL) &&
++	    (s->read_hash != NULL))
+ 		{
++		/* s->read_hash != NULL => mac_size != -1 */
++		unsigned char *mac = NULL;
++		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ 		mac_size=EVP_MD_size(s->read_hash);
++		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ 
+-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++		/* orig_len is the length of the record before any padding was
++		 * removed. This is public information, as is the MAC in use,
++		 * therefore we can safely process the record in a different
++		 * amount of time if it's too short to possibly contain a MAC.
++		 */
++		if (orig_len < mac_size ||
++		    /* CBC records must have a padding length byte too. */
++		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++		     orig_len < mac_size+1))
+ 			{
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+-			al=SSL_AD_RECORD_OVERFLOW;
+-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++			al=SSL_AD_DECODE_ERROR;
++			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ 			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-#endif			
+ 			}
+-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+-		if (rr->length >= mac_size)
++
++		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ 			{
++			/* We update the length so that the TLS header bytes
++			 * can be constructed correctly but we need to extract
++			 * the MAC in constant time from within the record,
++			 * without leaking the contents of the padding bytes.
++			 * */
++			mac = mac_tmp;
++			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ 			rr->length -= mac_size;
+-			mac = &rr->data[rr->length];
+ 			}
+ 		else
+ 			{
+-			/* record (minus padding) is too short to contain a MAC */
+-#if 0 /* OK only for stream ciphers */
+-			al=SSL_AD_DECODE_ERROR;
+-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+-			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-			rr->length = 0;
+-#endif
++			/* In this case there's no padding, so |orig_len|
++			 * equals |rec->length| and we checked that there's
++			 * enough bytes for |mac_size| above. */
++			rr->length -= mac_size;
++			mac = &rr->data[rr->length];
+ 			}
+-		i=s->method->ssl3_enc->mac(s,md,0);
+-		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+-			{
+-			decryption_failed_or_bad_record_mac = 1;
+-			}
++
++		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++			enc_err = -1;
++		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++			enc_err = -1;
+ 		}
+ 
+-	if (decryption_failed_or_bad_record_mac)
++	if (enc_err < 0)
+ 		{
+ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 248771)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -1005,7 +1005,7 @@ int ssl3_get_client_hello(SSL *s)
+ 			goto f_err;
+ 			}
+ 		}
+-		if (ssl_check_clienthello_tlsext(s) <= 0) {
++		if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ 			goto err;
+ 		}
+@@ -1131,6 +1131,16 @@ int ssl3_get_client_hello(SSL *s)
+ 	 * s->tmp.new_cipher	- the new cipher to use.
+ 	 */
+ 
++	/* Handles TLS extensions that we couldn't check earlier */
++	if (s->version >= SSL3_VERSION)
++		{
++		if (ssl_check_clienthello_tlsext_late(s) <= 0)
++			{
++			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
++			goto err;
++			}
++		}
++
+ 	if (ret < 0) ret=1;
+ 	if (0)
+ 		{
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 248771)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -1820,6 +1820,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_GET_NEW_SESSION			 181
+ #define SSL_F_SSL_GET_PREV_SESSION			 217
+ #define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
++#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 317
+ #define SSL_F_SSL_GET_SIGN_PKEY				 183
+ #define SSL_F_SSL_INIT_WBIO_BUFFER			 184
+ #define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 248771)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -218,6 +218,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),	"SSL_GET_NEW_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),	"SSL_GET_PREV_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),	"SSL_GET_SERVER_SEND_CERT"},
++{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),	"SSL_GET_SERVER_SEND_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),	"SSL_GET_SIGN_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),	"SSL_INIT_WBIO_BUFFER"},
+ {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+--- crypto/openssl/ssl/ssl_lib.c	(revision 248771)
++++ crypto/openssl/ssl/ssl_lib.c	(working copy)
+@@ -1943,7 +1943,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ 	}
+ 
+ /* THIS NEEDS CLEANING UP */
+-X509 *ssl_get_server_send_cert(SSL *s)
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+ 	{
+ 	unsigned long alg,kalg;
+ 	CERT *c;
+@@ -1993,14 +1993,22 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ 		}
+ 	else /* if (kalg & SSL_aNULL) */
+ 		{
+-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
++		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
+ 		return(NULL);
+ 		}
+-	if (c->pkeys[i].x509 == NULL) return(NULL);
+ 
+-	return(c->pkeys[i].x509);
++	return c->pkeys + i;
+ 	}
+ 
++X509 *ssl_get_server_send_cert(const SSL *s)
++	{
++	CERT_PKEY *cpk;
++	cpk = ssl_get_server_send_pkey(s);
++	if (!cpk)
++		return NULL;
++	return cpk->x509;
++	}
++
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+ 	{
+ 	unsigned long alg;
+@@ -2420,7 +2428,9 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ 	{
+-	if (s->cert != NULL)
++	if (s->server)
++		return(ssl_get_server_send_cert(s));
++	else if (s->cert != NULL)
+ 		return(s->cert->key->x509);
+ 	else
+ 		return(NULL);
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h	(revision 248771)
++++ crypto/openssl/ssl/ssl_locl.h	(working copy)
+@@ -189,6 +189,15 @@
+ 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ 			 *((c)++)=(unsigned char)(((l)    )&0xff))
+ 
++#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
++			 *((c)++)=(unsigned char)(((l)    )&0xff))
++
+ #define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
+ 			 l|=((BN_ULLONG)(*((c)++)))<<32, \
+ 			 l|=((BN_ULLONG)(*((c)++)))<<24, \
+@@ -740,7 +749,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *s
+ int ssl_undefined_function(SSL *s);
+ int ssl_undefined_void_function(void);
+ int ssl_undefined_const_function(const SSL *s);
+-X509 *ssl_get_server_send_cert(SSL *);
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
++X509 *ssl_get_server_send_cert(const SSL *);
+ EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+@@ -979,7 +989,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_prepare_clienthello_tlsext(SSL *s);
+ int ssl_prepare_serverhello_tlsext(SSL *s);
+-int ssl_check_clienthello_tlsext(SSL *s);
++int ssl_check_clienthello_tlsext_early(SSL *s);
++int ssl_check_clienthello_tlsext_late(SSL *s);
+ int ssl_check_serverhello_tlsext(SSL *s);
+ 
+ #ifdef OPENSSL_NO_SHA256
+@@ -1001,5 +1012,33 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, un
+ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ 					  int *al);
+ #endif
++/* s3_cbc.c */
++void ssl3_cbc_copy_mac(unsigned char* out,
++		       const SSL3_RECORD *rec,
++		       unsigned md_size,unsigned orig_len);
++int ssl3_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size);
++int tls1_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size);
++char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
++void ssl3_cbc_digest_record(
++	const EVP_MD *hash,
++	unsigned char* md_out,
++	size_t* md_out_size,
++	const unsigned char header[13],
++	const unsigned char *data,
++	size_t data_plus_mac_size,
++	size_t data_plus_mac_plus_padding_size,
++	const unsigned char *mac_secret,
++	unsigned mac_secret_length,
++	char is_sslv3);
+ 
++void tls_fips_digest_extra(
++	const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++	const unsigned char *data, size_t data_len, size_t orig_len);
++
+ #endif
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c	(revision 248771)
++++ crypto/openssl/ssl/t1_enc.c	(working copy)
+@@ -264,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which)
+ 	{
+         int ki;
+         for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+-		printf("%02x", key_block[ki]);  printf("\n");
++		printf("%02x", s->s3->tmp.key_block[ki]);  printf("\n");
+         }
+ #endif	/* KSSL_DEBUG */
+ 
+@@ -528,12 +528,21 @@ err:
+ 	return(0);
+ 	}
+ 
++/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ *       an internal error occured.
++ */
+ int tls1_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i,ii,j,k;
++	int bs,i,j,k,pad=0,ret,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+@@ -559,11 +568,11 @@ int tls1_enc(SSL *s, int send)
+ 	printf("tls1_enc(%d)\n", send);
+ #endif    /* KSSL_DEBUG */
+ 
+-	if ((s->session == NULL) || (ds == NULL) ||
+-		(enc == NULL))
++	if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
+ 		{
+ 		memmove(rec->data,rec->input,rec->length);
+ 		rec->input=rec->data;
++		ret = 1;
+ 		}
+ 	else
+ 		{
+@@ -591,14 +600,13 @@ int tls1_enc(SSL *s, int send)
+ 
+ #ifdef KSSL_DEBUG
+ 		{
+-                unsigned long ui;
++		unsigned long ui;
+ 		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+-                        (void *)ds,rec->data,rec->input,l);
+-		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+-                        ds->buf_len, ds->cipher->key_len,
+-                        (unsigned long)DES_KEY_SZ,
+-			(unsigned long)DES_SCHEDULE_SZ,
+-                        ds->cipher->iv_len);
++			ds,rec->data,rec->input,l);
++		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
++			ds->buf_len, ds->cipher->key_len,
++			DES_KEY_SZ, DES_SCHEDULE_SZ,
++			ds->cipher->iv_len);
+ 		printf("\t\tIV: ");
+ 		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+ 		printf("\n");
+@@ -611,11 +619,7 @@ int tls1_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				{
+-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ 				return 0;
+-				}
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -629,49 +633,15 @@ int tls1_enc(SSL *s, int send)
+                 }
+ #endif	/* KSSL_DEBUG */
+ 
++		ret = 1;
++		if (s->read_hash != NULL)
++			mac_size = EVP_MD_size(s->read_hash);
+ 		if ((bs != 1) && !send)
+-			{
+-			ii=i=rec->data[l-1]; /* padding_length */
+-			i++;
+-			/* NB: if compression is in operation the first packet
+-			 * may not be of even length so the padding bug check
+-			 * cannot be performed. This bug workaround has been
+-			 * around since SSLeay so hopefully it is either fixed
+-			 * now or no buggy implementation supports compression 
+-			 * [steve]
+-			 */
+-			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+-				&& !s->expand)
+-				{
+-				/* First packet is even in size, so check */
+-				if ((memcmp(s->s3->read_sequence,
+-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+-					i--;
+-				}
+-			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+-			 * All of them must have value 'padding_length'. */
+-			if (i > (int)rec->length)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+-				return -1;
+-				}
+-			for (j=(int)(l-i); j<(int)l; j++)
+-				{
+-				if (rec->data[j] != ii)
+-					{
+-					/* Incorrect padding */
+-					return -1;
+-					}
+-				}
+-			rec->length-=i;
+-			}
++			ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
++		if (pad && !send)
++			rec->length -= pad;
+ 		}
+-	return(1);
++	return ret;
+ 	}
+ 
+ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+@@ -719,10 +689,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 	SSL3_RECORD *rec;
+ 	unsigned char *mac_sec,*seq;
+ 	const EVP_MD *hash;
+-	unsigned int md_size;
++	size_t md_size, orig_len;
+ 	int i;
+ 	HMAC_CTX hmac;
+-	unsigned char buf[5]; 
++	unsigned char header[13];
+ 
+ 	if (send)
+ 		{
+@@ -741,20 +711,6 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 
+ 	md_size=EVP_MD_size(hash);
+ 
+-	buf[0]=rec->type;
+-	if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+-		{
+-		buf[1]=TLS1_VERSION_MAJOR;
+-		buf[2]=TLS1_VERSION_MINOR;
+-		}
+-	else	{
+-		buf[1]=(unsigned char)(ssl->version>>8);
+-		buf[2]=(unsigned char)(ssl->version);
+-		}
+-
+-	buf[3]=rec->length>>8;
+-	buf[4]=rec->length&0xff;
+-
+ 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ 	HMAC_CTX_init(&hmac);
+ 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+@@ -766,16 +722,57 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ 		memcpy (p,&seq[2],6);
+ 
+-		HMAC_Update(&hmac,dtlsseq,8);
++		memcpy(header, dtlsseq, 8);
+ 		}
+ 	else
+-		HMAC_Update(&hmac,seq,8);
++		memcpy(header, seq, 8);
+ 
+-	HMAC_Update(&hmac,buf,5);
+-	HMAC_Update(&hmac,rec->input,rec->length);
+-	HMAC_Final(&hmac,md,&md_size);
++	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
++	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++	rec->type &= 0xff;
++
++	header[8]=rec->type;
++	header[9]=(unsigned char)(ssl->version>>8);
++	header[10]=(unsigned char)(ssl->version);
++	header[11]=(rec->length)>>8;
++	header[12]=(rec->length)&0xff;
++
++	if (!send &&
++	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++	    ssl3_cbc_record_digest_supported(hash))
++		{
++		/* This is a CBC-encrypted record. We must avoid leaking any
++		 * timing-side channel information about how many blocks of
++		 * data we are hashing because that gives an attacker a
++		 * timing-oracle. */
++		ssl3_cbc_digest_record(
++		        hash,
++			md, &md_size,
++			header, rec->input,
++			rec->length + md_size, orig_len,
++			ssl->s3->read_mac_secret,
++			EVP_MD_size(ssl->read_hash),
++			0 /* not SSLv3 */);
++		}
++	else
++		{
++		unsigned mds;
++
++		HMAC_Update(&hmac,header,sizeof(header));
++		HMAC_Update(&hmac,rec->input,rec->length);
++		HMAC_Final(&hmac,md,&mds);
++		md_size = mds;
++#ifdef OPENSSL_FIPS
++		if (!send && FIPS_mode())
++			tls_fips_digest_extra(
++	    				ssl->enc_read_ctx,
++					hash,
++					&hmac, rec->input,
++					rec->length, orig_len);
++#endif
++		}
++		
+ 	HMAC_CTX_cleanup(&hmac);
+-
+ #ifdef TLS_DEBUG
+ printf("sec=");
+ {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c	(revision 248771)
++++ crypto/openssl/ssl/t1_lib.c	(working copy)
+@@ -745,7 +745,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 	return 1;
+ 	}
+ 
+-int ssl_check_clienthello_tlsext(SSL *s)
++int ssl_check_clienthello_tlsext_early(SSL *s)
+ 	{
+ 	int ret=SSL_TLSEXT_ERR_NOACK;
+ 	int al = SSL_AD_UNRECOGNIZED_NAME;
+@@ -755,13 +755,49 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
+ 		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+ 
++	switch (ret)
++		{
++		case SSL_TLSEXT_ERR_ALERT_FATAL:
++			ssl3_send_alert(s, SSL3_AL_FATAL, al); 
++			return -1;
++
++		case SSL_TLSEXT_ERR_ALERT_WARNING:
++			ssl3_send_alert(s, SSL3_AL_WARNING, al);
++			return 1; 
++					
++		case SSL_TLSEXT_ERR_NOACK:
++			s->servername_done = 0;
++
++		default:
++			return 1;
++		}
++	}
++
++int ssl_check_clienthello_tlsext_late(SSL *s)
++	{
++	int ret = SSL_TLSEXT_ERR_OK;
++	int al;
++
+ 	/* If status request then ask callback what to do.
+  	 * Note: this must be called after servername callbacks in case 
+- 	 * the certificate has changed.
++ 	 * the certificate has changed, and must be called after the cipher
++	 * has been chosen because this may influence which certificate is sent
+  	 */
+-	if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
++	if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
+ 		{
+ 		int r;
++		CERT_PKEY *certpkey;
++		certpkey = ssl_get_server_send_pkey(s);
++		/* If no certificate can't return certificate status */
++		if (certpkey == NULL)
++			{
++			s->tlsext_status_expected = 0;
++			return 1;
++			}
++		/* Set current certificate to one we will use so
++		 * SSL_get_certificate et al can pick it up.
++		 */
++		s->cert->key = certpkey;
+ 		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ 		switch (r)
+ 			{
+@@ -785,7 +821,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 		}
+ 	else
+ 		s->tlsext_status_expected = 0;
+-	err:
++
++ err:
+ 	switch (ret)
+ 		{
+ 		case SSL_TLSEXT_ERR_ALERT_FATAL:
+@@ -795,11 +832,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 		case SSL_TLSEXT_ERR_ALERT_WARNING:
+ 			ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ 			return 1; 
+-					
+-		case SSL_TLSEXT_ERR_NOACK:
+-			s->servername_done=0;
+-			default:
+-		return 1;
++
++		default:
++			return 1;
+ 		}
+ 	}
+ 
+@@ -977,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsign
+ 	HMAC_Update(&hctx, etick, eticklen);
+ 	HMAC_Final(&hctx, tick_hmac, NULL);
+ 	HMAC_CTX_cleanup(&hctx);
+-	if (memcmp(tick_hmac, etick + eticklen, mlen))
++	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ 		goto tickerr;
+ 	/* Attempt to decrypt session data */
+ 	/* Move p after IV to start of encrypted ticket, update length */
+Index: crypto/openssl/util/libeay.num
+===================================================================
+--- crypto/openssl/util/libeay.num	(revision 248771)
++++ crypto/openssl/util/libeay.num	(working copy)
+@@ -3510,6 +3510,7 @@ BIO_get_callback_arg                    3902	EXIST
+ BIO_set_callback                        3903	EXIST::FUNCTION:
+ d2i_ASIdOrRange                         3904	EXIST::FUNCTION:RFC3779
+ i2d_ASIdentifiers                       3905	EXIST::FUNCTION:RFC3779
++CRYPTO_memcmp                           3906	EXIST::FUNCTION:
+ SEED_decrypt                            3908	EXIST::FUNCTION:SEED
+ SEED_encrypt                            3909	EXIST::FUNCTION:SEED
+ SEED_cbc_encrypt                        3910	EXIST::FUNCTION:SEED
+Index: secure/lib/libcrypto/Makefile.inc
+===================================================================
+--- secure/lib/libcrypto/Makefile.inc	(revision 248771)
++++ secure/lib/libcrypto/Makefile.inc	(working copy)
+@@ -3,8 +3,8 @@
+ .include <bsd.own.mk>
+ 
+ # OpenSSL version used for manual page generation
+-OPENSSL_VER=	0.9.8x
+-OPENSSL_DATE=	2012-05-10
++OPENSSL_VER=	0.9.8y
++OPENSSL_DATE=	2013-02-05
+ 
+ LCRYPTO_SRC=	${.CURDIR}/../../../crypto/openssl
+ LCRYPTO_DOC=	${.CURDIR}/../../../crypto/openssl/doc
+Index: secure/lib/libssl/Makefile
+===================================================================
+--- secure/lib/libssl/Makefile	(revision 248771)
++++ secure/lib/libssl/Makefile	(working copy)
+@@ -14,7 +14,8 @@ SRCS=	bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_l
+ 	d1_both.c d1_enc.c \
+ 	s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+ 	s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
+-	s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
++	s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \
++	s3_pkt.c \
+ 	s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+ 	ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+ 	ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c

Property changes on: projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch.asc
===================================================================
--- projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch.asc	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch.asc	(revision 41354)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmEACgkQFdaIBMps37K6AQCeKkxtcMShX1BrRZYpH1VX7pXP
+mK0An1Ia/64Y8AWRUrz2UrxRHzU0qZut
+=sjGM
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/patches/SA-13:03/openssl-9.1.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:03/openssl.patch
===================================================================
--- projects/entities/share/security/patches/SA-13:03/openssl.patch	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:03/openssl.patch	(revision 41354)
@@ -0,0 +1,5576 @@
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES	(revision 248771)
++++ crypto/openssl/CHANGES	(working copy)
+@@ -2,6 +2,171 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
++
++  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++     This addresses the flaw in CBC record processing discovered by 
++     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++     at: http://www.isg.rhul.ac.uk/tls/     
++
++     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++     Security Group at Royal Holloway, University of London
++     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++     Emilia Käsper for the initial patch.
++     (CVE-2013-0169)
++     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++  *) Return an error when checking OCSP signatures when key is NULL.
++     This fixes a DoS attack. (CVE-2013-0166)
++     [Steve Henson]
++
++  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++     the right response is stapled. Also change SSL_get_certificate()
++     so it returns the certificate actually sent.
++     See http://rt.openssl.org/Ticket/Display.html?id=2836.
++     (This is a backport)
++     [Rob Stradling <rob.stradling@comodo.com>]
++
++  *) Fix possible deadlock when decoding public keys.
++     [Steve Henson]
++
++ Changes between 0.9.8w and 0.9.8x [10 May 2012]
++
++  *) Sanity check record length before skipping explicit IV in DTLS
++     to fix DoS attack.
++
++     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
++     fuzzing as a service testing platform.
++     (CVE-2012-2333)
++     [Steve Henson]
++
++  *) Initialise tkeylen properly when encrypting CMS messages.
++     Thanks to Solar Designer of Openwall for reporting this issue.
++     [Steve Henson]
++
++ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
++
++  *) The fix for CVE-2012-2110 did not take into account that the 
++     'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
++     int in OpenSSL 0.9.8, making it still vulnerable. Fix by 
++     rejecting negative len parameter. (CVE-2012-2131)
++     [Tomas Hoger <thoger@redhat.com>]
++
++ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
++
++  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
++     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
++     in CRYPTO_realloc_clean.
++
++     Thanks to Tavis Ormandy, Google Security Team, for discovering this
++     issue and to Adam Langley <agl@chromium.org> for fixing it.
++     (CVE-2012-2110)
++     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
++
++ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
++
++  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
++     in CMS and PKCS7 code. When RSA decryption fails use a random key for
++     content decryption and always return the same error. Note: this attack
++     needs on average 2^20 messages so it only affects automated senders. The
++     old behaviour can be reenabled in the CMS code by setting the
++     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
++     an MMA defence is not necessary.
++     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
++     this issue. (CVE-2012-0884)
++     [Steve Henson]
++
++  *) Fix CVE-2011-4619: make sure we really are receiving a 
++     client hello before rejecting multiple SGC restarts. Thanks to
++     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
++     [Steve Henson]
++
++ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
++
++  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
++     Thanks to Antonio Martin, Enterprise Secure Access Research and
++     Development, Cisco Systems, Inc. for discovering this bug and
++     preparing a fix. (CVE-2012-0050)
++     [Antonio Martin]
++
++ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
++
++  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
++     of the Vaudenay padding oracle attack on CBC mode encryption
++     which enables an efficient plaintext recovery attack against
++     the OpenSSL implementation of DTLS. Their attack exploits timing
++     differences arising during decryption processing. A research
++     paper describing this attack can be found at:
++                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
++     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++     Security Group at Royal Holloway, University of London
++     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
++     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
++     for preparing the fix. (CVE-2011-4108)
++     [Robin Seggelmann, Michael Tuexen]
++
++  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
++     [Ben Laurie, Kasper <ekasper@google.com>]
++
++  *) Clear bytes used for block padding of SSL 3.0 records.
++     (CVE-2011-4576)
++     [Adam Langley (Google)]
++
++  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
++     Kadianakis <desnacked@gmail.com> for discovering this issue and
++     Adam Langley for preparing the fix. (CVE-2011-4619)
++     [Adam Langley (Google)]
++ 
++  *) Prevent malformed RFC3779 data triggering an assertion failure.
++     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
++     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
++     [Rob Austein <sra@hactrn.net>]
++
++  *) Fix ssl_ciph.c set-up race.
++     [Adam Langley (Google)]
++
++  *) Fix spurious failures in ecdsatest.c.
++     [Emilia Käsper (Google)]
++
++  *) Fix the BIO_f_buffer() implementation (which was mixing different
++     interpretations of the '..._len' fields).
++     [Adam Langley (Google)]
++
++  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
++     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
++     threads won't reuse the same blinding coefficients.
++
++     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
++     lock to call BN_BLINDING_invert_ex, and avoids one use of
++     BN_BLINDING_update for each BN_BLINDING structure (previously,
++     the last update always remained unused).
++     [Emilia Käsper (Google)]
++
++  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
++     for multi-threaded use of ECDH.
++     [Adam Langley (Google)]
++
++  *) Fix x509_name_ex_d2i memory leak on bad inputs.
++     [Bodo Moeller]
++
++  *) Add protection against ECDSA timing attacks as mentioned in the paper
++     by Billy Bob Brumley and Nicola Tuveri, see:
++
++	http://eprint.iacr.org/2011/232.pdf
++
++     [Billy Bob Brumley and Nicola Tuveri]
++
++ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
++
++  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
++     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
++
++  *) Fix bug in string printing code: if *any* escaping is enabled we must
++     escape the escape character (backslash) or the resulting string is
++     ambiguous.
++     [Steve Henson]
++
+  Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+ 
+   *) Disable code workaround for ancient and obsolete Netscape browsers
+Index: crypto/openssl/Configure
+===================================================================
+--- crypto/openssl/Configure	(revision 248771)
++++ crypto/openssl/Configure	(working copy)
+@@ -162,6 +162,7 @@ my %table=(
+ "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+ "debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
++"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-ben-debug-noopt",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+ "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+@@ -172,10 +173,10 @@ my %table=(
+ "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+ "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+ "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+@@ -371,6 +372,9 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ 
++# Android: Linux but without -DTERMIO and pointers to headers and libs.
++"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ #### *BSD [do see comment about ${BSDthreads} above!]
+ "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -425,8 +429,8 @@ my %table=(
+ "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+ # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+ # at build time. $OBJECT_MODE is respected at ./config stage!
+-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
++"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
++"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+ 
+ #
+ # Cray T90 and similar (SDSC)
+Index: crypto/openssl/FAQ
+===================================================================
+--- crypto/openssl/FAQ	(revision 248771)
++++ crypto/openssl/FAQ	(working copy)
+@@ -10,6 +10,7 @@ OpenSSL  -  Frequently Asked Questions
+ * Why aren't tools like 'autoconf' and 'libtool' used?
+ * What is an 'engine' version?
+ * How do I check the authenticity of the OpenSSL distribution?
++* How does the versioning scheme work?
+ 
+ [LEGAL] Legal questions
+ 
+@@ -82,7 +83,7 @@ OpenSSL  -  Frequently Asked Questions
+ * Which is the current version of OpenSSL?
+ 
+ The current version is available from <URL: http://www.openssl.org>.
+-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
++OpenSSL 1.0.1d was released on Feb 5th, 2013.
+ 
+ In addition to the current stable release, you can also access daily
+ snapshots of the OpenSSL development version at <URL:
+@@ -108,7 +109,9 @@ In addition, you can read the most current version
+ <URL: http://www.openssl.org/docs/>. Note that the online documents refer
+ to the very latest development versions of OpenSSL and may include features
+ not present in released versions. If in doubt refer to the documentation
+-that came with the version of OpenSSL you are using.
++that came with the version of OpenSSL you are using. The pod format
++documentation is included in each OpenSSL distribution under the docs
++directory.
+ 
+ For information on parts of libcrypto that are not yet documented, you
+ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+@@ -173,6 +176,19 @@ just do:
+ 
+    pgp TARBALL.asc
+ 
++* How does the versioning scheme work?
++
++After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter 
++releases (e.g. 1.0.1a) can only contain bug and security fixes and no
++new features. Minor releases change the last number (e.g. 1.0.2) and 
++can contain new features that retain binary compatibility. Changes to
++the middle number are considered major releases and neither source nor
++binary compatibility is guaranteed.
++
++Therefore the answer to the common question "when will feature X be
++backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
++in the next minor release.
++
+ [LEGAL] =======================================================================
+ 
+ * Do I need patent licenses to use OpenSSL?
+@@ -284,7 +300,7 @@ current directory in this case, but this has chang
+ Check out the CA.pl(1) manual page. This provides a simple wrapper round
+ the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+ out the manual pages for the individual utilities and the certificate
+-extensions documentation (currently in doc/openssl.txt).
++extensions documentation (in ca(1), req(1), x509v3_config(5) )
+ 
+ 
+ * Why can't I create certificate requests?
+Index: crypto/openssl/LICENSE
+===================================================================
+--- crypto/openssl/LICENSE	(revision 248771)
++++ crypto/openssl/LICENSE	(working copy)
+@@ -12,7 +12,7 @@
+   ---------------
+ 
+ /* ====================================================================
+- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+Index: crypto/openssl/Makefile
+===================================================================
+--- crypto/openssl/Makefile	(revision 248771)
++++ crypto/openssl/Makefile	(working copy)
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+ 
+-VERSION=0.9.8q
++VERSION=0.9.8y
+ MAJOR=0
+ MINOR=9.8
+ SHLIB_VERSION_NUMBER=0.9.8
+Index: crypto/openssl/NEWS
+===================================================================
+--- crypto/openssl/NEWS	(revision 248771)
++++ crypto/openssl/NEWS	(working copy)
+@@ -5,6 +5,45 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
++
++      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++      o Fix OCSP bad key DoS attack CVE-2013-0166
++
++  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
++
++      o Fix DTLS record length checking bug CVE-2012-2333
++
++  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
++
++      o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
++
++  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
++
++      o Fix for ASN1 overflow bug CVE-2012-2110
++
++  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u:
++
++      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
++      o Corrected fix for CVE-2011-4619
++      o Various DTLS fixes.
++
++  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t:
++
++      o Fix for DTLS DoS issue CVE-2012-0050
++
++  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s:
++
++      o Fix for DTLS plaintext recovery attack CVE-2011-4108
++      o Fix policy check double free error CVE-2011-4109
++      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
++      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
++      o Check for malformed RFC3779 data CVE-2011-4577
++
++  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
++
++      o Fix for security issue CVE-2011-0014
++
+   Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+ 
+       o Fix for security issue CVE-2010-4180
+@@ -181,6 +220,11 @@
+       o Added initial support for Win64.
+       o Added alternate pkg-config files.
+ 
++  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
++
++      o FIPS 1.1.1 module linking.
++      o Various ciphersuite selection fixes.
++
+   Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+ 
+       o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+Index: crypto/openssl/README
+===================================================================
+--- crypto/openssl/README	(revision 248771)
++++ crypto/openssl/README	(working copy)
+@@ -1,7 +1,7 @@
+ 
+- OpenSSL 0.9.8q 2 Dec 2010
++ OpenSSL 0.9.8y 5 Feb 2013
+ 
+- Copyright (c) 1998-2009 The OpenSSL Project
++ Copyright (c) 1998-2011 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+  All rights reserved.
+ 
+Index: crypto/openssl/apps/apps.c
+===================================================================
+--- crypto/openssl/apps/apps.c	(revision 248771)
++++ crypto/openssl/apps/apps.c	(working copy)
+@@ -2052,7 +2052,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ 	X509_NAME *n = NULL;
+ 	int nid;
+ 
+-	if (!buf || !ne_types || !ne_values)
++	if (!buf || !ne_types || !ne_values || !mval)
+ 		{
+ 		BIO_printf(bio_err, "malloc error\n");
+ 		goto error;
+@@ -2156,6 +2156,7 @@ X509_NAME *parse_name(char *subject, long chtype,
+ 	OPENSSL_free(ne_values);
+ 	OPENSSL_free(ne_types);
+ 	OPENSSL_free(buf);
++	OPENSSL_free(mval);
+ 	return n;
+ 
+ error:
+@@ -2164,6 +2165,8 @@ error:
+ 		OPENSSL_free(ne_values);
+ 	if (ne_types)
+ 		OPENSSL_free(ne_types);
++	if (mval)
++		OPENSSL_free(mval);
+ 	if (buf)
+ 		OPENSSL_free(buf);
+ 	return NULL;
+Index: crypto/openssl/apps/asn1pars.c
+===================================================================
+--- crypto/openssl/apps/asn1pars.c	(revision 248771)
++++ crypto/openssl/apps/asn1pars.c	(working copy)
+@@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, cha
+ 
+ 	atyp = ASN1_generate_nconf(genstr, cnf);
+ 	NCONF_free(cnf);
++	cnf = NULL;
+ 
+ 	if (!atyp)
+ 		return -1;
+Index: crypto/openssl/apps/cms.c
+===================================================================
+--- crypto/openssl/apps/cms.c	(revision 248771)
++++ crypto/openssl/apps/cms.c	(working copy)
+@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)
+ 		else if (!strcmp(*args,"-camellia256"))
+ 				cipher = EVP_camellia_256_cbc();
+ #endif
++		else if (!strcmp (*args, "-debug_decrypt")) 
++				flags |= CMS_DEBUG_DECRYPT;
+ 		else if (!strcmp (*args, "-text")) 
+ 				flags |= CMS_TEXT;
+ 		else if (!strcmp (*args, "-nointern")) 
+@@ -611,7 +613,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-certsout file certificate output file\n");
+ 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
+ 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
+-		BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
++		BIO_printf (bio_err, "-keyid         use subject key identifier\n");
+ 		BIO_printf (bio_err, "-in file       input file\n");
+ 		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+ 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+@@ -1013,6 +1015,8 @@ int MAIN(int argc, char **argv)
+ 	ret = 4;
+ 	if (operation == SMIME_DECRYPT)
+ 		{
++		if (flags & CMS_DEBUG_DECRYPT)
++			CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+ 
+ 		if (secret_key)
+ 			{
+Index: crypto/openssl/apps/dhparam.c
+===================================================================
+--- crypto/openssl/apps/dhparam.c	(revision 248771)
++++ crypto/openssl/apps/dhparam.c	(working copy)
+@@ -332,7 +332,6 @@ bad:
+ 			BIO_printf(bio_err,"This is going to take a long time\n");
+ 			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+ 				{
+-				if(dh) DH_free(dh);
+ 				ERR_print_errors(bio_err);
+ 				goto end;
+ 				}
+Index: crypto/openssl/apps/openssl.cnf
+===================================================================
+--- crypto/openssl/apps/openssl.cnf	(revision 248771)
++++ crypto/openssl/apps/openssl.cnf	(working copy)
+@@ -142,7 +142,7 @@ localityName			= Locality Name (eg, city)
+ organizationalUnitName		= Organizational Unit Name (eg, section)
+ #organizationalUnitName_default	=
+ 
+-commonName			= Common Name (eg, YOUR name)
++commonName			= Common Name (e.g. server FQDN or YOUR name)
+ commonName_max			= 64
+ 
+ emailAddress			= Email Address
+Index: crypto/openssl/apps/pkcs12.c
+===================================================================
+--- crypto/openssl/apps/pkcs12.c	(revision 248771)
++++ crypto/openssl/apps/pkcs12.c	(working copy)
+@@ -659,7 +659,7 @@ int MAIN(int argc, char **argv)
+ 
+     if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+ 
+-    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
++    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+     if(macver) {
+ #ifdef CRYPTO_MDEBUG
+     CRYPTO_push_info("verify MAC");
+Index: crypto/openssl/apps/s_client.c
+===================================================================
+--- crypto/openssl/apps/s_client.c	(revision 248771)
++++ crypto/openssl/apps/s_client.c	(working copy)
+@@ -345,13 +345,7 @@ int MAIN(int argc, char **argv)
+ 	char *jpake_secret = NULL;
+ #endif
+ 
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ 	meth=SSLv23_client_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+-	meth=SSLv3_client_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+-	meth=SSLv2_client_method();
+-#endif
+ 
+ 	apps_startup();
+ 	c_Pause=0;
+Index: crypto/openssl/apps/s_server.c
+===================================================================
+--- crypto/openssl/apps/s_server.c	(revision 248771)
++++ crypto/openssl/apps/s_server.c	(working copy)
+@@ -781,13 +781,7 @@ int MAIN(int argc, char *argv[])
+         tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
+ #endif
+ 
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ 	meth=SSLv23_server_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+-	meth=SSLv3_server_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+-	meth=SSLv2_server_method();
+-#endif
+ 
+ 	local_argc=argc;
+ 	local_argv=argv;
+@@ -1556,6 +1550,12 @@ end:
+ 	if (dpass)
+ 		OPENSSL_free(dpass);
+ #ifndef OPENSSL_NO_TLSEXT
++	if (tlscstatp.host)
++		OPENSSL_free(tlscstatp.host);
++	if (tlscstatp.port)
++		OPENSSL_free(tlscstatp.port);
++	if (tlscstatp.path)
++		OPENSSL_free(tlscstatp.path);
+ 	if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ 	if (s_cert2)
+ 		X509_free(s_cert2);
+Index: crypto/openssl/apps/x509.c
+===================================================================
+--- crypto/openssl/apps/x509.c	(revision 248771)
++++ crypto/openssl/apps/x509.c	(working copy)
+@@ -969,7 +969,7 @@ bad:
+ 				else
+ 					{
+ 					pk=load_key(bio_err,
+-						keyfile, FORMAT_PEM, 0,
++						keyfile, keyformat, 0,
+ 						passin, e, "request key");
+ 					if (pk == NULL) goto end;
+ 					}
+Index: crypto/openssl/config
+===================================================================
+--- crypto/openssl/config	(revision 248771)
++++ crypto/openssl/config	(working copy)
+@@ -790,6 +790,10 @@ esac
+ #  options="$options -DATALLA"
+ #fi
+ 
++($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
++ grep \\--noexecstack) 2>&1 > /dev/null && \
++  options="$options -Wa,--noexecstack"
++
+ # gcc < 2.8 does not support -march=ultrasparc
+ if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+ then
+Index: crypto/openssl/crypto/asn1/a_object.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_object.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_object.c	(working copy)
+@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen,
+ 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+ 				goto err;
+ 				}
+-			if (!use_bn && l > (ULONG_MAX / 10L))
++			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
+ 				{
+ 				use_bn = 1;
+ 				if (!bl)
+@@ -294,7 +294,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, cons
+ 	/* Sanity check OID encoding: can't have leading 0x80 in
+ 	 * subidentifiers, see: X.690 8.19.2
+ 	 */
+-	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
++	for (i = 0, p = *pp; i < len; i++, p++)
+ 		{
+ 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+ 			{
+Index: crypto/openssl/crypto/asn1/a_strex.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strex.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_strex.c	(working copy)
+@@ -74,7 +74,12 @@
+ 
+ #define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+ 
++#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
++		  ASN1_STRFLGS_ESC_QUOTE | \
++		  ASN1_STRFLGS_ESC_CTRL | \
++		  ASN1_STRFLGS_ESC_MSB)
+ 
++
+ /* Three IO functions for sending data to memory, a BIO and
+  * and a FILE pointer.
+  */
+@@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned c
+ 		if(!io_ch(arg, tmphex, 3)) return -1;
+ 		return 3;
+ 	}
++	/* If we get this far and do any escaping at all must escape 
++	 * the escape character itself: backslash.
++	 */
++	if (chtmp == '\\' && flags & ESC_FLAGS) {
++		if(!io_ch(arg, "\\\\", 2)) return -1;
++		return 2;
++	}
+ 	if(!io_ch(arg, &chtmp, 1)) return -1;
+ 	return 1;
+ }
+@@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
+ 	4, -1, 2		/* 28-30 */
+ };
+ 
+-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+-		  ASN1_STRFLGS_ESC_QUOTE | \
+-		  ASN1_STRFLGS_ESC_CTRL | \
+-		  ASN1_STRFLGS_ESC_MSB)
+-
+ /* This is the main function, print out an
+  * ASN1_STRING taking note of various escape
+  * and display options. Returns number of
+@@ -560,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_
+ 	if(mbflag == -1) return -1;
+ 	mbflag |= MBSTRING_FLAG;
+ 	stmp.data = NULL;
++	stmp.length = 0;
+ 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ 	if(ret < 0) return ret;
+ 	*out = stmp.data;
+Index: crypto/openssl/crypto/asn1/a_strnid.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_strnid.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_strnid.c	(working copy)
+@@ -96,7 +96,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
+  * default:   the default value, Printable, T61, BMP.
+  */
+ 
+-int ASN1_STRING_set_default_mask_asc(char *p)
++int ASN1_STRING_set_default_mask_asc(const char *p)
+ {
+ 	unsigned long mask;
+ 	char *end;
+Index: crypto/openssl/crypto/asn1/a_verify.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_verify.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/a_verify.c	(working copy)
+@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALG
+ 	unsigned char *buf_in=NULL;
+ 	int ret= -1,i,inl;
+ 
++	if (!pkey)
++		{
++		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++		return -1;
++		}
++
+ 	EVP_MD_CTX_init(&ctx);
+ 	i=OBJ_obj2nid(a->algorithm);
+ 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+Index: crypto/openssl/crypto/asn1/asn1.h
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1.h	(revision 248771)
++++ crypto/openssl/crypto/asn1/asn1.h	(working copy)
+@@ -1051,7 +1051,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_vo
+ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+ 
+ void ASN1_STRING_set_default_mask(unsigned long mask);
+-int ASN1_STRING_set_default_mask_asc(char *p);
++int ASN1_STRING_set_default_mask_asc(const char *p);
+ unsigned long ASN1_STRING_get_default_mask(void);
+ int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ 					int inform, unsigned long mask);
+Index: crypto/openssl/crypto/asn1/asn_mime.c
+===================================================================
+--- crypto/openssl/crypto/asn1/asn_mime.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/asn_mime.c	(working copy)
+@@ -418,9 +418,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont,
+ 
+ 		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ 			strcmp(hdr->value, "application/pkcs7-signature")) {
+-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ 			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+ 			ERR_add_error_data(2, "type: ", hdr->value);
++			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ 			sk_BIO_pop_free(parts, BIO_vfree);
+ 			return NULL;
+ 		}
+@@ -790,12 +790,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, ch
+ static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ 			const MIME_HEADER * const *b)
+ {
++	if (!(*a)->name || !(*b)->name)
++		return !!(*a)->name - !!(*b)->name;
++
+ 	return(strcmp((*a)->name, (*b)->name));
+ }
+ 
+ static int mime_param_cmp(const MIME_PARAM * const *a,
+ 			const MIME_PARAM * const *b)
+ {
++	if (!(*a)->param_name || !(*b)->param_name)
++		return !!(*a)->param_name - !!(*b)->param_name;
+ 	return(strcmp((*a)->param_name, (*b)->param_name));
+ }
+ 
+Index: crypto/openssl/crypto/asn1/x_name.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_name.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/x_name.c	(working copy)
+@@ -196,7 +196,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, cons
+ 	*val = nm.a;
+ 	*in = p;
+ 	return ret;
+-	err:
++err:
++        if (nm.x != NULL)
++		X509_NAME_free(nm.x);
+ 	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ 	return 0;
+ }
+Index: crypto/openssl/crypto/asn1/x_pubkey.c
+===================================================================
+--- crypto/openssl/crypto/asn1/x_pubkey.c	(revision 248771)
++++ crypto/openssl/crypto/asn1/x_pubkey.c	(working copy)
+@@ -367,7 +367,19 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ 		goto err;
+ 		}
+ 
+-	key->pkey = ret;
++	/* Check to see if another thread set key->pkey first */
++	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
++	if (key->pkey)
++		{
++		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++		EVP_PKEY_free(ret);
++		ret = key->pkey;
++		}
++	else
++		{
++		key->pkey = ret;
++		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++		}
+ 	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ 	return(ret);
+ err:
+Index: crypto/openssl/crypto/bio/bf_buff.c
+===================================================================
+--- crypto/openssl/crypto/bio/bf_buff.c	(revision 248771)
++++ crypto/openssl/crypto/bio/bf_buff.c	(working copy)
+@@ -209,7 +209,7 @@ start:
+ 	/* add to buffer and return */
+ 	if (i >= inl)
+ 		{
+-		memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
++		memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
+ 		ctx->obuf_len+=inl;
+ 		return(num+inl);
+ 		}
+@@ -219,7 +219,7 @@ start:
+ 		{
+ 		if (i > 0) /* lets fill it up if we can */
+ 			{
+-			memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
++			memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
+ 			in+=i;
+ 			inl-=i;
+ 			num+=i;
+@@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num,
+ 	case BIO_C_GET_BUFF_NUM_LINES:
+ 		ret=0;
+ 		p1=ctx->ibuf;
+-		for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
++		for (i=0; i<ctx->ibuf_len; i++)
+ 			{
+-			if (p1[i] == '\n') ret++;
++			if (p1[ctx->ibuf_off + i] == '\n') ret++;
+ 			}
+ 		break;
+ 	case BIO_CTRL_WPENDING:
+@@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, long num,
+ 		for (;;)
+ 			{
+ 			BIO_clear_retry_flags(b);
+-			if (ctx->obuf_len > ctx->obuf_off)
++			if (ctx->obuf_len > 0)
+ 				{
+ 				r=BIO_write(b->next_bio,
+ 					&(ctx->obuf[ctx->obuf_off]),
+-					ctx->obuf_len-ctx->obuf_off);
++					ctx->obuf_len);
+ #if 0
+-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
++fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
+ #endif
+ 				BIO_copy_next_retry(b);
+ 				if (r <= 0) return((long)r);
+ 				ctx->obuf_off+=r;
++				ctx->obuf_len-=r;
+ 				}
+ 			else
+ 				{
+Index: crypto/openssl/crypto/bio/bio.h
+===================================================================
+--- crypto/openssl/crypto/bio/bio.h	(revision 248771)
++++ crypto/openssl/crypto/bio/bio.h	(working copy)
+@@ -145,6 +145,7 @@ extern "C" {
+ /* #endif */
+ 
+ #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
++#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
+ #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
+ #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
+ 					      * MTU. want to use this
+@@ -321,6 +322,15 @@ DECLARE_STACK_OF(BIO)
+ 
+ typedef struct bio_f_buffer_ctx_struct
+ 	{
++	/* Buffers are setup like this:
++	 *
++	 * <---------------------- size ----------------------->
++	 * +---------------------------------------------------+
++	 * | consumed | remaining          | free space        |
++	 * +---------------------------------------------------+
++	 * <-- off --><------- len ------->
++	 */
++
+ 	/* BIO *bio; */ /* this is now in the BIO struct */
+ 	int ibuf_size;	/* how big is the input buffer */
+ 	int obuf_size;	/* how big is the output buffer */
+Index: crypto/openssl/crypto/bio/bss_dgram.c
+===================================================================
+--- crypto/openssl/crypto/bio/bss_dgram.c	(revision 248771)
++++ crypto/openssl/crypto/bio/bss_dgram.c	(working copy)
+@@ -57,7 +57,6 @@
+  *
+  */
+ 
+-#ifndef OPENSSL_NO_DGRAM
+ 
+ #include <stdio.h>
+ #include <errno.h>
+@@ -65,6 +64,7 @@
+ #include "cryptlib.h"
+ 
+ #include <openssl/bio.h>
++#ifndef OPENSSL_NO_DGRAM
+ 
+ #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+ #include <sys/timeb.h>
+@@ -288,7 +288,6 @@ static int dgram_read(BIO *b, char *out, int outl)
+ 		 */
+ 		dgram_adjust_rcv_timeout(b);
+ 		ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+-		dgram_reset_rcv_timeout(b);
+ 
+ 		if ( ! data->connected  && ret >= 0)
+ 			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+@@ -302,6 +301,8 @@ static int dgram_read(BIO *b, char *out, int outl)
+ 				data->_errno = get_last_socket_error();
+ 				}
+ 			}
++
++		dgram_reset_rcv_timeout(b);
+ 		}
+ 	return(ret);
+ 	}
+@@ -493,6 +494,9 @@ static long dgram_ctrl(BIO *b, int cmd, long num,
+ 		ret = 0;
+ #endif
+ 		break;
++	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
++		ret = 576 - 20 - 8;
++		break;
+ 	case BIO_CTRL_DGRAM_GET_MTU:
+ 		return data->mtu;
+ 		break;
+@@ -654,9 +658,13 @@ static int BIO_dgram_should_retry(int i)
+ 		{
+ 		err=get_last_socket_error();
+ 
+-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+-		if ((i == -1) && (err == 0))
+-			return(1);
++#if defined(OPENSSL_SYS_WINDOWS)
++	/* If the socket return value (i) is -1
++	 * and err is unexpectedly 0 at this point,
++	 * the error code was overwritten by
++	 * another system call before this error
++	 * handling is called.
++	 */
+ #endif
+ 
+ 		return(BIO_dgram_non_fatal_error(err));
+@@ -719,7 +727,6 @@ int BIO_dgram_non_fatal_error(int err)
+ 		}
+ 	return(0);
+ 	}
+-#endif
+ 
+ static void get_current_time(struct timeval *t)
+ 	{
+@@ -737,3 +744,5 @@ static void get_current_time(struct timeval *t)
+ 	gettimeofday(t, NULL);
+ #endif
+ 	}
++
++#endif
+Index: crypto/openssl/crypto/bn/asm/mo-586.pl
+===================================================================
+--- crypto/openssl/crypto/bn/asm/mo-586.pl	(revision 248771)
++++ crypto/openssl/crypto/bn/asm/mo-586.pl	(working copy)
+@@ -539,8 +539,10 @@ $sbit=$num;
+ 	&jle	(&label("sqradd"));
+ 
+ 	&mov	($carry,"edx");
+-	&lea	("edx",&DWP(0,$sbit,"edx",2));
++	&add	("edx","edx");
+ 	&shr	($carry,31);
++	&add	("edx",$sbit);
++	&adc	($carry,0);
+ &set_label("sqrlast");
+ 	&mov	($word,$_n0);
+ 	&mov	($inp,$_np);
+Index: crypto/openssl/crypto/bn/asm/ppc.pl
+===================================================================
+--- crypto/openssl/crypto/bn/asm/ppc.pl	(revision 248771)
++++ crypto/openssl/crypto/bn/asm/ppc.pl	(working copy)
+@@ -1039,7 +1039,7 @@ sub data {
+ 	addze	r11,r0
+ 					#mul_add_c(a[3],b[2],c3,c1,c2);
+ 	$LD	r6,`3*$BNSZ`(r4)
+-	$LD	r7,`2*$BNSZ`(r4)
++	$LD	r7,`2*$BNSZ`(r5)
+ 	$UMULL	r8,r6,r7
+ 	$UMULH	r9,r6,r7
+ 	addc	r12,r8,r12
+Index: crypto/openssl/crypto/bn/bn_blind.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_blind.c	(revision 248771)
++++ crypto/openssl/crypto/bn/bn_blind.c	(working copy)
+@@ -123,7 +123,7 @@ struct bn_blinding_st
+ 	BIGNUM *mod; /* just a reference */
+ 	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+ 				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+-	unsigned int  counter;
++	int counter;
+ 	unsigned long flags;
+ 	BN_MONT_CTX *m_ctx;
+ 	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+@@ -157,7 +157,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, cons
+ 	if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ 		BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+ 
+-	ret->counter = BN_BLINDING_COUNTER;
++	/* Set the counter to the special value -1
++	 * to indicate that this is never-used fresh blinding
++	 * that does not need updating before first use. */
++	ret->counter = -1;
+ 	return(ret);
+ err:
+ 	if (ret != NULL) BN_BLINDING_free(ret);
+@@ -186,7 +189,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx
+ 		goto err;
+ 		}
+ 
+-	if (--(b->counter) == 0 && b->e != NULL &&
++	if (b->counter == -1)
++		b->counter = 0;
++
++	if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+ 		!(b->flags & BN_BLINDING_NO_RECREATE))
+ 		{
+ 		/* re-create blinding parameters */
+@@ -201,8 +207,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx
+ 
+ 	ret=1;
+ err:
+-	if (b->counter == 0)
+-		b->counter = BN_BLINDING_COUNTER;
++	if (b->counter == BN_BLINDING_COUNTER)
++		b->counter = 0;
+ 	return(ret);
+ 	}
+ 
+@@ -223,6 +229,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, B
+ 		return(0);
+ 		}
+ 
++	if (b->counter == -1)
++		/* Fresh blinding, doesn't need updating. */
++		b->counter = 0;
++	else if (!BN_BLINDING_update(b,ctx))
++		return(0);
++
+ 	if (r != NULL)
+ 		{
+ 		if (!BN_copy(r, b->Ai)) ret=0;
+@@ -243,22 +255,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM
+ 	int ret;
+ 
+ 	bn_check_top(n);
+-	if ((b->A == NULL) || (b->Ai == NULL))
+-		{
+-		BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+-		return(0);
+-		}
+ 
+ 	if (r != NULL)
+ 		ret = BN_mod_mul(n, n, r, b->mod, ctx);
+ 	else
+-		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+-
+-	if (ret >= 0)
+ 		{
+-		if (!BN_BLINDING_update(b,ctx))
++		if (b->Ai == NULL)
++			{
++			BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+ 			return(0);
++			}
++		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ 		}
++
+ 	bn_check_top(n);
+ 	return(ret);
+ 	}
+Index: crypto/openssl/crypto/bn/bn_gf2m.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_gf2m.c	(revision 248771)
++++ crypto/openssl/crypto/bn/bn_gf2m.c	(working copy)
+@@ -607,6 +607,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, co
+ 		{
+ 		while (!BN_is_odd(u))
+ 			{
++			if (BN_is_zero(u)) goto err;
+ 			if (!BN_rshift1(u, u)) goto err;
+ 			if (BN_is_odd(b))
+ 				{
+Index: crypto/openssl/crypto/bn/bn_word.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_word.c	(revision 248771)
++++ crypto/openssl/crypto/bn/bn_word.c	(working copy)
+@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
+ 			a->neg=!(a->neg);
+ 		return(i);
+ 		}
+-	/* Only expand (and risk failing) if it's possibly necessary */
+-	if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+-			(bn_wexpand(a,a->top+1) == NULL))
+-		return(0);
+-	i=0;
+-	for (;;)
++	for (i=0;w!=0 && i<a->top;i++)
+ 		{
+-		if (i >= a->top)
+-			l=w;
+-		else
+-			l=(a->d[i]+w)&BN_MASK2;
+-		a->d[i]=l;
+-		if (w > l)
+-			w=1;
+-		else
+-			break;
+-		i++;
++		a->d[i] = l = (a->d[i]+w)&BN_MASK2;
++		w = (w>l)?1:0;
+ 		}
+-	if (i >= a->top)
++	if (w && i==a->top)
++		{
++		if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ 		a->top++;
++		a->d[i]=w;
++		}
+ 	bn_check_top(a);
+ 	return(1);
+ 	}
+Index: crypto/openssl/crypto/cms/cms.h
+===================================================================
+--- crypto/openssl/crypto/cms/cms.h	(revision 248771)
++++ crypto/openssl/crypto/cms/cms.h	(working copy)
+@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+ #define CMS_PARTIAL			0x4000
+ #define CMS_REUSE_DIGEST		0x8000
+ #define CMS_USE_KEYID			0x10000
++#define CMS_DEBUG_DECRYPT		0x20000
+ 
+ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+ 
+Index: crypto/openssl/crypto/cms/cms_enc.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_enc.c	(revision 248771)
++++ crypto/openssl/crypto/cms/cms_enc.c	(working copy)
+@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ 	const EVP_CIPHER *ciph;
+ 	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+ 	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
++	unsigned char *tkey = NULL;
++	size_t tkeylen;
+ 
+ 	int ok = 0;
+ 
+@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ 				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ 		goto err;
+ 		}
+-
+-
+-	if (enc && !ec->key)
++	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
++	/* Generate random session key */
++	if (!enc || !ec->key)
+ 		{
+-		/* Generate random key */
+-		if (!ec->keylen)
+-			ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+-		ec->key = OPENSSL_malloc(ec->keylen);
+-		if (!ec->key)
++		tkey = OPENSSL_malloc(tkeylen);
++		if (!tkey)
+ 			{
+ 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ 							ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
++		if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+ 			goto err;
+-		keep_key = 1;
+ 		}
+-	else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
++
++	if (!ec->key)
+ 		{
++		ec->key = tkey;
++		ec->keylen = tkeylen;
++		tkey = NULL;
++		if (enc)
++			keep_key = 1;
++		else
++			ERR_clear_error();
++		
++		}
++
++	if (ec->keylen != tkeylen)
++		{
+ 		/* If necessary set key length */
+ 		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+ 			{
+-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+-				CMS_R_INVALID_KEY_LENGTH);
+-			goto err;
++			/* Only reveal failure if debugging so we don't
++			 * leak information which may be useful in MMA.
++			 */
++			if (enc || ec->debug)
++				{
++				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
++						CMS_R_INVALID_KEY_LENGTH);
++				goto err;
++				}
++			else
++				{
++				/* Use random key */
++				OPENSSL_cleanse(ec->key, ec->keylen);
++				OPENSSL_free(ec->key);
++				ec->key = tkey;
++				ec->keylen = tkeylen;
++				tkey = NULL;
++				ERR_clear_error();
++				}
+ 			}
+ 		}
+ 
+@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedCo
+ 		OPENSSL_free(ec->key);
+ 		ec->key = NULL;
+ 		}
++	if (tkey)
++		{
++		OPENSSL_cleanse(tkey, tkeylen);
++		OPENSSL_free(tkey);
++		}
+ 	if (ok)
+ 		return b;
+ 	BIO_free(b);
+Index: crypto/openssl/crypto/cms/cms_env.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_env.c	(revision 248771)
++++ crypto/openssl/crypto/cms/cms_env.c	(working copy)
+@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_Cont
+ 	unsigned char *ek = NULL;
+ 	int eklen;
+ 	int ret = 0;
++	CMS_EncryptedContentInfo *ec;
++	ec = cms->d.envelopedData->encryptedContentInfo;
+ 
+ 	if (ktri->pkey == NULL)
+ 		{
+@@ -382,9 +384,15 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_Cont
+ 
+ 	ret = 1;
+ 
+-	cms->d.envelopedData->encryptedContentInfo->key = ek;
+-	cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
++	if (ec->key)
++		{
++		OPENSSL_cleanse(ec->key, ec->keylen);
++		OPENSSL_free(ec->key);
++		}
+ 
++	ec->key = ek;
++	ec->keylen = eklen;
++
+ 	err:
+ 	if (!ret && ek)
+ 		OPENSSL_free(ek);
+Index: crypto/openssl/crypto/cms/cms_io.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_io.c	(revision 248771)
++++ crypto/openssl/crypto/cms/cms_io.c	(working copy)
+@@ -112,7 +112,7 @@ static int cms_output_data(BIO *out, BIO *data, AS
+ 		cmsbio = tmpbio;
+ 		}
+ 
+-	return 1;
++	return r;
+ 
+ 	}
+ 
+Index: crypto/openssl/crypto/cms/cms_lcl.h
+===================================================================
+--- crypto/openssl/crypto/cms/cms_lcl.h	(revision 248771)
++++ crypto/openssl/crypto/cms/cms_lcl.h	(working copy)
+@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
+ 	const EVP_CIPHER *cipher;
+ 	unsigned char *key;
+ 	size_t keylen;
++	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
++	int debug;
+ 	};
+ 
+ struct CMS_RecipientInfo_st
+Index: crypto/openssl/crypto/cms/cms_smime.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_smime.c	(revision 248771)
++++ crypto/openssl/crypto/cms/cms_smime.c	(working copy)
+@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EV
+ 	STACK_OF(CMS_RecipientInfo) *ris;
+ 	CMS_RecipientInfo *ri;
+ 	int i, r;
++	int debug = 0;
+ 	ris = CMS_get0_RecipientInfos(cms);
++	if (ris)
++		debug = cms->d.envelopedData->encryptedContentInfo->debug;
+ 	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ 		{
+ 		ri = sk_CMS_RecipientInfo_value(ris, i);
+@@ -636,17 +639,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EV
+ 			CMS_RecipientInfo_set0_pkey(ri, pk);
+ 			r = CMS_RecipientInfo_decrypt(cms, ri);
+ 			CMS_RecipientInfo_set0_pkey(ri, NULL);
+-			if (r > 0)
+-				return 1;
+ 			if (cert)
+ 				{
++				/* If not debugging clear any error and
++				 * return success to avoid leaking of
++				 * information useful to MMA
++				 */
++				if (!debug)
++					{
++					ERR_clear_error();
++					return 1;
++					}
++				if (r > 0)
++					return 1;
+ 				CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+ 						CMS_R_DECRYPT_ERROR);
+ 				return 0;
+ 				}
+-			ERR_clear_error();
++			/* If no cert and not debugging don't leave loop
++			 * after first successful decrypt. Always attempt
++			 * to decrypt all recipients to avoid leaking timing
++			 * of a successful decrypt.
++			 */
++			else if (r > 0 && debug)
++				return 1;
+ 			}
+ 		}
++	/* If no cert and not debugging always return success */
++	if (!cert && !debug)
++		{
++		ERR_clear_error();
++		return 1;
++		}
+ 
+ 	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+ 	return 0;
+@@ -705,9 +729,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk
+ 		}
+ 	if (!dcont && !check_content(cms))
+ 		return 0;
++	if (flags & CMS_DEBUG_DECRYPT)
++		cms->d.envelopedData->encryptedContentInfo->debug = 1;
++	else
++		cms->d.envelopedData->encryptedContentInfo->debug = 0;
++	if (!pk && !cert && !dcont && !out)
++		return 1;
+ 	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+ 		return 0;
+-
+ 	cont = CMS_dataInit(cms, dcont);
+ 	if (!cont)
+ 		return 0;
+Index: crypto/openssl/crypto/comp/c_rle.c
+===================================================================
+--- crypto/openssl/crypto/comp/c_rle.c	(revision 248771)
++++ crypto/openssl/crypto/comp/c_rle.c	(working copy)
+@@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigne
+ 	{
+ 	int i;
+ 
+-	if (olen < (ilen-1))
++	if (ilen == 0 || olen < (ilen-1))
+ 		{
+ 		/* ZZZZZZZZZZZZZZZZZZZZZZ */
+ 		return(-1);
+@@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigne
+ 		}
+ 	return(ilen-1);
+ 	}
+-
+Index: crypto/openssl/crypto/conf/conf_api.c
+===================================================================
+--- crypto/openssl/crypto/conf/conf_api.c	(revision 248771)
++++ crypto/openssl/crypto/conf/conf_api.c	(working copy)
+@@ -64,6 +64,7 @@
+ #endif
+ 
+ #include <assert.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <openssl/conf.h>
+ #include <openssl/conf_api.h>
+Index: crypto/openssl/crypto/cryptlib.c
+===================================================================
+--- crypto/openssl/crypto/cryptlib.c	(revision 248771)
++++ crypto/openssl/crypto/cryptlib.c	(working copy)
+@@ -396,7 +396,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwR
+ 	case DLL_THREAD_ATTACH:
+ 		break;
+ 	case DLL_THREAD_DETACH:
+-		ERR_remove_state(0);
+ 		break;
+ 	case DLL_PROCESS_DETACH:
+ 		break;
+@@ -543,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const ch
+ 	}
+ 
+ void *OPENSSL_stderr(void)	{ return stderr; }
++
++#ifndef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++	{
++	size_t i;
++	const unsigned char *a = in_a;
++	const unsigned char *b = in_b;
++	unsigned char x = 0;
++
++	for (i = 0; i < len; i++)
++		x |= a[i] ^ b[i];
++
++	return x;
++	}
++#endif
+Index: crypto/openssl/crypto/crypto.h
+===================================================================
+--- crypto/openssl/crypto/crypto.h	(revision 248771)
++++ crypto/openssl/crypto/crypto.h	(working copy)
+@@ -588,15 +588,22 @@ int OPENSSL_isservice(void);
+ 
+ #endif /* def OPENSSL_FIPS */
+ 
++#define OPENSSL_HAVE_INIT	1
++void OPENSSL_init(void);
++
++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
++ * takes an amount of time dependent on |len|, but independent of the contents
++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
++ * defined order as the return value when a != b is undefined, other than to be
++ * non-zero. */
++int CRYPTO_memcmp(const void *a, const void *b, size_t len);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
+ void ERR_load_CRYPTO_strings(void);
+ 
+-#define OPENSSL_HAVE_INIT	1
+-void OPENSSL_init(void);
+-
+ /* Error codes for the CRYPTO functions. */
+ 
+ /* Function codes. */
+Index: crypto/openssl/crypto/ec/ec2_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_smpl.c	(revision 248771)
++++ crypto/openssl/crypto/ec/ec2_smpl.c	(working copy)
+@@ -821,7 +821,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *gro
+ 	field_sqr = group->meth->field_sqr;	
+ 
+ 	/* only support affine coordinates */
+-	if (!point->Z_is_one) goto err;
++	if (!point->Z_is_one) return -1;
+ 
+ 	if (ctx == NULL)
+ 		{
+@@ -871,6 +871,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, cons
+ 		{
+ 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ 		}
++
++	if (EC_POINT_is_at_infinity(group, b))
++		return 1;
+ 	
+ 	if (a->Z_is_one && b->Z_is_one)
+ 		{
+Index: crypto/openssl/crypto/ec/ec_key.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_key.c	(revision 248771)
++++ crypto/openssl/crypto/ec/ec_key.c	(working copy)
+@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
+ 		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ 		return 0;
+ 		}
+-	
++
++	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
++		{
++		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
++		goto err;
++		}
++
+ 	if ((ctx = BN_CTX_new()) == NULL)
+ 		goto err;
+ 	if ((point = EC_POINT_new(eckey->group)) == NULL)
+Index: crypto/openssl/crypto/ec/ecp_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ecp_smpl.c	(revision 248771)
++++ crypto/openssl/crypto/ec/ecp_smpl.c	(working copy)
+@@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const
+ 		{
+ 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ 		}
++
++	if (EC_POINT_is_at_infinity(group, b))
++		return 1;
+ 	
+ 	if (a->Z_is_one && b->Z_is_one)
+ 		{
+Index: crypto/openssl/crypto/ecdsa/ecdsatest.c
+===================================================================
+--- crypto/openssl/crypto/ecdsa/ecdsatest.c	(revision 248771)
++++ crypto/openssl/crypto/ecdsa/ecdsatest.c	(working copy)
+@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
+ 		return 0;
+ 		}
+ 	fbytes_counter ++;
+-	ret = BN_bn2bin(tmp, buf);	
+-	if (ret == 0 || ret != num)
++	if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+ 		ret = 0;
+-	else
++	else 
+ 		ret = 1;
+ 	if (tmp)
+ 		BN_free(tmp);
+@@ -287,9 +286,13 @@ int test_builtin(BIO *out)
+ 	size_t		crv_len = 0, n = 0;
+ 	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;
+ 	EC_GROUP	*group;
++	ECDSA_SIG	*ecdsa_sig = NULL;
+ 	unsigned char	digest[20], wrong_digest[20];
+-	unsigned char	*signature = NULL; 
+-	unsigned int	sig_len;
++	unsigned char	*signature = NULL;
++	const unsigned char	*sig_ptr;
++	unsigned char	*sig_ptr2;
++	unsigned char	*raw_buf = NULL;
++	unsigned int	sig_len, degree, r_len, s_len, bn_len, buf_len;
+ 	int		nid, ret =  0;
+ 	
+ 	/* fill digest values with some random data */
+@@ -339,7 +342,8 @@ int test_builtin(BIO *out)
+ 		if (EC_KEY_set_group(eckey, group) == 0)
+ 			goto builtin_err;
+ 		EC_GROUP_free(group);
+-		if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
++		degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
++		if (degree < 160)
+ 			/* drop the curve */ 
+ 			{
+ 			EC_KEY_free(eckey);
+@@ -415,26 +419,89 @@ int test_builtin(BIO *out)
+ 			}
+ 		BIO_printf(out, ".");
+ 		(void)BIO_flush(out);
+-		/* modify a single byte of the signature */
+-		offset = signature[10] % sig_len;
+-		dirt   = signature[11];
+-		signature[offset] ^= dirt ? dirt : 1; 
++		/* wrong length */
++		if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
++			eckey) == 1)
++			{
++			BIO_printf(out, " failed\n");
++			goto builtin_err;
++			}
++		BIO_printf(out, ".");
++		(void)BIO_flush(out);
++
++		/* Modify a single byte of the signature: to ensure we don't
++		 * garble the ASN1 structure, we read the raw signature and
++		 * modify a byte in one of the bignums directly. */
++		sig_ptr = signature;
++		if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
++			{
++			BIO_printf(out, " failed\n");
++			goto builtin_err;
++			}
++
++		/* Store the two BIGNUMs in raw_buf. */
++		r_len = BN_num_bytes(ecdsa_sig->r);
++		s_len = BN_num_bytes(ecdsa_sig->s);
++		bn_len = (degree + 7) / 8;
++		if ((r_len > bn_len) || (s_len > bn_len))
++			{
++			BIO_printf(out, " failed\n");
++			goto builtin_err;
++			}
++		buf_len = 2 * bn_len;
++		if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
++			goto builtin_err;
++		/* Pad the bignums with leading zeroes. */
++		memset(raw_buf, 0, buf_len);
++		BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
++		BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
++
++		/* Modify a single byte in the buffer. */
++		offset = raw_buf[10] % buf_len;
++		dirt   = raw_buf[11] ? raw_buf[11] : 1;
++		raw_buf[offset] ^= dirt;
++		/* Now read the BIGNUMs back in from raw_buf. */
++		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
++			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
++			goto builtin_err;
++
++		sig_ptr2 = signature;
++		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ 		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+ 			{
+ 			BIO_printf(out, " failed\n");
+ 			goto builtin_err;
+ 			}
++		/* Sanity check: undo the modification and verify signature. */
++		raw_buf[offset] ^= dirt;
++		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
++			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
++			goto builtin_err;
++
++		sig_ptr2 = signature;
++		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
++		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
++			{
++			BIO_printf(out, " failed\n");
++			goto builtin_err;
++			}
+ 		BIO_printf(out, ".");
+ 		(void)BIO_flush(out);
+ 		
+ 		BIO_printf(out, " ok\n");
+ 		/* cleanup */
++		/* clean bogus errors */
++		ERR_clear_error();
+ 		OPENSSL_free(signature);
+ 		signature = NULL;
+ 		EC_KEY_free(eckey);
+ 		eckey = NULL;
+ 		EC_KEY_free(wrong_eckey);
+ 		wrong_eckey = NULL;
++		ECDSA_SIG_free(ecdsa_sig);
++		ecdsa_sig = NULL;
++		OPENSSL_free(raw_buf);
++		raw_buf = NULL;
+ 		}
+ 
+ 	ret = 1;	
+@@ -443,8 +510,12 @@ builtin_err:
+ 		EC_KEY_free(eckey);
+ 	if (wrong_eckey)
+ 		EC_KEY_free(wrong_eckey);
++	if (ecdsa_sig)
++		ECDSA_SIG_free(ecdsa_sig);
+ 	if (signature)
+ 		OPENSSL_free(signature);
++	if (raw_buf)
++		OPENSSL_free(raw_buf);
+ 	if (curves)
+ 		OPENSSL_free(curves);
+ 
+Index: crypto/openssl/crypto/ecdsa/ecs_ossl.c
+===================================================================
+--- crypto/openssl/crypto/ecdsa/ecs_ossl.c	(revision 248771)
++++ crypto/openssl/crypto/ecdsa/ecs_ossl.c	(working copy)
+@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX
+ 			}
+ 		while (BN_is_zero(k));
+ 
++		/* We do not want timing information to leak the length of k,
++		 * so we compute G*k using an equivalent scalar of fixed
++		 * bit-length. */
++
++		if (!BN_add(k, k, order)) goto err;
++		if (BN_num_bits(k) <= BN_num_bits(order))
++			if (!BN_add(k, k, order)) goto err;
++
+ 		/* compute r the x-coordinate of generator * k */
+ 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ 		{
+Index: crypto/openssl/crypto/evp/evp_test.c
+===================================================================
+--- crypto/openssl/crypto/evp/evp_test.c	(revision 248771)
++++ crypto/openssl/crypto/evp/evp_test.c	(working copy)
+@@ -435,6 +435,7 @@ int main(int argc,char **argv)
+ 	    EXIT(3);
+ 	    }
+ 	}
++	fclose(f);
+ 
+ #ifndef OPENSSL_NO_ENGINE
+     ENGINE_cleanup();
+Index: crypto/openssl/crypto/o_init.c
+===================================================================
+--- crypto/openssl/crypto/o_init.c	(revision 248771)
++++ crypto/openssl/crypto/o_init.c	(working copy)
+@@ -93,4 +93,18 @@ void OPENSSL_init(void)
+ #endif
+ 	}
+ 		
++#ifdef OPENSSL_FIPS
+ 
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++	{
++	size_t i;
++	const unsigned char *a = in_a;
++	const unsigned char *b = in_b;
++	unsigned char x = 0;
++
++	for (i = 0; i < len; i++)
++		x |= a[i] ^ b[i];
++
++	return x;
++	}
++#endif
+Index: crypto/openssl/crypto/ocsp/ocsp_lib.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_lib.c	(revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_lib.c	(working copy)
+@@ -169,14 +169,14 @@ int OCSP_parse_url(char *url, char **phost, char *
+ 
+ 	char *host, *port;
+ 
++	*phost = NULL;
++	*pport = NULL;
++	*ppath = NULL;
++
+ 	/* dup the buffer since we are going to mess with it */
+ 	buf = BUF_strdup(url);
+ 	if (!buf) goto mem_err;
+ 
+-	*phost = NULL;
+-	*pport = NULL;
+-	*ppath = NULL;
+-
+ 	/* Check for initial colon */
+ 	p = strchr(buf, ':');
+ 
+Index: crypto/openssl/crypto/ocsp/ocsp_vfy.c
+===================================================================
+--- crypto/openssl/crypto/ocsp/ocsp_vfy.c	(revision 248771)
++++ crypto/openssl/crypto/ocsp/ocsp_vfy.c	(working copy)
+@@ -91,10 +91,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ 		{
+ 		EVP_PKEY *skey;
+ 		skey = X509_get_pubkey(signer);
+-		ret = OCSP_BASICRESP_verify(bs, skey, 0);
+-		EVP_PKEY_free(skey);
+-		if(ret <= 0)
++		if (skey)
+ 			{
++			ret = OCSP_BASICRESP_verify(bs, skey, 0);
++			EVP_PKEY_free(skey);
++			}
++		if(!skey || ret <= 0)
++			{
+ 			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ 			goto end;
+ 			}
+@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF
+ 			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ 		if(!init_res)
+ 			{
++			ret = -1;
+ 			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ 			goto end;
+ 			}
+Index: crypto/openssl/crypto/opensslv.h
+===================================================================
+--- crypto/openssl/crypto/opensslv.h	(revision 248771)
++++ crypto/openssl/crypto/opensslv.h	(working copy)
+@@ -25,11 +25,11 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-#define OPENSSL_VERSION_NUMBER	0x0090811f
++#define OPENSSL_VERSION_NUMBER	0x0090819fL
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8q-fips 2 Dec 2010"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8y-fips 5 Feb 2013"
+ #else
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8q 2 Dec 2010"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8y 5 Feb 2013"
+ #endif
+ #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+ 
+@@ -83,7 +83,7 @@
+  * should only keep the versions that are binary compatible with the current.
+  */
+ #define SHLIB_VERSION_HISTORY ""
+-#define SHLIB_VERSION_NUMBER "0.9.8"
++#define SHLIB_VERSION_NUMBER "6"
+ 
+ 
+ #endif /* HEADER_OPENSSLV_H */
+Index: crypto/openssl/crypto/perlasm/cbc.pl
+===================================================================
+--- crypto/openssl/crypto/perlasm/cbc.pl	(revision 248771)
++++ crypto/openssl/crypto/perlasm/cbc.pl	(working copy)
+@@ -158,7 +158,6 @@ sub cbc
+ 	&jmp_ptr($count);
+ 
+ &set_label("ej7");
+-	&xor("edx",		"edx") if $ppro; # ppro friendly
+ 	&movb(&HB("edx"),	&BP(6,$in,"",0));
+ 	&shl("edx",8);
+ &set_label("ej6");
+@@ -170,7 +169,6 @@ sub cbc
+ 	&jmp(&label("ejend"));
+ &set_label("ej3");
+ 	&movb(&HB("ecx"),	&BP(2,$in,"",0));
+-	&xor("ecx",		"ecx") if $ppro; # ppro friendly
+ 	&shl("ecx",8);
+ &set_label("ej2");
+ 	&movb(&HB("ecx"),	&BP(1,$in,"",0));
+Index: crypto/openssl/crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_smime.c	(revision 248771)
++++ crypto/openssl/crypto/pkcs7/pk7_smime.c	(working copy)
+@@ -486,15 +486,34 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509
+ 			return 0;
+ 		}
+ 		ret = SMIME_text(bread, data);
++		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++			{
++			if (!BIO_get_cipher_status(tmpmem))
++				ret = 0;
++			}
+ 		BIO_free_all(bread);
+ 		return ret;
+ 	} else {
+ 		for(;;) {
+ 			i = BIO_read(tmpmem, buf, sizeof(buf));
+-			if(i <= 0) break;
+-			BIO_write(data, buf, i);
++			if(i <= 0)
++				{
++				ret = 1;
++				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++					{
++					if (!BIO_get_cipher_status(tmpmem))
++						ret = 0;
++					}
++					
++				break;
++				}
++			if (BIO_write(data, buf, i) != i)
++				{
++				ret = 0;
++				break;
++				}
+ 		}
+ 		BIO_free_all(tmpmem);
+-		return 1;
++		return ret;
+ 	}
+ }
+Index: crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
+===================================================================
+--- crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl	(revision 248771)
++++ crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl	(working copy)
+@@ -167,7 +167,7 @@ $code.=<<___;
+ 	movzb	($dat,$XX[0]),$TX[0]#d
+ 	test	\$-8,$len
+ 	jz	.Lcloop1
+-	cmp	\$0,260($dat)
++	cmpl	\$0,260($dat)
+ 	jnz	.Lcloop1
+ 	push	%rbx
+ 	jmp	.Lcloop8
+Index: crypto/openssl/crypto/rc4/rc4_skey.c
+===================================================================
+--- crypto/openssl/crypto/rc4/rc4_skey.c	(revision 248771)
++++ crypto/openssl/crypto/rc4/rc4_skey.c	(working copy)
+@@ -138,9 +138,9 @@ void RC4_set_key(RC4_KEY *key, int len, const unsi
+ 		 */
+ #ifdef OPENSSL_FIPS
+ 		unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+-		if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
++		if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) {
+ #else
+-		if (OPENSSL_ia32cap_P & (1<<28)) {
++		if (OPENSSL_ia32cap_P & (1<<20)) {
+ #endif
+ 			unsigned char *cp=(unsigned char *)d;
+ 
+Index: crypto/openssl/crypto/rsa/rsa_eay.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_eay.c	(revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_eay.c	(working copy)
+@@ -312,51 +312,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int
+ 	return ret;
+ }
+ 
+-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
+-	BIGNUM *r, BN_CTX *ctx)
+-{
+-	if (local)
++static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
++	BN_CTX *ctx)
++	{
++	if (unblind == NULL)
++		/* Local blinding: store the unblinding factor
++		 * in BN_BLINDING. */
+ 		return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+ 	else
+ 		{
++		/* Shared blinding: store the unblinding factor
++		 * outside BN_BLINDING. */
+ 		int ret;
+-		CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+-		ret = BN_BLINDING_convert_ex(f, r, b, ctx);
+-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
+-		return ret;
+-		}
+-}
+-
+-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
+-	BIGNUM *r, BN_CTX *ctx)
+-{
+-	if (local)
+-		return BN_BLINDING_invert_ex(f, NULL, b, ctx);
+-	else
+-		{
+-		int ret;
+ 		CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+-		ret = BN_BLINDING_invert_ex(f, r, b, ctx);
++		ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+ 		CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+ 		return ret;
+ 		}
+-}
++	}
+ 
++static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
++	BN_CTX *ctx)
++	{
++	/* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
++	 * will use the unblinding factor stored in BN_BLINDING.
++	 * If BN_BLINDING is shared between threads, unblind must be non-null:
++	 * BN_BLINDING_invert_ex will then use the local unblinding factor,
++	 * and will only read the modulus from BN_BLINDING.
++	 * In both cases it's safe to access the blinding without a lock.
++	 */
++	return BN_BLINDING_invert_ex(f, unblind, b, ctx);
++	}
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+ 	{
+-	BIGNUM *f, *ret, *br, *res;
++	BIGNUM *f, *ret, *res;
+ 	int i,j,k,num=0,r= -1;
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 	int local_blinding = 0;
++	/* Used only if the blinding structure is shared. A non-NULL unblind
++	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
++	 * the unblinding factor outside the blinding structure. */
++	BIGNUM *unblind = NULL;
+ 	BN_BLINDING *blinding = NULL;
+ 
+ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 	BN_CTX_start(ctx);
+ 	f   = BN_CTX_get(ctx);
+-	br  = BN_CTX_get(ctx);
+ 	ret = BN_CTX_get(ctx);
+ 	num = BN_num_bytes(rsa->n);
+ 	buf = OPENSSL_malloc(num);
+@@ -404,8 +409,15 @@ static int RSA_eay_private_encrypt(int flen, const
+ 		}
+ 	
+ 	if (blinding != NULL)
+-		if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
++		{
++		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
++			{
++			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ 			goto err;
++			}
++		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
++			goto err;
++		}
+ 
+ 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ 		((rsa->p != NULL) &&
+@@ -439,7 +451,7 @@ static int RSA_eay_private_encrypt(int flen, const
+ 		}
+ 
+ 	if (blinding)
+-		if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
++		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ 			goto err;
+ 
+ 	if (padding == RSA_X931_PADDING)
+@@ -478,18 +490,21 @@ err:
+ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+ 	{
+-	BIGNUM *f, *ret, *br;
++	BIGNUM *f, *ret;
+ 	int j,num=0,r= -1;
+ 	unsigned char *p;
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 	int local_blinding = 0;
++	/* Used only if the blinding structure is shared. A non-NULL unblind
++	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
++	 * the unblinding factor outside the blinding structure. */
++	BIGNUM *unblind = NULL;
+ 	BN_BLINDING *blinding = NULL;
+ 
+ 	if((ctx = BN_CTX_new()) == NULL) goto err;
+ 	BN_CTX_start(ctx);
+ 	f   = BN_CTX_get(ctx);
+-	br  = BN_CTX_get(ctx);
+ 	ret = BN_CTX_get(ctx);
+ 	num = BN_num_bytes(rsa->n);
+ 	buf = OPENSSL_malloc(num);
+@@ -527,8 +542,15 @@ static int RSA_eay_private_decrypt(int flen, const
+ 		}
+ 	
+ 	if (blinding != NULL)
+-		if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
++		{
++		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
++			{
++			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+ 			goto err;
++			}
++		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
++			goto err;
++		}
+ 
+ 	/* do the decrypt */
+ 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+@@ -562,7 +584,7 @@ static int RSA_eay_private_decrypt(int flen, const
+ 		}
+ 
+ 	if (blinding)
+-		if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
++		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ 			goto err;
+ 
+ 	p=buf;
+Index: crypto/openssl/crypto/rsa/rsa_oaep.c
+===================================================================
+--- crypto/openssl/crypto/rsa/rsa_oaep.c	(revision 248771)
++++ crypto/openssl/crypto/rsa/rsa_oaep.c	(working copy)
+@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
+ 
+ 	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+ 
+-	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ 		goto decoding_err;
+ 	else
+ 		{
+Index: crypto/openssl/crypto/symhacks.h
+===================================================================
+--- crypto/openssl/crypto/symhacks.h	(revision 248771)
++++ crypto/openssl/crypto/symhacks.h	(working copy)
+@@ -252,15 +252,15 @@
+ #define EC_POINT_set_compressed_coordinates_GF2m \
+                                                 EC_POINT_set_compr_coords_GF2m
+ #undef ec_GF2m_simple_group_clear_finish
+-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish
++#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
+ #undef ec_GF2m_simple_group_check_discriminant
+ #define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim
+ #undef ec_GF2m_simple_point_clear_finish
+-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish
++#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
+ #undef ec_GF2m_simple_point_set_to_infinity
+-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf
++#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
+ #undef ec_GF2m_simple_points_make_affine
+-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine
++#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
+ #undef ec_GF2m_simple_point_set_affine_coordinates
+ #define ec_GF2m_simple_point_set_affine_coordinates \
+                                                 ec_GF2m_smp_pt_set_af_coords
+@@ -288,8 +288,6 @@
+ #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+ #undef ec_GFp_simple_points_make_affine
+ #define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+-#undef ec_GFp_simple_group_get_curve_GFp
+-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+ #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+ #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                 ec_GFp_smp_set_Jproj_coords_GFp
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_vfy.c	(revision 248771)
++++ crypto/openssl/crypto/x509/x509_vfy.c	(working copy)
+@@ -1097,7 +1097,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time
+ 	atm.length=sizeof(buff2);
+ 	atm.data=(unsigned char *)buff2;
+ 
+-	if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
++	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
+ 		return 0;
+ 
+ 	if (ctm->type == V_ASN1_UTCTIME)
+Index: crypto/openssl/crypto/x509v3/v3_addr.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/v3_addr.c	(revision 248771)
++++ crypto/openssl/crypto/x509v3/v3_addr.c	(working copy)
+@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily
+  * Expand the bitstring form of an address into a raw byte array.
+  * At the moment this is coded for simplicity, not speed.
+  */
+-static void addr_expand(unsigned char *addr,
++static int addr_expand(unsigned char *addr,
+ 			const ASN1_BIT_STRING *bs,
+ 			const int length,
+ 			const unsigned char fill)
+ {
+-  OPENSSL_assert(bs->length >= 0 && bs->length <= length);
++  if (bs->length < 0 || bs->length > length)
++    return 0;
+   if (bs->length > 0) {
+     memcpy(addr, bs->data, bs->length);
+     if ((bs->flags & 7) != 0) {
+@@ -159,6 +160,7 @@ unsigned int v3_addr_get_afi(const IPAddressFamily
+     }
+   }
+   memset(addr + bs->length, fill, length - bs->length);
++  return 1;
+ }
+ 
+ /*
+@@ -177,13 +179,17 @@ static int i2r_address(BIO *out,
+   unsigned char addr[ADDR_RAW_BUF_LEN];
+   int i, n;
+ 
++  if (bs->length < 0)
++    return 0;
+   switch (afi) {
+   case IANA_AFI_IPV4:
+-    addr_expand(addr, bs, 4, fill);
++    if (!addr_expand(addr, bs, 4, fill))
++      return 0;
+     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+     break;
+   case IANA_AFI_IPV6:
+-    addr_expand(addr, bs, 16, fill);
++    if (!addr_expand(addr, bs, 16, fill))
++      return 0;
+     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
+       ;
+     for (i = 0; i < n; i += 2)
+@@ -309,6 +315,12 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *met
+ /*
+  * Sort comparison function for a sequence of IPAddressOrRange
+  * elements.
++ *
++ * There's no sane answer we can give if addr_expand() fails, and an
++ * assertion failure on externally supplied data is seriously uncool,
++ * so we just arbitrarily declare that if given invalid inputs this
++ * function returns -1.  If this messes up your preferred sort order
++ * for garbage input, tough noogies.
+  */
+ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+ 				const IPAddressOrRange *b,
+@@ -321,22 +333,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrR
+ 
+   switch (a->type) {
+   case IPAddressOrRange_addressPrefix:
+-    addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
++    if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
++      return -1;
+     prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+     break;
+   case IPAddressOrRange_addressRange:
+-    addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
++    if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
++      return -1;
+     prefixlen_a = length * 8;
+     break;
+   }
+ 
+   switch (b->type) {
+   case IPAddressOrRange_addressPrefix:
+-    addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
++    if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
++      return -1;
+     prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+     break;
+   case IPAddressOrRange_addressRange:
+-    addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
++    if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
++      return -1;
+     prefixlen_b = length * 8;
+     break;
+   }
+@@ -378,6 +394,7 @@ static int range_should_be_prefix(const unsigned c
+   unsigned char mask;
+   int i, j;
+ 
++  OPENSSL_assert(memcmp(min, max, length) <= 0);
+   for (i = 0; i < length && min[i] == max[i]; i++)
+     ;
+   for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
+@@ -651,22 +668,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
+ /*
+  * Extract min and max values from an IPAddressOrRange.
+  */
+-static void extract_min_max(IPAddressOrRange *aor,
++static int extract_min_max(IPAddressOrRange *aor,
+ 			    unsigned char *min,
+ 			    unsigned char *max,
+ 			    int length)
+ {
+-  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
++  if (aor == NULL || min == NULL || max == NULL)
++    return 0;
+   switch (aor->type) {
+   case IPAddressOrRange_addressPrefix:
+-    addr_expand(min, aor->u.addressPrefix, length, 0x00);
+-    addr_expand(max, aor->u.addressPrefix, length, 0xFF);
+-    return;
++    return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
++	    addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+   case IPAddressOrRange_addressRange:
+-    addr_expand(min, aor->u.addressRange->min, length, 0x00);
+-    addr_expand(max, aor->u.addressRange->max, length, 0xFF);
+-    return;
++    return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
++	    addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+   }
++  return 0;
+ }
+ 
+ /*
+@@ -682,9 +699,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
+   if (aor == NULL || min == NULL || max == NULL ||
+       afi_length == 0 || length < afi_length ||
+       (aor->type != IPAddressOrRange_addressPrefix &&
+-       aor->type != IPAddressOrRange_addressRange))
++       aor->type != IPAddressOrRange_addressRange) ||
++      !extract_min_max(aor, min, max, afi_length))
+     return 0;
+-  extract_min_max(aor, min, max, afi_length);
++
+   return afi_length;
+ }
+ 
+@@ -766,8 +784,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
+       IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+       IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+ 
+-      extract_min_max(a, a_min, a_max, length);
+-      extract_min_max(b, b_min, b_max, length);
++      if (!extract_min_max(a, a_min, a_max, length) ||
++	  !extract_min_max(b, b_min, b_max, length))
++	return 0;
+ 
+       /*
+        * Punt misordered list, overlapping start, or inverted range.
+@@ -795,15 +814,18 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
+     }
+ 
+     /*
+-     * Check final range to see if it should be a prefix.
++     * Check range to see if it's inverted or should be a
++     * prefix.
+      */
+     j = sk_IPAddressOrRange_num(aors) - 1;
+     {
+       IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+-      if (a->type == IPAddressOrRange_addressRange) {
+-	extract_min_max(a, a_min, a_max, length);
+-	if (range_should_be_prefix(a_min, a_max, length) >= 0)
++      if (a != NULL && a->type == IPAddressOrRange_addressRange) {
++	if (!extract_min_max(a, a_min, a_max, length))
+ 	  return 0;
++	if (memcmp(a_min, a_max, length) > 0 ||
++	    range_should_be_prefix(a_min, a_max, length) >= 0)
++	  return 0;
+       }
+     }
+   }
+@@ -836,10 +858,18 @@ static int IPAddressOrRanges_canonize(IPAddressOrR
+     unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+     unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+ 
+-    extract_min_max(a, a_min, a_max, length);
+-    extract_min_max(b, b_min, b_max, length);
++    if (!extract_min_max(a, a_min, a_max, length) ||
++	!extract_min_max(b, b_min, b_max, length))
++      return 0;
+ 
+     /*
++     * Punt inverted ranges.
++     */
++    if (memcmp(a_min, a_max, length) > 0 ||
++	memcmp(b_min, b_max, length) > 0)
++      return 0;
++
++    /*
+      * Punt overlaps.
+      */
+     if (memcmp(a_max, b_min, length) >= 0)
+@@ -864,6 +894,20 @@ static int IPAddressOrRanges_canonize(IPAddressOrR
+     }
+   }
+ 
++  /*
++   * Check for inverted final range.
++   */
++  j = sk_IPAddressOrRange_num(aors) - 1;
++  {
++    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
++    if (a != NULL && a->type == IPAddressOrRange_addressRange) {
++      unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
++      extract_min_max(a, a_min, a_max, length);
++      if (memcmp(a_min, a_max, length) > 0)
++	return 0;
++    }
++  }
++
+   return 1;
+ }
+ 
+@@ -1012,6 +1056,11 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method
+ 	X509V3_conf_err(val);
+ 	goto err;
+       }
++      if (memcmp(min, max, length_from_afi(afi)) > 0) {
++	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
++	X509V3_conf_err(val);
++	goto err;
++      }
+       if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+ 	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ 	goto err;
+@@ -1097,13 +1146,15 @@ static int addr_contains(IPAddressOrRanges *parent
+ 
+   p = 0;
+   for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+-    extract_min_max(sk_IPAddressOrRange_value(child, c),
+-		    c_min, c_max, length);
++    if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
++			 c_min, c_max, length))
++      return -1;
+     for (;; p++) {
+       if (p >= sk_IPAddressOrRange_num(parent))
+ 	return 0;
+-      extract_min_max(sk_IPAddressOrRange_value(parent, p),
+-		      p_min, p_max, length);
++      if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
++			   p_min, p_max, length))
++	return 0;
+       if (memcmp(p_max, c_max, length) < 0)
+ 	continue;
+       if (memcmp(p_min, c_min, length) > 0)
+Index: crypto/openssl/crypto/x509v3/v3_asid.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/v3_asid.c	(revision 248771)
++++ crypto/openssl/crypto/x509v3/v3_asid.c	(working copy)
+@@ -61,7 +61,6 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
+-#include <assert.h>
+ #include "cryptlib.h"
+ #include <openssl/conf.h>
+ #include <openssl/asn1.h>
+@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * con
+ {
+   const ASIdOrRange *a = *a_, *b = *b_;
+ 
+-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
++  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+ 	 (a->type == ASIdOrRange_range && a->u.range != NULL &&
+ 	  a->u.range->min != NULL && a->u.range->max != NULL));
+ 
+-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
++  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+ 	 (b->type == ASIdOrRange_range && b->u.range != NULL &&
+ 	  b->u.range->min != NULL && b->u.range->max != NULL));
+ 
+@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int w
+   if (*choice == NULL) {
+     if ((*choice = ASIdentifierChoice_new()) == NULL)
+       return 0;
+-    assert((*choice)->u.inherit == NULL);
++    OPENSSL_assert((*choice)->u.inherit == NULL);
+     if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+       return 0;
+     (*choice)->type = ASIdentifierChoice_inherit;
+@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
+   if (*choice == NULL) {
+     if ((*choice = ASIdentifierChoice_new()) == NULL)
+       return 0;
+-    assert((*choice)->u.asIdsOrRanges == NULL);
++    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+     (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+     if ((*choice)->u.asIdsOrRanges == NULL)
+       return 0;
+@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
+ 			    ASN1_INTEGER **min,
+ 			    ASN1_INTEGER **max)
+ {
+-  assert(aor != NULL && min != NULL && max != NULL);
++  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+   switch (aor->type) {
+   case ASIdOrRange_id:
+     *min = aor->u.id;
+@@ -359,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdent
+       goto done;
+   }
+ 
++  /*
++   * Check for inverted range.
++   */
++  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
++  {
++    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
++    ASN1_INTEGER *a_min, *a_max;
++    if (a != NULL && a->type == ASIdOrRange_range) {
++      extract_min_max(a, &a_min, &a_max);
++      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
++	goto done;
++    }
++  }
++
+   ret = 1;
+ 
+  done:
+@@ -373,7 +386,7 @@ static int ASIdentifierChoice_is_canonical(ASIdent
+ int v3_asid_is_canonical(ASIdentifiers *asid)
+ {
+   return (asid == NULL ||
+-	  (ASIdentifierChoice_is_canonical(asid->asnum) ||
++	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
+ 	   ASIdentifierChoice_is_canonical(asid->rdi)));
+ }
+ 
+@@ -393,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+     return 1;
+ 
+   /*
+-   * We have a list.  Sort it.
++   * If not a list, or if empty list, it's broken.
+    */
+-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
++  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
++      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
++    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
++	      X509V3_R_EXTENSION_VALUE_ERROR);
++    return 0;
++  }
++
++  /*
++   * We have a non-empty list.  Sort it.
++   */
+   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+ 
+   /*
+@@ -413,9 +435,16 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+     /*
+      * Make sure we're properly sorted (paranoia).
+      */
+-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
++    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+ 
+     /*
++     * Punt inverted ranges.
++     */
++    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
++	ASN1_INTEGER_cmp(b_min, b_max) > 0)
++      goto done;
++
++    /*
+      * Check for overlaps.
+      */
+     if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+@@ -466,14 +495,28 @@ static int ASIdentifierChoice_canonize(ASIdentifie
+ 	break;
+       }
+       ASIdOrRange_free(b);
+-      (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
++      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+       i--;
+       continue;
+     }
+   }
+ 
+-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
++  /*
++   * Check for final inverted range.
++   */
++  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
++  {
++    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
++    ASN1_INTEGER *a_min, *a_max;
++    if (a != NULL && a->type == ASIdOrRange_range) {
++      extract_min_max(a, &a_min, &a_max);
++      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
++	goto done;
++    }
++  }
+ 
++  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
++
+   ret = 1;
+ 
+  done:
+@@ -499,6 +542,7 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+ 			       struct v3_ext_ctx *ctx,
+ 			       STACK_OF(CONF_VALUE) *values)
+ {
++  ASN1_INTEGER *min = NULL, *max = NULL;
+   ASIdentifiers *asid = NULL;
+   int i;
+ 
+@@ -509,7 +553,6 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+ 
+   for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+     CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+-    ASN1_INTEGER *min = NULL, *max = NULL;
+     int i1, i2, i3, is_range, which;
+ 
+     /*
+@@ -579,18 +622,19 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+       max = s2i_ASN1_INTEGER(NULL, s + i2);
+       OPENSSL_free(s);
+       if (min == NULL || max == NULL) {
+-	ASN1_INTEGER_free(min);
+-	ASN1_INTEGER_free(max);
+ 	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ 	goto err;
+       }
++      if (ASN1_INTEGER_cmp(min, max) > 0) {
++	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
++	goto err;
++      }
+     }
+     if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+-      ASN1_INTEGER_free(min);
+-      ASN1_INTEGER_free(max);
+       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+       goto err;
+     }
++    min = max = NULL;
+   }
+ 
+   /*
+@@ -602,6 +646,8 @@ static void *v2i_ASIdentifiers(struct v3_ext_metho
+ 
+  err:
+   ASIdentifiers_free(asid);
++  ASN1_INTEGER_free(min);
++  ASN1_INTEGER_free(max);
+   return NULL;
+ }
+ 
+@@ -709,9 +755,9 @@ static int v3_asid_validate_path_internal(X509_STO
+   int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+   X509 *x = NULL;
+ 
+-  assert(chain != NULL && sk_X509_num(chain) > 0);
+-  assert(ctx != NULL || ext != NULL);
+-  assert(ctx == NULL || ctx->verify_cb != NULL);
++  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
++  OPENSSL_assert(ctx != NULL || ext != NULL);
++  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+ 
+   /*
+    * Figure out where to start.  If we don't have an extension to
+@@ -723,7 +769,7 @@ static int v3_asid_validate_path_internal(X509_STO
+   } else {
+     i = 0;
+     x = sk_X509_value(chain, i);
+-    assert(x != NULL);
++    OPENSSL_assert(x != NULL);
+     if ((ext = x->rfc3779_asid) == NULL)
+       goto done;
+   }
+@@ -756,7 +802,7 @@ static int v3_asid_validate_path_internal(X509_STO
+    */
+   for (i++; i < sk_X509_num(chain); i++) {
+     x = sk_X509_value(chain, i);
+-    assert(x != NULL);
++    OPENSSL_assert(x != NULL);
+     if (x->rfc3779_asid == NULL) {
+       if (child_as != NULL || child_rdi != NULL)
+ 	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+Index: crypto/openssl/doc/HOWTO/proxy_certificates.txt
+===================================================================
+--- crypto/openssl/doc/HOWTO/proxy_certificates.txt	(revision 248771)
++++ crypto/openssl/doc/HOWTO/proxy_certificates.txt	(working copy)
+@@ -57,7 +57,7 @@ following methods:
+ 
+  - in all other cases, proxy certificate validation can be enabled
+    before starting the application by setting the envirnoment variable
+-   OPENSSL_ALLOW_PROXY with some non-empty value.
++   OPENSSL_ALLOW_PROXY_CERTS with some non-empty value.
+ 
+ There are thoughts to allow proxy certificates with a line in the
+ default openssl.cnf, but that's still in the future.
+Index: crypto/openssl/doc/apps/CA.pl.pod
+===================================================================
+--- crypto/openssl/doc/apps/CA.pl.pod	(revision 248771)
++++ crypto/openssl/doc/apps/CA.pl.pod	(working copy)
+@@ -39,13 +39,13 @@ prints a usage message.
+ 
+ =item B<-newcert>
+ 
+-creates a new self signed certificate. The private key and certificate are
+-written to the file "newreq.pem".
++creates a new self signed certificate. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+ 
+ =item B<-newreq>
+ 
+-creates a new certificate request. The private key and request are
+-written to the file "newreq.pem".
++creates a new certificate request. The private key is written to the file
++"newkey.pem" and the request written to the file "newreq.pem".
+ 
+ =item B<-newreq-nodes>
+ 
+Index: crypto/openssl/doc/apps/ca.pod
+===================================================================
+--- crypto/openssl/doc/apps/ca.pod	(revision 248771)
++++ crypto/openssl/doc/apps/ca.pod	(working copy)
+@@ -88,7 +88,7 @@ section for information on the required format.
+ =item B<-infiles>
+ 
+ if present this should be the last option, all subsequent arguments
+-are assumed to the the names of files containing certificate requests. 
++are assumed to be the names of files containing certificate requests. 
+ 
+ =item B<-out filename>
+ 
+Index: crypto/openssl/doc/apps/dgst.pod
+===================================================================
+--- crypto/openssl/doc/apps/dgst.pod	(revision 248771)
++++ crypto/openssl/doc/apps/dgst.pod	(working copy)
+@@ -68,7 +68,7 @@ see the B<PASS PHRASE ARGUMENTS> section in L<open
+ 
+ =item B<-verify filename>
+ 
+-verify the signature using the the public key in "filename".
++verify the signature using the public key in "filename".
+ The output is either "Verification OK" or "Verification Failure".
+ 
+ =item B<-prverify filename>
+Index: crypto/openssl/doc/crypto/engine.pod
+===================================================================
+--- crypto/openssl/doc/crypto/engine.pod	(revision 248771)
++++ crypto/openssl/doc/crypto/engine.pod	(working copy)
+@@ -517,7 +517,7 @@ implemented by ENGINEs should be numbered from. An
+ this symbol is considered a "generic" command is handled directly by the
+ OpenSSL core routines.
+ 
+-It is using these "core" control commands that one can discover the the control
++It is using these "core" control commands that one can discover the control
+ commands implemented by a given ENGINE, specifically the commands;
+ 
+  #define ENGINE_HAS_CTRL_FUNCTION		10
+Index: crypto/openssl/doc/ssl/SSL_clear.pod
+===================================================================
+--- crypto/openssl/doc/ssl/SSL_clear.pod	(revision 248771)
++++ crypto/openssl/doc/ssl/SSL_clear.pod	(working copy)
+@@ -39,10 +39,16 @@ for a description of the method's properties.
+ SSL_clear() resets the SSL object to allow for another connection. The
+ reset operation however keeps several settings of the last sessions
+ (some of these settings were made automatically during the last
+-handshake). It only makes sense when opening a new session (or reusing
+-an old one) with the same peer that shares these settings.
+-SSL_clear() is not a short form for the sequence
+-L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
++handshake). It only makes sense for a new connection with the exact
++same peer that shares these settings, and may fail if that peer
++changes its settings between connections. Use the sequence
++L<SSL_get_session(3)|SSL_get_session(3)>;
++L<SSL_new(3)|SSL_new(3)>;
++L<SSL_set_session(3)|SSL_set_session(3)>;
++L<SSL_free(3)|SSL_free(3)>
++instead to avoid such failures
++(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>
++if session reuse is not desired).
+ 
+ =head1 RETURN VALUES
+ 
+Index: crypto/openssl/engines/e_capi.c
+===================================================================
+--- crypto/openssl/engines/e_capi.c	(revision 248771)
++++ crypto/openssl/engines/e_capi.c	(working copy)
+@@ -420,29 +420,37 @@ static int capi_init(ENGINE *e)
+ 	CAPI_CTX *ctx;
+ 	const RSA_METHOD *ossl_rsa_meth;
+ 	const DSA_METHOD *ossl_dsa_meth;
+-	capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+-	cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ 
++	if (capi_idx < 0)
++		{
++		capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
++		if (capi_idx < 0)
++			goto memerr;
++
++		cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
++
++		/* Setup RSA_METHOD */
++		rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
++		ossl_rsa_meth = RSA_PKCS1_SSLeay();
++		capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
++		capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
++		capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
++		capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
++
++		/* Setup DSA Method */
++		dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
++		ossl_dsa_meth = DSA_OpenSSL();
++		capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
++		capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
++		capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
++		}
++
+ 	ctx = capi_ctx_new();
+-	if (!ctx || (capi_idx < 0))
++	if (!ctx)
+ 		goto memerr;
+ 
+ 	ENGINE_set_ex_data(e, capi_idx, ctx);
+-	/* Setup RSA_METHOD */
+-	rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+-	ossl_rsa_meth = RSA_PKCS1_SSLeay();
+-	capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+-	capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+-	capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+-	capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+ 
+-	/* Setup DSA Method */
+-	dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+-	ossl_dsa_meth = DSA_OpenSSL();
+-	capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+-	capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+-	capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+-
+ #ifdef OPENSSL_CAPIENG_DIALOG
+ 	{
+ 	HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+@@ -1133,6 +1141,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO
+ 		{
+ 		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ 		capi_addlasterror();
++		CryptReleaseContext(hprov, 0);
+ 		return 0;
+ 		}
+ 	CAPI_trace(ctx, "Got max container len %d\n", buflen);
+@@ -1400,10 +1409,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx
+ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+ 	{
+ 	CAPI_KEY *key;
++    DWORD dwFlags = 0; 
+ 	key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ 	CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
+ 						contname, provname, ptype);
+-	if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
++    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
++        dwFlags = CRYPT_MACHINE_KEYSET;
++    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
+ 		{
+ 		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ 		capi_addlasterror();
+@@ -1550,6 +1562,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LP
+ 			}
+ 		CryptReleaseContext(hprov, 0);
+ 		}
++	if (ctx->cspname)
++		OPENSSL_free(ctx->cspname);
+ 	ctx->cspname = BUF_strdup(pname);
+ 	ctx->csptype = type;
+ 	return 1;
+@@ -1559,9 +1573,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx
+ 	{
+ 	LPSTR pname;
+ 	DWORD type;
++	int res;
+ 	if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+ 		return 0;
+-	return capi_ctx_set_provname(ctx, pname, type, 0);
++	res = capi_ctx_set_provname(ctx, pname, type, 0);
++	OPENSSL_free(pname);
++	return res;
+ 	}
+ 
+ static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+Index: crypto/openssl/engines/e_capi_err.h
+===================================================================
+--- crypto/openssl/engines/e_capi_err.h	(revision 248771)
++++ crypto/openssl/engines/e_capi_err.h	(working copy)
+@@ -55,6 +55,10 @@
+ #ifndef HEADER_CAPI_ERR_H
+ #define HEADER_CAPI_ERR_H
+ 
++#ifdef  __cplusplus
++extern "C" {
++#endif
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+Index: crypto/openssl/fips/fips_canister.c
+===================================================================
+--- crypto/openssl/fips/fips_canister.c	(revision 248771)
++++ crypto/openssl/fips/fips_canister.c	(working copy)
+@@ -19,6 +19,7 @@
+ 	(defined(__linux) && (defined(__arm) || defined(__arm__)))	|| \
+ 	(defined(__i386) || defined(__i386__))				|| \
+ 	(defined(__x86_64) || defined(__x86_64__))			|| \
++	defined(__ANDROID__)						|| \
+ 	(defined(vax) || defined(__vax__))
+ #  define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+ # endif
+Index: crypto/openssl/openssl.spec
+===================================================================
+--- crypto/openssl/openssl.spec	(revision 248771)
++++ crypto/openssl/openssl.spec	(working copy)
+@@ -2,7 +2,7 @@
+ %define libmaj 0
+ %define libmin 9
+ %define librel 8
+-%define librev q
++%define librev y
+ Release: 1
+ 
+ %define openssldir /var/ssl
+Index: crypto/openssl/ssl/Makefile
+===================================================================
+--- crypto/openssl/ssl/Makefile	(revision 248771)
++++ crypto/openssl/ssl/Makefile	(working copy)
+@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a
+ SHARED_LIB= libssl$(SHLIB_EXT)
+ LIBSRC=	\
+ 	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+-	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
++	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
+ 	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+ 	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+ 	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
+@@ -33,7 +33,7 @@ LIBSRC=	\
+ 	bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+ LIBOBJ= \
+ 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+-	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
++	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
+ 	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+ 	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+ 	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
+@@ -545,6 +545,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o
+ s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
++s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
++s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
++s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
++s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
++s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
++s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
++s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
++s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
++s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
++s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
++s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
++s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
+ s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+Index: crypto/openssl/ssl/bio_ssl.c
+===================================================================
+--- crypto/openssl/ssl/bio_ssl.c	(revision 248771)
++++ crypto/openssl/ssl/bio_ssl.c	(working copy)
+@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, vo
+ 		break;
+ 	case BIO_C_SET_SSL:
+ 		if (ssl != NULL)
++			{
+ 			ssl_free(b);
++			if (!ssl_new(b))
++				return 0;
++			}
+ 		b->shutdown=(int)num;
+ 		ssl=(SSL *)ptr;
+ 		((BIO_SSL *)b->ptr)->ssl=ssl;
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c	(revision 248771)
++++ crypto/openssl/ssl/d1_both.c	(working copy)
+@@ -153,12 +153,11 @@
+ #endif
+ 
+ static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
++static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+ 
+ /* XDTLS:  figure out the right values */
+ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+ 
+-static unsigned int dtls1_min_mtu(void);
+ static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
+ static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 
+ 	unsigned long frag_len);
+@@ -228,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
+ 	unsigned int len, frag_off, mac_size, blocksize;
+ 
+ 	/* AHA!  Figure out the MTU, and stick to the right size */
+-	if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
++	if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ 		{
+ 		s->d1->mtu = 
+ 			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+ 
+ 		/* I've seen the kernel return bogus numbers when it doesn't know
+ 		 * (initial write), so just make sure we have a reasonable number */
+-		if ( s->d1->mtu < dtls1_min_mtu())
++		if (s->d1->mtu < dtls1_min_mtu())
+ 			{
+ 			s->d1->mtu = 0;
+ 			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
+@@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type)
+ 			return ret;
+ 		mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+ 		}
++#endif
+ 
+-	OPENSSL_assert(mtu > 0);  /* should have something reasonable now */
++	OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());  /* should have something reasonable now */
+ 
+-#endif
+-
+ 	if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
+ 		OPENSSL_assert(s->init_num == 
+ 			(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+@@ -464,20 +462,9 @@ again:
+ 
+ 	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+ 
+-	s->d1->handshake_read_seq++;
+-	/* we just read a handshake message from the other side:
+-	 * this means that we don't need to retransmit of the
+-	 * buffered messages.  
+-	 * XDTLS: may be able clear out this
+-	 * buffer a little sooner (i.e if an out-of-order
+-	 * handshake message/record is received at the record
+-	 * layer.  
+-	 * XDTLS: exception is that the server needs to
+-	 * know that change cipher spec and finished messages
+-	 * have been received by the client before clearing this
+-	 * buffer.  this can simply be done by waiting for the
+-	 * first data  segment, but is there a better way?  */
+-	dtls1_clear_record_buffer(s);
++	/* Don't change sequence numbers while listening */
++	if (!s->d1->listen)
++		s->d1->handshake_read_seq++;
+ 
+ 	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ 	return s->init_num;
+@@ -806,16 +793,24 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 		*ok = 0;
+ 		return i;
+ 		}
+-	OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
++	/* Handshake fails if message header is incomplete */
++	if (i != DTLS1_HM_HEADER_LENGTH)
++		{
++		al=SSL_AD_UNEXPECTED_MESSAGE;
++		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
++		goto f_err;
++		}
+ 
+ 	/* parse the message fragment header */
+ 	dtls1_get_message_header(wire, &msg_hdr);
+ 
+ 	/* 
+ 	 * if this is a future (or stale) message it gets buffered
+-	 * (or dropped)--no further processing at this time 
++	 * (or dropped)--no further processing at this time
++	 * While listening, we accept seq 1 (ClientHello with cookie)
++	 * although we're still expecting seq 0 (ClientHello)
+ 	 */
+-	if ( msg_hdr.seq != s->d1->handshake_read_seq)
++	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
+ 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+ 
+ 	len = msg_hdr.msg_len;
+@@ -876,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 
+ 	/* XDTLS:  an incorrectly formatted fragment should cause the 
+ 	 * handshake to fail */
+-	OPENSSL_assert(i == (int)frag_len);
++	if (i != (int)frag_len)
++		{
++		al=SSL3_AD_ILLEGAL_PARAMETER;
++		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
++		goto f_err;
++		}
+ 
+ 	*ok = 1;
+ 
+@@ -1326,7 +1326,8 @@ unsigned char *
+ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
+ 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
+ 	{
+-	if ( frag_off == 0)
++	/* Don't change sequence numbers while listening */
++	if (frag_off == 0 && !s->d1->listen)
+ 		{
+ 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+ 		s->d1->next_handshake_write_seq++;
+@@ -1379,7 +1380,7 @@ dtls1_write_message_header(SSL *s, unsigned char *
+ 	return p;
+ 	}
+ 
+-static unsigned int 
++unsigned int 
+ dtls1_min_mtu(void)
+ 	{
+ 	return (g_probable_mtu[(sizeof(g_probable_mtu) / 
+Index: crypto/openssl/ssl/d1_clnt.c
+===================================================================
+--- crypto/openssl/ssl/d1_clnt.c	(revision 248771)
++++ crypto/openssl/ssl/d1_clnt.c	(working copy)
+@@ -257,7 +257,6 @@ int dtls1_connect(SSL *s)
+ 			if (ret <= 0) goto end;
+ 			else
+ 				{
+-				dtls1_stop_timer(s);
+ 				if (s->hit)
+ 					s->state=SSL3_ST_CR_FINISHED_A;
+ 				else
+@@ -350,6 +349,7 @@ int dtls1_connect(SSL *s)
+ 		case SSL3_ST_CR_SRVR_DONE_B:
+ 			ret=ssl3_get_server_done(s);
+ 			if (ret <= 0) goto end;
++			dtls1_stop_timer(s);
+ 			if (s->s3->tmp.cert_req)
+ 				s->state=SSL3_ST_CW_CERT_A;
+ 			else
+@@ -403,7 +403,8 @@ int dtls1_connect(SSL *s)
+ 
+ 		case SSL3_ST_CW_CHANGE_A:
+ 		case SSL3_ST_CW_CHANGE_B:
+-			dtls1_start_timer(s);
++			if (!s->hit)
++				dtls1_start_timer(s);
+ 			ret=dtls1_send_change_cipher_spec(s,
+ 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+ 			if (ret <= 0) goto end;
+@@ -438,7 +439,8 @@ int dtls1_connect(SSL *s)
+ 
+ 		case SSL3_ST_CW_FINISHED_A:
+ 		case SSL3_ST_CW_FINISHED_B:
+-			dtls1_start_timer(s);
++			if (!s->hit)
++				dtls1_start_timer(s);
+ 			ret=dtls1_send_finished(s,
+ 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+ 				s->method->ssl3_enc->client_finished_label,
+Index: crypto/openssl/ssl/d1_enc.c
+===================================================================
+--- crypto/openssl/ssl/d1_enc.c	(revision 248771)
++++ crypto/openssl/ssl/d1_enc.c	(working copy)
+@@ -126,16 +126,30 @@
+ #include <openssl/des.h>
+ #endif
+ 
++/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ *       an internal error occured. */
+ int dtls1_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i,ii,j,k;
++	int bs,i,j,k,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+ 		{
++		if (s->write_hash)
++			{
++			mac_size=EVP_MD_size(s->write_hash);
++			if (mac_size < 0)
++				return -1;
++			}
+ 		ds=s->enc_write_ctx;
+ 		rec= &(s->s3->wrec);
+ 		if (s->enc_write_ctx == NULL)
+@@ -156,6 +170,11 @@ int dtls1_enc(SSL *s, int send)
+ 		}
+ 	else
+ 		{
++		if (s->read_hash)
++			{
++			mac_size=EVP_MD_size(s->read_hash);
++			OPENSSL_assert(mac_size >= 0);
++			}
+ 		ds=s->enc_read_ctx;
+ 		rec= &(s->s3->rrec);
+ 		if (s->enc_read_ctx == NULL)
+@@ -220,11 +239,7 @@ int dtls1_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				{
+-				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ 				return 0;
+-				}
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -239,43 +254,7 @@ int dtls1_enc(SSL *s, int send)
+ #endif	/* KSSL_DEBUG */
+ 
+ 		if ((bs != 1) && !send)
+-			{
+-			ii=i=rec->data[l-1]; /* padding_length */
+-			i++;
+-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+-				{
+-				/* First packet is even in size, so check */
+-				if ((memcmp(s->s3->read_sequence,
+-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+-					i--;
+-				}
+-			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+-			 * All of them must have value 'padding_length'. */
+-			if (i > (int)rec->length)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
+-				 */
+-				return -1;
+-				}
+-			for (j=(int)(l-i); j<(int)l; j++)
+-				{
+-				if (rec->data[j] != ii)
+-					{
+-					/* Incorrect padding */
+-					return -1;
+-					}
+-				}
+-			rec->length-=i;
+-
+-			rec->data += bs;    /* skip the implicit IV */
+-			rec->input += bs;
+-			rec->length -= bs;
+-			}
++			return tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ 		}
+ 	return(1);
+ 	}
+Index: crypto/openssl/ssl/d1_lib.c
+===================================================================
+--- crypto/openssl/ssl/d1_lib.c	(revision 248771)
++++ crypto/openssl/ssl/d1_lib.c	(working copy)
+@@ -145,26 +145,33 @@ int dtls1_new(SSL *s)
+ 	return(1);
+ 	}
+ 
+-void dtls1_free(SSL *s)
++static void dtls1_clear_queues(SSL *s)
+ 	{
+     pitem *item = NULL;
+     hm_fragment *frag = NULL;
++	DTLS1_RECORD_DATA *rdata;
+ 
+-	ssl3_free(s);
+-
+     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
+         {
++		rdata = (DTLS1_RECORD_DATA *) item->data;
++		if (rdata->rbuf.buf)
++			{
++			OPENSSL_free(rdata->rbuf.buf);
++			}
+         OPENSSL_free(item->data);
+         pitem_free(item);
+         }
+-    pqueue_free(s->d1->unprocessed_rcds.q);
+ 
+     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
+         {
++		rdata = (DTLS1_RECORD_DATA *) item->data;
++		if (rdata->rbuf.buf)
++			{
++			OPENSSL_free(rdata->rbuf.buf);
++			}
+         OPENSSL_free(item->data);
+         pitem_free(item);
+         }
+-    pqueue_free(s->d1->processed_rcds.q);
+ 
+     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
+         {
+@@ -173,7 +180,6 @@ int dtls1_new(SSL *s)
+         OPENSSL_free(frag);
+         pitem_free(item);
+         }
+-    pqueue_free(s->d1->buffered_messages);
+ 
+     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
+         {
+@@ -182,15 +188,26 @@ int dtls1_new(SSL *s)
+         OPENSSL_free(frag);
+         pitem_free(item);
+         }
+-	pqueue_free(s->d1->sent_messages);
+ 
+ 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
+-	{
++		{
+ 		frag = (hm_fragment *)item->data;
+ 		OPENSSL_free(frag->fragment);
+ 		OPENSSL_free(frag);
+ 		pitem_free(item);
++		}
+ 	}
++
++void dtls1_free(SSL *s)
++	{
++	ssl3_free(s);
++
++	dtls1_clear_queues(s);
++
++    pqueue_free(s->d1->unprocessed_rcds.q);
++    pqueue_free(s->d1->processed_rcds.q);
++    pqueue_free(s->d1->buffered_messages);
++	pqueue_free(s->d1->sent_messages);
+ 	pqueue_free(s->d1->buffered_app_data.q);
+ 	
+ 	pq_64bit_free(&(s->d1->bitmap.map));
+@@ -204,6 +221,61 @@ int dtls1_new(SSL *s)
+ 
+ void dtls1_clear(SSL *s)
+ 	{
++    pqueue unprocessed_rcds;
++    pqueue processed_rcds;
++    pqueue buffered_messages;
++	pqueue sent_messages;
++	pqueue buffered_app_data;
++	unsigned int mtu;
++
++	if (s->d1)
++		{
++		unprocessed_rcds = s->d1->unprocessed_rcds.q;
++		processed_rcds = s->d1->processed_rcds.q;
++		buffered_messages = s->d1->buffered_messages;
++		sent_messages = s->d1->sent_messages;
++		buffered_app_data = s->d1->buffered_app_data.q;
++		mtu = s->d1->mtu;
++
++		dtls1_clear_queues(s);
++
++		pq_64bit_free(&(s->d1->bitmap.map));
++		pq_64bit_free(&(s->d1->bitmap.max_seq_num));
++
++		pq_64bit_free(&(s->d1->next_bitmap.map));
++		pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
++
++		memset(s->d1, 0, sizeof(*(s->d1)));
++
++		if (s->server)
++			{
++			s->d1->cookie_len = sizeof(s->d1->cookie);
++			}
++
++		if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
++			{
++			s->d1->mtu = mtu;
++			}
++
++		s->d1->unprocessed_rcds.q = unprocessed_rcds;
++		s->d1->processed_rcds.q = processed_rcds;
++		s->d1->buffered_messages = buffered_messages;
++		s->d1->sent_messages = sent_messages;
++		s->d1->buffered_app_data.q = buffered_app_data;
++
++#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
++		s->d1->bitmap.length=64;
++#else
++		s->d1->bitmap.length=sizeof(s->d1->bitmap.map) * 8;
++#endif
++		pq_64bit_init(&(s->d1->bitmap.map));
++		pq_64bit_init(&(s->d1->bitmap.max_seq_num));
++		
++		s->d1->next_bitmap.length = s->d1->bitmap.length;
++		pq_64bit_init(&(s->d1->next_bitmap.map));
++		pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
++		}
++
+ 	ssl3_clear(s);
+ 	if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ 		s->version=DTLS1_BAD_VER;
+@@ -349,35 +421,51 @@ void dtls1_double_timeout(SSL *s)
+ void dtls1_stop_timer(SSL *s)
+ 	{
+ 	/* Reset everything */
++	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
+ 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+ 	s->d1->timeout_duration = 1;
+ 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
++	/* Clear retransmission buffer */
++	dtls1_clear_record_buffer(s);
+ 	}
+ 
+-int dtls1_handle_timeout(SSL *s)
++int dtls1_check_timeout_num(SSL *s)
+ 	{
+-	DTLS1_STATE *state;
++	s->d1->timeout.num_alerts++;
+ 
+-	/* if no timer is expired, don't do anything */
+-	if (!dtls1_is_timer_expired(s))
++	/* Reduce MTU after 2 unsuccessful retransmissions */
++	if (s->d1->timeout.num_alerts > 2)
+ 		{
+-		return 0;
++		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
+ 		}
+ 
+-	dtls1_double_timeout(s);
+-	state = s->d1;
+-	state->timeout.num_alerts++;
+-	if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
++	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+ 		{
+ 		/* fail the connection, enough alerts have been sent */
+-		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
++		SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
++		return -1;
++		}
++
++	return 0;
++	}
++
++int dtls1_handle_timeout(SSL *s)
++	{
++	/* if no timer is expired, don't do anything */
++	if (!dtls1_is_timer_expired(s))
++		{
+ 		return 0;
+ 		}
+ 
+-	state->timeout.read_timeouts++;
+-	if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
++	dtls1_double_timeout(s);
++
++	if (dtls1_check_timeout_num(s) < 0)
++		return -1;
++
++	s->d1->timeout.read_timeouts++;
++	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+ 		{
+-		state->timeout.read_timeouts = 1;
++		s->d1->timeout.read_timeouts = 1;
+ 		}
+ 
+ 	dtls1_start_timer(s);
+Index: crypto/openssl/ssl/d1_pkt.c
+===================================================================
+--- crypto/openssl/ssl/d1_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/d1_pkt.c	(working copy)
+@@ -139,7 +139,6 @@ static int dtls1_process_record(SSL *s);
+ #if PQ_64BIT_IS_INTEGER
+ static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
+ #endif
+-static void dtls1_clear_timeouts(SSL *s);
+ 
+ /* copy buffered record into SSL structure */
+ static int
+@@ -328,15 +327,13 @@ dtls1_get_buffered_record(SSL *s)
+ static int
+ dtls1_process_record(SSL *s)
+ {
+-    int al;
+-	int clear=0;
+-    int enc_err;
++	int i,al;
++	int enc_err;
+ 	SSL_SESSION *sess;
+-    SSL3_RECORD *rr;
+-	unsigned int mac_size;
++	SSL3_RECORD *rr;
++	unsigned int mac_size, orig_len;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+ 
+-
+ 	rr= &(s->s3->rrec);
+     sess = s->session;
+ 
+@@ -365,15 +362,18 @@ dtls1_process_record(SSL *s)
+ 
+ 	/* decrypt in place in 'rr->input' */
+ 	rr->data=rr->input;
++	orig_len=rr->length;
+ 
+ 	enc_err = s->method->ssl3_enc->enc(s,0);
+-	if (enc_err <= 0)
++	/* enc_err is:
++	 *    0: (in non-constant time) if the record is publically invalid.
++	 *    1: if the padding is valid
++	 *    -1: if the padding is invalid */
++	if (enc_err == 0)
+ 		{
+-		if (enc_err == 0)
+-			/* SSLerr() and ssl3_send_alert() have been called */
+-			goto err;
+-
+-		/* otherwise enc_err == -1 */
++		/* For DTLS we simply ignore bad packets. */
++		rr->length = 0;
++		s->packet_length = 0;
+ 		goto err;
+ 		}
+ 
+@@ -384,44 +384,66 @@ printf("\n");
+ #endif
+ 
+ 	/* r->length is now the compressed data plus mac */
+-if (	(sess == NULL) ||
+-		(s->enc_read_ctx == NULL) ||
+-		(s->read_hash == NULL))
+-    clear=1;
+-
+-	if (!clear)
++	if ((sess != NULL) &&
++	    (s->enc_read_ctx != NULL) &&
++	    (s->read_hash != NULL))
+ 		{
++		/* s->read_hash != NULL => mac_size != -1 */
++		unsigned char *mac = NULL;
++		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ 		mac_size=EVP_MD_size(s->read_hash);
++		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ 
+-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++		/* orig_len is the length of the record before any padding was
++		 * removed. This is public information, as is the MAC in use,
++		 * therefore we can safely process the record in a different
++		 * amount of time if it's too short to possibly contain a MAC.
++		 */
++		if (orig_len < mac_size ||
++		    /* CBC records must have a padding length byte too. */
++		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++		     orig_len < mac_size+1))
+ 			{
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+-			al=SSL_AD_RECORD_OVERFLOW;
+-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+-			goto f_err;
+-#else
+-			goto err;
+-#endif			
+-			}
+-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+-		if (rr->length < mac_size)
+-			{
+-#if 0 /* OK only for stream ciphers */
+ 			al=SSL_AD_DECODE_ERROR;
+ 			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ 			goto f_err;
+-#else
+-			goto err;
+-#endif
+ 			}
+-		rr->length-=mac_size;
+-		s->method->ssl3_enc->mac(s,md,0);
+-		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
++
++		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ 			{
+-			goto err;
++			/* We update the length so that the TLS header bytes
++			 * can be constructed correctly but we need to extract
++			 * the MAC in constant time from within the record,
++			 * without leaking the contents of the padding bytes.
++			 * */
++			mac = mac_tmp;
++			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
++			rr->length -= mac_size;
+ 			}
++		else
++			{
++			/* In this case there's no padding, so |orig_len|
++			 * equals |rec->length| and we checked that there's
++			 * enough bytes for |mac_size| above. */
++			rr->length -= mac_size;
++			mac = &rr->data[rr->length];
++			}
++
++		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++			enc_err = -1;
++		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
++			enc_err = -1;
+ 		}
+ 
++	if (enc_err < 0)
++		{
++		/* decryption failed, silently discard message */
++		rr->length = 0;
++		s->packet_length = 0;
++		goto err;
++		}
++
+ 	/* r->length is now just compressed */
+ 	if (s->expand != NULL)
+ 		{
+@@ -615,10 +637,12 @@ again:
+ 
+ 	/* If this record is from the next epoch (either HM or ALERT),
+ 	 * and a handshake is currently in progress, buffer it since it
+-	 * cannot be processed at this time. */
++	 * cannot be processed at this time. However, do not buffer
++	 * anything while listening.
++	 */
+ 	if (is_next_epoch)
+ 		{
+-		if (SSL_in_init(s) || s->in_handshake)
++		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
+ 			{
+ 			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
+ 			}
+@@ -634,7 +658,6 @@ again:
+ 		goto again;     /* get another record */
+ 		}
+ 
+-	dtls1_clear_timeouts(s);  /* done waiting */
+ 	return(1);
+ 
+ 	}
+@@ -1103,6 +1126,9 @@ start:
+ 		 */
+ 		if (msg_hdr.type == SSL3_MT_FINISHED)
+ 			{
++			if (dtls1_check_timeout_num(s) < 0)
++				return -1;
++
+ 			dtls1_retransmit_buffered_messages(s);
+ 			rr->length = 0;
+ 			goto start;
+@@ -1806,10 +1832,3 @@ bytes_to_long_long(unsigned char *bytes, PQ_64BIT
+        return _num;
+        }
+ #endif
+-
+-
+-static void
+-dtls1_clear_timeouts(SSL *s)
+-	{
+-	memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
+-	}
+Index: crypto/openssl/ssl/d1_srvr.c
+===================================================================
+--- crypto/openssl/ssl/d1_srvr.c	(revision 248771)
++++ crypto/openssl/ssl/d1_srvr.c	(working copy)
+@@ -148,6 +148,7 @@ int dtls1_accept(SSL *s)
+ 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
+ 	int ret= -1;
+ 	int new_state,state,skip=0;
++	int listen;
+ 
+ 	RAND_add(&Time,sizeof(Time),0);
+ 	ERR_clear_error();
+@@ -157,11 +158,15 @@ int dtls1_accept(SSL *s)
+ 		cb=s->info_callback;
+ 	else if (s->ctx->info_callback != NULL)
+ 		cb=s->ctx->info_callback;
++	
++	listen = s->d1->listen;
+ 
+ 	/* init things to blank */
+ 	s->in_handshake++;
+ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 
++	s->d1->listen = listen;
++
+ 	if (s->cert == NULL)
+ 		{
+ 		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+@@ -271,11 +276,23 @@ int dtls1_accept(SSL *s)
+ 
+ 			s->init_num=0;
+ 
++			/* Reflect ClientHello sequence to remain stateless while listening */
++			if (listen)
++				{
++				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
++				}
++
+ 			/* If we're just listening, stop here */
+-			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
++			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+ 				{
+ 				ret = 2;
+ 				s->d1->listen = 0;
++				/* Set expected sequence numbers
++				 * to continue the handshake.
++				 */
++				s->d1->handshake_read_seq = 2;
++				s->d1->handshake_write_seq = 1;
++				s->d1->next_handshake_write_seq = 1;
+ 				goto end;
+ 				}
+ 			
+@@ -284,7 +301,6 @@ int dtls1_accept(SSL *s)
+ 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+ 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+ 
+-			dtls1_start_timer(s);
+ 			ret = dtls1_send_hello_verify_request(s);
+ 			if ( ret <= 0) goto end;
+ 			s->state=SSL3_ST_SW_FLUSH;
+@@ -457,15 +473,16 @@ int dtls1_accept(SSL *s)
+ 			ret = ssl3_check_client_hello(s);
+ 			if (ret <= 0)
+ 				goto end;
+-			dtls1_stop_timer(s);
+ 			if (ret == 2)
++				{
++				dtls1_stop_timer(s);
+ 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
++				}
+ 			else {
+ 				/* could be sent for a DH cert, even if we
+ 				 * have not asked for it :-) */
+ 				ret=ssl3_get_client_certificate(s);
+ 				if (ret <= 0) goto end;
+-				dtls1_stop_timer(s);
+ 				s->init_num=0;
+ 				s->state=SSL3_ST_SR_KEY_EXCH_A;
+ 			}
+@@ -475,7 +492,6 @@ int dtls1_accept(SSL *s)
+ 		case SSL3_ST_SR_KEY_EXCH_B:
+ 			ret=ssl3_get_client_key_exchange(s);
+ 			if (ret <= 0) goto end;
+-			dtls1_stop_timer(s);
+ 			s->state=SSL3_ST_SR_CERT_VRFY_A;
+ 			s->init_num=0;
+ 
+@@ -497,7 +513,6 @@ int dtls1_accept(SSL *s)
+ 			/* we should decide if we expected this one */
+ 			ret=ssl3_get_cert_verify(s);
+ 			if (ret <= 0) goto end;
+-			dtls1_stop_timer(s);
+ 
+ 			s->state=SSL3_ST_SR_FINISHED_A;
+ 			s->init_num=0;
+@@ -713,9 +728,6 @@ int dtls1_send_hello_verify_request(SSL *s)
+ 		/* number of bytes to write */
+ 		s->init_num=p-buf;
+ 		s->init_off=0;
+-
+-		/* buffer the message to handle re-xmits */
+-		dtls1_buffer_message(s, 0);
+ 		}
+ 
+ 	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+@@ -736,7 +748,7 @@ int dtls1_send_server_hello(SSL *s)
+ 		p=s->s3->server_random;
+ 		Time=(unsigned long)time(NULL);			/* Time */
+ 		l2n(Time,p);
+-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
++		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+ 		/* Do the message type and length last */
+ 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+ 
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c	(revision 248771)
++++ crypto/openssl/ssl/s2_clnt.c	(working copy)
+@@ -935,7 +935,7 @@ static int get_server_verify(SSL *s)
+ 		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
+ 	p += 1;
+ 
+-	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
++	if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+ 		{
+ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+Index: crypto/openssl/ssl/s2_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s2_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/s2_pkt.c	(working copy)
+@@ -267,8 +267,7 @@ static int ssl2_read_internal(SSL *s, void *buf, i
+ 			s->s2->ract_data_length-=mac_size;
+ 			ssl2_mac(s,mac,0);
+ 			s->s2->ract_data_length-=s->s2->padding;
+-			if (	(memcmp(mac,s->s2->mac_data,
+-				(unsigned int)mac_size) != 0) ||
++			if (	(CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
+ 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+ 				{
+ 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 248771)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
+ 		p+=3;
+ 		n2s(p,i); s->s2->tmp.clear=i;
+ 		n2s(p,i); s->s2->tmp.enc=i;
+-		n2s(p,i); s->session->key_arg_length=i;
+-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
++		n2s(p,i);
++		if(i > SSL_MAX_KEY_ARG_LENGTH)
+ 			{
+ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+ 			return -1;
+ 			}
++		s->session->key_arg_length=i;
+ 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+ 		}
+ 
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+--- crypto/openssl/ssl/s3_both.c	(revision 248771)
++++ crypto/openssl/ssl/s3_both.c	(working copy)
+@@ -242,7 +242,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
+ 		goto f_err;
+ 		}
+ 
+-	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
++	if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+ 		{
+ 		al=SSL_AD_DECRYPT_ERROR;
+ 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+Index: crypto/openssl/ssl/s3_cbc.c
+===================================================================
+--- crypto/openssl/ssl/s3_cbc.c	(revision 0)
++++ crypto/openssl/ssl/s3_cbc.c	(working copy)
+@@ -0,0 +1,762 @@
++/* ssl/s3_cbc.c */
++/* ====================================================================
++ * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include "ssl_locl.h"
++
++#include <openssl/md5.h>
++#include <openssl/sha.h>
++
++/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
++ * field. (SHA-384/512 have 128-bit length.) */
++#define MAX_HASH_BIT_COUNT_BYTES 16
++
++/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
++ * Currently SHA-384/512 has a 128-byte block size and that's the largest
++ * supported by TLS.) */
++#define MAX_HASH_BLOCK_SIZE 128
++
++/* Some utility functions are needed:
++ *
++ * These macros return the given value with the MSB copied to all the other
++ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
++ * However, this is not ensured by the C standard so you may need to replace
++ * them with something else on odd CPUs. */
++#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
++#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
++
++/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
++static unsigned constant_time_ge(unsigned a, unsigned b)
++	{
++	a -= b;
++	return DUPLICATE_MSB_TO_ALL(~a);
++	}
++
++/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
++static unsigned char constant_time_eq_8(unsigned char a, unsigned char b)
++	{
++	unsigned c = a ^ b;
++	c--;
++	return DUPLICATE_MSB_TO_ALL_8(c);
++	}
++
++/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
++ * record in |rec| by updating |rec->length| in constant time.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ *   0: (in non-constant time) if the record is publicly invalid.
++ *   1: if the padding was valid
++ *  -1: otherwise. */
++int ssl3_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size)
++	{
++	unsigned padding_length, good;
++	const unsigned overhead = 1 /* padding length byte */ + mac_size;
++
++	/* These lengths are all public so we can test them in non-constant
++	 * time. */
++	if (overhead > rec->length)
++		return 0;
++
++	padding_length = rec->data[rec->length-1];
++	good = constant_time_ge(rec->length, padding_length+overhead);
++	/* SSLv3 requires that the padding is minimal. */
++	good &= constant_time_ge(block_size, padding_length+1);
++	padding_length = good & (padding_length+1);
++	rec->length -= padding_length;
++	rec->type |= padding_length<<8;	/* kludge: pass padding length */
++	return (int)((good & 1) | (~good & -1));
++}
++
++/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
++ * record in |rec| in constant time and returns 1 if the padding is valid and
++ * -1 otherwise. It also removes any explicit IV from the start of the record
++ * without leaking any timing about whether there was enough space after the
++ * padding was removed.
++ *
++ * block_size: the block size of the cipher used to encrypt the record.
++ * returns:
++ *   0: (in non-constant time) if the record is publicly invalid.
++ *   1: if the padding was valid
++ *  -1: otherwise. */
++int tls1_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size)
++	{
++	unsigned padding_length, good, to_check, i;
++	const char has_explicit_iv = s->version == DTLS1_VERSION;
++	const unsigned overhead = 1 /* padding length byte */ +
++				  mac_size +
++				  (has_explicit_iv ? block_size : 0);
++
++	/* These lengths are all public so we can test them in non-constant
++	 * time. */
++	if (overhead > rec->length)
++		return 0;
++
++	padding_length = rec->data[rec->length-1];
++
++	/* NB: if compression is in operation the first packet may not be of
++	 * even length so the padding bug check cannot be performed. This bug
++	 * workaround has been around since SSLeay so hopefully it is either
++	 * fixed now or no buggy implementation supports compression [steve]
++	 */
++	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
++		{
++		/* First packet is even in size, so check */
++		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
++		    !(padding_length & 1))
++			{
++			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
++			}
++		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
++		    padding_length > 0)
++			{
++			padding_length--;
++			}
++		}
++
++	good = constant_time_ge(rec->length, overhead+padding_length);
++	/* The padding consists of a length byte at the end of the record and
++	 * then that many bytes of padding, all with the same value as the
++	 * length byte. Thus, with the length byte included, there are i+1
++	 * bytes of padding.
++	 *
++	 * We can't check just |padding_length+1| bytes because that leaks
++	 * decrypted information. Therefore we always have to check the maximum
++	 * amount of padding possible. (Again, the length of the record is
++	 * public information so we can use it.) */
++	to_check = 255; /* maximum amount of padding. */
++	if (to_check > rec->length-1)
++		to_check = rec->length-1;
++
++	for (i = 0; i < to_check; i++)
++		{
++		unsigned char mask = constant_time_ge(padding_length, i);
++		unsigned char b = rec->data[rec->length-1-i];
++		/* The final |padding_length+1| bytes should all have the value
++		 * |padding_length|. Therefore the XOR should be zero. */
++		good &= ~(mask&(padding_length ^ b));
++		}
++
++	/* If any of the final |padding_length+1| bytes had the wrong value,
++	 * one or more of the lower eight bits of |good| will be cleared. We
++	 * AND the bottom 8 bits together and duplicate the result to all the
++	 * bits. */
++	good &= good >> 4;
++	good &= good >> 2;
++	good &= good >> 1;
++	good <<= sizeof(good)*8-1;
++	good = DUPLICATE_MSB_TO_ALL(good);
++
++	padding_length = good & (padding_length+1);
++	rec->length -= padding_length;
++	rec->type |= padding_length<<8;	/* kludge: pass padding length */
++
++	/* We can always safely skip the explicit IV. We check at the beginning
++	 * of this function that the record has at least enough space for the
++	 * IV, MAC and padding length byte. (These can be checked in
++	 * non-constant time because it's all public information.) So, if the
++	 * padding was invalid, then we didn't change |rec->length| and this is
++	 * safe. If the padding was valid then we know that we have at least
++	 * overhead+padding_length bytes of space and so this is still safe
++	 * because overhead accounts for the explicit IV. */
++	if (has_explicit_iv)
++		{
++		rec->data += block_size;
++		rec->input += block_size;
++		rec->length -= block_size;
++		}
++
++	return (int)((good & 1) | (~good & -1));
++	}
++
++#if defined(_M_AMD64) || defined(__x86_64__)
++#define CBC_MAC_ROTATE_IN_PLACE
++#endif
++
++/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
++ * constant time (independent of the concrete value of rec->length, which may
++ * vary within a 256-byte window).
++ *
++ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
++ * this function.
++ *
++ * On entry:
++ *   rec->orig_len >= md_size
++ *   md_size <= EVP_MAX_MD_SIZE
++ *
++ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
++ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
++ * a single cache-line, then the variable memory accesses don't actually affect
++ * the timing. This has been tested to be true on Intel amd64 chips.
++ */
++void ssl3_cbc_copy_mac(unsigned char* out,
++		       const SSL3_RECORD *rec,
++		       unsigned md_size,unsigned orig_len)
++	{
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2];
++	unsigned char *rotated_mac;
++#else
++	unsigned char rotated_mac[EVP_MAX_MD_SIZE];
++#endif
++
++	/* mac_end is the index of |rec->data| just after the end of the MAC. */
++	unsigned mac_end = rec->length;
++	unsigned mac_start = mac_end - md_size;
++	/* scan_start contains the number of bytes that we can ignore because
++	 * the MAC's position can only vary by 255 bytes. */
++	unsigned scan_start = 0;
++	unsigned i, j;
++	unsigned div_spoiler;
++	unsigned rotate_offset;
++
++	OPENSSL_assert(orig_len >= md_size);
++	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63);
++#endif
++
++	/* This information is public so it's safe to branch based on it. */
++	if (orig_len > md_size + 255 + 1)
++		scan_start = orig_len - (md_size + 255 + 1);
++	/* div_spoiler contains a multiple of md_size that is used to cause the
++	 * modulo operation to be constant time. Without this, the time varies
++	 * based on the amount of padding when running on Intel chips at least.
++	 *
++	 * The aim of right-shifting md_size is so that the compiler doesn't
++	 * figure out that it can remove div_spoiler as that would require it
++	 * to prove that md_size is always even, which I hope is beyond it. */
++	div_spoiler = md_size >> 1;
++	div_spoiler <<= (sizeof(div_spoiler)-1)*8;
++	rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
++
++	memset(rotated_mac, 0, md_size);
++	for (i = scan_start; i < orig_len;)
++		{
++		for (j = 0; j < md_size && i < orig_len; i++, j++)
++			{
++			unsigned char mac_started = constant_time_ge(i, mac_start);
++			unsigned char mac_ended = constant_time_ge(i, mac_end);
++			unsigned char b = 0;
++			b = rec->data[i];
++			rotated_mac[j] |= b & mac_started & ~mac_ended;
++			}
++		}
++
++	/* Now rotate the MAC */
++#if defined(CBC_MAC_ROTATE_IN_PLACE)
++	j = 0;
++	for (i = 0; i < md_size; i++)
++		{
++		unsigned char offset = (div_spoiler + rotate_offset + i) % md_size;
++		out[j++] = rotated_mac[offset];
++		}
++#else
++	memset(out, 0, md_size);
++	for (i = 0; i < md_size; i++)
++		{
++		unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
++		for (j = 0; j < md_size; j++)
++			out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset);
++		}
++#endif
++	}
++
++/* These functions serialize the state of a hash and thus perform the standard
++ * "final" operation without adding the padding and length that such a function
++ * typically does. */
++static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
++	{
++	MD5_CTX *md5 = ctx;
++	l2n(md5->A, md_out);
++	l2n(md5->B, md_out);
++	l2n(md5->C, md_out);
++	l2n(md5->D, md_out);
++	}
++
++static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA_CTX *sha1 = ctx;
++	l2n(sha1->h0, md_out);
++	l2n(sha1->h1, md_out);
++	l2n(sha1->h2, md_out);
++	l2n(sha1->h3, md_out);
++	l2n(sha1->h4, md_out);
++	}
++#define LARGEST_DIGEST_CTX SHA_CTX
++
++#ifndef OPENSSL_NO_SHA256
++static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA256_CTX *sha256 = ctx;
++	unsigned i;
++
++	for (i = 0; i < 8; i++)
++		{
++		l2n(sha256->h[i], md_out);
++		}
++	}
++#undef  LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA256_CTX
++#endif
++
++#ifndef OPENSSL_NO_SHA512
++static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
++	{
++	SHA512_CTX *sha512 = ctx;
++	unsigned i;
++
++	for (i = 0; i < 8; i++)
++		{
++		l2n8(sha512->h[i], md_out);
++		}
++	}
++#undef  LARGEST_DIGEST_CTX
++#define LARGEST_DIGEST_CTX SHA512_CTX
++#endif
++
++/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
++ * which ssl3_cbc_digest_record supports. */
++char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
++	{
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode())
++		return 0;
++#endif
++	switch (EVP_MD_type(digest))
++		{
++		case NID_md5:
++		case NID_sha1:
++#ifndef OPENSSL_NO_SHA256
++		case NID_sha224:
++		case NID_sha256:
++#endif
++#ifndef OPENSSL_NO_SHA512
++		case NID_sha384:
++		case NID_sha512:
++#endif
++			return 1;
++		default:
++			return 0;
++		}
++	}
++
++/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
++ * record.
++ *
++ *   ctx: the EVP_MD_CTX from which we take the hash function.
++ *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
++ *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
++ *   md_out_size: if non-NULL, the number of output bytes is written here.
++ *   header: the 13-byte, TLS record header.
++ *   data: the record data itself, less any preceeding explicit IV.
++ *   data_plus_mac_size: the secret, reported length of the data and MAC
++ *     once the padding has been removed.
++ *   data_plus_mac_plus_padding_size: the public length of the whole
++ *     record, including padding.
++ *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
++ *
++ * On entry: by virtue of having been through one of the remove_padding
++ * functions, above, we know that data_plus_mac_size is large enough to contain
++ * a padding byte and MAC. (If the padding was invalid, it might contain the
++ * padding too. ) */
++void ssl3_cbc_digest_record(
++	const EVP_MD *digest,
++	unsigned char* md_out,
++	size_t* md_out_size,
++	const unsigned char header[13],
++	const unsigned char *data,
++	size_t data_plus_mac_size,
++	size_t data_plus_mac_plus_padding_size,
++	const unsigned char *mac_secret,
++	unsigned mac_secret_length,
++	char is_sslv3)
++	{
++	union {	double align;
++		unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
++	void (*md_final_raw)(void *ctx, unsigned char *md_out);
++	void (*md_transform)(void *ctx, const unsigned char *block);
++	unsigned md_size, md_block_size = 64;
++	unsigned sslv3_pad_length = 40, header_length, variance_blocks,
++		 len, max_mac_bytes, num_blocks,
++		 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
++	unsigned int bits;	/* at most 18 bits */
++	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
++	/* hmac_pad is the masked HMAC key. */
++	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
++	unsigned char first_block[MAX_HASH_BLOCK_SIZE];
++	unsigned char mac_out[EVP_MAX_MD_SIZE];
++	unsigned i, j, md_out_size_u;
++	EVP_MD_CTX md_ctx;
++	/* mdLengthSize is the number of bytes in the length field that terminates
++	* the hash. */
++	unsigned md_length_size = 8;
++
++	/* This is a, hopefully redundant, check that allows us to forget about
++	 * many possible overflows later in this function. */
++	OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
++
++	switch (EVP_MD_type(digest))
++		{
++		case NID_md5:
++			MD5_Init((MD5_CTX*)md_state.c);
++			md_final_raw = tls1_md5_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
++			md_size = 16;
++			sslv3_pad_length = 48;
++			break;
++		case NID_sha1:
++			SHA1_Init((SHA_CTX*)md_state.c);
++			md_final_raw = tls1_sha1_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
++			md_size = 20;
++			break;
++#ifndef OPENSSL_NO_SHA256
++		case NID_sha224:
++			SHA224_Init((SHA256_CTX*)md_state.c);
++			md_final_raw = tls1_sha256_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++			md_size = 224/8;
++			break;
++		case NID_sha256:
++			SHA256_Init((SHA256_CTX*)md_state.c);
++			md_final_raw = tls1_sha256_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
++			md_size = 32;
++			break;
++#endif
++#ifndef OPENSSL_NO_SHA512
++		case NID_sha384:
++			SHA384_Init((SHA512_CTX*)md_state.c);
++			md_final_raw = tls1_sha512_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++			md_size = 384/8;
++			md_block_size = 128;
++			md_length_size = 16;
++			break;
++		case NID_sha512:
++			SHA512_Init((SHA512_CTX*)md_state.c);
++			md_final_raw = tls1_sha512_final_raw;
++			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
++			md_size = 64;
++			md_block_size = 128;
++			md_length_size = 16;
++			break;
++#endif
++		default:
++			/* ssl3_cbc_record_digest_supported should have been
++			 * called first to check that the hash function is
++			 * supported. */
++			OPENSSL_assert(0);
++			if (md_out_size)
++				*md_out_size = -1;
++			return;
++		}
++
++	OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
++	OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
++	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
++
++	header_length = 13;
++	if (is_sslv3)
++		{
++		header_length =
++			mac_secret_length +
++			sslv3_pad_length +
++			8 /* sequence number */ +
++			1 /* record type */ +
++			2 /* record length */;
++		}
++
++	/* variance_blocks is the number of blocks of the hash that we have to
++	 * calculate in constant time because they could be altered by the
++	 * padding value.
++	 *
++	 * In SSLv3, the padding must be minimal so the end of the plaintext
++	 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
++	 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
++	 * termination (0x80 + 64-bit length) don't fit in the final block, we
++	 * say that the final two blocks can vary based on the padding.
++	 *
++	 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
++	 * required to be minimal. Therefore we say that the final six blocks
++	 * can vary based on the padding.
++	 *
++	 * Later in the function, if the message is short and there obviously
++	 * cannot be this many blocks then variance_blocks can be reduced. */
++	variance_blocks = is_sslv3 ? 2 : 6;
++	/* From now on we're dealing with the MAC, which conceptually has 13
++	 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
++	 * (SSLv3) */
++	len = data_plus_mac_plus_padding_size + header_length;
++	/* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
++	* |header|, assuming that there's no padding. */
++	max_mac_bytes = len - md_size - 1;
++	/* num_blocks is the maximum number of hash blocks. */
++	num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
++	/* In order to calculate the MAC in constant time we have to handle
++	 * the final blocks specially because the padding value could cause the
++	 * end to appear somewhere in the final |variance_blocks| blocks and we
++	 * can't leak where. However, |num_starting_blocks| worth of data can
++	 * be hashed right away because no padding value can affect whether
++	 * they are plaintext. */
++	num_starting_blocks = 0;
++	/* k is the starting byte offset into the conceptual header||data where
++	 * we start processing. */
++	k = 0;
++	/* mac_end_offset is the index just past the end of the data to be
++	 * MACed. */
++	mac_end_offset = data_plus_mac_size + header_length - md_size;
++	/* c is the index of the 0x80 byte in the final hash block that
++	 * contains application data. */
++	c = mac_end_offset % md_block_size;
++	/* index_a is the hash block number that contains the 0x80 terminating
++	 * value. */
++	index_a = mac_end_offset / md_block_size;
++	/* index_b is the hash block number that contains the 64-bit hash
++	 * length, in bits. */
++	index_b = (mac_end_offset + md_length_size) / md_block_size;
++	/* bits is the hash-length in bits. It includes the additional hash
++	 * block for the masked HMAC key, or whole of |header| in the case of
++	 * SSLv3. */
++
++	/* For SSLv3, if we're going to have any starting blocks then we need
++	 * at least two because the header is larger than a single block. */
++	if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
++		{
++		num_starting_blocks = num_blocks - variance_blocks;
++		k = md_block_size*num_starting_blocks;
++		}
++
++	bits = 8*mac_end_offset;
++	if (!is_sslv3)
++		{
++		/* Compute the initial HMAC block. For SSLv3, the padding and
++		 * secret bytes are included in |header| because they take more
++		 * than a single block. */
++		bits += 8*md_block_size;
++		memset(hmac_pad, 0, md_block_size);
++		OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
++		memcpy(hmac_pad, mac_secret, mac_secret_length);
++		for (i = 0; i < md_block_size; i++)
++			hmac_pad[i] ^= 0x36;
++
++		md_transform(md_state.c, hmac_pad);
++		}
++
++	memset(length_bytes,0,md_length_size-4);
++	length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
++	length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
++	length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
++	length_bytes[md_length_size-1] = (unsigned char)bits;
++
++	if (k > 0)
++		{
++		if (is_sslv3)
++			{
++			/* The SSLv3 header is larger than a single block.
++			 * overhang is the number of bytes beyond a single
++			 * block that the header consumes: either 7 bytes
++			 * (SHA1) or 11 bytes (MD5). */
++			unsigned overhang = header_length-md_block_size;
++			md_transform(md_state.c, header);
++			memcpy(first_block, header + md_block_size, overhang);
++			memcpy(first_block + overhang, data, md_block_size-overhang);
++			md_transform(md_state.c, first_block);
++			for (i = 1; i < k/md_block_size - 1; i++)
++				md_transform(md_state.c, data + md_block_size*i - overhang);
++			}
++		else
++			{
++			/* k is a multiple of md_block_size. */
++			memcpy(first_block, header, 13);
++			memcpy(first_block+13, data, md_block_size-13);
++			md_transform(md_state.c, first_block);
++			for (i = 1; i < k/md_block_size; i++)
++				md_transform(md_state.c, data + md_block_size*i - 13);
++			}
++		}
++
++	memset(mac_out, 0, sizeof(mac_out));
++
++	/* We now process the final hash blocks. For each block, we construct
++	 * it in constant time. If the |i==index_a| then we'll include the 0x80
++	 * bytes and zero pad etc. For each block we selectively copy it, in
++	 * constant time, to |mac_out|. */
++	for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
++		{
++		unsigned char block[MAX_HASH_BLOCK_SIZE];
++		unsigned char is_block_a = constant_time_eq_8(i, index_a);
++		unsigned char is_block_b = constant_time_eq_8(i, index_b);
++		for (j = 0; j < md_block_size; j++)
++			{
++			unsigned char b = 0, is_past_c, is_past_cp1;
++			if (k < header_length)
++				b = header[k];
++			else if (k < data_plus_mac_plus_padding_size + header_length)
++				b = data[k-header_length];
++			k++;
++
++			is_past_c = is_block_a & constant_time_ge(j, c);
++			is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
++			/* If this is the block containing the end of the
++			 * application data, and we are at the offset for the
++			 * 0x80 value, then overwrite b with 0x80. */
++			b = (b&~is_past_c) | (0x80&is_past_c);
++			/* If this the the block containing the end of the
++			 * application data and we're past the 0x80 value then
++			 * just write zero. */
++			b = b&~is_past_cp1;
++			/* If this is index_b (the final block), but not
++			 * index_a (the end of the data), then the 64-bit
++			 * length didn't fit into index_a and we're having to
++			 * add an extra block of zeros. */
++			b &= ~is_block_b | is_block_a;
++
++			/* The final bytes of one of the blocks contains the
++			 * length. */
++			if (j >= md_block_size - md_length_size)
++				{
++				/* If this is index_b, write a length byte. */
++				b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
++				}
++			block[j] = b;
++			}
++
++		md_transform(md_state.c, block);
++		md_final_raw(md_state.c, block);
++		/* If this is index_b, copy the hash value to |mac_out|. */
++		for (j = 0; j < md_size; j++)
++			mac_out[j] |= block[j]&is_block_b;
++		}
++
++	EVP_MD_CTX_init(&md_ctx);
++	EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
++	if (is_sslv3)
++		{
++		/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
++		memset(hmac_pad, 0x5c, sslv3_pad_length);
++
++		EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
++		EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
++		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++		}
++	else
++		{
++		/* Complete the HMAC in the standard manner. */
++		for (i = 0; i < md_block_size; i++)
++			hmac_pad[i] ^= 0x6a;
++
++		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
++		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
++		}
++	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
++	if (md_out_size)
++		*md_out_size = md_out_size_u;
++	EVP_MD_CTX_cleanup(&md_ctx);
++	}
++
++#ifdef OPENSSL_FIPS
++
++/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
++ * we can ensure the number of blocks processed is equal for all cases
++ * by digesting additional data.
++ */
++
++void tls_fips_digest_extra(
++	const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++	const unsigned char *data, size_t data_len, size_t orig_len)
++	{
++	size_t block_size, digest_pad, blocks_data, blocks_orig;
++	if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
++		return;
++	block_size = EVP_MD_block_size(hash);
++	/* We are in FIPS mode if we get this far so we know we have only SHA*
++	 * digests and TLS to deal with.
++	 * Minimum digest padding length is 17 for SHA384/SHA512 and 9
++	 * otherwise.
++	 * Additional header is 13 bytes. To get the number of digest blocks
++	 * processed round up the amount of data plus padding to the nearest
++	 * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
++	 * So we have:
++	 * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
++	 * equivalently:
++	 * blocks = (payload_len + digest_pad + 12)/block_size + 1
++	 * HMAC adds a constant overhead.
++	 * We're ultimately only interested in differences so this becomes
++	 * blocks = (payload_len + 29)/128
++	 * for SHA384/SHA512 and
++	 * blocks = (payload_len + 21)/64
++	 * otherwise.
++	 */
++	digest_pad = block_size == 64 ? 21 : 29;
++	blocks_orig = (orig_len + digest_pad)/block_size;
++	blocks_data = (data_len + digest_pad)/block_size;
++	/* MAC enough blocks to make up the difference between the original
++	 * and actual lengths plus one extra block to ensure this is never a
++	 * no op. The "data" pointer should always have enough space to
++	 * perform this operation as it is large enough for a maximum
++	 * length TLS buffer. 
++	 */
++	HMAC_Update(hctx, data,
++				(blocks_orig - blocks_data + 1) * block_size);
++	}
++#endif
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 248771)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
+ 			ret=ssl3_get_server_hello(s);
+ 			if (ret <= 0) goto end;
+ 			if (s->hit)
++				{
+ 				s->state=SSL3_ST_CR_FINISHED_A;
++#ifndef OPENSSL_NO_TLSEXT
++				if (s->tlsext_ticket_expected)
++					{
++					/* receive renewed session ticket */
++					s->state=SSL3_ST_CR_SESSION_TICKET_A;
++					}
++#endif
++				}
+ 			else
+ 				s->state=SSL3_ST_CR_CERT_A;
+ 			s->init_num=0;
+@@ -878,7 +887,7 @@ int ssl3_get_server_hello(SSL *s)
+ 		/* wrong packet length */
+ 		al=SSL_AD_DECODE_ERROR;
+ 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
+-		goto err;
++		goto f_err;
+ 		}
+ 
+ 	return(1);
+@@ -1713,7 +1722,7 @@ int ssl3_get_new_session_ticket(SSL *s)
+ 	if (n < 6)
+ 		{
+ 		/* need at least ticket_lifetime_hint + ticket length */
+-		al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
++		al = SSL_AD_DECODE_ERROR;
+ 		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ 		goto f_err;
+ 		}
+@@ -1724,7 +1733,7 @@ int ssl3_get_new_session_ticket(SSL *s)
+ 	/* ticket_lifetime_hint + ticket_length + ticket */
+ 	if (ticklen + 6 != n)
+ 		{
+-		al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
++		al = SSL_AD_DECODE_ERROR;
+ 		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
+ 		goto f_err;
+ 		}
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c	(revision 248771)
++++ crypto/openssl/ssl/s3_enc.c	(working copy)
+@@ -433,12 +433,21 @@ void ssl3_cleanup_key_block(SSL *s)
+ 	s->s3->tmp.key_block_length=0;
+ 	}
+ 
++/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding is invalid or, if sending, an internal error
++ *       occured.
++ */
+ int ssl3_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i;
++	int bs,i,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+@@ -489,32 +498,17 @@ int ssl3_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				{
+-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ 				return 0;
+-				}
+ 			/* otherwise, rec->length >= bs */
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+ 
++		if (s->read_hash != NULL)
++			mac_size = EVP_MD_size(s->read_hash);
++
+ 		if ((bs != 1) && !send)
+-			{
+-			i=rec->data[l-1]+1;
+-			/* SSL 3.0 bounds the number of padding bytes by the block size;
+-			 * padding bytes (except the last one) are arbitrary */
+-			if (i > bs)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+-				return -1;
+-				}
+-			/* now i <= bs <= rec->length */
+-			rec->length-=i;
+-			}
++			return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ 		}
+ 	return(1);
+ 	}
+@@ -591,7 +585,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ 	EVP_MD_CTX md_ctx;
+ 	const EVP_MD *hash;
+ 	unsigned char *p,rec_char;
+-	unsigned int md_size;
++	size_t md_size, orig_len;
+ 	int npad;
+ 
+ 	if (send)
+@@ -612,29 +606,73 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send
+ 	md_size=EVP_MD_size(hash);
+ 	npad=(48/md_size)*md_size;
+ 
+-	/* Chop the digest off the end :-) */
+-	EVP_MD_CTX_init(&md_ctx);
++	/* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
++	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++	rec->type &= 0xff;
+ 
+-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+-	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+-	EVP_DigestUpdate(&md_ctx,seq,8);
+-	rec_char=rec->type;
+-	EVP_DigestUpdate(&md_ctx,&rec_char,1);
+-	p=md;
+-	s2n(rec->length,p);
+-	EVP_DigestUpdate(&md_ctx,md,2);
+-	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+-	EVP_DigestFinal_ex( &md_ctx,md,NULL);
++	if (!send &&
++	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++	    ssl3_cbc_record_digest_supported(hash))
++		{
++		/* This is a CBC-encrypted record. We must avoid leaking any
++		 * timing-side channel information about how many blocks of
++		 * data we are hashing because that gives an attacker a
++		 * timing-oracle. */
+ 
+-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+-	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+-	EVP_DigestUpdate(&md_ctx,md,md_size);
+-	EVP_DigestFinal_ex( &md_ctx,md,&md_size);
++		/* npad is, at most, 48 bytes and that's with MD5:
++		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
++		 *
++		 * With SHA-1 (the largest hash speced for SSLv3) the hash size
++		 * goes up 4, but npad goes down by 8, resulting in a smaller
++		 * total size. */
++		unsigned char header[75];
++		unsigned j = 0;
++		memcpy(header+j, mac_sec, md_size);
++		j += md_size;
++		memcpy(header+j, ssl3_pad_1, npad);
++		j += npad;
++		memcpy(header+j, seq, 8);
++		j += 8;
++		header[j++] = rec->type;
++		header[j++] = rec->length >> 8;
++		header[j++] = rec->length & 0xff;
+ 
+-	EVP_MD_CTX_cleanup(&md_ctx);
++		ssl3_cbc_digest_record(
++			hash,
++			md, &md_size,
++			header, rec->input,
++			rec->length + md_size, orig_len,
++			mac_sec, md_size,
++			1 /* is SSLv3 */);
++		}
++	else
++		{
++		unsigned int md_size_u;
++		/* Chop the digest off the end :-) */
++		EVP_MD_CTX_init(&md_ctx);
+ 
++		EVP_DigestInit_ex( &md_ctx,hash, NULL);
++		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++		EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
++		EVP_DigestUpdate(&md_ctx,seq,8);
++		rec_char=rec->type;
++		EVP_DigestUpdate(&md_ctx,&rec_char,1);
++		p=md;
++		s2n(rec->length,p);
++		EVP_DigestUpdate(&md_ctx,md,2);
++		EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
++		EVP_DigestFinal_ex( &md_ctx,md,NULL);
++
++		EVP_DigestInit_ex( &md_ctx,hash, NULL);
++		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
++		EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
++		EVP_DigestUpdate(&md_ctx,md,md_size);
++		EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
++		md_size = md_size_u;
++
++		EVP_MD_CTX_cleanup(&md_ctx);
++	}
++
+ 	ssl3_record_sequence_update(seq);
+ 	return(md_size);
+ 	}
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c	(revision 248771)
++++ crypto/openssl/ssl/s3_lib.c	(working copy)
+@@ -2641,4 +2641,3 @@ need to go to SSL_ST_ACCEPT.
+ 		}
+ 	return(ret);
+ 	}
+-
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s3_pkt.c	(revision 248771)
++++ crypto/openssl/ssl/s3_pkt.c	(working copy)
+@@ -246,11 +246,8 @@ static int ssl3_get_record(SSL *s)
+ 	unsigned char *p;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+ 	short version;
+-	unsigned int mac_size;
+-	int clear=0;
++	unsigned mac_size, orig_len;
+ 	size_t extra;
+-	int decryption_failed_or_bad_record_mac = 0;
+-	unsigned char *mac = NULL;
+ 
+ 	rr= &(s->s3->rrec);
+ 	sess=s->session;
+@@ -354,19 +351,18 @@ again:
+ 
+ 	/* decrypt in place in 'rr->input' */
+ 	rr->data=rr->input;
++	orig_len=rr->length;
+ 
+ 	enc_err = s->method->ssl3_enc->enc(s,0);
+-	if (enc_err <= 0)
++	/* enc_err is:
++	 *    0: (in non-constant time) if the record is publically invalid.
++	 *    1: if the padding is valid
++	 *    -1: if the padding is invalid */
++	if (enc_err == 0)
+ 		{
+-		if (enc_err == 0)
+-			/* SSLerr() and ssl3_send_alert() have been called */
+-			goto err;
+-
+-		/* Otherwise enc_err == -1, which indicates bad padding
+-		 * (rec->length has not been changed in this case).
+-		 * To minimize information leaked via timing, we will perform
+-		 * the MAC computation anyway. */
+-		decryption_failed_or_bad_record_mac = 1;
++		al=SSL_AD_DECRYPTION_FAILED;
++		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++		goto f_err;
+ 		}
+ 
+ #ifdef TLS_DEBUG
+@@ -376,51 +372,59 @@ printf("\n");
+ #endif
+ 
+ 	/* r->length is now the compressed data plus mac */
+-	if (	(sess == NULL) ||
+-		(s->enc_read_ctx == NULL) ||
+-		(s->read_hash == NULL))
+-		clear=1;
+-
+-	if (!clear)
++	if ((sess != NULL) &&
++	    (s->enc_read_ctx != NULL) &&
++	    (s->read_hash != NULL))
+ 		{
++		/* s->read_hash != NULL => mac_size != -1 */
++		unsigned char *mac = NULL;
++		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ 		mac_size=EVP_MD_size(s->read_hash);
++		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+ 
+-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++		/* orig_len is the length of the record before any padding was
++		 * removed. This is public information, as is the MAC in use,
++		 * therefore we can safely process the record in a different
++		 * amount of time if it's too short to possibly contain a MAC.
++		 */
++		if (orig_len < mac_size ||
++		    /* CBC records must have a padding length byte too. */
++		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++		     orig_len < mac_size+1))
+ 			{
+-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+-			al=SSL_AD_RECORD_OVERFLOW;
+-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
++			al=SSL_AD_DECODE_ERROR;
++			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ 			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-#endif			
+ 			}
+-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+-		if (rr->length >= mac_size)
++
++		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
+ 			{
++			/* We update the length so that the TLS header bytes
++			 * can be constructed correctly but we need to extract
++			 * the MAC in constant time from within the record,
++			 * without leaking the contents of the padding bytes.
++			 * */
++			mac = mac_tmp;
++			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ 			rr->length -= mac_size;
+-			mac = &rr->data[rr->length];
+ 			}
+ 		else
+ 			{
+-			/* record (minus padding) is too short to contain a MAC */
+-#if 0 /* OK only for stream ciphers */
+-			al=SSL_AD_DECODE_ERROR;
+-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+-			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-			rr->length = 0;
+-#endif
++			/* In this case there's no padding, so |orig_len|
++			 * equals |rec->length| and we checked that there's
++			 * enough bytes for |mac_size| above. */
++			rr->length -= mac_size;
++			mac = &rr->data[rr->length];
+ 			}
+-		i=s->method->ssl3_enc->mac(s,md,0);
+-		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+-			{
+-			decryption_failed_or_bad_record_mac = 1;
+-			}
++
++		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
++		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
++			enc_err = -1;
++		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
++			enc_err = -1;
+ 		}
+ 
+-	if (decryption_failed_or_bad_record_mac)
++	if (enc_err < 0)
+ 		{
+ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 248771)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -1005,7 +1005,7 @@ int ssl3_get_client_hello(SSL *s)
+ 			goto f_err;
+ 			}
+ 		}
+-		if (ssl_check_clienthello_tlsext(s) <= 0) {
++		if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ 			goto err;
+ 		}
+@@ -1131,6 +1131,16 @@ int ssl3_get_client_hello(SSL *s)
+ 	 * s->tmp.new_cipher	- the new cipher to use.
+ 	 */
+ 
++	/* Handles TLS extensions that we couldn't check earlier */
++	if (s->version >= SSL3_VERSION)
++		{
++		if (ssl_check_clienthello_tlsext_late(s) <= 0)
++			{
++			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
++			goto err;
++			}
++		}
++
+ 	if (ret < 0) ret=1;
+ 	if (0)
+ 		{
+@@ -1571,6 +1581,7 @@ int ssl3_send_server_key_exchange(SSL *s)
+ 			    (unsigned char *)encodedPoint, 
+ 			    encodedlen);
+ 			OPENSSL_free(encodedPoint);
++			encodedPoint = NULL;
+ 			p += encodedlen;
+ 			}
+ #endif
+@@ -1960,6 +1971,7 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 		if (i <= 0)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
++			BN_clear_free(pub);
+ 			goto err;
+ 			}
+ 
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 248771)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -1682,6 +1682,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_DTLS1_ACCEPT				 246
+ #define SSL_F_DTLS1_ADD_CERT_TO_BUF			 280
+ #define SSL_F_DTLS1_BUFFER_RECORD			 247
++#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM			 293
+ #define SSL_F_DTLS1_CLIENT_HELLO			 248
+ #define SSL_F_DTLS1_CONNECT				 249
+ #define SSL_F_DTLS1_ENC					 250
+@@ -1819,6 +1820,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_GET_NEW_SESSION			 181
+ #define SSL_F_SSL_GET_PREV_SESSION			 217
+ #define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
++#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 317
+ #define SSL_F_SSL_GET_SIGN_PKEY				 183
+ #define SSL_F_SSL_INIT_WBIO_BUFFER			 184
+ #define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
+Index: crypto/openssl/ssl/ssl_ciph.c
+===================================================================
+--- crypto/openssl/ssl/ssl_ciph.c	(revision 248771)
++++ crypto/openssl/ssl/ssl_ciph.c	(working copy)
+@@ -303,6 +303,7 @@ static void load_builtin_compressions(void)
+ 						sk_SSL_COMP_push(ssl_comp_methods,comp);
+ 						}
+ 					}
++					sk_SSL_COMP_sort(ssl_comp_methods);
+ 				}
+ 			MemCheck_on();
+ 			}
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 248771)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -1,6 +1,6 @@
+ /* ssl/ssl_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -80,6 +80,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_DTLS1_ACCEPT),	"DTLS1_ACCEPT"},
+ {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF),	"DTLS1_ADD_CERT_TO_BUF"},
+ {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),	"DTLS1_BUFFER_RECORD"},
++{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM),	"DTLS1_CHECK_TIMEOUT_NUM"},
+ {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),	"DTLS1_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_DTLS1_CONNECT),	"DTLS1_CONNECT"},
+ {ERR_FUNC(SSL_F_DTLS1_ENC),	"DTLS1_ENC"},
+@@ -217,6 +218,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),	"SSL_GET_NEW_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),	"SSL_GET_PREV_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),	"SSL_GET_SERVER_SEND_CERT"},
++{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),	"SSL_GET_SERVER_SEND_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),	"SSL_GET_SIGN_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),	"SSL_INIT_WBIO_BUFFER"},
+ {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+--- crypto/openssl/ssl/ssl_lib.c	(revision 248771)
++++ crypto/openssl/ssl/ssl_lib.c	(working copy)
+@@ -1000,6 +1000,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
+ 		s->max_cert_list=larg;
+ 		return(l);
+ 	case SSL_CTRL_SET_MTU:
++#ifndef OPENSSL_NO_DTLS1
++		if (larg < (long)dtls1_min_mtu())
++			return 0;
++#endif
++
+ 		if (SSL_version(s) == DTLS1_VERSION ||
+ 		    SSL_version(s) == DTLS1_BAD_VER)
+ 			{
+@@ -1938,7 +1943,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ 	}
+ 
+ /* THIS NEEDS CLEANING UP */
+-X509 *ssl_get_server_send_cert(SSL *s)
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+ 	{
+ 	unsigned long alg,kalg;
+ 	CERT *c;
+@@ -1988,14 +1993,22 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE
+ 		}
+ 	else /* if (kalg & SSL_aNULL) */
+ 		{
+-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
++		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
+ 		return(NULL);
+ 		}
+-	if (c->pkeys[i].x509 == NULL) return(NULL);
+ 
+-	return(c->pkeys[i].x509);
++	return c->pkeys + i;
+ 	}
+ 
++X509 *ssl_get_server_send_cert(const SSL *s)
++	{
++	CERT_PKEY *cpk;
++	cpk = ssl_get_server_send_pkey(s);
++	if (!cpk)
++		return NULL;
++	return cpk->x509;
++	}
++
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+ 	{
+ 	unsigned long alg;
+@@ -2415,7 +2428,9 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ 	{
+-	if (s->cert != NULL)
++	if (s->server)
++		return(ssl_get_server_send_cert(s));
++	else if (s->cert != NULL)
+ 		return(s->cert->key->x509);
+ 	else
+ 		return(NULL);
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h	(revision 248771)
++++ crypto/openssl/ssl/ssl_locl.h	(working copy)
+@@ -189,6 +189,15 @@
+ 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ 			 *((c)++)=(unsigned char)(((l)    )&0xff))
+ 
++#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
++			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
++			 *((c)++)=(unsigned char)(((l)    )&0xff))
++
+ #define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
+ 			 l|=((BN_ULLONG)(*((c)++)))<<32, \
+ 			 l|=((BN_ULLONG)(*((c)++)))<<24, \
+@@ -740,7 +749,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *s
+ int ssl_undefined_function(SSL *s);
+ int ssl_undefined_void_function(void);
+ int ssl_undefined_const_function(const SSL *s);
+-X509 *ssl_get_server_send_cert(SSL *);
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
++X509 *ssl_get_server_send_cert(const SSL *);
+ EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+@@ -870,6 +880,7 @@ void dtls1_get_ccs_header(unsigned char *data, str
+ void dtls1_reset_seq_numbers(SSL *s, int rw);
+ long dtls1_default_timeout(void);
+ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
++int dtls1_check_timeout_num(SSL *s);
+ int dtls1_handle_timeout(SSL *s);
+ SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+ void dtls1_start_timer(SSL *s);
+@@ -877,6 +888,7 @@ void dtls1_stop_timer(SSL *s);
+ int dtls1_is_timer_expired(SSL *s);
+ void dtls1_double_timeout(SSL *s);
+ int dtls1_send_newsession_ticket(SSL *s);
++unsigned int dtls1_min_mtu(void);
+ 
+ 
+ /* some client-only functions */
+@@ -977,7 +989,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_prepare_clienthello_tlsext(SSL *s);
+ int ssl_prepare_serverhello_tlsext(SSL *s);
+-int ssl_check_clienthello_tlsext(SSL *s);
++int ssl_check_clienthello_tlsext_early(SSL *s);
++int ssl_check_clienthello_tlsext_late(SSL *s);
+ int ssl_check_serverhello_tlsext(SSL *s);
+ 
+ #ifdef OPENSSL_NO_SHA256
+@@ -999,5 +1012,33 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, un
+ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ 					  int *al);
+ #endif
++/* s3_cbc.c */
++void ssl3_cbc_copy_mac(unsigned char* out,
++		       const SSL3_RECORD *rec,
++		       unsigned md_size,unsigned orig_len);
++int ssl3_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size);
++int tls1_cbc_remove_padding(const SSL* s,
++			    SSL3_RECORD *rec,
++			    unsigned block_size,
++			    unsigned mac_size);
++char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
++void ssl3_cbc_digest_record(
++	const EVP_MD *hash,
++	unsigned char* md_out,
++	size_t* md_out_size,
++	const unsigned char header[13],
++	const unsigned char *data,
++	size_t data_plus_mac_size,
++	size_t data_plus_mac_plus_padding_size,
++	const unsigned char *mac_secret,
++	unsigned mac_secret_length,
++	char is_sslv3);
+ 
++void tls_fips_digest_extra(
++	const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
++	const unsigned char *data, size_t data_len, size_t orig_len);
++
+ #endif
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+--- crypto/openssl/ssl/t1_enc.c	(revision 248771)
++++ crypto/openssl/ssl/t1_enc.c	(working copy)
+@@ -264,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which)
+ 	{
+         int ki;
+         for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+-		printf("%02x", key_block[ki]);  printf("\n");
++		printf("%02x", s->s3->tmp.key_block[ki]);  printf("\n");
+         }
+ #endif	/* KSSL_DEBUG */
+ 
+@@ -528,12 +528,21 @@ err:
+ 	return(0);
+ 	}
+ 
++/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
++ *
++ * Returns:
++ *   0: (in non-constant time) if the record is publically invalid (i.e. too
++ *       short etc).
++ *   1: if the record's padding is valid / the encryption was successful.
++ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
++ *       an internal error occured.
++ */
+ int tls1_enc(SSL *s, int send)
+ 	{
+ 	SSL3_RECORD *rec;
+ 	EVP_CIPHER_CTX *ds;
+ 	unsigned long l;
+-	int bs,i,ii,j,k;
++	int bs,i,j,k,pad=0,ret,mac_size=0;
+ 	const EVP_CIPHER *enc;
+ 
+ 	if (send)
+@@ -559,11 +568,11 @@ int tls1_enc(SSL *s, int send)
+ 	printf("tls1_enc(%d)\n", send);
+ #endif    /* KSSL_DEBUG */
+ 
+-	if ((s->session == NULL) || (ds == NULL) ||
+-		(enc == NULL))
++	if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
+ 		{
+ 		memmove(rec->data,rec->input,rec->length);
+ 		rec->input=rec->data;
++		ret = 1;
+ 		}
+ 	else
+ 		{
+@@ -591,14 +600,13 @@ int tls1_enc(SSL *s, int send)
+ 
+ #ifdef KSSL_DEBUG
+ 		{
+-                unsigned long ui;
++		unsigned long ui;
+ 		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+-                        (void *)ds,rec->data,rec->input,l);
+-		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+-                        ds->buf_len, ds->cipher->key_len,
+-                        (unsigned long)DES_KEY_SZ,
+-			(unsigned long)DES_SCHEDULE_SZ,
+-                        ds->cipher->iv_len);
++			ds,rec->data,rec->input,l);
++		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
++			ds->buf_len, ds->cipher->key_len,
++			DES_KEY_SZ, DES_SCHEDULE_SZ,
++			ds->cipher->iv_len);
+ 		printf("\t\tIV: ");
+ 		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+ 		printf("\n");
+@@ -611,11 +619,7 @@ int tls1_enc(SSL *s, int send)
+ 		if (!send)
+ 			{
+ 			if (l == 0 || l%bs != 0)
+-				{
+-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ 				return 0;
+-				}
+ 			}
+ 		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+@@ -629,49 +633,15 @@ int tls1_enc(SSL *s, int send)
+                 }
+ #endif	/* KSSL_DEBUG */
+ 
++		ret = 1;
++		if (s->read_hash != NULL)
++			mac_size = EVP_MD_size(s->read_hash);
+ 		if ((bs != 1) && !send)
+-			{
+-			ii=i=rec->data[l-1]; /* padding_length */
+-			i++;
+-			/* NB: if compression is in operation the first packet
+-			 * may not be of even length so the padding bug check
+-			 * cannot be performed. This bug workaround has been
+-			 * around since SSLeay so hopefully it is either fixed
+-			 * now or no buggy implementation supports compression 
+-			 * [steve]
+-			 */
+-			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+-				&& !s->expand)
+-				{
+-				/* First packet is even in size, so check */
+-				if ((memcmp(s->s3->read_sequence,
+-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+-					i--;
+-				}
+-			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+-			 * All of them must have value 'padding_length'. */
+-			if (i > (int)rec->length)
+-				{
+-				/* Incorrect padding. SSLerr() and ssl3_alert are done
+-				 * by caller: we don't want to reveal whether this is
+-				 * a decryption error or a MAC verification failure
+-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+-				return -1;
+-				}
+-			for (j=(int)(l-i); j<(int)l; j++)
+-				{
+-				if (rec->data[j] != ii)
+-					{
+-					/* Incorrect padding */
+-					return -1;
+-					}
+-				}
+-			rec->length-=i;
+-			}
++			ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
++		if (pad && !send)
++			rec->length -= pad;
+ 		}
+-	return(1);
++	return ret;
+ 	}
+ 
+ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+@@ -719,10 +689,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 	SSL3_RECORD *rec;
+ 	unsigned char *mac_sec,*seq;
+ 	const EVP_MD *hash;
+-	unsigned int md_size;
++	size_t md_size, orig_len;
+ 	int i;
+ 	HMAC_CTX hmac;
+-	unsigned char buf[5]; 
++	unsigned char header[13];
+ 
+ 	if (send)
+ 		{
+@@ -741,20 +711,6 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 
+ 	md_size=EVP_MD_size(hash);
+ 
+-	buf[0]=rec->type;
+-	if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+-		{
+-		buf[1]=TLS1_VERSION_MAJOR;
+-		buf[2]=TLS1_VERSION_MINOR;
+-		}
+-	else	{
+-		buf[1]=(unsigned char)(ssl->version>>8);
+-		buf[2]=(unsigned char)(ssl->version);
+-		}
+-
+-	buf[3]=rec->length>>8;
+-	buf[4]=rec->length&0xff;
+-
+ 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ 	HMAC_CTX_init(&hmac);
+ 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+@@ -766,16 +722,57 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send
+ 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+ 		memcpy (p,&seq[2],6);
+ 
+-		HMAC_Update(&hmac,dtlsseq,8);
++		memcpy(header, dtlsseq, 8);
+ 		}
+ 	else
+-		HMAC_Update(&hmac,seq,8);
++		memcpy(header, seq, 8);
+ 
+-	HMAC_Update(&hmac,buf,5);
+-	HMAC_Update(&hmac,rec->input,rec->length);
+-	HMAC_Final(&hmac,md,&md_size);
++	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
++	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
++	rec->type &= 0xff;
++
++	header[8]=rec->type;
++	header[9]=(unsigned char)(ssl->version>>8);
++	header[10]=(unsigned char)(ssl->version);
++	header[11]=(rec->length)>>8;
++	header[12]=(rec->length)&0xff;
++
++	if (!send &&
++	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
++	    ssl3_cbc_record_digest_supported(hash))
++		{
++		/* This is a CBC-encrypted record. We must avoid leaking any
++		 * timing-side channel information about how many blocks of
++		 * data we are hashing because that gives an attacker a
++		 * timing-oracle. */
++		ssl3_cbc_digest_record(
++		        hash,
++			md, &md_size,
++			header, rec->input,
++			rec->length + md_size, orig_len,
++			ssl->s3->read_mac_secret,
++			EVP_MD_size(ssl->read_hash),
++			0 /* not SSLv3 */);
++		}
++	else
++		{
++		unsigned mds;
++
++		HMAC_Update(&hmac,header,sizeof(header));
++		HMAC_Update(&hmac,rec->input,rec->length);
++		HMAC_Final(&hmac,md,&mds);
++		md_size = mds;
++#ifdef OPENSSL_FIPS
++		if (!send && FIPS_mode())
++			tls_fips_digest_extra(
++	    				ssl->enc_read_ctx,
++					hash,
++					&hmac, rec->input,
++					rec->length, orig_len);
++#endif
++		}
++		
+ 	HMAC_CTX_cleanup(&hmac);
+-
+ #ifdef TLS_DEBUG
+ printf("sec=");
+ {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c	(revision 248771)
++++ crypto/openssl/ssl/t1_lib.c	(working copy)
+@@ -575,6 +575,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 				sdata = data;
+ 				if (dsize > 0)
+ 					{
++					if (s->tlsext_ocsp_exts)
++						{
++						sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
++									   X509_EXTENSION_free);
++						}
++
+ 					s->tlsext_ocsp_exts =
+ 						d2i_X509_EXTENSIONS(NULL,
+ 							&sdata, dsize);
+@@ -739,7 +745,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 	return 1;
+ 	}
+ 
+-int ssl_check_clienthello_tlsext(SSL *s)
++int ssl_check_clienthello_tlsext_early(SSL *s)
+ 	{
+ 	int ret=SSL_TLSEXT_ERR_NOACK;
+ 	int al = SSL_AD_UNRECOGNIZED_NAME;
+@@ -749,13 +755,49 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
+ 		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+ 
++	switch (ret)
++		{
++		case SSL_TLSEXT_ERR_ALERT_FATAL:
++			ssl3_send_alert(s, SSL3_AL_FATAL, al); 
++			return -1;
++
++		case SSL_TLSEXT_ERR_ALERT_WARNING:
++			ssl3_send_alert(s, SSL3_AL_WARNING, al);
++			return 1; 
++					
++		case SSL_TLSEXT_ERR_NOACK:
++			s->servername_done = 0;
++
++		default:
++			return 1;
++		}
++	}
++
++int ssl_check_clienthello_tlsext_late(SSL *s)
++	{
++	int ret = SSL_TLSEXT_ERR_OK;
++	int al;
++
+ 	/* If status request then ask callback what to do.
+  	 * Note: this must be called after servername callbacks in case 
+- 	 * the certificate has changed.
++ 	 * the certificate has changed, and must be called after the cipher
++	 * has been chosen because this may influence which certificate is sent
+  	 */
+-	if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
++	if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
+ 		{
+ 		int r;
++		CERT_PKEY *certpkey;
++		certpkey = ssl_get_server_send_pkey(s);
++		/* If no certificate can't return certificate status */
++		if (certpkey == NULL)
++			{
++			s->tlsext_status_expected = 0;
++			return 1;
++			}
++		/* Set current certificate to one we will use so
++		 * SSL_get_certificate et al can pick it up.
++		 */
++		s->cert->key = certpkey;
+ 		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ 		switch (r)
+ 			{
+@@ -779,7 +821,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 		}
+ 	else
+ 		s->tlsext_status_expected = 0;
+-	err:
++
++ err:
+ 	switch (ret)
+ 		{
+ 		case SSL_TLSEXT_ERR_ALERT_FATAL:
+@@ -789,11 +832,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned
+ 		case SSL_TLSEXT_ERR_ALERT_WARNING:
+ 			ssl3_send_alert(s,SSL3_AL_WARNING,al);
+ 			return 1; 
+-					
+-		case SSL_TLSEXT_ERR_NOACK:
+-			s->servername_done=0;
+-			default:
+-		return 1;
++
++		default:
++			return 1;
+ 		}
+ 	}
+ 
+@@ -971,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsign
+ 	HMAC_Update(&hctx, etick, eticklen);
+ 	HMAC_Final(&hctx, tick_hmac, NULL);
+ 	HMAC_CTX_cleanup(&hctx);
+-	if (memcmp(tick_hmac, etick + eticklen, mlen))
++	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ 		goto tickerr;
+ 	/* Attempt to decrypt session data */
+ 	/* Move p after IV to start of encrypted ticket, update length */
+Index: crypto/openssl/util/fipslink.pl
+===================================================================
+--- crypto/openssl/util/fipslink.pl	(revision 248771)
++++ crypto/openssl/util/fipslink.pl	(working copy)
+@@ -43,7 +43,12 @@ die "First stage Link failure" if $? != 0;
+ 
+ 
+ print "$fips_premain_dso $fips_target\n";
+-$fips_hash=`$fips_premain_dso $fips_target`;
++system("$fips_premain_dso $fips_target >$fips_target.sha1");
++die "Get hash failure" if $? != 0;
++open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
++$fips_hash=<$sha1_res>;
++close $sha1_res;
++unlink $fips_target.".sha1";
+ chomp $fips_hash;
+ die "Get hash failure" if $? != 0;
+ 
+Index: crypto/openssl/util/libeay.num
+===================================================================
+--- crypto/openssl/util/libeay.num	(revision 248771)
++++ crypto/openssl/util/libeay.num	(working copy)
+@@ -3510,6 +3510,7 @@ BIO_get_callback_arg                    3902	EXIST
+ BIO_set_callback                        3903	EXIST::FUNCTION:
+ d2i_ASIdOrRange                         3904	EXIST::FUNCTION:RFC3779
+ i2d_ASIdentifiers                       3905	EXIST::FUNCTION:RFC3779
++CRYPTO_memcmp                           3906	EXIST::FUNCTION:
+ SEED_decrypt                            3908	EXIST::FUNCTION:SEED
+ SEED_encrypt                            3909	EXIST::FUNCTION:SEED
+ SEED_cbc_encrypt                        3910	EXIST::FUNCTION:SEED
+Index: crypto/openssl/util/mkerr.pl
+===================================================================
+--- crypto/openssl/util/mkerr.pl	(revision 248771)
++++ crypto/openssl/util/mkerr.pl	(working copy)
+@@ -313,7 +313,7 @@ foreach $lib (keys %csrc)
+ 	} else {
+ 	    push @out,
+ "/* ====================================================================\n",
+-" * Copyright (c) 2001-2010 The OpenSSL Project.  All rights reserved.\n",
++" * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.\n",
+ " *\n",
+ " * Redistribution and use in source and binary forms, with or without\n",
+ " * modification, are permitted provided that the following conditions\n",
+@@ -487,7 +487,7 @@ EOF
+ 	print OUT <<"EOF";
+ /* $cfile */
+ /* ====================================================================
+- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -680,7 +680,7 @@ EOF
+ 	undef %err_reason_strings;
+ }
+ 
+-if($debug && defined(%notrans)) {
++if($debug && %notrans) {
+ 	print STDERR "The following function codes were not translated:\n";
+ 	foreach(sort keys %notrans)
+ 	{
+Index: crypto/openssl/util/pl/VC-32.pl
+===================================================================
+--- crypto/openssl/util/pl/VC-32.pl	(revision 248771)
++++ crypto/openssl/util/pl/VC-32.pl	(working copy)
+@@ -391,7 +391,7 @@ sub do_lib_rule
+ 			$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ 			$ret.="\tSET FIPS_TARGET=$target\n";
+ 			$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+-			$ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
++			$ret.="\t\$(FIPSLINK) \$(MLFLAGS) /fixed /map $base_arg $efile$target ";
+ 			$ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs ";
+ 			$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ 			}
+@@ -434,7 +434,7 @@ sub do_link_rule
+ 		$ret.="\tSET FIPS_TARGET=$target\n";
+ 		$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ 		$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+-		$ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
++		$ret.="\t\$(FIPSLINK) \$(LFLAGS) /fixed /map $efile$target @<<\n";
+ 		$ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+ 		}
+ 	else
+Index: secure/lib/libcrypto/Makefile.inc
+===================================================================
+--- secure/lib/libcrypto/Makefile.inc	(revision 248771)
++++ secure/lib/libcrypto/Makefile.inc	(working copy)
+@@ -3,8 +3,8 @@
+ .include <bsd.own.mk>
+ 
+ # OpenSSL version used for manual page generation
+-OPENSSL_VER=	0.9.8q
+-OPENSSL_DATE=	2010-12-02
++OPENSSL_VER=	0.9.8y
++OPENSSL_DATE=	2013-02-05
+ 
+ LCRYPTO_SRC=	${.CURDIR}/../../../crypto/openssl
+ LCRYPTO_DOC=	${.CURDIR}/../../../crypto/openssl/doc
+Index: secure/lib/libssl/Makefile
+===================================================================
+--- secure/lib/libssl/Makefile	(revision 248771)
++++ secure/lib/libssl/Makefile	(working copy)
+@@ -14,7 +14,8 @@ SRCS=	bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_l
+ 	d1_both.c d1_enc.c \
+ 	s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+ 	s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
+-	s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
++	s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \
++	s3_pkt.c \
+ 	s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+ 	ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+ 	ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c

Property changes on: projects/entities/share/security/patches/SA-13:03/openssl.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:03/openssl.patch.asc
===================================================================
--- projects/entities/share/security/patches/SA-13:03/openssl.patch.asc	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:03/openssl.patch.asc	(revision 41354)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmQACgkQFdaIBMps37JsJwCfeL+FsfSkcpsQPd9wM1kiy3F6
+z94AnAoi2KiaTj7AnQVom035rVoeZnzb
+=P3VV
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/patches/SA-13:03/openssl.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:04/bind.patch
===================================================================
--- projects/entities/share/security/patches/SA-13:04/bind.patch	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:04/bind.patch	(revision 41354)
@@ -0,0 +1,13 @@
+Index: lib/bind/config.h
+===================================================================
+--- lib/bind/config.h	(revision 248771)
++++ lib/bind/config.h	(working copy)
+@@ -281,7 +281,7 @@ int sigwait(const unsigned int *set, int *sig);
+ /* #undef HAVE_OPENSSL_GOST */
+ 
+ /* Define to 1 if you have the <regex.h> header file. */
+-#define HAVE_REGEX_H 1
++/* #undef HAVE_REGEX_H */
+ 
+ /* Define to 1 if you have the `setegid' function. */
+ #define HAVE_SETEGID 1

Property changes on: projects/entities/share/security/patches/SA-13:04/bind.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/security/patches/SA-13:04/bind.patch.asc
===================================================================
--- projects/entities/share/security/patches/SA-13:04/bind.patch.asc	(nonexistent)
+++ projects/entities/share/security/patches/SA-13:04/bind.patch.asc	(revision 41354)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEABECAAYFAlFbGmkACgkQFdaIBMps37LS6wCgixwNY2sp5liNZzUANdl3YS5H
+r6wAnjT32rIJw1ThkvddBSGhBUncJzt4
+=qO5f
+-----END PGP SIGNATURE-----

Property changes on: projects/entities/share/security/patches/SA-13:04/bind.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+y
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/entities/share/xml/advisories.xml
===================================================================
--- projects/entities/share/xml/advisories.xml	(revision 41353)
+++ projects/entities/share/xml/advisories.xml	(revision 41354)
@@ -1,3455 +1,3491 @@
 <?xml version="1.0"?>
 <advisories>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
+    <name>2013</name>
+
+    <month>
+      <name>4</name>
+
+      <day>
+	<name>2</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-13:04.bind</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-13:03.openssl</name>
+	</advisory>
+      </day>
+    </month>
+
+    <month>
+      <name>2</name>
+
+      <day>
+	<name>19</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-13:02.libc</name>
+	</advisory>
+
+	<advisory>
+	  <name>FreeBSD-SA-13:01.bind</name>
+	</advisory>
+      </day>
+    </month>
+  </year>
+
+  <year>
     <name>2012</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:08.linux</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:07.hostapd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:05.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:04.sysret</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:02.crypt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:01.openssl</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:10.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:09.pam_ssh</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:08.telnetd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:07.chroot</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:05.unix</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:04.compress</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:01.mountd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:10.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:09.pseudofs</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:08.bzip2</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:07.mbuf</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>27</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:06.nfsclient</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:05.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:04.jail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:03.zfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2009</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:17.freebsd-update</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:16.rtld</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:15.ssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:14.devfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:13.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:12.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:11.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:10.ipv6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:09.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:08.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:07.libc</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:06.ktimer</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:05.telnetd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:03.ntpd</name>
 	</advisory>
       </day>
 
       <day>
 	<name>7</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:02.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:01.lukemftpd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2008</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:13.protosw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:12.ftpd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:11.arc4random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:10.nd6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:09.icmp6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:08.nmount</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:07.amd64</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>17</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:05.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:04.ipsec</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:03.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>18</name>
 
         <release>
           <name>FreeBSD 6.3-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:01.pty</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2007</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:10.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:09.random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:08.openssl</name>
 	</advisory>
       </day>
     </month>
 
 
     <month>
       <name>8</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:07.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:06.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:05.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:04.file</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:03.ipv6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>15</name>
 
         <release>
           <name>FreeBSD 6.2-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:01.jail</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2006</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:26.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:25.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:24.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:22.openssh</name>
 	</advisory>
       </day>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:23.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:21.gzip</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:20.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:19.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:18.ppp</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:17.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>31</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:16.smbfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:15.ypserv</name>
 	</advisory>
       </day>
 
       <day>
         <name>25</name>
 
         <release>
           <name>FreeBSD 5.5-RELEASE</name>
         </release>
       </day>
 
       <day>
         <name>9</name>
 
         <release>
           <name>FreeBSD 6.1-RELEASE</name>
         </release>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:14.fpu</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:13.sendmail</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:12.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:11.ipsec</name>
 	</advisory>
       </day>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:10.nfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:09.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:08.sack</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>25</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:07.pf</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:06.kmem</name>
 	</advisory>
       </day>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:05.80211</name>
 	</advisory>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:04.ipfw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:03.cpio</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:02.ee</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:01.texindex</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2005</name>
 
     <month>
       <name>11</name>
 
       <day>
         <name>4</name>
 
         <release>
           <name>FreeBSD 6.0-RELEASE</name>
         </release>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>11</name>
 
         <advisory>
           <name>FreeBSD-SA-05:21.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-05:20.cvsbug</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-05:19.ipsec</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-05:18.zlib</name>
         </advisory>
       </day>
 
       <day>
         <name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:17.devfs</name>
 	</advisory>
       </day>
 
       <day>
         <name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:16.zlib</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:15.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:14.bzip2</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:13.ipfw</name>
 	</advisory>
       </day>
 
       <day>
         <name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:12.bind9</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:11.gzip</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:10.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:09.htt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<release>
 	  <name>FreeBSD 5.4-RELEASE</name>
 	</release>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:08.kmem</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:07.ldt</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:06.iir</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:05.cvs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>15</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:04.ifconf</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:03.amd64</name>
 	</advisory>
       </day>
 
       <day>
 	<name>4</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:02.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:01.telnet</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
 	<day>
 	  <name>25</name>
 
 	  <release>
 	    <name>FreeBSD 4.11-RELEASE</name>
 	  </release>
 	</day>
     </month>
   </year>
 
     <year>
       <name>2004</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>1</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:17.procfs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>11</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:16.fetch</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>6</name>
 
 	  <release>
 	    <name>FreeBSD 5.3-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
         <name>10</name>
 
 	<day>
 	  <name>4</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:15.syscons</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>9</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:14.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>6</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:13.linux</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:12.jailroute</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.10-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:11.msync</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:10.cvs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:09.kadmind</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-04:08.heimdal</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:07.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:06.ipv6</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:05.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:04.tcp</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>26</name>
 
 	  <release>
 	    <name>FreeBSD 5.2.1-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:03.jail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:02.shmat</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:01.mksnap_ffs</name>
 	  </advisory>
 	</day>
 
 
 	<day>
 	  <name>12</name>
 
 	  <release>
 	    <name>FreeBSD 5.2-RELEASE</name>
 	  </release>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2003</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:19.bind</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.9-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:15.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:18.openssl</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-03:17.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:16.filedesc</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:14.arp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:13.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:12.openssh</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:11.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:10.ibcs2</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:09.signal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:08.realpath</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>9</name>
 
 	  <release>
 	    <name>FreeBSD 5.1-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>8</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:02</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <release>
 	    <name>FreeBSD 4.8-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:07.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:06.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:05.xdr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:04.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:03.syncookies</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:02.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:01.cvs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>19</name>
 
 	  <release>
 	    <name>FreeBSD 5.0-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:44.filedesc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2002</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:43.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:41.smrsh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:42.resolv</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:40.kadmind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>10</name>
 
 	  <release>
 	    <name>FreeBSD 4.7-RELEASE</name>
 	  </release>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:06</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:39.libkvm</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:05</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:38.signed-error</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6.2-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:37.kqueue</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:36.nfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:35.ffs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:33.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:34.rpc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:32.pppd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:31.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:30.ktrace</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:29.tcpdump</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:28.resolv</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:04</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:27.rc</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:26.accept</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:03</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:25.bzip2</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:24.k5su</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:02</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:23.stdio</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:22.mmap</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:21.tcpip</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:20.syncache</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:19.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:18.zlib</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:17.mod_frontpage</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:16.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:15.cyrus-sasl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:14.pam-pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:13.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:12.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:11.snmp</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:10.rsync</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:09.fstatfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>29</name>
 
 	  <release>
 	    <name>FreeBSD 4.5-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:08.exec</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:07.k5su</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:06.sudo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:05.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:04.mutt</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:03.mod_auth_pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:02.pw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:01.pkg_add</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2001</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:64.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:63.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>08</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:62.uucp</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:61.squid</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:60.procmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.4-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:59.rmuser</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:58.lpd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:57.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:56.tcp_wrappers</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:55.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:54.ports-telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:53.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:52.fragment</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:51.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:50.windowmaker</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:49.telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:48.tcpdump</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:47.xinetd</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:46.w3m</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:45.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:44.gnupg</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:43.fetchmail</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:42.signal</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:41.hanterm</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:40.fts</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:39.tcp-isn</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:38.sudo</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:37.slrn</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:36.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:35.licq</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:34.hylafax</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.3-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:33.ftpd-glob</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:32.ipfilter</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:31.ntpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:30.ufs-ext2fs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:29.rwhod</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:28.timed</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:27.cfengine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:26.interbase</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:23.icecast</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:25.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:24.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:22.dc20ctrl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:21.ja-elvis</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:20.mars_nwe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:19.ja-klock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:18.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:17.exmh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:16.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:15.tinyproxy</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:14.micq</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:13.sort</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:12.periodic</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:11.inetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:10.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:09.crontab</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:08.ipfw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:07.xfree86</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:06.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:05.stunnel</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:04.joe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:03.bash1</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:02.syslog-ng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:01.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2000</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:81.ethereal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:80.halflifeserver</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:79.oops</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:78.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:77.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:76.tcsh-csh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:75.php</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:74.gaim</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:73.thttpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:72.curl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:71.mgetty</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:70.ppp-nat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:69.telnetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:68.ncurses</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:67.gnupg</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:66.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:65.xfce</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:64.global</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:63.getnameinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:62.top</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:61.tcpdump</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:60.boa</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:59.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:58.chpass</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:57.muh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:56.lprng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:55.xpdf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:54.fingerd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:52.tcp-iss</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:53.catopen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:51.mailman</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:50.listmanager</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:49.eject</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:48.xchat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:47.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:46.screen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:45.esound</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:44.xlock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:43.brouted</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:42.linux</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:41.elf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:40.mopd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:39.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:38.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:37.cvsweb</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:36.ntop</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:35.proftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:34.dhclient</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:33.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:32.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:31.canna</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:30.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:29.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:28.majordomo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:27.XFree86-4</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:26.popper</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:24.libedit</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:23.ip-options</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:25.alpha-random</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:22.apsfilter</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:21.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:20.krb5</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:19.semconfig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:18.gnapster.knapster</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:17.libmytinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:16.golddig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:15.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:14.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:13.generic-nqs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:12.healthd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:11.ircii</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:10.orville-write</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:09.mtr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:08.lynx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:07.mh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:06.htdig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:05.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:04.delegate</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:03.asmon</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:02.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:01.make</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1999</name>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:06.amd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:05.fts</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:04.core</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:03.ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:02.profil</name>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:01.chflags</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1998</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:08.fragment</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:07.rst</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:06.icmp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:05.nfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:04.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:03.ttcp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:02.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1997</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:06.f00f</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:01.land</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:05.open</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:04.procfs</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:03.sysinstall</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:02.lpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:01.setlocale</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:21.talkd</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1996</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:20.stack-overflow</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:19.modstat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:18.lpr</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:17.rzsz</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:16.rdist</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:15.ppp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:12.perl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:14.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:13.comsat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:11.man</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:10.mount_union</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:09.vfsload</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:02.apache</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:08.syslog</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:01.sliplogin</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:03.sendmail-suggestion</name>
 	  </advisory>
 	</day>
 
       </month>
     </year>
 
 </advisories>
Index: projects/entities/share/xml/authors.ent
===================================================================
--- projects/entities/share/xml/authors.ent	(revision 41353)
+++ projects/entities/share/xml/authors.ent	(revision 41354)
@@ -1,2226 +1,2241 @@
 <!--
      Names and email address of contributing authors and committers.
      Entity names for committers should be the same as their login names on
      freefall.FreeBSD.org.
 
      Use these entities when referencing people.
 
      Please keep this list in alphabetical order by entity names.
 
      IMPORTANT:  If you delete names from this file you *must* ensure that
                  all references to them have been removed from the handbook's
                  translations.  If they haven't then you *will* break the
                  builds for the other languages, and we will poke fun of you
                  in public.
 
      $FreeBSD$
 -->
 
 <!-- FreeBSD Committers -->
 
 <!ENTITY a.aaron "Aaron Dalton">
 <!ENTITY a.aaron.email "&a.aaron; <email>aaron@FreeBSD.org</email>">
 
 <!ENTITY a.abial "Andrzej Bialecki">
 <!ENTITY a.abial.email "&a.abial; <email>abial@FreeBSD.org</email>">
 
 <!ENTITY a.ache "Andrey A. Chernov">
 <!ENTITY a.ache.email "&a.ache; <email>ache@FreeBSD.org</email>">
 
 <!ENTITY a.achim "Achim Leubner">
 <!ENTITY a.achim.email "&a.achim; <email>achim@FreeBSD.org</email>">
 
 <!ENTITY a.acm "Jos&eacute; Alonso C&aacute;rdenas M&aacute;rquez">
 <!ENTITY a.acm.email "&a.acm; <email>acm@FreeBSD.org</email>">
 
 <!ENTITY a.adam "Adam David">
 <!ENTITY a.adam.email "&a.adam; <email>adam@FreeBSD.org</email>">
 
 <!ENTITY a.adamw "Adam Weinberger">
 <!ENTITY a.adamw.email "&a.adamw; <email>adamw@FreeBSD.org</email>">
 
 <!ENTITY a.ade "Ade Lovett">
 <!ENTITY a.ade.email "&a.ade; <email>ade@FreeBSD.org</email>">
 
 <!ENTITY a.adrian "Adrian Chadd">
 <!ENTITY a.adrian.email "&a.adrian; <email>adrian@FreeBSD.org</email>">
 
 <!ENTITY a.ae "Andrey V. Elsukov">
 <!ENTITY a.ae.email "&a.ae; <email>ae@FreeBSD.org</email>">
 
 <!ENTITY a.ahasty "Amancio Hasty">
 <!ENTITY a.ahasty.email "&a.ahasty; <email>ahasty@FreeBSD.org</email>">
 
 <!ENTITY a.ahd "Drew Derbyshire">
 <!ENTITY a.ahd.email "&a.ahd; <email>ahd@FreeBSD.org</email>">
 
 <!ENTITY a.ahze "Michael Johnson">
 <!ENTITY a.ahze.email "&a.ahze; <email>ahze@FreeBSD.org</email>">
 
 <!ENTITY a.ak "Alex Kozlov">
 <!ENTITY a.ak.email "&a.ak; <email>ak@FreeBSD.org</email>">
 
 <!ENTITY a.akiyama "Shunsuke Akiyama">
 <!ENTITY a.akiyama.email "&a.akiyama; <email>akiyama@FreeBSD.org</email>">
 
 <!ENTITY a.alane "Alan Eldridge">
 <!ENTITY a.alane.email "&a.alane; <email role='nolink'>alane@FreeBSD.org</email>">
 
 <!ENTITY a.alc "Alan L. Cox">
 <!ENTITY a.alc.email "&a.alc; <email>alc@FreeBSD.org</email>">
 
 <!ENTITY a.ale "Alex Dupre">
 <!ENTITY a.ale.email "&a.ale; <email>ale@FreeBSD.org</email>">
 
 <!ENTITY a.alepulver "Alejandro Pulver">
 <!ENTITY a.alepulver.email "&a.alepulver; <email>alepulver@FreeBSD.org</email>">
 
 <!ENTITY a.alex "Alexander Langer">
 <!ENTITY a.alex.email "&a.alex; <email>alex@FreeBSD.org</email>">
 
 <!ENTITY a.alexbl "Alexander Botero-Lowry">
 <!ENTITY a.alexbl.email "&a.alexbl; <email>alexbl@FreeBSD.org</email>">
 
 <!ENTITY a.alfred "Alfred Perlstein">
 <!ENTITY a.alfred.email "&a.alfred; <email>alfred@FreeBSD.org</email>">
 
 <!ENTITY a.alm "Andrew Moore">
 <!ENTITY a.alm.email "&a.alm; <email>alm@FreeBSD.org</email>">
 
+<!ENTITY a.am "Atul Mukker">
+<!ENTITY a.am.email "&a.am; <email>am@FreeBSD.org</email>">
+
 <!ENTITY a.ambrisko "Doug Ambrisko">
 <!ENTITY a.ambrisko.email "&a.ambrisko; <email>ambrisko@FreeBSD.org</email>">
 
 <!ENTITY a.amdmi3 "Dmitry Marakasov">
 <!ENTITY a.amdmi3.email "&a.amdmi3; <email>amdmi3@FreeBSD.org</email>">
 
 <!ENTITY a.amorita "Akio Morita">
 <!ENTITY a.amorita.email "&a.amorita; <email>amorita@FreeBSD.org</email>">
 
 <!ENTITY a.amurai "Atsushi Murai">
 <!ENTITY a.amurai.email "&a.amurai; <email>amurai@FreeBSD.org</email>">
 
 <!ENTITY a.anchie "Ana Kukec">
 <!ENTITY a.anchie.email "&a.anchie; <email>anchie@FreeBSD.org</email>">
 
 <!ENTITY a.anders "Anders Nordby">
 <!ENTITY a.anders.email "&a.anders; <email>anders@FreeBSD.org</email>">
 
 <!ENTITY a.andre "Andre Oppermann">
 <!ENTITY a.andre.email "&a.andre; <email>andre@FreeBSD.org</email>">
 
 <!ENTITY a.andreas "Andreas Klemm">
 <!ENTITY a.andreas.email "&a.andreas; <email>andreas@FreeBSD.org</email>">
 
 <!ENTITY a.andreast "Andreas Tobler">
 <!ENTITY a.andreast.email "&a.andreast; <email>andreast@FreeBSD.org</email>">
 
 <!ENTITY a.andrew "Andrew Turner">
 <!ENTITY a.andrew.email "&a.andrew; <email>andrew@FreeBSD.org</email>">
 
 <!ENTITY a.andy "Andrey Zakhvatov">
 <!ENTITY a.andy.email "&a.andy; <email>andy@FreeBSD.org</email>">
 
 <!ENTITY a.anholt "Eric Anholt">
 <!ENTITY a.anholt.email "&a.anholt; <email>anholt@FreeBSD.org</email>">
 
 <!ENTITY a.anray "Andrey Slusar">
 <!ENTITY a.anray.email "&a.anray; <email>anray@FreeBSD.org</email>">
 
 <!ENTITY a.antoine "Antoine Brodin">
 <!ENTITY a.antoine.email "&a.antoine; <email>antoine@FreeBSD.org</email>">
 
 <!ENTITY a.araujo "Marcelo Araujo">
 <!ENTITY a.araujo.email "&a.araujo; <email>araujo@FreeBSD.org</email>">
 
 <!ENTITY a.archie "Archie Cobbs">
 <!ENTITY a.archie.email "&a.archie; <email>archie@FreeBSD.org</email>">
 
 <!ENTITY a.ariff "Ariff Abdullah">
 <!ENTITY a.ariff.email "&a.ariff; <email>ariff@FreeBSD.org</email>">
 
 <!ENTITY a.arr "Andrew R. Reiter">
 <!ENTITY a.arr.email "&a.arr; <email>arr@FreeBSD.org</email>">
 
 <!ENTITY a.art "Artem Belevich">
 <!ENTITY a.art.email "&a.art; <email>art@FreeBSD.org</email>">
 
 <!ENTITY a.arun "Arun Sharma">
 <!ENTITY a.arun.email "&a.arun; <email>arun@FreeBSD.org</email>">
 
 <!ENTITY a.arundel "Alexander Best">
 <!ENTITY a.arundel.email "&a.arundel; <email>arundel@FreeBSD.org</email>">
 
 <!ENTITY a.arved "Tilman Keskin&ouml;z">
 <!ENTITY a.arved.email "&a.arved; <email>arved@FreeBSD.org</email>">
 
 <!ENTITY a.asami "Satoshi Asami">
 <!ENTITY a.asami.email "&a.asami; <email>asami@FreeBSD.org</email>">
 
 <!ENTITY a.ashish "Ashish SHUKLA">
 <!ENTITY a.ashish.email "&a.ashish; <email>ashish@FreeBSD.org</email>">
 
 <!ENTITY a.asmodai "Jeroen Ruigrok/Asmodai">
 <!ENTITY a.asmodai.email "&a.asmodai; <email>asmodai@FreeBSD.org</email>">
 
 <!ENTITY a.assar "Assar Westerlund">
 <!ENTITY a.assar.email "&a.assar; <email>assar@FreeBSD.org</email>">
 
 <!ENTITY a.ats "Andreas Schulz">
 <!ENTITY a.ats.email "&a.ats; <email>ats@FreeBSD.org</email>">
 
 <!ENTITY a.attilio "Attilio Rao">
 <!ENTITY a.attilio.email "&a.attilio; <email>attilio@FreeBSD.org</email>">
 
 <!ENTITY a.avatar "Tai-hwa Liang">
 <!ENTITY a.avatar.email "&a.avatar; <email>avatar@FreeBSD.org</email>">
 
 <!ENTITY a.avg "Andriy Gapon">
 <!ENTITY a.avg.email "&a.avg; <email>avg@FreeBSD.org</email>">
 
 <!ENTITY a.avilla "Alberto Villa">
 <!ENTITY a.avilla.email "&a.avilla; <email>avilla@FreeBSD.org</email>">
 
 <!ENTITY a.avl "Alexander Logvinov">
 <!ENTITY a.avl.email "&a.avl; <email>avl@FreeBSD.org</email>">
 
 <!ENTITY a.awebster "Andrew Webster">
 <!ENTITY a.awebster.email "&a.awebster; <email>awebster@pubnix.net</email>">
 
 <!ENTITY a.az "Andrej Zverev">
 <!ENTITY a.az.email "&a.az; <email>az@FreeBSD.org</email>">
 
 <!ENTITY a.babb "Jim Babb">
 <!ENTITY a.babb.email "&a.babb; <email>babb@FreeBSD.org</email>">
 
 <!ENTITY a.babkin "Sergey Babkin">
 <!ENTITY a.babkin.email "&a.babkin; <email>babkin@FreeBSD.org</email>">
 
 <!ENTITY a.bakul "Bakul Shah">
 <!ENTITY a.bakul.email "&a.bakul; <email>bakul@FreeBSD.org</email>">
 
 <!ENTITY a.bapt "Baptiste Daroussin">
 <!ENTITY a.bapt.email "&a.bapt; <email>bapt@FreeBSD.org</email>">
 
 <!ENTITY a.bar "Barbara Guida">
 <!ENTITY a.bar.email "&a.bar; <email>bar@FreeBSD.org</email>">
 
 <!ENTITY a.barner "Simon Barner">
 <!ENTITY a.barner.email "&a.barner; <email>barner@FreeBSD.org</email>">
 
 <!ENTITY a.bbraun "Rob Braun">
 <!ENTITY a.bbraun.email "&a.bbraun; <email>bbraun@FreeBSD.org</email>">
 
 <!ENTITY a.bcr "Benedict Reuschling">
 <!ENTITY a.bcr.email "&a.bcr; <email>bcr@FreeBSD.org</email>">
 
 <!ENTITY a.bde "Bruce Evans">
 <!ENTITY a.bde.email "&a.bde; <email>bde@FreeBSD.org</email>">
 
 <!ENTITY a.bdrewery "Bryan Drewery">
 <!ENTITY a.bdrewery.email "&a.bdrewery; <email>bdrewery@FreeBSD.org</email>">
 
 <!ENTITY a.bean "Rebecca Visger">
 <!ENTITY a.bean.email "&a.bean; <email>bean@FreeBSD.org</email>">
 
 <!ENTITY a.beat "Beat G&auml;tzi">
 <!ENTITY a.beat.email "&a.beat; <email>beat@FreeBSD.org</email>">
 
 <!ENTITY a.beech "Beech Rintoul">
 <!ENTITY a.beech.email "&a.beech; <email>beech@FreeBSD.org</email>">
 
 <!ENTITY a.ben "Ben Smithurst">
 <!ENTITY a.ben.email "&a.ben; <email>ben@FreeBSD.org</email>">
 
 <!ENTITY a.benjsc "Benjamin Close">
 <!ENTITY a.benjsc.email "&a.benjsc; <email>benjsc@FreeBSD.org</email>">
 
 <!ENTITY a.benl "Ben Laurie">
 <!ENTITY a.benl.email "&a.benl; <email>benl@FreeBSD.org</email>">
 
 <!ENTITY a.benno "Benno Rice">
 <!ENTITY a.benno.email "&a.benno; <email>benno@FreeBSD.org</email>">
 
 <!ENTITY a.bf "Brendan Fabeny">
 <!ENTITY a.bf.email "&a.bf; <email>bf@FreeBSD.org</email>">
 
 <!ENTITY a.bgray "Ben Gray">
 <!ENTITY a.bgray.email "&a.bgray; <email>bgray@FreeBSD.org</email>">
 
 <!ENTITY a.bhaga "Ben Haga">
 <!ENTITY a.bhaga.email "&a.bhaga; <email>bhaga@FreeBSD.org</email>">
 
 <!ENTITY a.billf "Bill Fumerola">
 <!ENTITY a.billf.email "&a.billf; <email>billf@FreeBSD.org</email>">
 
 <!ENTITY a.bjk "Benjamin Kaduk">
 <!ENTITY a.bjk.email "&a.bjk; <email>bjk@FreeBSD.org</email>">
 
 <!ENTITY a.blackend "Marc Fonvieille">
 <!ENTITY a.blackend.email "&a.blackend; <email>blackend@FreeBSD.org</email>">
 
 <!ENTITY a.bland "Alexander Nedotsukov">
 <!ENTITY a.bland.email "&a.bland; <email>bland@FreeBSD.org</email>">
 
 <!ENTITY a.bmah "Bruce A. Mah">
 <!ENTITY a.bmah.email "&a.bmah; <email>bmah@FreeBSD.org</email>">
 
 <!ENTITY a.bmilekic "Bosko Milekic">
 <!ENTITY a.bmilekic.email "&a.bmilekic; <email>bmilekic@FreeBSD.org</email>">
 
 <!ENTITY a.bms "Bruce M. Simpson">
 <!ENTITY a.bms.email "&a.bms; <email>bms@FreeBSD.org</email>">
 
 <!ENTITY a.bp "Boris Popov">
 <!ENTITY a.bp.email "&a.bp; <email>bp@FreeBSD.org</email>">
 
 <!ENTITY a.brandon "Brandon Gillespie">
 <!ENTITY a.brandon.email "&a.brandon; <email>brandon@FreeBSD.org</email>">
 
 <!ENTITY a.brd "Brad Davis">
 <!ENTITY a.brd.email "&a.brd; <email>brd@FreeBSD.org</email>">
 
 <!ENTITY a.brian "Brian Somers">
 <!ENTITY a.brian.email "&a.brian; <email>brian@FreeBSD.org</email>">
 
 <!ENTITY a.brix "Henrik Brix Andersen">
 <!ENTITY a.brix.email "&a.brix; <email>brix@FreeBSD.org</email>">
 
 <!ENTITY a.brooks "Brooks Davis">
 <!ENTITY a.brooks.email "&a.brooks; <email>brooks@FreeBSD.org</email>">
 
 <!ENTITY a.brucec "Bruce Cran">
 <!ENTITY a.brucec.email "&a.brucec; <email>brucec@FreeBSD.org</email>">
 
 <!ENTITY a.brueffer "Christian Br&uuml;ffer">
 <!ENTITY a.brueffer.email "&a.brueffer; <email>brueffer@FreeBSD.org</email>">
 
 <!ENTITY a.bruno "Bruno Ducrot">
 <!ENTITY a.bruno.email "&a.bruno; <email>bruno@FreeBSD.org</email>">
 
 <!ENTITY a.bryanv "Bryan Venteicher">
 <!ENTITY a.bryanv.email "&a.bryanv; <email>bryanv@FreeBSD.org</email>">
 
 <!ENTITY a.bsam "Boris Samorodov">
 <!ENTITY a.bsam.email "&a.bsam; <email>bsam@FreeBSD.org</email>">
 
 <!ENTITY a.bschmidt "Bernhard Schmidt">
 <!ENTITY a.bschmidt.email "&a.bschmidt; <email>bschmidt@FreeBSD.org</email>">
 
 <!ENTITY a.bsd "Brian S. Dean">
 <!ENTITY a.bsd.email "&a.bsd; <email>bsd@FreeBSD.org</email>">
 
 <!ENTITY a.bushman "Michael Bushkov">
 <!ENTITY a.bushman.email "&a.bushman; <email>bushman@FreeBSD.org</email>">
 
 <!ENTITY a.bvs "Vitaly Bogdanov">
 <!ENTITY a.bvs.email "&a.bvs; <email>bvs@FreeBSD.org</email>">
 
 <!ENTITY a.bz "Bjoern A. Zeeb">
 <!ENTITY a.bz.email "&a.bz; <email>bz@FreeBSD.org</email>">
 
 <!ENTITY a.carl "Carl Delsey"> 
 <!ENTITY a.carl.email "&a.carl; <email>carl@FreeBSD.org</email>">
 
 <!ENTITY a.carvay "J. Vicente Carrasco Vay&aacute;">
 <!ENTITY a.carvay.email "&a.carvay; <email>carvay@FreeBSD.org</email>">
 
 <!ENTITY a.cawimm "Charles A. Wimmer">
 <!ENTITY a.cawimm.email "&a.cawimm; <email>cawimm@FreeBSD.org</email>">
 
+<!ENTITY a.cbzimmer "Chris Zimmernmann">
+<!ENTITY a.cbzimmer.email "&a.cbzimmer; <email>cbzimmer@FreeBSD.org</email>">
+
 <!ENTITY a.cel "Chuck Lever">
 <!ENTITY a.cel.email "&a.cel; <email>cel@FreeBSD.org</email>">
 
 <!ENTITY a.ceri "Ceri Davies">
 <!ENTITY a.ceri.email "&a.ceri; <email>ceri@FreeBSD.org</email>">
 
 <!ENTITY a.cg "Cameron Grant">
 <!ENTITY a.cg.email "&a.cg; <email role='nolink'>cg@FreeBSD.org</email>">
 
 <!ENTITY a.charnier "Philippe Charnier">
 <!ENTITY a.charnier.email "&a.charnier; <email>charnier@FreeBSD.org</email>">
 
 <!ENTITY a.chern "Chern Lee">
 <!ENTITY a.chern.email "&a.chern; <email>chern@FreeBSD.org</email>">
 
 <!ENTITY a.cherry "Cherry G. Mathew">
 <!ENTITY a.cherry.email "&a.cherry; <email>cherry@FreeBSD.org</email>">
 
 <!ENTITY a.chinsan "Chin-San Huang">
 <!ENTITY a.chinsan.email "&a.chinsan; <email>chinsan@FreeBSD.org</email>">
 
 <!ENTITY a.chm "Christoph Herrmann">
 <!ENTITY a.chm.email "&a.chm; <email>chm@FreeBSD.org</email>">
 
 <!ENTITY a.chmr "Christoph Robitschko">
 <!ENTITY a.chmr.email "&a.chmr; <email>chmr@FreeBSD.org</email>">
 
 <!ENTITY a.chris "Chris Costello">
 <!ENTITY a.chris.email "&a.chris; <email>chris@FreeBSD.org</email>">
 
 <!ENTITY a.chuckr "Chuck Robey">
 <!ENTITY a.chuckr.email "&a.chuckr; <email>chuckr@FreeBSD.org</email>">
 
 <!ENTITY a.cjc "Crist J. Clark">
 <!ENTITY a.cjc.email "&a.cjc; <email>cjc@FreeBSD.org</email>">
 
 <!ENTITY a.cjh "Junho CHOI">
 <!ENTITY a.cjh.email "&a.cjh; <email>cjh@FreeBSD.org</email>">
 
 <!ENTITY a.clement "Clement Laforet">
 <!ENTITY a.clement.email "&a.clement; <email>clement@FreeBSD.org</email>">
 
 <!ENTITY a.clive "Clive Lin">
 <!ENTITY a.clive.email "&a.clive; <email>clive@FreeBSD.org</email>">
 
 <!ENTITY a.clsung "Cheng-Lung Sung">
 <!ENTITY a.clsung.email "&a.clsung; <email>clsung@FreeBSD.org</email>">
 
 <!ENTITY a.cognet "Olivier Houchard">
 <!ENTITY a.cognet.email "&a.cognet; <email>cognet@FreeBSD.org</email>">
 
 <!ENTITY a.cokane "Coleman Kane">
 <!ENTITY a.cokane.email "&a.cokane; <email>cokane@FreeBSD.org</email>">
 
 <!ENTITY a.conklin "Brian E. Conklin">
 <!ENTITY a.conklin.email "&a.conklin; <email>conklin@FreeBSD.org</email>">
 
 <!ENTITY a.cp "Chuck Paterson">
 <!ENTITY a.cp.email "&a.cp; <email>cp@FreeBSD.org</email>">
 
 <!ENTITY a.cperciva "Colin Percival">
 <!ENTITY a.cperciva.email "&a.cperciva; <email>cperciva@FreeBSD.org</email>">
 
 <!ENTITY a.cpiazza "Chris Piazza">
 <!ENTITY a.cpiazza.email "&a.cpiazza; <email>cpiazza@FreeBSD.org</email>">
 
 <!ENTITY a.cracauer "Martin Cracauer">
 <!ENTITY a.cracauer.email "&a.cracauer; <email>cracauer@FreeBSD.org</email>">
 
 <!ENTITY a.crees "Chris Rees">
 <!ENTITY a.crees.email "&a.crees; <email>crees@FreeBSD.org</email>">
 
 <!ENTITY a.cs "Carlo Strub">
 <!ENTITY a.cs.email "&a.cs; <email>cs@FreeBSD.org</email>">
 
 <!ENTITY a.csgr "Geoff Rehmet">
 <!ENTITY a.csgr.email "&a.csgr; <email>csgr@FreeBSD.org</email>">
 
 <!ENTITY a.cshumway "Christopher Shumway">
 <!ENTITY a.cshumway.email "&a.cshumway; <email>cshumway@FreeBSD.org</email>">
 
 <!ENTITY a.csjp "Christian S.J. Peron">
 <!ENTITY a.csjp.email "&a.csjp; <email>csjp@FreeBSD.org</email>">
 
 <!ENTITY a.culot "Frederic Culot">
 <!ENTITY a.culot.email "&a.culot; <email>culot@FreeBSD.org</email>">
 
 <!ENTITY a.cwt "Chris Timmons">
 <!ENTITY a.cwt.email "&a.cwt; <email>cwt@FreeBSD.org</email>">
 
 <!ENTITY a.cy "Cy Schubert">
 <!ENTITY a.cy.email "&a.cy; <email>cy@FreeBSD.org</email>">
 
 <!ENTITY a.daichi "Daichi GOTO">
 <!ENTITY a.daichi.email "&a.daichi; <email>daichi@FreeBSD.org</email>">
 
 <!ENTITY a.damien "Damien Bergamini">
 <!ENTITY a.damien.email "&a.damien; <email>damien@FreeBSD.org</email>">
 
 <!ENTITY a.dan "Dan Moschuk">
 <!ENTITY a.dan.email "&a.dan; <email>dan@FreeBSD.org</email>">
 
 <!ENTITY a.danfe "Alexey Dokuchaev">
 <!ENTITY a.danfe.email "&a.danfe; <email>danfe@FreeBSD.org</email>">
 
 <!ENTITY a.danger "Daniel Ger&#382;o">
 <!ENTITY a.danger.email "&a.danger; <email>danger@FreeBSD.org</email>">
 
 <!ENTITY a.danny "Daniel O'Callaghan">
 <!ENTITY a.danny.email "&a.danny; <email>danny@FreeBSD.org</email>">
 
 <!ENTITY a.dannyboy "Daniel Harris">
 <!ENTITY a.dannyboy.email "&a.dannyboy; <email>dannyboy@FreeBSD.org</email>">
 
 <!ENTITY a.darrenr "Darren Reed">
 <!ENTITY a.darrenr.email "&a.darrenr; <email>darrenr@FreeBSD.org</email>">
 
 <!ENTITY a.das "David Schultz">
 <!ENTITY a.das.email "&a.das; <email>das@FreeBSD.org</email>">
 
 <!ENTITY a.davidc "Chad David">
 <!ENTITY a.davidc.email "&a.davidc; <email>davidc@FreeBSD.org</email>">
 
 <!ENTITY a.davidch "David Christensen">
 <!ENTITY a.davidch.email "&a.davidch; <email>davidch@FreeBSD.org</email>">
 
 <!ENTITY a.davide "Davide Italiano">
 <!ENTITY a.davide.email "&a.davide; <email>davide@FreeBSD.org</email>">
 
 <!ENTITY a.davidn "David Nugent">
 <!ENTITY a.davidn.email "&a.davidn; <email>davidn@FreeBSD.org</email>">
 
 <!ENTITY a.davidxu "David Xu">
 <!ENTITY a.davidxu.email "&a.davidxu; <email>davidxu@FreeBSD.org</email>">
 
 <!ENTITY a.db "Diane Bruce">
 <!ENTITY a.db.email "&a.db; <email>db@FreeBSD.org</email>">
 
 <!ENTITY a.dbaker "Daniel Baker">
 <!ENTITY a.dbaker.email "&a.dbaker; <email>dbaker@FreeBSD.org</email>">
 
 <!ENTITY a.dbn "David Naylor">
 <!ENTITY a.dbn.email "&a.dbn; <email>dbn@FreeBSD.org</email>">
 
 <!ENTITY a.dburr "Donald Burr">
 <!ENTITY a.dburr.email "&a.dburr; <email>dburr@FreeBSD.org</email>">
 
 <!ENTITY a.dchagin "Dmitry Chagin">
 <!ENTITY a.dchagin.email "&a.dchagin; <email>dchagin@FreeBSD.org</email>">
 
 <!ENTITY a.dcs "Daniel C. Sobral">
 <!ENTITY a.dcs.email "&a.dcs; <email>dcs@FreeBSD.org</email>">
 
 <!ENTITY a.dd "Dima Dorfman">
 <!ENTITY a.dd.email "&a.dd; <email>dd@FreeBSD.org</email>">
 
 <!ENTITY a.dds "Diomidis D. Spinellis">
 <!ENTITY a.dds.email "&a.dds; <email>dds@FreeBSD.org</email>">
 
 <!ENTITY a.ds "Daniel Seuffert">
 <!ENTITY a.ds.email "&a.ds; <email>ds@FreeBSD.org</email>">
 
 <!ENTITY a.deb "Deborah Goodkin">
 <!ENTITY a.deb.email "&a.deb; <email>deb@FreeBSD.org</email>">
 
 <!ENTITY a.dec "David E. Cross">
 <!ENTITY a.dec.email "&a.dec; <email>dec@FreeBSD.org</email>">
 
 <!ENTITY a.decke "Bernhard Fr&ouml;hlich">
 <!ENTITY a.decke.email "&a.decke; <email>decke@FreeBSD.org</email>">
 
 <!ENTITY a.deischen "Daniel Eischen">
 <!ENTITY a.deischen.email "&a.deischen; <email>deischen@FreeBSD.org</email>">
 
 <!ENTITY a.delphij "Xin Li">
 <!ENTITY a.delphij.email "&a.delphij; <email>delphij@FreeBSD.org</email>">
 
 <!ENTITY a.demon "Dmitry Sivachenko">
 <!ENTITY a.demon.email "&a.demon; <email>demon@FreeBSD.org</email>">
 
 <!ENTITY a.den "Denis Peplin">
 <!ENTITY a.den.email "&a.den; <email>den@FreeBSD.org</email>">
 
 <!ENTITY a.des "Dag-Erling C. Sm&oslash;rgrav">
 <!ENTITY a.des.email "&a.des; <email>des@FreeBSD.org</email>">
 
 <!ENTITY a.dfr "Doug Rabson">
 <!ENTITY a.dfr.email "&a.dfr; <email>dfr@FreeBSD.org</email>">
 
 <!ENTITY a.dg "David Greenman">
 <!ENTITY a.dg.email "&a.dg; <email>dg@FreeBSD.org</email>">
 
 <!ENTITY a.dhartmei "Daniel Hartmeier">
 <!ENTITY a.dhartmei.email "&a.dhartmei; <email>dhartmei@FreeBSD.org</email>">
 
 <!ENTITY a.dhn "Dennis Herrmann">
 <!ENTITY a.dhn.email "&a.dhn; <email>dhn@FreeBSD.org</email>">
 
 <!ENTITY a.dhw "David Wolfskill">
 <!ENTITY a.dhw.email "&a.dhw; <email>dhw@FreeBSD.org</email>">
 
 <!ENTITY a.dick "Richard Seaman Jr.">
 <!ENTITY a.dick.email "&a.dick; <email>dick@FreeBSD.org</email>">
 
 <!ENTITY a.dillon "Matthew Dillon">
 <!ENTITY a.dillon.email "&a.dillon; <email>dillon@FreeBSD.org</email>">
 
 <!ENTITY a.dim "Dimitry Andric">
 <!ENTITY a.dim.email "&a.dim; <email>dim@FreeBSD.org</email>">
 
 <!ENTITY a.dima "Dima Ruban">
 <!ENTITY a.dima.email "&a.dima; <email>dima@FreeBSD.org</email>">
 
 <!ENTITY a.dinoex "Dirk Meyer">
 <!ENTITY a.dinoex.email "&a.dinoex; <email>dinoex@FreeBSD.org</email>">
 
 <!ENTITY a.dirk "Dirk Fr&ouml;mberg">
 <!ENTITY a.dirk.email "&a.dirk; <email>dirk@FreeBSD.org</email>">
 
 <!ENTITY a.dmarion "Damjan Marion">
 <!ENTITY a.dmarion.email "&a.dmarion; <email>dmarion@FreeBSD.org</email>">
 
 <!ENTITY a.dmlb "Duncan Barclay">
 <!ENTITY a.dmlb.email "&a.dmlb; <email>dmlb@FreeBSD.org</email>">
 
 <!ENTITY a.dougb "Doug Barton">
 <!ENTITY a.dougb.email "&a.dougb; <email>dougb@FreeBSD.org</email>">
 
 <!ENTITY a.dru "Dru Lavigne">
 <!ENTITY a.dru.email "&a.dru; <email>dru@FreeBSD.org</email>">
 
 <!ENTITY a.dryice "Dryice Liu">
 <!ENTITY a.dryice.email "&a.dryice; <email>dryice@FreeBSD.org</email>">
 
 <!ENTITY a.dt "Dmitrij Tejblum">
 <!ENTITY a.dt.email "&a.dt; <email>dt@FreeBSD.org</email>">
 
 <!ENTITY a.dteske "Devin Teske">
 <!ENTITY a.dteske.email "&a.dteske; <email>dteske@FreeBSD.org</email>">
 
 <!ENTITY a.dufault "Peter Dufault">
 <!ENTITY a.dufault.email "&a.dufault; <email>dufault@FreeBSD.org</email>">
 
 <!ENTITY a.dumbbell "Jean-S&eacute;bastien P&eacute;dron">
 <!ENTITY a.dumbbell.email "&a.dumbbell; <email>dumbbell@FreeBSD.org</email>">
 
 <!ENTITY a.dwcjr "David W. Chapman Jr.">
 <!ENTITY a.dwcjr.email "&a.dwcjr; <email>dwcjr@FreeBSD.org</email>">
 
 <!ENTITY a.dwhite "Doug White">
 <!ENTITY a.dwhite.email "&a.dwhite; <email>dwhite@FreeBSD.org</email>">
 
 <!ENTITY a.dwmalone "David Malone">
 <!ENTITY a.dwmalone.email "&a.dwmalone; <email>dwmalone@FreeBSD.org</email>">
 
 <!ENTITY a.dyson "John Dyson">
 <!ENTITY a.dyson.email "&a.dyson; <email>dyson@FreeBSD.org</email>">
 
 <!ENTITY a.eadler "Eitan Adler">
 <!ENTITY a.eadler.email "&a.eadler; <email>eadler@FreeBSD.org</email>">
 
 <!ENTITY a.ebrandi "Edson Brandi">
 <!ENTITY a.ebrandi.email "&a.ebrandi; <email>ebrandi@FreeBSD.org</email>">
 
 <!ENTITY a.ed "Ed Schouten">
 <!ENTITY a.ed.email "&a.ed; <email>ed@FreeBSD.org</email>">
 
 <!ENTITY a.edwin "Edwin Groothuis">
 <!ENTITY a.edwin.email "&a.edwin; <email>edwin@FreeBSD.org</email>">
 
 <!ENTITY a.ehaupt "Emanuel Haupt">
 <!ENTITY a.ehaupt.email "&a.ehaupt; <email>ehaupt@FreeBSD.org</email>">
 
 <!ENTITY a.eik "Oliver Eikemeier">
 <!ENTITY a.eik.email "&a.eik; <email>eik@FreeBSD.org</email>">
 
 <!ENTITY a.eivind "Eivind Eklund">
 <!ENTITY a.eivind.email "&a.eivind; <email>eivind@FreeBSD.org</email>">
 
 <!ENTITY a.ejc "Eric J. Chet">
 <!ENTITY a.ejc.email "&a.ejc; <email>ejc@FreeBSD.org</email>">
 
 <!ENTITY a.emaste "Ed Maste">
 <!ENTITY a.emaste.email "&a.emaste; <email>emaste@FreeBSD.org</email>">
 
 <!ENTITY a.emax "Maksim Yevmenkin">
 <!ENTITY a.emax.email "&a.emax; <email>emax@FreeBSD.org</email>">
 
 <!ENTITY a.emoore "Eric Moore">
 <!ENTITY a.emoore.email "&a.emoore; <email>emoore@FreeBSD.org</email>">
 
 <!ENTITY a.eri "Ermal Lu&#231;i">
 <!ENTITY a.eri.email "&a.eri; <email>eri@FreeBSD.org</email>">
 
 <!ENTITY a.eric "Eric Melville">
 <!ENTITY a.eric.email "&a.eric; <email>eric@FreeBSD.org</email>">
 
 <!ENTITY a.erich "Eric L. Hernes">
 <!ENTITY a.erich.email "&a.erich; <email>erich@FreeBSD.org</email>">
 
 <!ENTITY a.erik "Erik Cederstrand">
 <!ENTITY a.erik.email "&a.erik; <email>erik@FreeBSD.org</email>">
 
 <!ENTITY a.erwin "Erwin Lansing">
 <!ENTITY a.erwin.email "&a.erwin; <email>erwin@FreeBSD.org</email>">
 
 <!ENTITY a.fabient "Fabien Thomas">
 <!ENTITY a.fabient.email "&a.fabient; <email>fabient@FreeBSD.org</email>">
 
 <!ENTITY a.fanf "Tony Finch">
 <!ENTITY a.fanf.email "&a.fanf; <email>fanf@FreeBSD.org</email>">
 
 <!ENTITY a.farrokhi "Babak Farrokhi">
 <!ENTITY a.farrokhi.email "&a.farrokhi; <email>farrokhi@FreeBSD.org</email>">
 
 <!ENTITY a.fenner "Bill Fenner">
 <!ENTITY a.fenner.email "&a.fenner; <email>fenner@FreeBSD.org</email>">
 
 <!ENTITY a.fjoe "Max Khon">
 <!ENTITY a.fjoe.email "&a.fjoe; <email>fjoe@FreeBSD.org</email>">
 
 <!ENTITY a.flathill "Seiichirou Hiraoka">
 <!ENTITY a.flathill.email "&a.flathill; <email>flathill@FreeBSD.org</email>">
 
 <!ENTITY a.flo "Florian Smeets">
 <!ENTITY a.flo.email "&a.flo; <email>flo@FreeBSD.org</email>">
 
 <!ENTITY a.fluffy "Dima Panov">
 <!ENTITY a.fluffy.email "&a.fluffy; <email>fluffy@FreeBSD.org</email>">
 
 <!ENTITY a.flz "Florent Thoumie">
 <!ENTITY a.flz.email "&a.flz; <email>flz@FreeBSD.org</email>">
 
 <!ENTITY a.foxfair "Howard F. Hu">
 <!ENTITY a.foxfair.email "&a.foxfair; <email>foxfair@FreeBSD.org</email>">
 
 <!ENTITY a.fsmp "Steve Passe">
 <!ENTITY a.fsmp.email "&a.fsmp; <email>fsmp@FreeBSD.org</email>">
 
 <!ENTITY a.furuta "Atsushi Furuta">
 <!ENTITY a.furuta.email "&a.furuta; <email>furuta@FreeBSD.org</email>">
 
 <!ENTITY a.gabor "G&aacute;bor K&ouml;vesd&aacute;n">
 <!ENTITY a.gabor.email "&a.gabor; <email>gabor@FreeBSD.org</email>">
 
 <!ENTITY a.gad "Garance A Drosehn">
 <!ENTITY a.gad.email "&a.gad; <email>gad@FreeBSD.org</email>">
 
 <!ENTITY a.gahr "Pietro Cerutti">
 <!ENTITY a.gahr.email "&a.gahr; <email>gahr@FreeBSD.org</email>">
 
 <!ENTITY a.gallatin "Andrew Gallatin">
 <!ENTITY a.gallatin.email "&a.gallatin; <email>gallatin@FreeBSD.org</email>">
 
 <!ENTITY a.ganbold "Ganbold Tsagaankhuu">
 <!ENTITY a.ganbold.email "&a.ganbold; <email>ganbold@FreeBSD.org</email>">
 
 <!ENTITY a.garga "Renato Botelho">
 <!ENTITY a.garga.email "&a.garga; <email>garga@FreeBSD.org</email>">
 
 <!ENTITY a.garys "Gary W. Swearingen">
 <!ENTITY a.garys.email "&a.garys; <email>garys@FreeBSD.org</email>">
 
 <!ENTITY a.gavin "Gavin Atkinson">
 <!ENTITY a.gavin.email "&a.gavin; <email>gavin@FreeBSD.org</email>">
 
 <!ENTITY a.gber "Grzegorz Bernacki">
 <!ENTITY a.gber.email "&a.gber; <email>gber@FreeBSD.org</email>">
 
 <!ENTITY a.gblach "Grzegorz Blach">
 <!ENTITY a.gblach.email "&a.gblach; <email>gblach@FreeBSD.org</email>">
 
 <!ENTITY a.gclarkii "Gary Clark II">
 <!ENTITY a.gclarkii.email "&a.gclarkii; <email>gclarkii@FreeBSD.org</email>">
 
 <!ENTITY a.gehenna "MAEKAWA Masahide">
 <!ENTITY a.gehenna.email "&a.gehenna; <email>gehenna@FreeBSD.org</email>">
 
 <!ENTITY a.gerald "Gerald Pfeifer">
 <!ENTITY a.gerald.email "&a.gerald; <email>gerald@FreeBSD.org</email>">
 
 <!ENTITY a.ghelmer "Guy Helmer">
 <!ENTITY a.ghelmer.email "&a.ghelmer; <email>ghelmer@FreeBSD.org</email>">
 
 <!ENTITY a.gibbs "Justin T. Gibbs">
 <!ENTITY a.gibbs.email "&a.gibbs; <email>gibbs@FreeBSD.org</email>">
 
 <!ENTITY a.gioria "Sebastien Gioria">
 <!ENTITY a.gioria.email "&a.gioria; <email>gioria@FreeBSD.org</email>">
 
 <!ENTITY a.girgen "Palle Girgensohn">
 <!ENTITY a.girgen.email "&a.girgen; <email>girgen@FreeBSD.org</email>">
 
 <!ENTITY a.gj "Gary Jennejohn">
 <!ENTITY a.gj.email "&a.gj; <email>gj@FreeBSD.org</email>">
 
 <!ENTITY a.gjb "Glen Barber">
 <!ENTITY a.gjb.email "&a.gjb; <email>gjb@FreeBSD.org</email>">
 
 <!ENTITY a.glarkin "Greg Larkin">
 <!ENTITY a.glarkin.email "&a.glarkin; <email>glarkin@FreeBSD.org</email>">
 
 <!ENTITY a.gleb "Gleb Kurtsou">
 <!ENTITY a.gleb.email "&a.gleb; <email>gleb@FreeBSD.org</email>">
 
 <!ENTITY a.glebius "Gleb Smirnoff">
 <!ENTITY a.glebius.email "&a.glebius; <email>glebius@FreeBSD.org</email>">
 
 <!ENTITY a.glewis "Greg Lewis">
 <!ENTITY a.glewis.email "&a.glewis; <email>glewis@FreeBSD.org</email>">
 
 <!ENTITY a.gnn "George V. Neville-Neil">
 <!ENTITY a.gnn.email "&a.gnn; <email>gnn@FreeBSD.org</email>">
 
 <!ENTITY a.gonzo "Oleksandr Tymoshenko">
 <!ENTITY a.gonzo.email "&a.gonzo; <email>gonzo@FreeBSD.org</email>">
 
 <!ENTITY a.gordon "Gordon Tetlow">
 <!ENTITY a.gordon.email "&a.gordon; <email>gordon@FreeBSD.org</email>">
 
 <!ENTITY a.gpalmer "Gary Palmer">
 <!ENTITY a.gpalmer.email "&a.gpalmer; <email>gpalmer@FreeBSD.org</email>">
 
 <!ENTITY a.graichen "Thomas Graichen">
 <!ENTITY a.graichen.email "&a.graichen; <email>graichen@FreeBSD.org</email>">
 
 <!ENTITY a.green "Brian F. Feldman">
 <!ENTITY a.green.email "&a.green; <email>green@FreeBSD.org</email>">
 
 <!ENTITY a.grehan "Peter Grehan">
 <!ENTITY a.grehan.email "&a.grehan; <email>grehan@FreeBSD.org</email>">
 
 <!ENTITY a.greid "George C. A. Reid">
 <!ENTITY a.greid.email "&a.greid; <email>greid@FreeBSD.org</email>">
 
 <!ENTITY a.grog "Greg Lehey">
 <!ENTITY a.grog.email "&a.grog; <email>grog@FreeBSD.org</email>">
 
 <!ENTITY a.groudier "Gerard Roudier">
 <!ENTITY a.groudier.email "&a.groudier; <email>groudier@FreeBSD.org</email>">
 
 <!ENTITY a.gryphon "Coranth Gryphon">
 <!ENTITY a.gryphon.email "&a.gryphon; <email>gryphon@FreeBSD.org</email>">
 
 <!ENTITY a.gshapiro "Gregory Neil Shapiro">
 <!ENTITY a.gshapiro.email "&a.gshapiro; <email>gshapiro@FreeBSD.org</email>">
 
 <!ENTITY a.gsutter "Gregory Sutter">
 <!ENTITY a.gsutter.email "&a.gsutter; <email>gsutter@FreeBSD.org</email>">
 
 <!ENTITY a.guido "Guido van Rooij">
 <!ENTITY a.guido.email "&a.guido; <email>guido@FreeBSD.org</email>">
 
 <!ENTITY a.hanai "Hiroyuki HANAI">
 <!ENTITY a.hanai.email "&a.hanai; <email>hanai@FreeBSD.org</email>">
 
 <!ENTITY a.harti "Hartmut Brandt">
 <!ENTITY a.harti.email "&a.harti; <email>harti@FreeBSD.org</email>">
 
 <!ENTITY a.helbig "Wolfgang Helbig">
 <!ENTITY a.helbig.email "&a.helbig; <email>helbig@FreeBSD.org</email>">
 
 <!ENTITY a.hm "Hellmuth Michaelis">
 <!ENTITY a.hm.email "&a.hm; <email>hm@FreeBSD.org</email>">
 
 <!ENTITY a.hmp "Hiten Pandya">
 <!ENTITY a.hmp.email "&a.hmp; <email>hmp@FreeBSD.org</email>">
 
 <!ENTITY a.hoek "Tim Vanderhoek">
 <!ENTITY a.hoek.email "&a.hoek; <email>hoek@FreeBSD.org</email>">
 
 <!ENTITY a.horikawa "Kazuo Horikawa">
 <!ENTITY a.horikawa.email "&a.horikawa; <email>horikawa@FreeBSD.org</email>">
 
 <!ENTITY a.hosokawa "Tatsumi Hosokawa">
 <!ENTITY a.hosokawa.email "&a.hosokawa; <email>hosokawa@FreeBSD.org</email>">
 
 <!ENTITY a.hq "Herve Quiroz">
 <!ENTITY a.hq.email "&a.hq; <email>hq@FreeBSD.org</email>">
 
 <!ENTITY a.hrs "Hiroki Sato">
 <!ENTITY a.hrs.email "&a.hrs; <email>hrs@FreeBSD.org</email>">
 
 <!ENTITY a.hselasky "Hans Petter Selasky">
 <!ENTITY a.hselasky.email "&a.hselasky; <email>hselasky@FreeBSD.org</email>">
 
 <!ENTITY a.hsu "Jeffrey Hsu">
 <!ENTITY a.hsu.email "&a.hsu; <email>hsu@FreeBSD.org</email>">
 
 <!ENTITY a.ian "Ian Lepore">
 <!ENTITY a.ian.email "&a.ian; <email>ian@FreeBSD.org</email>">
 
 <!ENTITY a.iedowse "Ian Dowse">
 <!ENTITY a.iedowse.email "&a.iedowse; <email>iedowse@FreeBSD.org</email>">
 
 <!ENTITY a.ijliao "Ying-Chieh Liao">
 <!ENTITY a.ijliao.email "&a.ijliao; <email>ijliao@FreeBSD.org</email>">
 
 <!ENTITY a.ikob "Katsushi Kobayashi">
 <!ENTITY a.ikob.email "&a.ikob; <email>ikob@FreeBSD.org</email>">
 
 <!ENTITY a.imp "Warner Losh">
 <!ENTITY a.imp.email "&a.imp; <email>imp@FreeBSD.org</email>">
 
 <!ENTITY a.imura "R. Imura">
 <!ENTITY a.imura.email "&a.imura; <email>imura@FreeBSD.org</email>">
 
 <!ENTITY a.issei "Issei Suzuki">
 <!ENTITY a.issei.email "&a.issei; <email>issei@FreeBSD.org</email>">
 
 <!ENTITY a.issyl0 "Isabell Long">
 <!ENTITY a.issyl0.email "&a.issyl0; <email>issyl0@FreeBSD.org</email>">
 
 <!ENTITY a.itetcu "Ion-Mihai Tetcu">
 <!ENTITY a.itetcu.email "&a.itetcu; <email>itetcu@FreeBSD.org</email>">
 
 <!ENTITY a.itojun "Jun-ichiro Itoh">
 <!ENTITY a.itojun.email "&a.itojun; <email role='nolink'>itojun@FreeBSD.org</email>">
 
 <!ENTITY a.ivoras "Ivan Voras">
 <!ENTITY a.ivoras.email "&a.ivoras; <email>ivoras@FreeBSD.org</email>">
 
 <!ENTITY a.iwasaki "Mitsuru IWASAKI">
 <!ENTITY a.iwasaki.email "&a.iwasaki; <email>iwasaki@FreeBSD.org</email>">
 
 <!ENTITY a.jacula "Giuseppe Pilichi">
 <!ENTITY a.jacula.email "&a.jacula; <email>jacula@FreeBSD.org</email>">
 
 <!ENTITY a.jadawin "Philippe Audeoud">
 <!ENTITY a.jadawin.email "&a.jadawin; <email>jadawin@FreeBSD.org</email>">
 
 <!ENTITY a.jake "Jake Burkholder">
 <!ENTITY a.jake.email "&a.jake; <email>jake@FreeBSD.org</email>">
 
 <!ENTITY a.jamie "Jamie Gritton">
 <!ENTITY a.jamie.email "&a.jamie; <email>jamie@FreeBSD.org</email>">
 
 <!ENTITY a.jamil "Jamil Weatherby">
 <!ENTITY a.jamil.email "&a.jamil; <email>jamil@FreeBSD.org</email>">
 
 <!ENTITY a.jase "Jase Thew">
 <!ENTITY a.jase.email "&a.jase; <email>jase@FreeBSD.org</email>">
 
 <!ENTITY a.jasone "Jason Evans">
 <!ENTITY a.jasone.email "&a.jasone; <email>jasone@FreeBSD.org</email>">
 
 <!ENTITY a.jayanth "Jayanth Vijayaraghavan">
 <!ENTITY a.jayanth.email "&a.jayanth; <email>jayanth@FreeBSD.org</email>">
 
 <!ENTITY a.jb "John Birrell">
 <!ENTITY a.jb.email "&a.jb; <email role='nolink'>jb@FreeBSD.org</email>">
 
 <!ENTITY a.jcamou "Jesus R. Camou">
 <!ENTITY a.jcamou.email "&a.jcamou; <email>jcamou@FreeBSD.org</email>">
 
 <!ENTITY a.jceel "Jakub Klama">
 <!ENTITY a.jceel.email "&a.jceel; <email>jceel@FreeBSD.org</email>">
 
 <!ENTITY a.jchandra "Jayachandran C.">
 <!ENTITY a.jchandra.email "&a.jchandra; <email>jchandra@FreeBSD.org</email>">
 
 <!ENTITY a.jdp "John Polstra">
 <!ENTITY a.jdp.email "&a.jdp; <email>jdp@FreeBSD.org</email>">
 
 <!ENTITY a.jedgar "Chris D. Faulhaber">
 <!ENTITY a.jedgar.email "&a.jedgar; <email>jedgar@FreeBSD.org</email>">
 
 <!ENTITY a.jeff "Jeff Roberson">
 <!ENTITY a.jeff.email "&a.jeff; <email>jeff@FreeBSD.org</email>">
 
 <!ENTITY a.jeh "James Housley">
 <!ENTITY a.jeh.email "&a.jeh; <email>jeh@FreeBSD.org</email>">
 
 <!ENTITY a.jehamby "Jake Hamby">
 <!ENTITY a.jehamby.email "&a.jehamby; <email>jehamby@FreeBSD.org</email>">
 
 <!ENTITY a.jennifer "Jennifer Yang">
 <!ENTITY a.jennifer.email "&a.jennifer; <email>jennifer@FreeBSD.org</email>">
 
 <!ENTITY a.jesper "Jesper Skriver">
 <!ENTITY a.jesper.email "&a.jesper; <email>jesper@FreeBSD.org</email>">
 
 <!ENTITY a.jesusr "Jesus Rodriguez">
 <!ENTITY a.jesusr.email "&a.jesusr; <email>jesusr@FreeBSD.org</email>">
 
 <!ENTITY a.jfieber "John Fieber">
 <!ENTITY a.jfieber.email "&a.jfieber; <email>jfieber@FreeBSD.org</email>">
 
 <!ENTITY a.jfitz "James FitzGibbon">
 <!ENTITY a.jfitz.email "&a.jfitz; <email>jfitz@FreeBSD.org</email>">
 
 <!ENTITY a.jfv "Jack F. Vogel">
 <!ENTITY a.jfv.email "&a.jfv; <email>jfv@FreeBSD.org</email>">
 
 <!ENTITY a.jgh "Jason Helfman">
 <!ENTITY a.jgh.email "&a.jgh; <email>jgh@FreeBSD.org</email>">
 
 <!ENTITY a.jgreco "Joe Greco">
 <!ENTITY a.jgreco.email "&a.jgreco; <email>jgreco@FreeBSD.org</email>">
 
 <!ENTITY a.jh "Jaakko Heinonen">
 <!ENTITY a.jh.email "&a.jh; <email>jh@FreeBSD.org</email>">
 
 <!ENTITY a.jhale "Jason E. Hale">
 <!ENTITY a.jhale.email "&a.jhale; <email>jhale@FreeBSD.org</email>">
 
 <!ENTITY a.jhay "John Hay">
 <!ENTITY a.jhay.email "&a.jhay; <email>jhay@FreeBSD.org</email>">
 
 <!ENTITY a.jhb "John Baldwin">
 <!ENTITY a.jhb.email "&a.jhb; <email>jhb@FreeBSD.org</email>">
 
 <!ENTITY a.jhibbits "Justin Hibbits">
 <!ENTITY a.jhibbits.email "&a.jhibbits; <email>jhibbits@FreeBSD.org</email>">
 
 <!ENTITY a.jhs "Julian Stacey">
 <!ENTITY a.jhs.email "&a.jhs; <email>jhs@FreeBSD.org</email>">
 
 <!ENTITY a.jilles "Jilles Tjoelker">
 <!ENTITY a.jilles.email "&a.jilles; <email>jilles@FreeBSD.org</email>">
 
 <!ENTITY a.jim "Jim Mock">
 <!ENTITY a.jim.email "&a.jim; <email>jim@FreeBSD.org</email>">
 
 <!ENTITY a.jimharris "Jim Harris">
 <!ENTITY a.jimharris.email "&a.jimharris; <email>jimharris@FreeBSD.org</email>">
 
 <!ENTITY a.jinmei "Tatuya JINMEI">
 <!ENTITY a.jinmei.email "&a.jinmei; <email>jinmei@FreeBSD.org</email>">
 
 <!ENTITY a.jkb "Jan Koum">
 <!ENTITY a.jkb.email "&a.jkb; <email>jkb@FreeBSD.org</email>">
 
 <!ENTITY a.jkh "Jordan K. Hubbard">
 <!ENTITY a.jkh.email "&a.jkh; <email>jkh@FreeBSD.org</email>">
 
 <!ENTITY a.jkim "Jung-uk Kim">
 <!ENTITY a.jkim.email "&a.jkim; <email>jkim@FreeBSD.org</email>">
 
 <!ENTITY a.jkois "Johann Kois">
 <!ENTITY a.jkois.email "&a.jkois; <email>jkois@FreeBSD.org</email>">
 
 <!ENTITY a.jkoshy "Joseph Koshy">
 <!ENTITY a.jkoshy.email "&a.jkoshy; <email>jkoshy@FreeBSD.org</email>">
 
 <!ENTITY a.jlaffaye "Julien Laffaye">
 <!ENTITY a.jlaffaye.email "&a.jlaffaye; <email>jlaffaye@FreeBSD.org</email>">
 
 <!ENTITY a.jlemon "Jonathan Lemon">
 <!ENTITY a.jlemon.email "&a.jlemon; <email>jlemon@FreeBSD.org</email>">
 
 <!ENTITY a.jlh "Jeremie Le Hen">
 <!ENTITY a.jlh.email "&a.jlh; <email>jlh@FreeBSD.org</email>">
 
 <!ENTITY a.jlrobin "James L. Robinson">
 <!ENTITY a.jlrobin.email "&a.jlrobin; <email>jlrobin@FreeBSD.org</email>">
 
 <!ENTITY a.jls "Jordan Sissel">
 <!ENTITY a.jls.email "&a.jls; <email>jls@FreeBSD.org</email>">
 
 <!ENTITY a.jmacd "Joshua Peck Macdonald">
 <!ENTITY a.jmacd.email "&a.jmacd; <email>jmacd@FreeBSD.org</email>">
 
 <!ENTITY a.jmallett "Juli Mallett">
 <!ENTITY a.jmallett.email "&a.jmallett; <email>jmallett@FreeBSD.org</email>">
 
 <!ENTITY a.jmas "Jose M. Alcaide">
 <!ENTITY a.jmas.email "&a.jmas; <email>jmas@FreeBSD.org</email>">
 
 <!ENTITY a.jmb "Jonathan M. Bresler">
 <!ENTITY a.jmb.email "&a.jmb; <email>jmb@FreeBSD.org</email>">
 
 <!ENTITY a.jmelo "Jean Milanez Melo">
 <!ENTITY a.jmelo.email "&a.jmelo; <email>jmelo@FreeBSD.org</email>">
 
 <!ENTITY a.jmg "John-Mark Gurney">
 <!ENTITY a.jmg.email "&a.jmg; <email>jmg@FreeBSD.org</email>">
 
 <!ENTITY a.jmz "Jean-Marc Zucconi">
 <!ENTITY a.jmz.email "&a.jmz; <email role='nolink'>jmz@FreeBSD.org</email>">
 
 <!ENTITY a.joe "Josef Karthauser">
 <!ENTITY a.joe.email "&a.joe; <email>joe@FreeBSD.org</email>">
 
 <!ENTITY a.joel "Joel Dahl">
 <!ENTITY a.joel.email "&a.joel; <email>joel@FreeBSD.org</email>">
 
 <!ENTITY a.joerg "J&ouml;rg Wunsch">
 <!ENTITY a.joerg.email "&a.joerg; <email>joerg@FreeBSD.org</email>">
 
 <!ENTITY a.johan "Johan Karlsson">
 <!ENTITY a.johan.email "&a.johan; <email>johan@FreeBSD.org</email>">
 
 <!ENTITY a.johans "Johan van Selst">
 <!ENTITY a.johans.email "&a.johans; <email>johans@FreeBSD.org</email>">
 
 <!ENTITY a.john "John Cavanaugh">
 <!ENTITY a.john.email "&a.john; <email>john@FreeBSD.org</email>">
 
 <!ENTITY a.jon "Jonathan Chen">
 <!ENTITY a.jon.email "&a.jon; <email>jon@FreeBSD.org</email>">
 
 <!ENTITY a.jonathan "Jonathan Anderson">
 <!ENTITY a.jonathan.email "&a.jonathan; <email>jonathan@FreeBSD.org</email>">
 
 <!ENTITY a.josef "Josef El-Rayes">
 <!ENTITY a.josef.email "&a.josef; <email>josef@FreeBSD.org</email>">
 
 <!ENTITY a.jpaetzel "Josh Paetzel">
 <!ENTITY a.jpaetzel.email "&a.jpaetzel; <email>jpaetzel@FreeBSD.org</email>">
 
 <!ENTITY a.jraynard "James Raynard">
 <!ENTITY a.jraynard.email "&a.jraynard; <email>jraynard@FreeBSD.org</email>">
 
 <!ENTITY a.jsa "Joseph S. Atkinson">
 <!ENTITY a.jsa.email "&a.jsa; <email>jsa@FreeBSD.org</email>">
 
 <!ENTITY a.jseger "Justin Seger">
 <!ENTITY a.jseger.email "&a.jseger; <email>jseger@FreeBSD.org</email>">
 
 <!ENTITY a.jtc "J.T. Conklin">
 <!ENTITY a.jtc.email "&a.jtc; <email>jtc@FreeBSD.org</email>">
 
 <!ENTITY a.julian "Julian Elischer">
 <!ENTITY a.julian.email "&a.julian; <email>julian@FreeBSD.org</email>">
 
 <!ENTITY a.jvh "Johannes Helander">
 <!ENTITY a.jvh.email "&a.jvh; <email>jvh@FreeBSD.org</email>">
 
 <!ENTITY a.jwd "John W. DeBoskey">
 <!ENTITY a.jwd.email "&a.jwd; <email>jwd@FreeBSD.org</email>">
 
 <!ENTITY a.jylefort "Jean-Yves Lefort">
 <!ENTITY a.jylefort.email "&a.jylefort; <email>jylefort@FreeBSD.org</email>">
 
 <!ENTITY a.kaiw "Kai Wang">
 <!ENTITY a.kaiw.email "&a.kaiw; <email>kaiw@FreeBSD.org</email>">
 
 <!ENTITY a.kan "Alexander Kabaev">
 <!ENTITY a.kan.email "&a.kan; <email>kan@FreeBSD.org</email>">
 
 <!ENTITY a.kargl "Steven G. Kargl">
 <!ENTITY a.kargl.email "&a.kargl; <email>kargl@FreeBSD.org</email>">
 
 <!ENTITY a.karl "Karl Strickland">
 <!ENTITY a.karl.email "&a.karl; <email>karl@FreeBSD.org</email>">
 
 <!ENTITY a.kato "Takenori KATO">
 <!ENTITY a.kato.email "&a.kato; <email>kato@FreeBSD.org</email>">
 
 <!ENTITY a.kbyanc "Kelly Yancey">
 <!ENTITY a.kbyanc.email "&a.kbyanc; <email>kbyanc@FreeBSD.org</email>">
 
 <!ENTITY a.keichii "Michael C. Wu">
 <!ENTITY a.keichii.email "&a.keichii; <email>keichii@FreeBSD.org</email>">
 
 <!ENTITY a.keith "Jing-Tang Keith Jang">
 <!ENTITY a.keith.email "&a.keith; <email>keith@FreeBSD.org</email>">
 
 <!ENTITY a.ken "Kenneth D. Merry">
 <!ENTITY a.ken.email "&a.ken; <email>ken@FreeBSD.org</email>">
 
 <!ENTITY a.kensmith "Ken Smith">
 <!ENTITY a.kensmith.email "&a.kensmith; <email>kensmith@FreeBSD.org</email>">
 
 <!ENTITY a.keramida "Giorgos Keramidas">
 <!ENTITY a.keramida.email "&a.keramida; <email>keramida@FreeBSD.org</email>">
 
 <!ENTITY a.kevlo "Kevin Lo">
 <!ENTITY a.kevlo.email "&a.kevlo; <email>kevlo@FreeBSD.org</email>">
 
 <!ENTITY a.kib "Konstantin Belousov">
 <!ENTITY a.kib.email "&a.kib; <email>kib@FreeBSD.org</email>">
 
 <!ENTITY a.kientzle "Tim Kientzle">
 <!ENTITY a.kientzle.email "&a.kientzle; <email>kientzle@FreeBSD.org</email>">
 
 <!ENTITY a.kiri "Kazuhiko Kiriyama">
 <!ENTITY a.kiri.email "&a.kiri; <email>kiri@FreeBSD.org</email>">
 
+<!ENTITY a.kishore "Kishore Sampathkumar">
+<!ENTITY a.kishore.email "&a.kishore; <email>kishore@FreeBSD.org</email>">
+
 <!ENTITY a.kjc "Kenjiro Cho">
 <!ENTITY a.kjc.email "&a.kjc; <email>kjc@FreeBSD.org</email>">
 
 <!ENTITY a.kmacy "Kip Macy">
 <!ENTITY a.kmacy.email "&a.kmacy; <email>kmacy@FreeBSD.org</email>">
 
 <!ENTITY a.kmoore "Kris Moore">
 <!ENTITY a.kmoore.email "&a.kmoore; <email>kmoore@FreeBSD.org</email>">
 
 <!ENTITY a.knu "Akinori MUSHA">
 <!ENTITY a.knu.email "&a.knu; <email>knu@FreeBSD.org</email>">
 
 <!ENTITY a.koitsu "Jeremy Chadwick">
 <!ENTITY a.koitsu.email "&a.koitsu; <email>koitsu@FreeBSD.org</email>">
 
 <!ENTITY a.koobs "Kubilay Kocak">
 <!ENTITY a.koobs.email "&a.koobs; <email>koobs@FreeBSD.org</email>">
 
 <!ENTITY a.krion "Kirill Ponomarew">
 <!ENTITY a.krion.email "&a.krion; <email>krion@FreeBSD.org</email>">
 
 <!ENTITY a.kris "Kris Kennaway">
 <!ENTITY a.kris.email "&a.kris; <email>kris@FreeBSD.org</email>">
 
 <!ENTITY a.kuku "Christoph P. Kukulies">
 <!ENTITY a.kuku.email "&a.kuku; <email>kuku@FreeBSD.org</email>">
 
 <!ENTITY a.kuriyama "Jun Kuriyama">
 <!ENTITY a.kuriyama.email "&a.kuriyama; <email>kuriyama@FreeBSD.org</email>">
 
 <!ENTITY a.kwm "Koop Mast">
 <!ENTITY a.kwm.email "&a.kwm; <email>kwm@FreeBSD.org</email>">
 
 <!ENTITY a.lars "Lars Fredriksen">
 <!ENTITY a.lars.email "&a.lars; <email>lars@FreeBSD.org</email>">
 
 <!ENTITY a.laszlof "Frank J. Laszlo">
 <!ENTITY a.laszlof.email "&a.laszlof; <email>laszlof@FreeBSD.org</email>">
 
 <!ENTITY a.lawrance "Sam Lawrance">
 <!ENTITY a.lawrance.email "&a.lawrance; <email>lawrance@FreeBSD.org</email>">
 
 <!ENTITY a.lbr "Lars Balker Rasmussen">
 <!ENTITY a.lbr.email "&a.lbr; <email>lbr@FreeBSD.org</email>">
 
 <!ENTITY a.le "Lukas Ertl">
 <!ENTITY a.le.email "&a.le; <email>le@FreeBSD.org</email>">
 
 <!ENTITY a.leeym "Yen-Ming Lee">
 <!ENTITY a.leeym.email "&a.leeym; <email>leeym@FreeBSD.org</email>">
 
 <!ENTITY a.lesi "Dejan Lesjak">
 <!ENTITY a.lesi.email "&a.lesi; <email>lesi@FreeBSD.org</email>">
 
 <!ENTITY a.lev "Lev Serebryakov">
 <!ENTITY a.lev.email "&a.lev; <email>lev@FreeBSD.org</email>">
 
 <!ENTITY a.lile "Larry Lile">
 <!ENTITY a.lile.email "&a.lile; <email>lile@FreeBSD.org</email>">
 
 <!ENTITY a.linimon "Mark Linimon">
 <!ENTITY a.linimon.email "&a.linimon; <email>linimon@FreeBSD.org</email>">
 
 <!ENTITY a.lioux "M&aacute;rio S&eacute;rgio Fujikawa Ferreira">
 <!ENTITY a.lioux.email "&a.lioux; <email>lioux@FreeBSD.org</email>">
 
 <!ENTITY a.lippe "Felippe de Meirelles Motta">
 <!ENTITY a.lippe.email "&a.lippe; <email>lippe@FreeBSD.org</email>">
 
 <!ENTITY a.ljo "L Jonas Olsson">
 <!ENTITY a.ljo.email "&a.ljo; <email>ljo@FreeBSD.org</email>">
 
 <!ENTITY a.lkoeller "Lars Koeller">
 <!ENTITY a.lkoeller.email "&a.lkoeller; <email>lkoeller@FreeBSD.org</email>">
 
 <!ENTITY a.lme "Lars Engels">
 <!ENTITY a.lme.email "&a.lme; <email>lme@FreeBSD.org</email>">
 
 <!ENTITY a.loader "Fukang Chen">
 <!ENTITY a.loader.email "&a.loader; <email>loader@FreeBSD.org</email>">
 
 <!ENTITY a.lofi "Michael Nottebrock">
 <!ENTITY a.lofi.email "&a.lofi; <email>lofi@FreeBSD.org</email>">
 
 <!ENTITY a.logo "Valentino Vaschetto">
 <!ENTITY a.logo.email "&a.logo; <email>logo@FreeBSD.org</email>">
 
 <!ENTITY a.lstewart "Lawrence Stewart">
 <!ENTITY a.lstewart.email "&a.lstewart; <email>lstewart@FreeBSD.org</email>">
 
 <!ENTITY a.lth "Lars Thegler">
 <!ENTITY a.lth.email "&a.lth; <email>lth@FreeBSD.org</email>">
 
 <!ENTITY a.luigi "Luigi Rizzo">
 <!ENTITY a.luigi.email "&a.luigi; <email>luigi@FreeBSD.org</email>">
 
 <!ENTITY a.lulf "Ulf Lilleengen">
 <!ENTITY a.lulf.email "&a.lulf; <email>lulf@FreeBSD.org</email>">
 
 <!ENTITY a.luoqi "Luoqi Chen">
 <!ENTITY a.luoqi.email "&a.luoqi; <email>luoqi@FreeBSD.org</email>">
 
 <!ENTITY a.lwhsu "Li-Wen Hsu">
 <!ENTITY a.lwhsu.email "&a.lwhsu; <email>lwhsu@FreeBSD.org</email>">
 
 <!ENTITY a.lx "David Thiel">
 <!ENTITY a.lx.email "&a.lx; <email>lx@FreeBSD.org</email>">
 
 <!ENTITY a.madpilot "Guido Falsi">
 <!ENTITY a.madpilot.email "&a.madpilot; <email>madpilot@FreeBSD.org</email>">
 
 <!ENTITY a.maho "Maho Nakata">
 <!ENTITY a.maho.email "&a.maho; <email>maho@FreeBSD.org</email>">
 
 <!ENTITY a.markj "Mark Johnston">
 <!ENTITY a.markj.email "&a.markj; <email>markj@FreeBSD.org</email>">
 
 <!ENTITY a.markm "Mark Murray">
 <!ENTITY a.markm.email "&a.markm; <email>markm@FreeBSD.org</email>">
 
 <!ENTITY a.makc "Max Brazhnikov">
 <!ENTITY a.makc.email "&a.makc; <email>makc@FreeBSD.org</email>">
 
 <!ENTITY a.mandree "Matthias Andree">
 <!ENTITY a.mandree.email "&a.mandree; <email>mandree@FreeBSD.org</email>">
 
 <!ENTITY a.manolis "Manolis Kiagias">
 <!ENTITY a.manolis.email "&a.manolis; <email>manolis@FreeBSD.org</email>">
 
 <!ENTITY a.marcel "Marcel Moolenaar">
 <!ENTITY a.marcel.email "&a.marcel; <email>marcel@FreeBSD.org</email>">
 
 <!ENTITY a.marck "Dmitry Morozovsky">
 <!ENTITY a.marck.email "&a.marck; <email>marck@FreeBSD.org</email>">
 
 <!ENTITY a.marcus "Joe Marcus Clarke">
 <!ENTITY a.marcus.email "&a.marcus; <email>marcus@FreeBSD.org</email>">
 
 <!ENTITY a.marius "Marius Strobl">
 <!ENTITY a.marius.email "&a.marius; <email>marius@FreeBSD.org</email>">
 
 <!ENTITY a.markm "Mark Murray">
 <!ENTITY a.markm.email "&a.markm; <email>markm@FreeBSD.org</email>">
 
 <!ENTITY a.marko "Mark Ovens">
 <!ENTITY a.marko.email "&a.marko; <email>marko@FreeBSD.org</email>">
 
 <!ENTITY a.markp "Mark Pulford">
 <!ENTITY a.markp.email "&a.markp; <email>markp@FreeBSD.org</email>">
 
 <!ENTITY a.marks "Mark Santcroos">
 <!ENTITY a.marks.email "&a.marks; <email>marks@FreeBSD.org</email>">
 
 <!ENTITY a.markus "Markus Br&uuml;ffer">
 <!ENTITY a.markus.email "&a.markus; <email>markus@FreeBSD.org</email>">
 
 <!ENTITY a.martin "Martin Renters">
 <!ENTITY a.martin.email "&a.martin; <email>martin@FreeBSD.org</email>">
 
 <!ENTITY a.martymac "Ganael Laplanche">
 <!ENTITY a.martymac.email "&a.martymac; <email>martymac@FreeBSD.org</email>">
 
 <!ENTITY a.mat "Mathieu Arnold">
 <!ENTITY a.mat.email "&a.mat; <email>mat@FreeBSD.org</email>">
 
 <!ENTITY a.matk "Mathew Kanner">
 <!ENTITY a.matk.email "&a.matk; <email>matk@FreeBSD.org</email>">
 
 <!ENTITY a.matt "Matt Olander">
 <!ENTITY a.matt.email "&a.matt; <email>matt@FreeBSD.org</email>">
 
 <!ENTITY a.matteo "Matteo Riondato">
 <!ENTITY a.matteo.email "&a.matteo; <email>matteo@FreeBSD.org</email>">
 
 <!ENTITY a.matthew "Matthew Seaman">
 <!ENTITY a.matthew.email "&a.matthew; <email>matthew@FreeBSD.org</email>">
 
 <!ENTITY a.matusita "Makoto Matsushita">
 <!ENTITY a.matusita.email "&a.matusita; <email>matusita@FreeBSD.org</email>">
 
 <!ENTITY a.mav "Alexander Motin">
 <!ENTITY a.mav.email "&a.mav; <email>mav@FreeBSD.org</email>">
 
 <!ENTITY a.max "Masafumi NAKANE">
 <!ENTITY a.max.email "&a.max; <email>max@FreeBSD.org</email>">
 
 <!ENTITY a.maxim "Maxim Konovalov">
 <!ENTITY a.maxim.email "&a.maxim; <email>maxim@FreeBSD.org</email>">
 
 <!ENTITY a.mb "Maxim Bolotin">
 <!ENTITY a.mb.email "&a.mb; <email>mb@FreeBSD.org</email>">
 
 <!ENTITY a.mbarkah "Ade Barkah">
 <!ENTITY a.mbarkah.email "&a.mbarkah; <email>mbarkah@FreeBSD.org</email>">
 
 <!ENTITY a.mbr "Martin Blapp">
 <!ENTITY a.mbr.email "&a.mbr; <email>mbr@FreeBSD.org</email>">
 
 <!ENTITY a.mckay "Stephen McKay">
 <!ENTITY a.mckay.email "&a.mckay; <email>mckay@FreeBSD.org</email>">
 
 <!ENTITY a.mckusick "Kirk McKusick">
 <!ENTITY a.mckusick.email "&a.mckusick; <email>mckusick@FreeBSD.org</email>">
 
 <!ENTITY a.mdf "Matthew Fleming">
 <!ENTITY a.mdf.email "&a.mdf; <email>mdf@FreeBSD.org</email>">
 
 <!ENTITY a.mdodd "Matthew N. Dodd">
 <!ENTITY a.mdodd.email "&a.mdodd; <email>mdodd@FreeBSD.org</email>">
 
 <!ENTITY a.meganm "Megan McCormack">
 <!ENTITY a.meganm.email "&a.meganm; <email>meganm@FreeBSD.rgo</email>">
 
 <!ENTITY a.melifaro "Alexander V. Chernikov">
 <!ENTITY a.melifaro.email "&a.melifaro; <email>melifaro@FreeBSD.org</email>">
 
 <!ENTITY a.metal "Koichi Suzuki">
 <!ENTITY a.metal.email "&a.metal; <email>metal@FreeBSD.org</email>">
 
 <!ENTITY a.mezz "Jeremy Messenger">
 <!ENTITY a.mezz.email "&a.mezz; <email>mezz@FreeBSD.org</email>">
 
 <!ENTITY a.mharo "Michael Haro">
 <!ENTITY a.mharo.email "&a.mharo; <email>mharo@FreeBSD.org</email>">
 
 <!ENTITY a.mheinen "Martin Heinen">
 <!ENTITY a.mheinen.email "&a.mheinen; <email>mheinen@FreeBSD.org</email>">
 
 <!ENTITY a.mi "Mikhail Teterin">
 <!ENTITY a.mi.email "&a.mi; <email>mi@FreeBSD.org</email>">
 
 <!ENTITY a.mich "Michael L. Hostbaek">
 <!ENTITY a.mich.email "&a.mich; <email>mich@FreeBSD.org</email>">
 
 <!ENTITY a.mike "Mike Barcroft">
 <!ENTITY a.mike.email "&a.mike; <email>mike@FreeBSD.org</email>">
 
 <!ENTITY a.mikeh "Mike Heffner">
 <!ENTITY a.mikeh.email "&a.mikeh; <email>mikeh@FreeBSD.org</email>">
 
 <!ENTITY a.mini "Jonathan Mini">
 <!ENTITY a.mini.email "&a.mini; <email>mini@FreeBSD.org</email>">
 
 <!ENTITY a.mita "Yoshio MITA">
 <!ENTITY a.mita.email "&a.mita; <email>mita@FreeBSD.org</email>">
 
 <!ENTITY a.miwi "Martin Wilke">
 <!ENTITY a.miwi.email "&a.miwi; <email>miwi@FreeBSD.org</email>">
 
 <!ENTITY a.mjacob "Matthew Jacob">
 <!ENTITY a.mjacob.email "&a.mjacob; <email>mjacob@FreeBSD.org</email>">
 
 <!ENTITY a.mjg "Mateusz Guzik">
 <!ENTITY a.mjg.email "&a.mjg; <email>mjg@FreeBSD.org</email>">
 
 <!ENTITY a.mks "Mike Spengler">
 <!ENTITY a.mks.email "&a.mks; <email>mks@FreeBSD.org</email>">
 
 <!ENTITY a.mlaier "Max Laier">
 <!ENTITY a.mlaier.email "&a.mlaier; <email>mlaier@FreeBSD.org</email>">
 
 <!ENTITY a.mm "Martin Matuska">
 <!ENTITY a.mm.email "&a.mm; <email>mm@FreeBSD.org</email>">
 
 <!ENTITY a.mnag "Marcus Alves Grando">
 <!ENTITY a.mnag.email "&a.mnag; <email>mnag@FreeBSD.org</email>">
 
 <!ENTITY a.mohans "Mohan Srinivasan">
 <!ENTITY a.mohans.email "&a.mohans; <email>mohans@FreeBSD.org</email>">
 
 <!ENTITY a.monthadar "Monthadar Al Jaberi">
 <!ENTITY a.monthadar.email "&a.monthadar; <email>monthadar@FreeBSD.org</email>">
 
 <!ENTITY a.motoyuki "Motoyuki Konno">
 <!ENTITY a.motoyuki.email "&a.motoyuki; <email>motoyuki@FreeBSD.org</email>">
 
 <!ENTITY a.mp "Mark Peek">
 <!ENTITY a.mp.email "&a.mp; <email>mp@FreeBSD.org</email>">
 
 <!ENTITY a.mph "Matthew Hunt">
 <!ENTITY a.mph.email "&a.mph; <email>mph@FreeBSD.org</email>">
 
 <!ENTITY a.mpp "Mike Pritchard">
 <!ENTITY a.mpp.email "&a.mpp; <email>mpp@FreeBSD.org</email>">
 
 <!ENTITY a.mr "Michael Reifenberger">
 <!ENTITY a.mr.email "&a.mr; <email>mr@FreeBSD.org</email>">
 
 <!ENTITY a.msmith "Michael Smith">
 <!ENTITY a.msmith.email "&a.msmith; <email>msmith@FreeBSD.org</email>">
 
 <!ENTITY a.mtaylor "Mark J. Taylor">
 <!ENTITY a.mtaylor.email "&a.mtaylor; <email>mtaylor@FreeBSD.org</email>">
 
 <!ENTITY a.mtm "Mike Makonnen">
 <!ENTITY a.mtm.email "&a.mtm; <email>mtm@FreeBSD.org</email>">
 
 <!ENTITY a.murray "Murray Stokely">
 <!ENTITY a.murray.email "&a.murray; <email>murray@FreeBSD.org</email>">
 
 <!ENTITY a.mux "Maxime Henrion">
 <!ENTITY a.mux.email "&a.mux; <email>mux@FreeBSD.org</email>">
 
 <!ENTITY a.mva "Marcus von Appen">
 <!ENTITY a.mva.email "&a.mva; <email>mva@FreeBSD.org</email>">
 
 <!ENTITY a.mwlucas "Michael W. Lucas">
 <!ENTITY a.mwlucas.email "&a.mwlucas; <email>mwlucas@FreeBSD.org</email>">
 
 <!ENTITY a.naddy "Christian Weisgerber">
 <!ENTITY a.naddy.email "&a.naddy; <email>naddy@FreeBSD.org</email>">
 
 <!ENTITY a.nakai "Yukihiro Nakai">
 <!ENTITY a.nakai.email "&a.nakai; <email>nakai@FreeBSD.org</email>">
 
 <!ENTITY a.nate "Nate Williams">
 <!ENTITY a.nate.email "&a.nate; <email>nate@FreeBSD.org</email>">
 
 <!ENTITY a.nbm "Neil Blakey-Milner">
 <!ENTITY a.nbm.email "&a.nbm; <email>nbm@FreeBSD.org</email>">
 
 <!ENTITY a.nectar "Jacques Vidrine">
 <!ENTITY a.nectar.email "&a.nectar; <email>nectar@FreeBSD.org</email>">
 
 <!ENTITY a.neel "Neel Natu">
 <!ENTITY a.neel.email "&a.neel; <email>neel@FreeBSD.org</email>">
 
 <!ENTITY a.nemoliu "Tong Liu">
 <!ENTITY a.nemoliu.email "&a.nemoliu; <email>nemoliu@FreeBSD.org</email>">
 
 <!ENTITY a.netchild "Alexander Leidinger">
 <!ENTITY a.netchild.email "&a.netchild; <email>netchild@FreeBSD.org</email>">
 
 <!ENTITY a.newton "Mark Newton">
 <!ENTITY a.newton.email "&a.newton; <email>newton@FreeBSD.org</email>">
 
 <!ENTITY a.nhibma "Nick Hibma">
 <!ENTITY a.nhibma.email "&a.nhibma; <email>n_hibma@FreeBSD.org</email>">
 
 <!ENTITY a.niels "Niels Heinen">
 <!ENTITY a.niels.email "&a.niels; <email>niels@FreeBSD.org</email>">
 
 <!ENTITY a.nik "Nik Clayton">
 <!ENTITY a.nik.email "&a.nik; <email>nik@FreeBSD.org</email>">
 
 <!ENTITY a.niklas "Niklas Saers">
 <!ENTITY a.niklas.email "&a.niklas; <email>niklas@FreeBSD.org</email>">
 
 <!ENTITY a.nivit "Nicola Vitale">
 <!ENTITY a.nivit.email "&a.nivit; <email>nivit@FreeBSD.org</email>">
 
 <!ENTITY a.njl "Nate Lawson">
 <!ENTITY a.njl.email "&a.njl; <email>njl@FreeBSD.org</email>">
 
 <!ENTITY a.nobutaka "Nobutaka MANTANI">
 <!ENTITY a.nobutaka.email "&a.nobutaka; <email>nobutaka@FreeBSD.org</email>">
 
 <!ENTITY a.non "Noriaki Mitsunaga">
 <!ENTITY a.non.email "&a.non; <email>non@FreeBSD.org</email>">
 
 <!ENTITY a.nork "Norikatsu Shigemura">
 <!ENTITY a.nork.email "&a.nork; <email>nork@FreeBSD.org</email>">
 
 <!ENTITY a.novel "Roman Bogorodskiy">
 <!ENTITY a.novel.email "&a.novel; <email>novel@FreeBSD.org</email>">
 
 <!ENTITY a.nox "Juergen Lock">
 <!ENTITY a.nox.email "&a.nox; <email>nox@FreeBSD.org</email>">
 
 <!ENTITY a.np "Navdeep Parhar">
 <!ENTITY a.np.email "&a.np; <email>np@FreeBSD.org</email>">
 
 <!ENTITY a.nra "Nathan Ahlstrom">
 <!ENTITY a.nra.email "&a.nra; <email>nra@FreeBSD.org</email>">
 
 <!ENTITY a.nsayer "Nick Sayer">
 <!ENTITY a.nsayer.email "&a.nsayer; <email>nsayer@FreeBSD.org</email>">
 
 <!ENTITY a.nsj "Nate Johnson">
 <!ENTITY a.nsj.email "&a.nsj; <email>nsj@FreeBSD.org</email>">
 
 <!ENTITY a.nsouch "Nicolas Souchu">
 <!ENTITY a.nsouch.email "&a.nsouch; <email>nsouch@FreeBSD.org</email>">
 
 <!ENTITY a.nwhitehorn "Nathan Whitehorn">
 <!ENTITY a.nwhitehorn.email "&a.nwhitehorn; <email>nwhitehorn@FreeBSD.org</email>">
 
 <!ENTITY a.nyan "Yoshihiro Takahashi">
 <!ENTITY a.nyan.email "&a.nyan; <email>nyan@FreeBSD.org</email>">
 
 <!ENTITY a.obraun "Oliver Braun">
 <!ENTITY a.obraun.email "&a.obraun; <email>obraun@FreeBSD.org</email>">
 
 <!ENTITY a.obrien "David O'Brien">
 <!ENTITY a.obrien.email "&a.obrien; <email>obrien@FreeBSD.org</email>">
 
 <!ENTITY a.ohauer "Oliver Hauer">
 <!ENTITY a.ohauer.email "&a.ohauer; <email>ohauer@FreeBSD.org</email>">
 
 <!ENTITY a.okazaki "Tetsurou OKAZAKI">
 <!ENTITY a.okazaki.email "&a.okazaki; <email>okazaki@FreeBSD.org</email>">
 
 <!ENTITY a.olah "Andras Olah">
 <!ENTITY a.olah.email "&a.olah; <email>olah@FreeBSD.org</email>">
 
 <!ENTITY a.oleg "Oleg Bulyzhin">
 <!ENTITY a.oleg.email "&a.oleg; <email>oleg@FreeBSD.org</email>">
 
 <!ENTITY a.olgeni "Jimmy Olgeni">
 <!ENTITY a.olgeni.email "&a.olgeni; <email>olgeni@FreeBSD.org</email>">
 
 <!ENTITY a.oliver "Oliver Lehmann">
 <!ENTITY a.oliver.email "&a.oliver; <email>oliver@FreeBSD.org</email>">
 
 <!ENTITY a.olivierd "Olivier Duchateau">
 <!ENTITY a.olivierd.email "&a.olivierd; <email>olivierd@FreeBSD.org</email>">
 
 <!ENTITY a.olli "Oliver Fromme">
 <!ENTITY a.olli.email "&a.olli; <email>olli@FreeBSD.org</email>">
 
 <!ENTITY a.onoe "Atsushi Onoe">
 <!ENTITY a.onoe.email "&a.onoe; <email>onoe@FreeBSD.org</email>">
 
 <!ENTITY a.orion "Orion Hodson">
 <!ENTITY a.orion.email "&a.orion; <email>orion@FreeBSD.org</email>">
 
 <!ENTITY a.osa "Sergey A. Osokin">
 <!ENTITY a.osa.email "&a.osa; <email>osa@FreeBSD.org</email>">
 
 <!ENTITY a.pat "Patrick Li">
 <!ENTITY a.pat.email "&a.pat; <email>pat@FreeBSD.org</email>">
 
 <!ENTITY a.patrick "Patrick S. Gardella">
 <!ENTITY a.patrick.email "&a.patrick; <email>patrick@FreeBSD.org</email>">
 
 <!ENTITY a.paul "Paul Richards">
 <!ENTITY a.paul.email "&a.paul; <email>paul@FreeBSD.org</email>">
 
 <!ENTITY a.pav "Pav Lucistnik">
 <!ENTITY a.pav.email "&a.pav; <email>pav@FreeBSD.org</email>">
 
 <!ENTITY a.pawel "Pawel Pekala">
 <!ENTITY a.pawel.email "&a.pawel; <email>pawel@FreeBSD.org</email>">
 
 <!ENTITY a.pb "Pierre Beyssac">
 <!ENTITY a.pb.email "&a.pb; <email>pb@FreeBSD.org</email>">
 
 <!ENTITY a.pclin "Po-Chien Lin">
 <!ENTITY a.pclin.email "&a.pclin; <email>pclin@FreeBSD.org</email>">
 
 <!ENTITY a.pdeuskar "Prafulla S. Deuskar">
 <!ENTITY a.pdeuskar.email "&a.pdeuskar; <email>pdeuskar@FreeBSD.org</email>">
 
 <!ENTITY a.pds "Peter da Silva">
 <!ENTITY a.pds.email "&a.pds; <email>pds@FreeBSD.org</email>">
 
 <!ENTITY a.peadar "Peter Edwards">
 <!ENTITY a.peadar.email "&a.peadar; <email>peadar@FreeBSD.org</email>">
 
 <!ENTITY a.perky "Hye-Shik Chang">
 <!ENTITY a.perky.email "&a.perky; <email>perky@FreeBSD.org</email>">
 
 <!ENTITY a.petef "Pete Fritchman">
 <!ENTITY a.petef.email "&a.petef; <email>petef@FreeBSD.org</email>">
 
 <!ENTITY a.peter "Peter Wemm">
 <!ENTITY a.peter.email "&a.peter; <email>peter@FreeBSD.org</email>">
 
 <!ENTITY a.peterj "Peter Jeremy">
 <!ENTITY a.peterj.email "&a.peterj; <email>peterj@FreeBSD.org</email>">
 
 <!ENTITY a.pfg "Pedro Giffuni">
 <!ENTITY a.pfg.email "&a.pfg; <email>pfg@FreeBSD.org</email>">
 
 <!ENTITY a.pgj "G&aacute;bor P&aacute;li">
 <!ENTITY a.pgj.email "&a.pgj; <email>pgj@FreeBSD.org</email>">
 
 <!ENTITY a.pgollucci "Philip M. Gollucci">
 <!ENTITY a.pgollucci.email "&a.pgollucci; <email>pgollucci@FreeBSD.org</email>">
 
 <!ENTITY a.phantom "Alexey Zelkin">
 <!ENTITY a.phantom.email "&a.phantom; <email>phantom@FreeBSD.org</email>">
 
 <!ENTITY a.philip "Philip Paeps">
 <!ENTITY a.philip.email "&a.philip; <email>philip@FreeBSD.org</email>">
 
 <!ENTITY a.phk "Poul-Henning Kamp">
 <!ENTITY a.phk.email "&a.phk; <email>phk@FreeBSD.org</email>">
 
 <!ENTITY a.pho "Peter Holm">
 <!ENTITY a.pho.email "&a.pho; <email>pho@FreeBSD.org</email>">
 
 <!ENTITY a.piero "Piero Serini">
 <!ENTITY a.piero.email "&a.piero; <email>piero@FreeBSD.org</email>">
 
 <!ENTITY a.pirzyk "Jim Pirzyk">
 <!ENTITY a.pirzyk.email "&a.pirzyk; <email>pirzyk@FreeBSD.org</email>">
 
 <!ENTITY a.piso "Paolo Pisati">
 <!ENTITY a.piso.email "&a.piso; <email>piso@FreeBSD.org</email>">
 
 <!ENTITY a.pjd "Pawel Jakub Dawidek">
 <!ENTITY a.pjd.email "&a.pjd; <email>pjd@FreeBSD.org</email>">
 
 <!ENTITY a.pluknet "Sergey Kandaurov">
 <!ENTITY a.pluknet.email "&a.pluknet; <email>pluknet@FreeBSD.org</email>">
 
 <!ENTITY a.proven "Chris Provenzano">
 <!ENTITY a.proven.email "&a.proven; <email>proven@FreeBSD.org</email>">
 
 <!ENTITY a.ps "Paul Saab">
 <!ENTITY a.ps.email "&a.ps; <email>ps@FreeBSD.org</email>">
 
 <!ENTITY a.pst "Paul Traina">
 <!ENTITY a.pst.email "&a.pst; <email>pst@FreeBSD.org</email>">
 
 <!ENTITY a.qingli "Qing Li">
 <!ENTITY a.qingli.email "&a.qingli; <email>qingli@FreeBSD.org</email>">
 
 <!ENTITY a.rafan "Rong-En Fan">
 <!ENTITY a.rafan.email "&a.rafan; <email>rafan@FreeBSD.org</email>">
 
 <!ENTITY a.raj "Rafal Jaworowski">
 <!ENTITY a.raj.email "&a.raj; <email>raj@FreeBSD.org</email>">
 
 <!ENTITY a.rakuco "Raphael Kubo da Costa">
 <!ENTITY a.rakuco.email "&a.rakuco; <email>rakuco@FreeBSD.org</email>">
 
 <!ENTITY a.randi "Randi Harper">
 <!ENTITY a.randi.email "&a.randi; <email>randi@FreeBSD.org</email>">
 
 <!ENTITY a.ray "Aleksandr Rybalko">
 <!ENTITY a.ray.email "&a.ray; <email>ray@FreeBSD.org</email>">
 
 <!ENTITY a.rdivacky "Roman Divacky">
 <!ENTITY a.rdivacky.email "&a.rdivacky; <email>rdivacky@FreeBSD.org</email>">
 
 <!ENTITY a.rea "Eygene Ryabinkin">
 <!ENTITY a.rea.email "&a.rea; <email>rea@FreeBSD.org</email>">
 
 <!ENTITY a.rees "Jim Rees">
 <!ENTITY a.rees.email "&a.rees; <email>rees@FreeBSD.org</email>">
 
 <!ENTITY a.reg "Jeremy Lea">
 <!ENTITY a.reg.email "&a.reg; <email>reg@FreeBSD.org</email>">
 
 <!ENTITY a.remko "Remko Lodder">
 <!ENTITY a.remko.email "&a.remko; <email>remko@FreeBSD.org</email>">
 
 <!ENTITY a.rene "Ren&eacute; Ladan">
 <!ENTITY a.rene.email "&a.rene; <email>rene@FreeBSD.org</email>">
 
 <!ENTITY a.rgrimes "Rodney Grimes">
 <!ENTITY a.rgrimes.email "&a.rgrimes; <email>rgrimes@FreeBSD.org</email>">
 
 <!ENTITY a.ricardag "Ricardo AG">
 <!ENTITY a.ricardag.email "&a.ricardag; <email>ricardag@FreeBSD.org</email>">
 
 <!ENTITY a.rich "Rich Murphey">
 <!ENTITY a.rich.email "&a.rich; <email>rich@FreeBSD.org</email>">
 
 <!ENTITY a.rik "Roman Kurakin">
 <!ENTITY a.rik.email "&a.rik; <email>rik@FreeBSD.org</email>">
 
 <!ENTITY a.rink "Rink Springer">
 <!ENTITY a.rink.email "&a.rink; <email>rink@FreeBSD.org</email>">
 
 <!ENTITY a.rm "Ruslan Mahmatkhanov">
 <!ENTITY a.rm.email "&a.rm; <email>rm@FreeBSD.org</email>">
 
 <!ENTITY a.rmacklem "Rick Macklem">
 <!ENTITY a.rmacklem.email "&a.rmacklem; <email>rmacklem@FreeBSD.org</email>">
 
 <!ENTITY a.rmh "Robert Millan">
 <!ENTITY a.rmh.email "&a.rmh; <email>rmh@FreeBSD.org</email>">
 
 <!ENTITY a.rnoland "Robert Noland">
 <!ENTITY a.rnoland.email "&a.rnoland; <email>rnoland@FreeBSD.org</email>">
 
 <!ENTITY a.rnordier "Robert Nordier">
 <!ENTITY a.rnordier.email "&a.rnordier; <email>rnordier@FreeBSD.org</email>">
 
 <!ENTITY a.roam "Peter Pentchev">
 <!ENTITY a.roam.email "&a.roam; <email>roam@FreeBSD.org</email>">
 
 <!ENTITY a.robert "Robert Drehmel">
 <!ENTITY a.robert.email "&a.robert; <email>robert@FreeBSD.org</email>">
 
 <!ENTITY a.roberto "Ollivier Robert">
 <!ENTITY a.roberto.email "&a.roberto; <email>roberto@FreeBSD.org</email>">
 
 <!ENTITY a.rodrigc "Craig Rodrigues">
 <!ENTITY a.rodrigc.email "&a.rodrigc; <email>rodrigc@FreeBSD.org</email>">
 
 <!ENTITY a.roger "Roger Hardiman">
 <!ENTITY a.roger.email "&a.roger; <email>roger@FreeBSD.org</email>">
 
 <!ENTITY a.romain "Romain Tarti&egrave;re">
 <!ENTITY a.romain.email "&a.romain; <email>romain@FreeBSD.org</email>">
 
 <!ENTITY a.rpaulo "Rui Paulo">
 <!ENTITY a.rpaulo.email "&a.rpaulo; <email>rpaulo@FreeBSD.org</email>">
 
 <!ENTITY a.rpratt "Randy Pratt">
 <!ENTITY a.rpratt.email "&a.rpratt; <email>rpratt@FreeBSD.org</email>">
 
 <!ENTITY a.rrs "Randall R. Stewart">
 <!ENTITY a.rrs.email "&a.rrs; <email>rrs@FreeBSD.org</email>">
 
 <!ENTITY a.rse "Ralf S. Engelschall">
 <!ENTITY a.rse.email "&a.rse; <email>rse@FreeBSD.org</email>">
 
 <!ENTITY a.rsm "Scott Mitchell">
 <!ENTITY a.rsm.email "&a.rsm; <email>rsm@FreeBSD.org</email>">
 
 <!ENTITY a.rstone "Ryan Stone">
 <!ENTITY a.rstone.email "&a.rstone; <email>rstone@FreeBSD.org</email>">
 
 <!ENTITY a.ru "Ruslan Ermilov">
 <!ENTITY a.ru.email "&a.ru; <email>ru@FreeBSD.org</email>">
 
 <!ENTITY a.rushani "Hideyuki KURASHINA">
 <!ENTITY a.rushani.email "&a.rushani; <email>rushani@FreeBSD.org</email>">
 
 <!ENTITY a.rv "Rajesh Vaidheeswarran">
 <!ENTITY a.rv.email "&a.rv; <email>rv@FreeBSD.org</email>">
 
 <!ENTITY a.rvb "Robert V. Baron">
 <!ENTITY a.rvb.email "&a.rvb; <email>rvb@FreeBSD.org</email>">
 
 <!ENTITY a.rwatson "Robert Watson">
 <!ENTITY a.rwatson.email "&a.rwatson; <email>rwatson@FreeBSD.org</email>">
 
 <!ENTITY a.ryusuke "Ryusuke SUZUKI">
 <!ENTITY a.ryusuke.email "&a.ryusuke; <email>ryusuke@FreeBSD.org</email>">
 
 <!ENTITY a.sada "SADA Kenji">
 <!ENTITY a.sada.email "&a.sada; <email>sada@FreeBSD.org</email>">
 
 <!ENTITY a.sah "Sam Hopkins">
 <!ENTITY a.sah.email "&a.sah; <email>sah@FreeBSD.org</email>">
 
 <!ENTITY a.sahil "Sahil Tandon">
 <!ENTITY a.sahil.email "&a.sahil; <email>sahil@FreeBSD.org</email>">
 
 <!ENTITY a.sam "Sam Leffler">
 <!ENTITY a.sam.email "&a.sam; <email>sam@FreeBSD.org</email>">
 
 <!ENTITY a.sanpei "Yoshiro Sanpei MIHIRA">
 <!ENTITY a.sanpei.email "&a.sanpei; <email>sanpei@FreeBSD.org</email>">
 
 <!ENTITY a.sat "Andrew Pantyukhin">
 <!ENTITY a.sat.email "&a.sat; <email>sat@FreeBSD.org</email>">
 
 <!ENTITY a.sbruno "Sean Bruno">
 <!ENTITY a.sbruno.email "&a.sbruno; <email>sbruno@FreeBSD.org</email>">
 
 <!ENTITY a.sbz "Sofian Brabez">
 <!ENTITY a.sbz.email "&a.sbz; <email>sbz@FreeBSD.org</email>">
 
 <!ENTITY a.scf "Sean C. Farley">
 <!ENTITY a.scf.email "&a.scf; <email>scf@FreeBSD.org</email>">
 
 <!ENTITY a.scheidell "Michael Scheidell">
 <!ENTITY a.scheidell.email "&a.scheidell; <email>scheidell@FreeBSD.org</email>">
 
 <!ENTITY a.schweikh "Jens Schweikhardt">
 <!ENTITY a.schweikh.email "&a.schweikh; <email>schweikh@FreeBSD.org</email>">
 
 <!ENTITY a.scop "Ville Skytt&auml;">
 <!ENTITY a.scop.email "&a.scop; <email>scop@FreeBSD.org</email>">
 
 <!ENTITY a.scottl "Scott Long">
 <!ENTITY a.scottl.email "&a.scottl; <email>scottl@FreeBSD.org</email>">
 
 <!ENTITY a.scrappy "Marc G. Fournier">
 <!ENTITY a.scrappy.email "&a.scrappy; <email>scrappy@FreeBSD.org</email>">
 
 <!ENTITY a.se "Stefan Esser">
 <!ENTITY a.se.email "&a.se; <email>se@FreeBSD.org</email>">
 
 <!ENTITY a.sean "Sean Vickery">
 <!ENTITY a.sean.email "&a.sean; <email>sean@FreeBSD.org</email>">
 
 <!ENTITY a.seanc "Sean Chittenden">
 <!ENTITY a.seanc.email "&a.seanc; <email>seanc@FreeBSD.org</email>">
 
 <!ENTITY a.sef "Sean Eric Fagan">
 <!ENTITY a.sef.email "&a.sef; <email>sef@FreeBSD.org</email>">
 
 <!ENTITY a.sem "Sergey Matveychuk">
 <!ENTITY a.sem.email "&a.sem; <email>sem@FreeBSD.org</email>">
 
 <!ENTITY a.semenu "Semen Ustimenko">
 <!ENTITY a.semenu.email "&a.semenu; <email>semenu@FreeBSD.org</email>">
 
 <!ENTITY a.sephe "Sepherosa Ziehau">
 <!ENTITY a.sephe.email "&a.sephe; <email>sephe@FreeBSD.org</email>">
 
 <!ENTITY a.sepotvin "Stephane E. Potvin">
 <!ENTITY a.sepotvin.email "&a.sepotvin; <email>sepotvin@FreeBSD.org</email>">
 
 <!ENTITY a.sergei "Sergei Kolobov">
 <!ENTITY a.sergei.email "&a.sergei; <email>sergei@FreeBSD.org</email>">
 
 <!ENTITY a.sf "Satsuki FUJISHIMA">
 <!ENTITY a.sf.email "&a.sf; <email>sf@FreeBSD.org</email>">
 
 <!ENTITY a.shafeeq "Shafeeq Sinnamohideen">
 <!ENTITY a.shafeeq.email "&a.shafeeq; <email>shafeeq@FreeBSD.org</email>">
 
 <!ENTITY a.shaun "Shaun Amott">
 <!ENTITY a.shaun.email "&a.shaun; <email>shaun@FreeBSD.org</email>">
 
 <!ENTITY a.sheldonh "Sheldon Hearn">
 <!ENTITY a.sheldonh.email "&a.sheldonh; <email>sheldonh@FreeBSD.org</email>">
 
 <!ENTITY a.shiba "Takeshi Shibagaki">
 <!ENTITY a.shiba.email "&a.shiba; <email>shiba@FreeBSD.org</email>">
 
 <!ENTITY a.shige "Shigeyuki Fukushima">
 <!ENTITY a.shige.email "&a.shige; <email>shige@FreeBSD.org</email>">
 
 <!ENTITY a.shin "Yoshinobu Inoue">
 <!ENTITY a.shin.email "&a.shin; <email>shin@FreeBSD.org</email>">
 
 <!ENTITY a.silby "Mike Silbersack">
 <!ENTITY a.silby.email "&a.silby; <email>silby@FreeBSD.org</email>">
 
 <!ENTITY a.simokawa "Hidetoshi Shimokawa">
 <!ENTITY a.simokawa.email "&a.simokawa; <email>simokawa@FreeBSD.org</email>">
 
 <!ENTITY a.simon "Simon L. B. Nielsen">
 <!ENTITY a.simon.email "&a.simon; <email>simon@FreeBSD.org</email>">
 
 <!ENTITY a.sjg "Simon J. Gerraty">
 <!ENTITY a.sjg.email "&a.sjg; <email>sjg@FreeBSD.org</email>">
 
 <!ENTITY a.skreuzer "Steven Kreuzer">
 <!ENTITY a.skreuzer.email "&a.skreuzer; <email>skreuzer@FreeBSD.org</email>">
 
 <!ENTITY a.skv "Sergey Skvortsov">
 <!ENTITY a.skv.email "&a.skv; <email>skv@FreeBSD.org</email>">
 
 <!ENTITY a.smace "Scott Mace">
 <!ENTITY a.smace.email "&a.smace; <email>smace@FreeBSD.org</email>">
 
+<!ENTITY a.smh "Steven Hartland">
+<!ENTITY a.smh.email "&a.smh; <email>smh@FreeBSD.org</email>">
+
 <!ENTITY a.smkelly "Sean Kelly">
 <!ENTITY a.smkelly.email "&a.smkelly; <email>smkelly@FreeBSD.org</email>">
 
 <!ENTITY a.smpatel "Sujal Patel">
 <!ENTITY a.smpatel.email "&a.smpatel; <email>smpatel@FreeBSD.org</email>">
 
 <!ENTITY a.snb "Nick Barkas">
 <!ENTITY a.snb.email "&a.snb; <email>snb@FreeBSD.org</email>">
 
 <!ENTITY a.sobomax "Maxim Sobolev">
 <!ENTITY a.sobomax.email "&a.sobomax; <email>sobomax@FreeBSD.org</email>">
 
 <!ENTITY a.sos "S&oslash;ren Schmidt">
 <!ENTITY a.sos.email "&a.sos; <email>sos@FreeBSD.org</email>">
 
 <!ENTITY a.sperber "Armin Pirkovitsch">
 <!ENTITY a.sperber.email "&a.sperber; <email>sperber@FreeBSD.org</email>">
 
 <!ENTITY a.sson "Stacey Son">
 <!ENTITY a.sson.email "&a.sson; <email>sson@FreeBSD.org</email>">
 
 <!ENTITY a.ssouhlal "Suleiman Souhlal">
 <!ENTITY a.ssouhlal.email "&a.ssouhlal; <email>ssouhlal@FreeBSD.org</email>">
 
 <!ENTITY a.stanislav "G. Adam Stanislav">
 <!ENTITY a.stanislav.email "&a.stanislav; <email>adam@redprince.net</email>">
 
 <!ENTITY a.stark "Gene Stark">
 <!ENTITY a.stark.email "&a.stark; <email>stark@FreeBSD.org</email>">
 
 <!ENTITY a.stas "Stanislav Sedov">
 <!ENTITY a.stas.email "&a.stas; <email>stas@FreeBSD.org</email>">
 
 <!ENTITY a.stb "Stefan Bethke">
 <!ENTITY a.stb.email "&a.stb; <email>stb@FreeBSD.org</email>">
 
 <!ENTITY a.stefan "Stefan Walter">
 <!ENTITY a.stefan.email "&a.stefan; <email>stefan@FreeBSD.org</email>">
 
 <!ENTITY a.stefanf "Stefan Farfeleder">
 <!ENTITY a.stefanf.email "&a.stefanf; <email>stefanf@FreeBSD.org</email>">
 
 <!ENTITY a.stephane "St&eacute;phane Legrand">
 <!ENTITY a.stephane.email "&a.stephane; <email>stephane@FreeBSD.org</email>">
 
 <!ENTITY a.stephen "Stephen Montgomery-Smith">
 <!ENTITY a.stephen.email "&a.stephen; <email>stephen@FreeBSD.org</email>">
 
 <!ENTITY a.steve "Steve Price">
 <!ENTITY a.steve.email "&a.steve; <email>steve@FreeBSD.org</email>">
 
 <!ENTITY a.syuu "Takuya ASADA">
 <!ENTITY a.syuu.email "&a.syuu; <email>syuu@FreeBSD.org</email>">
 
 <!ENTITY a.sumikawa "Munechika Sumikawa">
 <!ENTITY a.sumikawa.email "&a.sumikawa; <email>sumikawa@FreeBSD.org</email>">
 
 <!ENTITY a.sunpoet "Po-Chuan Hsieh">
 <!ENTITY a.sunpoet.email "&a.sunpoet; <email>sunpoet@FreeBSD.org</email>">
 
 <!ENTITY a.suz "SUZUKI Shinsuke">
 <!ENTITY a.suz.email "&a.suz; <email>suz@FreeBSD.org</email>">
 
 <!ENTITY a.swallace "Steven Wallace">
 <!ENTITY a.swallace.email "&a.swallace; <email>swallace@FreeBSD.org</email>">
 
 <!ENTITY a.swills "Steve Wills">
 <!ENTITY a.swills.email "&a.swills; <email>swills@FreeBSD.org</email>">
 
 <!ENTITY a.sylvio "Sylvio Cesar Teixeira">
 <!ENTITY a.sylvio.email "&a.sylvio; <email>sylvio@FreeBSD.org</email>">
 
 <!ENTITY a.syrinx "Shteryana Shopova">
 <!ENTITY a.syrinx.email "&a.syrinx; <email>syrinx@FreeBSD.org</email>">
 
 <!ENTITY a.tabthorpe "Thomas Abthorpe">
 <!ENTITY a.tabthorpe.email "&a.tabthorpe; <email>tabthorpe@FreeBSD.org</email>">
 
 <!ENTITY a.tackerman "Tony Ackerman">
 <!ENTITY a.tackerman.email "&a.tackerman; <email>tackerman@FreeBSD.org</email>">
 
 <!ENTITY a.takawata "Takanori Watanabe">
 <!ENTITY a.takawata.email "&a.takawata; <email>takawata@FreeBSD.org</email>">
 
 <!ENTITY a.tanimura "Seigo Tanimura">
 <!ENTITY a.tanimura.email "&a.tanimura; <email>tanimura@FreeBSD.org</email>">
 
 <!ENTITY a.taoka "Satoshi Taoka">
 <!ENTITY a.taoka.email "&a.taoka; <email>taoka@FreeBSD.org</email>">
 
 <!ENTITY a.taras "Taras Korenko">
 <!ENTITY a.taras.email "&a.taras; <email>taras@FreeBSD.org</email>">
 
 <!ENTITY a.tdb "Tim Bishop">
 <!ENTITY a.tdb.email "&a.tdb; <email>tdb@FreeBSD.org</email>">
 
 <!ENTITY a.tedm "Ted Mittelstaedt">
 <!ENTITY a.tedm.email "&a.tedm; <email>tedm@FreeBSD.org</email>">
 
 <!ENTITY a.tegge "Tor Egge">
 <!ENTITY a.tegge.email "&a.tegge; <email>tegge@FreeBSD.org</email>">
 
 <!ENTITY a.tg "Thomas Gellekum">
 <!ENTITY a.tg.email "&a.tg; <email>tg@FreeBSD.org</email>">
 
 <!ENTITY a.thepish "Peter Hawkins">
 <!ENTITY a.thepish.email "&a.thepish; <email>thepish@FreeBSD.org</email>">
 
 <!ENTITY a.theraven "David Chisnall">
 <!ENTITY a.theraven.email "&a.theraven; <email>theraven@FreeBSD.org</email>">
 
 <!ENTITY a.thierry "Thierry Thomas">
 <!ENTITY a.thierry.email "&a.thierry; <email>thierry@FreeBSD.org</email>">
 
 <!ENTITY a.thomas "Thomas Quinot">
 <!ENTITY a.thomas.email "&a.thomas; <email>thomas@FreeBSD.org</email>">
 
 <!ENTITY a.thompsa "Andrew Thompson">
 <!ENTITY a.thompsa.email "&a.thompsa; <email>thompsa@FreeBSD.org</email>">
 
 <!ENTITY a.ticso "Bernd Walter">
 <!ENTITY a.ticso.email "&a.ticso; <email>ticso@FreeBSD.org</email>">
 
 <!ENTITY a.tijl "Tijl Coosemans">
 <!ENTITY a.tijl.email "&a.tijl; <email>tijl@FreeBSD.org</email>">
 
 <!ENTITY a.timur "Timur I. Bakeyev">
 <!ENTITY a.timur.email "&a.timur; <email>timur@FreeBSD.org</email>">
 
 <!ENTITY a.tj "Tom Judge">
 <!ENTITY a.tj.email "&a.tj; <email>tj@FreeBSD.org</email>">
 
 <!ENTITY a.tjr "Tim J. Robbins">
 <!ENTITY a.tjr.email "&a.tjr; <email>tjr@FreeBSD.org</email>">
 
 <!ENTITY a.tmclaugh "Tom McLaughlin">
 <!ENTITY a.tmclaugh.email "&a.tmclaugh; <email>tmclaugh@FreeBSD.org</email>">
 
 <!ENTITY a.tmm "Thomas M&ouml;stl">
 <!ENTITY a.tmm.email "&a.tmm; <email>tmm@FreeBSD.org</email>">
+
+<!ENTITY a.tmseck "Thomas-Martin Seck">
+<!ENTITY a.tmseck.email "&a.tmseck; <email>tmseck@FreeBSD.org</email>">
 
 <!ENTITY a.tobez "Anton Berezin">
 <!ENTITY a.tobez.email "&a.tobez; <email>tobez@FreeBSD.org</email>">
 
 <!ENTITY a.tom "Tom Hukins">
 <!ENTITY a.tom.email "&a.tom; <email>tom@FreeBSD.org</email>">
 
 <!ENTITY a.tomsoft "Thomas-Henning von Kamptz">
 <!ENTITY a.tomsoft.email "&a.tomsoft; <email>tomsoft@FreeBSD.org</email>">
 
 <!ENTITY a.torstenb "Torsten Blum">
 <!ENTITY a.torstenb.email "&a.torstenb; <email>torstenb@FreeBSD.org</email>">
 
 <!ENTITY a.toshi "Toshihiko Arai">
 <!ENTITY a.toshi.email "&a.toshi; <email>toshi@FreeBSD.org</email>">
 
 <!ENTITY a.tota "TAKATSU Tomonari">
 <!ENTITY a.tota.email "&a.tota; <email>tota@FreeBSD.org</email>">
 
 <!ENTITY a.trasz "Edward Tomasz Napierala">
 <!ENTITY a.trasz.email "&a.trasz; <email>trasz@FreeBSD.org</email>">
 
 <!ENTITY a.trevor "Trevor Johnson">
 <!ENTITY a.trevor.email "&a.trevor; <email>trevor@FreeBSD.org</email>">
 
 <!ENTITY a.trhodes "Tom Rhodes">
 <!ENTITY a.trhodes.email "&a.trhodes; <email>trhodes@FreeBSD.org</email>">
 
 <!ENTITY a.trociny "Mikolaj Golub">
 <!ENTITY a.trociny.email "&a.trociny; <email>trociny@FreeBSD.org</email>">
 
 <!ENTITY a.truckman "Don &ldquo;Truck&rdquo; Lewis">
 <!ENTITY a.truckman.email "&a.truckman; <email>truckman@FreeBSD.org</email>">
 
 <!ENTITY a.tshiozak "Takuya SHIOZAKI">
 <!ENTITY a.tshiozak.email "&a.tshiozak; <email>tshiozak@FreeBSD.org</email>">
 
 <!ENTITY a.tuexen "Michael Tuexen">
 <!ENTITY a.tuexen.email "&a.tuexen; <email>tuexen@FreeBSD.org</email>">
 
 <!ENTITY a.tweten "Dave Tweten">
 <!ENTITY a.tweten.email "&a.tweten; <email>tweten@FreeBSD.org</email>">
 
 <!ENTITY a.twinterg "Thomas Wintergerst">
 <!ENTITY a.twinterg.email "&a.twinterg; <email>twinterg@FreeBSD.org</email>">
 
 <!ENTITY a.uch "Yasushi UCHIYAMA">
 <!ENTITY a.uch.email "&a.uch; <email>uch@FreeBSD.org</email>">
 
 <!ENTITY a.ue "Udo Erdelhoff">
 <!ENTITY a.ue.email "&a.ue; <email>ue@FreeBSD.org</email>">
 
 <!ENTITY a.ugen "Ugen J.S. Antsilevich">
 <!ENTITY a.ugen.email "&a.ugen; <email>ugen@FreeBSD.org</email>">
 
 <!ENTITY a.uhclem "Frank Durda IV">
 <!ENTITY a.uhclem.email "&a.uhclem; <email>uhclem@FreeBSD.org</email>">
 
 <!ENTITY a.ulf "Ulf Zimmermann">
 <!ENTITY a.ulf.email "&a.ulf; <email>ulf@FreeBSD.org</email>">
 
 <!ENTITY a.ume "Hajimu UMEMOTO">
 <!ENTITY a.ume.email "&a.ume; <email>ume@FreeBSD.org</email>">
 
 <!ENTITY a.unfurl "Bill Swingle">
 <!ENTITY a.unfurl.email "&a.unfurl; <email>unfurl@FreeBSD.org</email>">
 
 <!ENTITY a.ups "Stephan Uphoff">
 <!ENTITY a.ups.email "&a.ups; <email>ups@FreeBSD.org</email>">
 
 <!ENTITY a.uqs "Ulrich Sp&ouml;rlein">
 <!ENTITY a.uqs.email "&a.uqs; <email>uqs@FreeBSD.org</email>">
 
 <!ENTITY a.vanhu "Yvan Vanhullebus">
 <!ENTITY a.vanhu.email "&a.vanhu; <email>vanhu@FreeBSD.org</email>">
 
 <!ENTITY a.vanilla "Vanilla I. Shu">
 <!ENTITY a.vanilla.email "&a.vanilla; <email>vanilla@FreeBSD.org</email>">
 
 <!ENTITY a.vd "Vasil Dimov">
 <!ENTITY a.vd.email "&a.vd; <email>vd@FreeBSD.org</email>">
 
 <!ENTITY a.versus "Konrad Jankowski">
 <!ENTITY a.versus.email "&a.versus; <email>versus@FreeBSD.org</email>">
 
 <!ENTITY a.viny "Vincent Tougait">
 <!ENTITY a.viny.email "&a.viny; <email>viny@FreeBSD.org</email>">
 
 <!ENTITY a.vkashyap "Vinod Kashyap">
 <!ENTITY a.vkashyap.email "&a.vkashyap; <email>vkashyap@FreeBSD.org</email>">
 
 <!ENTITY a.vs "Volker Stolz">
 <!ENTITY a.vs.email "&a.vs; <email>vs@FreeBSD.org</email>">
 
 <!ENTITY a.vsevolod "Vsevolod Stakhov">
 <!ENTITY a.vsevolod.email "&a.vsevolod; <email>vsevolod@FreeBSD.org</email>">
 
 <!ENTITY a.vwe "Volker Werth">
 <!ENTITY a.vwe.email "&a.vwe; <email>vwe@FreeBSD.org</email>">
 
 <!ENTITY a.wblock "Warren Block">
 <!ENTITY a.wblock.email "&a.wblock; <email>wblock@FreeBSD.org</email>">
 
 <!ENTITY a.wen "Wen Heping">
 <!ENTITY a.wen.email "&a.wen; <email>wen@FreeBSD.org</email>">
 
 <!ENTITY a.weongyo "Weongyo Jeong">
 <!ENTITY a.weongyo.email "&a.weongyo; <email>weongyo@FreeBSD.org</email>">
 
 <!ENTITY a.wes "Wes Peters">
 <!ENTITY a.wes.email "&a.wes; <email>wes@FreeBSD.org</email>">
 
 <!ENTITY a.whiteside "Don Whiteside">
 <!ENTITY a.whiteside.email "&a.whiteside; <email>whiteside@acm.org</email>">
 
 <!ENTITY a.wilko "Wilko Bulte">
 <!ENTITY a.wilko.email "&a.wilko; <email>wilko@FreeBSD.org</email>">
 
 <!ENTITY a.will "Will Andrews">
 <!ENTITY a.will.email "&a.will; <email>will@FreeBSD.org</email>">
 
 <!ENTITY a.wjv "Johann Visagie">
 <!ENTITY a.wjv.email "&a.wjv; <email>wjv@FreeBSD.org</email>">
 
 <!ENTITY a.wkoszek "Wojciech A. Koszek">
 <!ENTITY a.wkoszek.email "&a.wkoszek; <email>wkoszek@FreeBSD.org</email>">
 
 <!ENTITY a.wolf "Wolfgang Stanglmeier">
 <!ENTITY a.wolf.email "&a.wolf; <email>wolf@FreeBSD.org</email>">
 
 <!ENTITY a.wollman "Garrett Wollman">
 <!ENTITY a.wollman.email "&a.wollman; <email>wollman@FreeBSD.org</email>">
 
 <!ENTITY a.wosch "Wolfram Schneider">
 <!ENTITY a.wosch.email "&a.wosch; <email>wosch@FreeBSD.org</email>">
 
 <!ENTITY a.wpaul "Bill Paul">
 <!ENTITY a.wpaul.email "&a.wpaul; <email>wpaul@FreeBSD.org</email>">
 
 <!ENTITY a.wsalamon "Wayne Salamon">
 <!ENTITY a.wsalamon.email "&a.wsalamon; <email>wsalamon@FreeBSD.org</email>">
 
 <!ENTITY a.wsanchez "Wilfredo S&aacute;nchez">
 <!ENTITY a.wsanchez.email "&a.wsanchez; <email>wsanchez@FreeBSD.org</email>">
 
 <!ENTITY a.wxs "Wesley Shields">
 <!ENTITY a.wxs.email "&a.wxs; <email>wxs@FreeBSD.org</email>">
 
 <!ENTITY a.wylie "Wylie Stilwell">
 <!ENTITY a.wylie.email "&a.wylie; <email>wylie@magnesium.net</email>">
 
 <!ENTITY a.xride "S&oslash;ren Straarup">
 <!ENTITY a.xride.email "&a.xride; <email>xride@FreeBSD.org</email>">
 
 <!ENTITY a.yar "Yar Tikhiy">
 <!ENTITY a.yar.email "&a.yar; <email>yar@FreeBSD.org</email>">
 
 <!ENTITY a.yoichi "Yoichi NAKAYAMA">
 <!ENTITY a.yoichi.email "&a.yoichi; <email>yoichi@FreeBSD.org</email>">
 
 <!ENTITY a.yokota "Kazutaka YOKOTA">
 <!ENTITY a.yokota.email "&a.yokota; <email>yokota@FreeBSD.org</email>">
 
 <!ENTITY a.yongari "Pyun YongHyeon">
 <!ENTITY a.yongari.email "&a.yongari; <email>yongari@FreeBSD.org</email>">
 
 <!ENTITY a.yzlin "Yi-Jheng Lin">
 <!ENTITY a.yzlin.email "&a.yzlin; <email>yzlin@FreeBSD.org</email>">
 
 <!ENTITY a.zack "Zack Kirsch">
 <!ENTITY a.zack.email "&a.zack; <email>zack@FreeBSD.org</email>">
 
 <!ENTITY a.zarzycki "Dave Zarzycki">
 <!ENTITY a.zarzycki.email "&a.zarzycki; <email>zarzycki@FreeBSD.org</email>">
 
 <!ENTITY a.zec "Marko Zec">
 <!ENTITY a.zec.email "&a.zec; <email>zec@FreeBSD.org</email>">
 
 <!ENTITY a.zeising "Niclas Zeising">
 <!ENTITY a.zeising.email "&a.zeising; <email>zeising@FreeBSD.org</email>">
 
 <!ENTITY a.zi "Ryan Steinmetz">
 <!ENTITY a.zi.email "&a.zi; <email>zi@FreeBSD.org</email>">
 
 <!ENTITY a.zml "Zachary Loafman">
 <!ENTITY a.zml.email "&a.zml; <email>zml@FreeBSD.org</email>">
 
 <!ENTITY a.znerd "Ernst de Haan">
 <!ENTITY a.znerd.email "&a.znerd; <email>znerd@FreeBSD.org</email>">
 
 <!ENTITY a.zont "Andrey Zonov">
 <!ENTITY a.zont.email "&a.zont; <email>zont@FreeBSD.org</email>">
 
 <!-- Additional contributors, no email address -->
 
 <!ENTITY a.mkm "Kyle Martin">
 
 <!ENTITY a.joe.halpin "Joe Halpin">
 
 <!ENTITY a.pavalos "Peter Avalos">
 
 <!ENTITY a.jwojdacki "Justin Wojdacki">
 
 <!-- Below we list the various hats. -->
 
 <!-- FreeBSD Bugmeister -->
 <!ENTITY a.bugmeister '&a.eadler;, &a.gavin;, &a.gonzo;, &a.linimon;'>
 
 <!-- FreeBSD Core Team -->
 <!ENTITY a.core.members '&a.tabthorpe;, &a.gavin;, &a.jhb;, &a.kib;, &a.theraven;, &a.attilio;, &a.hrs;, &a.peter;, &a.miwi;'>
 
 <!-- FreeBSD Doc Engineering Team -->
 <!ENTITY a.doceng.members '&a.gjb;, &a.blackend;, &a.gabor;, &a.hrs;'>
 
 <!-- FreeBSD Donations Liaison -->
 <!ENTITY a.donations.members '&a.tabthorpe;, &a.gjb;, &a.gahr;, &a.pgollucci;, &a.skreuzer;, &a.obrien;, &a.trhodes;, &a.ds;, &a.rwatson;'>
 
 <!-- FreeBSD Ports Manager Team -->
 <!ENTITY a.portmgr.members '&a.tabthorpe;, &a.marcus;, &a.bapt;, &a.decke;, &a.beat;, &a.erwin;, &a.linimon;, &a.itetcu;, &a.miwi;'>
 
 <!-- FreeBSD Release Engineering Teams -->
 <!ENTITY a.re "re@FreeBSD.org">
 <!ENTITY a.re.members '&a.kib;, &a.blackend;, &a.jpaetzel;, &a.hrs;, &a.kensmith;'>
 <!ENTITY a.re.members.email '&a.kib.email;, &a.blackend.email;, &a.jpaetzel.email;, &a.hrs.email;, &a.kensmith.email;'>
 <!ENTITY a.re-builders '&a.marcel;, &a.nyan;, &a.nwhitehorn;'>
 
 <!-- FreeBSD Security Officer -->
 <!ENTITY a.so '&a.simon;'>
 
 <!ENTITY a.so-team '&a.mnag;, &a.remko;, &a.gnn;, &a.simon;, &a.philip;, &a.cperciva;, &a.csjp;, &a.des;, &a.rwatson;, &a.bz;'>
Index: projects/entities/share/xml/commercial.consult.xml
===================================================================
--- projects/entities/share/xml/commercial.consult.xml	(revision 41353)
+++ projects/entities/share/xml/commercial.consult.xml	(revision 41354)
@@ -1,2880 +1,2891 @@
 <?xml version="1.0"?>
 <!DOCTYPE entries PUBLIC "-//FreeBSD//DTD FreeBSD XML Database for Commercial Gallery//EN"
                          "http://www.FreeBSD.org/XML/www/share/xml/gallery.dtd">
 <!-- $FreeBSD$ -->
 
 <entries>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <categories>
     <category id="africa">Africa</category>
     <category id="asia">Asia</category>
     <category id="australia">Australia</category>
     <category id="europe">Europe</category>
     <category id="nzealand">New Zealand</category>
     <category id="namerica">North America</category>
     <category id="samerica">South America</category>
   </categories>
 
   <entry id="Aaronsen" category="namerica">
     <name>Aaronsen Group, Ltd</name>
     <url>http://www.aaronsen.com/freebsd/</url>
     <description>
       Aaronsen Group, Ltd. advises on and implements a wide range of
       internetworking technologies, including remote access, wide area
       networks, international telecommunications, Intranetworking, web
       applications and local area services. Many of our custom web-enabled
       solutions are engineered using FreeBSD, Apache, mod_perl, and
       MySQL/Oracle. Please email us at <a
       href="mailto:info@aaronsen.com">info@aaronsen.com</a>. Our web site
       is at <a href="http://www.aaronsen.com">http://www.aaronsen.com</a>
       and we can be reached via telephone at +1.412.391.6000.
     </description>
   </entry>
 
   <entry id="Adimus" category="europe">
     <name>Adimus GmbH &amp; Co. KG</name>
     <url>http://www.adimus.de/</url>
     <description>
       Adimus GmbH &amp; Co. KG is a company based in Bochum, Germany. As a
       consulting partner we provide services in system administration for
       all flavors of Unix and Microsoft Windows, design and maintenance of
       LANs and WANs, IT security auditing and database management.
       Solutions for intra- and internet servers as well as our firewall
       toolkit are based on FreeBSD and third-party products from Compaq,
       Peacock, Cisco and Ascend. For more information please contact <a
       href="mailto:info@adimus.de">info@adimus.de</a> or visit our <a
       href="http://www.adimus.de/">website</a>.
     </description>
   </entry>
 
   <entry id="Acadix" category="namerica">
     <name>Acadix, LLC</name>
     <url>http://www.acadix.biz</url>
     <description>
       Acadix, LLC offers a full range of services for FreeBSD and other
       platforms, including system integration, file servers, WEB servers,
       and programming/porting.  Acadix provides on-site services to
       businesses, schools, and charitable organizations in the Milwaukee
       metro area.  Programming services are available to all locations in
       the U.S.  For more information, please <a
       href="http://acadix.biz">visit our website</a>.
     </description>
   </entry>
 
   <entry id="Advance" category="namerica">
     <name>Advance Systems Group</name>
     <url>http://www.advansys.net/</url>
     <description>
       Advance Systems Group builds, administrates, and maintains
       Intranet/Internet networks using FreeBSD and other UNIX operating
       systems. ASG also provides a variety of other services including
       domain name hosting, web site construction, and software training.
       For more information, please phone us at +1.317.507.4229, e-mail <a
       href="mailto:sales@advansys.net">sales@advansys.net</a>, or <a
       href="http://www.advansys.net/">visit our web site</a>.
     </description>
   </entry>
 
   <entry id="ateamsystems" category="namerica">
     <name>A-Team Systems</name>
     <url>http://www.ateamsystems.com/</url>
     <description>
       A-Team Systems has over 15 years of experience helping clients
       leverage the power of &os; in combination with other open source
       software such as PHP, MySQL and Apache in a secure, customized
       and cohesive way.  We've been with &os; since version 1.0!  We
       can help you with your existing deployment or future plans:
       From encrypted backups to web and mail servers.  Visit our
       <a href="http://www.ateamsystems.com/">website</a> for more
       information.
     </description>
   </entry>
 
   <entry id="ALE" category="europe">
     <name>ALE Software</name>
     <url>http://linux.wroclaw.pl/</url>
     <description>
       We offer IT consulting, systems integration and corporate information
       systems based on BSD software. For more information, email
       <a href="mailto:admin@linux.wroclaw.pl">admin@linux.wroclaw.pl</a> or
       visit our <a href="http://linux.wroclaw.pl">website</a>.  We operate
       mostly in Eastern Europe (Poland).
     </description>
   </entry>
 
   <entry id="Adminia" category="europe">
     <name>Adminia Sistemas</name>
     <url>http://www.adminia.es/</url>
     <description>
       Adminia offers technological consulting and professional system
       administration services, specializing in free software and virtualized
       high-availability environments.  We have over 15 years experience in
       using and customizing FreeBSD systems in data processing centres,
       small and medium-sized businesses and universities.  We are located in
       Madrid, Spain.  Contact us for reliable and expert partnership via
       <a href="mailto:contacto@adminia.es">email</a> or visit our
       <a href="http://www.adminia.es">website</a>.
     </description>
   </entry>
 
   <entry id="anonbsd" category="samerica">
     <name>AnonBSD Inc.</name>
     <url>https://sites.google.com/site/anonbsd/</url>
     <description>
       We provide IT environment consulting.  Support in FreeBSD, OpenBSD,
       Linux (Debian, RedHat, SUSE, Gentoo, Slackware) and OpenSolaris.  High
       availability, virtualization, monitoring, security, deployment,
       network infrastructure.  We service in S&#227;o Paulo/SP and
       Campinas/SP in Brazil. Contact us via e-mail (<a
       href="mailto:ricardo.ichizo@gmail.com">ricardo.ichizo@gmail.com</a>) or
       by phone at +55 (19) 8202-1567.
     </description>
   </entry>
 
   <entry id="BITNETS" category="namerica">
     <name>BITNETS Inc.</name>
     <url>http://www.bitnets.com</url>
     <description>
       BITNETS Inc. specializes in BIND, Apache, Postfix, Courier-IMAP and
       a variety of server components running on FreeBSD with emphasis on
       security and stability. Services include consulting on server
       evaluation, installation and configuration and FreeBSD-based managed
       secure e-mail hosting. We are located in St. Albert,
       serving the Edmonton area of Alberta, Canada. Call us toll-free in
       North America at 1-877-BITNETS for general enquiries or
       <a href="http://www.bitnets.com/contact">e-mail us</a>.
       Winners of the chamber of commerce InfoTech Award of Distinction.
     </description>
   </entry>
 
   <entry id="blappitconsulting" category="europe">
     <name>Blapp IT Consulting</name>
     <url>http://www.blapp-it-consulting.ch/</url>
     <description>
       Located in Basel/Switzerland, Blapp-IT-Consulting provides
       consulting services related to complex mail routing and gateway
       solutions, SaaS, BSD Hosting, Internet servers and infrastructure,
       programming, FreeBSD and other BSD operating systems, security
       auditing/firewalls, system administration, etc.  For more
       information please visit our <a
       href="http://www.blapp-it-consulting.ch/">website</a>.
     </description>
   </entry>
 
   <entry id="BMK" category="australia">
     <name>B.M.K. Industries</name>
     <url>http://www.bmk.com.au</url>
     <description>
       B.M.K. Industries is located in Melbourne Australia and specializes
       in setting up low cost routers and servers (Web, E-Mail, FTP, DNS and
       Secure Web Servers ) all using FreeBSD. Setting up Permanent Modem &amp;
       ISDN Internet Connections is also a specialty. <a
       href="http://www.bmk.com.au">Please visit our web page.</a>
     </description>
   </entry>
 
   <entry id="bpa" category="europe">
     <name>Black Point Arts Internet Solutions GmbH</name>
     <url>http://www.bpanet.de/</url>
     <description>
       Black Point Arts Internet Solutions GmbH is located in Germany
       (Frankfurt/Main).  We have experiences with FreeBSD, Linux and Windows
       Servers.  Our business activities include hosting/homing, programming
       and webdesign.  We develop solutions for your intra-, extra- and
       internet needs.  For more informations you can visit <a
       href="http://www.bpanet.de/">our website</a> or write an email to
       <a href="mailto:service@bpanet.de">service@bpanet.de</a>.
     </description>
   </entry>
 
   <entry id="BSDConsulting" category="europe">
     <name>BSD Consulting</name>
     <url>http://www.bsdconsulting.no/</url>
     <description>
       BSD Consulting provides consulting services related to Internet
       servers/infrastructure, programming, FreeBSD &amp; BSD operating
       systems, security auditing/firewalls, system administration, etc.
       Based in Oslo, Norway.
     </description>
   </entry>
 
   <entry id="catpipe" category="europe">
     <name>catpipe Systems</name>
     <url>http://www.catpipe.net/</url>
     <description>
       catpipe Systems ApS provide managed services and support contracts
       for FreeBSD implemented on rackmountable servers preloaded with
       FreeBSD.
     </description>
   </entry>
 
   <entry id="ChinaIS" category="asia">
     <name>China Internet Service</name>
     <url>http://www.1260.cn/</url>
     <description>
       China Internet Services <a href="http://www.1260.cn">www.1260.cn</a>
       is a China Internet Email and Webhosting provider offering UNIX
       shell accounts, web hosting, mailman and ezmlm, pop3, imap, webmail
       (squirrelmail), mysql, php, fastcgi and mod_perl hosting on FreeBSD
       servers in Nanjing. Phone: 0086-25-84527765.
     </description>
   </entry>
 
+  <entry id="CloneConsulting" category="nzealand">
+    <name>Clone Consulting</name>
+    <url>http://www.clone.co.nz/</url>
+    <description>
+      Clone provides consultancy services for software development, system
+      architecture and FreeBSD infrastructure support. For additional
+      information please visit the <a
+      href="http://www.clone.co.nz">Clone website</a>.
+    </description>
+  </entry>
+
   <entry id="CloudBT" category="australia">
     <name>Cloud BT IT Support</name>
     <url>http://www.it-support.com.au/</url>
     <description>
       Cloud BT provides IT support and other IT services to businesses in
       Australia, including system maintenance, <a
       href="http://www.it-support.com.au/data-recovery/">data
       recovery</a>, and ongoing IT consulting.  We also provide a range of
       scalable cloud solutions to our business clients.  In our day-to-day
       operation we support numerous platforms including FreeBSD, Linux and
       other Unix-based environments.  Call us on 1300 737 205 or visit our
       <a href="http://www.it-support.com.au/">website</a> for more
       information.
     </description>
   </entry>
   
   <entry id="Clue" category="namerica">
     <name>Clue Computing, Inc.</name>
     <url>http://www.clue.com/</url>
     <description>
       Clue Computing, Inc. has over 10 years of UNIX experience,
       specializing in system administration, networking, and security.
       Custom application development and testing available, including
       device drivers, kernel work, etc. We offer sales, assembly, and
       installation of FreeBSD systems for any application. For more
       information, email <a href="mailto:info@clue.com">info@clue.com</a>.
     </description>
   </entry>
 
   <entry id="Codeangels" category="europe">
     <name>Codeangels Solutions</name>
     <url>http://www.codeangels.com</url>
     <description>
       Codeangels Solutions GmbH based in Switzerland, region Zuerich.
       Offers its customers a range of IT Security, Network and UNIX
       Services. We utilize and support FreeBSD in our services and
       solutions.
     </description>
   </entry>
 
   <entry id="CodeGen" category="namerica">
     <name>CodeGen Inc.</name>
     <url>http://www.codegen.com/</url>
     <description>
       CodeGen, Inc. provide consulting and programming services,
       specializing in embedded systems. For more information, email <a
       href="mailto:info@codegen.com">info@codegen.com</a>.
     </description>
   </entry>
 
   <entry id="ColoAdvisor" category="namerica">
     <name>ColoAdvisor</name>
     <url>http://www.coloadvisor.com/</url>
     <description>
       Located in New Jersey, ColoAdvisor finds the best fit hosting,
       colocation and cloud computing services based on technical,
       geographical and financial needs.  Contact us for an immediate
       site assessment and to begin the process.  Either via <a
       href="mailto:info@coloadvisor.com">email</a> or via phone
       (+1-877-732-4003, press 1 to speak to an advisor for a free
       consultation).
     </description>
   </entry>
 
   <entry id="Collective" category="namerica">
     <name>Collective Technologies</name>
     <url>http://www.colltech.com</url>
     <description>
       Collective Technologies is the recognized leader in systems
       management services for distributed enterprise computing
       environments. Collective Technologies highly skilled consultants
       combine technical expertise with solid business sense to develop
       world-class IT solutions. Collective Technologies specializes in
       keeping complex computer systems running reliably offering a full
       range of support services including UNIX, NT, Linux, FreeBSD, OpenBSD
       and NetBSD to address the needs of a client's systems management
       lifecycle. The company is headquartered in Austin, Texas, with 19
       offices nationwide. For more information, visit <a
       href="http://www.colltech.com">our website</a> or e-mail us at <a
       href="mailto:contact@colltech.com">contact@colltech.com</a>.
     </description>
   </entry>
 
   <entry id="CoreSoftware" category="australia">
     <name>Core Software</name>
     <url>http://www.coresoftware.net.au</url>
     <description>
       Core Software is based in Perth, Western Australia. We are a
       consulting company specializing in OpenBSD, FreeBSD, Linux and
       Windows. We work with firewalls, Virtual Private Networks, Database
       Servers, Email and Web Servers, Security, WAN/LAN implementations,
       Multi OS networks. You can contact us <a
       href="http://www.coresoftware.net.au/contact.html">here</a> or visit
       our <a href="http://www.coresoftware.net.au">website</a>.
     </description>
   </entry>
 
   <entry id="DataPipe" category="namerica">
     <name>DataPipe</name>
     <url>http://www.datapipe.com/</url>
     <description>
       Built on a rock-solid network and immediate live customer support,
       DataPipe is a trusted hosting company providing secure managed
       solutions.  Our specialized teams of passionate professionals take
       a personal interest in each client's unique needs, enabling
       businesses to outsource with confidence.  With world-class
       facilities strategically located in the New York Metropolitan
       &amp; Silicon Valley areas, Hong Kong and London, UK, DataPipe
       offers custom FreeBSD solutions and expert FreeBSD support 24
       hours a day, 365 days a year.
     </description>
   </entry>
 
   <entry id="DeLorentz" category="europe">
     <name>DeLorentz &amp; Partners</name>
     <url>http://www.delorentz.nl/</url>
     <description>
       DeLorentz &amp; Partners is a consulting firm based in Hilversum
       in the Netherlands. We offer various types of consulting and
       support on FreeBSD. Info at <a href="mailto:info@delorentz.nl">
       info@delorentz.nl</a> or phone us at Tel: +31 (0)35 - 624 44 66.
     </description>
   </entry>
 
   <entry id="Dextra" category="samerica">
     <name>Dextra Solu&#231;&#245;es em Inform&#225;tica</name>
     <url>http://www.dextra.com.br/</url>
     <description>
       Dextra Solu&#231;&#245;es em Inform&#225;tica. Specialized
       consulting in TCP/IP networks, capacity and contingency planning,
       UNIX systems and network administration, system security and
       firewalls, VPNs implementation, Internet/Intranets projects. For more
       information, please phone us at +55.19.251.3644 (Brazil), e-mail <a
       href="mailto:staff@dextra.com.br">staff@dextra.com.br</a>, or <a
       href="http://www.dextra.com.br/">visit our web site</a> (in
       Portuguese).
     </description>
   </entry>
 
   <entry id="DieWebmaster" category="europe">
     <name>Die Webmaster Gmbh</name>
     <url>http://www.diewebmaster.at</url>
     <description>
       Die Webmaster Gmbh - We are a consulting company from Linz, Austria
       and offer a wide range of FreeBSD based services: FreeBSD
       installation, integration, troubleshooting, maintenance, FreeBSD
       based hosting (for example jail servers), serverhousing, hardware
       selection, configuration and support. e-mail: <a
       href="mailto:info@diewebmaster.at">info@diewebmaster.at</a>
     </description>
   </entry>
 
   <entry id="EscapeBox" category="europe">
     <name>EscapeBox</name>
     <url>http://www.escapebox.net/en/</url>
     <description>
       More than 20 years of IT experience on demand!  The EscapeBox
       Germany GmbH, founded in 2002, is a small but agile company that
       offers IT consulting services.  We can support our clients both
       from remote and on location, as desired.  So, if you are looking
       for capable freelancers for your projects, please do not hesitate
       to <a href="http://www.escapebox.net/en/contact.html">contact</a>
       us today!
     </description>
   </entry>
 
   <entry id="EssenzConsulting" category="namerica">
     <name>Essenz Consulting</name>
     <url>http://www.essenz.com</url>
     <description>
       Essenz Consulting is a web services and products provider. We offer
       custom built High-Performance Intel based <a
       href="http://www.essenz.com/open.html">Workstations</a> and <a
       href="http://www.essenz.com/server.html">Servers</a>. These systems
       are 100% FreeBSD compatible. Our systems feature Ultra2-LVD SCSI,
       high speed networking, Dual Pentium III and Dual Pentium III XEON
       processors, and many other fault tolerant and backup features. For
       more information contact <a
       href="mailto:sales@essenz.com">sales@essenz.com</a> or visit us at <a
       href="http://www.essenz.com">http://www.essenz.com</a>.
     </description>
   </entry>
 
   <entry id="TheFreeBSDMall" category="namerica">
     <name>The FreeBSD Mall</name>
     <url>http://www.freebsdmall.com/</url>
     <description>
       The FreeBSD Mall offers several different levels of support contracts
       for FreeBSD. Support is available on a per-incident basis, or as a
       convenient, extensible annual contract. Our highly trained technical
       support staff will handle your requests in a professional and
       efficient manner and will provide detailed responses to your needs by
       phone, fax, or email. The FreeBSD Mall staff has over 8 years of
       experience supporting FreeBSD.
   For more information, please see <a
       href="http://www.freebsdmall.com/support/">our support page</a>.
     </description>
   </entry>
 
   <entry id="FarNorthNetworks" category="australia">
     <name>Far North Networks</name>
     <url>http://www.networks.nq.nu/</url>
     <description>
       Far North Networks, Based in Innisfail, North Queensland (About 100Km
       South of Cairns). Focus is on business network support providing low
       cost file/print servers based on FreeBSD. We also specialize in
       setting up internet gateways/firewalls. For more information send us
       an email to <a
       href="mailto:info@networks.nq.nu">info@networks.nq.nu</a>.
     </description>
   </entry>
 
   <entry id="FrigateNetworks" category="namerica">
     <name>Frigate Networks</name>
     <url>http://www.frigate.com/</url>
     <description>
       frigate networks provides network troubleshooting, system
       administration, kernel development and ports of BSD software to
       commercial products such as routers and firewalls. Our Email, DNS,
       and WWW servers run FreeBSD. We also provide network management
       solutions based on HTTP and tcl. For more information please <a
       href="http://www.frigate.com/">visit our web site</a>, call us at
       +1.650.903.2266, or send email to <a
       href="mailto:info@frigate.com">info@frigate.com></a>.
     </description>
   </entry>
 
   <entry id="FSCInternet" category="namerica">
     <name>FSC Internet</name>
     <url>http://www.fscinternet.com/</url>
     <description>
       FSC Internet is Canada's largest FreeBSD consulting firm. FSC's
       clients include numerous top-tier corporations (e.g. Mazda, Heinz),
       as well as mid-sized companies (e.g. the Vermont Telephone Company)
       and the public sector. FSC provides full consulting, implementation,
       support, and training services for all FreeBSD applications,
       including a special focus on security, high-performance Web
       applications, and Intranets. Please email us at <a
       href="mailto:info@fscinternet.com">info@fscinternet.com</a> or call
       us at +1.416.921.4280 for further information.
     </description>
   </entry>
 
   <entry id="GNUnetworks" category="europe">
     <name>GNUnetworks</name>
     <url>http://www.gnun.net/</url>
     <description>
       GNUnetworks is a System's consultancy group focused on free
       software.  We provide FreeBSD and Linux servers for Internet /
       Intranet as well as embedded systems for firewalling and data
       processing.<br /><br />Phone: +34-937340794<br />web:
       <a href="http://www.gnun.net">http://www.gnun.net</a><br />
       mail: <a href="mailto:info@gnun.net">info@gnun.net</a>
     </description>
   </entry>
 
   <entry id="GurixWebProfessionals" category="namerica">
     <name>Gurix Web Professionals</name>
     <url>http://www.gurix.com</url>
     <description>
       Gurix Web Professionals Web Development, design, and custom
       application programming using both open source and proprietary
       environments. Services also include private consulting, emergency
       response coordination and various IT solutions to maximize the
       effectiveness of your business.
     </description>
   </entry>
 
   <entry id="HerrinSoftware" category="namerica">
     <name>Herrin Software Development</name>
     <url>http://www.hsdi.com/</url>
     <description>
       Herrin Software Development, Inc., creator of <em>Qddb</em>, provides
       custom software development, internet consulting, general computer
       consulting, and training services. For more information email us at
       <a href="mailto:info@hsdi.com">info@hsdi.com</a> or <a
       href="http://www.hsdi.com/">visit our web site</a>.
     </description>
   </entry>
 
   <entry id="hntsolutions" category="namerica">
     <name>HNT Solutions</name>
     <url>http://www.hntsolutions.com</url>
     <description>
       HNT Solutions provides complete &os; support services and
       consulting.  Please contact us at <a
       href="mailto:unix@hntsolutions.com">unix@hntsolutions.com</a> or
       visit our <a
       href="http://www.hntsolutions.com/unixpractice">website</a>
       for more information.
     </description>
   </entry>
 
   <entry id="GregLehey" category="australia">
     <name>Greg Lehey</name>
     <url>http://www.lemis.com/~grog/</url>
     <description>
       Greg Lehey has over 20 years industry experience in all system
       programming and systems administration disciplines, including device
       drivers, kernel debugging, compilers, libraries, performance
       analysis, and site planning. He is the author of <a
       href="http://www.lemis.com/vinum.html">
 	The Vinum Volume Manager</a>, a virtual disk driver which includes
       software RAID, and also the books
       <a href="http://www.oreilly.com/catalog/port/">
 	Porting UNIX Software</a> and <a
       href="http://www.oreilly.com/catalog/cfreebsd/">
 	The Complete FreeBSD</a>. Contact him <a
       href="mailto:grog@FreeBSD.org">
 	via Email</a>,
       or visit his <a href= "http://www.lemis.com/~grog">web site</a>.
     </description>
   </entry>
 
   <entry id="IKTech" category="europe">
     <name>IKTech</name>
     <url>http://www.iktech.net</url>
     <description>
       IKTech Dipl.-Ing. Gernot Schmied is a high-end systems integrator and
       UNIX competence center located in Vienna, Austria. We especially
       focus on telecommunications, networking and security aspects for NPO,
       corporate and Service Provider/Carrier customers. We use selected
       commercial products as well as FreeBSD, OpenBSD, NetBSD, Linux and
       Solaris and are the premier competence center with regards to
       advanced routing gateways. For inquiries please contact <a
       href="mailto:office@iktech.net?subject=IKTech%20inquiry%20with%20rega
       rds%20to%20www.freebsd.org%20listing">office@iktech.net</a>.
     </description>
   </entry>
 
   <entry id="Ipsure" category="europe">
     <name>Ipsure ICT Consultancy Services</name>
     <url>http://www.ipsure.com/</url>
     <description>
       Ipsure offers IT strategic planning, system integration, maintenance,
       administration and counsultancy services to SMEs and large
       enterprises.  The scope of our services range from initial setup of
       the physical layer components through the application level tuning
       and auditing stages.  Although we provide various solutions over any
       other *NIX systems, we have a seasoned experience in building and
       managing clustered server environments which are particularly based
       on FreeBSD for delivering secure and stabile applications under
       ultra high workloads.  Our company is located in Istanbul, Turkey.
     </description>
   </entry>
 
   <entry id="GlobalTechnopolis" category="asia">
     <name>Global Technopolis Corporation</name>
     <url>http://globaltechnopolis.com/</url>
     <description>
       Located in Tokyo, Japan, The Global Technopolis Corporation provides
       computing technology consulting services including strategy and
       implementation proposals, administration, maintenance, hosting,
       support, and training for <a
       href="http://globaltechnopolis.com/services/consulting/operating-systems-and-platforms/bsd/freebsd/index.html">FreeBSD</a>.
       Our engineers can assist your business to set up routers/gateways,
       web servers, applications servers, database servers, backup
       servers and so forth.  Professional project management and on-time
       delivery within budget is always our commitment to our clients.
       For further details, please visit our <a
       href="http://globaltechnopolis.com/">web site</a>.
     </description>
   </entry>
 
   <entry id="Hypermetrica" category="europe">
     <name>Hypermetrica</name>
     <url>http://www.esliadmina.net</url>
     <description>
       IT-consulting company Hypermetrica provides IT consulting and
       professional system administration services.   We develop
       high-available environments, web and network services for small
       and medium-sized businesses based on FreeBSD and other UNIX
       operating systems.   Our office is located in Moscow, Russia.
       Contact us for consulting via <a
       href="mailto:info@hypermetrica.ru">email</a> or visit our <a
       href="http://www.esliadmina.net">website</a>.
     </description>
   </entry>
 
   <entry id="Imtelkom" category="asia">
     <name>Institut Manajemen Telkom</name>
     <url>http://www.imtelkom.ac.id/</url>
     <description>
       Institut Manajemen Telkom is an educational institution, working
       thoroughly to create a free Academic Suite system standing firmly
       on top of FOSS (FreeBSD, Apache, MySQL, PHP).  We just want to
       promote and encourage people (especially academician) to use FreeBSD
       for their platform, thus we are happily helping others by providing
       consultant service to train them using FreeBSD.  We provide
       discussion and consultant service mainly in Indonesian language.
     </description>
   </entry>
 
   <entry id="InformSystem" category="asia">
     <name>Inform System Inc.</name>
     <url>http://www.inform.co.jp/</url>
     <description>
       Inform System Inc. is a FreeBSD/Internet/DataBase consulting company.
       Located in Osaka Japan, we offer a wide range of services to school
       and small businesses. For further details, please <a
       href="http://www.inform.co.jp/">visit our web site</a>, or send email
       to <a href="mailto:info@inform.co.jp">info@inform.co.jp</a>
     </description>
   </entry>
 
   <entry id="innominate" category="europe">
     <name>innominate AG</name>
     <url>http://innominate.de/</url>
     <description>
       innominate AGis a Linux, *BSD and Open Source service provider based
       in Berlin, Germany. Not only as consulting partner but also as system
       administrator, programmer, supporter and trainer we offer the full
       range of services with a heavy focus on Open Source products. Many of
       our tailor-made products are engineered using apache, Perl, Zope,
       MySQL and Oracle running on Linux and *BSD. For further information
       please contact <a
       href="mailto:info@innominate.de">info@innominate.de</a> or visit our
       <a href="http://innominate.de/">website</a>.
     </description>
   </entry>
 
   <entry id="InterACT" category="europe">
     <name>InterACT</name>
     <url>http://www.interact.se</url>
     <description>
       InterACT is a Sweden based provider of Consultancy and Custom
       Development Services. Principal consultant <a
       href="mailto:cl@interact.se">Chris Lindbergh</a> has over 10 years
       system software development experience on BSD based platforms. Areas
       of expertise include Firewall and Networking System setup, custom
       development in C and C++, and supply of turnkey solutions. For
       further information, contact us by email at: <a
       href="mailto:info@interact.se">info@interact.se</a>, or phone Sweden
       on +46 (0)920-888 03
     </description>
   </entry>
 
   <entry id="ITSchulungen" category="europe">
     <name>IT-schulungen.com</name>
     <url>http://www.it-schulungen.com</url>
     <description>
       Located in Germany, IT-Schulungen.com is a portal for IT-Trainings
       (both individual workshops and public seminars) and offers
       training and consulting for different Open Source systems including <a
       href="http://www.it-schulungen.com/seminare/serversysteme/freebsd/index.html">FreeBSD</a>.
       For further information please call 01805 120 222 (from within
       Germany) or visit our <a
       href="http://www.it-schulungen.com">website</a>.
     </description>
   </entry>
 
   <entry id="ITSecurity" category="namerica">
     <name>It Security Services</name>
     <url>http://www.itsecuritymn.com</url>
     <description>
       IT Security Services is based in Minneapolis, Minnesota and serves
       the Twin Cities. We provide a complete line of security services,
       such as audits, secure servers, and new network installations with
       emphasis on security. We are highly skilled with FreeBSD, and can
       use it to run extremely fast and reliable servers using all popular
       services. You can reach us at <a href="mailto:
       info@itsecuritymn.com">info@itsecuritymn.com</a>, or our web site at
       <a href="http://www.itsecuritymn.com">http://www.itsecuritymn.com</a>.
     </description>
   </entry>
 
   <entry id="iXsystems" category="namerica">
     <name>iXsystems, Inc.</name>
     <url>http://www.ixsystems.com</url>
     <description>
       Based in the heart of Silicon Valley in San Jose, California, iXsystems
       offers FreeBSD technical support and custom development with a devoted
       Professional Services and Call Center based in the US to assist with issues.
       Getting FreeBSD up and running is fast and easy, but having expert help
       on-hand to solve your problems can take your solution to new heights. From
       optimizing your small office set-up to guidance on very large deployments,
       our team can ensure you get the most from FreeBSD.
     </description>
   </entry>
 
   <entry id="OKTS" category="namerica">
     <name>Okanagan Technology Solutions</name>
     <url>http://www.okts.ca/</url>
     <description>
       Okanagan Technology Solutions specializes in open source
       technologies, in particular FreeBSD, Perl, Apache, and MySQL for
       clients in the beautiful Okanagan region of British Columbia.
       For more information, please visit our <a
       href="http://www.okts.ca">web site</a>.
     </description>
   </entry>
 
   <entry id="LNC" category="namerica">
     <name>Linux Network Care</name>
     <url>http://www.linuxnetworkcare.com/</url>
     <description>
       Linux Network Care is based in Toronto, Ontario.  Our company is
       specialized in providing Linux and FreeBSD based solutions for
       small, medium and corporate sized businesses.  We provide
       ourselves on our delivery of dependable network solutions, world
       class server administration, tight server security and easy to
       understand Linux training.  We also provide desktop integration
       with Ubuntu Linux.
     </description>
   </entry>
 
   <entry id="Lionra" category="europe">
     <name>Lionra Support Services Ltd.</name>
     <url>http://www.lionra.com/</url>
     <description>
       Lionra Support Services Ltd. provides IT solutions including
       tailored network infrastructure, custom-designed servers, remote
       administration and security audits.  We have over 10 years
       experience in the IT sector, specializing in *BSD, GNU/Linux
       &amp; Open Source software.  Further information about Lionra
       Support Services Ltd. and the services we offer can be found at
       <a href="http://www.lionra.com/">http://www.lionra.com/</a>.
     </description>
   </entry>
 
   <entry id="Schweikhardt" category="europe">
     <name>Jens Schweikhardt</name>
     <url>http://www.schweikhardt.net/</url>
     <description>
       Jens Schweikhardt, located near <b>Stuttgart/Germany</b>, is a
       FreeBSD committer with 20 years of Unix experience who won several
       national and international programming contests. If you have a
       problem that can be solved using the Unix toolbox (preferably C,
       perl, shell) he is the one to make it happen. With his background in
       Unix Standardization he will make sure your investment runs portably
       and efficiently on all the Unices you care for. Contact him via <a
       href="mailto:schweikh@FreeBSD.org">schweikh@FreeBSD.org</a>.
     </description>
   </entry>
 
   <entry id="Stacey" category="europe">
     <name>Julian Stacey</name>
     <url>http://www.berklix.com/~jhs/cv/</url>
     <description>
       <a href="http://berklix.com/">Net services &amp; systems
 	engineering</a>, UNIX since 1978, Maintains a <a
 	href="http://berklix.com/~jhs/consultants/">FreeBSD Commercial
 	Consultants Index</a> (<b>sorted geographically &amp; by full
       &amp; part timers)</b>.  Be sure to visit his page!
     </description>
   </entry>
 
   <entry id="Supportodua" category="europe">
     <name>Support.od.ua</name>
     <url>http://support.od.ua/</url>
     <description>
       Support.od.ua is located in Odessa, Ukraine.  We offer professional
       FreeBSD and Linux installation, consulting and server solutions for
       customers in Ukraine, Russian Federation and Kazakhstan.  For more
       information and contact details please visit our <a
       href="http://support.od.ua">website</a>.
     </description>
   </entry>
 
   <entry id="MediaCenter" category="europe">
     <name>MediaCenter</name>
     <url>http://www.umc.se/</url>
     <description>
       MediaCenter, Ume&#230;, Sweden. Located in northern Sweden we offer
       professional consulting and programming for secure inter/intranet
       solutions using FreeBSD and UNIX(-like) operating systems. We also
       work high performance database programming, primarily using
       PostgreSQL. For more information, please send email to <a
       href="mailto:info@umc.se">info@umc.se</a>, or visit our website (<a
       href="http://www.umc.se/">http://www.umc.se/</a>)
     </description>
   </entry>
 
   <entry id="mediaup" category="europe">
     <name>MediaUp Webdesign</name>
     <url>http://www.mediaup.de</url>
     <description>
       MediaUp Webdesign is located in Duesseldorf, Germany.  We offer
       professional FreeBSD installation, consulting and server solutions
       for business customers in Germany, Austria and Switzerland.  For
       more information and contact details please visit our <a
       href="http://www.mediaup.de">website</a>.
     </description>
   </entry>
 
   <entry id="MindStep" category="namerica">
     <name>MindStep Corp.</name>
     <url>http://www.mindstep.com/</url>
     <description>
       MindStep Corp. configure and maintain Intranet/Internet networks
       using FreeBSD and other Unix operating systems. MindStep also offers
       products and provides software development services customized to fit
       the needs of corporations of any size.
     </description>
   </entry>
 
   <entry id="MidwestSystems" category="namerica">
     <name>Midwest Systems Solutions, Inc.</name>
     <url>http://www.midwestsystems.com/</url>
     <description>
       Midwest Systems Solutions Inc. , based in Winnipeg Canada, provides
       hardware, software and consulting services including LAN, WAN, remote
       access, file and printer servers, Internet solutions and support and
       administration of FreeBSD and Linux systems. Midwest Systems
       specializes in Web, FTP, Internet Gateways, firewall solutions based
       on FreeBSD and Linux. Midwest Systems Solutions also offers both
       virtual and dedicated webhosting solutions. For more information,
       please contact <a
       href="mailto:info@midwestsystems.com">mailto:info@midwestsystems.com</a>
 	or visit our website at <a
       href="http://www.midwestsystems.com/">www.midwestsystems.com</a>.
     </description>
   </entry>
 
   <entry id="Nesbitt" category="namerica">
     <name>Nesbitt &amp; Associates</name>
     <url>http://www.nesbitt.ca/</url>
     <description>
       Nesbitt &amp; Associates is based in Vancouver, Canada, but
       have worked with clients all over the world.  We specialize
       in open source technologies, in particular, FreeBSD, Perl,
       Apache, mod_perl and MySQL. For more information, please visit
       <a href="http://www.nesbitt.ca/">our web site</a>.
     </description>
   </entry>
 
   <entry id="Netgraft" category="namerica">
     <name>Netgraft Corp.</name>
     <url>http://netgraft.com/</url>
     <description>
       Netgraft Corp. is a technology consulting firm that specializes in
       open source technologies like Linux, FreeBSD, MySQL, Apache,
       Sendmail, BIND, etc. We're New York City based and can provide
       on-site support and customized business solutions based on these
       technologies.
     </description>
   </entry>
 
   <entry id="Netizen" category="australia">
     <name>Netizen</name>
     <url>http://netizen.com.au/</url>
     <description>
       Netizen, based in Melbourne, Australia, provide Internet and Open
       Source consultancy services, including FreeBSD installation,
       configuration, support contracts, applications development,
       E-Commerce solutions, etc. See <a
       href="http://netizen.com.au/">http://netizen.com.au/</a> or email <a
       href="mailto:info@netizen.com.au">info@netizen.com.au</a> for more
       information.</description>
   </entry>
 
   <entry id="NixSys" category="europe">
     <name>NixSys BVBA</name>
     <url>http://www.nixsys.be/</url>
     <description>
       NixSys specializes in the development, maintenance and deployment
       of Free and Open Source Software on any scale.  Remote and on-site
       systems administration, particularly in the areas of mail and dns,
       are also available.  <a href="mailto:philip@nixsys.be">Contact us</a>
       for more information and rates.
     </description>
   </entry>
 
   <entry id="OmarSiddique" category="namerica">
     <name>Omar Siddique</name>
     <url>http://www.heedme.com/resume</url>
     <description>
       <a href="http://www.heedme.com">Omar Siddique</a> is a Washington,
       D.C.  based consultant with broad experience in FreeBSD, Linux,
       Solaris.  His specialties include internet services, systems
       integration, system administration, and networking.  Contact him
       via <a href="mailto:omar@heedme.com">omar@heedme.com</a>.
     </description>
   </entry>
 
   <entry id="Omniscient" category="namerica">
     <name>Omniscient Technologies</name>
     <url>http://www.omniscient.com/</url>
     <description>
       Omniscient Technologies is a Washington D.C. based consulting group
       with a broad array of experience in *BSD, Solaris, Linux and many
       other varieties of UNIX specializing in highly scalable systems,
       systems integration and network security. Custom application design
       also available. Contact via <a
       href="mailto:info@omniscient.com">info@omniscient.com</a>.
     </description>
   </entry>
 
   <entry id="OpenAssociates" category="namerica">
     <name>Open Source Associates, LLC</name>
     <url>http://www.OpenSourceAssociates.com/</url>
     <description>
       Open Source Associates LLC is a St. Louis, Missouri based consulting
       firm specializing in the support of all things Open Source related
       with strong emphasis on FreeBSD, MySQL, Sendmail, BIND, and Apache.
       Open Source's highly skilled consultants are available for telephone
       support as well as support contracts and onsite consulting
       engagements anywhere in the United States. We have particular
       expertise in the design, implementation, and support of highly
       available clustered websites. We specialize in remote administration
       and management to keep complex systems running reliably. For more
       information email us at <a href="mailto:info@opensourceassociates.com"
       >info@opensourceassociates.com</a> or call toll-free 866-343-2589.
     </description>
   </entry>
 
   <entry id="OpenSOS" category="asia">
     <name>OpenSOS SB</name>
     <url>http://www.opensos.net/</url>
     <description>
       OpenSOS SB is a company which provides consulting and professional
       services for FreeBSD based solutions based in Kuala Lumpur,
       Malaysia.  We also provide maintenance and support services
       in Malaysia.  We can operate at short notice in any region in
       Asia for a truly professional quick-to-service operational
       capability.  However we are willing to consider projects outside
       Malaysia.  We are specialized in FreeBSD, MacOSX and basically
       in all kinds of UNIX systems.
     </description>
   </entry>
 
   <entry id="OpenWorld" category="namerica">
     <name>OpenWorld</name>
     <url>http://www.stdio.com/</url>
     <description>
       OpenWorld has been providing computer, network, and security
       consulting since 1994. Our clients? range from Fortune 500 companies
       to regional small businesses. Our engineers each have at least 10
       years of experience in Unix systems and networks. We provide full
       service consulting, implementation, installation, security, and
       support for FreeBSD, SUN Solaris, SCO Unixware, SCO OpenServer, SGI
       Irix, IBM AIX, Compaq Digital Unix, and Cisco IOS. Please email us at
       <a href="mailto:info@stdio.com">info@stdio.com</a> or call us at
       606-514-1800 for further information.
     </description>
   </entry>
 
   <entry id="Puryear" category="namerica">
     <name>Puryear Information Technology, LLC</name>
     <url>http://www.puryear-it.com</url>
     <description>
       Puryear Information Technology, LLC provides open source application
       support, integration services, and technology management expertise to
       the Southeastern United States. Our company plays a pivotal role in
       the design and deployment of open source solutions--we have worked
       with companies to design and manage FreeBSD and Linux web farms;
       deployed open source-based clustering software to ensure high
       availability of critical network services; performed critical
       performance tuning and software integration for a popular spam filter
       appliance; and integrated Samba into Internet-accessible, VPN-based
       file services. Phone: +1-225-343-3056.
     </description>
   </entry>
 
   <entry id="Pendulosoftware" category="samerica">
     <name>Pendulo Software</name>
     <url>http://www.pendulosoftware.com</url>
     <description>
       Based in Caracas, Venezuela, Pendulo Software provides and
       specializes in support and consulting for FreeBSD and Linux
       solutions.  We offer onsite as well as offsite support, web
       development, design (2D and 3D), Multimedia, VPNs implementation,
       Virtualization, VoIP, high performance servers, Firewalls, custom
       application programming and many others services.  Our experience
       covers the most important branches of current IT industry, from
       routine of server management, security audits and updates, to high
       performance computing and mitigating attacks.  For more information
       about our services, please visit our multilanguage <a
       href="http://www.pendulosoftware.com">website</a>, send an
       email to <a
       href="mailto:atencioncliente@pendulosoftware.com">atencioncliente@pendulosoftware.com</a>
       or <a
       href="mailto:infocorp@pendulosoftware.com">infocorp@pendulosoftware.com</a>
       or call us under +58 (212) 625-0708, +1 (407) 536-9895 or
       +1 (253) 642-6484.
     </description>
   </entry>
 
   <entry id="PeterDufault" category="namerica">
     <name>Peter Dufault</name>
     <url>mailto:dufault@hda.com</url>
     <description>
       Peter Dufault, of HD Associates. Peter has over 15 years experience
       in medical device control, high performance simulation systems,
       digital closed-loop feedback systems, realtime UNIX-like systems, and
       UNIX device drivers. For more information, please send email to <a
       href= "mailto:dufault@hda.com">dufault@hda.com</a>
     </description>
   </entry>
 
   <entry id="PHBSolutions" category="europe">
     <name>PHB Solutions</name>
     <url>http://www.phbsolutions.com</url>
     <description>
       PHB Solutions, based in Belgium, provides *BSD installation,
       maintenance, support and consulting services (file servers, web
       servers, mail servers, database servers, routers). For more
       information, please contact <a
       href="mailto:philippe.bresoux@phbsolutions.com">philippe.bresoux@phbs
       olutions.com</a>.
     </description>
   </entry>
 
   <entry id="PhilBudne" category="namerica">
     <name>Phil Budne</name>
     <url>http://www.ultimate.com/phil/resume.html</url>
     <description>
       Phil Budne is a Boston area consultant who has worked professionally
       with BSD and other Unix systems since 1985. Services include
       development and porting of kernel extensions, device drivers, network
       protocol implementation, and applications, as well as network and
       system administration. For more information contact <a href=
       "mailto:phil+fbsd@ultimate.com">phil+fbsd@ultimate.com</a>.
     </description>
   </entry>
 
   <entry id="PineInternet" category="europe">
     <name>Pine Internet</name>
     <url>http://www.pine.nl/</url>
     <description>
       Pine Internet implements LAN, WAN and remote access solutions, offers
       Unix support and administration contracts and advises ISP's and other
       corporate customers concerning their network and server setup. Pine
       specializes in <a href="http://security.pine.nl/">Internet
       security</a>, performs security auditing services on demand, and
       offers firewall solutions based on FreeBSD. Other products we offer
       are webhosting, facility management and leased lines. Among the
       products we use are FreeBSD, Cisco routers, PHP, Apache, Perl,
       Solaris and MySQL. Pine has 8+ years of Unix and Internet experience.
       We feature some of the largest ISP's in the Netherlands as our
       customers. For more information, please contact <a
       href="mailto:info@pine.nl">info@pine.nl</a> or visit our website at
       <a href="http://www.pine.nl/">www.pine.nl</a>.
     </description>
   </entry>
 
   <entry id="PoulHenningKamp" category="europe">
     <name>Poul-Henning Kamp</name>
     <url>http://www.freebsd.org/~phk/</url>
     <description>
       Poul-Henning Kamp has over 12 years of experience in UNIX &amp; Networks,
       and is a former FreeBSD Core Team member. Poul developed <em>phkmalloc</em>,
       <em>tcl_nm</em>, <em>tcl_db</em>, <em>tcl_snmp</em> and more, and was
       the Release Engineer for several FreeBSD releases. Poul resides in
       Denmark, and can be reached via email at <a
       href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a>.
     </description>
   </entry>
 
   <entry id="psychsoftek" category="namerica">
     <name>Psychsoft Consulting</name>
     <url>http://www.psychsoftek.com</url>
     <description>
       Psychsoft Consulting is an Industry recognized leading technology
       consulting firm based in Quincy, Massachusetts founded in 1987 with a
       highly educated, trained and experienced staff to help in all your IT
       needs. Psychsoft, Inc. personnel hold advanced degrees in various
       fields and have years of experience in IT implementation,
       troubleshooting, design and configuration. Areas of expertise include:
       Linux, Microsoft Windows, UNIX (including FreeBSD), TCP/IP, LAN, WAN,
       VPN, Network security, WIFI security, WIFI design, Database design,
       SQL, Web site design, Server design, System integration, Network
       printing and DSL/Broadband/T1 Internet access.
     </description>
   </entry>
 
   <entry id="Questwork" category="asia">
     <name>Questwork Consulting Limited</name>
     <url>http://www.questwork.com/</url>
     <description>
       Questwork Consulting Limited is based in Hong Kong.  We provide
       consulting, web application development, hosting &amp; maintenance
       services on FreeBSD to our clients for more than 5 years.  For
       more information, please contact us by email at
       <a href="mailto:freebsd@questwork.com">freebsd@questwork.com</a>
       or visit our <a href="http://www.questwork.com/">website</a>.
     </description>
   </entry>
 
   <entry id="RandDAssociates" category="europe">
     <name>R and D Associates, Inc.</name>
     <url>http://www.RnDAssociates.com/</url>
     <description>
       R &amp; D Associates, Inc. developed ServeTheWeb.com utilizing
       FreeBSD running Apache.  We employed consulting services from <a
       href="mailto:phk@FreeBSD.org">Poul-Henning Kamp</a> to develop our
       Virtual Server solution (which is available in <a
       href="http://www.FreeBSD.org">FreeBSD</a> 4.0 and higher).
       R &amp; D Associates, Inc. is an application development firm
       specializing in client/server application development.  We use FreeBSD
       running Apache and utilizing PHP and MySQL (As well as NT with ASP and
       SQL/Access).
     </description>
   </entry>
 
   <entry id="Secnetix" category="europe">
     <name>Secnetix GmbH and Co KG</name>
     <url>http://www.secnetix.de/</url>
     <description>
       Secnetix GmbH &amp; Co KG -- located in Munich, Germany -- has a
       strong focus on BSD systems and offers professional consulting
       services, ranging from basic administration, programming and
       security-related tasks to sophisticated projects involving design,
       implementation and maintenance of complex network setups. For more
       information, please <a href="http://www.secnetix.de/">visit our web
       site</a> or send a message to <a
       href="mailto:info@secnetix.de">info@secnetix.de</a>.
     </description>
   </entry>
 
   <entry id="SouthernGazer" category="australia">
     <name>Southern Gazer</name>
     <url>http://www.southerngazer.com</url>
     <description>
       Southern Gazer is a consulting company with 20 years PC technical
       support experience based in Sydney's idyllic Sutherland Shire. Our
       focus is helping businesses get their computers working right while
       spending as little as possible on IT. We're passionate supporters of
       Open Source products and can help the average business save money and
       gain reliability by using systems such as FreeBSD on their file
       servers, print servers, e-mail systems plus lots more. We also supply
       a complete range of Linux and BSD CD's at ultra low prices. Please
       drop by our <a href="http://www.southerngazer.com">website</a>, email
       us at <a
       href="mailto:info@southerngazer.com">info@southerngazer.com</a>, or
       call us on 02 9532 1217 to have a chat.
     </description>
   </entry>
 
   <entry id="SteubenTech" category="namerica">
     <name>Steuben Technologies</name>
     <url>http://www.steubentech.com/</url>
     <description>
       Steuben Technologies is a consulting company offering support,
       administration, custom software development, legacy systems
       support and solutions tailored to your unique business model on
       a wide range of platforms including FreeBSD, NetBSD and most
       commercial UNIX platforms and much more.  Please see our website
       or call us at (607)661-4431.
     </description>
   </entry>
 
   <entry id="Synetec" category="europe">
     <name>Synetec</name>
     <url>http://www.synetec.pl/</url>
     <description>
       Synetec is an IT company located in Poland.  We are experienced in
       the installation and administration of &os;, Linux and Windows
       Server systems.  For more informations visit <a
 	href="http://www.synetec.pl/">our website</a>.
     </description>
   </entry>
 
   <entry id="Syntonet" category="europe">
     <name>Syntonet Ltd</name>
     <url>http://www.syntonet.co.uk/</url>
     <description>
       Syntonet Ltd is UK based provider of Consultancy and Custom
       Development Services. Principal consultant <a
       href="mailto:rob@syntonet.co.uk">Rob Pickering</a> has over 10 years
       system software development experience on BSD based platforms. Areas
       of expertise include firewall and networking system setup, custom
       development in C and C++, and supply of turnkey solutions. For
       further information, contact us by email at <a
       href="mailto:info@syntonet.co.uk">info@syntonet.co.uk</a>, call
       +44.870.166.4400 (Voice) or +44.870.166.4411 (Fax).
     </description>
   </entry>
 
   <entry id="SysCare" category="europe">
     <name>SysCare s. r. o.</name>
     <url>http://www.SysCare.sk/</url>
     <description>
       SysCare s. r. o. is a company based in Slovakia with the aim to
       provide highly professional solutions, including consultancy and
       outsourcing services for reasonable amount of money.  Our focus
       is on high-availability and high-performance solutions for web,
       database, DNS and email products built on &os;.  SysCare s. r. o.
       has been founded by Daniel Gerzo, who is being part of the official
       &os; development team.  For inquiries please send us an email to
       <a href="office@syscare.sk">office@syscare.sk</a>, or visit our
       <a href="http://www.SysCare.sk/">web site</a> for more information.
     </description>
   </entry>
 
   <entry id="TecVD" category="europe">
     <name>TecVD</name>
     <url>http://www.tecvd.com/</url>
     <description>
       TecVD is located in Barcelona, Spain.  We are a company focused
       in system security and open source implementations (GNU/Linux,
       FreeBSD and OpenBSD) in heterogeneous infrastructure.  We also
       have security appliances, Tseg series, and network services
       appliances like Tcor series.  We can provide you with a complete
       enterprise solution tailored to your needs.  See our website or
       email us at <a href="mailto:tecvd@tecvd.com">tecvd@tecvd.com</a>
       for further information.
     </description>
   </entry>
 
   <entry id="TundraWare" category="namerica">
     <name>TundraWare Inc.</name>
     <url>http://www.tundraware.com/</url>
     <description>
       TundraWare Inc. provides FreeBSD related consultancy in all contexts,
       from Embedded to large Transaction Processing systems. We have
       extensive International experience and can provide services in
       network design, systems architecture, development, deployment and
       operations. Contact us via telephone on 847/827-1706, via email to <a
       href="mailto:info@tundraware.com"> info@tundraware.com</a> or write
       to us at TundraWare Inc., 817 Fairmont Court, Des Plaines, IL 60018,
       USA.
     </description>
   </entry>
 
   <entry id="UnixPorting" category="namerica">
     <name>UnixPorting</name>
     <url>http://www.UnixPorting.com/</url>
     <description>
       UnixPorting.com specializes in the porting of existing software to
       new operating systems or hardware. In addition to porting, we
       specialize in C and Perl programming, Unix system administration and
       security, and open source
       technologies (FreeBSD, Perl, Apache,
       mod_perl, MySQL, etc.). For more information, please visit <a
       href="http://www.UnixPorting.com/">our web site</a>.
     </description>
   </entry>
 
   <entry id="UnixWorX" category="namerica">
     <name>UnixWorX System Design</name>
     <url>http://www.unixworx.ca/</url>
     <description>
       UnixWorX System Design is a Vancouver, BC based BSD consulting firm
       established in 1994.  For over 20 years we've provided commercial
       support for BSD including FreeBSD, NetBSD and OpenBSD.  Our
       specialties include Web Servers (Apache and TomCat), Database,
       Content Management Systems (CMS), Email servers such as Sendmail
       and Postfix, DNS (BIND 8 and 9), Firewalls (PF and IPF), Routing,
       as well as application development and Perl / C++ Programing.  We
       operate our own server collocation facility situated on a
       GIG-E Backbone.  Additionally, the founder of the company,
       Glenn Graham, is an author for O'Reilly Publishing.  We welcome
       new business!  For more information, we invite you to visit
       our <a href="http://www.unixworx.ca">website</a>.
     </description>
   </entry>
 
   <entry id="AspenWorks" category="namerica">
     <name>AspenWorks, Ltd.</name>
     <url>http://www.aspenworks.com/</url>
     <description>
       AspenWorks is an Aspen, Colorado based consulting company with offices
       in Portland, OR.  We specialize in network applications, and
       Wireless Broadband management for ISPs and WISPs.  AspenWorks has been
       in business since 1986.  Telephone:  970-925-3355
     </description>
   </entry>
 
   <entry id="Wave2" category="europe">
     <name>Wave2 Limited</name>
     <url>http://www.wave2.co.uk/</url>
     <description>
       Wave2 Limited is an Open Source consultancy, based in the UK,
       providing custom solutions with an emphasis on FreeBSD.  Services
       include software development (Java, Perl, Python, VB),
       Heterogeneous Network / System Administration (FreeBSD, Linux,
       OSX, Solaris and Windows).  If you are looking for an Open Source
       solution, please contact me at <a href="mailto:info@wave2.org">
 	info@wave2.org</a>.
     </description>
   </entry>
 
   <entry id="WilliamRichard" category="namerica">
     <name>William Richard &amp; Associates</name>
     <url>http://www.tdl.com/~wdr/consulting.html</url>
     <description>
       William Richard &amp; Associates offers FreeBSD, Internet, and e-commerce
       consulting, implementation, and support options for clients
       throughout the San Francisco Bay Area. Visit our website or <a
       href="mailto:wdr@tdl.com">e-mail us</a>.
     </description>
   </entry>
 
   <entry id="WorkgroupTechnology" category="namerica">
     <name>Workgroup Technology Partners, Inc.</name>
     <url>http://www.wgtech.com</url>
     <description>
       Workgroup Technology Partners, Inc.We sell and support Unix systems
       including Solaris, HP/UX, AIX, Linux and FreeBSD. For comments refer
       to <a href="http://www.wgtech.com">our site</a>
     </description>
   </entry>
 
   <entry id="SecurityAudit" category="africa">
     <name>Security Audit and Control Solutions</name>
     <url>http://www.sacs.co.za/</url>
     <description>
       Security Audit and Control Solutions (SACS) provides information
       security consultation and IT auditing services and offers
       professional FreeBSD support. SACS has developed a complete range of
       Technological Risk Management solutions using FreeBSD as an anchor
       for data analysis. Firewalls deployed using FreeBSD makes a cost
       effective solution in any organization and SACS can implement a
       secure FreeBSD firewall with caching engines, Network Address
       Translation (NAT) and proxies. For additional information please
       contact <a href="mailto:pearcem@sacs.co.za">Mervin Pearce</a> or
       visit <a href="http://www.sacs.co.za">http://www.sacs.co.za</a>
     </description>
   </entry>
 
   <entry id="EDILtd" category="namerica">
     <name>EDI Ltd Consulting Engineers</name>
     <url>http://www.ediltd.com</url>
     <description>
       EDI Ltd Consulting Engineers. We provide consulting services for
       FreeBSD as well as local and wide area network design. Our
       diversified staff allows us to help you in all the areas your project
       requires, from cabling to encryption, network security audits,
       network design and network health studies. We have successfully
       completed several FreeBSD installations for mission critical
       operations, using it as a firewall, web server or mail server. If you
       would like to discuss your project with us, please contact us as
       (770) 956-7000, or <a
       href="mailto:info@ediltd.com">info@ediltd.com</a>.
     </description>
   </entry>
 
   <entry id="WhiteQueueConsulting" category="nzealand">
     <name>White Queue Consulting</name>
     <url>http://whitequeue.com/</url>
     <description>
       White Queue Consulting provides embedded FreeBSD kernel and
       userland development.  Our services include device driver
       development, kernel porting, software design and development in
       the kernel and userland.  We are able to work with clients in any
       location.  For further information contact us through our <a
       href="http://whitequeue.com/contact/">contact form</a> or visit
       the <a href="http://whitequeue.com/">White Queue website</a>.
     </description>
   </entry>
 
   <entry id="CrepidoSystems" category="europe">
     <name>Crepido Systems AB</name>
     <url>http://www.crepido.com</url>
     <description>
       Crepido Systems AB provides services for custom software development
       and system design under BSD and other Unixes. We have 10+ years
       experience in Unix programming and system design using Unix as
       building block.
 	  Crepido System AB operates mainly in Sweden but
       requests outside Sweden are welcome.
     </description>
   </entry>
 
   <entry id="MarkTinguely" category="namerica">
     <name>Mark Tinguely</name>
     <url>http://www.cs.ndsu.NoDak.edu/~tinguely/</url>
     <description>
       Mark Tinguely has provided Network and Unix solutions for over ten
       years. These solutions include work with Unix kernels and Unix
       applications, TCP/IP applications, Local Area Network protocol
       debugging, and BSD device drivers. Mark has authored BSD device
       drivers for 3 video capture boards, an Asynchronous Transfer Mode
       (ATM) network card, and a Watchdog card.
     </description>
   </entry>
 
   <entry id="ITworksConsulting" category="australia">
     <name>ITworks Consulting</name>
     <url>http://www.itworks.com.au</url>
     <description>
       ITworks Consulting is a privately owned information technology
       consultancy, situated in the central business district of
       Melbourne, Australia. The business consists of a specialized team
       of consultants who aim to provide information technology solutions
       to meet the needs of the business community. We provide a range of
       FreeBSD based web hosting, web database development and e-commerce
       services as well as professional FreeBSD consulting services and
       support contracts. For more information please visit our <a
       href="http://www.itworks.com.au">web site</a> or contact us at <a
       href="mailto:info@itworks.com.au">info@itworks.com.au</a>.
     </description>
   </entry>
 
   <entry id="Raditex" category="europe">
     <name>Raditex AB</name>
     <url>http://raditex.nu/</url>
     <description>
       Raditex AB are a firm of consultants and also do education in Unix.
       We have long experience with all kinds of Unix systems not only
       FreeBSD or Linux. For more information phone us at +46 19 4501015
       or give us an email at <a
       href="mailto:gorhas@raditex.nu">gorhas@raditex.nu</a> or <a
       href="http://raditex.nu/">visit our web site</a>.
     </description>
   </entry>
 
   <entry id="Mike_Meyer" category="namerica">
     <name>Mike_Meyer</name>
     <url>http://www.mired.org/home/mwm/</url>
     <description>
       Mike Meyer of Meyer Consulting has been providing Unix-based
       solutions since 1976, and web-based applications since 1992. These
       solutions range from chemical systems modeling to device drivers, and
       the web applications have ranged from community-building applications
       to web based software release systems. For more information, please
       contact <a href="mailto:mwm@mired.org">mwm@mired.org</a>.
     </description>
   </entry>
 
   <entry id="TheLinuxBox" category="namerica">
     <name>The Linux Box</name>
     <url>http://www.linuxbox.nu/</url>
     <description>
       The Linux Box, located in Ann Arbor, Michigan, provides consulting
       and training services for open source operating systems and products,
       including FreeBSD and Linux. For more information, contact <a
       href="mailto:info@linuxbox.nu">info@linuxbox.nu</a> or view our
       website at <a href="http://www.linuxbox.nu">www.linuxbox.nu</a>.
     </description>
   </entry>
 
   <entry id="LANCO" category="asia">
     <name>LANCO Global Systems</name>
     <url>http://www.lancoglobal.com/</url>
     <description>
       LANCO Global Systems (LGSL), based in India, Hyderabad, with offices
       in USA and UK, provides and specializes in <i>Application
       Development, Shell Scripting, PHP, C, C++ and Perl Programming,
       Networking Solutions, Unix device driver development, Web page
       Designing and Hosting, Web Server Solutions and configurations, ISP
       Services especially on Linux, FreeBSD and Solaris</i>. For more
       information, please email us at <a
       href="mailto:services@lancoglobal.com">services@lancoglobal.com</a>
       or call us at 0091-9849043975 or FAX us at 0091-040-3755413.
     </description>
   </entry>
 
   <entry id="NS3G" category="namerica">
     <name>NS3G.COM</name>
     <url>http://www.ns3g.com/</url>
     <description>
       NS3G.COM, based out of Toronto, Ontario, Canada, offers a variety of
       services and products. We specialize in products that run under
       FreeBSD and other *NIX systems but also support other platforms.
       Solutions for firewalls, LAN's, WAN'S and web presence are just a few
       that we offer. Please visit us at <a
       href="http://www.ns3g.com/">www.ns3g.com</a> or contact us at <a
       href="mailto:info@ns3g.com">info@ns3g.com</a> for more information or
       to get a quote.
     </description>
   </entry>
 
   <entry id="Linast" category="europe">
     <name>Linast-Systemtechnik GmbH</name>
     <url>http://www.linast.de</url>
     <description>
       Linast-Systemtechnik GmbH is located in Sankt Augustin, Germany (near
       Bonn/Cologne) and provides consulting, support and training for
       FreeBSD, Linux, MacOS X and other Unix Systems. For more information,
       please call +49.2241.209467, e-mail us at <a
       href="mailto:info@linast.de">info@linast.de</a> or visit our <a
       href="http://www.linast.de/">website</a>
     </description>
   </entry>
 
   <entry id="Cybersource" category="australia">
     <name>Cybersource Pty. Ltd</name>
     <url>http://www.cyber.com.au/</url>
     <description>
       Cybersource is Australia's leading IT Professional Services Company
       in the areas of Unix/FreeBSD/Linux, TCP/IP Datanetworking and Open
       Platform application development using these technologies. With
       around 40 staff, are based in Melbourne and have been successfully
       providing IT Professional Services for 10 years.
     </description>
   </entry>
 
   <entry id="NationalInformatics" category="namerica">
     <name>National Informatics Company</name>
     <url>http://www.nationalinformatics.com</url>
     <description>
       National Informatics Company provides research and development
       services for information technology. We work with FreeBSD to support
       or manage research projects for high performance computing,
       bioinformatics, enterprise software technologies and artificial
       intelligence. We also help companies make the transition from
       proprietary software products to Open Source products. Our phone
       number is (425) 740-0139.
     </description>
   </entry>
 
   <entry id="Bilch" category="europe">
     <name>Bilch International Consulting</name>
     <url>http://www.bilch.com/</url>
     <description>
       Bilch International Consulting, Hamburg is based in Germany. We are
       building fire walled servers and connect them to your ISDN, POTS, ATM
       or E1/T1 Line. BILCH Com is an ASP and application software
       developer. Please mail us at <a
       href="mailto:info@bilch.com">info@bilch.com</a>.
     </description>
   </entry>
 
   <entry id="ParcProductions" category="europe">
     <name>Parc Productions</name>
     <url>http://www.parcproductions.com/</url>
     <description>
       Parc Productions. Located in the Netherlands. Started in 1997. We
       deliver professional system engineering services for FreeBSD, OpenBSD
       and MacOS X. Our services include 24/7 support, consultancy,
       maintenance of both hardware and software, assembly and installation
       of hardware, remote and on-site support, development of scripts and
       software for the machines we maintain etcetera. Of course we deliver
       hosting facilities and space for your servers at low costs as well.
       Visit our websites at <a
       href="http://www.parcproductions.com/">www.parcproductions.com</a> or
       <a href="http://www.bsdengineering.com/">www.bsdengineering.com</a>.
       Please contact us by <a
       href="mailto:info@parcproductions.com">email</a> or by telephone:
       +31-204892456.
     </description>
   </entry>
 
   <entry id="Worria" category="asia">
     <name>Worria Affordable Web Hosting</name>
     <url>http://worria.com/en/hosting.shtml</url>
     <description>
       Worria Affordable Web Hosting is a privately owned company in Hong
       Kong. We offer FreeBSD web hosting related consulting services, such
       as server administration and website management. For more details,
       please email <a href="mailto:sales@worria.com">our sales team</a>.
     </description>
   </entry>
 
   <entry id="ZYTRAX" category="namerica">
     <name>ZYTRAX, Inc</name>
     <url>http://www.zytrax.com/</url>
     <description>
       Zytrax, Inc. is based in Montreal, Canada and provides consulting,
       development, implementation, hosting and maintenance services
       specialising in the BSD platforms. Our skill base includes Apache,
       PHP, Ruby, DNS, Mail, LDAP, Samba, PostgeSQL/MySQL and embedded
       systems. Please email us at <a
       href="MAILTO:consulting@zytrax.com">consulting@zytrax.com</a>. We can
       be reached via telephone at +1.514.285.9088.
     </description>
   </entry>
 
   <entry id="OpenTrend" category="namerica">
     <name>OpenTrend Solutions Ltd</name>
     <url>http://www.opentrend.net</url>
     <description>
       OpenTrend Solutions Ltd provides consulting and facilities management
       services through Canada. We specialize in supporting FreeBSD, NetBSD,
       OpenBSD and Linux, and have specialist skills in system
       administration, security and network design &amp; management. We donate
       2% of gross profits to the support of open source software and have
       partnered with organisations in the United States and Australia to
       better support multi-national clients.
     </description>
   </entry>
 
   <entry id="DaemonizedNetworking" category="namerica">
     <name>Daemonized Networking Services</name>
     <url>http://www.daemonized.com</url>
     <description>
       Daemonized Networking Services. Our staff have been supporting
       software and hardware development, brokerages, banks, hospitals,
       publishers, e-commerce, legal and medical research,
       telecommunications, and other environments since 1986, in the San
       Francisco Bay Area and Northern California. We build industrial
       strength web servers, running the latest release of Apache, OpenSSH,
       and OpenSSL, with all source, and firewall, based on FreeBSD, in less
       than one hour.
     </description>
   </entry>
 
   <entry id="Linux4biz" category="asia">
     <name>Linux4biz</name>
     <url>http://www.linux4biz.net/</url>
     <description>
       Linux4biz is an independent provider of comprehensive Internet
       solutions, specialising in the Solaris, LINUX, FreeBSD, OpenBSD,
       NetBSD operating systems and Open Source Software. Linux4biz
       Consultants are able to advise on all aspects of implementing and
       administrating Unix/Linux servers, SAMBA solutions, E-mail servers,
       Mailing list servers, Web servers, DNS, Internet Security, Security
       Audits, Intrusion detection, Stress testing, Intranet setup, High
       Availability server solutions, Network solutions, Remote
       administration solutions. We also provide onsite as well as offsite
       support and consultancy. For more information about our services,
       please visit our website.
     </description>
   </entry>
 
   <entry id="INFOMATIK" category="samerica">
     <name>INFOMATIK</name>
     <url>http://info.matik.com.br</url>
     <description>
       INFOMATIK Tecnologia e Desenvolvimento - Brazilian Company is
       offering total site support for FreeBSD Servers. We have high
       performance solutions for Intranet and Internet. We are specialized
       in UNIX systems since 92. Please visit our Interactive Website or
       contact us per e-mail: <a
       href="mailto:info@matik.com.br">info@matik.com.br</a>
     </description>
   </entry>
 
   <entry id="LOGIOS" category="europe">
     <name>LOGIOS</name>
     <url>http://www.logios.cz/</url>
     <description>
       LOGIOS NETWORK SYSTEMS, located in the Czech Republic, provides
       system maintenance, consulting and other services on various
       platforms, including FreeBSD and Linux. We also offer information
       security services, firewalls and IDS systems, system integration,
       software applications etc.
     </description>
   </entry>
 
   <entry id="Xetpoint" category="europe">
     <name>Xetpoint</name>
     <url>http://www.xetpoint.fi/</url>
     <description>
       Xetpoint Oy is located in Pirkkala, Finland. We offer professional
       FreeBSD support, consulting, programming, maintenance and monitoring
       services. For more information, please visit our website.
     </description>
   </entry>
 
   <entry id="RackmountNet" category="namerica">
     <name>RackmountNet</name>
     <url>http://www.rackmountnet.com</url>
     <description>
       RackmountNet is a One-stop shop for rackmount Linux, FreeBSD systems.
       Our products include Rackmount chassis, server rack cabinet,
       Rackmount LCD Monitor, and related accessories. For more information,
       contact <a
       href="mailto:sales@rackmountnet.com">sales@rackmountnet.com</a>.
     </description>
   </entry>
 
   <entry id="siliconlandmark" category="namerica">
     <name>Silicon Landmark LLC</name>
     <url>http://siliconlandmark.com/</url>
     <description>
       Silicon Landmark's mission is to supply our customers with
       fully customized, scalable, turn-key Information Technology
       solutions at competitive prices. We specialize in designing
       package products that will meet and your business' needs
       and budget.
     </description>
   </entry>
 
   <entry id="pythonbyte" category="namerica">
     <name>Python Byte Solutions</name>
     <url>http://www.pythonbyte.com/</url>
     <description>
       Python Byte Solutions is an independent IT
       consulting company based in Southwestern Ontario, Canada.
       We provide services pertaining to software
       &amp; web development, hosting, support, installation,
       and training. We specialize in Python, Zope, Apache,
       MySQL, *BSD, and Linux. You can
       check out our web site or contact us directly at <a
       href='mailto:info@pythonbyte.com'>info@pythonbyte.com</a>.
     </description>
   </entry>
 
   <entry id="oscillation" category="europe">
     <name>os-cillation</name>
     <url>http://www.os-cillation.de</url>
     <description>
       os-cillation, located in Siegen/NRW, Germany.
       We offer a broad range in BSD-based software-development
       (C/C++/Java/HTML/PHP/Perl/SQL). Installation and
       support of FreeBSD based mail, web, firewall, database,
       news, dns and ftp servers. FreeBSD and Windows desktop
       integration. Also experienced with NetBSD, Solaris and Linux.
     </description>
   </entry>
 
   <entry id="ForgottenTechnologies" category="asia">
     <name>Forgotten Technologies</name>
     <url>http://www.forgotten.com.sg</url>
     <description>
       Forgotten Technologies, http://www.forgotten.com.sg
       is a Singapore-based company providing open source business
       solutions that include, but not limited to platforms such as
       Linux, FreeBSD and OpenBSD. Please email us at
       enquiries@forgotten.com.sg to find out more how we can help
       you in your business!
     </description>
   </entry>
 
   <entry id="WirewalkTechnologies" category="namerica">
     <name>Wirewalk Technologies</name>
     <url>http://www.wirewalk.com/</url>
     <description>
       Wirewalk Technologies is a NYC based consulting company, with
       strategic partnerships around the globe.  We offer onsite and
       remote consulting, and full integration services based on
       FreeBSD, as well as OpenBSD, NetBSD, Linux, MacOS, Solaris.
       Programming solutions in: C, C++, Java, Perl, PHP, Oracle,
       MySQL, Postgresql, etc.  Contact us via <a
       href="mailto:sales@wirewalk.com">email</a> or call us under#
       212-202-2613 or 917-217-7975.
     </description>
   </entry>
 
   <entry id="tunix" category="europe">
     <name>Tunix</name>
     <url>http://www.tunix.nl/</url>
     <description>
       For more than 10 years TUNIX - the only Dutch firewall
       developer - brings you a unique combination of
       security-services: high-level training on
       Internet-technology and tailor-made security solutions.
       TUNIX Security offers an end-to-end solution with a full
       range of services such as consultancy for developing a
       security-policy and design of a security-architecture,
       project-management, turn-key implementation of
       firewall-appliances, multi-level support and 24x7 management
       and monitoring. The security solutions are build on the TUNIX
       Firewall, a modular, FreeBSD based proxy-level firewall.
       For more information, please contact sales@tunix.nl
       or visit our website at www.firewall.nl.
     </description>
   </entry>
 
   <entry id="improware" category="europe">
     <name>ImproWare AG</name>
     <url>http://www.imp.ch/</url>
     <description>
       ImproWare AG focuses on Internet and Networking Services
       as well as System Integration and Consulting based on
       FreeBSD.
       We offer contract programming in all major programming languages
       with a focus on FreeBSD, userland and kernel.
     </description>
   </entry>
 
   <entry id="netmaniacs" category="europe">
     <name>NetManiacs</name>
     <url>http://www.netmaniacs.nl/</url>
     <description>
       NetManiacs is a dutch company based in Eindhoven.
       We provide consulting, (system administration) support,
       custom software and a broad range of (internet/business)
       server solutions.  For more information visit
       <a href="http://www.netmaniacs.nl">www.netmaniacs.nl</a>
       or contact us at <a href="mailto:info@netmaniacs.nl">
 	info@netmaniacs.nl</a>.
     </description>
   </entry>
 
   <entry id="ArtisanComputerServicesLLC" category="namerica">
     <name>Artisan Computer Services LLC</name>
     <url>http://www.artisancomputer.com/</url>
     <description>
       Artisan Computer Services LLC is based in Tucson, Arizona.
       We provide system administration and configuration for web,
       mail, DNS, database, and streaming video servers using FreeBSD.
       We also do computer consulting on a variety of platforms
       (Mac OS X, Windows, *BSD, Linux), with an emphasis on integration
       and security.  You can reach us at
       <a href="mailto:info@artisancomputer.com">info@artisancomputer.com</a>,
       or our website,
       <a href="http://www.artisancomputer.com">www.artisancomputer.com</a>.
     </description>
   </entry>
 
   <entry id="BrainAllianceSolutions" category="europe">
     <name>Brain Alliance Solutions Oy / Ltd</name>
     <url>http://www.brainalliance.com/</url>
     <description>
       Brain Alliance Solutions Oy / Ltd is located in Espoo, Finland.
       We offer professional FreeBSD installation, support, consulting
       and server solutions.  For more information, please visit our
       website at <a href="http://www.brainalliance.com">
         http://www.brainalliance.com</a>.
     </description>
   </entry>
 
   <entry id="TegtmeierInternetSolutions" category="europe">
     <name>Tegtmeier Internet Solutions</name>
     <url>http://www.tegtmeier.de/</url>
     <description>
       Tegtmeier Internet Solutions is located in Hamburg / Germany.  We offer
       consulting, professional support and maintenance for *BSD and Linux systems
       and are developing individual solutions in C/Perl/PHP/SQL/HTML/shell, based
       on open source products.  We are focused on internet security, high
       availability and performance/optimization.  Visit our website at
       <a href="http://www.tegtmeier.de">http://www.tegtmeier.de</a>.
     </description>
   </entry>
 
   <entry id="OpenSourcery" category="europe">
     <name>Open Sourcery</name>
     <url>http://www.opensourcery.co.uk</url>
     <description>
       Open Sourcery is a UK based company providing support and consultancy
       for Free and Open Source Software.  We have <a
       href="http://www.opensourcery.co.uk/open-sourcery/our-experience/"
       title="Open Source support">experience</a> with a wide variety of
       Open Source software.  You can find out more and contact us at our
       <a href="http://www.opensourcery.co.uk"
       title="Open Source support">website</a>.
     </description>
   </entry>
 
   <entry id="Oxalide" category="europe">
     <name>Oxalide</name>
     <url>http://www.oxalide.com/</url>
     <description>
       Oxalide is a consultancy firm and solution provider.  Our fields of
       expertise include UNIX software system deployment such as secure mail
       systems (SMTP, POP, IMAP), advanced Web server configurations,
       high-availability firewalling, etc.  Our knowledge of FreeBSD, *BSD,
       Commercial Unix and Linux is thorough.
     </description>
   </entry>
 
   <entry id="TechneticsConsultingPtyLtd" category="australia">
     <name>Technetics Consulting Pty. Ltd.</name>
     <url>http://www.technetics.com.au/</url>
     <description>
       Technetics is located in Melbourne Australia.  We provide prompt IT services
       &amp; support, system maintenance, hard drive recovery services, consulting and
       other services on various platforms including FreeBSD, Linux and Unix.  We
       offer on site support within Melbourne Australia and world wide via remote
       login.  We also offer expert data recovery services for Unix based platforms.
       Call anytime ph. +61 3 9663 1899 or email us at <a
 	href="mailto:info@technetics.com.au">info@technetics.com.au</a>.
     </description>
   </entry>
 
   <entry id="EnvescentLCC" category="namerica">
     <name>Envescent, LLC</name>
     <url>http://www.envescent.com/</url>
     <description>
       Envescent is a leading provider of technology products and services
       focused on FreeBSD.  We offer consulting, pre-installed workstations
       and servers, compatible hardware, outsourced system and network
       administration and implementation, security auditing, technical support
       and much more.
     </description>
   </entry>
 
   <entry id="openMindShare" category="namerica">
     <name>openMindShare</name>
     <url>http://www.openmindshare.com/</url>
     <description>
       openMindShare draws on over a decade of expertise in diverse
       information technology fields.  We handle information technology
       infrastructure needs and we do it with FreeBSD.  We offer a myriad
       of services and solutions.  See our
       <a href="http://www.openmindshare.com/">web site</a> or
       <a href="mailto:info@openmindshare.com">e-mail</a>
       (info@openmindshare.com) for more information.
     </description>
   </entry>
 
   <entry id="RBJ-Consultants" category="europe">
     <name>RBJ-Consultants</name>
     <url></url>
     <description>
       Unix since 1990. Remote installation (Europe-webhosting,
       Brasil, USA) and local. We train, install, configure and
       admin FreeBSD, Linux (RedHat, Suse, Gentoo, Mandrake), Solaris.
       Inside network - MacOSX, Windows, etc (we support too).
       Contact: <a href="mailto:rbj@madeira.dyndns.org">Rui Bento</a>
       &lt;rbj@madeira.dyndns.org&gt;
     </description>
   </entry>
 
   <entry id="TechniSoft" category="africa">
     <name>TechniSoft</name>
     <url>http://www.technisoft.sn/</url>
     <description>
       Located in the Senegal (west Africa).  Started in 2001.  We deliver
       professional system engineering services for FreeBSD, OpenBSD and
       Windows.  Our services include 24/7 support, consultancy, maintenance
       of both hardware and software, assembly and installation of hardware,
       remote and on-site support, development of scripts and software for
       the machines we maintain etc.  Of course we deliver hosting facilities
       and space for your servers at low costs as well.  Visit our websites at
       <a href="http://www.technisoft.sn/">http://www.technisoft.sn</a>.
       Please contact us by <a href="mailto:info@technisoft.sn">email</a>
       &lt;info@technisoft.sn&gt; or by telephone: +221 - 8559900.
     </description>
   </entry>
 
   <entry id="sirius" category="europe">
     <name>Sirius</name>
     <url>http://www.siriusit.co.uk/</url>
     <description>
       Sirius leads in the deployment, support and training of Open Source
       technology, including FreeBSD.  We support organisations across
       Europe in their pursuit of innovative, versatile and robust technology
       solutions without the financial burden of software licensing.
     </description>
   </entry>
 
   <entry id="sectec" category="europe">
     <name>Sectec</name>
     <url>http://www.sectec.pl</url>
     <description>
       *BSD consultancy, installations and configurations.  Worked for
       government institutions as well as for large corporations.
       Intrusion Detection Systems, firewalls, nats, proxies,
       webservers, heavy load mail systems with GUI interface.  Security
       advisor experienced in firewalling.  Training.
       Telephone: +48 888 774 774, email: <a
 	href="mailto:admin@bmtcordah.pl">admin@bmtcordah.pl</a>
     </description>
   </entry>
 
   <entry id="sheridan" category="europe">
     <name>Sheridan Computers Limited</name>
     <url>http://www.sheridancomputers.co.uk</url>
     <description>
       We offer IT consulting, systems integration, corporate information
       systems and security solutions based on BSD software.  For more
       information, send us an <a
       href="mailto:info@sheridancomputers.co.uk">email</a> or visit our
       <a href="http://www.sheridancomputers.co.uk">website</a>. We
       operate in the United Kingdom.
     </description>
   </entry>
 
   <entry id="vocal" category="europe">
     <name>S.C. vocalNET S.R.L.</name>
     <url>http://www.vocal.ro</url>
     <description>
       Over 3 years experience with designing, installing  and
       maintaining (support and administration) security solutions
       (firewalls, IDS and VPN's) and voice solutions over *BSD platforms.
       We can secure services like mail, dns, web, ftp making them more
       secure and reliable.  For more information, please phone us at
       +40788401422 or +40217255117, e-mail:
       <a href="mailto:contact@vocal.ro">contact@vocal.ro</a>, or
       <a href="http://www.vocal.ro">visit our web site</a>.
     </description>
   </entry>
 
   <entry id="opensourcexperts" category="europe">
     <name>Opensourcexperts</name>
     <url>http://www.opensourcexperts.com</url>
     <description>
       opensourcexperts.com hosts one the largest (free) directories <a
         href="http://www.opensourcexperts.com/Index/index_html">of
 	companies who support Open Source</a>  software world-wide.
       If you provide support for FreeBSD list yourself in their <a
 	href="http://www.opensourcexperts.com/Index/index_html/FreeBSD/index.html">
 	FreeBSD index</a>
     </description>
   </entry>
 
   <entry id="mseuss" category="europe">
     <name>Mseuss Unternehmensberatung</name>
     <url>http://www.msuess.de</url>
     <description>
       Msuess Unternehmensberatung is a consulting company based in
       Schwandorf (near Regensburg), Germany.  As a consulting / isv
       partner we are developing web-portals (using Python and ZOPE/Plone
       on FreeBSD) and developing individual solutions (Python, Tcl/tk,
       ADA) on FreeBSD.  We also provide ZOPE administration and
       consulting on FreeBSD and other *ix-like systems.  We are the
       main sponsor of the German <a href="http://www.freeunix.de/">
         ix-wiki</a>.  For more information please contact <a
        	href="mailto:freebsd@msuess.de">freebsd@msuess.de</a> or visit
       our <a href="http://www.msuess.de/">website</a>.
     </description>
   </entry>
 
   <entry id="ceintec" category="europe">
     <name>Ceintec</name>
     <url>http://www.ceintec.com</url>
     <description>
       Ceintec provides FreeBSD and unix-like operating systems learning
       courses in Spain (Instructor-Led courses).  We also provide
       FreeBSD consulting and technical support for enterprises in Spain.
       For more information visit <a
 	href="http://www.ceintec.com/empresas.html">
 	http://www.ceintec.com/empresas.html</a>
     </description>
   </entry>
 
   <entry id="lori-sa" category="samerica">
     <name>Lori Design</name>
     <url>http://www.lori-sa.com</url>
     <description>
       Lori Design, based in San Jose, Costa Rica offers Web
       Development, design, and custom application programming using
       both open source and proprietary environments.  Services also
       include private consulting, emergency response coordination and
       various IT solutions to maximize the effectiveness of your
       business.  Lori Design is a proud w3c member in Costa Rica.
     </description>
   </entry>
 
   <entry id="wbpsystems" category="namerica">
     <name>WBP Systems</name>
     <url>http://www.wbpsystems.com/</url>
     <description>
       WBP Systems has a wide range of experience in a number of
       disciplines.  <a href="http://bi.wbpsystems.com">Business
         Intelligence software</a> is created to increase the productivity of your
       business.  We specialize in CRM, ERP and SCM solutions.  Web
       portals and automation of certain business processes are also
       available.  The <a href="http://im.wbpsystems.com">Infrastructure
         Management</a> group is designed to manage, design and create
       integrated solutions for our customer's networks.
     </description>
   </entry>
 
   <entry id="UnitedWare" category="namerica">
     <name>UnitedWare, LLC</name>
     <url>http://united-ware.com/</url>
     <description>
       UnitedWare, LLC is a Cincinnati, Ohio based company that provides
       FreeBSD server setup and custom web and desktop applications.  We
       perform IT audits and solutions to identify and manage the
       information needs of any business.  To contact us visit our
       <a href="http://united-ware.com/">website</a> or give us a call at
       (513) 563-0897.
     </description>
   </entry>
 
   <entry id="Triona" category="europe">
     <name>Triona - Information und Technologie GmbH</name>
     <url>http://www.triona.de</url>
     <description>
       Triona - Information und Technologie GmbH offers FreeBSD
       installation and administration services, individual software
       development, web-, application- and database-servers.  The company
       is based in Mainz, Germany.  For more information contact us via
       email <a href="mailto:bsd@triona.de">bsd@triona.de</a> or visit
       our web site.
     </description>
   </entry>
 
   <entry id="ActivSupport" category="namerica">
     <name>ActivSupport, Inc.</name>
     <url>http://www.activsupport.com/</url>
     <description>
       ActivSupport is a network consulting firm located in the San
       Francisco Bay Area specializing in cross-platform environment
       support including FreeBSD.  ActivSupport also provides network
       security, and business continuity consulting.  Whether you are
       looking for a certified consultant or specific technical support
       solutions please contact us at 1-877.228.4863 for immediate
       assistance with your technical needs, or visit our <a
 	href="http://www.activsupport.com/">web site</a> for more
       information about services we are providing.
     </description>
   </entry>
 
   <entry id="TDI" category="namerica">
     <name>Tetrad Digital Integrity (TDI)</name>
     <url>http://www.tdisecurity.com/</url>
     <description>
       TDI is an information assurance company in the Washington, DC
       area and specializes in providing total security solutions in
       the private and public sectors.  TDI delivers an end-to-end
       solution to security problems occurring in the networks of
       private technology firms, the U.S. government and the military.
       TDI can provide consulting services for all aspects of FreeBSD
       secure enterprise deployment: desktop, server, infrastructure
       (router/firewall), etc.  Our website is at <a
 	href="http://www.tdisecurity.com">http://www.tdisecurity.com</a>
       and we can be reached by email at <a
 	href="mailto:freebsd@tdisecurity.com">freebsd@tdisecurity.com</a>
       , by phone at 202-337-5600 and by fax at 202-337-5601.
     </description>
   </entry>
 
   <entry id="heritage" category="europe">
     <name>Heritage Network Technologies</name>
     <url>http://www.heritagenetworktechnologies.com/</url>
     <description>
       We are a privately owned Technology Consulting Company based in
       Baltimore area.  We provide support for Open Source Operating
       Systems and Software, as well as training for these.  We target
       small to medium enterprises as well as educational institutions.
       We can be reached at 301-807-0784 or by email at <a
 	href="mailto:service@eissaf.net">service@eissaf.net</a>.
     </description>
   </entry>
 
   <entry id="BSDPIE" category="europe">
     <name>BSD Professionals In Europe (BSDPIE)</name>
     <url>http://bsdpie.com/</url>
     <description>
       We are BSD based co-operating consultants offering Consultancy,
       Support, Development, Installation and Internet Services located
       in Munich, Germany.
     </description>
   </entry>
 
   <entry id="FalconKnight" category="namerica">
     <name>Falcon Knight, Inc.</name>
     <url>http://www.falconknight.com/</url>
     <description>
       Falcon Knight, Inc. provides FreeBSD installation, configuration,
       and support from the simple to the advanced.  Falcon Knight
       performs large scale, load-balanced infrastructure planning and
       implementations, complete with application servers and clustered
       databases, all powered by FreeBSD.  If your environment simply has
       to be up 24x7 and you have high usage demands, call Falcon Knight
       now at 877-625-9000 or email <a
 	href="mailto:info@falconknight.com">info@falconknight.com</a>.
     </description>
   </entry>
 
   <entry id="venture37" category="europe">
     <name>Venture 37</name>
     <url>http://www.venture37.com/</url>
     <description>
       Our company provides Mail, Web and DNS hosting solutions based on
       OpenBSD &amp; FreeBSD as well as Technical Support and Management
       (on site or remote) for Microsoft Windows, OS X, Linux and
       BSD-like operating systems.  We also provide services such as
       connectivity &amp; colocation in datacentres at Brighton and
       London.  Check out our <a href="http://www.venture37.com/">
 	web site</a> or contact us at <a
 	href="mailto:info@venture37.com">info@venture37.com</a>.
     </description>
   </entry>
 
   <entry id="opensistemas" category="europe">
     <name>Open Sistemas</name>
     <url>http://www.opensistemas.com</url>
     <description>
       We are a spanish company focused on providing business consulting
       and global solutions based on Open Source software and operating
       systems, like FreeBSD and GNU/Linux.  We offer customers and
       partners our high quality services, from integration to low level
       C/C++ developments, 24x7 support, and our own or third-party open
       technologies.  For more information contact us at <a
 	href="mailto:info@opensistemas.com">info@opensistemas.com</a>
       , visit our <a href="http://www.opensistemas.com">web site</a> or
       contact us by phone at +34 91 445 39 36.
     </description>
   </entry>
 
   <entry id="ibermachines" category="europe">
     <name>Ibermachines Sistemas</name>
     <url>http://www.ibermachines.com</url>
     <description>
       Ibermachines is a spanish-based company offering open source
       software solutions to  small and medium size organizations.  We
       install, configure and maintain servers and workstations mainly
       running FreeBSD and GNU/Linux.  Also mail, web, intranet, fax,
       file and printing solutions are popular between our customers.
     </description>
   </entry>
 
   <entry id="cts" category="europe">
     <name>CTS Consulting and Trade Service</name>
     <url>http://www.ctseuro.com</url>
     <description>
       CTS Consulting &amp; Trade Service is a full service Consultant
       and Supplier for pre-installed FreeBSD Servers.  We ship
       Firewalls, Internet Gateways, Mail Systems with virus protection,
       realtime http scanner, File and Print Servers.  Network planning
       and implementation of WANS with IPSEC tunneling, Samba and
       Hylafax installations.  Founded in 1985 with Unix and Mainframe
       experience since 1978.  We are based in Salzburg and Vienna,
       Austria and have customer references throughout Europe and
       Eastern Europe ranging from 5 to 60000 Users.  We are also
       shipping pre-installed Asterisk Telephone Systems and have best
       the references with it.
     </description>
   </entry>
 
   <entry id="jcr" category="samerica">
     <name>JCR Engenharia de Sistemas</name>
     <url>http://www.jcrengenharia.com.br/</url>
     <description>
       JCR Engenharia has more than 10 years experience in developing
       FreeBSD solutions, like firewalls, Internet Servers, cluster
       solutions and more.  We are located in Salvador, Brazil.
     </description>
   </entry>
 
   <entry id="fortuitous" category="namerica">
     <name>Fortuitous Technologies</name>
     <url>http://fortuitous.com</url>
     <description>
       Fortuitous Technologies provides Performance Tuning, Capacity
       Planning, System Design, Network Design and security services
       for FreeBSD, Linux, and Unix systems worldwide.  We cover Cloud,
       Grid, and Multi-tiered systems of all types.  Contact us at <a
       href="http://fortuitous.com">http://Fortuitous.com</a> for
       further information.
     </description>
   </entry>
 
   <entry id="netfence" category="europe">
     <name>NetFence</name>
     <url>http://www.netfence.it</url>
     <description>
       NetFence deploys and maintains Internet/intranet servers based on
       FreeBSD and other open source software (including Apache web
       server, Squid, Samba, Cyrus IMAP, PostgreSQL, OpenVPN and others).
       Network and client-side hardware/software/support is also offered,
       as well as custom programming and security coverage.  It is
       located in Bologna, Italy and can be reached at <a
 	href="mailto:freebsd@netfence.it">freebsd@netfence.it</a>.
     </description>
   </entry>
 
   <entry id="unixconsulting" category="europe">
     <name>Unix Consulting</name>
     <url>http://www.unixconsulting.info</url>
     <description>
       Based in London, England, we are focused on BSD/Linux and Open
       Source consultancy and support.  Whether your business already
       runs Linux/FreeBSD/NetBSD/OpenBSD or you are considering the
       introduction of Open Source technology, <a
 	href="http://www.unixconsulting.info/">Unix Consulting</a> can
       help you every step of the way.
     </description>
   </entry>
 
   <entry id="tc21" category="namerica">
     <name>Techno Centre Logiciels Libres (TC2L)</name>
     <url>http://www.tc2l.ca/</url>
     <description>
       TC2L is pioneers the IT industry by offering businesses and public
       institutions the first one-stop shop for services, open source
       software, and hardware to meet all IT needs.  Our approach is
       based on a unified network of technical and strategic high level
       partners for service throughout Quebec.  TC2L provides all the
       support you need for easy migration to FLOSS (including special
       attention to FreeBSD).  From planning and implementation to
       training and technical support, we provide comprehensive service.
       User support has always been TC2L's top priority.  As such, we
       have shared our expertise in FLOSS and computer problem solving
       abilities with the Government and large companies country-wide.
     </description>
   </entry>
 
   <entry id="flozer" category="europe">
     <name>Flozer</name>
     <url>http://www.flozer.com</url>
     <description>
       Spanish company focused on providing solutions and services based
       on FLOSS software and operating systems with FreeBSD, OpenBSD and
       GNU/Linux.  We offer customers and partners our solutions and
       services (consultance, development, migrations, virtualization,
       support). For more information contact us at <a
 	href="mailto:contacto@flozer.com">contacto@flazer.com</a> or
       visit our <a href="http://www.flozer.com">web site </a>.
     </description>
   </entry>
 
   <entry id="ironkeep" category="namerica">
     <name>Ironkeep Technologies L.L.C.</name>
     <url>http://www.ironkeep.net</url>
     <description>
       Ironkeep Technologies is a Traverse City based consulting firm,
       specializing in internet solutions, networks, vpns, software
       development, programming, web development, web design,
       application development, web hosting, consulting, and open
       source software including FreeBSD.
     </description>
   </entry>
 
   <entry id="nihonsoft" category="asia">
     <name>nihonsoft LLC.</name>
     <url>http://www.nihonsoft.com/</url>
     <description>
       We provide consulting in English and Japanese to help your
       business get started in Japan.  We especially like to help FOSS
       companies set up branches in Japan, and promote the use of FOSS
       systems such as Debian, Ubuntu, FreeBSD, OpenBSD and NetBSD
       throughout industries and schools in Japan.
     </description>
   </entry>
 
   <entry id="techneticsdatarecovery" category="australia">
     <name>Technetics Data Recovery</name>
     <url>http://www.techneticsdata.com.au/</url>
     <description>
       Technetics Data Recovery is one of the leading data recovery
       labs in Australia.  With many years of experience in the data recovery
       industry we are the experts you can rely on in the event of data loss.
     </description>
   </entry>
 
   <entry id="ethon" category="europe">
     <name>Ethon Technologies GmbH</name>
     <url>http://www.ethon.de</url>
     <description>
       Ethon Technologies GmbH -- located in Munich, Germany -- has a
       strong focus on BSD driven solutions.  We offer professional
       consulting services as well as BSD based telecommunication
       systems, ranging from basic PBX to telco solutions up to
       10.000.000 users. Feel free to contact us at
       <a href="mailto:info@ethon.de">info@ethon.de</a> or drop us a
       voicemail: +49.89.255456.0
     </description>
   </entry>
 
   <entry id="mosman" category="samerica">
     <name>Mosman Consultoria e Desenvolvimento</name>
     <url>http://www.mosman.com.br</url>
     <description>
       Mosman Consultoria e Desenvolvimento works at the development of
       a FreeBSD based ISP management solution called VirtexAdmin.
     </description>
   </entry>
 
   <entry id="ish" category="australia">
     <name>Ish Pty. Ltd.</name>
     <url>http://www.ish.com.au</url>
     <description>
       Ish provides IT management, network security, FreeBSD and MacOS X
       system administration services in Sydney, Australia.  We have
       designed and implemented BSD-based computer systems for a wide variety
       of commercial customers, and we're available to provide troubleshooting
       and advice for system administrators.  As a developer of web sites, our
       Java/WebObjects-based services are all hosted on FreeBSD servers.  Please
       call us for a chat on +612 9550 5001,
       <a href="mailto:info@ish.com.au">e-mail us</a> or
       <a href="http://www.ish.com.au/products/unix">visit our web site</a>.
     </description>
   </entry>
 
   <entry id="itinfusion" category="namerica">
     <name>IT Infusion Inc.</name>
     <url>http://www.itinfusion.ca</url>
     <description>
       IT Infusion Inc. is a consulting firm based in Calgary, Alberta that has
       been serving clients in the US and Canada since 1998.  We have expertise
       in FreeBSD, Linux, thin client implementations, Windows integration,
       Enterprise e-mail systems, PHP/MySQL web development, and the deployment
       of a wide range of Open Source software solutions.  For more information,
       please <a href="http://www.itinfusion.ca">visit our website</a> or drop
       us an e-mail at
       <a href="mailto:casey@itinfusion.ca">casey@itinfusion.ca</a>.
     </description>
   </entry>
 
   <entry id="zelites" category="europe">
     <name>Zelites</name>
     <url>http://www.zelites.org</url>
     <description>
       Zelites is a company based in Le Mans, France.  We offer many
       services: Support, installation, maintenance, administration,
       configuration of servers like firewall, VPN, IDS, web server, mail
       server, DNS or whatever you need.  Our services offerings include
       a high-level of security.  Our knowledge of *BSD (like FreeBSD,
       OpenBSD, NetBSD ..), Linux, MacOS and commercial Unix systems is
       wide and is your guaranty.  For more information, visit our
       <a href="http://www.zelites.org"
         title="Zelites, Prestataire FreeBSD">website</a>,
       <a href="mailto:info@zelites.org">mail us</a> or phone us at
       +33 (0) 2 43 46 94 24.
     </description>
   </entry>
 
   <entry id="hamburgnet" category="europe">
     <name>Hamburgnet</name>
     <url>http://www.hamburgnet.de</url>
     <description>
       Hamburgnet provides you with experience in FreeBSD and OpenBSD
       based projects.  From low-end webservers to high-end firewall
       and database clusters.  Storage, server, Unix, cluster &amp; consulting.
       You can visit our <a href="http://www.hamburgnet.de">website</a>,
       <a href="mailto:info@hamburgnet.de">mail us</a>, phone us at
       +49 (40) 73672322 or contact us via fax at +49 (40) 73672321.
     </description>
   </entry>
 
   <entry id="lifebiscuit" category="australia">
     <name>LifeBiscuit Technology</name>
     <url>http://lifebiscuit.com</url>
     <description>
       LifeBiscuit Technology is a Sydney based company providing technology
       consulting and outsourcing services for small businesses in
       Australia.  We provide support for open source environments:
       FreeBSD, Linux, OpenBSD and NetBSD.
     </description>
   </entry>
 
   <entry id="osbty" category="australia">
     <name>OsBTI Pty. Ltd.</name>
     <url>http://www.osbti.com.au</url>
     <description>
       One of our specialities is the support, administration and
       installation of FreeBSD in SME Server Environments.  Through our team of
       technicians, we provide support both onsite and remotely to both
       Australia and small select international clients.
     </description>
   </entry>
 
   <entry id="tecno21" category="samerica">
     <name>Tecno21 - Openservices</name>
     <url>http://www.tecno21.com.br/FreeBSD/</url>
     <description>
       We provide setup and support for FreeBSD, OpenBSD and Linux.  We have 10+
       years experience with open source softwares on corporate and SMB
       customers.  We offer custom applications (C/C++/Java/C#),
       network infrastructure design, security, audit and smartcard solutions.
       Contact us via <a href="mailto:suporte@tecno21.com.br">e-mail</a> or
       by phone at +55 (11) 3825-2472.
     </description>
   </entry>
 
   <entry id="cybersecure" category="australia">
     <name>CyberSecure Pty Ltd</name>
     <url>http://www.cybersecure.com.au/</url>
     <description>
       CyberSecure specialises in offsite data backup, managed firewalls and
       BSD consulting with an emphasis on quality and security.
     </description>
   </entry>
 
   <entry id="pate" category="namerica">
     <name>Pate Consulting, Inc.</name>
     <url>http://www.pateconsulting.com/</url>
     <description>
       We specialize in providing solid open source solutions for businesses
       using OpenBSD, FreeBSD, and Linux. 6 years in business. 12 years of
       experience - MCSE, CCNA, RHCE certifications - Also MySQL, PostgreSQL.
       VPNs, firewalls, wireless, DNS, squidGuard, mail - even training with
       FreeBSD.  You can contact us via <a
 	href="mailto:info@pateconsulting.com">e-mail</a>, call us at
       713.333.5468 or send us a fax at 713.333.5494.
     </description>
   </entry>
 
   <entry id="seciongmbh" category="europe">
     <name>secion GmbH</name>
     <url>http://www.secion.de/</url>
     <description>
       secion GmbH is an IT service and consulting company located
       in Hamburg, Germany.  With our long-term experience in *BSD,
       Linux and Unix, as well as in-depth Windows knowledge, we
       deliver commercial-grade services in designing, implementing
       and administering server, client and network infrastructures.
       Our skills includes database-, web- and network/communication
       programming in large IT and Telco environments.  One of our main
       work areas is also designing and setting up larger IPSec VPNs,
       security systems, firewall concepts and communication systems.
       For more information call us at +49-40-389071-0 or visit our
       <a href="http://www.secion.de/">web site</a>.
     </description>
   </entry>
 
   <entry id="recoverdata" category="australia">
     <name>Recover Data</name>
     <url>http://www.recoverdata.com.au</url>
     <description>
       Recover Data supports hard drive repair for data recovery.  With
       over 10 years experience, our data recovery services are second to
       none. Specialising in recovering data for data recovery companies
       and RAID configurations.
     </description>
   </entry>
 
   <entry id="webangel" category="europe">
     <name>Webangel</name>
     <url>http://www.webangel.ie/</url>
     <description>
       Webangel is a company working with open-source operating system
       and software from the beginning.
       We offer
       <a href="http://www.webangel.ie/consultancy">consultancy</a>,
       <a href="http://www.webangel.ie/linux">support</a>,
       <a href="http://www.webangel.ie/webapp/webapps">development</a>,
       <a href="http://www.webangel.ie/opensource/ostraining">training</a>
       and remote administration services.
       You can reach us by <a href="mailto:office@webangel.ie">email</a>
       or phone: +353&nbsp;85&nbsp;157&nbsp;04&nbsp;61.
       We are based in Rathcoole, Co. Dublin Ireland.
     </description>
   </entry>
 
   <entry id="remsys" category="asia">
     <name>REMSYS</name>
     <url>http://www.remsys.net</url>
     <description>
       <a href="http://www.remsys.net">REMSYS</a>, based in Chisinau,
       Moldova, provides and specializes in support and consulting for
       FreeBSD, BSDi, Linux and other Unix variants.  We are dedicated
       to offering solutions for desktop and server environments.  We
       can help installing, configuring, system administration (Exim,
       SMTP, Database, Webhosting, DNS, Apache Webstats etc.)  Our
       experience covers the most important branches of current IT
       industry, from routine of server management, security audits and
       updates, to high performance computing, mitigating attacks and
       recovering data from crashed file systems.  We offer you up to
       date solutions for remote systems management, keeping your
       network equipment up and operational 24 hours a day.  For more
       information please visit our
       <a href="http://www.remsys.net">web site</a> or contact us at
       <a href="mailto:info@remsys.net">info@remsys.net</a> or call us
       at +373 22 23-20-70, +373 79-40-63-09.
     </description>
   </entry>
 
   <entry id="collinssystems" category="namerica">
     <name>Collins Systems Solutions Inc.</name>
     <url>http://www.csystems.ca</url>
     <description>
       Collins Systems Solutions Inc. is a Toronto, Ontario Canada
       based consulting firm specializing in the design, implementation,
       and support of all things UNIX including Solaris, FreeBSD,
       OpenBSD, all major Linux distributions, and Microsoft Windows
       operating environments.  Collins Systems has specialized skills
       in system administration, security, network design, system
       integration, network/server/application management and service
       monitoring.  Remote administration is the key to providing our
       customers all over the world with the most efficient and effective
       service. For more information, email us at
       <a href="mailto:info@csystems.ca">info@csystems.ca</a>.
     </description>
   </entry>
 
   <entry id="firmbit" category="namerica">
     <name>FirmbIT</name>
     <url>http://www.firmbit.com/index.php</url>
     <description>
       FirmbIT is a high quality server management and security company
       providing friendly reliable support specializing in high security
       installations and scalable solutions with support for FreeBSD,
       OpenBSD, NetBSD, Redhat, Fedora, CentOS, Debian, Slackware, Gentoo,
       SuSe, Mandrake and Sun Solaris servers.
     </description>
   </entry>
 
   <entry id="networkadvantage" category="namerica">
     <name>Network Advantage LLC</name>
     <url>http://net-vantage.com/</url>
     <description>
       We strive to bring the same technology advantages enjoyed by large
       organizations to small and medium-sized businesses, schools, and
       non-profits, at a realistic and practical cost.  FreeBSD running SAMBA,
       Apache, MySQL, PHP, sql-ledger, KDE, and many other applications is often
       the central ingredient of this solution.  Please email <a
 	href="mailto:roy@net-vantage.com">us</a> for free initial consultation.
     </description>
   </entry>
 
   <entry id="nullcube" category="australia">
     <name>Nullcube Pty Ltd</name>
     <url>http://www.nullcube.com.au/</url>
     <description>
       Nullcube provides services to organisations with exceptional
       security needs.  We use FreeBSD, OpenBSD and Linux to develop and
       support network architectures for security-sensitive environments,
       including firewalls, VPNs, proxies, and IDS / IPS solutions.  We
       also provide IT security auditing, penetration testing, risk
       management, and incident response services.
       Call +61&nbsp;1300&nbsp;767&nbsp;007 or send an email to <a
       href="mailto:info@nullcube.com">info@nullcube.com</a> for free
       initial consultation.
     </description>
   </entry>
 
   <entry id="esystems" category="europe">
     <name>E-Systems</name>
     <url>http://www.e-systems.pl/</url>
     <description>
       We provide open source solutions for the small companies in Wroclaw,
       Poland.  We are specialized in servers (*BSD, Linux).
     </description>
   </entry>
 
   <entry id="giganetworking" category="namerica">
     <name>Giganetworking</name>
     <url>http://www.giganetworking.com</url>
     <description>
       Consulting in the areas of Internet security and data defense
       mainly with open source software. Particular knowledge of
       firewalls, internet applications, Mail, Proxy Servers, IDS and
       network administration.  Have developed a range of
       routers/appliances based on Linux/BSD.  For more questions please
       visit our <a href="http://www.giganetworking.com">web site</a>.
     </description>
   </entry>
 
   <entry id="eden-fx" category="asia">
     <name>EDEN-FX</name>
     <url>http://www.eden-fx.com</url>
     <description>
       EDEN-FX is a company which develops high class technology.  Founded
       in 1999, we are working with a team of highly qualified professionals
       specializing in hard and software engineering.  We have broad
       experience with the FreeBSD operating system.  EDEN-FX solutions
       manufactures firewalls, wireless engineering and develops network
       technologies.
     </description>
   </entry>
 
   <entry id="zero-penalty" category="namerica">
     <name>Zero Penalty</name>
     <url>http://zeropenalty.com/</url>
     <description>
       Located in the city of Toronto Canada, Zero Penalty is well positioned
       to service clients within Canada and abroad who require Technology
       Consulting services.  Though focused on technology infrastructure
       services, Zero Penalty offers a variety of products and services that
       include Telephony Services including VOIP Deployment and Management,
       Network Design, Build and Management, System Support, including Desktop
       Support, Hosting and Colocation.<br/>
       Offshore Services is one of our core strengths, including Infrastructure
       Management, Monitoring and Deployment.  Businesses that require offshore
       hosting and services will benefit from our expertise in working with
       international telecom providers, and our understanding of the
       international IT landscape.<br/>
       At Zero Penalty, we strive to make our clients comfortable with the
       choices they make, provide value, and quality products and services.
       Contact us today to start a relationship that will help your business
       strive in its IT requirements.
     </description>
   </entry>
 
   <entry id="osc" category="europe">
     <name>OSC Services</name>
     <url>http://www.orsec.fr/</url>
     <description>
       We proivde technical support and expertise, around opensource software
       technologies, security and network solutions.
     </description>
   </entry>
 
   <entry id="osre" category="namerica">
     <name>Open Software Research and Education (OSRE)</name>
     <url>http://www.osre.org/</url>
     <description>
       Open Software Research and Education (OSRE) is a comprehensive entity
       providing open infrastructure design, development, deployment,
       maintenance and training.  We have extensive experience with FreeBSD
       and most other open source operating systems.  We are located in
       Longview, Texas and provide both on-site and remote support at
       affordable rates.  Please visit our <a
       href="http://www.osre.org">website</a> for more information or call us
       toll-free at 1.866.235.1288.
     </description>
   </entry>
 
   <entry id="oullet" category="namerica">
     <name>Ouellet Consulting Inc.</name>
     <url>http://sirius.danosoft.com/oci/index.html</url>
     <description>
       OCI specialize in systems/networks design, implementation and security
       solutions, including solutions meeting HIPPA requirements.  We spec out,
       configure and support firewalls, proxy-arrays, servers, switches, mail
       systems, web servers, databases, etc.  We are familiar with and support
       most Windows and Unix/Linux systems including FreeBSD.  We offer remote
       administration services worldwide, on all supported platforms.  We plan
       and assist with Active Directory migrations.  For more information
       please contact us via <a href="mailto:info@danosoft.com">e-mail</a> or
       call us +1-850-510-6162.  Please see <a
 	href="http://sirius.danosoft.com/oci/index.html">our website</a> for
       complete details on what we offer.
     </description>
   </entry>
 
   <entry id="wetinet" category="europe">
     <name>WeTi.NeT</name>
     <url>http://www.weti.net</url>
     <description>
       WeTi.NeT - Limberger HandelsgesmbH is a full service Consultant
       and Supplier for pre-installed FreeBSD Servers.  We ship Firewalls,
       Internet Gateways, Mail Systems with virus protection, realtime
       http scanner, File and Print Servers.  Network planning and
       implementation of WANS with IPSEC tunneling, Samba and Hylafax
       installations.  Founded in 1977 with Unix and Novell experience
       since more than 30 years. We are based in Bad Goisern and Salzburg,
       Austria and have customer references throughout Austria, Switzerland,
       the Netherlands and Germany ranging from 5 to 60000 Users. We are
       also shipping pre-installed Asterisk Telephone Systems and have best
       the references with it.
     </description>
   </entry>
 
   <entry id="handtake" category="europe">
     <name>HANDTAKE GmbH</name>
     <url>http://www.handtake.de</url>
     <description>
       HANDTAKE GmbH is a service provider for Open Source solutions
       based in Munich. We provide a full range of services (consulting
       services, system administration, support, programming) for Linux,
       *BSD and other Open Source software.  For further information
       please contact
       <a href="mailto:freebsd@handtake.de">freebsd@handtake.de</a> or
       visit our website <a href="http://www.handtake.de">www.handtake.de</a>
     </description>
   </entry>
 
   <entry id="mivitec" category="europe">
     <name>MIVITEC GmbH Niederlassung Muenchen</name>
     <url>http://www.mivitec.de</url>
     <description>
       "MIVITEC GmbH Niederlassung Muenchen" is a provides full redundant
       hosting infrastructure in 3 datacenters in Munich.  For our client
       we provide IT management, network security, Linux, BSD and MacOS X
       system administration services.  We have big experience of
       implementing high availability services, cluster systems and
       hosting infrastructures.  These services are provided for clients
       in our datacenters as well as in your company's datacenter, even
       in other cities in Germany and Austria.  For more information
       please call us at +49 89 420797870, send us an email:
       <a href="mailto:freebsd@mivitec.de">freebsd@mivitec.de</a> or
       visit our website <a href="http://www.mivitec.de">www.mivitec.de</a>.
       You are also invited to visit us in Munich, so that we can
       discuss your FreeBSD based projects.
     </description>
   </entry>
 
   <entry id="corbesero" category="namerica">
     <name>Stephen Corbesero</name>
     <url>mailto:corbesero@fast.net</url>
     <description>
       Stephen Corbesero has over 20 years of software and hardware computing
       experience in various flavors of Unix (FreeBSD since 2.2, SunOS, Solaris,
       ...), C and C++, Perl, databases, networking, etc.  He can provide system
       and network configuration and administration, some custom programming in
       the above languages, troubleshooting and repair.  He is located in
       Eastern Pennsylvania.  Please email <a
 	href="mailto:corbesero@fast.net">him</a> for more information.
     </description>
   </entry>
 
   <entry id="hahnefeld" category="europe">
     <name>bj&ouml;rn hahnefeld IT</name>
     <url>http://www.hahnefeld.de</url>
     <description>
       We are a company for Software-Engineering and a Hosting- and
       Server-Solutions provider (Web-, Application-, Database-servers)
       for Germany, Austria and Switzerland.  We are experienced in the
       installation and administration of BSD and Linux systems.  Our
       software experience is with PHP, Perl and SQL and we speak English
       and German. We are located in Regensburg, Germany.  Please email
       <a href="mailto:info@hahnefeld.de">info@hahnefeld.de</a> for more
       information.
     </description>
   </entry>
 
   <entry id="paxym" category="namerica">
     <name>Paxym</name>
     <url>http://www.paxym.com</url>
     <description>
       Paxym's Highly Skilled team provides software development and
       consulting services in the areas of Kernels, Bootloaders for new
       CPUs &amp; Boards, Network Security Applications, Storage
       Appliances and Performance tuning of embedded SW and
       Network/Storage/Security Applications.  Paxym provides FreeBSD
       SMP for OCTEON (Multicore Mips64 CPU from Cavium Networks).  The
       port is extensively tested with OpenPosix, Apache WebBench,
       UnixBench, MySQL Sysbench, OHCP, Netperf, FreeNAS for stability
       and functional completeness.  Stable port based on FreeBSD 7.0 is
       targeted for Network, Security and Storage Applications.  Multiple
       cores, from 1-16 can be used in SMP mode.  Supports Dynamic &amp;
       Static Linking models, o32, n64 &amp; n32 ABI.  Root filesystem
       can be embedded in kernel memory or put on Compact-Flash/NFS.
       libthr for POSIX pthreads.  Paxym's team has had extensive
       experience with Multi-core Mips (Octeon), PPC and x86 CPUs.
       Working on these from Rom-Monitors, boot-loaders, Operating
       Systems, Network Stacks, Storage protocols, Device Drivers,
       Security Algorithms and Embedded Applications.  Paxym has been
       working closely on FreeBSD, Linux and proprietary OS environments.
       For more information, visit
       <a href="http://www.paxym.com">http://www.paxym.com/</a>
     </description>
   </entry>
 
   <entry id="pontosi" category="europe">
     <name>PontoSI</name>
     <url>http://www.pontosi.pt</url>
     <description>
       PontoSI is portuguese company based in Vila Nova de Gaia.  We are
       specialized in FreeBSD and OpenBSD solutions and services.
       Please visit our website at http://www.pontosi.pt or contact us
       via email geral@pontosi.pt
     </description>
   </entry>
 
   <entry id="mejojose" category="asia">
     <name>Mejo Jose</name>
     <url>http://www.kannayath.com</url>
     <description>
       Open source technology consultant based in Dubai, UAE.  More
       information on the website -
       <a href="http://www.kannayath.com">www.kannayath.com</a>
     </description>
   </entry>
 
   <entry id="interfuture" category="europe">
     <name>Interfuture Systems Ltd</name>
     <url>http://www.interfuture.co.uk</url>
     <description>
       Interfuture is an UK company offering a full range of UNIX
       consultancy, from desktop installation and support through to
       mission-critical server support and troubleshooting. One of our
       specialist areas and preferred operating systems is FreeBSD.
       Visit our website for more information:
       <a href="http://www.interfuture.co.uk/specialists/unix.php">http://www.interfuture.co.uk/specialists/unix.php</a>
       or call +44 203 002 2111.
     </description>
   </entry>
 
   <entry id="senseofsecurity" category="australia">
     <name>Sense of Security Pty Ltd</name>
     <url>http://www.senseofsecurity.com.au/</url>
     <description>
       Sense of Security is an Australian provider of Free BSD and Unix
       consulting services. We have a strong focus on building secure
       networks and systems, including firewalls, VPNs, web servers, etc.
       We are also experts at conducting security review, audit,
       penetration testing, and assessment services.
     </description>
   </entry>
 
   <entry id="opentech" category="europe">
     <name>Open Tech SmbA</name>
     <url>http://www.opentech.dk</url>
     <description>
       Open Tech SmbA is a Danish consultancy, that can help your business
       ensure and optimize production performance through a good practice
       of system and network administration of its information technology.
       Our office is located in Herlev, Copenhagen, Denmark.  We can be
       reached by phone at +45 43 62 22 88 and by electronic mail to
       <a href="mailto:opentech@opentech.dk">opentech@opentech.dk</a>.  Visit our
       website at <a href="http://www.opentech.dk">www.opentech.dk</a> and
       stay updated with announcements, technical procedures, system
       administration tasks, that we can do for you, contact details,
       business conditions and much more.  Open Tech SmbA is a legally
       approved and registered company in Denmark.
     </description>
   </entry>
 
   <entry id="jmbg" category="namerica">
     <name>The JMBG Network</name>
     <url>http://www.jmbg.net</url>
     <description>
       We believe in quality, reliable and innovative solutions &ndash;
       so naturally we love FreeBSD.  We are a Canadian electronic
       solutions provider servicing mainly South-Western Ontario.  We
       also provide some solutions to clients in Canada and the United
       States.  We offer a wide range of electronic solutions including
       consulting services and we most definitely support and recommend
       FreeBSD.
     </description>
   </entry>
 </entries>
Index: projects/entities/share/xml/navibar.ent
===================================================================
--- projects/entities/share/xml/navibar.ent	(revision 41353)
+++ projects/entities/share/xml/navibar.ent	(revision 41354)
@@ -1,216 +1,216 @@
 <!-- $FreeBSD$ -->
 
 <!ENTITY nav.about '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/about.html">About</a></li>
     <li><a href="&base;/features.html">Features</a></li>
     <li><a href="&base;/applications.html">Applications</a></li>
     <li><a href="&base;/internet.html">Internetworking</a></li>
     <li><a href="&base;/advocacy/">Advocacy</a></li>
     <li><a href="&base;/marketing/">Marketing</a></li>
     <li><a href="&base;/administration.html">Administration</a></li>
     <li><a href="&base;/news/newsflash.html">News</a></li>
     <li><a href="&base;/events/events.html">Events</a></li>
     <li><a href="&base;/news/press.html">Press</a></li>
     <li><a href="&base;/multimedia/multimedia.html">Multimedia</a></li>
     <li><a href="&base;/art.html">Artwork</a></li>
     <li><a href="&base;/logo.html">Logo</a></li>
     <li><a href="&base;/donations/">Donations</a></li>
     <li><a href="&base;/copyright/">Legal Notices</a></li>
     <li><a href="&base;/privacy.html">Privacy Policy</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.community '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/community.html">Community</a></li>
     <li><a href="&base;/community/mailinglists.html">Mailing Lists</a></li>
     <li><a href="http://forums.freebsd.org/">Forums</a></li>
     <li><a href="&base;/community/irc.html">IRC</a></li>
     <li><a href="&base;/community/newsgroups.html">Newsgroups</a></li>
     <li><a href="&base;/usergroups.html">User Groups</a></li>
     <li><a href="&base;/events/events.html">Events</a></li>
     <li><a href="&base;/community/webresources.html">Web Resources</a></li>
     <li><a href="&base;/community/social.html">Social Networks</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.developers '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/projects/index.html">Developers</a></li>
     <li><a href="&base;/doc/en_US.ISO8859-1/books/developers-handbook">Developer&#39;s Handbook</a></li>
     <li><a href="&base;/doc/en_US.ISO8859-1/books/porters-handbook">Porter&#39;s Handbook</a></li>
     <li><a href="&base;/developers/cvs.html">Source code repositories</a></li>
     <li><a href="&base;/releng/index.html">Release Engineering</a></li>
     <li><a href="&base;/platforms/">Platforms</a></li>
     <li><a href="http://wiki.freebsd.org/IdeasPage">Project Ideas</a></li>
     <li><a href="&base;/doc/en_US.ISO8859-1/articles/contributing/index.html">Contributing</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.docs '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/docs.html">Documentation</a></li>
     <li><a href="&base;/doc/en_US.ISO8859-1/books/faq/">FAQ</a></li>
     <li><a href="&base;/doc/en_US.ISO8859-1/books/handbook/">Handbook</a></li>
     <li><a href="&cgibase;/man.cgi">Manual Pages</a></li>
     <li><a href="&base;/docs/books.html">Books and Articles Online</a></li>
     <li><a href="&base;/publish.html">Publications</a></li>
     <li><a href="&base;/docs/webresources.html">Web Resources</a></li>
     <li><a href="&base;/projects/newbies.html">For Newbies</a></li>
     <li><a href="&base;/docproj/">Documentation Project</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <![ %beta.testing; [
 <!ENTITY beta.listitem '
   <li xmlns="http://www.w3.org/1999/xhtml">Upcoming Release:<br /><a href="&enbase;/&u.betarel.schedule;">&betarel.current;</a></li>
 '>
 ]]>
 <!ENTITY beta.listitem ''>
 
 <![ %beta2.testing; [
 <!ENTITY beta2.listitem '
   <li xmlns="http://www.w3.org/1999/xhtml">Upcoming Release:<br /><a href="&u.betarel2.schedule;">&betarel2.current;</a></li>
 '>
 ]]>
 <!ENTITY beta2.listitem ''>
 
 <!ENTITY nav.download '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
   <ul>
     <li><a href="&base;/where.html">Get FreeBSD</a></li>
     <li><a href="&base;/releases/">Release Information</a>
       <ul>
 	<li>Production Release: <br />
-	  <a href="&u.rel.announce;">&rel.current;</a> <a href="&u.rel2.announce;">&rel2.current;</a></li>
+	  <a href="&u.rel.announce;">&rel.current;</a></li>
         <li>Production (Legacy) Release:<br />
-	  <a href="&u.rel3.announce;">&rel3.current;</a></li>
+	  <a href="&u.rel2.announce;">&rel2.current;</a></li>
 <!--        <li><a href="&base;/snapshots/">Snapshot Releases</a></li>-->
 	&beta.listitem;
 	&beta2.listitem;
       </ul></li>
     <li><a href="&base;/ports/">Ported Applications</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.gnome '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/gnome/index.html">FreeBSD/GNOME</a>
       <ul>
         <li><a href="&base;/gnome/docs/faq2.html#q1">Installation Instructions</a></li>
         <li><a href="&base;/gnome/docs/faq232.html#q2">Upgrade Instructions</a></li>
         <li><a href="&base;/gnome/../ports/gnome.html">Available Applications</a></li>
         <li><a href="&base;/gnome/docs/volunteer.html">How to Help</a></li>
         <li><a href="&base;/gnome/docs/bugging.html">Reporting a Bug</a></li>
         <li><a href="&base;/gnome/screenshots.html">Screenshots</a></li>
         <li><a href="&base;/gnome/contact.html">Contact Us</a></li>
       </ul></li>
     <li><a href="&base;/gnome/index.html">Documentation</a>
       <ul>
         <li><a href="&base;/gnome/docs/faq2.html">FAQ</a></li>
 	<li><a href="&base;/gnome/docs/halfaq.html">HAL FAQ</a></li>
         <li><a href="&base;/gnome/docs/faq232.html">2.30 to 2.32 Upgrade FAQ</a></li>
         <li><a href="&base;/gnome/docs/develfaq.html">Development Branch FAQ</a></li>
         <li><a href="&base;/gnome/docs/porting.html">Creating Ports</a></li>
         <li><a href="&base;/gnome/docs/faq232.html#q4">Known Issues</a></li>
       </ul></li>
     </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.ports '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
   <ul>
     <li><a href="&base;/ports/index.html">About ports</a></li>
     <li><a href="&base;/ports/installing.html">Installing</a></li>
     <li><a href="&base;/ports/updating.html">Updating</a></li>
     <li><a href="&base;/ports/searching.html">Searching</a></li>
     <li>&nbsp;&nbsp;&nbsp;Categories
       <ul>
         <li><a href="&base;/ports/categories-alpha.html">listed alphabetically</a></li>
         <li><a href="&base;/ports/categories-grouped.html">listed by logical group</a></li>
       </ul></li>
     <li><a href="&base;/ports/master-index.html">List of All Ports</a></li>
     <li><a href="&base;/ports/references.html">For More Information</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!ENTITY nav.support '
 <div xmlns="http://www.w3.org/1999/xhtml" id="sidenav">
   <h2 class="blockhide">Section Navigation</h2>
 
   <ul>
     <li><a href="&base;/support.html">Support</a></li>
     <li><a href="&base;/commercial/">Vendors</a>
     <ul>
       <li><a href="&base;/commercial/software_bycat.html">Software</a></li>
       <li><a href="&base;/commercial/hardware.html">Hardware</a></li>
       <li><a href="&base;/commercial/consult_bycat.html">Consulting</a></li>
       <li><a href="&base;/commercial/isp.html">Internet Service Providers</a></li>
       <li><a href="&base;/commercial/misc.html">Miscellaneous</a></li>
     </ul></li>
     <li><a href="&base;/security/index.html">Security Information</a>
     <ul>
       <li><a href="&base;/security/advisories.html">Advisories</a></li>
       <li><a href="&base;/security/notices.html">Errata Notices</a></li>
     </ul></li>
     <li><a href="&base;/support/bugreports.html">Bug Reports</a>
       <ul>
         <li><a href="&base;/send-pr.html">Submit a Problem Report</a></li>
       </ul></li>
     <li><a href="&base;/support/webresources.html">Web Resources</a></li>
   </ul>
 </div> <!-- SIDENAV -->'>
 
 <!--
 <!ENTITY % navinclude.about "IGNORE">
 <![%navinclude.about;[
 <!ENTITY nav '&nav.about;'>
 ]]>
 <!ENTITY % navinclude.community "IGNORE">
 <![%navinclude.community;[
 <!ENTITY nav '&nav.community;'>
 ]]>
 <!ENTITY % navinclude.developers "IGNORE">
 <![%navinclude.developers;[
 <!ENTITY nav '&nav.developers;'>
 ]]>
 <!ENTITY % navinclude.docs "IGNORE">
 <![%navinclude.docs;[
 <!ENTITY nav '&nav.docs;'>
 ]]>
 <!ENTITY % navinclude.download "IGNORE">
 <![%navinclude.download;[
 <!ENTITY nav '&nav.download;'>
 ]>
 <!ENTITY % navinclude.gnome "IGNORE">
 <![%navinclude.gnome;[
 <!ENTITY nav '&nav.gnome;'>
 ]]>
 <!ENTITY % navinclude.ports "IGNORE">
 <![%navinclude.ports;[
 <!ENTITY nav '&nav.ports;'>
 ]]>
 <!ENTITY % navinclude.support "IGNORE">
 <![%navinclude.support;[
 <!ENTITY nav '&nav.support;'>
 ]]>
 -->
 <!ENTITY nav ''>
Index: projects/entities/share/xml/news.xml
===================================================================
--- projects/entities/share/xml/news.xml	(revision 41353)
+++ projects/entities/share/xml/news.xml	(revision 41354)
@@ -1,2173 +1,2262 @@
 <?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE news PUBLIC "-//FreeBSD//DTD FreeBSD XML Database for News//EN"
                       "http://www.FreeBSD.org/XML/www/share/xml/news.dtd">
 
 <!-- Simple schema for FreeBSD Project news.
 
      Divide time in to <year>, <month>, and <day> elements, each of which
      has a <name>.
 
      each <day> element contains one or more <event> elements.
 
      Each <event> contains an optional <title>, and then a <p>.  <p> elements
      can contain <a> anchors.
 
      Use the <title> element if the <p> content is lengthy.  When generating
      synopses of this information (e.g., for syndication using RDF files),
      the contents of <title> will be preferred over <p>.
 
      *** Former Summer of Code Students: Please note that you are an
          SoC alumnus when you add your new committer announcement.
          Also, don't feel shy to add more information about what you
          would like to work on.  ***
 -->
 
 <news>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
     <name>2013</name>
 
     <month>
+      <name>3</name>
+
+      <day>
+	<name>27</name>
+
+	<event>
+	  <p>Enhanced commit privileges:
+	    <a href="mailto:tijl@FreeBSD.org">Tijl Coosemans</a>
+	    (src, ports)</p>
+	</event>
+      </day>
+
+      <day>
+	<name>22</name>
+
+	<event>
+	  <title>&os;&nbsp;8.4-BETA1 Available</title>
+
+	  <p>The first BETA build for the &os;-8.4 release cycle is
+	    now available.  ISO images for the amd64, i386 and pc98
+	    architectures are <a
+	      href="&lists.stable;/2013-March/072913.html">available</a>
+	    on most of our <a
+	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
+	    mirror sites</a>.</p>
+	</event>
+      </day>
+
+      <day>
+	<name>14</name>
+
+	<event>
+	  <title>New &os; Foundation Technical Staff Member: Konstantin
+	    Belousov</title>
+
+	  <p>The &os;&nbsp;Foundation is pleased to announce that
+	    Konstantin Belousov has been hired as its first full-time
+	    member of technical staff, a key milestone of the
+	    Foundation's investment in staff for 2013.</p>
+
+	  <p><a
+	    href="http://freebsdfoundation.blogspot.com/2013/03/foundation-announces-new-technical.html">Read
+	    more...</a></p>
+	</event>
+      </day>
+
+      <day>
+	<name>12</name>
+
+	<event>
+	  <p>New member for the Ports Management team:
+	    <a href="mailto:bdrewery@FreeBSD.org">Bryan Drewery</a></p>
+	</event>
+      </day>
+
+      <day>
+	<name>3</name>
+
+	<event>
+	  <title>October-December 2012 Status Report</title>
+	    <p>The October to December 2012 Status Report is <a
+		href="&enbase;/news/status/report-2012-10-2012-12.html">now
+		available</a> with 27 entries.</p>
+	</event>
+	<event>
+	  <title>July-September 2012 Status Report</title>
+	    <p>The July to September 2012 Status Report is <a
+		href="&enbase;/news/status/report-2012-07-2012-09.html">now
+		available</a> with 12 entries.</p>
+	</event>
+      </day>
+    </month>
+ 
+    <month>
       <name>2</name>
 
       <day>
 	<name>10</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:pclin@FreeBSD.org">Po-Chien Lin</a> (ports)</p>
 	</event>
       </day>
+
+      <day>
+	<name>1</name>
+
+	<event>
+	  <p>New committer:
+	    <a href="mailto:tmseck@FreeBSD.org">Thomas-Martin Seck</a> (ports)</p>
+	</event>
+      </day>
+
     </month>
 
     <month>
       <name>1</name>
                       
       <day>
 	<name>23</name>
         <event>
           <p>New committer:
             <a href="mailto:achim@FreeBSD.org">Achim Leubner</a> (src)</p>
         </event>
       </day>
 
 
       <day>
         <name>22</name>
         <event>
           <p>New committer:
             <a href="mailto:dru@FreeBSD.org">Dru Lavigne</a> (doc)</p>
         </event>
       </day>
 
 
       <day>
 	<name>16</name>
         <event>
           <p>New committer:
             <a href="mailto:carl@FreeBSD.org">Carl Delsey</a> (src)</p>
         </event>
       </day>
 
 
       <day>
 	<name>15</name>
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:rene@FreeBSD.org">Ren&eacute; Ladan</a> (ports,
 	      full doc/www)</p>
 	</event>
       </day>
 
       <day>
         <name>14</name>
         <event>
           <p>New committer:
             <a href="mailto:dbn@FreeBSD.org">David Naylor</a> (ports)</p>
         </event>
       </day>
 
       <day>
 	<name>13</name>
 	<event>
 	  <title>April-June, 2012 Status Report</title>
 
 	  <p>The April-June, 2012 Status Report is <a
 	      href="&enbase;/news/status/report-2012-04-2012-06.html">now
 	      available</a> with 17 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>10</name>
 	<event>
 	  <title>Ports CVS End of Life on February 28th 2013</title>
 
 	  <p>The development of &os; ports is done in Subversion
 	    nowadays.  By February 28th 2013, the &os; ports tree will
 	    no longer be exported to CVS.  Therefore ports tree updates
 	    via CVS, CVSup or csup(1) will no longer be available after
 	    that date.  All users who use CVS, CVSup or csup(1) to
 	    update the ports tree are encouraged to switch to
 	    portsnap(8) or for users which need more control over their
 	    ports collection checkout, use Subversion directly.  More
 	    information are available in the announcement mail on the <a
 	      href="&lists.ports-announce;/2012-September/000026.html">&os;&nbsp;ports announce mailing list</a>.</p>
 
 	  <p>A migration guide from CVSup or csup(1) to portsnap(8) is
 	    also available in <a
 	      href="&url.doc.base-en;/books/handbook/ports-using.html#cvsup-migration">the &os; Handbook</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>8</name>
 
 	<event>
 	  <title>Faces of &os; &dash; Thomas Abthorpe</title>
 
 	  <p>We are excited to share our next story for our Faces of
 	    &os; Series.  This is a chance for us to spotlight
 	    different people who contribute to &os; and have received
 	    funding from us to work on development projects, run
 	    conferences, travel to conferences, and advocate for
 	    &os;.</p>
 
 	  <p>Let us introduce you to Thomas Abthorpe.  We helped him
 	    attend BSDCan 2009, 2011, and 2012 by helping with his
 	    travel expenses.  Read his story <a
 	      href="http://freebsdfoundation.blogspot.com/2013/01/faces-of-freebsd-thomas-abthorpe.html">here.</a></p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:ian@FreeBSD.org">Ian Lepore</a> (src)</p>
 	</event>
       </day>
     </month>
   </year>
 
   <year>
     <name>2012</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>31</name>
 
 	<event>
 	  <title>&os; 9.1-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/9.1R/announce.html">FreeBSD
 	      9.1-RELEASE</a> is now available.  Please be sure to
 	      check the <a
 	      href="&enbase;/releases/9.1R/relnotes.html">Release
 	      Notes</a> (<a
 	      href="&enbase;/releases/9.1R/relnotes-detailed.html">detailed
 	      version</a>) and <a
 	      href="&enbase;/releases/9.1R/errata.html">Release
 	      Errata</a> before installation for any late-breaking
 	      news and/or issues with 9.1.  More information about
 	      FreeBSD releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
       </day>
 
       <day>
         <name>24</name>
         <event>
           <p>New committer:
             <a href="mailto:koobs@FreeBSD.org">Kubilay Kocak</a> (ports)</p>
         </event>
       </day>
 
       <day>
 	<name>20</name>
 
 	<event>
 	  <title>The &os;&nbsp;Foundation End-of-Year Newsletter is
 	    Now Available.</title>
 
 	  <p>We are pleased to announce the publication of The
 	    &os;&nbsp;Foundation's 2012 <a
 	      href="http://www.freebsdfoundation.org/press/2012Dec-newsletter.shtml">End-of-Year Newsletter.</a></p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:markj@FreeBSD.org">Mark Johnston</a> (src)</p>
 	</event>
 
 	<event>
 	  <title>PC-BSD&nbsp;9.1 is Released</title>
 
 	  <p>The PC-BSD Team <a
 	      href="http://blog.pcbsd.org/2012/12/pc-bsd-9-1-now-available/">announces</a>
 	    the availablilty of PC-BSD&nbsp;9.1.</p>
+	</event>
+
+	<event>
+	  <p>New committer:
+	    <a href="mailto:smh@FreeBSD.org">Steven Hartland</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 
 	<event>
 	  <title>Faces of &os; &dash; Dan Langille</title>
 
 	  <p>We are excited to share our next story for our Faces of
 	    &os; Series.  This is a chance for us to spotlight
 	    different people who contribute to &os; and have received
 	    funding from us to work on development projects, run
 	    conferences, travel to conferences, and advocate for
 	    &os;.</p>
 
 	  <p>Let us introduce you to Dan Langille.  We helped him by
 	    sponsoring BSDCan since 2006.  Read his story <a
 	      href="http://freebsdfoundation.blogspot.com/2012/12/faces-of-freebsd-dan-langille_17.html">here.</a></p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <title>Stunning News Website Fundraising
 	    Contribution:&nbsp;Over
 	    650 new donations raise $43,200 in three days!</title>
 
 	  <p>Astute readers of our blog know that The
 	    &os;&nbsp;Foundation's annual year-end fundraising  drive
 	    began last week.  Every year over 50% of our donations
 	    arrive during this campaign.  <a
 		href="http://freebsdfoundation.blogspot.com/2012/12/stunning-news-website-fundraising.html">Read more...</a></p>
 	</event>
       </day>
 
       <day>
 	<name>10</name>
 
 	<event>
 	  <title>Faces of &os; &dash; Alberto Mijares</title>
 
 	  <p>Are you aware of the tangible benefits derived from our
 	    support of the &os; community?  In conjunction with our
 	    year-end fundraising drive we are going to be spotlighting
 	    different people on our website, blog, and Facebook page
 	    who have received funding to work on development projects,
 	    run conferences, travel to conferences, and advocate for
 	    &os;.  <a
 	      href="http://freebsdfoundation.blogspot.com/2012/12/faces-of-freebsd-alberto-mijares.html">Read more...</a></p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 
 	<event>
 	  <title>&os; Year-End Fundraising Campaign</title>
 
 	  <p>Your donations have helped make &os; the best OS
 	    available!  By investing in The &os;&nbsp;Foundation you
 	    have helped us keep &os; a high-performance, secure, and
 	    stable operating system.</p>
 
 	  <p>Thanks to people like you, the &os;&nbsp;Foundation has
 	    been proudly supporting the &os;&nbsp;Project and
 	    community for 12 years now.  <a
 	      href="http://freebsdfoundation.blogspot.com/2012/12/year-end-fundraising-campaign.html">Read
 	      more...</a></p>
 	</event>
 
 	<event>
 	  <title>&os;&nbsp;Project Website is Using Google
 	    Analytics</title>
 
 	  <p>The &os;&nbsp;Project has enabled Google Analytics to
 	    collect anonymised statistics on web site use.  More
 	    information can be found in the official <a
 	      href="&lists.announce;/2012-December/001441.html">announcement</a>.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>26</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:syuu@FreeBSD.org">Takuya ASADA</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>25</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:bar@FreeBSD.org">Barbara Guida</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 
 	<event>
 	  <title>Security Incident on FreeBSD Infrastructure</title>
 
 	  <p>On Sunday 11th of November, an intrusion was detected on
 	    two machines within the FreeBSD.org cluster. We have found
 	    no evidence of any modifications that would put any end user
 	    at risk. However, we do urge all users to read the report
 	    available at <a href="/news/2012-compromise.html">
 	      http://www.freebsd.org/news/2012-compromise.html</a> and
 	    decide on any required actions themselves.</p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:bryanv@FreeBSD.org">Bryan Venteicher</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>4</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:gblach@FreeBSD.org">Grzegorz Blach</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 
 	<event>
 	  <title>&os;&nbsp;9.1-RC3 Available</title>
 
 	  <p>The third RC build for the &os;-9.1 release cycle is
 	    now available.  ISO images for the amd64, i386, sparc64, and
 	    powerpc64 architectures are <a
 	      href="&lists.stable;/2012-November/070401.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>24</name>
 
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:erwin@FreeBSD.org">Erwin Lansing</a>
 	    (src, ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>23</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:sjg@FreeBSD.org">Simon J. Gerraty</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>20</name>
 
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:eadler@FreeBSD.org">Eitan Adler</a>
 	    (src, ports, doc)</p>
 	</event>
       </day>
 
       <day>
 	<name>19</name>
 	<event>
 	  <p>New member for the Ports Management team:
 	    <a href="mailto:decke@FreeBSD.org">Bernhard Fr&ouml;hlich</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>10</name>
 	<event>
 	  <title>&os;&nbsp;9.1-RC2 Available</title>
 
 	  <p>The second RC build for the &os;-9.1 release cycle is
 	    now available.  ISO images for the amd64, i386, ia64,
 	    powerpc, and powerpc64 architectures are <a
 	      href="&lists.stable;/2012-October/069998.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>15</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:peterj@FreeBSD.org">Peter Jeremy</a> (src)</p>
 	</event>
       </day>
 
       <day>
         <name>13</name>
 
         <event>
           <p>New committer:
             <a href="mailto:ebrandi@FreeBSD.org">Edson Brandi</a> (doc/pt_BR, www/pt_BR)</p>
         </event>
       </day>
 
       <day>
 	<name>10</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:jhale@FreeBSD.org">Jason E. Hale</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>23</name>
 	<event>
 	  <title>&os;&nbsp;9.1-RC1 Available</title>
 
 	  <p>The first RC build for the &os;-9.1 release cycle is
 	    now available.  ISO images for the amd64, i386 and powerpc64
 	    architectures are <a
 	      href="&lists.stable;/2012-August/069233.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>21</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:zont@FreeBSD.org">Andrey Zonov</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>1</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:bdrewery@FreeBSD.org">Bryan Drewery</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>24</name>
 
 	<event>
 	  <title>New Core Team Secretary: <a
 	    href="mailto:pgj@FreeBSD.org">G&aacute;bor P&aacute;li</a></title>
 
 	  <p>The &os; Core Team is glad to announce that <a
 	    href="mailto:pgj@FreeBSD.org">G&aacute;bor P&aacute;li</a> has
 	    assumed the role of <a href="mailto:core-secretary@FreeBSD.org">Core
 	    Team Secretary</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>16</name>
 
 	<event>
 	  <title>&os; 9.1-BETA1 Available</title>
 
 	  <p>The first BETA build for the &os;-9.1 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2012-July/068830.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>11</name>
 
 	<event>
 	  <title>New &os; Core Team elected</title>
 
 	  <p>The &os; Project is pleased to announce the completion of
 	    the 2012 Core Team election.  The &os; Core Team acts as the
 	    project's "board of directors" and is responsible for
 	    approving new src committers, resolving disputes between
 	    developers, appointing sub-committees for specific purposes
 	    (security officer, release engineering, port managers,
 	    webmaster, etc ...), and making any other administrative
 	    or policy decisions as needed.  The Core Team has been
 	    elected by &os; developers every two years since 2000.</p>
 
 	  <p>More information about the election (together with a list
 	    of the new members of the Core Team) can be found in the
 	    official <a
 	      href="http://docs.FreeBSD.org/cgi/mid.cgi?1342030291.6001.80.camel">announcement</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:zeising@FreeBSD.org">Niclas Zeising</a>
 	    (doc/www, ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>6</name>
       <day>
 	<name>19</name>
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:gjb@FreeBSD.org">Glen Barber</a>
 	    (doc, ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>4</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:mjg@FreeBSD.org">Mateusz Guzik</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>5</name>
       <day>
 	<name>30</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:jase@FreeBSD.org">Jase Thew</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>29</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:olivierd@FreeBSD.org">Olivier Duchateau</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>28</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:tj@FreeBSD.org">Tom Judge</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <title>January-March, 2012 Status Report</title>
 
 	  <p>The January-March, 2012 Status Report is <a
 	      href="&enbase;/news/status/report-2012-01-2012-03.html">now
 	      available</a> with 27 entries.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>4</name>
       <day>
 	<name>26</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:issyl0@FreeBSD.org">Isabell Long</a> (doc/www)</p>
 	</event>
       </day>
 
       <day>
 	<name>22</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:jlh@FreeBSD.org">Jeremie Le Hen</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 
 	<event>
 	  <title>&os; 8.3-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/8.3R/announce.html">FreeBSD
 	      8.3-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/8.3R/relnotes-detailed.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/8.3R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 8.3.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:dteske@FreeBSD.org">Devin Teske</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>15</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:sperber@FreeBSD.org">Armin Pirkovitsch</a> (ports)
 	  </p>
 	</event>
       </day>
       <day>
 	<name>13</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:monthadar@FreeBSD.org">Monthadar Al Jaberi</a> (src)
 	  </p>
 	</event>
       </day>
       <day>
 	<name>12</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:madpilot@FreeBSD.org">Guido Falsi</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>2</name>
 	<event>
 	  <title>&os;&nbsp;8.3-RC2 Available</title>
 
 	  <p>The second release candidate build for the &os;-8.3
 	    release cycle is now available.  ISO images for the amd64,
 	    i386, and pc98 architectures are <a
 	      href="&lists.stable;/2012-April/067067.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>3</name>
       <day>
 	<name>23</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:cherry@FreeBSD.org">Cherry G. Mathew</a> (src)</p>
 	</event>
       </day>
       <day>
 	<name>12</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:bjk@FreeBSD.org">Benjamin Kaduk</a> (doc/www)</p>
 	</event>
       </day>
 
       <day>
 	<name>6</name>
 	<event>
 	  <title>&os;&nbsp;8.3-RC1 Available</title>
 
 	  <p>The first RC build for the &os;-8.3 release cycle is
 	    now available.  ISO images for the amd64, i386, and pc98
 	    architectures are <a
 	      href="&lists.stable;/2012-March/066722.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>01</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:ak@FreeBSD.org">Alex Kozlov</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>2</name>
       <day>
 	<name>20</name>
 	<event>
 	  <title>&os;&nbsp;8.3-BETA1 Available</title>
 
 	  <p>The first test build for the &os;-8.3 release cycle is
 	    now available.  ISO images for the amd64, i386, and pc98
 	    architectures are <a
 	      href="&lists.stable;/2012-February/066340.html">available</a>
 	    on most of our <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>16</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:dmarion@FreeBSD.org">Damjan Marion</a> (src)</p>
 	</event>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:bgray@FreeBSD.org">Ben Gray</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>14</name>
 	<event>
 	  <p>Enhanced commit privileges: <a
 	    href="mailto:pluknet@FreeBSD.org">Sergey Kandaurov</a>
 	    (src, doc)</p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:matthew@FreeBSD.org">Matthew Seaman</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:davide@FreeBSD.org">Davide Italiano</a> (src)</p>
 	</event>
 
 	<event>
 	  <title>October-December, 2011 Status Report</title>
 
 	  <p>The October-December, 2011 Status Report is <a
 	      href="&enbase;/news/status/report-2011-10-2011-12.html">now
 	      available</a> with 32 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <title>&os; 9.0-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/9.0R/announce.html">FreeBSD
 	      9.0-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/9.0R/relnotes.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/9.0R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 9.0.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
       </day>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>16</name>
 	<event>
 	  <p>New committer:
 	   <a href="mailto:jgh@FreeBSD.org">Jason Helfman</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>9</name>
 
 	<event>
 	  <title>&os; 9.0-RC3 Available</title>
 
 	  <p>The third (and probably last) RC build for the &os;-9.0 release
 	    cycle is now available.  ISO images for the architectures amd64,
 	    i386, ia64, powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-December/064770.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.  Alternatively, users upgrading existing systems may
 	    now do so using the freebsd-update(8) utility.</p>
 	</event>
       </day>
 
       <day>
 	<name>8</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:pfg@FreeBSD.org">Pedro Giffuni</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>2</name>
 	<event>
 	  <p>New member for the Ports Management team:
 	    <a href="mailto:beat@FreeBSD.org">Beat G&auml;tzi</a></p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>30</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:jhibbits@FreeBSD.org">Justin Hibbits</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 
 	<event>
 	  <title>&os; 9.0-RC2 Available</title>
 
 	  <p>The second RC build for the &os;-9.0 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    ia64, powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-November/064609.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.  Alternatively, users upgrading existing systems may
 	    now do so using the freebsd-update(8) utility.</p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:scheidell@FreeBSD.org">Michael Scheidell</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>11</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:theraven@FreeBSD.org">David Chisnall</a> (src)</p>
 	</event>
       </day>
       <day>
 	<name>9</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:rm@FreeBSD.org">Ruslan Mahmatkhanov</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>8</name>
 
 	<event>
 	  <title>July-September, 2011 Status Report</title>
 
 	  <p>The July-September, 2011 Status Report is <a
 	    href="&enbase;/news/status/report-2011-07-2011-09.html">now
 	    available</a> with 28 entries.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>23</name>
 
 	<event>
 	  <title>&os; 9.0-RC1 Available</title>
 
 	  <p>The first RC build for the &os;-9.0 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    ia64, powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-October/064321.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.  Alternatively, users upgrading existing systems may
 	    now do so using the freebsd-update(8) utility.</p>
 	</event>
       </day>
 
       <day>
 	<name>6</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:melifaro@FreeBSD.org">Alexander V. Chernikov</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>28</name>
 
 	<event>
 	  <title>&os; 9.0-BETA3 Available</title>
 
 	  <p>The third BETA build for the &os;-9.0 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    ia64, powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-September/064030.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.</p>
 	</event>
       </day>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:jceel@FreeBSD.org">Jakub Klama</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>19</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:gleb@FreeBSD.org">Gleb Kurtsou</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:rmh@FreeBSD.org">Robert Millan</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>14</name>
 
 	<event>
 	  <p>New committer:
 	    <a href="mailto:wblock@FreeBSD.org">Warren Block</a> (doc/www)</p>
 	</event>
 
 	<event>
 	  <title>April-June, 2011 Status Report</title>
 
 	  <p>The April-June, 2011 Status Report is <a
 	    href="&enbase;/news/status/report-2011-04-2011-06.html">now
 	    available</a> with 36 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>13</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:cs@FreeBSD.org">Carlo Strub</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 
 	<event>
 	  <title>&os; 9.0-BETA2 Available</title>
 
 	  <p>The second BETA build for the &os;-9.0 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-September/063841.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>22</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:rakuco@FreeBSD.org">Raphael Kubo da Costa</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:eadler@FreeBSD.org">Eitan Adler</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>9</name>
 
 	<event>
 	  <title>&os; Foundation August 2011 Newsletter</title>
 
 	  <p>The &os; Foundation has published their first <a
 	      href="http://www.freebsdfoundation.org/press/2011Aug-newsletter.shtml">Semi-Annual
 	    2011 newsletter</a> which summarizes what they
 	    have done to help the &os; Project and community.</p>
 	</event>
       </day>
 
       <day>
 	<name>1</name>
 
 	<event>
 	  <title>&os; 9.0-BETA1 Available</title>
 
 	  <p>The first test build for the &os;-9.0 release cycle is now
 	    available.  ISO images for the architectures amd64, i386,
 	    ia64, powerpc, powerpc64, and sparc64 are <a
 	    href="&lists.stable;/2011-August/063457.html">available</a>
 	    on most of our <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  One of the many new features in 9.0 we
 	    would like to be tested is the new installer, so we
 	    encourage our users to do fresh installation on test
 	    systems.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>17</name>
 	<event>
 	  <p>Enhanced commit privileges: <a
 	     href="mailto:gavin@FreeBSD.org">Gavin Atkinson</a>
 	     (src, doc)</p>
 	</event>
       </day>
 
       <day>
 	<name>15</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:zi@FreeBSD.org">Ryan Steinmetz</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>14</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:gber@FreeBSD.org">Grzegorz Bernacki</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>13</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:stephen@FreeBSD.org">Stephen Montgomery-Smith</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>11</name>
 	<event>
 	  <p>New committer:
 	    <a href="mailto:crees@FreeBSD.org">Chris Rees</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>6</name>
 	<event>
 	  <title>IPv6-only &os; test images</title>
 	  <p>&os; Foundation and iXsystems
 	    <a href="http://www.prweb.com/releases/2011/6/prweb8529718.htm">
 	    announce</a> IPv6-only test images of FreeBSD and PC-BSD.</p>
 	</event>
 
 	<event>
 	  <p>New committer: <a href="mailto:jlaffaye@FreeBSD.org">
 	  Julien Laffaye</a> (ports)</p>
 	</event>
       </day>
 
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>25</name>
 	<event>
 	  <p>New committer: <a href="mailto:ray@FreeBSD.org">Aleksandr Rybalko</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 	<event>
 	  <p>New committer: <a href="mailto:benl@FreeBSD.org">Ben Laurie</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <title>New Port Manager</title>
 
 	  <p>The Ports Management Team is pleased to announce
 	    <a href="mailto:bapt@FreeBSD.org">Baptiste Daroussin</a> as a new
 	    member.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <title>January-March, 2011 Status Report</title>
 
 	  <p>The January-March, 2011 Status Report is <a
 	    href="&enbase;/news/status/report-2011-01-2011-03.html">now
 	    available</a> with 34 entries.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>29</name>
 	<event>
 	  <p>New committer: <a href="mailto:art@FreeBSD.org">Artem Belevich</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <title>FreeBSD Project to participate in Google Summer of
 	    Code 2011</title>
 
 	  <p>The FreeBSD Project is pleased to announce its participation
 	    In Google's 2011 Summer of Code program, which funds summer
 	    students to participate in open source projects.
 	    This will be the FreeBSD Project's seventh year in the program,
 	    having mentored over 100 successful students through summer-long
 	    coding projects between 2005 and 2010.</p>
 
 	  <p> Past successful projects have included improvements to Linux
 	    ABI emulation, NFSv4 ACLs, TCP regression testing, FUSE file
 	    system support, and countless other projects.
 	    Many students go on to become FreeBSD developers, as well as
 	    participating in FreeBSD developer events around the world
 	    through continuing support from the FreeBSD Foundation.</p>
 
 	  <p>Prospective participants are invited to apply; more information
 	    is available, including proposal and deadline information, on the
 	    <a href="&enbase;/projects/summerofcode.html">FreeBSD Summer
 	    Projects page</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:sbz@FreeBSD.org">
 	   Sofian Brabez</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>13</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:pawel@FreeBSD.org">
 	   Pawel Pekala</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>10</name>
 
 	<event>
 	  <p>The FreeBSD Ports Management Team is pleased to announce
 	    <a href="mailto:tabthorpe@FreeBSD.org">
 	    Thomas Abthorpe</a> as a full voting member.</p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:kargl@FreeBSD.org">
 	   Steven G. Kargl</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>24</name>
 
 	<event>
 	  <title>FreeBSD 8.2-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/8.2R/announce.html">FreeBSD
 	      8.2-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/8.2R/relnotes.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/8.2R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 8.2.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
 
 	<event>
 	  <title>FreeBSD 7.4-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/7.4R/announce.html">FreeBSD
 	      7.4-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/7.4R/relnotes.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/7.4R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 7.4.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:miwi@FreeBSD.org">Martin Wilke</a>
 	     (src, ports, doc)</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 
 	<event>
 	  <title>&os; 7.4/8.2-RC3 Available</title>
 
 	  <p>The third (and probably last) Release Candidate builds
 	    for the &os;-7.4/8.2 release cycles are now available.  For
 	    8.2-RC3 the amd64, i386, ia64, pc98, powerpc, and sparc64
 	    architectures are available.  For 7.4-RC3 the amd64, i386,
 	    pc98, and sparc64 architectures are available.  ISO images
 	    for these architectures can be downloaded from most of the
 	    <a href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2011-February/061353.html">announcement</a>
 	    for further details about these releases.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>25</name>
 
 	<event>
 	  <title>October-December, 2010 Status Report</title>
 
 	  <p>The October-December, 2010 Status Report is <a
 	    href="&enbase;/news/status/report-2010-10-2010-12.html">now
 	    available</a> with 37 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>23</name>
 
 	<event>
 	  <title>&os; 7.4-RC2 Available</title>
 
 	  <p>The second Release Candidate build for the &os;-7.4
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures can be downloaded from most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2011-January/061218.html">announcement</a>
 	    for further details about this release.</p>
 	</event>
       </day>
 
       <day>
 	<name>16</name>
 
 	<event>
 	  <title>&os; 8.2-RC2 Available</title>
 
 	  <p>The second Release Candidate build for the &os;-8.2
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures can be downloaded from most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2011-January/061131.html">announcement</a>
 	    for further details about this release.</p>
 	</event>
       </day>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <title>&os; 7.4/8.2-RC1 Available</title>
 
 	  <p>The first Release Candidate builds for the &os;-7.4/8.2
 	    release cycles are now available.  ISO images for Tier-1
 	    architectures can be downloaded from most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2010-December/060757.html">announcement</a>
 	    for further details about these releases.</p>
 	</event>
       </day>
 
       <day>
 	<name>16</name>
 
 	<event>
 	  <title>&os; Foundation December 2010 Newsletter</title>
 
 	  <p>The &os; Foundation has published their <a
 	      href="http://www.freebsdfoundation.org/press/2010Dec-newsletter.shtml">End-of-Year newsletter</a>
 	    which summarizes what they have done in 2010 to help the
 	    &os; Project and community.</p>
 	</event>
       </day>
 
       <day>
 	<name>11</name>
 
 	<event>
 	  <title>&os; 7.4/8.2-BETA1 Available</title>
 
 	  <p>The first of the test builds for the &os;-7.4/8.2
 	    release cycles is now available.  ISO images for Tier-1
 	    architectures are now <a
 	    href="&lists.stable;/2010-December/060541.html">available</a>
 	    on most of the <a
 	    href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 	<event>
 	  <p>New committer: <a href="mailto:flo@FreeBSD.org">Florian Smeets</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>15</name>
 	<event>
 	  <p>New committer: <a href="mailto:rea@FreeBSD.org">Eygene Ryabinkin</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 	<event>
 	  <p>New committer: <a href="mailto:zack@FreeBSD.org">Zack Kirsch</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <title>July-September, 2010 Status Report</title>
 
 	  <p>The July-September, 2010 Status Report is <a
 	    href="&enbase;/news/status/report-2010-07-2010-09.html">now
 	    available</a> with 55 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>16</name>
 	<event>
 	  <p>New committer: <a href="mailto:culot@FreeBSD.org">Frederic Culot</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 	<event>
 	  <p>New committer: <a href="mailto:jonathan@FreeBSD.org">Jonathan Anderson</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 	<event>
 	  <p>New committer: <a href="mailto:pluknet@FreeBSD.org">Sergey Kandaurov</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>25</name>
 	<event>
 	  <p>New committer: <a href="mailto:martymac@FreeBSD.org">Ganael Laplanche</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>21</name>
 	<event>
 	  <p>New committer: <a href="mailto:sunpoet@FreeBSD.org">Po-Chuan Hsieh</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>5</name>
 	<event>
 	  <p>New committer: <a href="mailto:andreast@FreeBSD.org">Andreas Tobler</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 	<event>
 	  <p>New committer: <a href="mailto:swills@FreeBSD.org">Steve Wills</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>31</name>
 	<event>
 	  <p>New committer: <a href="mailto:gjb@FreeBSD.org">Glen Barber</a> (full doc/www)</p>
 	</event>
       </day>
 
       <day>
 	<name>30</name>
 	<event>
 	  <p>New committer: <a href="mailto:dim@FreeBSD.org">Dimitry Andric</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>1</name>
 	<event>
 	  <p>New committer: <a href="mailto:ohauer@FreeBSD.org">Oliver Hauer</a> (ports)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>27</name>
 
 	<event>
 	  <title>&os; Foundation July 2010 Newsletter</title>
 
 	  <p>The &os; Foundation has published their <a
 	      href="http://www.freebsdfoundation.org/press/2010Jul-newsletter.shtml">Semi-Annual July 2010 newsletter</a>
 	    which summarizes what they have done to help the &os;
 	    Project and community.</p>
 	</event>
 
 	<event>
 	  <p>New committer: <a href="mailto:bapt@FreeBSD.org">Baptiste Daroussin</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>23</name>
 
 	<event>
 	  <title>FreeBSD 8.1-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/8.1R/announce.html">FreeBSD
 	      8.1-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/8.1R/relnotes.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/8.1R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 8.1.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
       </day>
 
       <day>
 	<name>22</name>
 
 	<event>
 	  <title>April-June, 2010 Status Report</title>
 
 	  <p>The April-June, 2010 Status Report is <a
 	    href="&enbase;/news/status/report-2010-04-2010-06.html">now
 	    available</a> with 47 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>21</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:andrew@FreeBSD.org">Andrew Turner</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>20</name>
 
 	<event>
 	  <title>PC-BSD 8.1 Released</title>
 
 	  <p>PC-BSD 8.1 has been released.  PC-BSD is a
 	    successful desktop operating system based on FreeBSD that
 	    focuses on providing an easy to use desktop system for
 	    casual computer users.  A list of new features/updates
 	    since the last version can be found <a
 	    href="http://www.pcbsd.org/content/view/170/11/">here</a>.</p>
 
 	  <p>The new release can be <a
 	    href="http://www.pcbsd.org">downloaded</a> or <a
 	    href="http://www.freebsdmall.com">purchased</a> on DVD.</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:tijl@FreeBSD.org">Tijl Coosemans</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>15</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:jsa@FreeBSD.org">Joseph S. Atkinson</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>14</name>
 
 	<event>
 	  <title>New &os; Core Team elected</title>
 
 	  <p>The &os; Project is pleased to announce the completion of
 	    the 2010 Core Team election.  The &os; Core Team acts as the
 	    project's "board of directors" and is responsible for
 	    approving new src committers, resolving disputes between
 	    developers, appointing sub-committees for specific purposes
 	    (security officer, release engineering, port managers,
 	    webmaster, etc ...), and making any other administrative
 	    or policy decisions as needed.  The Core Team has been
 	    elected by &os; developers every 2 years since 2000.</p>
 
 	  <p>More information about the election (together with a list
 	    of the new members of the Core Team) can be found in the
 	    official <a
 	      href="http://docs.freebsd.org/cgi/mid.cgi?20100714193552.GS32232">announcement</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>2</name>
 
 	<event>
 	  <title>&os; 8.1-RC2 available</title>
 
 	  <p>The second (and most likely final) Release Candidate build
 	    for the &os;-8.1 release cycle is now available.  CD ISO images
 	    for the amd64, i386, ia64, powerpc, and sparc64 architectures
 	    can be downloaded from most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2010-July/057552.html">announcement</a>
 	    for further details about this release.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>18</name>
 
 	<event>
 	  <title>&os; 8.1-RC1 Available</title>
 
 	  <p>The first Release Candidate build for the &os;-8.1
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures can be downloaded from most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.  Please see the official <a
 	      href="&lists.stable;/2010-June/057320.html">announcement</a>
 	    for further details about this release.</p>
 	</event>
       </day>
 
       <day>
 	<name>10</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:ashish@FreeBSD.org">Ashish SHUKLA</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>9</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:bf@FreeBSD.org">Brendan Fabeny</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>4</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:mdf@FreeBSD.org">Matthew Fleming</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:ae@FreeBSD.org">Andrey V. Elsukov</a> (src)</p>
 	</event>
 
 	<event>
 	  <p>New committer: <a href="mailto:taras@FreeBSD.org">Taras Korenko</a> (doc/ru, www/ru)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>29</name>
 
 	<event>
 	  <title>&os; 8.1-BETA1 Available</title>
 
 	  <p>The first of the test builds for the &os;-8.1
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures are now <a
 	      href="&lists.stable;/2010-May/057040.html">available</a>
 	    on most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>24</name>
 
 	<event>
 	  <title>Google Summer of Code Projects started</title>
 
 	  <p>The FreeBSD Project again received many high quality
 	    applications from students participating
 	    in <a href="http://code.google.com/soc">Google's Summer of
 	    Code</a> program.  This year 18 student proposals to work
 	    with the FreeBSD Project were accepted as part of this
 	    program.  For those with projects that were not accepted
 	    this year, we'd like to note that the FreeBSD Project is
 	    always willing to help mentor students so they can learn
 	    more about operating system development through our normal
 	    community mailing lists and development forums.</p>
 
 	  <p>Please read the official <a
 	    href="http://docs.freebsd.org/cgi/mid.cgi?20100526034329.GA40980">announcement</a>
 	    for more information.  The complete list of student projects
 	    selected for funding can be found in the FreeBSD <a
 	    href="http://wiki.freebsd.org/SummerOfCode2010Projects">Summer
 	    of Code wiki</a>.  Coding started on May 24, so please join
 	    us in welcoming the 18 new students to our community.</p>
 	</event>
       </day>
 
       <day>
 	<name>19</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:jchandra@FreeBSD.org">Jayachandran C.</a> (src)</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>29</name>
 
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:mm@FreeBSD.org">Martin Matu&scaron;ka</a>
 	     (src, ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>22</name>
 
 	<event>
 	  <title>January-March, 2010 Status Report</title>
 
 	  <p>The January-March, 2010 Status Report is <a
 	    href="&enbase;/news/status/report-2010-01-2010-03.html">now
 	    available</a> with 46 entries.</p>
 	</event>
       </day>
 
       <day>
 	<name>20</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:randi@FreeBSD.org">Randi Harper</a> (src)</p>
 	</event>
 
       </day>
 
       <day>
 	<name>19</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:rstone@FreeBSD.org">Ryan Stone</a> (src)</p>
 	</event>
 
       </day>
 
       <day>
 	<name>14</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:anchie@FreeBSD.org">Ana Kukec</a> (src)</p>
 	</event>
 
       </day>
 
       <day>
 	<name>11</name>
 
 	<event>
 	  <p>Enhanced commit privileges: <a
 	      href="mailto:rene@FreeBSD.org">Ren&eacute; Ladan</a>
 	     (doc-nl, ports)</p>
 	</event>
 
 	<event>
 	  <p>New committer: <a href="mailto:sahil@FreeBSD.org">Sahil Tandon</a> (ports)</p>
 	</event>
 
       </day>
 
       <day>
 	<name>5</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:jacula@FreeBSD.org">Giuseppe Pilichi</a> (ports)</p>
 	</event>
 
       </day>
 
       <day>
 	<name>4</name>
 
 	<event>
 	  <title>The &os; Project Participates in the Google Summer of
 	    Code 2010 Program</title>
 
 	  <p>&os; Project is <a href="http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+archive/2010/freebsd-announce/20100404.freebsd-announce">participating in Google's Summer of Code programme</a>
 	    for a sixth year.  Undergraduate and graduate students are
 	    invited to apply for a grant to spend the summer improving the
 	    &os; operating system!  More information available on the
 	    <a href="&enbase;/projects/summerofcode.html">&os; Summer of
 	    code page</a>, including a poster to hang up at a university
 	    near you!</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>31</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:decke@FreeBSD.org">Bernhard
 	    Fr&ouml;hlich</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>23</name>
 
 	<event>
 	  <title>FreeBSD 7.3-RELEASE Available</title>
 
 	  <p><a href="&enbase;/releases/7.3R/announce.html">FreeBSD
 	      7.3-RELEASE</a> is now available.  Please be sure to check
 	    the <a href="&enbase;/releases/7.3R/relnotes.html">Release
 	      Notes</a> and <a
 	      href="&enbase;/releases/7.3R/errata.html">Release
 	      Errata</a> before installation for any late-breaking news
 	    and/or issues with 7.3.  More information about FreeBSD
 	    releases can be found on the <a
 	      href="&enbase;/releases/index.html">Release
 	      Information</a> page.</p>
 	</event>
       </day>
 
       <day>
 	<name>18</name>
 	<event>
 	  <title>New Ports Management Team Secretary: <a href="mailto:tabthorpe@FreeBSD.org">Thomas Abthorpe</a></title>
 
 	  <p>The &os; Ports Management Team is pleased to announce <a href="mailto:tabthorpe@FreeBSD.org">Thomas Abthorpe</a> has assumed the role of <a href="mailto:portmgr-secretary@FreeBSD.org">Ports Management Team Secretary</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>7</name>
 	<event>
 	  <p>Returning committer: <a href="mailto:niels@FreeBSD.org">Niels Heinen</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>4</name>
 
 	<event>
 	  <title>&os; 7.3-RC2 Available</title>
 
 	  <p>The second Release Candidate build for the &os;-7.3
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures are now <a
 	      href="&lists.stable;/2010-March/055596.html">available</a>
 	    on most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>3</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:neel@FreeBSD.org">Neel
 	    Natu</a> (src)</p>
 	</event>
       </day>
 
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>22</name>
 
 	<event>
 	  <title>PC-BSD 8.0 Released</title>
 
 	  <p>PC-BSD 8.0 has been released.  PC-BSD is a
 	    successful desktop operating system based on FreeBSD that
 	    focuses on providing an easy to use desktop system for
 	    casual computer users.  A list of new features/updates
 	    since the last version can be found <a
 	    href="http://www.pcbsd.org/content/view/151/11/">here</a>.</p>
 
 	  <p>The new release can be <a
 	    href="http://www.pcbsd.org">downloaded</a> or <a
 	    href="http://www.freebsdmall.com">purchased</a> on DVD.</p>
 	</event>
       </day>
 
       <day>
 	<name>15</name>
 
 	<event>
 	  <title>&os; 7.3-RC1 Available</title>
 
 	  <p>The first Release Candidate build for the &os;-7.3
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures are now <a
 	      href="&lists.stable;/2010-February/055146.html">available</a>
 	    on most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>12</name>
 
 	<event>
 	  <p>Enhanced commit privileges: <a
 	    href="mailto:bcr@FreeBSD.org">Benedict Reuschling</a>
 	    (full doc/www)</p>
 	</event>
       </day>
 
       <day>
 	<name>6</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:bschmidt@FreeBSD.org">Bernhard
 	    Schmidt</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>2</name>
 
 	<event>
 	  <title>Enhanced commit privileges:
 	    <a href="mailto:gabor@FreeBSD.org">G&aacute;bor K&ouml;vesd&aacute;n</a>
 	    (src, ports, doc)</title>
 
 	  <p><a href="mailto:gabor@FreeBSD.org">G&aacute;bor K&ouml;vesd&aacute;n</a>
 	    participated in
 	    <a href="http://code.google.com/soc">Google Summer of Code</a>
 	    2008/2009 and for his work he has been given commit access to the
 	    source code.  His first pieces of work will be bringing in the result
 	    of his summer work into the tree.</p>
 	</event>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>30</name>
 
 	<event>
 	  <title>&os; 7.3-BETA1 Available</title>
 
 	  <p>The first BETA build for the &os;-7.3
 	    release cycle is now available.  ISO images for Tier-1
 	    architectures are now <a
 	      href="&lists.stable;/2010-January/054608.html">available</a>
 	    on most of the <a
 	      href="&url.doc.base-en;/books/handbook/mirrors-ftp.html">&os;
 	    mirror sites</a>.</p>
 	</event>
       </day>
 
       <day>
 	<name>29</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:brucec@FreeBSD.org">Bruce
 	    Cran</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>28</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:uqs@FreeBSD.org">Ulrich
 	    Sp&ouml;rlein</a> (src)</p>
 	</event>
       </day>
 
       <day>
 	<name>26</name>
 
 	<event>
 	  <p>New committer: <a href="mailto:romain@FreeBSD.org">Romain
 	    Tarti&egrave;re</a> (ports)</p>
 	</event>
 
 	<event>
 	  <p>New committer: <a href="mailto:avilla@FreeBSD.org">Alberto
 	    Villa</a> (ports)</p>
 	</event>
       </day>
 
       <day>
 	<name>17</name>
 
 	<event>
 	  <title>October-December, 2009 Status Report</title>
 
 	  <p>The October-December, 2009 Status Report is <a
 	    href="&enbase;/news/status/report-2009-10-2009-12.html">now
 	    available</a> with 38 entries.</p>
 	</event>
       </day>
     </month>
   </year>
 
 </news>
Index: projects/entities/share/xml/press.xml
===================================================================
--- projects/entities/share/xml/press.xml	(revision 41353)
+++ projects/entities/share/xml/press.xml	(revision 41354)
@@ -1,361 +1,377 @@
 <?xml version="1.0"?>
 <!DOCTYPE press PUBLIC "-//FreeBSD//DTD FreeBSD XML Database for Press//EN"
                       "http://www.FreeBSD.org/XML/www/share/xml/press.dtd">
 <!--
  COMMITTERS PLEASE NOTE:
     News articles referenced in this file are also to be archived under
     "freefall:/c/www/bsddoc/press/".
 -->
 <press>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
     <name>2013</name>
 
     <month>
+      <name>2</name>
+
+      <story>
+	<name>2012 - A BSD Year in Retrospective</name>
+	<url>http://www.osnews.com/story/26787/2012_a_BSD_year_in_retrospective</url>
+	<site-name>OSnews</site-name>
+	<site-url>http://www.osnews.com/</site-url>
+	<date>14 February 2013</date>
+	<author>Julian Djamil</author>
+	<p>A retrospective of all the exciting developments in the BSD-family
+	  of operating systems in 2012, focusing on FreeBSD, NetBSD, OpenBSD
+	  and Dragonfly BSD.</p>
+      </story>
+    </month>
+
+    <month>
       <name>1</name>
 
       <story>
 	<name>A Decade of OS Access-control Extensibility</name>
 	<url>https://queue.acm.org/detail.cfm?id=2430732</url>
 	<site-name>ACM Queue</site-name>
 	<site-url>https://queue.acm.org/</site-url>
 	<date>18 January 2013</date>
 	<author>Robert N. M. Watson</author>
 	<p>To discuss operating system security is to marvel at the
 	  diversity of deployed access-control models.</p>
       </story>
     </month>
   </year>
 
   <year>
     <name>2012</name>
 
     <month>
       <name>11</name>
 
       <story>
 	<name>A world without Linux: Where would Apache,
 	  Microsoft &mdash; even Apple be today?</name>
 	<url>http://www.infoworld.com/d/data-center/world-without-linux-where-would-apache-microsoft-even-apple-be-today-206680</url>
 	<site-name>Infoworld</site-name>
 	<site-url>http://www.infoworld.com</site-url>
 	<date>12 November 2012</date>
 	<author>Paul Venezia</author>
 	<p>If Linux hadn't conquered the world, we'd all be running
 	  FreeBSD, maybe even on our desktops.</p>
       </story>
     </month>
 
     <month>
       <name>8</name>
 
       <story>
 	<name>FreeBSD Now Supported on Windows Server Hyper-V Via Beta
 	  Release</name>
 	<url>http://redmondmag.com/articles/2012/08/09/freebsd-beta-for-windows-server-hyper-v.aspx</url>
 	<site-name>Redmondmag</site-name>
 	<site-url>http://redmondmag.com</site-url>
 	<date>9 August 2012</date>
 	<author>Kurt Mackie</author>
 	<p>Microsoft and collaborators today announced a beta release
 	  of drivers that enable the open source FreeBSD 8.2 server
 	  operating system to run in a virtual machine (VM) using
 	  Microsoft's Hyper-V Server.</p>
       </story>
     </month>
 
     <month>
       <name>6</name>
 
       <story>
 	<name>X.Org 7.7 Goes Into FreeBSD, KMS Is Ready</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTExNzY</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>11 June 2012</date>
 	<author>Michael Larabel</author>
 	<p>While X.Org 7.7 was only released last week, this updated
 	  set of X packages have already worked their way into
 	  FreeBSD.  The FreeBSD developers request your help in
 	  testing.</p>
       </story>
 
       <story>
 	<name>Netflix Open Connect Network: FreeBSD, Not Linux</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTExNDM</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>6 June 2012</date>
 	<author>Michael Larabel</author>
 	<p>This week Netflix announced their Open Connect Network as
 	  their own open CDN (Content Distribution Network), but
 	  rather than using Linux as the base for this open-source
 	  platform, they decided to use FreeBSD.</p>
       </story>
     </month>
 
     <month>
       <name>5</name>
 
       <story>
 	<name>Why Should You Use FreeBSD?  Here's Some Reasons</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTExMDg</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>31 May 2012</date>
 	<author>Michael Larabel</author>
 	<p>FreeBSD is wondering why are you using FreeBSD.  David
 	  Chisnall of the FreeBSD project is working on updating their
 	  advocacy material regarding this leading *BSD operating
 	  system.  As such, he asked on the mailing list &quot;Why Are
 	  You Using FreeBSD?&quot;</p>
       </story>
 
       <story>
 	<name>Colocation Provider NYI Launches East Coast Mirror for
 	  FreeBSD Foundation</name>
 	<url>http://www.thewhir.com/web-hosting-news/colocation-provider-nyi-launches-east-coast-mirror-for-freebsd-foundation</url>
 	<site-name>The WHIR</site-name>
 	<site-url>http://www.thewhir.com</site-url>
 	<date>25 May 2012</date>
 	<author>Nicole Henderson</author>
 	<p>Colocation provider NYI announced on Friday that it has
 	  launched the East Coast mirror for The FreeBSD
 	  Foundation.  &quot;FreeBSD has been a critical component of
 	  everything we do,&quot; Phillip Koblence, VP operations, NYI
 	  said in a statement.  &quot;We look upon this launch as our
 	  way of giving back to a community whose open source projects
 	  have enabled us to craft customized solutions for our
 	  customers from the inside out.&quot;</p>
       </story>
 
       <story>
 	<name>FreeBSD and Microsoft Hyper-V Interoperability Expected
 	  This Summer</name>
 	<url>http://redmondmag.com/articles/2012/05/14/microsoft-hyperv-interoperability.aspx</url>
 	<site-name>Redmondmag</site-name>
 	<site-url>http://redmondmag.com</site-url>
 	<date>14 May 2012</date>
 	<author>Kurt Mackie</author>
 	<p>Microsoft and its partnering companies are finalizing a
 	  project that will enable FreeBSD interoperability with
 	  Windows Server Hyper-V.</p>
       </story>
 
       <story>
 	<name>FreeBSD 10 To Use Clang Compiler, Deprecate GCC</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTEwMjI</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>12 May 2012</date>
 	<author>Michael Larabel</author>
 	<p>As indicated by the Q1-2012 FreeBSD Status Report, LLVM's
 	  Clang compiler is quickly replacing GCC for this popular BSD
 	  operating system. The developers are also making much
 	  progress in a GNU-free C++11 stack. For FreeBSD 10 they're
 	  aiming for Clang as the default C/C++ compiler, deprecate
 	  GCC, and to have a BSD-licensed C++ stack.</p>
       </story>
 
       <story>
 	<name>FreeBSD Achieved A Lot In Q1'2012</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTEwMjE</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>12 May 2012</date>
 	<author>Michael Larabel</author>
 	<p>For the first three months of the 2012 calendar year, the
 	  FreeBSD project achieved a lot when it came to advancing
 	  their open operating system. Here's some of the interesting
 	  highlights from their quarterly status report.</p>
       </story>
     </month>
 
     <month>
       <name>4</name>
 
       <story>
 	<name>FreeBSD Gets A New X.Org With Intel KMS</name>
 	<url>http://www.phoronix.com/scan.php?page=news_item&amp;px=MTA5MTc</url>
 	<site-name>phoronix</site-name>
 	<site-url>http://www.phoronix.com</site-url>
 	<date>23 April 2012</date>
 	<author>Michael Larabel</author>
 	<p>The FreeBSD team working on X support have announced a set
 	  of X.Org updates to bring the FreeBSD package support to
 	  X.Org 7.5.2, which now includes Intel KMS support.</p>
       </story>
     </month>
 
     <month>
       <name>3</name>
 
       <story>
 	<name>Most Reliable Hosting Company Sites in March 2012</name>
 	<url>http://news.netcraft.com/archives/2012/04/02/most-reliable-hosting-company-sites-in-march-2012.html</url>
 	<site-name>Netcraft Ltd.</site-name>
 	<site-url>http://www.netcraft.com/</site-url>
 	<date>02 March 2012</date>
 	<author>Netcraft</author>
 	<p>FreeBSD the OS of 3 of the top 10 most reliable hosting
 	  company sites in March 202.</p>
       </story>
     </month>
 
     <month>
       <name>2</name>
 
       <story>
 	<name>PC-BSD 9 review ? to FreeBSD what Ubuntu is to
 	  Debian</name>
 	<url>http://www.linuxuser.co.uk/reviews/pc-bsd-9-review-to-freebsd-what-ubuntu-is-to-debian/</url>
 	<site-name>Linux User &amp; Developer</site-name>
 	<site-url>http://www.linuxuser.co.uk</site-url>
 	<date>09 February 2012</date>
 	<author>Koen Vervloesem</author>
 	<p>PC-BSD offers you a fully functional desktop environment
 	  based on rock solid FreeBSD technology, which makes it the
 	  perfect operating system for your first steps with BSD?</p>
       </story>
     </month>
 
     <month>
       <name>1</name>
 
       <story>
 	<name>[Review] FreeBSD 9.0</name>
 	<url>http://linuxconfig.net/review/freebsd-review/freebsd-9-0-review.html</url>
 	<site-name>linuxconfig.net</site-name>
 	<site-url>http://linuxconfig.net</site-url>
 	<date>10 January 2012</date>
 	<author>linuxconfig.net</author>
 	<p>This article provides an overview of some of the new
 	  features available in FreeBSD 9.0.</p>
       </story>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>11</name>
 
       <story>
 	<name>Why aren't you using FreeBSD?</name>
 	<url>http://www.infoworld.com/d/data-center/why-arent-you-using-freebsd-178119?page=0,0</url>
 	<site-name>Infoworld</site-name>
 	<site-url>http://www.infoworld.com</site-url>
 	<date>11 November 2011</date>
 	<author>Paul Venezia</author>
 	<p>This article writes about why Paul Venezia is using FreeBSD
 	  for his servers</p>
       </story>
     </month>
 
     <month>
       <name>9</name>
 
       <story>
 	<name>FreeBSD: A Faster Platform For Linux Gaming Than
 	Linux?</name>
 	<url>http://www.phoronix.com/scan.php?page=article&amp;item=linux_games_bsd</url>
 	<site-name>Phoronix</site-name>
 	<site-url>http://www.phoronix.com/</site-url>
 	<date>07 September 2011</date>
 	<p>Michael Larabel shows how FreeBSD runs some linux programs
 	  faster than linux does.</p>
       </story>
     </month>
 
     <month>
       <name>7</name>
 
       <story>
 	<name>Most Reliable Hosting Company Sites in June 2011</name>
 	<url>http://news.netcraft.com/archives/2011/07/08/most-reliable-hosting-company-sites-in-june-2011.html</url>
 	<site-name>Netcraft Ltd.</site-name>
 	<site-url>http://www.netcraft.com/</site-url>
 	<date>08 July 2011</date>
 	<author>Jennifer Cownie</author>
 	<p>FreeBSD the OS of top 3 most reliable hosting company sites
 	  in June 2011.</p>
       </story>
     </month>
 
     <month>
       <name>3</name>
 
       <story>
 	<name>PC-BSD 8.2 review</name>
 	<url>http://www.linuxbsdos.com/2011/03/03/pc-bsd-8-2-review/</url>
 	<site-name>LinuxBSDos.com</site-name>
 	<site-url>http://www.linuxbsdos.com/</site-url>
 	<date>03 March 2011</date>
 	<author>LinuxBSDos.com</author>
 	<p>LinuxBSDos.com looks at the installation (especially at the
 	  disk encryption features), system configuration and system
 	  management (including the installation of third party
 	  software packages via PC-BSD's PBI system) of
 	  PC-BSD&#160;8.2.</p>
       </story>
     </month>
 
     <month>
       <name>2</name>
 
       <story>
 	<name>FreeBSD 8.2 expands ZFS support</name>
 	<url>http://itmanagement.earthweb.com/osrc/article.php/3926181/FreeBSD-82-Expands-ZFS-Support----Without-Oracle.htm</url>
 	<site-name>Datamation.com</site-name>
 	<site-url>http://itmanagement.earthweb.com/</site-url>
 	<date>25 February 2011</date>
 	<author>Sean Michael Kerner</author>
 	<p>The author looks at the status and the future of ZFS under
 	  FreeBSD.  The information is based on interviews the website
 	  did with FreeBSD developer Josh Paetzel and Matt Olander
 	  from iXsystems.</p>
       </story>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>8</name>
 
       <story>
 	<name>PC-BSD 8.1 review</name>
 	<url>http://www.linuxbsdos.com/2010/08/17/pc-bsd-8-1-review/</url>
 	<site-name>LinuxBSDos.com</site-name>
 	<site-url>http://www.linuxbsdos.com/</site-url>
 	<date>17 August 2010</date>
 	<author>LinuxBSDos.com</author>
 	<p>LinuxBSDos.com looks at the installation, system
 	  configuration and system management (including the
 	  installation of third party software packages via PC-BSD's
 	  PBI system) of PC-BSD&#160;8.1.</p>
       </story>
     </month>
 
     <month>
       <name>2</name>
 
       <story>
 	<name>Health Check: FreeBSD - The unknown giant</name>
 	<url>http://www.h-online.com/open/features/Health-Check-FreeBSD-The-unknown-giant-920248.html</url>
 	<site-name>The H</site-name>
 	<site-url>http://www.h-online.com/</site-url>
 	<date>04 February 2010</date>
 	<author>Richard Hillesley</author>
 	<p>Richard Hillesley looks at the history of FreeBSD, the BSD
 	  license, Beastie and the new features in FreeBSD 8.0.</p>
       </story>
     </month>
   </year>
 
 </press>
Index: projects/entities/share/xml/release.ent
===================================================================
--- projects/entities/share/xml/release.ent	(revision 41353)
+++ projects/entities/share/xml/release.ent	(revision 41354)
@@ -1,86 +1,86 @@
 <!-- $FreeBSD$ -->
 
 <!-- XXX rel.current and u.rel.* should be available in doc/ -->
 <!-- The currently released versions of FreeBSD.  This value is used to
      create some links on web sites and such, so do NOT change it until
      it's really release time.  When you update this, you should also
      update (at least) the following:
 
 	- similar entity in the Handbook
 	- similar entity in the Relnotes
 	- releases/index.xml has the date of the current release
 	- the FAQ has links to the release FTP url
 	- "versions supported" in security.xml
 
      (If you're the release engineer, feel free to update this list with
      other doc-related things you had to do.  It'll save you time and
      trouble the next time around :-).)
 
      As of 5.0, we now have the concept of two different "currently"
      released versions (from two different development branches).  Use
      rel.* and u.rel.* for the "latest and greatest" version and
      rel2.* and u.rel2.* for the "conservative users" version.
 -->
 
 <!ENTITY rel.head.major '10'>
 <!ENTITY rel.head '&rel.head.major;.0'>
 
 <!-- If there is no release currently in the release cycle (i.e. we
       don't have something in BETAn or RCn), then change %beta.testing
       below to "IGNORE".  If we do, use "INCLUDE". -->
 
-<!ENTITY beta.testing "IGNORE">
-<!ENTITY % beta.testing "IGNORE">
-<!ENTITY betarel.current '9.1'>
-<!ENTITY betarel.vers 'RC3'>
+<!ENTITY beta.testing "INCLUDE">
+<!ENTITY % beta.testing "INCLUDE">
+<!ENTITY betarel.current '8.4'>
+<!ENTITY betarel.vers 'BETA1'>
 <!ENTITY u.betarel.schedule '&base;/releases/&betarel.current;R/schedule.html'>
 
 <!-- If we have a second release in the release cycle (e.g. 5.x and 6.y
       are having release candidates at the same time), do the same here.  -->
 <!ENTITY beta2.testing "IGNORE">
 <!ENTITY % beta2.testing "IGNORE">
 <!ENTITY betarel2.current '7.4'>
 <!ENTITY betarel2.vers 'RC3'>
 <!ENTITY u.betarel2.schedule '&base;/releases/&betarel2.current;R/schedule.html'>
 
 <!ENTITY rel.current.major '9'>
 <!ENTITY rel.current '&rel.current.major;.1'>
 <!ENTITY rel.current.date 'December 2012'>
 
 <!-- URLs to information on the latest release -->
 <!ENTITY u.rel.notes '&base;/releases/&rel.current;R/relnotes.html'>
 <!ENTITY u.rel.announce '&base;/releases/&rel.current;R/announce.html'>
 <!ENTITY u.rel.errata '&base;/releases/&rel.current;R/errata.html'>
 <!ENTITY u.rel.hardware '&base;/releases/&rel.current;R/hardware.html'>
 <!ENTITY u.rel.installation '&base;/releases/&rel.current;R/installation.html'>
 <!ENTITY u.rel.readme '&base;/releases/&rel.current;R/readme.html'>
 
 <!-- Secondary "current release" entities -->
 <!ENTITY rel2.current.major '8'>
 <!ENTITY rel2.current '8.3'>
 <!ENTITY rel2.current.date 'April 2012'>
 
 <!-- URLs to information on the latest release -->
 <!ENTITY u.rel2.notes '&base;/releases/&rel2.current;R/relnotes-detailed.html'>
 <!ENTITY u.rel2.announce '&base;/releases/&rel2.current;R/announce.html'>
 <!ENTITY u.rel2.errata '&base;/releases/&rel2.current;R/errata.html'>
 <!ENTITY u.rel2.hardware '&base;/releases/&rel2.current;R/hardware.html'>
 <!ENTITY u.rel2.installation '&base;/releases/&rel2.current;R/installation.html'>
 <!ENTITY u.rel2.readme '&base;/releases/&rel2.current;R/readme.html'>
 
 <!-- Tertiary "current release" entities -->
 <!ENTITY rel3.current.major '7'>
 <!ENTITY rel3.current '7.4'>
 <!ENTITY rel3.current.date 'February 2011'>
 
 <!-- URLs to information on the latest release -->
 <!ENTITY u.rel3.notes '&base;/releases/&rel3.current;R/relnotes.html'>
 <!ENTITY u.rel3.announce '&base;/releases/&rel3.current;R/announce.html'>
 <!ENTITY u.rel3.errata '&base;/releases/&rel3.current;R/errata.html'>
 <!ENTITY u.rel3.hardware '&base;/releases/&rel3.current;R/hardware.html'>
 <!ENTITY u.rel3.installation '&base;/releases/&rel3.current;R/installation.html'>
 <!ENTITY u.rel3.readme '&base;/releases/&rel3.current;R/readme.html'>
 
 <!ENTITY gnomeoldver '2.30'>
 <!ENTITY gnomever '2.32'>
 <!ENTITY gnomedevelver '2.90'>
Index: projects/entities/share
===================================================================
--- projects/entities/share	(revision 41353)
+++ projects/entities/share	(revision 41354)

Property changes on: projects/entities/share
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head/share:r40992-41353