Index: head/share/security/advisories/FreeBSD-SA-15:10.openssl.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-15:10.openssl.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-15:10.openssl.asc	(revision 46817)
@@ -0,0 +1,202 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-15:10.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple OpenSSL vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2015-06-12
+Affects:        All supported versions of FreeBSD.
+Corrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)
+                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)
+                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)
+                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)
+                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)
+                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)
+CVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791
+                CVE-2015-1792, CVE-2015-4000
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+A vulnerability in the TLS protocol would allow a man-in-the-middle
+attacker to downgrade vulnerable TLS connections using ephemeral
+Diffie-Hellman key exchange to 512-bit export-grade cryptography.
+This vulnerability is also known as Logjam [CVE-2015-4000].
+
+When processing an ECParameters structure OpenSSL enters an infinite
+loop if the curve specified is over a specially malformed binary
+polynomial field. [CVE-2015-1788]
+
+X509_cmp_time does not properly check the length of the ASN1_TIME
+string and can read a few bytes out of bounds. In addition,
+X509_cmp_time accepts an arbitrary number of fractional seconds in
+the time string. [CVE-2015-1789]
+
+The PKCS#7 parsing code does not handle missing inner EncryptedContent
+correctly.  [CVE-2015-1790]
+
+When verifying a signedData message the CMS code can enter an infinite
+loop if presented with an unknown hash function OID. [CVE-2015-1792]
+
+If a NewSessionTicket is received by a multi-threaded client when
+attempting to reuse a previous ticket then a race condition can occur,
+potentially leading to a double free of the ticket data. [CVE-2015-1791]
+
+The OpenSSL advisory also describes a problem that is identified as
+CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata
+Notice, FreeBSD-EN-15:02.openssl.
+
+III. Impact
+
+A man-in-the-middle attacker may be able to downgrade vulnerable TLS
+connections using ephemeral Diffie-Hellman key exchange to 512-bit
+export-grade cryptography. [CVE-2015-4000].  On FreeBSD 10.1, the
+patch contains a countermeasure for clients by rejecting handshakes
+with DH parameters shorter than 768 bits.
+
+An attacker who is able to use a certificate to authenticate with
+a remote system perform denial of service against any system which
+processes public keys, certificate requests or certificates.
+[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem
+was no longer exist in OpenSSL 0.9.8 series since July 2012.
+
+An attacker can use the CVE-2015-1789 issue by using specifically
+crafted certificates and CRLs of various sizes and potentially
+cause a segmentation fault, resulting in a DoS on applications that
+verify certificates or CRLs.
+
+An attacker who can create specifically crafted malformed ASN.1-encoded
+PKCS#7 blobs with missing content and trigger a NULL pointer dereference
+on parsing. [CVE-2015-1790].  Applications that decrypt PKCS#7 data
+or otherwise parse PKCS#7 structures from untrusted sources are
+affected. OpenSSL clients and servers are not affected.
+
+An attacker can perform denial of service against any system which
+verifies signedData messages using the CMS code. [CVE-2015-1792]
+
+An attacker may be able to crash multi-thread applications that
+supports resumed TLS handshakes. [CVE-2015-1791]
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc
+# gpg --verify openssl-10.1.patch.asc
+
+[FreeBSD 9.3 and 8.4]
+# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc
+# gpg --verify openssl-8.4.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r284286
+releng/8.4/                                                       r284295
+stable/9/                                                         r284286
+releng/9.3/                                                       r284295
+stable/10/                                                        r284285
+releng/10.1/                                                      r284295
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.openssl.org/news/secadv_20150611.txt>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788> 
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8
+BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf
+pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL
+JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh
+vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d
+eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV
+HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9
+sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R
+PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I
+MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ
+TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe
+vVCM4Nyx4S9WDFOi76ug
+=dyhg
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-15:10.openssl.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-15:10/openssl-10.1.patch
===================================================================
--- head/share/security/patches/SA-15:10/openssl-10.1.patch	(nonexistent)
+++ head/share/security/patches/SA-15:10/openssl-10.1.patch	(revision 46817)
@@ -0,0 +1,1897 @@
+Index: crypto/openssl/apps/dhparam.c
+===================================================================
+--- crypto/openssl/apps/dhparam.c	(revision 284286)
++++ crypto/openssl/apps/dhparam.c	(working copy)
+@@ -130,7 +130,7 @@
+ #undef PROG
+ #define PROG	dhparam_main
+ 
+-#define DEFBITS	512
++#define DEFBITS	2048
+ 
+ /* -inform arg	- input format - default PEM (DER or PEM)
+  * -outform arg - output format - default PEM
+@@ -253,7 +253,7 @@ bad:
+ 		BIO_printf(bio_err," -C            Output C code\n");
+ 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+ 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
++		BIO_printf(bio_err," numbits       number of bits in to generate (default 2048)\n");
+ #ifndef OPENSSL_NO_ENGINE
+ 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+ #endif
+Index: crypto/openssl/apps/gendh.c
+===================================================================
+--- crypto/openssl/apps/gendh.c	(revision 284286)
++++ crypto/openssl/apps/gendh.c	(working copy)
+@@ -78,7 +78,7 @@
+ #include <openssl/x509.h>
+ #include <openssl/pem.h>
+ 
+-#define DEFBITS	512
++#define DEFBITS	2048
+ #undef PROG
+ #define PROG gendh_main
+ 
+Index: crypto/openssl/apps/s_server.c
+===================================================================
+--- crypto/openssl/apps/s_server.c	(revision 284286)
++++ crypto/openssl/apps/s_server.c	(working copy)
+@@ -214,7 +214,7 @@ static int generate_session_id(const SSL *ssl, uns
+ 				unsigned int *id_len);
+ #ifndef OPENSSL_NO_DH
+ static DH *load_dh_param(const char *dhfile);
+-static DH *get_dh512(void);
++static DH *get_dh2048(void);
+ #endif
+ 
+ #ifdef MONOLITH
+@@ -222,29 +222,49 @@ static void s_server_init(void);
+ #endif
+ 
+ #ifndef OPENSSL_NO_DH
+-static unsigned char dh512_p[]={
+-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+-	0x47,0x74,0xE8,0x33,
+-	};
+-static unsigned char dh512_g[]={
++static unsigned char dh2048_p[] = {
++    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
++    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
++    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
++    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
++    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
++    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
++    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
++    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
++    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
++    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
++    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
++    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
++    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
++    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
++    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
++    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
++    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
++    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
++    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
++    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
++    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
++    0xE9,0x32,0x0B,0x3B,
++};
++
++static unsigned char dh2048_g[] = {
+ 	0x02,
+-	};
++};
+ 
+-static DH *get_dh512(void)
+-	{
+-	DH *dh=NULL;
++DH *get_dh2048()
++{
++    DH *dh;
+ 
+-	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL))
+-		return(NULL);
+-	return(dh);
++    if ((dh = DH_new()) == NULL)
++        return NULL;
++    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
++    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
++    if (dh->p == NULL || dh->g == NULL) {
++        DH_free(dh);
++        return NULL;
+ 	}
++    return dh;
++}
+ #endif
+ 
+ 
+@@ -1661,9 +1681,8 @@ bad:
+ #endif 
+ 
+ #ifndef OPENSSL_NO_DH
+-	if (!no_dhe)
+-		{
+-		DH *dh=NULL;
++    if (!no_dhe) {
++        DH *dh = NULL;
+ 
+ 		if (dhfile)
+ 			dh = load_dh_param(dhfile);
+@@ -1670,27 +1689,25 @@ bad:
+ 		else if (s_cert_file)
+ 			dh = load_dh_param(s_cert_file);
+ 
+-		if (dh != NULL)
+-			{
+-			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
++        if (dh != NULL) {
++            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
++        } else {
++            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
++            dh = get_dh2048();
++            if (dh == NULL) {
++                ERR_print_errors(bio_err);
++                goto end;
+ 			}
+-		else
+-			{
+-			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+-			dh=get_dh512();
+ 			}
+ 		(void)BIO_flush(bio_s_out);
+ 
+-		SSL_CTX_set_tmp_dh(ctx,dh);
+-#ifndef OPENSSL_NO_TLSEXT
+-		if (ctx2)
+-			{
+-			if (!dhfile)
+-				{ 
+-				DH *dh2=load_dh_param(s_cert_file2);
+-				if (dh2 != NULL)
+-					{
+-					BIO_printf(bio_s_out,"Setting temp DH parameters\n");
++        SSL_CTX_set_tmp_dh(ctx, dh);
++# ifndef OPENSSL_NO_TLSEXT
++        if (ctx2) {
++            if (!dhfile) {
++                DH *dh2 = load_dh_param(s_cert_file2);
++                if (dh2 != NULL) {
++                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+ 					(void)BIO_flush(bio_s_out);
+ 
+ 					DH_free(dh);
+@@ -1697,9 +1714,9 @@ bad:
+ 					dh = dh2;
+ 					}
+ 				}
+-			SSL_CTX_set_tmp_dh(ctx2,dh);
++            SSL_CTX_set_tmp_dh(ctx2, dh);
+ 			}
+-#endif
++# endif
+ 		DH_free(dh);
+ 		}
+ #endif
+Index: crypto/openssl/crypto/bio/bio_lib.c
+===================================================================
+--- crypto/openssl/crypto/bio/bio_lib.c	(revision 284286)
++++ crypto/openssl/crypto/bio/bio_lib.c	(working copy)
+@@ -543,8 +543,10 @@ BIO *BIO_dup_chain(BIO *in)
+ 
+ 		/* copy app data */
+ 		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
+-					&bio->ex_data))
++                                &bio->ex_data)) {
++            BIO_free(new_bio);
+ 			goto err;
++        }
+ 
+ 		if (ret == NULL)
+ 			{
+@@ -559,8 +561,8 @@ BIO *BIO_dup_chain(BIO *in)
+ 		}
+ 	return(ret);
+ err:
+-	if (ret != NULL)
+-		BIO_free(ret);
++	BIO_free_all(ret);
++
+ 	return(NULL);	
+ 	}
+ 
+Index: crypto/openssl/crypto/bn/bn_gf2m.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_gf2m.c	(revision 284286)
++++ crypto/openssl/crypto/bn/bn_gf2m.c	(working copy)
+@@ -568,10 +568,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, co
+ 		}
+ #else
+ 	{
+-	int i,	ubits = BN_num_bits(u),
+-		vbits = BN_num_bits(v),	/* v is copy of p */
+-		top = p->top;
+-	BN_ULONG *udp,*bdp,*vdp,*cdp;
++        int i;
++        int ubits = BN_num_bits(u);
++        int vbits = BN_num_bits(v); /* v is copy of p */
++        int top = p->top;
++        BN_ULONG *udp, *bdp, *vdp, *cdp;
+ 
+ 	bn_wexpand(u,top);	udp = u->d;
+ 				for (i=u->top;i<top;i++) udp[i] = 0;
+@@ -611,7 +612,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, co
+ 			ubits--;
+ 			}
+ 
+-		if (ubits<=BN_BITS2 && udp[0]==1) break;
++            if (ubits <= BN_BITS2) {
++                if (udp[0] == 0) /* poly was reducible */
++                    goto err;
++                if (udp[0] == 1)
++                    break;
++            }
+ 
+ 		if (ubits<vbits)
+ 			{
+Index: crypto/openssl/crypto/bn/bn_print.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_print.c	(revision 284286)
++++ crypto/openssl/crypto/bn/bn_print.c	(working copy)
+@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
+ 	char *buf;
+ 	char *p;
+ 
+-	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
++	if (a->neg && BN_is_zero(a)) {
++	    /* "-0" == 3 bytes including NULL terminator */
++	    buf = OPENSSL_malloc(3);
++	} else {
++	    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
++	}
+ 	if (buf == NULL)
+ 		{
+ 		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+Index: crypto/openssl/crypto/buffer/buffer.c
+===================================================================
+--- crypto/openssl/crypto/buffer/buffer.c	(revision 284286)
++++ crypto/openssl/crypto/buffer/buffer.c	(working copy)
+@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
+ 
+ 	if (a->data != NULL)
+ 		{
+-		memset(a->data,0,(unsigned int)a->max);
++		OPENSSL_cleanse(a->data, a->max);
+ 		OPENSSL_free(a->data);
+ 		}
+ 	OPENSSL_free(a);
+Index: crypto/openssl/crypto/cms/cms_smime.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_smime.c	(revision 284286)
++++ crypto/openssl/crypto/cms/cms_smime.c	(working copy)
+@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *upto)
+ 			BIO_free(f);
+ 			f = tbio;
+ 			}
+-		while (f != upto);
++		while (f && f != upto);
+ 		}
+ 	else
+ 		BIO_free_all(f);
+Index: crypto/openssl/crypto/ec/ec2_oct.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_oct.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec2_oct.c	(working copy)
+@@ -390,7 +390,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group
+ 		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+ 		}
+ 	
+-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
++	/* test required by X9.62 */
++	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_check.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_check.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_check.c	(working copy)
+@@ -88,7 +88,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *
+ 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+ 		goto err;
+ 		}
+-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
++	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_key.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_key.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_key.c	(working copy)
+@@ -326,7 +326,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
+ 		goto err;
+ 
+ 	/* testing whether the pub_key is on the elliptic curve */
+-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
++	if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_lib.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_lib.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_lib.c	(working copy)
+@@ -972,7 +972,15 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group,
+ 	}
+ 
+ 
+-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
++/*
++ * Check whether an EC_POINT is on the curve or not. Note that the return
++ * value for this function should NOT be treated as a boolean. Return values:
++ *  1: The point is on the curve
++ *  0: The point is not on the curve
++ * -1: An error occurred
++ */
++int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
++                         BN_CTX *ctx)
+ 	{
+ 	if (group->meth->is_on_curve == 0)
+ 		{
+Index: crypto/openssl/crypto/ec/ecp_oct.c
+===================================================================
+--- crypto/openssl/crypto/ec/ecp_oct.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ecp_oct.c	(working copy)
+@@ -416,7 +416,8 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group,
+ 		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+ 		}
+ 	
+-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
++	/* test required by X9.62 */
++	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ectest.c
+===================================================================
+--- crypto/openssl/crypto/ec/ectest.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ectest.c	(working copy)
+@@ -343,7 +343,7 @@ static void prime_field_tests(void)
+ 
+ 	if (!BN_hex2bn(&x, "D")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, Q, ctx))
++	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
+ 		{
+ 		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+ 		fprintf(stderr, "Point is not on curve: x = 0x");
+@@ -439,7 +439,7 @@ static void prime_field_tests(void)
+ 	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
+ 	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+ 	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -473,7 +473,7 @@ static void prime_field_tests(void)
+ 
+ 	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -507,7 +507,7 @@ static void prime_field_tests(void)
+ 
+ 	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -541,7 +541,7 @@ static void prime_field_tests(void)
+ 
+ 	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+ 		"84F3B9CAC2FC632551")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+@@ -580,7 +580,7 @@ static void prime_field_tests(void)
+ 	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+ 		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ 		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+@@ -624,7 +624,7 @@ static void prime_field_tests(void)
+ 		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+ 		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ 		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+ 		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+@@ -657,7 +657,7 @@ static void prime_field_tests(void)
+ 	if (!EC_POINT_copy(Q, P)) ABORT;
+ 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+ 
+ 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+@@ -771,7 +771,7 @@ static void prime_field_tests(void)
+ #define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ 	if (!BN_hex2bn(&x, _x)) ABORT; \
+ 	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ 	if (!BN_hex2bn(&z, _order)) ABORT; \
+ 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+@@ -789,7 +789,7 @@ static void prime_field_tests(void)
+ 	if (!BN_hex2bn(&x, _x)) ABORT; \
+ 	if (!BN_hex2bn(&y, _y)) ABORT; \
+ 	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ 	if (!BN_hex2bn(&z, _order)) ABORT; \
+ 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+@@ -894,7 +894,7 @@ static void char2_field_tests(void)
+ 	if (!BN_hex2bn(&y, "8")) ABORT;
+ 	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+ #endif
+-	if (!EC_POINT_is_on_curve(group, Q, ctx))
++	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
+ 		{
+ /* Change test based on whether binary point compression is enabled or not. */
+ #ifdef OPENSSL_EC_BIN_PT_COMP
+@@ -1133,7 +1133,7 @@ static void char2_field_tests(void)
+ 	if (!EC_POINT_copy(Q, P)) ABORT;
+ 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+ 
+ 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+Index: crypto/openssl/crypto/evp/e_aes.c
+===================================================================
+--- crypto/openssl/crypto/evp/e_aes.c	(revision 284286)
++++ crypto/openssl/crypto/evp/e_aes.c	(working copy)
+@@ -50,6 +50,7 @@
+ 
+ #include <openssl/opensslconf.h>
+ #ifndef OPENSSL_NO_AES
++#include <openssl/crypto.h>
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #include <string.h>
+@@ -967,7 +968,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx,
+ 		CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf,
+ 					EVP_GCM_TLS_TAG_LEN);
+ 		/* If tag mismatch wipe buffer */
+-		if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
++		if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
+ 			{
+ 			OPENSSL_cleanse(out, len);
+ 			goto err;
+@@ -1351,7 +1352,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, uns
+ 			unsigned char tag[16];
+ 			if (CRYPTO_ccm128_tag(ccm, tag, cctx->M))
+ 				{
+-				if (!memcmp(tag, ctx->buf, cctx->M))
++				if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
+ 					rv = len;
+ 				}
+ 			}
+Index: crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+===================================================================
+--- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c	(revision 284286)
++++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c	(working copy)
+@@ -54,6 +54,7 @@
+ 
+ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
+ 
++#include <openssl/crypto.h>
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/rc4.h>
+@@ -205,7 +206,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx
+ 			MD5_Update(&key->md,mac,MD5_DIGEST_LENGTH);
+ 			MD5_Final(mac,&key->md);
+ 
+-			if (memcmp(out+plen,mac,MD5_DIGEST_LENGTH))
++			if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+ 				return 0;
+ 		} else {
+ 			MD5_Update(&key->md,out+md5_off,len-md5_off);
+Index: crypto/openssl/crypto/evp/evp.h
+===================================================================
+--- crypto/openssl/crypto/evp/evp.h	(revision 284286)
++++ crypto/openssl/crypto/evp/evp.h	(working copy)
+@@ -103,7 +103,6 @@
+ #define EVP_PKS_RSA	0x0100
+ #define EVP_PKS_DSA	0x0200
+ #define EVP_PKS_EC	0x0400
+-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
+ 
+ #define EVP_PKEY_NONE	NID_undef
+ #define EVP_PKEY_RSA	NID_rsaEncryption
+Index: crypto/openssl/crypto/hmac/hmac.c
+===================================================================
+--- crypto/openssl/crypto/hmac/hmac.c	(revision 284286)
++++ crypto/openssl/crypto/hmac/hmac.c	(working copy)
+@@ -240,6 +240,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const vo
+ 	HMAC_CTX_cleanup(&c);
+ 	return md;
+ 	err:
++    HMAC_CTX_cleanup(&c);
+ 	return NULL;
+ 	}
+ 
+Index: crypto/openssl/crypto/modes/gcm128.c
+===================================================================
+--- crypto/openssl/crypto/modes/gcm128.c	(revision 284286)
++++ crypto/openssl/crypto/modes/gcm128.c	(working copy)
+@@ -1525,7 +1525,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const
+ 	ctx->Xi.u[1] ^= ctx->EK0.u[1];
+ 
+ 	if (tag && len<=sizeof(ctx->Xi))
+-		return memcmp(ctx->Xi.c,tag,len);
++		return CRYPTO_memcmp(ctx->Xi.c, tag, len);
+ 	else
+ 		return -1;
+ }
+Index: crypto/openssl/crypto/objects/obj_dat.c
+===================================================================
+--- crypto/openssl/crypto/objects/obj_dat.c	(revision 284286)
++++ crypto/openssl/crypto/objects/obj_dat.c	(working copy)
+@@ -405,6 +405,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
+ 	if (a->nid != 0)
+ 		return(a->nid);
+ 
++	if (a->length == 0)
++		return NID_undef;
++
+ 	if (added != NULL)
+ 		{
+ 		ad.type=ADDED_DATA;
+Index: crypto/openssl/crypto/pkcs12/p12_mutl.c
+===================================================================
+--- crypto/openssl/crypto/pkcs12/p12_mutl.c	(revision 284286)
++++ crypto/openssl/crypto/pkcs12/p12_mutl.c	(working copy)
+@@ -59,6 +59,7 @@
+ #ifndef OPENSSL_NO_HMAC
+ #include <stdio.h>
+ #include "cryptlib.h"
++#include <openssl/crypto.h>
+ #include <openssl/hmac.h>
+ #include <openssl/rand.h>
+ #include <openssl/pkcs12.h>
+@@ -123,7 +124,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pas
+ 		return 0;
+ 	}
+ 	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
++        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
++		return 0;
+ 	return 1;
+ }
+ 
+Index: crypto/openssl/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c	(revision 284286)
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c	(working copy)
+@@ -504,6 +504,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, B
+ 	        goto err;
+ 		}
+ 
++    /* Detached content must be supplied via in_bio instead. */
++    if (data_body == NULL && in_bio == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++        goto err;
++    }
++
+ 	/* We will be checking the signature */
+ 	if (md_sk != NULL)
+ 		{
+@@ -660,7 +666,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, B
+ 		}
+ 
+ #if 1
+-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
++	if (in_bio != NULL)
+ 		{
+ 		bio=in_bio;
+ 		}
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_vfy.c	(revision 284286)
++++ crypto/openssl/crypto/x509/x509_vfy.c	(working copy)
+@@ -1679,83 +1679,121 @@ int X509_cmp_current_time(const ASN1_TIME *ctm)
+ }
+ 
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
+-	{
++{
+ 	char *str;
+ 	ASN1_TIME atm;
+ 	long offset;
+-	char buff1[24],buff2[24],*p;
+-	int i,j;
++    char buff1[24], buff2[24], *p;
++    int i, j, remaining;
+ 
+-	p=buff1;
+-	i=ctm->length;
+-	str=(char *)ctm->data;
+-	if (ctm->type == V_ASN1_UTCTIME)
+-		{
+-		if ((i < 11) || (i > 17)) return 0;
+-		memcpy(p,str,10);
+-		p+=10;
+-		str+=10;
++    p = buff1;
++    remaining = ctm->length;
++    str = (char *)ctm->data;
++    /*
++     * Note that the following (historical) code allows much more slack in the
++     * time format than RFC5280. In RFC5280, the representation is fixed:
++     * UTCTime: YYMMDDHHMMSSZ
++     * GeneralizedTime: YYYYMMDDHHMMSSZ
++     */
++    if (ctm->type == V_ASN1_UTCTIME) {
++        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
++        int min_length = sizeof("YYMMDDHHMMZ") - 1;
++        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
++        if (remaining < min_length || remaining > max_length)
++            return 0;
++        memcpy(p, str, 10);
++        p += 10;
++        str += 10;
++        remaining -= 10;
++    } else {
++        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
++        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
++        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
++        if (remaining < min_length || remaining > max_length)
++            return 0;
++        memcpy(p, str, 12);
++        p += 12;
++        str += 12;
++        remaining -= 12;
+ 		}
+-	else
+-		{
+-		if (i < 13) return 0;
+-		memcpy(p,str,12);
+-		p+=12;
+-		str+=12;
+-		}
+ 
+-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+-		{ *(p++)='0'; *(p++)='0'; }
+-	else
+-		{ 
+-		*(p++)= *(str++);
+-		*(p++)= *(str++);
+-		/* Skip any fractional seconds... */
+-		if (*str == '.')
+-			{
++    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
++        *(p++) = '0';
++        *(p++) = '0';
++    } else {
++        /* SS (seconds) */
++        if (remaining < 2)
++            return 0;
++        *(p++) = *(str++);
++        *(p++) = *(str++);
++        remaining -= 2;
++        /*
++         * Skip any (up to three) fractional seconds...
++         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
++         * Can we just kill them altogether?
++         */
++        if (remaining && *str == '.') {
+ 			str++;
+-			while ((*str >= '0') && (*str <= '9')) str++;
++            remaining--;
++            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
++                if (*str < '0' || *str > '9')
++                    break;
+ 			}
+-		
+ 		}
+-	*(p++)='Z';
+-	*(p++)='\0';
+ 
+-	if (*str == 'Z')
+-		offset=0;
+-	else
+-		{
++    }
++    *(p++) = 'Z';
++    *(p++) = '\0';
++
++    /* We now need either a terminating 'Z' or an offset. */
++    if (!remaining)
++        return 0;
++    if (*str == 'Z') {
++        if (remaining != 1)
++            return 0;
++        offset = 0;
++    } else {
++        /* (+-)HHMM */
+ 		if ((*str != '+') && (*str != '-'))
+ 			return 0;
+-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+-		offset+=(str[3]-'0')*10+(str[4]-'0');
++        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
++        if (remaining != 5)
++            return 0;
++        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
++            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
++            return 0;
++        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
++        offset += (str[3] - '0') * 10 + (str[4] - '0');
+ 		if (*str == '-')
+-			offset= -offset;
++            offset = -offset;
+ 		}
+-	atm.type=ctm->type;
++    atm.type = ctm->type;
+ 	atm.flags = 0;
+-	atm.length=sizeof(buff2);
+-	atm.data=(unsigned char *)buff2;
++    atm.length = sizeof(buff2);
++    atm.data = (unsigned char *)buff2;
+ 
+-	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
++    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+ 		return 0;
+ 
+-	if (ctm->type == V_ASN1_UTCTIME)
+-		{
+-		i=(buff1[0]-'0')*10+(buff1[1]-'0');
+-		if (i < 50) i+=100; /* cf. RFC 2459 */
+-		j=(buff2[0]-'0')*10+(buff2[1]-'0');
+-		if (j < 50) j+=100;
++    if (ctm->type == V_ASN1_UTCTIME) {
++        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
++        if (i < 50)
++            i += 100;           /* cf. RFC 2459 */
++        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
++        if (j < 50)
++            j += 100;
+ 
+-		if (i < j) return -1;
+-		if (i > j) return 1;
++        if (i < j)
++            return -1;
++        if (i > j)
++            return 1;
+ 		}
+-	i=strcmp(buff1,buff2);
++    i = strcmp(buff1, buff2);
+ 	if (i == 0) /* wait a second then return younger :-) */
+ 		return -1;
+ 	else
+ 		return i;
+-	}
++}
+ 
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+ {
+Index: crypto/openssl/crypto/x509/x509type.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509type.c	(revision 284286)
++++ crypto/openssl/crypto/x509/x509type.c	(working copy)
+@@ -122,9 +122,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+ 			}
+ 		}
+ 
+-	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
+-					   for, not bytes */
+-		ret|=EVP_PKT_EXP;
+ 	if(pkey==NULL) EVP_PKEY_free(pk);
+ 	return(ret);
+ 	}
+Index: crypto/openssl/doc/apps/dhparam.pod
+===================================================================
+--- crypto/openssl/doc/apps/dhparam.pod	(revision 284286)
++++ crypto/openssl/doc/apps/dhparam.pod	(working copy)
+@@ -71,8 +71,10 @@ check if the parameters are valid primes and gener
+ 
+ =item B<-2>, B<-5>
+ 
+-The generator to use, either 2 or 5. 2 is the default. If present then the
+-input file is ignored and parameters are generated instead.
++The generator to use, either 2 or 5. If present then the
++input file is ignored and parameters are generated instead. If not
++present but B<numbits> is present, parameters are generated with the
++default generator 2.
+ 
+ =item B<-rand> I<file(s)>
+ 
+@@ -85,9 +87,10 @@ all others.
+ =item I<numbits>
+ 
+ this option specifies that a parameter set should be generated of size
+-I<numbits>. It must be the last option. If not present then a value of 512
+-is used. If this option is present then the input file is ignored and 
+-parameters are generated instead.
++I<numbits>. It must be the last option. If this option is present then
++the input file is ignored and parameters are generated instead. If
++this option is not present but a generator (B<-2> or B<-5>) is
++present, parameters are generated with a default length of 2048 bits.
+ 
+ =item B<-noout>
+ 
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+===================================================================
+--- crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	(revision 284286)
++++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	(working copy)
+@@ -61,12 +61,12 @@ negotiation is being saved.
+ 
+ If "strong" primes were used to generate the DH parameters, it is not strictly
+ necessary to generate a new key for each handshake but it does improve forward
+-secrecy. If it is not assured, that "strong" primes were used (see especially
+-the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
+-in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
+-has an impact on the computer time needed during negotiation, but it is not
+-very large, so application authors/users should consider to always enable
+-this option.
++secrecy. If it is not assured that "strong" primes were used,
++SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
++attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
++computer time needed during negotiation, but it is not very large, so
++application authors/users should consider always enabling this option.
++The option is required to implement perfect forward secrecy (PFS).
+ 
+ As generating DH parameters is extremely time consuming, an application
+ should not generate the parameters on the fly but supply the parameters.
+@@ -74,83 +74,63 @@ DH parameters can be reused, as the actual key is
+ the negotiation. The risk in reusing DH parameters is that an attacker
+ may specialize on a very often used DH group. Applications should therefore
+ generate their own DH parameters during the installation process using the
+-openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
+-time needed for this generation, it is possible to use DSA parameters
+-instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
+-is mandatory.
++openssl L<dhparam(1)|dhparam(1)> application. This application
++guarantees that "strong" primes are used.
+ 
+-Application authors may compile in DH parameters. Files dh512.pem,
+-dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
++Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
+ version of the OpenSSL distribution contain the 'SKIP' DH parameters,
+ which use safe primes and were generated verifiably pseudo-randomly.
+ These files can be converted into C code using the B<-C> option of the
+-L<dhparam(1)|dhparam(1)> application.
+-Authors may also generate their own set of parameters using
+-L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
+-generated. The generation of DH parameters during installation is therefore
+-recommended.
++L<dhparam(1)|dhparam(1)> application. Generation of custom DH
++parameters during installation should still be preferred to stop an
++attacker from specializing on a commonly used group. Files dh1024.pem
++and dh512.pem contain old parameters that must not be used by
++applications.
+ 
+ An application may either directly specify the DH parameters or
+-can supply the DH parameters via a callback function. The callback approach
+-has the advantage, that the callback may supply DH parameters for different
+-key lengths.
++can supply the DH parameters via a callback function.
+ 
+-The B<tmp_dh_callback> is called with the B<keylength> needed and
+-the B<is_export> information. The B<is_export> flag is set, when the
+-ephemeral DH key exchange is performed with an export cipher.
++Previous versions of the callback used B<is_export> and B<keylength>
++parameters to control parameter generation for export and non-export
++cipher suites. Modern servers that do not support export ciphersuites
++are advised to either use SSL_CTX_set_tmp_dh() in combination with
++SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
++B<keylength> and B<is_export> and simply supply at least 2048-bit
++parameters in the callback.
+ 
+ =head1 EXAMPLES
+ 
+-Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
++Setup DH parameters with a key length of 2048 bits. (Error handling
+ partly left out.)
+ 
++ Command-line parameter generation:
++ $ openssl dhparam -out dh_param_2048.pem 2048
++
++ Code for setting up parameters during server initialization:
++
+  ...
+- /* Set up ephemeral DH stuff */
+- DH *dh_512 = NULL;
+- DH *dh_1024 = NULL;
++ SSL_CTX ctx = SSL_CTX_new();
++ ...
++
++ /* Set up ephemeral DH parameters. */
++ DH *dh_2048 = NULL;
+  FILE *paramfile;
+-
+- ...
+- /* "openssl dhparam -out dh_param_512.pem -2 512" */
+- paramfile = fopen("dh_param_512.pem", "r");
++ paramfile = fopen("dh_param_2048.pem", "r");
+  if (paramfile) {
+-   dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+    fclose(paramfile);
++ } else {
++   /* Error. */
+  }
+- /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
+- paramfile = fopen("dh_param_1024.pem", "r");
+- if (paramfile) {
+-   dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+-   fclose(paramfile);
++ if (dh_2048 == NULL) {
++  /* Error. */
+  }
++ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
++   /* Error. */
++ }
++ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+  ...
+ 
+- /* "openssl dhparam -C -2 512" etc... */
+- DH *get_dh512() { ... }
+- DH *get_dh1024() { ... }
+-
+- DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
+- {
+-    DH *dh_tmp=NULL;
+-
+-    switch (keylength) {
+-    case 512:
+-      if (!dh_512)
+-        dh_512 = get_dh512();
+-      dh_tmp = dh_512;
+-      break;
+-    case 1024:
+-      if (!dh_1024)
+-        dh_1024 = get_dh1024();
+-      dh_tmp = dh_1024;
+-      break;
+-    default:
+-      /* Generating a key on the fly is very costly, so use what is there */
+-      setup_dh_parameters_like_above();
+-    }
+-    return(dh_tmp);
+- }
+-
+ =head1 RETURN VALUES
+ 
+ SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
+Index: crypto/openssl/ssl/d1_both.c
+===================================================================
+--- crypto/openssl/ssl/d1_both.c	(revision 284286)
++++ crypto/openssl/ssl/d1_both.c	(working copy)
+@@ -481,6 +481,12 @@ again:
+ 	else if ( i <= 0 && !*ok)
+ 		return i;
+ 
++    if (mt >= 0 && s->s3->tmp.message_type != mt) {
++        al = SSL_AD_UNEXPECTED_MESSAGE;
++        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
++        goto f_err;
++    }
++
+ 	p = (unsigned char *)s->init_buf->data;
+ 	msg_len = msg_hdr->msg_len;
+ 
+@@ -869,6 +875,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 	/* parse the message fragment header */
+ 	dtls1_get_message_header(wire, &msg_hdr);
+ 
++    len = msg_hdr.msg_len;
++    frag_off = msg_hdr.frag_off;
++    frag_len = msg_hdr.frag_len;
++
++    /*
++     * We must have at least frag_len bytes left in the record to be read.
++     * Fragments must not span records.
++     */
++    if (frag_len > s->s3->rrec.length) {
++        al = SSL3_AD_ILLEGAL_PARAMETER;
++        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);
++        goto f_err;
++    }
++
+ 	/* 
+ 	 * if this is a future (or stale) message it gets buffered
+ 	 * (or dropped)--no further processing at this time
+@@ -878,10 +898,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
+ 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+ 
+-	len = msg_hdr.msg_len;
+-	frag_off = msg_hdr.frag_off;
+-	frag_len = msg_hdr.frag_len;
+-
+ 	if (frag_len && frag_len < len)
+ 		return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+ 
+@@ -913,9 +929,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 	if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
+ 		goto f_err;
+ 
+-	/* XDTLS:  ressurect this when restart is in place */
+-	s->state=stn;
+-
+ 	if ( frag_len > 0)
+ 		{
+ 		unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
+@@ -922,7 +935,10 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 
+ 		i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ 			&p[frag_off],frag_len,0);
+-		/* XDTLS:  fix this--message fragments cannot span multiple packets */
++		/*
++		 * This shouldn't ever fail due to NBIO because we already checked
++		 * that we have enough data in the record
++		 */
+ 		if (i <= 0)
+ 			{
+ 			s->rwstate=SSL_READING;
+@@ -943,6 +959,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int st
+ 		}
+ 
+ 	*ok = 1;
++    s->state = stn;
+ 
+ 	/* Note that s->init_num is *not* used as current offset in
+ 	 * s->init_buf->data, but as a counter summing up fragments'
+Index: crypto/openssl/ssl/d1_lib.c
+===================================================================
+--- crypto/openssl/ssl/d1_lib.c	(revision 284286)
++++ crypto/openssl/ssl/d1_lib.c	(working copy)
+@@ -509,6 +509,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
+ 	{
+ 	int ret;
+ 
++    /* Ensure there is no state left over from a previous invocation */
++    SSL_clear(s);
++
+ 	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ 	s->d1->listen = 1;
+ 
+Index: crypto/openssl/ssl/d1_pkt.c
+===================================================================
+--- crypto/openssl/ssl/d1_pkt.c	(revision 284286)
++++ crypto/openssl/ssl/d1_pkt.c	(working copy)
+@@ -1056,7 +1056,7 @@ start:
+ 			{
+ 			al=SSL_AD_DECODE_ERROR;
+ 			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+-			goto err;
++			goto f_err;
+ 			}
+ 
+ 		/* no need to check sequence number on HELLO REQUEST messages */
+Index: crypto/openssl/ssl/s3_cbc.c
+===================================================================
+--- crypto/openssl/ssl/s3_cbc.c	(revision 284286)
++++ crypto/openssl/ssl/s3_cbc.c	(working copy)
+@@ -143,7 +143,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
+ 		{
+ 		/* First packet is even in size, so check */
+-		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
++		if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+ 		    !(padding_length & 1))
+ 			{
+ 			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 284286)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -1606,6 +1606,13 @@ int ssl3_get_key_exchange(SSL *s)
+ 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+ 			goto err;
+ 			}
++
++		if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
++			al = SSL_AD_UNEXPECTED_MESSAGE;
++			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
++			goto f_err;
++		}
++
+ 		s->session->sess_cert->peer_rsa_tmp=rsa;
+ 		rsa=NULL;
+ 		}
+@@ -2190,7 +2197,39 @@ int ssl3_get_new_session_ticket(SSL *s)
+ 		goto f_err;
+ 		}
+ 
+-	p=d=(unsigned char *)s->init_msg;
++    p = d = (unsigned char *)s->init_msg;
++
++    if (s->session->session_id_length > 0) {
++        int i = s->session_ctx->session_cache_mode;
++        SSL_SESSION *new_sess;
++        /*
++         * We reused an existing session, so we need to replace it with a new
++         * one
++         */
++        if (i & SSL_SESS_CACHE_CLIENT) {
++            /*
++             * Remove the old session from the cache
++             */
++            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
++                if (s->session_ctx->remove_session_cb != NULL)
++                    s->session_ctx->remove_session_cb(s->session_ctx,
++                                                      s->session);
++            } else {
++                /* We carry on if this fails */
++                SSL_CTX_remove_session(s->session_ctx, s->session);
++            }
++        }
++
++        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
++            al = SSL_AD_INTERNAL_ERROR;
++            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
++            goto f_err;
++        }
++
++        SSL_SESSION_free(s->session);
++        s->session = new_sess;
++    }
++
+ 	n2l(p, s->session->tlsext_tick_lifetime_hint);
+ 	n2s(p, ticklen);
+ 	/* ticket_lifetime_hint + ticket_length + ticket */
+@@ -3319,6 +3358,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
+ 	int i,idx;
+ 	long alg_k,alg_a;
+ 	EVP_PKEY *pkey=NULL;
++	int pkey_bits;
+ 	SESS_CERT *sc;
+ #ifndef OPENSSL_NO_RSA
+ 	RSA *rsa;
+@@ -3326,6 +3366,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
+ #ifndef OPENSSL_NO_DH
+ 	DH *dh;
+ #endif
++    int al = SSL_AD_HANDSHAKE_FAILURE;
+ 
+ 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+ 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
+@@ -3367,6 +3408,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
+ 		}
+ #endif
+ 	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
++	pkey_bits = EVP_PKEY_bits(pkey);
+ 	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
+ 	EVP_PKEY_free(pkey);
+ 
+@@ -3385,71 +3427,108 @@ int ssl3_check_cert_and_algorithm(SSL *s)
+ 		}
+ #endif
+ #ifndef OPENSSL_NO_RSA
+-	if ((alg_k & SSL_kRSA) &&
+-		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
+-		{
+-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
++    if (alg_k & SSL_kRSA) {
++        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
++            !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
++            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                   SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ 		goto f_err;
++        } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
++            if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
++                if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
++                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                           SSL_R_MISSING_RSA_ENCRYPTING_CERT);
++                    goto f_err;
+ 		}
++                if (rsa != NULL) {
++                    /* server key exchange is not allowed. */
++                    al = SSL_AD_INTERNAL_ERROR;
++                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
++                    goto f_err;
++                }
++            }
++        }
++    }
+ #endif
+ #ifndef OPENSSL_NO_DH
+-	if ((alg_k & SSL_kEDH) &&
+-		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+-		{
+-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
++    if ((alg_k & SSL_kEDH) && dh == NULL) {
++        al = SSL_AD_INTERNAL_ERROR;
++        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+ 		goto f_err;
+ 		}
+-	else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+-		{
+-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
++    if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
++        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++               SSL_R_MISSING_DH_RSA_CERT);
+ 		goto f_err;
+ 		}
+-#ifndef OPENSSL_NO_DSA
+-	else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+-		{
+-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
++# ifndef OPENSSL_NO_DSA
++    if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
++        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++               SSL_R_MISSING_DH_DSA_CERT);
+ 		goto f_err;
+ 		}
+-#endif
+-#endif
++# endif
+ 
+-	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
++    /* Check DHE only: static DH not implemented. */
++    if (alg_k & SSL_kEDH) {
++        int dh_size = BN_num_bits(dh->p);
++        if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
++            || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
++            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
++            goto f_err;
++        }
++    }
++#endif  /* !OPENSSL_NO_DH */
++
++	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
++	    pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ 		{
+ #ifndef OPENSSL_NO_RSA
+-		if (alg_k & SSL_kRSA)
+-			{
+-			if (rsa == NULL
+-			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+-				{
+-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
++        if (alg_k & SSL_kRSA) {
++            if (rsa == NULL) {
++                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+ 				goto f_err;
++            } else if (BN_num_bits(rsa->n) >
++                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
++                /* We have a temporary RSA key but it's too large. */
++                al = SSL_AD_EXPORT_RESTRICTION;
++                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
++                goto f_err;
+ 				}
+-			}
+-		else
++        } else
+ #endif
+ #ifndef OPENSSL_NO_DH
+-			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+-			    {
+-			    if (dh == NULL
+-				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+-				{
+-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
++        if (alg_k & SSL_kEDH) {
++            if (BN_num_bits(dh->p) >
++                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
++                /* We have a temporary DH key but it's too large. */
++                al = SSL_AD_EXPORT_RESTRICTION;
++                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                       SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+ 				goto f_err;
+ 				}
+-			}
+-		else
++        } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
++            /* The cert should have had an export DH key. */
++            al = SSL_AD_EXPORT_RESTRICTION;
++            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                   SSL_R_MISSING_EXPORT_TMP_DH_KEY);
++                goto f_err;
++        } else
+ #endif
+ 			{
+-			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
++            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ 			goto f_err;
+ 			}
+ 		}
+-	return(1);
+-f_err:
+-	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+-err:
+-	return(0);
+-	}
++    return (1);
++ f_err:
++    ssl3_send_alert(s, SSL3_AL_FATAL, al);
++ err:
++    return (0);
++}
+ 
+ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ int ssl3_send_next_proto(SSL *s)
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 284286)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -2418,6 +2418,7 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 		int		     padl, outl;
+ 		krb5_timestamp		authtime = 0;
+ 		krb5_ticket_times	ttimes;
++        int kerr = 0;
+ 
+ 		EVP_CIPHER_CTX_init(&ciph_ctx);
+ 
+@@ -2530,19 +2531,22 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DECRYPTION_FAILED);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DATA_LENGTH_TOO_LONG);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DECRYPTION_FAILED);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		outl += padl;
+ 		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+@@ -2549,7 +2553,8 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DATA_LENGTH_TOO_LONG);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
+ 		    {
+@@ -2565,7 +2570,8 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 			       SSL_AD_DECODE_ERROR);
+-			goto err;
++                kerr = 1;
++                goto kclean;
+ 			}
+ 		    }
+ 
+@@ -2591,6 +2597,11 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 		**  kssl_ctx = kssl_ctx_free(kssl_ctx);
+ 		**  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+ 		*/
++
++ kclean:
++        OPENSSL_cleanse(pms, sizeof(pms));
++        if (kerr)
++            goto err;
+ 		}
+ 	else
+ #endif	/* OPENSSL_NO_KRB5 */
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 284286)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -2263,6 +2263,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_READ					 223
+ #define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+ #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
++#define SSL_F_SSL_SESSION_DUP				 348
+ #define SSL_F_SSL_SESSION_NEW				 189
+ #define SSL_F_SSL_SESSION_PRINT_FP			 190
+ #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
+@@ -2377,6 +2378,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_DATA_LENGTH_TOO_LONG			 146
+ #define SSL_R_DECRYPTION_FAILED				 147
+ #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
++#define SSL_R_DH_KEY_TOO_SMALL				 372
+ #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+ #define SSL_R_DIGEST_CHECK_FAILED			 149
+ #define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 284286)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -245,6 +245,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},
++{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),	"SSL_SESSION_set1_id_context"},
+@@ -362,6 +363,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
+ {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
++{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+ {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
+ {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
+ {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  ,"dtls message too big"},
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h	(revision 284286)
++++ crypto/openssl/ssl/ssl_locl.h	(working copy)
+@@ -831,6 +831,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
+ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+ int ssl_get_new_session(SSL *s, int session);
+ int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+ int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+ 				  ssl_cipher_id);
+Index: crypto/openssl/ssl/ssl_sess.c
+===================================================================
+--- crypto/openssl/ssl/ssl_sess.c	(revision 284286)
++++ crypto/openssl/ssl/ssl_sess.c	(working copy)
+@@ -224,6 +224,130 @@ SSL_SESSION *SSL_SESSION_new(void)
+ 	return(ss);
+ 	}
+ 
++/*
++ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
++ * ticket == 0 then no ticket information is duplicated, otherwise it is.
++ */
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
++{
++    SSL_SESSION *dest;
++
++    dest = OPENSSL_malloc(sizeof(*src));
++    if (dest == NULL) {
++        goto err;
++    }
++    memcpy(dest, src, sizeof(*dest));
++
++    /*
++     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
++     * the case of an error whilst halfway through constructing dest
++     */
++#ifndef OPENSSL_NO_PSK
++    dest->psk_identity_hint = NULL;
++    dest->psk_identity = NULL;
++#endif
++    dest->ciphers = NULL;
++#ifndef OPENSSL_NO_TLSEXT
++    dest->tlsext_hostname = NULL;
++# ifndef OPENSSL_NO_EC
++    dest->tlsext_ecpointformatlist = NULL;
++    dest->tlsext_ellipticcurvelist = NULL;
++# endif
++#endif
++    dest->tlsext_tick = NULL;
++#ifndef OPENSSL_NO_SRP
++    dest->srp_username = NULL;
++#endif
++    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
++
++    /* We deliberately don't copy the prev and next pointers */
++    dest->prev = NULL;
++    dest->next = NULL;
++
++    dest->references = 1;
++
++    if (src->sess_cert != NULL)
++        CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
++
++    if (src->peer != NULL)
++        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
++
++#ifndef OPENSSL_NO_PSK
++    if (src->psk_identity_hint) {
++        dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
++        if (dest->psk_identity_hint == NULL) {
++            goto err;
++        }
++    }
++    if (src->psk_identity) {
++        dest->psk_identity = BUF_strdup(src->psk_identity);
++        if (dest->psk_identity == NULL) {
++            goto err;
++        }
++    }
++#endif
++
++    if(src->ciphers != NULL) {
++        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
++        if (dest->ciphers == NULL)
++            goto err;
++    }
++
++    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
++                                            &dest->ex_data, &src->ex_data)) {
++        goto err;
++    }
++
++#ifndef OPENSSL_NO_TLSEXT
++    if (src->tlsext_hostname) {
++        dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
++        if (dest->tlsext_hostname == NULL) {
++            goto err;
++        }
++    }
++# ifndef OPENSSL_NO_EC
++    if (src->tlsext_ecpointformatlist) {
++        dest->tlsext_ecpointformatlist =
++            BUF_memdup(src->tlsext_ecpointformatlist,
++                       src->tlsext_ecpointformatlist_length);
++        if (dest->tlsext_ecpointformatlist == NULL)
++            goto err;
++    }
++    if (src->tlsext_ellipticcurvelist) {
++        dest->tlsext_ellipticcurvelist =
++            BUF_memdup(src->tlsext_ellipticcurvelist,
++                       src->tlsext_ellipticcurvelist_length);
++        if (dest->tlsext_ellipticcurvelist == NULL)
++            goto err;
++    }
++# endif
++#endif
++
++    if (ticket != 0) {
++        dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
++        if(dest->tlsext_tick == NULL)
++            goto err;
++    } else {
++        dest->tlsext_tick_lifetime_hint = 0;
++        dest->tlsext_ticklen = 0;
++    }
++
++#ifndef OPENSSL_NO_SRP
++    if (src->srp_username) {
++        dest->srp_username = BUF_strdup(src->srp_username);
++        if (dest->srp_username == NULL) {
++            goto err;
++        }
++    }
++#endif
++
++    return dest;
++err:
++    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
++    SSL_SESSION_free(dest);
++    return NULL;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ 	{
+ 	if(len)
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c	(revision 284286)
++++ crypto/openssl/ssl/t1_lib.c	(working copy)
+@@ -1015,12 +1015,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 
+ 	s->srtp_profile = NULL;
+ 
+-	if (data >= (d+n-2))
++	if (data >= (d + n - 2)) {
++	    if (data != d + n)
++		goto err;
++	    else
+ 		goto ri_check;
++	}
+ 	n2s(data,len);
+ 
+ 	if (data > (d+n-len)) 
+-		goto ri_check;
++		goto err;
+ 
+ 	while (data <= (d+n-4))
+ 		{
+@@ -1028,7 +1032,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 		n2s(data,size);
+ 
+ 		if (data+size > (d+n))
+-	   		goto ri_check;
++			goto err;
+ #if 0
+ 		fprintf(stderr,"Received extension type %d size %d\n",type,size);
+ #endif
+@@ -1065,17 +1069,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 			int dsize; 
+ 		
+ 			if (size < 2) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			n2s(data,dsize);  
+ 			size -= 2;
+ 			if (dsize > size  ) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				} 
++				goto err;
+ 
+ 			sdata = data;
+ 			while (dsize > 3) 
+@@ -1085,10 +1083,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 				dsize -= 3;
+ 
+ 				if (len > dsize) 
+-					{
+-					*al = SSL_AD_DECODE_ERROR;
+-					return 0;
+-					}
++					goto err;
+ 				if (s->servername_done == 0)
+ 				switch (servname_type)
+ 					{
+@@ -1096,10 +1091,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 					if (!s->hit)
+ 						{
+ 						if(s->session->tlsext_hostname)
+-							{
+-							*al = SSL_AD_DECODE_ERROR;
+-							return 0;
+-							}
++							goto err;
+ 						if (len > TLSEXT_MAXLEN_host_name)
+ 							{
+ 							*al = TLS1_AD_UNRECOGNIZED_NAME;
+@@ -1135,10 +1127,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 				dsize -= len;
+ 				}
+ 			if (dsize != 0) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 
+ 			}
+ #ifndef OPENSSL_NO_SRP
+@@ -1145,15 +1134,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 		else if (type == TLSEXT_TYPE_srp)
+ 			{
+ 			if (size <= 0 || ((len = data[0])) != (size -1))
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			if (s->srp_ctx.login != NULL)
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
+ 				return -1;
+ 			memcpy(s->srp_ctx.login, &data[1], len);
+@@ -1160,11 +1143,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 			s->srp_ctx.login[len]='\0';
+   
+ 			if (strlen(s->srp_ctx.login) != len) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
++				goto err;
+ 				}
+-			}
+ #endif
+ 
+ #ifndef OPENSSL_NO_EC
+@@ -1174,10 +1154,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 			int ecpointformatlist_length = *(sdata++);
+ 
+ 			if (ecpointformatlist_length != size - 1)
+-				{
+-				*al = TLS1_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			if (!s->hit)
+ 				{
+ 				if(s->session->tlsext_ecpointformatlist)
+@@ -1212,17 +1189,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 				ellipticcurvelist_length < 1 ||
+ 				/* Each NamedCurve is 2 bytes. */
+ 				ellipticcurvelist_length & 1)
+-				{
+-				*al = TLS1_AD_DECODE_ERROR;
+-				return 0;
+-				}
++					goto err;
+ 			if (!s->hit)
+ 				{
+ 				if(s->session->tlsext_ellipticcurvelist)
+-					{
+-					*al = TLS1_AD_DECODE_ERROR;
+-					return 0;
+-					}
++					goto err;
++
+ 				s->session->tlsext_ellipticcurvelist_length = 0;
+ 				if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+ 					{
+@@ -1291,33 +1263,21 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 			{
+ 			int dsize;
+ 			if (sigalg_seen || size < 2) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			sigalg_seen = 1;
+ 			n2s(data,dsize);
+ 			size -= 2;
+ 			if (dsize != size || dsize & 1) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 			if (!tls1_process_sigalgs(s, data, dsize))
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
++				goto err;
+ 				}
+-			}
+ 		else if (type == TLSEXT_TYPE_status_request &&
+ 		         s->version != DTLS1_VERSION)
+ 			{
+ 		
+ 			if (size < 5) 
+-				{
+-				*al = SSL_AD_DECODE_ERROR;
+-				return 0;
+-				}
++				goto err;
+ 
+ 			s->tlsext_status_type = *data++;
+ 			size--;
+@@ -1329,41 +1289,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 				n2s(data,dsize);
+ 				size -= 2;
+ 				if (dsize > size  ) 
+-					{
+-					*al = SSL_AD_DECODE_ERROR;
+-					return 0;
+-					}
++					goto err;
+ 				while (dsize > 0)
+ 					{
+ 					OCSP_RESPID *id;
+ 					int idsize;
+ 					if (dsize < 4)
+-						{
+-						*al = SSL_AD_DECODE_ERROR;
+-						return 0;
+-						}
++						goto err;
+ 					n2s(data, idsize);
+ 					dsize -= 2 + idsize;
+ 					size -= 2 + idsize;
+ 					if (dsize < 0)
+-						{
+-						*al = SSL_AD_DECODE_ERROR;
+-						return 0;
+-						}
++						goto err;
+ 					sdata = data;
+ 					data += idsize;
+ 					id = d2i_OCSP_RESPID(NULL,
+ 								&sdata, idsize);
+ 					if (!id)
+-						{
+-						*al = SSL_AD_DECODE_ERROR;
+-						return 0;
+-						}
++						goto err;
+ 					if (data != sdata)
+ 						{
+ 						OCSP_RESPID_free(id);
+-						*al = SSL_AD_DECODE_ERROR;
+-						return 0;
++                        goto err;
+ 						}
+ 					if (!s->tlsext_ocsp_ids
+ 						&& !(s->tlsext_ocsp_ids =
+@@ -1384,17 +1331,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 
+ 				/* Read in request_extensions */
+ 				if (size < 2)
+-					{
+-					*al = SSL_AD_DECODE_ERROR;
+-					return 0;
+-					}
++					goto err;
+ 				n2s(data,dsize);
+ 				size -= 2;
+ 				if (dsize != size)
+-					{
+-					*al = SSL_AD_DECODE_ERROR;
+-					return 0;
+-					}
++					goto err;
+ 				sdata = data;
+ 				if (dsize > 0)
+ 					{
+@@ -1409,12 +1350,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 							&sdata, dsize);
+ 					if (!s->tlsext_ocsp_exts
+ 						|| (data + dsize != sdata))
+-						{
+-						*al = SSL_AD_DECODE_ERROR;
+-						return 0;
++							goto err;
+ 						}
+ 					}
+-				}
+ 				/* We don't know what to do with any other type
+  			 	* so ignore it.
+  			 	*/
+@@ -1475,6 +1413,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 		data+=size;
+ 		}
+ 				
++    /* Spurious data on the end */
++    if (data != d + n)
++        goto err;
++
+ 	*p = data;
+ 
+ 	ri_check:
+@@ -1491,7 +1433,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned
+ 		}
+ 
+ 	return 1;
+-	}
++err:
++    *al = SSL_AD_DECODE_ERROR;
++    return 0;
++}
+ 
+ #ifndef OPENSSL_NO_NEXTPROTONEG
+ /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No

Property changes on: head/share/security/patches/SA-15:10/openssl-10.1.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-15:10/openssl-10.1.patch.asc
===================================================================
--- head/share/security/patches/SA-15:10/openssl-10.1.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-15:10/openssl-10.1.patch.asc	(revision 46817)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAABCgAGBQJVeopRAAoJEO1n7NZdz2rn1HIQALmSCore8pFtOXVFyB25t+1t
+ljHMw02bhcnsFSxPkOffbCyag0vYR0f3PvMy0acruQMHQ5cTaBfp8DlVzHF5f0/w
+HZhN2aX3gB2BZSyGTxqeErAfy9mg62G+irUDurn4oYiijyt1bLXpQRbrDmybmQoq
+/AEbNlUcy4eXZx5DAIz6Dyx7Sqk2JDxKdHyZCwBn/UzsINzQQB63nvC02+3L5cE/
+jJE1I66wndXdf5cN8QuBMvUkfklMhaxbZ/m9kfqkHfA9OYXQFbYLqpMYWrOOvPF9
+xWj4ocU3OM9ifzM6VZvcWndTmY94br3q2+kB2VpBp4xO7nxI4PSjxW653b/0pvJ+
+dngLkefOUhgR4nD11es1yn0TgNpXClNjw3rdz2b1ibZ04f0XSQ4RMiFrVEWYhXGj
+dcqA854eWHeO8Y3nSE020g90aw4z9X0ic5Wtbs/VxecPwZny7w7dAMUN6kIBhPVu
+WoXNdsWF0MGx0KJXLk2TIqSTSnmeReAB2f5pbfigFryxCsNDK1wX8Ki1WnXDV8rv
+HwGE0Dy7tm3XEKCoZNcBLGMLKBT/azK5a6NHG34gs1faIQ5I0+l5XS0vBJmN+AUi
+z+pjZnYie1NBbn3ePGF0dWmYwR5dJ8WXthPX8/b/M1E4hYHHVCFyUbujahjsxTfy
+pyeJ6YUPDgl7gEMS21Vr
+=LAVX
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-15:10/openssl-10.1.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-15:10/openssl-8.4.patch
===================================================================
--- head/share/security/patches/SA-15:10/openssl-8.4.patch	(nonexistent)
+++ head/share/security/patches/SA-15:10/openssl-8.4.patch	(revision 46817)
@@ -0,0 +1,692 @@
+Index: crypto/openssl/crypto/bn/bn_print.c
+===================================================================
+--- crypto/openssl/crypto/bn/bn_print.c	(revision 284286)
++++ crypto/openssl/crypto/bn/bn_print.c	(working copy)
+@@ -71,6 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
+ 	char *buf;
+ 	char *p;
+ 
++	if (a->neg && BN_is_zero(a)) {
++	    /* "-0" == 3 bytes including NULL terminator */
++	    buf = OPENSSL_malloc(3);
++	} else {
++	    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
++	}
+ 	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+ 	if (buf == NULL)
+ 		{
+Index: crypto/openssl/crypto/cms/cms_smime.c
+===================================================================
+--- crypto/openssl/crypto/cms/cms_smime.c	(revision 284286)
++++ crypto/openssl/crypto/cms/cms_smime.c	(working copy)
+@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *upto)
+ 			BIO_free(f);
+ 			f = tbio;
+ 			}
+-		while (f != upto);
++		while (f && f != upto);
+ 		}
+ 	else
+ 		BIO_free_all(f);
+Index: crypto/openssl/crypto/ec/ec2_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec2_smpl.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec2_smpl.c	(working copy)
+@@ -657,7 +657,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group
+ 		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+ 		}
+ 	
+-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
++	/* test required by X9.62 */
++	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_check.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_check.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_check.c	(working copy)
+@@ -88,7 +88,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *
+ 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+ 		goto err;
+ 		}
+-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
++	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_key.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_key.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_key.c	(working copy)
+@@ -316,7 +316,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
+ 		goto err;
+ 
+ 	/* testing whether the pub_key is on the elliptic curve */
+-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
++	if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ec_lib.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_lib.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ec_lib.c	(working copy)
+@@ -1040,7 +1040,15 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group,
+ 	}
+ 
+ 
+-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
++/*
++ * Check whether an EC_POINT is on the curve or not. Note that the return
++ * value for this function should NOT be treated as a boolean. Return values:
++ *  1: The point is on the curve
++ *  0: The point is not on the curve
++ * -1: An error occurred
++ */
++int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
++                         BN_CTX *ctx)
+ 	{
+ 	if (group->meth->is_on_curve == 0)
+ 		{
+Index: crypto/openssl/crypto/ec/ecp_smpl.c
+===================================================================
+--- crypto/openssl/crypto/ec/ecp_smpl.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ecp_smpl.c	(working copy)
+@@ -983,7 +983,8 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group,
+ 		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+ 		}
+ 	
+-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
++	/* test required by X9.62 */
++	if (EC_POINT_is_on_curve(group, point, ctx) <= 0)
+ 		{
+ 		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ 		goto err;
+Index: crypto/openssl/crypto/ec/ectest.c
+===================================================================
+--- crypto/openssl/crypto/ec/ectest.c	(revision 284286)
++++ crypto/openssl/crypto/ec/ectest.c	(working copy)
+@@ -267,7 +267,7 @@ void prime_field_tests()
+ 
+ 	if (!BN_hex2bn(&x, "D")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, Q, ctx))
++	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
+ 		{
+ 		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+ 		fprintf(stderr, "Point is not on curve: x = 0x");
+@@ -363,7 +363,7 @@ void prime_field_tests()
+ 	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
+ 	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+ 	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -407,7 +407,7 @@ void prime_field_tests()
+ 
+ 	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -453,7 +453,7 @@ void prime_field_tests()
+ 
+ 	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+ 
+@@ -499,7 +499,7 @@ void prime_field_tests()
+ 
+ 	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+ 		"84F3B9CAC2FC632551")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+@@ -550,7 +550,7 @@ void prime_field_tests()
+ 	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+ 		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ 		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+ 	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+@@ -606,7 +606,7 @@ void prime_field_tests()
+ 		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+ 		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+ 	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ 		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+ 		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+@@ -651,7 +651,7 @@ void prime_field_tests()
+ 	if (!EC_POINT_copy(Q, P)) ABORT;
+ 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+ 
+ 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+@@ -764,7 +764,7 @@ void prime_field_tests()
+ #define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ 	if (!BN_hex2bn(&x, _x)) ABORT; \
+ 	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
++        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ 	if (!BN_hex2bn(&z, _order)) ABORT; \
+ 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+@@ -782,7 +782,7 @@ void prime_field_tests()
+ 	if (!BN_hex2bn(&x, _x)) ABORT; \
+ 	if (!BN_hex2bn(&y, _y)) ABORT; \
+ 	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
++        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ 	if (!BN_hex2bn(&z, _order)) ABORT; \
+ 	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ 	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+@@ -895,7 +895,7 @@ void char2_field_tests()
+ 	if (!BN_hex2bn(&y, "8")) ABORT;
+ 	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+ #endif
+-	if (!EC_POINT_is_on_curve(group, Q, ctx))
++	if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
+ 		{
+ /* Change test based on whether binary point compression is enabled or not. */
+ #ifdef OPENSSL_EC_BIN_PT_COMP
+@@ -1134,7 +1134,7 @@ void char2_field_tests()
+ 	if (!EC_POINT_copy(Q, P)) ABORT;
+ 	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ 	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
++	if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
+ 	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+ 
+ 	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+Index: crypto/openssl/crypto/objects/obj_dat.c
+===================================================================
+--- crypto/openssl/crypto/objects/obj_dat.c	(revision 284286)
++++ crypto/openssl/crypto/objects/obj_dat.c	(working copy)
+@@ -377,6 +377,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
+ 	if (a->nid != 0)
+ 		return(a->nid);
+ 
++	if (a->length == 0)
++	    return NID_undef;
++
+ 	if (added != NULL)
+ 		{
+ 		ad.type=ADDED_DATA;
+Index: crypto/openssl/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c	(revision 284286)
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c	(working copy)
+@@ -410,6 +410,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, B
+ 	        goto err;
+ 		}
+ 
++    /* Detached content must be supplied via in_bio instead. */
++    if (data_body == NULL && in_bio == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++        goto err;
++    }
++
+ 	/* We will be checking the signature */
+ 	if (md_sk != NULL)
+ 		{
+@@ -587,12 +593,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, B
+ 		}
+ 
+ #if 1
+-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
+-		{
+-		bio=in_bio;
+-		}
+-	else 
+-		{
++	if (in_bio != NULL) {
++		bio = in_bio;
++	} else {
+ #if 0
+ 		bio=BIO_new(BIO_s_mem());
+ 		/* We need to set this so that when we have read all
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_vfy.c	(revision 284286)
++++ crypto/openssl/crypto/x509/x509_vfy.c	(working copy)
+@@ -1040,82 +1040,120 @@ int X509_cmp_current_time(ASN1_TIME *ctm)
+ }
+ 
+ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
+-	{
++{
+ 	char *str;
+ 	ASN1_TIME atm;
+ 	long offset;
+-	char buff1[24],buff2[24],*p;
+-	int i,j;
++    char buff1[24], buff2[24], *p;
++    int i, j, remaining;
+ 
+-	p=buff1;
+-	i=ctm->length;
+-	str=(char *)ctm->data;
+-	if (ctm->type == V_ASN1_UTCTIME)
+-		{
+-		if ((i < 11) || (i > 17)) return 0;
+-		memcpy(p,str,10);
+-		p+=10;
+-		str+=10;
++    p = buff1;
++    remaining = ctm->length;
++    str = (char *)ctm->data;
++    /*
++     * Note that the following (historical) code allows much more slack in the
++     * time format than RFC5280. In RFC5280, the representation is fixed:
++     * UTCTime: YYMMDDHHMMSSZ
++     * GeneralizedTime: YYYYMMDDHHMMSSZ
++     */
++    if (ctm->type == V_ASN1_UTCTIME) {
++        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
++        int min_length = sizeof("YYMMDDHHMMZ") - 1;
++        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
++        if (remaining < min_length || remaining > max_length)
++            return 0;
++        memcpy(p, str, 10);
++        p += 10;
++        str += 10;
++        remaining -= 10;
++    } else {
++        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
++        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
++        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
++        if (remaining < min_length || remaining > max_length)
++            return 0;
++        memcpy(p, str, 12);
++        p += 12;
++        str += 12;
++        remaining -= 12;
+ 		}
+-	else
+-		{
+-		if (i < 13) return 0;
+-		memcpy(p,str,12);
+-		p+=12;
+-		str+=12;
+-		}
+ 
+-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+-		{ *(p++)='0'; *(p++)='0'; }
+-	else
+-		{ 
+-		*(p++)= *(str++);
+-		*(p++)= *(str++);
+-		/* Skip any fractional seconds... */
+-		if (*str == '.')
+-			{
++    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
++        *(p++) = '0';
++        *(p++) = '0';
++    } else {
++        /* SS (seconds) */
++        if (remaining < 2)
++            return 0;
++        *(p++) = *(str++);
++        *(p++) = *(str++);
++        remaining -= 2;
++        /*
++         * Skip any (up to three) fractional seconds...
++         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
++         * Can we just kill them altogether?
++         */
++        if (remaining && *str == '.') {
+ 			str++;
+-			while ((*str >= '0') && (*str <= '9')) str++;
++            remaining--;
++            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
++                if (*str < '0' || *str > '9')
++                    break;
+ 			}
+-		
+ 		}
+-	*(p++)='Z';
+-	*(p++)='\0';
+ 
+-	if (*str == 'Z')
+-		offset=0;
+-	else
+-		{
++    }
++    *(p++) = 'Z';
++    *(p++) = '\0';
++
++    /* We now need either a terminating 'Z' or an offset. */
++    if (!remaining)
++        return 0;
++    if (*str == 'Z') {
++        if (remaining != 1)
++            return 0;
++        offset = 0;
++    } else {
++        /* (+-)HHMM */
+ 		if ((*str != '+') && (*str != '-'))
+ 			return 0;
+-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+-		offset+=(str[3]-'0')*10+(str[4]-'0');
++        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
++        if (remaining != 5)
++            return 0;
++        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
++            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
++            return 0;
++        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
++        offset += (str[3] - '0') * 10 + (str[4] - '0');
+ 		if (*str == '-')
+-			offset= -offset;
++            offset = -offset;
+ 		}
+-	atm.type=ctm->type;
+-	atm.length=sizeof(buff2);
+-	atm.data=(unsigned char *)buff2;
++    atm.type = ctm->type;
++    atm.length = sizeof(buff2);
++    atm.data = (unsigned char *)buff2;
+ 
+-	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
++    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+ 		return 0;
+ 
+-	if (ctm->type == V_ASN1_UTCTIME)
+-		{
+-		i=(buff1[0]-'0')*10+(buff1[1]-'0');
+-		if (i < 50) i+=100; /* cf. RFC 2459 */
+-		j=(buff2[0]-'0')*10+(buff2[1]-'0');
+-		if (j < 50) j+=100;
++    if (ctm->type == V_ASN1_UTCTIME) {
++        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
++        if (i < 50)
++            i += 100;           /* cf. RFC 2459 */
++        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
++        if (j < 50)
++            j += 100;
+ 
+-		if (i < j) return -1;
+-		if (i > j) return 1;
++        if (i < j)
++            return -1;
++        if (i > j)
++            return 1;
+ 		}
+-	i=strcmp(buff1,buff2);
++    i = strcmp(buff1, buff2);
+ 	if (i == 0) /* wait a second then return younger :-) */
+ 		return -1;
+ 	else
+ 		return i;
+-	}
++}
+ 
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+ {
+Index: crypto/openssl/ssl/d1_lib.c
+===================================================================
+--- crypto/openssl/ssl/d1_lib.c	(revision 284286)
++++ crypto/openssl/ssl/d1_lib.c	(working copy)
+@@ -507,6 +507,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
+ 	{
+ 	int ret;
+ 
++	/* Ensure there is no state left over from a previous invocation */
++	SSL_clear(s);
++
+ 	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ 	s->d1->listen = 1;
+ 
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 284286)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -1805,6 +1805,38 @@ int ssl3_get_new_session_ticket(SSL *s)
+ 		}
+ 
+ 	p=d=(unsigned char *)s->init_msg;
++
++    if (s->session->session_id_length > 0) {
++        int i = s->session_ctx->session_cache_mode;
++        SSL_SESSION *new_sess;
++        /*
++         * We reused an existing session, so we need to replace it with a new
++         * one
++         */
++        if (i & SSL_SESS_CACHE_CLIENT) {
++            /*
++             * Remove the old session from the cache
++             */
++            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
++                if (s->session_ctx->remove_session_cb != NULL)
++                    s->session_ctx->remove_session_cb(s->session_ctx,
++                                                      s->session);
++            } else {
++                /* We carry on if this fails */
++                SSL_CTX_remove_session(s->session_ctx, s->session);
++            }
++        }
++
++        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
++            al = SSL_AD_INTERNAL_ERROR;
++            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
++            goto f_err;
++        }
++
++        SSL_SESSION_free(s->session);
++        s->session = new_sess;
++    }
++
+ 	n2l(p, s->session->tlsext_tick_lifetime_hint);
+ 	n2s(p, ticklen);
+ 	/* ticket_lifetime_hint + ticket_length + ticket */
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 284286)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -2012,6 +2012,7 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 		int                     padl, outl;
+ 		krb5_timestamp		authtime = 0;
+ 		krb5_ticket_times	ttimes;
++        int kerr = 0;
+ 
+ 		EVP_CIPHER_CTX_init(&ciph_ctx);
+ 
+@@ -2124,19 +2125,22 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DECRYPTION_FAILED);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DATA_LENGTH_TOO_LONG);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DECRYPTION_FAILED);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		outl += padl;
+ 		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+@@ -2143,7 +2147,8 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 			{
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 				SSL_R_DATA_LENGTH_TOO_LONG);
+-			goto err;
++            kerr = 1;
++            goto kclean;
+ 			}
+ 		if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
+ 		    {
+@@ -2159,7 +2164,8 @@ int ssl3_get_client_key_exchange(SSL *s)
+ 		        {
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ 			       SSL_AD_DECODE_ERROR);
+-			goto err;
++                kerr = 1;
++                goto kclean;
+ 			}
+ 		    }
+ 
+@@ -2185,8 +2191,12 @@ int ssl3_get_client_key_exchange(SSL *s)
+                 **  kssl_ctx = kssl_ctx_free(kssl_ctx);
+                 **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+                 */
+-                }
+-	else
++
++ kclean:
++        OPENSSL_cleanse(pms, sizeof(pms));
++        if (kerr)
++            goto err;
++    } else
+ #endif	/* OPENSSL_NO_KRB5 */
+ 
+ #ifndef OPENSSL_NO_ECDH
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 284286)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -1851,6 +1851,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_READ					 223
+ #define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+ #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
++#define SSL_F_SSL_SESSION_DUP				 348
+ #define SSL_F_SSL_SESSION_NEW				 189
+ #define SSL_F_SSL_SESSION_PRINT_FP			 190
+ #define SSL_F_SSL_SESS_CERT_NEW				 225
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 284286)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -233,6 +233,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},
++{ERR_FUNC(SSL_F_SSL_SESSION_DUP),		"ssl_session_dup"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),	"SSL_SESS_CERT_NEW"},
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+--- crypto/openssl/ssl/ssl_locl.h	(revision 284286)
++++ crypto/openssl/ssl/ssl_locl.h	(working copy)
+@@ -731,6 +731,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
+ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+ int ssl_get_new_session(SSL *s, int session);
+ int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+ int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ 			const SSL_CIPHER * const *bp);
+Index: crypto/openssl/ssl/ssl_sess.c
+===================================================================
+--- crypto/openssl/ssl/ssl_sess.c	(revision 284286)
++++ crypto/openssl/ssl/ssl_sess.c	(working copy)
+@@ -132,6 +132,79 @@ SSL_SESSION *SSL_SESSION_new(void)
+ 	return(ss);
+ 	}
+ 
++/*
++ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
++ * ticket == 0 then no ticket information is duplicated, otherwise it is.
++ */
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
++{
++    SSL_SESSION *dest;
++
++    dest = OPENSSL_malloc(sizeof(*src));
++    if (dest == NULL) {
++        goto err;
++    }
++    memcpy(dest, src, sizeof(*dest));
++
++    /*
++     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
++     * the case of an error whilst halfway through constructing dest
++     */
++    dest->ciphers = NULL;
++#ifndef OPENSSL_NO_TLSEXT
++    dest->tlsext_hostname = NULL;
++#endif
++    dest->tlsext_tick = NULL;
++    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
++
++    /* We deliberately don't copy the prev and next pointers */
++    dest->prev = NULL;
++    dest->next = NULL;
++
++    dest->references = 1;
++
++    if (src->sess_cert != NULL)
++        CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
++
++    if (src->peer != NULL)
++        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
++
++    if(src->ciphers != NULL) {
++        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
++        if (dest->ciphers == NULL)
++            goto err;
++    }
++
++    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
++                                            &dest->ex_data, &src->ex_data)) {
++        goto err;
++    }
++
++#ifndef OPENSSL_NO_TLSEXT
++    if (src->tlsext_hostname) {
++        dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
++        if (dest->tlsext_hostname == NULL) {
++            goto err;
++        }
++    }
++#endif
++
++    if (ticket != 0) {
++        dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
++        if(dest->tlsext_tick == NULL)
++            goto err;
++    } else {
++        dest->tlsext_tick_lifetime_hint = 0;
++        dest->tlsext_ticklen = 0;
++    }
++
++    return dest;
++err:
++    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
++    SSL_SESSION_free(dest);
++    return NULL;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ 	{
+ 	if(len)

Property changes on: head/share/security/patches/SA-15:10/openssl-8.4.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-15:10/openssl-8.4.patch.asc
===================================================================
--- head/share/security/patches/SA-15:10/openssl-8.4.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-15:10/openssl-8.4.patch.asc	(revision 46817)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAABCgAGBQJVeopRAAoJEO1n7NZdz2rnZYsQAJRiUWdpLgWCu/G3BK66YfGg
+2UbZ9+dH0toD9CCiaFrgupP58ui9PYxwR97k4/M2RXcZ4gz6bpJ5meyTKM8R283U
+EuBmnvKcJGdXaWobYThrvV9rsK4dvYcvL1f4PsA/5rEYP3WQzvOFEeIqaSy0KlS/
+ojCfuPP8IkPWtVRbqFOIZOHUpopyzxoi1Kj72p2rEsK+89ppei+ruHOM2fCSfRHY
+ZgUriMkTQM+lge6XCFhZNQd3sCnvSyLiAAvX9xHDENKXjcMhlLnwezpQp7/WOsyj
+jirEFgOmkcleJFWVB+mwkJp2RumINqBfhSS4M+vDgmv/4FWXyORSZqPVJW7rS9Cu
+BZZgTrVrTuUrhHiyKzLT7sSrJgD+tgWPGVBi/3Deb4l7vLuZLivQBumN4nENdERv
+N8dm0SEOPBHnSQ2VhXaDd3UWrHs36KGjYLvEFqcym3kA4wC1V8kX7WujnmEjLmWg
+O4I0xWjje9vQL/XCUWJmFLyZ4SsaAss4MqNJXyQpLMxglxtfqz8t6C/NKCMFQxif
+o0HyYzD+lAXEI3AwV9FWtGEx6Ld676QQtjYrUYra92pPnBDvyd1Z18Uvch9zg8ND
+2fOa3XzKlb8hIQvaGLUQTj8D1cA5ZjcrMwD6PMneE2XCaHdYw7nUoLCeyB5NM8BS
+4iCv8E2CdsITAL6edWqq
+=TifN
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-15:10/openssl-8.4.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/advisories.xml
===================================================================
--- head/share/xml/advisories.xml	(revision 46816)
+++ head/share/xml/advisories.xml	(revision 46817)
@@ -1,3878 +1,3890 @@
 <?xml version="1.0"?>
 <advisories>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
     <name>2015</name>
 
     <month>
+      <name>6</name>
+
+      <day>
+        <name>12</name>
+
+        <advisory>
+          <name>FreeBSD-SA-15:10.openssl</name>
+        </advisory>
+      </day>
+    </month>
+
+    <month>
       <name>4</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-15:09.ipv6</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:08.bsdinstall</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:07.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
         <name>19</name>
 
         <advisory>
           <name>FreeBSD-SA-15:06.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-15:05.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:04.igmp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-15:03.sctp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:02.kmem</name>
         </advisory>
       </day>
 
       <day>
         <name>14</name>
 
         <advisory>
           <name>FreeBSD-SA-15:01.openssl</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2014</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-14:31.ntp</name>
         </advisory>
       </day>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-14:30.unbound</name>
         </advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:29.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:28.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:27.stdio</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>04</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:26.ftp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:25.setlogin</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:24.sshd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>21</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:23.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:22.namei</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:21.routed</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:20.rtsold</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:19.tcp</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:18.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:17.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:16.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:15.iconv</name>
 	</advisory>
       </day>
 
       <day>
 	<name>5</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:14.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:13.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:12.ktrace</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:11.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:10.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:09.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:08.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:07.devfs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>08</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:06.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:05.nfsserver</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:03.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:01.bsnmpd</name>
 	</advisory>
       </day>
     </month>
 
   </year>
 
   <year>
     <name>2013</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:14.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:13.nullfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:12.ifioctl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:11.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:10.sctp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:09.ip_multicast</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:08.nfsserver</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:07.bind</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:06.mmap</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:05.nfsserver</name>
 	</advisory>
       </day>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:03.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2012</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:08.linux</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:07.hostapd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:05.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:04.sysret</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:02.crypt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:01.openssl</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:10.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:09.pam_ssh</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:08.telnetd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:07.chroot</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:05.unix</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:04.compress</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:01.mountd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:10.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:09.pseudofs</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:08.bzip2</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:07.mbuf</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>27</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:06.nfsclient</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:05.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:04.jail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:03.zfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2009</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:17.freebsd-update</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:16.rtld</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:15.ssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:14.devfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:13.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:12.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:11.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:10.ipv6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:09.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:08.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:07.libc</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:06.ktimer</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:05.telnetd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:03.ntpd</name>
 	</advisory>
       </day>
 
       <day>
 	<name>7</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:02.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:01.lukemftpd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2008</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:13.protosw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:12.ftpd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:11.arc4random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:10.nd6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:09.icmp6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:08.nmount</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:07.amd64</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>17</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:05.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:04.ipsec</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:03.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>18</name>
 
         <release>
           <name>FreeBSD 6.3-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:01.pty</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2007</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:10.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:09.random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:08.openssl</name>
 	</advisory>
       </day>
     </month>
 
 
     <month>
       <name>8</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:07.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:06.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:05.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:04.file</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:03.ipv6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>15</name>
 
         <release>
           <name>FreeBSD 6.2-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:01.jail</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2006</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:26.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:25.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:24.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:22.openssh</name>
 	</advisory>
       </day>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:23.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:21.gzip</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:20.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:19.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:18.ppp</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:17.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>31</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:16.smbfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:15.ypserv</name>
 	</advisory>
       </day>
 
       <day>
         <name>25</name>
 
         <release>
           <name>FreeBSD 5.5-RELEASE</name>
         </release>
       </day>
 
       <day>
         <name>9</name>
 
         <release>
           <name>FreeBSD 6.1-RELEASE</name>
         </release>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:14.fpu</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:13.sendmail</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:12.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:11.ipsec</name>
 	</advisory>
       </day>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:10.nfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:09.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:08.sack</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>25</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:07.pf</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:06.kmem</name>
 	</advisory>
       </day>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:05.80211</name>
 	</advisory>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:04.ipfw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:03.cpio</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:02.ee</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:01.texindex</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2005</name>
 
     <month>
       <name>11</name>
 
       <day>
         <name>4</name>
 
         <release>
           <name>FreeBSD 6.0-RELEASE</name>
         </release>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>11</name>
 
         <advisory>
           <name>FreeBSD-SA-05:21.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-05:20.cvsbug</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-05:19.ipsec</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-05:18.zlib</name>
         </advisory>
       </day>
 
       <day>
         <name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:17.devfs</name>
 	</advisory>
       </day>
 
       <day>
         <name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:16.zlib</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:15.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:14.bzip2</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:13.ipfw</name>
 	</advisory>
       </day>
 
       <day>
         <name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:12.bind9</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:11.gzip</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:10.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:09.htt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<release>
 	  <name>FreeBSD 5.4-RELEASE</name>
 	</release>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:08.kmem</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:07.ldt</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:06.iir</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:05.cvs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>15</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:04.ifconf</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:03.amd64</name>
 	</advisory>
       </day>
 
       <day>
 	<name>4</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:02.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:01.telnet</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
 	<day>
 	  <name>25</name>
 
 	  <release>
 	    <name>FreeBSD 4.11-RELEASE</name>
 	  </release>
 	</day>
     </month>
   </year>
 
     <year>
       <name>2004</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>1</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:17.procfs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>11</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:16.fetch</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>6</name>
 
 	  <release>
 	    <name>FreeBSD 5.3-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
         <name>10</name>
 
 	<day>
 	  <name>4</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:15.syscons</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>9</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:14.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>6</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:13.linux</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:12.jailroute</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.10-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:11.msync</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:10.cvs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:09.kadmind</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-04:08.heimdal</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:07.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:06.ipv6</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:05.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:04.tcp</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>26</name>
 
 	  <release>
 	    <name>FreeBSD 5.2.1-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:03.jail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:02.shmat</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:01.mksnap_ffs</name>
 	  </advisory>
 	</day>
 
 
 	<day>
 	  <name>12</name>
 
 	  <release>
 	    <name>FreeBSD 5.2-RELEASE</name>
 	  </release>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2003</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:19.bind</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.9-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:15.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:18.openssl</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-03:17.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:16.filedesc</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:14.arp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:13.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:12.openssh</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:11.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:10.ibcs2</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:09.signal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:08.realpath</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>9</name>
 
 	  <release>
 	    <name>FreeBSD 5.1-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>8</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:02</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <release>
 	    <name>FreeBSD 4.8-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:07.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:06.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:05.xdr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:04.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:03.syncookies</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:02.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:01.cvs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>19</name>
 
 	  <release>
 	    <name>FreeBSD 5.0-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:44.filedesc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2002</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:43.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:41.smrsh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:42.resolv</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:40.kadmind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>10</name>
 
 	  <release>
 	    <name>FreeBSD 4.7-RELEASE</name>
 	  </release>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:06</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:39.libkvm</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:05</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:38.signed-error</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6.2-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:37.kqueue</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:36.nfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:35.ffs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:33.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:34.rpc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:32.pppd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:31.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:30.ktrace</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:29.tcpdump</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:28.resolv</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:04</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:27.rc</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:26.accept</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:03</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:25.bzip2</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:24.k5su</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:02</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:23.stdio</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:22.mmap</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:21.tcpip</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:20.syncache</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:19.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:18.zlib</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:17.mod_frontpage</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:16.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:15.cyrus-sasl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:14.pam-pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:13.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:12.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:11.snmp</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:10.rsync</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:09.fstatfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>29</name>
 
 	  <release>
 	    <name>FreeBSD 4.5-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:08.exec</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:07.k5su</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:06.sudo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:05.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:04.mutt</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:03.mod_auth_pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:02.pw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:01.pkg_add</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2001</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:64.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:63.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>08</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:62.uucp</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:61.squid</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:60.procmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.4-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:59.rmuser</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:58.lpd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:57.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:56.tcp_wrappers</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:55.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:54.ports-telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:53.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:52.fragment</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:51.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:50.windowmaker</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:49.telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:48.tcpdump</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:47.xinetd</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:46.w3m</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:45.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:44.gnupg</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:43.fetchmail</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:42.signal</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:41.hanterm</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:40.fts</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:39.tcp-isn</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:38.sudo</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:37.slrn</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:36.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:35.licq</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:34.hylafax</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.3-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:33.ftpd-glob</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:32.ipfilter</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:31.ntpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:30.ufs-ext2fs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:29.rwhod</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:28.timed</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:27.cfengine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:26.interbase</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:23.icecast</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:25.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:24.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:22.dc20ctrl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:21.ja-elvis</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:20.mars_nwe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:19.ja-klock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:18.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:17.exmh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:16.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:15.tinyproxy</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:14.micq</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:13.sort</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:12.periodic</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:11.inetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:10.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:09.crontab</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:08.ipfw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:07.xfree86</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:06.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:05.stunnel</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:04.joe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:03.bash1</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:02.syslog-ng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:01.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2000</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:81.ethereal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:80.halflifeserver</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:79.oops</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:78.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:77.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:76.tcsh-csh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:75.php</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:74.gaim</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:73.thttpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:72.curl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:71.mgetty</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:70.ppp-nat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:69.telnetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:68.ncurses</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:67.gnupg</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:66.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:65.xfce</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:64.global</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:63.getnameinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:62.top</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:61.tcpdump</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:60.boa</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:59.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:58.chpass</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:57.muh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:56.lprng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:55.xpdf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:54.fingerd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:52.tcp-iss</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:53.catopen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:51.mailman</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:50.listmanager</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:49.eject</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:48.xchat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:47.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:46.screen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:45.esound</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:44.xlock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:43.brouted</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:42.linux</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:41.elf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:40.mopd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:39.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:38.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:37.cvsweb</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:36.ntop</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:35.proftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:34.dhclient</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:33.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:32.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:31.canna</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:30.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:29.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:28.majordomo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:27.XFree86-4</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:26.popper</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:24.libedit</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:23.ip-options</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:25.alpha-random</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:22.apsfilter</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:21.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:20.krb5</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:19.semconfig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:18.gnapster.knapster</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:17.libmytinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:16.golddig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:15.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:14.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:13.generic-nqs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:12.healthd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:11.ircii</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:10.orville-write</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:09.mtr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:08.lynx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:07.mh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:06.htdig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:05.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:04.delegate</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:03.asmon</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:02.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:01.make</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1999</name>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:06.amd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:05.fts</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:04.core</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:03.ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:02.profil</name>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:01.chflags</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1998</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:08.fragment</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:07.rst</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:06.icmp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:05.nfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:04.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:03.ttcp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:02.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1997</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:06.f00f</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:01.land</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:05.open</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:04.procfs</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:03.sysinstall</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:02.lpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:01.setlocale</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:21.talkd</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1996</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:20.stack-overflow</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:19.modstat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:18.lpr</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:17.rzsz</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:16.rdist</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:15.ppp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:12.perl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:14.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:13.comsat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:11.man</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:10.mount_union</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:09.vfsload</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:02.apache</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:08.syslog</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:01.sliplogin</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:03.sendmail-suggestion</name>
 	  </advisory>
 	</day>
 
       </month>
     </year>
 
 </advisories>